# 10yearsofborn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|10yearsofborn|03|com"; nocase; ) # 11111111.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|11111111|04|noip|02|me"; nocase; ) # 111xxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|111xxx|03|com"; nocase; ) # 112038398dc590fd910f04439eba2dc2.ovh [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|20|112038398dc590fd910f04439eba2dc2|03|ovh"; nocase; ) # 1rot1ro05p5pc654ktuj74i.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|1rot1ro05p5pc654ktuj74i|04|ddns|03|net"; nocase; ) # 1vp412e12nheix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|1vp412e12nheix|03|net"; nocase; ) # 2002.us.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|2002|02|us|02|to"; nocase; ) # 21gold.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|21gold|03|org"; nocase; ) # 3duboxe0mr3hef7nkxuj3jq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|3duboxe0mr3hef7nkxuj3jq|04|ddns|03|net"; nocase; ) # 42k2bu15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|42k2bu15|03|com"; nocase; ) # 86b6b6b6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|86b6b6b6|03|com"; nocase; ) # 89025840.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|89025840|03|com"; nocase; ) # 9999992009.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|9999992009|04|myfw|02|us"; nocase; ) # 9999992011.rr.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|9999992011|02|rr|02|nu"; nocase; ) # a1hcy1xendd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1hcy1xendd|03|net"; nocase; ) # a1k8h2xendd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1k8h2xendd|04|info"; nocase; ) # a1t9y1xendd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1t9y1xendd|04|info"; nocase; ) # a1z1h2xendd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1z1h2xendd|03|biz"; nocase; ) # aabazrewdatupogre.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|ga"; nocase; ) # aabcgukomotredcxi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|ga"; nocase; ) # aabcgukomotredcxi.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|gq"; nocase; ) # aabdtuhugfredhoo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabdtuhugfredhoo|02|ml"; nocase; ) # aadfresawcgyhlkjni.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|aadfresawcgyhlkjni|02|cf"; nocase; ) # abc69696969.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|abc69696969|04|vicp|03|net"; nocase; ) # abdav21.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|abdav21|04|ddns|03|net"; nocase; ) # abo0u6ach9k3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|abo0u6ach9k3w|03|net"; nocase; ) # account-user.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|account-user|03|com"; nocase; ) # ad-marketing.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ad-marketing|03|net"; nocase; ) # ad-void.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ad-void|03|com"; nocase; ) # adobeflashupdate.dynu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|adobeflashupdate|04|dynu|03|com"; nocase; ) # adorephoto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|adorephoto|03|org"; nocase; ) # adwordactivation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|adwordactivation|03|com"; nocase; ) # affairdot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|affairdot|03|com"; nocase; ) # agabovyxdgcbibu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|agabovyxdgcbibu|03|com"; nocase; ) # agentwhite.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|agentwhite|04|ddns|03|net"; nocase; ) # ahahfgreateranglia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ahahfgreateranglia|03|net"; nocase; ) # ahyushkavovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|tk"; nocase; ) # ahyushkavovuzzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|ml"; nocase; ) # ahyushkavovuzzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|tk"; nocase; ) # ahzx.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ahzx|04|eicp|03|net"; nocase; ) # airtravelabroad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|airtravelabroad|03|com"; nocase; ) # aiwoyfullsmile.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|aiwoyfullsmile|03|net"; nocase; ) # aktogaasdvnovova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|cf"; nocase; ) # aktogaasdvnovova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|ga"; nocase; ) # aktogaasdvnovova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|gq"; nocase; ) # aktogaasdvnovova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|ml"; nocase; ) # aktogavnovova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|cf"; nocase; ) # aktogavnovova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|gq"; nocase; ) # akwotie.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|akwotie|04|ddns|03|net"; nocase; ) # alexandrelatsa.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|alexandrelatsa|02|ru"; nocase; ) # alicanhotel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|alicanhotel|03|com"; nocase; ) # amazinggreentechshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|amazinggreentechshop|03|com"; nocase; ) # amerikauyghur.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|amerikauyghur|03|top"; nocase; ) # amf-themes.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|amf-themes|02|ru"; nocase; ) # ankapootle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ankapootle|03|org"; nocase; ) # anlagenservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|anlagenservices|03|com"; nocase; ) # anrduha.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|anrduha|04|info"; nocase; ) # apipiskavovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|ml"; nocase; ) # apnpartners.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|apnpartners|03|com"; nocase; ) # appeur.gnway.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|appeur|05|gnway|02|cc"; nocase; ) # applejp.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|applejp|04|myfw|02|us"; nocase; ) # appsjustforfun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|appsjustforfun|03|com"; nocase; ) # apyicrypt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|apyicrypt|03|com"; nocase; ) # aquametron.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|aquametron|03|com"; nocase; ) # arabtechmessenger.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|arabtechmessenger|03|net"; nocase; ) # arbitraryh.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|arbitraryh|03|top"; nocase; ) # atlasbeta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|atlasbeta|03|com"; nocase; ) # att.om [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|att|02|om"; nocase; ) # ausec.qc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ausec|02|qc|02|to"; nocase; ) # autointsecurity.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|autointsecurity|03|com"; nocase; ) # autosync.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|autosync|04|info"; nocase; ) # auvovumalenkiu678.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|cf"; nocase; ) # avdrygvovanemydak1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|tk"; nocase; ) # avdrygvovanemydakaa.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|gq"; nocase; ) # avdrygvovanemyz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avdrygvovanemyz|02|gq"; nocase; ) # averagetheskidfellow.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|averagetheskidfellow|02|co|02|vu"; nocase; ) # avidnewssource.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avidnewssource|03|com"; nocase; ) # avlib.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|avlib|02|in"; nocase; ) # avovagomosek2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|tk"; nocase; ) # avovakorova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|ga"; nocase; ) # avovakorova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|gq"; nocase; ) # avovakorova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|ml"; nocase; ) # avovakusokgavnafg.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|ga"; nocase; ) # avovakusokgavnafg.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|tk"; nocase; ) # avovapeterda.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|gq"; nocase; ) # avovapeterda77.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|ga"; nocase; ) # avovapeterda77.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|ml"; nocase; ) # axtoomov.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|axtoomov|04|ddns|03|net"; nocase; ) # aynachatsrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|aynachatsrv|03|com"; nocase; ) # azvdrygvovanemyz81.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|azvdrygvovanemyz81|02|ga"; nocase; ) # b2f8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|b2f8|02|tk"; nocase; ) # b8dfs5ecw9p3o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|b8dfs5ecw9p3o|04|info"; nocase; ) # baanaameex-seguridad22f2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|baanaameex-seguridad22f2|03|com"; nocase; ) # baatarhuu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|baatarhuu|03|com"; nocase; ) # baazsawetukovcsa.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|ml"; nocase; ) # babkokohtybvcfreso.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|babkokohtybvcfreso|02|cf"; nocase; ) # backop.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|backop|04|mooo|03|com"; nocase; ) # baddadsclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|baddadsclub|03|com"; nocase; ) # balamodaevi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|balamodaevi|03|com"; nocase; ) # banners.emol.cl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|banners|04|emol|02|cl"; nocase; ) # bannerspot.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bannerspot|02|in"; nocase; ) # banqulerroman.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|banqulerroman|03|com"; nocase; ) # basketxrtz.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|basketxrtz|04|ddns|03|net"; nocase; ) # bbsystems.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbsystems|04|info"; nocase; ) # ben770.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ben770|04|ddns|03|net"; nocase; ) # best-advertising.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|best-advertising|03|net"; nocase; ) # bestcopytoday.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bestcopytoday|03|com"; nocase; ) # bfeom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bfeom|03|com"; nocase; ) # bhai1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bhai1|04|ddns|03|net"; nocase; ) # bigb00.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bigb00|04|ddns|03|net"; nocase; ) # binachio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|binachio|03|org"; nocase; ) # biortherm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|biortherm|03|com"; nocase; ) # blackberry-apps-world.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blackberry-apps-world|03|com"; nocase; ) # blizko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|blizko|03|net"; nocase; ) # blizko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|blizko|03|org"; nocase; ) # blyavovarealn44ogavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|gq"; nocase; ) # bmlv-gv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bmlv-gv|02|eu"; nocase; ) # bnxjgqotkqaftj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bnxjgqotkqaftj|03|com"; nocase; ) # bochonokvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bochonokvovu|02|ml"; nocase; ) # boganytuvovaiga.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|gq"; nocase; ) # boganytuvovaiga.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|ml"; nocase; ) # bogev3ovaneu3dac3hnik.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|gq"; nocase; ) # bogev3ovaneu3dac3hnik.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|tk"; nocase; ) # bonetakus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bonetakus|03|com"; nocase; ) # boobupeakfood.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|boobupeakfood|03|com"; nocase; ) # bovuugodvuecf.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bovuugodvuecf|04|ddns|03|net"; nocase; ) # brasmu.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|brasmu|03|com|02|br"; nocase; ) # breteau-photographe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|breteau-photographe|03|com"; nocase; ) # brittlefilet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|brittlefilet|03|com"; nocase; ) # brookmensoklinherz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|brookmensoklinherz|03|org"; nocase; ) # bs7aygotd2rnjl4o.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bs7aygotd2rnjl4o|05|onion"; nocase; ) # bulldog.toh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bulldog|03|toh|04|info"; nocase; ) # business-made-fun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|business-made-fun|03|com"; nocase; ) # businessdealsblog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|businessdealsblog|03|com"; nocase; ) # bvovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|ga"; nocase; ) # bvovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|ml"; nocase; ) # bwfllc.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bwfllc|02|co"; nocase; ) # bxateca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bxateca|03|net"; nocase; ) # bytewiser.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bytewiser|03|com"; nocase; ) # c0dbq5vcj9o3e.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|c0dbq5vcj9o3e|04|info"; nocase; ) # c1v9j2pahfi8w1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1v9j2pahfi8w1f|03|biz"; nocase; ) # c1v9l8s6yei8w1f.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1v9l8s6yei8w1f|04|info"; nocase; ) # cac.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|cac|03|com|02|cn"; nocase; ) # cahciuni-duisburg-essen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|cahciuni-duisburg-essen|03|com"; nocase; ) # captainangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|captainangry|03|net"; nocase; ) # captainbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|captainbehind|03|net"; nocase; ) # captaindried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|captaindried|03|net"; nocase; ) # caramelochpetinnew2.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|caramelochpetinnew2|04|ddns|03|net"; nocase; ) # catologipdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|catologipdate|03|com"; nocase; ) # cbbnews.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|cbbnews|02|tk"; nocase; ) # cdnhxeqqnn.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|cdnhxeqqnn|02|fr"; nocase; ) # centerssweet.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|centerssweet|02|ga"; nocase; ) # christmaslastdeals.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|christmaslastdeals|03|com"; nocase; ) # chriswork.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chriswork|04|ddns|03|net"; nocase; ) # chromecrashreport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|chromecrashreport|03|com"; nocase; ) # cinnamonextract.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|cinnamonextract|03|net"; nocase; ) # clialjscnotjclientcli.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|clialjscnotjclientcli|02|me"; nocase; ) # clothdiapersexpert.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|clothdiapersexpert|03|com"; nocase; ) # cloudsvr337.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cloudsvr337|03|com"; nocase; ) # coldydesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|coldydesign|03|com"; nocase; ) # confirm-info-account-bnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|confirm-info-account-bnk|03|com"; nocase; ) # conopizzabrasil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|conopizzabrasil|03|com"; nocase; ) # conopizzavenezuela.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|conopizzavenezuela|03|com"; nocase; ) # content-into-cash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|content-into-cash|03|com"; nocase; ) # correctip.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|correctip|04|noip|02|me"; nocase; ) # costatechhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|costatechhelp|03|com"; nocase; ) # cowforhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|cowforhelp|03|com"; nocase; ) # cribdare2no.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cribdare2no|03|com"; nocase; ) # crowdmaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|crowdmaster|03|net"; nocase; ) # cryptorepairsystems.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|cryptorepairsystems|03|com"; nocase; ) # csrss-check-new.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|csrss-check-new|03|com"; nocase; ) # cuopxeudu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|cuopxeudu|04|ddns|03|net"; nocase; ) # cvovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|ml"; nocase; ) # cvovapeterdaga.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|gq"; nocase; ) # cvovapeterdaga.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|ml"; nocase; ) # d75a141z8no9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|d75a141z8no9|03|com"; nocase; ) # daaserthupo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|tk"; nocase; ) # daceduyokon.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daceduyokon|02|ga"; nocase; ) # dbdrivers.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dbdrivers|03|biz"; nocase; ) # dcfastgroup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dcfastgroup|03|com"; nocase; ) # debulittro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|debulittro|03|com"; nocase; ) # decidearticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|decidearticle|03|net"; nocase; ) # deertraefople.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|deertraefople|03|com"; nocase; ) # deervalleyassociation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|deervalleyassociation|03|com"; nocase; ) # defencereview.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|defencereview|02|eu"; nocase; ) # delivery-yahoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|delivery-yahoo|03|com"; nocase; ) # delivery.dpis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|delivery|04|dpis|03|com"; nocase; ) # designsbytony.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|designsbytony|02|co"; nocase; ) # desixb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|desixb|03|com"; nocase; ) # detter.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|detter|02|co|02|vu"; nocase; ) # developarea.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|developarea|04|mooo|03|com"; nocase; ) # dfrank.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dfrank|03|top"; nocase; ) # dicemention.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dicemention|03|com"; nocase; ) # differentia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|differentia|02|ru"; nocase; ) # dkilograzmvovuf3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|tk"; nocase; ) # dll-host.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|dll-host|03|com"; nocase; ) # dllupdate.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dllupdate|04|info"; nocase; ) # dns22dns22.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dns22dns22|02|ru"; nocase; ) # dnshost5577.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dnshost5577|03|com"; nocase; ) # dnsmask.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dnsmask|04|info"; nocase; ) # dnsportal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dnsportal|04|info"; nocase; ) # dnsupdate.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dnsupdate|04|info"; nocase; ) # dnt5b.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dnt5b|04|myfw|02|us"; nocase; ) # docscountry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|docscountry|03|com"; nocase; ) # docustoragebank.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|docustoragebank|03|com"; nocase; ) # doefruevtan.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|doefruevtan|04|ddns|03|net"; nocase; ) # dotpago.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dotpago|04|ddns|03|net"; nocase; ) # doubtangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|doubtangry|03|net"; nocase; ) # drive-google.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|drive-google|02|co"; nocase; ) # drygvovanemzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|tk"; nocase; ) # drygvovanemzz4.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|cf"; nocase; ) # drygvovanemzz4.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|ga"; nocase; ) # drygvovanemzz4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|gq"; nocase; ) # drygvovanemzz4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|tk"; nocase; ) # duteraneh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|duteraneh|03|com"; nocase; ) # duwugunuwaqauk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|duwugunuwaqauk|04|ddns|03|net"; nocase; ) # dwc5cbjada.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dwc5cbjada|03|net"; nocase; ) # dynaunit.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|dynaunit|04|info"; nocase; ) # dyndns.tv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dyndns|02|tv"; nocase; ) # e4aibjtrguqlyaow.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|e4aibjtrguqlyaow|05|onion"; nocase; ) # ebookedit.ticp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ebookedit|04|ticp|03|net"; nocase; ) # ecunxoorokonw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ecunxoorokonw|04|ddns|03|net"; nocase; ) # efiop.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|efiop|04|info"; nocase; ) # egbowantedjs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|egbowantedjs|04|ddns|03|net"; nocase; ) # ehsni4523ro414k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ehsni4523ro414k|04|ddns|03|net"; nocase; ) # eifaesbicardmegamall.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|eifaesbicardmegamall|03|net"; nocase; ) # eke.pe.hu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|eke|02|pe|02|hu"; nocase; ) # elimi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|elimi|03|net"; nocase; ) # elorfans4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans4|03|com"; nocase; ) # elorfans6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans6|03|com"; nocase; ) # enherthadugh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|enherthadugh|02|ru"; nocase; ) # erazzers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|erazzers|03|com"; nocase; ) # ercehuhowi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ercehuhowi|04|ddns|03|net"; nocase; ) # estuty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|estuty|03|com"; nocase; ) # etam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|etam|03|com"; nocase; ) # etdt.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|etdt|05|cable|02|nu"; nocase; ) # etsnmxe2gn3hwdq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|etsnmxe2gn3hwdq|04|ddns|03|net"; nocase; ) # europeanda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|europeanda|03|com"; nocase; ) # ewillsin.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ewillsin|04|ddns|03|net"; nocase; ) # f4b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|f4b7|02|tk"; nocase; ) # fandanfos.xhc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fandanfos|03|xhc|02|ru"; nocase; ) # farialsabrina.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|farialsabrina|03|com"; nocase; ) # fastserviceworld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|fastserviceworld|03|com"; nocase; ) # fastssamplestrash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fastssamplestrash|03|com"; nocase; ) # fdfddffdfdfhyyuyuyrjhy.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|fdfddffdfdfhyyuyuyrjhy|02|co|02|vu"; nocase; ) # fdshjfsh324332432.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fdshjfsh324332432|03|com"; nocase; ) # fergerama.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fergerama|03|com"; nocase; ) # fermentzone.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fermentzone|03|com"; nocase; ) # ferom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ferom|03|org"; nocase; ) # fezhvfw.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|fezhvfw|02|yi|03|org"; nocase; ) # fflord25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fflord25|03|com"; nocase; ) # financialnewsonline.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|financialnewsonline|02|pw"; nocase; ) # financialwiki.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|financialwiki|02|pw"; nocase; ) # flierunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|flierunderstand|03|net"; nocase; ) # fmension.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fmension|02|tk"; nocase; ) # forboringbusinesses.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|forboringbusinesses|03|com"; nocase; ) # foryousee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000256; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|foryousee|03|net"; nocase; ) # free1999.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000257; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|free1999|04|jkub|03|com"; nocase; ) # freemsk-dns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000258; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|freemsk-dns|03|com"; nocase; ) # freeteenpornvideo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000259; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|freeteenpornvideo|03|org"; nocase; ) # fridayroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000260; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fridayroad|03|net"; nocase; ) # fscurat20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000261; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fscurat20|03|com"; nocase; ) # fuckingsh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000262; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fuckingsh|03|com"; nocase; ) # fulplanet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000263; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fulplanet|03|com"; nocase; ) # futurecomtechnologies.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000264; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|futurecomtechnologies|03|com"; nocase; ) # futuresgolda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000265; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|futuresgolda|03|com"; nocase; ) # fuxee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000266; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|fuxee|03|com"; nocase; ) # g1osp1odin1ytui1dayn1vova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000267; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|gq"; nocase; ) # gabro.xxuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000268; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|gabro|04|xxuz|03|com"; nocase; ) # gavnsxuwkavova3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000269; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|cf"; nocase; ) # gavnsxuwkavova3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000270; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|tk"; nocase; ) # gavnuwkavova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000271; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|ga"; nocase; ) # gazetaipeuna.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000272; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gazetaipeuna|03|com|02|br"; nocase; ) # gecko.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000273; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|gecko|04|jkub|03|com"; nocase; ) # genuine-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000274; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|genuine-check|03|com"; nocase; ) # genuineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000275; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|genuineupdate|03|com"; nocase; ) # geordie.land [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000276; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|geordie|04|land"; nocase; ) # geosaiti.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000277; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|geosaiti|02|ru"; nocase; ) # gfimail.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000278; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gfimail|02|us"; nocase; ) # giga-flock.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000279; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|giga-flock|03|com"; nocase; ) # globalnetworkanalys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000280; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|globalnetworkanalys|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # go-upload.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000281; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|go-upload|02|ru"; nocase; ) # goldennavratnacuopon.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000282; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|goldennavratnacuopon|03|com"; nocase; ) # good.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000283; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|good|03|wha|02|la"; nocase; ) # goodbizez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000284; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|goodbizez|03|com"; nocase; ) # goodnewspaper.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000285; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|goodnewspaper|04|gicp|03|net"; nocase; ) # goods11.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000286; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|goods11|04|ddns|03|net"; nocase; ) # google-user-cache.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000287; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|google-user-cache|03|com"; nocase; ) # googlemailservice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000288; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|googlemailservice|03|com"; nocase; ) # googlewebcache.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000289; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|googlewebcache|03|com"; nocase; ) # googleyndication.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000290; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|googleyndication|03|com"; nocase; ) # gospodinytuidaynvova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000291; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|cf"; nocase; ) # gospodinytuidaynvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000292; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|ga"; nocase; ) # gospodinytuidaynvova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000293; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|ml"; nocase; ) # gospodinytuidaynvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000294; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|tk"; nocase; ) # gouhumuvelcua.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000295; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gouhumuvelcua|04|ddns|03|net"; nocase; ) # gqzrdawmmvaalpevd0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000296; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|gqzrdawmmvaalpevd0|03|com"; nocase; ) # greencastleadvantage.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000297; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|greencastleadvantage|03|com"; nocase; ) # greensky27.vcip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000298; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|greensky27|04|vcip|03|net"; nocase; ) # groeneweg-smb.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000299; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|groeneweg-smb|02|nl"; nocase; ) # guest-access.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000300; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|guest-access|03|net"; nocase; ) # gurtgusinoi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000301; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gurtgusinoi|03|com"; nocase; ) # guttechhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000302; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|guttechhelp|03|com"; nocase; ) # gypqlkwgkmzapx33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000303; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gypqlkwgkmzapx33|03|com"; nocase; ) # h3yiloavovka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000304; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|h3yiloavovka|02|gq"; nocase; ) # harry150.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000305; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|harry150|04|ddns|03|net"; nocase; ) # hcaheathcare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000306; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hcaheathcare|03|com"; nocase; ) # hedattoftle.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000307; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hedattoftle|02|ru"; nocase; ) # heethai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000308; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|heethai|03|com"; nocase; ) # help-save-wildlife.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000309; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|help-save-wildlife|03|com"; nocase; ) # helpcenter2br6932.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000310; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|helpcenter2br6932|02|cc"; nocase; ) # helpdesk.lnip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000311; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|helpdesk|04|lnip|03|org"; nocase; ) # helthnews.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000312; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|helthnews|02|ga"; nocase; ) # heritageblog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000313; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|heritageblog|03|org"; nocase; ) # herura.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000314; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|herura|04|ddns|03|net"; nocase; ) # hevpazana.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000315; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hevpazana|03|org"; nocase; ) # hhpro.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000316; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|hhpro|02|tk"; nocase; ) # holipolks12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000317; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|holipolks12|03|com"; nocase; ) # holodpvovocs4hka23.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000318; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|cf"; nocase; ) # holodpvovocs4hka23.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000319; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|ga"; nocase; ) # holodpvovocs4hka23.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000320; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|gq"; nocase; ) # hoomoimtex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000321; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hoomoimtex|03|com"; nocase; ) # horizons-tourisme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000322; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|horizons-tourisme|03|com"; nocase; ) # howthatficy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000323; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|howthatficy|02|ru"; nocase; ) # hpareyouhereqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000324; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|hpareyouhereqq|03|com"; nocase; ) # htkg009.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000325; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|htkg009|04|gicp|03|net"; nocase; ) # hulahope.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000326; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hulahope|04|mooo|03|com"; nocase; ) # humanbeing2009.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000327; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|humanbeing2009|04|gicp|03|net"; nocase; ) # huosinamu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000328; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|huosinamu|04|ddns|03|net"; nocase; ) # hyihyimel.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000329; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hyihyimel|02|kz"; nocase; ) # icafyfootsinso.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000330; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|icafyfootsinso|02|ru"; nocase; ) # iezqmd4s2fflmh7n.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000331; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iezqmd4s2fflmh7n|05|onion"; nocase; ) # imagescdn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000332; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|imagescdn|02|ru"; nocase; ) # imkosan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000333; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|imkosan|03|net"; nocase; ) # indexbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000334; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|indexbb|03|com"; nocase; ) # industrywork.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000335; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|industrywork|04|mooo|03|com"; nocase; ) # ineedj0b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000336; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ineedj0b|03|com"; nocase; ) # infomcheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000337; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|infomcheck|03|com"; nocase; ) # innerspacestudio.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000338; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|innerspacestudio|02|co|02|uk"; nocase; ) # inpoucher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000339; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|inpoucher|03|com"; nocase; ) # inspiretradeexpo.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000340; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|inspiretradeexpo|02|co|02|za"; nocase; ) # integratedmedtech.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000341; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|integratedmedtech|03|com"; nocase; ) # intelnetservice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000342; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|intelnetservice|03|com"; nocase; ) # internetcalxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000343; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|internetcalxa|03|com"; nocase; ) # intexfunclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000344; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|intexfunclub|03|com"; nocase; ) # ipcorrect.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000345; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ipcorrect|04|ddns|03|net"; nocase; ) # itsec.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000346; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|itsec|04|eicp|03|net"; nocase; ) # jamestommyyy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000347; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|jamestommyyy|04|ddns|03|net"; nocase; ) # jblhidraulica.ind.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000348; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|jblhidraulica|03|ind|02|br"; nocase; ) # jeihodisneyturkiye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000349; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|jeihodisneyturkiye|03|com"; nocase; ) # jhgfskjfshgjkfhgkjfsghf.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000350; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|jhgfskjfshgjkfhgkjfsghf|02|co|02|vu"; nocase; ) # jmxkowzoen.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000351; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jmxkowzoen|04|info"; nocase; ) # jpsaleyes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000352; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|jpsaleyes|03|com"; nocase; ) # jry1234.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000353; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|jry1234|04|ddns|03|net"; nocase; ) # jtrho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000354; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jtrho|03|net"; nocase; ) # judalien.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000355; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|judalien|04|ddns|03|net"; nocase; ) # juegosderestaurantesgratis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000356; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1a|juegosderestaurantesgratis|03|net"; nocase; ) # jugainfghjfghfffhfhfhfgj.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000357; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|jugainfghjfghfffhfhfhfgj|02|co|02|vu"; nocase; ) # jviincentthailand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000358; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|jviincentthailand|03|com"; nocase; ) # jyjhsvgkpeni0g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000359; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|jyjhsvgkpeni0g|03|com"; nocase; ) # jzkebkiznfttde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000360; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|jzkebkiznfttde|03|com"; nocase; ) # k2l8z1yeodm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000361; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2l8z1yeodm|04|info"; nocase; ) # k2zbz1yeodm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000362; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2zbz1yeodm|04|info"; nocase; ) # kakoi5getulo5hvov5a.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000363; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|cf"; nocase; ) # kakoi5getulo5hvov5a.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000364; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|gq"; nocase; ) # kakoigetulohvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000365; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kakoigetulohvova|02|gq"; nocase; ) # kaktusvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000366; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaktusvovu|02|gq"; nocase; ) # kalakuta1221.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000367; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kalakuta1221|04|ddns|03|net"; nocase; ) # kaprizylka.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000368; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|ml"; nocase; ) # karlsadroch27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000369; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|karlsadroch27|03|com"; nocase; ) # kashbox.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000370; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kashbox|02|ru"; nocase; ) # kb63vhjuk3wh4ex7.onion.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000371; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kb63vhjuk3wh4ex7|05|onion|02|to"; nocase; ) # kcdjqxk4jjwzjopq.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000372; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kcdjqxk4jjwzjopq|05|onion"; nocase; ) # kilaxuntf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000373; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|kilaxuntf|02|ru"; nocase; ) # kilogramvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000374; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|ga"; nocase; ) # kilogramvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000375; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|ml"; nocase; ) # korolewskans.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000376; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|korolewskans|02|ml"; nocase; ) # kosnetsyanetolko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000377; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kosnetsyanetolko|03|com"; nocase; ) # kpddkeeded.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000378; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|gq"; nocase; ) # krusperon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000379; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|krusperon|03|net"; nocase; ) # kuytrj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000380; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|kuytrj|02|eu"; nocase; ) # kyawthumyin.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000381; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kyawthumyin|04|xicp|03|net"; nocase; ) # lamb-site.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000382; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lamb-site|03|com"; nocase; ) # lambada.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000383; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lambada|02|co|02|vu"; nocase; ) # lamusica-dj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000384; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lamusica-dj|03|com"; nocase; ) # largefifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000385; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|largefifteen|03|net"; nocase; ) # lastmoon.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000386; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lastmoon|04|mooo|03|com"; nocase; ) # laurence-chocolate.gr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000387; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|laurence-chocolate|02|gr"; nocase; ) # lawkimsun.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000388; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lawkimsun|04|ddns|03|net"; nocase; ) # leakforums.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000389; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|leakforums|03|com"; nocase; ) # leeroywork3.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000390; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|leeroywork3|02|co"; nocase; ) # leftterbutbet.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000391; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|leftterbutbet|02|ru"; nocase; ) # lemptyzp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000392; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lemptyzp|03|org"; nocase; ) # leveldelta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000393; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|leveldelta|03|com"; nocase; ) # lifelight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000394; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lifelight|03|net"; nocase; ) # linkedim.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000395; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|linkedim|02|in"; nocase; ) # linturefa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000396; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|linturefa|03|com"; nocase; ) # liptona.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000397; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|liptona|03|net"; nocase; ) # listmypropertyfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000398; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|listmypropertyfree|03|com"; nocase; ) # litramoloka.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000399; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|litramoloka|02|ru"; nocase; ) # localgateway.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000400; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|localgateway|04|info"; nocase; ) # lofubnzmegl1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000401; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|lofubnzmegl1v|03|com"; nocase; ) # loopowakm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000402; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|loopowakm|04|ddns|03|net"; nocase; ) # looxnaaluhotw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000403; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|looxnaaluhotw|04|ddns|03|net"; nocase; ) # lsassoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000404; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lsassoc|03|com"; nocase; ) # ltedown.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000405; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ltedown|03|com"; nocase; ) # m2kcjcj2ifj8x1o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000406; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2kcjcj2ifj8x1o|03|biz"; nocase; ) # m7lea5yck9i3l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000407; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|m7lea5yck9i3l|03|biz"; nocase; ) # machupicchuviagem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000408; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|machupicchuviagem|03|com"; nocase; ) # macstore.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000409; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|macstore|04|vicp|02|cc"; nocase; ) # mail-news.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000410; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mail-news|04|eicp|03|net"; nocase; ) # mail-ukr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000411; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mail-ukr|03|net"; nocase; ) # mailyandexru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000412; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mailyandexru|03|com"; nocase; ) # maininvoicegate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000413; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|maininvoicegate|03|com"; nocase; ) # manafasia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000414; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|manafasia|03|com"; nocase; ) # marktingvb.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000415; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|marktingvb|02|ml"; nocase; ) # martyanovdrweb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000416; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|martyanovdrweb|03|com"; nocase; ) # marzie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000417; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|marzie|03|org"; nocase; ) # mashinkhabar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000418; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mashinkhabar|03|com"; nocase; ) # masteryuga.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000419; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|masteryuga|02|ru"; nocase; ) # mcm-yachtmanagement.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000420; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|mcm-yachtmanagement|03|com"; nocase; ) # mediahitech.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000421; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mediahitech|04|info"; nocase; ) # mediarea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000422; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mediarea|03|org"; nocase; ) # mediastock.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000423; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mediastock|04|otzo|03|com"; nocase; ) # melding-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000424; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|melding-technology|03|com"; nocase; ) # melon25.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000425; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|melon25|02|ru"; nocase; ) # menstoreins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000426; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|menstoreins|03|com"; nocase; ) # metaframeworkshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000427; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|metaframeworkshop|03|com"; nocase; ) # microsoft-warning.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000428; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoft-warning|03|com"; nocase; ) # microsoftosupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000429; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoftosupdate|03|com"; nocase; ) # microsoftupdateserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000430; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|microsoftupdateserver|03|net"; nocase; ) # midehefo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000431; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|midehefo|02|ru"; nocase; ) # militaryobserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000432; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|militaryobserver|03|net"; nocase; ) # mirefocus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000433; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mirefocus|03|com"; nocase; ) # mivibicoruq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000434; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mivibicoruq|04|ddns|03|net"; nocase; ) # modelstarinvo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000435; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|modelstarinvo|03|com"; nocase; ) # molokalitra.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000436; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|molokalitra|02|ru"; nocase; ) # morelikestoday.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000437; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|morelikestoday|03|com"; nocase; ) # morning3.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000438; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|morning3|02|ru"; nocase; ) # moukenji.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000439; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|moukenji|04|ddns|03|net"; nocase; ) # mousegigiop.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000440; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mousegigiop|02|co|02|vu"; nocase; ) # mozillaplagins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000441; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mozillaplagins|03|com"; nocase; ) # mp3miner.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000442; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mp3miner|03|com"; nocase; ) # mpandroid-filin.mail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000443; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mpandroid-filin|04|mail|02|ru"; nocase; ) # ms-software-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000444; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ms-software-update|03|com"; nocase; ) # muavosecit.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000445; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|muavosecit|04|ddns|03|net"; nocase; ) # mukor.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000446; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mukor|04|ddns|03|net"; nocase; ) # mvwjg0knary23je.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000447; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mvwjg0knary23je|04|ddns|03|net"; nocase; ) # myanmartech.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000448; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|myanmartech|04|vicp|03|net"; nocase; ) # mydeyuming.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000449; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mydeyuming|05|cable|02|nu"; nocase; ) # myfishdown.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000450; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|myfishdown|03|com"; nocase; ) # myloveforever.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000451; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|myloveforever|03|biz"; nocase; ) # mypcoptimizerpro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000452; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|mypcoptimizerpro|03|com"; nocase; ) # myrorecrab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000453; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|myrorecrab|03|com"; nocase; ) # mysync.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000454; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mysync|04|info"; nocase; ) # mytelkomsel.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000455; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mytelkomsel|02|co"; nocase; ) # mywatchkopi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000456; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mywatchkopi|03|com"; nocase; ) # natoexhibitionff14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000457; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|natoexhibitionff14|03|com"; nocase; ) # natopress.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000458; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|natopress|03|com"; nocase; ) # naturstein-schubert.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000459; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|naturstein-schubert|02|de"; nocase; ) # navicompany.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000460; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|navicompany|03|com"; nocase; ) # nawerhuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000461; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nawerhuy|03|com"; nocase; ) # neochenvezhlivo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000462; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|neochenvezhlivo|03|com"; nocase; ) # nestedmail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000463; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nestedmail|03|com"; nocase; ) # network-acs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000464; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|network-acs|03|biz"; nocase; ) # networkupdate.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000465; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|networkupdate|03|net"; nocase; ) # newbalance-schoenen.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000466; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|newbalance-schoenen|02|nl"; nocase; ) # newdowr.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000467; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|newdowr|04|otzo|03|com"; nocase; ) # newwhitehouse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000468; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|newwhitehouse|03|org"; nocase; ) # newyorkonlin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000469; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|newyorkonlin|03|com"; nocase; ) # ngcontabil.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000470; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ngcontabil|03|com|02|br"; nocase; ) # nividu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000471; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nividu|03|com"; nocase; ) # njdyqrbioh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000472; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|njdyqrbioh|04|info"; nocase; ) # nohissandbo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000473; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nohissandbo|02|ru"; nocase; ) # noproblemsbro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000474; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|noproblemsbro|03|com"; nocase; ) # northropgrumman.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000475; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|northropgrumman|03|net"; nocase; ) # novartis-it.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000476; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|novartis-it|03|com"; nocase; ) # nowruzbakher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000477; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|nowruzbakher|03|com"; nocase; ) # nvidiasoft.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000478; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nvidiasoft|04|info"; nocase; ) # nwlxjqxstxclgngbw7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000479; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|nwlxjqxstxclgngbw7|03|com"; nocase; ) # nytunion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000480; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nytunion|03|com"; nocase; ) # nytuvo123vaigavno.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000481; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|cf"; nocase; ) # nytuvo123vaigavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000482; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|ml"; nocase; ) # o8s8i0qt74mjwbi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000483; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|o8s8i0qt74mjwbi|04|ddns|03|net"; nocase; ) # oah5w1w4uee8s1v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000484; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oah5w1w4uee8s1v|03|biz"; nocase; ) # oaxey7m0lde8s1v.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000485; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oaxey7m0lde8s1v|04|info"; nocase; ) # obwihecidik.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000486; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|obwihecidik|04|ddns|03|net"; nocase; ) # ociqusdal.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000487; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ociqusdal|04|ddns|03|net"; nocase; ) # ohmeisecurepay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000488; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ohmeisecurepay|03|net"; nocase; ) # ohtepmoesic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000489; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ohtepmoesic|03|com"; nocase; ) # oikujyhgt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000490; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oikujyhgt|02|co|02|vu"; nocase; ) # olkaerxedus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000491; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|olkaerxedus|04|ddns|03|net"; nocase; ) # ondereteveng.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000492; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ondereteveng|02|ru"; nocase; ) # oofexsumtel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000493; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|oofexsumtel|03|net"; nocase; ) # ootuwtdautofinance.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000494; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ootuwtdautofinance|03|net"; nocase; ) # opacutebmadufo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000495; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|opacutebmadufo|04|ddns|03|net"; nocase; ) # opudernsaqwer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000496; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|opudernsaqwer|03|com"; nocase; ) # orsai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000497; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|orsai|03|net"; nocase; ) # othersforrep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000498; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|othersforrep|03|com"; nocase; ) # overpict.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000499; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|overpict|03|com"; nocase; ) # owwiloxvthttt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000500; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|owwiloxvthttt1|03|com"; nocase; ) # paradise-plaza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000501; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|paradise-plaza|03|com"; nocase; ) # pardijusat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000502; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pardijusat|02|ru"; nocase; ) # pbcgmmympm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000503; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pbcgmmympm|04|info"; nocase; ) # pebulelet.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000504; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pebulelet|02|ru"; nocase; ) # philippinenews.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000505; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|philippinenews|04|mooo|03|com"; nocase; ) # philstarnotice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000506; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|philstarnotice|03|com"; nocase; ) # pienadigrazia.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000507; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|pienadigrazia|05|space"; nocase; ) # piragikolos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000508; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|piragikolos|03|com"; nocase; ) # pivuogusodtoku.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000509; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pivuogusodtoku|04|ddns|03|net"; nocase; ) # pobbib.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000510; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pobbib|02|co|02|vu"; nocase; ) # polarroute.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000511; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|polarroute|03|com"; nocase; ) # pollaid.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000512; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|pollaid|02|co|02|vu"; nocase; ) # pondoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000513; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pondoq|03|org"; nocase; ) # popskypevideo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000514; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popskypevideo|03|net"; nocase; ) # popvideoskype.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000515; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popvideoskype|03|com"; nocase; ) # popvideoskype.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000516; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popvideoskype|04|info"; nocase; ) # portright.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000517; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|portright|03|org"; nocase; ) # posed2shade.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000518; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|posed2shade|03|com"; nocase; ) # post409.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000519; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|post409|03|org"; nocase; ) # postmun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000520; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|postmun|03|com"; nocase; ) # potopland.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000521; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|potopland|03|com"; nocase; ) # powerofthemind1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000522; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|powerofthemind1|04|ddns|03|net"; nocase; ) # pradahandbagsshoes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000523; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pradahandbagsshoes|03|com"; nocase; ) # precueairtight.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000524; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|precueairtight|02|ru"; nocase; ) # princelarry.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000525; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|princelarry|04|ddns|03|net"; nocase; ) # processrep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000526; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|processrep|03|com"; nocase; ) # purvis-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000527; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|purvis-manager|03|com"; nocase; ) # putesysae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000528; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|putesysae|03|com"; nocase; ) # q5ncv0dekcm8a1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000529; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5ncv0dekcm8a1p|03|biz"; nocase; ) # q5w0g7cbcem8a1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000530; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5w0g7cbcem8a1p|03|biz"; nocase; ) # quality-shopper.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000531; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|quality-shopper|03|com"; nocase; ) # queryforworld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000532; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|queryforworld|03|com"; nocase; ) # quickboot.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000533; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|quickboot|04|info"; nocase; ) # quickdomainfwd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000534; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|quickdomainfwd|03|com"; nocase; ) # qvllupuqjknz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000535; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|qvllupuqjknz5|03|com"; nocase; ) # qwertygontul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000536; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|qwertygontul|03|com"; nocase; ) # raceroom.ch [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000537; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|raceroom|02|ch"; nocase; ) # randomfruits.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000538; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|randomfruits|03|net"; nocase; ) # rapidlyserv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000539; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rapidlyserv|03|com"; nocase; ) # raydonovan2015.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000540; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|raydonovan2015|04|ddns|03|net"; nocase; ) # realy.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000541; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|realy|04|mooo|03|com"; nocase; ) # redbluffchamber.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000542; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|redbluffchamber|03|com"; nocase; ) # redlrect-403av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000543; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redlrect-403av|03|com"; nocase; ) # redwithtertreb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000544; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redwithtertreb|02|ru"; nocase; ) # regcon-asia.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000545; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|regcon-asia|02|kz"; nocase; ) # renrefhedked.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000546; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|renrefhedked|02|ru"; nocase; ) # renwitedrom.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000547; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|renwitedrom|02|ru"; nocase; ) # repherfeted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000548; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|repherfeted|03|com"; nocase; ) # restavratormira.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000549; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|restavratormira|02|ru"; nocase; ) # reswahatce.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000550; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|reswahatce|02|ru"; nocase; ) # ricesmart.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000551; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ricesmart|03|com"; nocase; ) # rnil.am [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000552; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|rnil|02|am"; nocase; ) # rocaexesti.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000553; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|rocaexesti|04|ddns|03|net"; nocase; ) # rofhanrighhen.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000554; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rofhanrighhen|02|ru"; nocase; ) # roshanavar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000555; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|roshanavar|03|com"; nocase; ) # roshav5xxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000556; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|roshav5xxx|03|com"; nocase; ) # rubiccrum.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000557; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|rubiccrum|03|com"; nocase; ) # runaie7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000558; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|runaie7s|03|com"; nocase; ) # sacs-vetements-techniques.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000559; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|sacs-vetements-techniques|03|com"; nocase; ) # samuel-volke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000560; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|samuel-volke|03|com"; nocase; ) # savmpet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000561; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|savmpet|03|com"; nocase; ) # scara124.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000562; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|scara124|03|com"; nocase; ) # scolapedia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000563; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|scolapedia|03|org"; nocase; ) # scpkrp.gmx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000564; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|scpkrp|03|gmx"; nocase; ) # sdfochekvovu4.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000565; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|ga"; nocase; ) # seasonunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000566; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|seasonunderstand|03|net"; nocase; ) # sec-enhanced.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000567; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|sec-enhanced|03|org"; nocase; ) # securedtonnel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000568; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|securedtonnel|03|net"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # sefan.az [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000569; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|sefan|02|az"; nocase; ) # sek-sociology.gr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000570; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sek-sociology|02|gr"; nocase; ) # selkrom.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000571; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|selkrom|04|ddns|03|net"; nocase; ) # sells-store.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000572; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sells-store|03|com"; nocase; ) # seouldhaka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000573; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|seouldhaka|03|com"; nocase; ) # serbiotecnicos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000574; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|serbiotecnicos|03|com"; nocase; ) # serch.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000575; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|serch|04|vicp|03|net"; nocase; ) # seronet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000576; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|seronet|03|com"; nocase; ) # service-logins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000577; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|service-logins|03|com"; nocase; ) # sestoreinv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000578; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|sestoreinv|03|com"; nocase; ) # seven-sky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000579; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|seven-sky|03|org"; nocase; ) # sfcorporation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000580; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sfcorporation|03|com"; nocase; ) # shahcsxkszx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000581; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|shahcsxkszx|03|com"; nocase; ) # sharedquestdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000582; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sharedquestdo|03|net"; nocase; ) # shenron.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000583; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|shenron|02|su"; nocase; ) # shinkhek.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000584; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|shinkhek|04|myfw|02|us"; nocase; ) # shoppingkopi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000585; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|shoppingkopi|03|com"; nocase; ) # shrook.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000586; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|shrook|04|mooo|03|com"; nocase; ) # shyouth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000587; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|shyouth|03|org"; nocase; ) # sixt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000588; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|sixt|03|com"; nocase; ) # smallconfigs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000589; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|smallconfigs|03|com"; nocase; ) # smigroup-online.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000590; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|smigroup-online|02|co|02|uk"; nocase; ) # softinc.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000591; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|softinc|02|pw"; nocase; ) # softjohn.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000592; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|softjohn|04|ddns|02|us"; nocase; ) # softmy.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000593; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|softmy|04|jkub|03|com"; nocase; ) # solicitorsassociates.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000594; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|solicitorsassociates|03|org"; nocase; ) # srut12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000595; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|srut12|03|com"; nocase; ) # ssl-vaeit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000596; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ssl-vaeit|03|com"; nocase; ) # stafftest.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000597; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stafftest|02|ru"; nocase; ) # stat777-toolbarueries-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000598; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|stat777-toolbarueries-google|03|com"; nocase; ) # state-bicycle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000599; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|state-bicycle|03|com"; nocase; ) # store-legal.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000600; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|store-legal|03|biz"; nocase; ) # stovelall.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000601; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stovelall|03|com"; nocase; ) # streetunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000602; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|streetunderstand|03|net"; nocase; ) # sunibi.se [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000603; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|sunibi|02|se"; nocase; ) # superzhopper.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000604; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|superzhopper|03|com"; nocase; ) # suporteonlinesicredi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000605; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|suporteonlinesicredi|03|com"; nocase; ) # svchost-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000606; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|svchost-check|03|com"; nocase; ) # sykavovalohzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000607; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|ga"; nocase; ) # synclock.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000608; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|synclock|04|info"; nocase; ) # t3rr0r.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000609; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|t3rr0r|04|ddns|03|net"; nocase; ) # teamrewardz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000610; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|teamrewardz|03|com"; nocase; ) # teknation-brighttube-zoomtag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000611; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|teknation-brighttube-zoomtag|03|net"; nocase; ) # terethaundv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000612; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|terethaundv|02|ru"; nocase; ) # thaibtxtnation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000613; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|thaibtxtnation|03|com"; nocase; ) # thenavodayaacademy.edu.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000614; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|thenavodayaacademy|03|edu|02|in"; nocase; ) # thenjechap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000615; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|thenjechap|03|com"; nocase; ) # tibetanculture.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000616; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|tibetanculture|03|org"; nocase; ) # tiiztm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000617; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|tiiztm|03|com"; nocase; ) # timechk11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000618; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|com"; nocase; ) # timechk11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000619; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|org"; nocase; ) # timechk16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000620; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk16|03|com"; nocase; ) # timechk19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000621; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk19|03|com"; nocase; ) # timechk19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000622; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk19|03|org"; nocase; ) # timechk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000623; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk2|03|net"; nocase; ) # timechk2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000624; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk2|03|org"; nocase; ) # timechk20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000625; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|net"; nocase; ) # timechk20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000626; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|org"; nocase; ) # timechk21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000627; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk21|03|org"; nocase; ) # timechk24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000628; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk24|03|com"; nocase; ) # timechk24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000629; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk24|03|net"; nocase; ) # timechk25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000630; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|net"; nocase; ) # timechk25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000631; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|org"; nocase; ) # timechk26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000632; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk26|03|org"; nocase; ) # timechk27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000633; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk27|03|net"; nocase; ) # timechk29.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000634; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk29|03|org"; nocase; ) # timechk3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000635; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk3|03|net"; nocase; ) # timechk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000636; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|net"; nocase; ) # timechk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000637; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|org"; nocase; ) # timechk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000638; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|com"; nocase; ) # timechk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000639; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk7|03|net"; nocase; ) # timechk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000640; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk8|03|com"; nocase; ) # timechk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000641; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|net"; nocase; ) # timelywebsitehostesses.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000642; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|timelywebsitehostesses|03|com"; nocase; ) # tiptoptours.com.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000643; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tiptoptours|03|com|02|hk"; nocase; ) # tisone360.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000644; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tisone360|03|org"; nocase; ) # tkprinter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000645; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tkprinter|03|com"; nocase; ) # toldontinwi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000646; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|toldontinwi|02|ru"; nocase; ) # tonda.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000647; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tonda|02|tk"; nocase; ) # top1-seo-service.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000648; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|top1-seo-service|03|com"; nocase; ) # topnotchtennistours.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000649; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|topnotchtennistours|03|com"; nocase; ) # tpalmer1955.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000650; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tpalmer1955|04|ddns|03|net"; nocase; ) # tptravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000651; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tptravel|03|net"; nocase; ) # tradebroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000652; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tradebroad|03|net"; nocase; ) # traffic-spot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000653; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|traffic-spot|03|com"; nocase; ) # traider-pro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000654; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|traider-pro|03|com"; nocase; ) # trash4docs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000655; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trash4docs|03|com"; nocase; ) # travel-maps.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000656; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|travel-maps|04|info"; nocase; ) # treeeww.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000657; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|treeeww|02|co|02|vu"; nocase; ) # trksrv.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000658; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|trksrv|02|su"; nocase; ) # trueadsworld.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000659; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|trueadsworld|02|in"; nocase; ) # trusplus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000660; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|trusplus|04|ddns|03|net"; nocase; ) # tsgoogoo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000661; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tsgoogoo|03|net"; nocase; ) # ttteco.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000662; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ttteco|04|vicp|03|net"; nocase; ) # tubiebikceli.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000663; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tubiebikceli|04|ddns|03|net"; nocase; ) # tumanimoskal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000664; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tumanimoskal|03|com"; nocase; ) # tvnew.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000665; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tvnew|04|otzo|03|com"; nocase; ) # twitterbug-flashpedia-skipster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000666; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1e|twitterbug-flashpedia-skipster|03|net"; nocase; ) # tychebruke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000667; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tychebruke|03|com"; nocase; ) # ubaoyouxiang.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000668; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ubaoyouxiang|04|gicp|03|net"; nocase; ) # ubeisyavovapls.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000669; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|ga"; nocase; ) # ubeisyavovapls.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000670; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|ml"; nocase; ) # ucsauhdune.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000671; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ucsauhdune|04|ddns|03|net"; nocase; ) # udaore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000672; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|udaore|03|com"; nocase; ) # ughimsinna.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000673; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ughimsinna|02|ru"; nocase; ) # ughwagerew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000674; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ughwagerew|02|ru"; nocase; ) # uhrixaloduuse.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000675; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|uhrixaloduuse|04|ddns|03|net"; nocase; ) # uicahmahadhifa-twekzlibz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000676; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|uicahmahadhifa-twekzlibz|03|com"; nocase; ) # uisoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000677; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uisoa|03|com"; nocase; ) # undvemofo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000678; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|undvemofo|02|ru"; nocase; ) # unisers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000679; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|unisers|03|com"; nocase; ) # unwashedsound.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000680; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|unwashedsound|03|com"; nocase; ) # uowcvvknkrtipj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000681; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|uowcvvknkrtipj|03|com"; nocase; ) # up.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000682; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|up|03|uae|03|kim"; nocase; ) # update-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000683; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|update-genuine|03|com"; nocase; ) # updatewindowsplayer.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000684; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|updatewindowsplayer|02|ga"; nocase; ) # urgalxjef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000685; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|urgalxjef|03|com"; nocase; ) # us-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000686; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|us-update|03|com"; nocase; ) # utwithdehan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000687; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|utwithdehan|03|com"; nocase; ) # uwuhuhawidb.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000688; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|uwuhuhawidb|04|ddns|03|net"; nocase; ) # vassabgg.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000689; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vassabgg|02|pw"; nocase; ) # vdrygvovanemydak55.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000690; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak55|02|tk"; nocase; ) # vdrygvovanemydak77.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000691; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|gq"; nocase; ) # vdrygvovanemydak77.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000692; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|tk"; nocase; ) # vectallies.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000693; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|vectallies|03|org"; nocase; ) # vellyboyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000694; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vellyboyz|03|com"; nocase; ) # vendorboltasticrobust.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000695; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|vendorboltasticrobust|03|net"; nocase; ) # veronefosof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000696; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|veronefosof|03|com"; nocase; ) # versionfive.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000697; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|versionfive|04|ddns|03|net"; nocase; ) # veslike.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000698; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|veslike|03|com"; nocase; ) # videoskype24.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000699; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|videoskype24|02|ru"; nocase; ) # viewror.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000700; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|viewror|03|com"; nocase; ) # vkcom100i.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000701; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vkcom100i|02|ru"; nocase; ) # vlinkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000702; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|vlinkz|03|com"; nocase; ) # vo55nehuevotak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000703; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vo55nehuevotak|02|ga"; nocase; ) # vovapizdadolboebgh.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000704; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|ml"; nocase; ) # vovapro100gandon23.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000705; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|ga"; nocase; ) # vovapro100gandon23.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000706; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|tk"; nocase; ) # voveholodnozimoi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000707; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|cf"; nocase; ) # vovenehuevotak.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000708; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|ml"; nocase; ) # vovenehuevotak.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000709; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|tk"; nocase; ) # vovewegdfnozimoi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000710; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|ga"; nocase; ) # vxmsrlsanrcilyb7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000711; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vxmsrlsanrcilyb7o|03|com"; nocase; ) # waeservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000712; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|waeservices|03|com"; nocase; ) # wangluoruanjian.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000713; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|wangluoruanjian|03|com"; nocase; ) # watertrouble.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000714; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|watertrouble|03|net"; nocase; ) # web.fe.up.pt [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000715; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|web|02|fe|02|up|02|pt"; nocase; ) # webcodepremium.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000716; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|webcodepremium|03|com"; nocase; ) # webhop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000717; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|webhop|03|net"; nocase; ) # webmailsvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000718; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|webmailsvr|03|com"; nocase; ) # webuysupplystore.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000719; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|webuysupplystore|04|mooo|03|com"; nocase; ) # weksrubaz.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000720; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|weksrubaz|02|ru"; nocase; ) # wewateikho.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000721; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wewateikho|04|ddns|03|net"; nocase; ) # whereareyoumyfriendff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000722; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|whereareyoumyfriendff|03|com"; nocase; ) # whoismistergreen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000723; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|whoismistergreen|03|com"; nocase; ) # wicked2016tour.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000724; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wicked2016tour|03|com"; nocase; ) # wiki-vaeit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000725; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wiki-vaeit|03|com"; nocase; ) # windows-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000726; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|windows-genuine|03|com"; nocase; ) # windows-spywarealert-cucwmpxvlfqfo2lpxgapsmccuy1yflsnjvtme.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000727; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|3a|windows-spywarealert-cucwmpxvlfqfo2lpxgapsmccuy1yflsnjvtme|02|co"; nocase; ) # windowscheckupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000728; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|windowscheckupdate|03|com"; nocase; ) # windowssecurityupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000729; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|windowssecurityupdate|03|com"; nocase; ) # windowsupdateserver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000730; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|windowsupdateserver|03|com"; nocase; ) # winfertrow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000731; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|winfertrow|03|com"; nocase; ) # winupdateos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000732; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|winupdateos|03|com"; nocase; ) # woevenglaref.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000733; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|woevenglaref|02|ru"; nocase; ) # worldairpost.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000734; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|worldairpost|03|net"; nocase; ) # worldmaprsh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000735; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|worldmaprsh|03|com"; nocase; ) # wucy08.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000736; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|wucy08|04|eicp|03|net"; nocase; ) # xezikalanre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000737; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|xezikalanre|03|com"; nocase; ) # xinxin20080628.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000738; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xinxin20080628|04|gicp|03|net"; nocase; ) # xlivehost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000739; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xlivehost|03|com"; nocase; ) # xponlineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000740; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xponlineupdate|03|com"; nocase; ) # xqirefjyjkcn7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000741; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xqirefjyjkcn7u|03|com"; nocase; ) # xxxpvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000742; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xxxpvideo|03|com"; nocase; ) # yahoo-profiles.uk.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000743; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|yahoo-profiles|02|uk|02|to"; nocase; ) # yo-analytics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000744; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|yo-analytics|03|com"; nocase; ) # ysaletoos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000745; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ysaletoos|03|com"; nocase; ) # ysims.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000746; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ysims|03|com"; nocase; ) # yvtvvibsp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000747; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|yvtvvibsp|03|com"; nocase; ) # yyouporn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000748; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|yyouporn|03|org"; nocase; ) # yyyyyyyyyyyyyhyh.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000749; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|yyyyyyyyyyyyyhyh|02|co|02|vu"; nocase; ) # zabeir5374hnotvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000750; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|tk"; nocase; ) # zabeirotvova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000751; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|cf"; nocase; ) # zhonte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000752; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|zhonte|03|org"; nocase; ) # zibond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000753; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|zibond|03|com"; nocase; ) # zivva007.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000754; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zivva007|04|ddns|03|net"; nocase; ) # zmgsales.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000755; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zmgsales|03|com"; nocase; ) # ztopp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000756; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ztopp|03|org"; nocase; ) # zudgunsh.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000757; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zudgunsh|03|xyz"; nocase; ) # zumo-alibabs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000758; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zumo-alibabs|03|com"; nocase; ) # zvovapeterda1.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000759; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|ml"; nocase; ) # 1845realty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000760; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|1845realty|03|com"; nocase; ) # 1uer3u9vttynxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000761; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|1uer3u9vttynxg|03|com"; nocase; ) # 1x1te0o878iponovyja8m87.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000762; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|1x1te0o878iponovyja8m87|04|ddns|03|net"; nocase; ) # 24videotur.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000763; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|24videotur|02|in|02|ua"; nocase; ) # 2d7.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000764; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|2d7|03|xyz"; nocase; ) # 2kjb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000765; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb7|03|net"; nocase; ) # 3dsecpay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000766; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|3dsecpay|03|com"; nocase; ) # 3h01.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000767; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|3h01|03|dwy|02|cc"; nocase; ) # 3hyun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000768; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|3hyun|03|com"; nocase; ) # 3jkd5papcfibqjwhipy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000769; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|3jkd5papcfibqjwhipy|04|ddns|03|net"; nocase; ) # 3tax5vmj3bep18uh5xmr5p5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000770; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|3tax5vmj3bep18uh5xmr5p5|04|ddns|03|net"; nocase; ) # 42k2b14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000771; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|42k2b14|03|net"; nocase; ) # 500.uk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000772; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|500|02|uk|03|com"; nocase; ) # 50cr587t3fur5xy6yvw4kxg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000773; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|50cr587t3fur5xy6yvw4kxg|04|ddns|03|net"; nocase; ) # 7619900.com.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000774; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|7619900|03|com|02|tw"; nocase; ) # 79fhdm16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000775; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|79fhdm16|03|com"; nocase; ) # 7bhm30bbmuul5t7r.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000776; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|7bhm30bbmuul5t7r|02|cf"; nocase; ) # 9jafoodnews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000777; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|9jafoodnews|03|com"; nocase; ) # a8377c5a7c390331b15c1df94fa745e38a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000778; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|a8377c5a7c390331b15c1df94fa745e38a|02|to"; nocase; ) # aabbuhugyfdesxcvo.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000779; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|cf"; nocase; ) # aabbuhugyfdesxcvo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000780; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|ga"; nocase; ) # aabbuhugyfdesxcvo.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000781; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|gq"; nocase; ) # aabbuhugyfdesxcvo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000782; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|ml"; nocase; ) # aabbuhugyfdesxcvo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000783; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|tk"; nocase; ) # aabcgukomotredcxi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000784; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|cf"; nocase; ) # aabdtuhugfredhoo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000785; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabdtuhugfredhoo|02|ga"; nocase; ) # aabeweddbhujkoge.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000786; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabeweddbhujkoge|02|cf"; nocase; ) # aabeweddbhujkoge.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000787; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabeweddbhujkoge|02|ml"; nocase; ) # aatradeshowconference.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000788; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|aatradeshowconference|03|net"; nocase; ) # abcdollar.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000789; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|abcdollar|04|mooo|03|com"; nocase; ) # abuhmaid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000790; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|abuhmaid|03|net"; nocase; ) # ad-servicestats.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000791; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ad-servicestats|03|net"; nocase; ) # adawareblock.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000792; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adawareblock|03|com"; nocase; ) # adeuplolo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000793; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|adeuplolo|03|org"; nocase; ) # adguard.name [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000794; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|adguard|04|name"; nocase; ) # adolfo196938.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000795; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adolfo196938|04|ddns|03|net"; nocase; ) # adultvideonn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000796; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adultvideonn|03|com"; nocase; ) # afkarehroshan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000797; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|afkarehroshan|03|com"; nocase; ) # againstarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000798; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|againstarticle|03|net"; nocase; ) # againstdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000799; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|againstdried|03|net"; nocase; ) # aginemkiroacus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000800; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|aginemkiroacus|04|ddns|03|net"; nocase; ) # ahalaymahalay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000801; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ahalaymahalay|03|com"; nocase; ) # ahbabe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000802; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ahbabe|03|com"; nocase; ) # ahlanmedicalcenter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000803; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ahlanmedicalcenter|03|com"; nocase; ) # ahyushkavovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000804; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|cf"; nocase; ) # ahyushkavovuzzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000805; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|ga"; nocase; ) # ahyushkavovuzzz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000806; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|gq"; nocase; ) # akasiamas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000807; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|akasiamas|03|com"; nocase; ) # aktogaasdvnovova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000808; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|tk"; nocase; ) # aktogavnovova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000809; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|ga"; nocase; ) # aktogavnovova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000810; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|tk"; nocase; ) # alexaspoteee.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000811; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|alexaspoteee|03|wha|02|la"; nocase; ) # alexsinden.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000812; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|alexsinden|02|co|02|uk"; nocase; ) # allfirdawhippet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000813; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|allfirdawhippet|03|com"; nocase; ) # alsyriac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000814; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|alsyriac|03|com"; nocase; ) # amateurzootube.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000815; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|amateurzootube|03|com"; nocase; ) # aniamaljam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000816; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|aniamaljam|03|com"; nocase; ) # anster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000817; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|anster|03|net"; nocase; ) # aoldaily.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000818; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|aoldaily|03|com"; nocase; ) # ap5todifwjspqp78kxs0e8k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000819; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|ap5todifwjspqp78kxs0e8k|04|ddns|03|net"; nocase; ) # apipiskavovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000820; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|cf"; nocase; ) # apipiskavovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000821; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|tk"; nocase; ) # apipiskavovujgf.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000822; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|gq"; nocase; ) # apporistale.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000823; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|apporistale|03|com"; nocase; ) # appvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000824; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|appvz|03|com"; nocase; ) # aquafresh.exe [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000825; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|aquafresh|03|exe"; nocase; ) # arabjostars.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000826; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|arabjostars|03|net"; nocase; ) # araishindiafoundation.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000827; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|araishindiafoundation|03|org"; nocase; ) # archimedus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000828; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|archimedus|03|com"; nocase; ) # arrrowelect.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000829; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|arrrowelect|03|com"; nocase; ) # arwahengo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000830; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|arwahengo|02|ru"; nocase; ) # aseaneco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000831; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|aseaneco|03|org"; nocase; ) # aseanm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000832; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|aseanm|03|com"; nocase; ) # aslfnsdifhsfdsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000833; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|aslfnsdifhsfdsa|03|com"; nocase; ) # assfdfrgfr.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000834; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|assfdfrgfr|02|co|02|vu"; nocase; ) # asthalproperties.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000835; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|asthalproperties|03|com"; nocase; ) # asus-service.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000836; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|asus-service|03|net"; nocase; ) # auvovumalenkiu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000837; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|ml"; nocase; ) # avdrygvovanemydak1.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000838; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|ml"; nocase; ) # avdrygvovanemydakaa.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000839; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|ga"; nocase; ) # avdrygvovanemydakzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000840; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakzz|02|ga"; nocase; ) # avdrygvovanemydakzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000841; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakzz|02|ml"; nocase; ) # avdrygvovanemydakzz3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000842; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakzz3|02|tk"; nocase; ) # avdrygvovanemyz88.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000843; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|cf"; nocase; ) # avdrygvovanemyz88.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000844; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|ga"; nocase; ) # avdrygvovanemyz88.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000845; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|ml"; nocase; ) # avovagomosek2.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000846; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|cf"; nocase; ) # avovakorova55.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000847; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovakorova55|02|ml"; nocase; ) # avovakusokgavnafg.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000848; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|ml"; nocase; ) # avovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000849; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|cf"; nocase; ) # avovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000850; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|ga"; nocase; ) # axs25xuo8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000851; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|axs25xuo8c|03|com"; nocase; ) # azurf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000852; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|azurf|03|org"; nocase; ) # azvdrygvovanemyz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000853; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|azvdrygvovanemyz|02|gq"; nocase; ) # baazsawetukovcsa.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000854; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|gq"; nocase; ) # bajsbdhxhbpmmiwoe0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000855; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bajsbdhxhbpmmiwoe0|03|com"; nocase; ) # baomoi.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000856; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|baomoi|04|vicp|02|cc"; nocase; ) # bbc-press.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000857; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbc-press|03|org"; nocase; ) # bbullgard.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000858; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbullgard|04|ddns|03|net"; nocase; ) # bestsexpositions.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000859; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bestsexpositions|03|com"; nocase; ) # betterbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000860; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|betterbutter|03|net"; nocase; ) # bettun.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000861; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bettun|03|com|02|ar"; nocase; ) # bijiaexhibition.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000862; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|bijiaexhibition|03|com"; nocase; ) # binjer.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000863; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|binjer|03|org"; nocase; ) # biocpl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000864; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|biocpl|03|org"; nocase; ) # bizzduniya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000865; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bizzduniya|03|com"; nocase; ) # blazinhosting.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000866; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|blazinhosting|03|net"; nocase; ) # bloombergloop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000867; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bloombergloop|03|biz"; nocase; ) # blyavovarealnogavno.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000868; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|cf"; nocase; ) # blyavovarealnogavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000869; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|ga"; nocase; ) # boblaktto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000870; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|boblaktto|03|com"; nocase; ) # boch256on1okvovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000871; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|cf"; nocase; ) # boch256on1okvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000872; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|gq"; nocase; ) # boganytuvovaiga.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000873; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|ga"; nocase; ) # bogenyvovailoh.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000874; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|cf"; nocase; ) # bogenyvovailoh.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000875; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|tk"; nocase; ) # bogev3ovaneu3dac3hnik.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000876; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|ml"; nocase; ) # bogevovaneudachnik.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000877; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|gq"; nocase; ) # bongoprom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000878; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bongoprom|03|com"; nocase; ) # bookmyname.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000879; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bookmyname|03|com"; nocase; ) # bracino.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000880; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bracino|03|org"; nocase; ) # brnlv-gv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000881; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|brnlv-gv|02|eu"; nocase; ) # buynewes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000882; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|buynewes|03|com"; nocase; ) # bvovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000883; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|cf"; nocase; ) # bvovapeterdass.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000884; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|tk"; nocase; ) # caidongrong.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000885; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|caidongrong|03|com"; nocase; ) # captainarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000886; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|captainarticle|03|net"; nocase; ) # catnew4u.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000887; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|catnew4u|04|work"; nocase; ) # ccid.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000888; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ccid|04|mooo|03|com"; nocase; ) # cfud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000889; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|cfud|03|biz"; nocase; ) # chackpoint.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000890; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chackpoint|02|ua"; nocase; ) # claimsback.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000891; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|claimsback|02|eu"; nocase; ) # clientalalaxp.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000892; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|clientalalaxp|02|mn"; nocase; ) # coalvi-cms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000893; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|coalvi-cms|03|com"; nocase; ) # cockblockingwhorecuntsnow.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000894; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|cockblockingwhorecuntsnow|02|ru"; nocase; ) # cognacbrown.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000895; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cognacbrown|02|co|02|uk"; nocase; ) # consumers-opinion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000896; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|consumers-opinion|03|com"; nocase; ) # continental-transitmail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000897; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|continental-transitmail|03|com"; nocase; ) # courageuni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000898; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|courageuni|03|org"; nocase; ) # cprnash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000899; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|cprnash|03|com"; nocase; ) # creativetrackers.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000900; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|creativetrackers|03|biz"; nocase; ) # crgchamber.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000901; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|crgchamber|03|com"; nocase; ) # cvovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000902; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|cf"; nocase; ) # cvovapeterdaga.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000903; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|cf"; nocase; ) # cyber-peace.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000904; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cyber-peace|03|org"; nocase; ) # daaserthupo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000905; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|ml"; nocase; ) # dabuhutregl.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000906; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|ml"; nocase; ) # dabuhutregl.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000907; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|tk"; nocase; ) # dailyinfonews.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000908; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dailyinfonews|03|net"; nocase; ) # dataspotlight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000909; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dataspotlight|03|net"; nocase; ) # deadfishup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000910; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|deadfishup|03|com"; nocase; ) # decidedried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000911; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|decidedried|03|net"; nocase; ) # decorstal.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000912; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|decorstal|02|pl"; nocase; ) # defaulttab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000913; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|defaulttab|03|com"; nocase; ) # delishop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000914; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|delishop|03|org"; nocase; ) # deohupivoco.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000915; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|deohupivoco|04|ddns|03|net"; nocase; ) # deshi.sex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000916; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|deshi|03|sex|03|com"; nocase; ) # det-sad-89.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000917; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|det-sad-89|02|ru"; nocase; ) # dippyasociados.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000918; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dippyasociados|03|com"; nocase; ) # directv-login.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000919; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|directv-login|04|info"; nocase; ) # divathemes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000920; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|divathemes|03|com"; nocase; ) # djdkduep62kz4nzx.onion.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000921; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|djdkduep62kz4nzx|05|onion|02|to"; nocase; ) # djuefehff.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000922; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|djuefehff|02|eu"; nocase; ) # dkilograzmvovuf3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000923; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|cf"; nocase; ) # dkilograzmvovuf3.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000924; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|ga"; nocase; ) # dljedue.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000925; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dljedue|02|eu"; nocase; ) # dll-host-udate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000926; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dll-host-udate|03|com"; nocase; ) # dll-host-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000927; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|dll-host-update|03|com"; nocase; ) # dnslocation.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000928; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dnslocation|04|info"; nocase; ) # dnsmm.bpa.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000929; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dnsmm|03|bpa|02|nu"; nocase; ) # document-fast-cloud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000930; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|document-fast-cloud|03|com"; nocase; ) # documentsecurestorage.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000931; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|documentsecurestorage|03|com"; nocase; ) # domob-inc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000932; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|domob-inc|02|cn"; nocase; ) # dontrplay.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000933; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dontrplay|02|tk"; nocase; ) # dotnetexplorer.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000934; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dotnetexplorer|04|info"; nocase; ) # dowelsobject.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000935; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|dowelsobject|03|com"; nocase; ) # downloadsservers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000936; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|downloadsservers|03|com"; nocase; ) # driblokan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000937; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|driblokan|03|net"; nocase; ) # drinkallsport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000938; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drinkallsport|03|com"; nocase; ) # drivers-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000939; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drivers-check|03|com"; nocase; ) # drivers-get.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000940; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|drivers-get|03|com"; nocase; ) # drivers-update-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000941; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|drivers-update-online|03|com"; nocase; ) # drivers.drp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000942; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|drivers|03|drp|02|su"; nocase; ) # drivres-update.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000943; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drivres-update|04|info"; nocase; ) # droveassociates.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000944; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|droveassociates|04|info"; nocase; ) # drygvovanemyd.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000945; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|cf"; nocase; ) # drygvovanemyd.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000946; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|ga"; nocase; ) # drygvovanemyd.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000947; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|ml"; nocase; ) # drygvovanemyda4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000948; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|gq"; nocase; ) # dsaj2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000949; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dsaj2a|03|com"; nocase; ) # dudmachineonto.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000950; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dudmachineonto|02|ru"; nocase; ) # dvmdownload.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000951; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dvmdownload|03|net"; nocase; ) # dydx69.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000952; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dydx69|04|ddns|03|net"; nocase; ) # e4w6irqxcj5p78c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000953; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|e4w6irqxcj5p78c|04|ddns|03|net"; nocase; ) # e8b1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000954; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|e8b1|02|tk"; nocase; ) # eaglesey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000955; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|eaglesey|03|com"; nocase; ) # eatuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000956; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|eatuo|03|com"; nocase; ) # echotec.asia [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000957; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|echotec|04|asia"; nocase; ) # ecloud86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000958; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud86|03|com"; nocase; ) # ecloud87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000959; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud87|03|com"; nocase; ) # ecloud91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000960; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud91|03|com"; nocase; ) # ecoh.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000961; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ecoh|04|oicp|03|net"; nocase; ) # economy.spdns.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000962; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|economy|05|spdns|02|de"; nocase; ) # ed3qy5yioryitoturysuiu.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000963; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|ed3qy5yioryitoturysuiu|04|otzo|03|com"; nocase; ) # edbaxterretail.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000964; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|edbaxterretail|02|co|02|uk"; nocase; ) # ediphis.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000965; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ediphis|02|fr"; nocase; ) # eholidays.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000966; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|eholidays|04|mooo|03|com"; nocase; ) # electricbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000967; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|electricbehind|03|net"; nocase; ) # electricbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000968; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|electricbutter|03|net"; nocase; ) # elicina.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000969; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|elicina|02|kz"; nocase; ) # ellismikepage.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000970; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ellismikepage|04|info"; nocase; ) # elorfans2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000971; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans2|03|com"; nocase; ) # elorfans3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000972; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans3|03|com"; nocase; ) # eltisc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000973; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|eltisc|03|net"; nocase; ) # email-market.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000974; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|email-market|02|ml"; nocase; ) # enisa-europa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000975; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|enisa-europa|03|com"; nocase; ) # envios-luno-sl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000976; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|envios-luno-sl|03|com"; nocase; ) # epicunitscan.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000977; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|epicunitscan|04|info"; nocase; ) # ermuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000978; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ermuz|03|com"; nocase; ) # esrioterf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000979; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|esrioterf|03|com"; nocase; ) # exploraromundo.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000980; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|exploraromundo|03|com|02|br"; nocase; ) # explorerdotnt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000981; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|explorerdotnt|04|info"; nocase; ) # expuytgh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000982; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|expuytgh|02|eu"; nocase; ) # factorygood.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000983; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|factorygood|03|net"; nocase; ) # familie-dr-hild.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000984; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|familie-dr-hild|02|de"; nocase; ) # fastestever.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000985; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fastestever|03|net"; nocase; ) # fcobook.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000986; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|fcobook|03|com"; nocase; ) # fdestrnounor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000987; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fdestrnounor|03|com"; nocase; ) # feredac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000988; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|feredac|03|com"; nocase; ) # ferko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000989; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ferko|03|org"; nocase; ) # fgfhbgdtgfhbdtghf.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000990; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fgfhbgdtgfhbdtghf|02|co|02|vu"; nocase; ) # fgfsgfsgfsgfs.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000991; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|fgfsgfsgfsgfs|02|co|02|vu"; nocase; ) # fgrfgrdetret.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000992; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fgrfgrdetret|02|co|02|vu"; nocase; ) # fifibabok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000993; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fifibabok|03|com"; nocase; ) # fighhard.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000994; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fighhard|04|mooo|03|com"; nocase; ) # fileblckr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000995; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fileblckr|03|com"; nocase; ) # film17tahun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000996; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|film17tahun|03|com"; nocase; ) # filmver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000997; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|filmver|03|com"; nocase; ) # fimzusoln.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000998; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fimzusoln|02|ru"; nocase; ) # finder777.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000999; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|finder777|03|com"; nocase; ) # flash-vip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|flash-vip|03|com"; nocase; ) # flierbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|flierbroad|03|net"; nocase; ) # flierbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|flierbutter|03|net"; nocase; ) # fliparray.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fliparray|03|com"; nocase; ) # flushdns.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|flushdns|04|info"; nocase; ) # flushupate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|flushupate|03|com"; nocase; ) # fohenroprab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fohenroprab|03|com"; nocase; ) # forgotten-deals.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|forgotten-deals|03|com"; nocase; ) # formsupdates.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|formsupdates|04|info"; nocase; ) # foroushi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|foroushi|03|net"; nocase; ) # frejabe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|frejabe|03|com"; nocase; ) # friendorenemy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|friendorenemy|03|biz"; nocase; ) # frontpage.dhis.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|frontpage|04|dhis|03|org"; nocase; ) # frookze.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|frookze|04|ddns|03|net"; nocase; ) # ftdeveloppromo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ftdeveloppromo|03|com"; nocase; ) # fteoplle.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fteoplle|02|co|02|vu"; nocase; ) # funnyinvoiceorg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|funnyinvoiceorg|03|com"; nocase; ) # g-a.paris [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|g-a|05|paris"; nocase; ) # g1osp1odin1ytui1dayn1vova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|ga"; nocase; ) # gamani0001.url.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|gamani0001|03|url|02|ph"; nocase; ) # gamecheck432.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gamecheck432|04|mooo|03|com"; nocase; ) # garbux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|garbux|03|com"; nocase; ) # gatherbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gatherbroad|03|net"; nocase; ) # gatherbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gatherbutter|03|net"; nocase; ) # gatherunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gatherunderstand|03|net"; nocase; ) # gavnuwkavova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|gq"; nocase; ) # gayzoosex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|gayzoosex|03|net"; nocase; ) # gbbond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gbbond|03|com"; nocase; ) # gds520.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gds520|03|com"; nocase; ) # gecoohocalifluw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gecoohocalifluw|04|ddns|03|net"; nocase; ) # geevheuqsemaif.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|geevheuqsemaif|04|ddns|03|net"; nocase; ) # gelun-posak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gelun-posak|03|com"; nocase; ) # genuineservicecheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|genuineservicecheck|03|com"; nocase; ) # gislat2for8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gislat2for8|03|com"; nocase; ) # giveitalltheresqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|giveitalltheresqq|03|com"; nocase; ) # gladi-toriusa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gladi-toriusa|03|com"; nocase; ) # glassesftous.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|glassesftous|03|com"; nocase; ) # globalmailru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|globalmailru|03|com"; nocase; ) # goihang.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|goihang|04|vicp|03|net"; nocase; ) # goldadpremium.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|goldadpremium|03|com"; nocase; ) # golokird.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|golokird|03|com"; nocase; ) # goodmongol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|goodmongol|03|com"; nocase; ) # goodugojps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|goodugojps|03|com"; nocase; ) # google-adsens.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|google-adsens|03|com"; nocase; ) # google-ana1ytics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|google-ana1ytics|03|com"; nocase; ) # googlecombq6xx.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|googlecombq6xx|04|ddns|03|net"; nocase; ) # googleproductupdate.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|googleproductupdate|03|net"; nocase; ) # gospodinytuidaynvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|gq"; nocase; ) # govdelivery.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|govdelivery|03|com"; nocase; ) # gowin7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gowin7|03|com"; nocase; ) # greateplan.ocry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|greateplan|04|ocry|03|com"; nocase; ) # greta.ikwb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|greta|04|ikwb|03|com"; nocase; ) # gtfoods.com.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gtfoods|03|com|02|ru"; nocase; ) # gujarat-overseas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gujarat-overseas|03|com"; nocase; ) # gwas.perl.sh [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|gwas|04|perl|02|sh"; nocase; ) # h3yiloavovka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|h3yiloavovka|02|ga"; nocase; ) # haaxicuconx.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|haaxicuconx|04|ddns|03|net"; nocase; ) # hackmakers.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hackmakers|04|ddns|03|net"; nocase; ) # haerbugoviosmu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|haerbugoviosmu|04|ddns|03|net"; nocase; ) # havakhosh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|havakhosh|03|com"; nocase; ) # healthslie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|healthslie|03|com"; nocase; ) # hellmaza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hellmaza|03|com"; nocase; ) # hetonshanver.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hetonshanver|02|ru"; nocase; ) # historybeside.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|historybeside|03|net"; nocase; ) # hogangreece.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hogangreece|03|com"; nocase; ) # hokydisma.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hokydisma|03|xyz"; nocase; ) # holisak-tasek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holisak-tasek|03|com"; nocase; ) # holodpvovocs4hka23.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|ml"; nocase; ) # holodpvovocs4hka23.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|tk"; nocase; ) # horologecom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|horologecom|03|net"; nocase; ) # hostns222777.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hostns222777|03|com"; nocase; ) # hotmailcontact.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|hotmailcontact|03|net"; nocase; ) # hufuqzyilaru.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hufuqzyilaru|02|kz"; nocase; ) # hunoikuxibi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hunoikuxibi|04|ddns|03|net"; nocase; ) # huoxu.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|huoxu|02|me"; nocase; ) # hyhyhyhrtgrt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hyhyhyhrtgrt|02|co|02|vu"; nocase; ) # hysotasl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hysotasl|03|com"; nocase; ) # iamthewinnerhere.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iamthewinnerhere|03|com"; nocase; ) # ibc4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ibc4d|03|com"; nocase; ) # icecloud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|icecloud|03|biz"; nocase; ) # iequemagnusbucks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iequemagnusbucks|03|com"; nocase; ) # img02.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|img02|04|mooo|03|com"; nocase; ) # in-iapple.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|in-iapple|03|org"; nocase; ) # ineltdriver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ineltdriver|03|com"; nocase; ) # inf1nix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|inf1nix|03|com"; nocase; ) # info.imly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|info|04|imly|03|org"; nocase; ) # infofinaciale8h.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|infofinaciale8h|02|ru"; nocase; ) # infowinboth.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|infowinboth|04|ddns|03|net"; nocase; ) # inocnation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|inocnation|03|com"; nocase; ) # intelsupport.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|intelsupport|03|net"; nocase; ) # internet-security2013.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|internet-security2013|03|com"; nocase; ) # intexpressform.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|intexpressform|03|com"; nocase; ) # invoicelibrary.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|invoicelibrary|03|com"; nocase; ) # invoiceseclib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|invoiceseclib|03|com"; nocase; ) # iphonenewsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|iphonenewsd|02|co|02|vu"; nocase; ) # iqjlyjxplidpbbpuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|iqjlyjxplidpbbpuh|03|com"; nocase; ) # irishjuice.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|irishjuice|02|su"; nocase; ) # islandmetalworks.co.ke [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|islandmetalworks|02|co|02|ke"; nocase; ) # istinuskazat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|istinuskazat|03|com"; nocase; ) # it885.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|it885|03|com|02|cn"; nocase; ) # itemagic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|itemagic|03|net"; nocase; ) # j0lodbsnafz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|j0lodbsnafz|03|com"; nocase; ) # jabruslan.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|jabruslan|04|noip|02|me"; nocase; ) # jackropely.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jackropely|03|org"; nocase; ) # japangmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|japangmt|03|net"; nocase; ) # jaxgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jaxgd|03|com"; nocase; ) # jhska.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jhska|05|cable|02|nu"; nocase; ) # jimmymorisonguitars.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|jimmymorisonguitars|03|com"; nocase; ) # jnndj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jnndj|03|com"; nocase; ) # johnmiheventim.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|johnmiheventim|02|ru"; nocase; ) # juraganht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|juraganht|03|com"; nocase; ) # justskill.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|justskill|02|su"; nocase; ) # k2aninsrc0mtqj3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|k2aninsrc0mtqj3|04|ddns|03|net"; nocase; ) # k2t6i2yeodm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2t6i2yeodm|03|biz"; nocase; ) # k3apriz4ylkaz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|k3apriz4ylkaz|02|ga"; nocase; ) # kakoi5getulo5hvov5a.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|ml"; nocase; ) # kakoigetulohvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kakoigetulohvova|02|tk"; nocase; ) # kaprizylka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|gq"; nocase; ) # karlsadovnik75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|karlsadovnik75|03|com"; nocase; ) # karlsamochux2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|karlsamochux2|03|com"; nocase; ) # karlsasyxushee75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|karlsasyxushee75|03|com"; nocase; ) # kazsdcktusvovu34.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kazsdcktusvovu34|02|ml"; nocase; ) # kazsdcktusvovu34.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kazsdcktusvovu34|02|tk"; nocase; ) # kesedrathow.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kesedrathow|02|ru"; nocase; ) # kiana.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kiana|03|com"; nocase; ) # kilogramvovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|cf"; nocase; ) # kilogramvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|gq"; nocase; ) # kilogramvovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|tk"; nocase; ) # klixoprend.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|klixoprend|03|com"; nocase; ) # kpddkeeded.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|tk"; nocase; ) # krbewsoiitaciki2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|krbewsoiitaciki2s|03|com"; nocase; ) # kruptcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kruptcy|03|com"; nocase; ) # kysochekvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kysochekvovu|02|ml"; nocase; ) # laminat-classen.by [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|laminat-classen|02|by"; nocase; ) # landors.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|landors|03|org"; nocase; ) # laptop-hub.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|laptop-hub|02|in"; nocase; ) # largeangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|largeangry|03|net"; nocase; ) # largebutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|largebutter|03|net"; nocase; ) # lasttrainforest.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|lasttrainforest|03|com"; nocase; ) # led3dddga4xgj44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|led3dddga4xgj44|03|com"; nocase; ) # lehnjb.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|lehnjb|04|epac|02|to"; nocase; ) # letrasnick.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|letrasnick|03|com"; nocase; ) # letskype.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|letskype|03|net"; nocase; ) # lifehealthsanfrancisco2015.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1a|lifehealthsanfrancisco2015|03|com"; nocase; ) # lilydaleponyclub.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|lilydaleponyclub|03|com|02|au"; nocase; ) # linode.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|linode|03|com"; nocase; ) # lkdsjfdsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lkdsjfdsd|02|co|02|vu"; nocase; ) # lkjhgfdsa03.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lkjhgfdsa03|03|xyz"; nocase; ) # loawelis.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|loawelis|03|org"; nocase; ) # login-osce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|login-osce|03|org"; nocase; ) # loliqooq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|loliqooq|04|ddns|03|net"; nocase; ) # longcold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|longcold|03|net"; nocase; ) # lvzyjwj1fakh55i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|lvzyjwj1fakh55i|03|com"; nocase; ) # m2d4berdzej8x1o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2d4berdzej8x1o|04|info"; nocase; ) # m2w9c4qaqdj8x1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2w9c4qaqdj8x1o|03|net"; nocase; ) # mae2d2tejdt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mae2d2tejdt|04|info"; nocase; ) # magalyamaya.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|magalyamaya|04|mooo|03|com"; nocase; ) # malwarecheck.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|malwarecheck|04|info"; nocase; ) # manasjob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|manasjob|03|com"; nocase; ) # manterinvoice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|manterinvoice|03|com"; nocase; ) # manushiyoga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|manushiyoga|03|com"; nocase; ) # manydocsfastrack.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|manydocsfastrack|03|com"; nocase; ) # market155.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|market155|02|ru"; nocase; ) # marubir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|marubir|03|com"; nocase; ) # masters-traffic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|masters-traffic|03|com"; nocase; ) # mediacontent.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mediacontent|02|us"; nocase; ) # mediacontent3.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|mediacontent3|02|us"; nocase; ) # meevehdar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|meevehdar|03|com"; nocase; ) # mega5checker.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mega5checker|04|mooo|03|com"; nocase; ) # membermaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|membermaster|03|net"; nocase; ) # memr.oxti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|memr|04|oxti|03|org"; nocase; ) # metobmo.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|metobmo|03|xyz"; nocase; ) # microloule461softc1pol361.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|microloule461softc1pol361|03|com"; nocase; ) # microsoft-outlook.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoft-outlook|03|org"; nocase; ) # microsoftactiveservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|microsoftactiveservices|03|com"; nocase; ) # microsoftmiddleast.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|microsoftmiddleast|03|com"; nocase; ) # microsoftupdate.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|microsoftupdate|02|co|02|vu"; nocase; ) # microsoftwindowsresources.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|microsoftwindowsresources|03|com"; nocase; ) # mike0147.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mike0147|04|ddns|03|net"; nocase; ) # milsatcom.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|milsatcom|02|us"; nocase; ) # mind-finder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mind-finder|03|com"; nocase; ) # mixedwork.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mixedwork|03|com"; nocase; ) # mlfjcjssl.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mlfjcjssl|04|gicp|03|net"; nocase; ) # mm523.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mm523|03|net"; nocase; ) # mno80.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mno80|03|dwy|02|cc"; nocase; ) # mno995.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mno995|03|dwy|02|cc"; nocase; ) # mol-government.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mol-government|03|com"; nocase; ) # monogera.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|monogera|03|com"; nocase; ) # moskalvtumane.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|moskalvtumane|03|com"; nocase; ) # ms-software-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|ms-software-check|03|com"; nocase; ) # ms-software-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|ms-software-genuine|03|com"; nocase; ) # msgenuine.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|msgenuine|03|net"; nocase; ) # msnserver.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|msnserver|04|ddns|02|us"; nocase; ) # msonlinecheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|msonlinecheck|03|com"; nocase; ) # msonlineget.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|msonlineget|03|com"; nocase; ) # mtrealm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|mtrealm|04|ddns|03|net"; nocase; ) # muarocavhaqe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|muarocavhaqe|04|ddns|03|net"; nocase; ) # mydocumentsholder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|mydocumentsholder|03|com"; nocase; ) # mymama.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mymama|04|oicp|03|net"; nocase; ) # mystoredoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mystoredoc|03|com"; nocase; ) # nabzerd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nabzerd|02|co|02|vu"; nocase; ) # namille.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|namille|03|org"; nocase; ) # nasdaqblog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nasdaqblog|03|net"; nocase; ) # neotoexplorechicago.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|neotoexplorechicago|03|net"; nocase; ) # new-driver-upgrade.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|new-driver-upgrade|03|com"; nocase; ) # neyetta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|neyetta|03|com"; nocase; ) # nightangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nightangry|03|net"; nocase; ) # ninghaprewrof.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ninghaprewrof|02|ru"; nocase; ) # nomeatea.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nomeatea|05|space"; nocase; ) # noproblemslove.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|noproblemslove|03|com"; nocase; ) # notleftrofugh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|notleftrofugh|02|ru"; nocase; ) # novinitie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|novinitie|03|com"; nocase; ) # np3.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|np3|04|jkub|03|com"; nocase; ) # nsa.gov [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|nsa|03|gov"; nocase; ) # nskupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nskupdate|03|com"; nocase; ) # nt-windows-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|nt-windows-check|03|com"; nocase; ) # nt-windows-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nt-windows-online|03|com"; nocase; ) # nyrtazolas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nyrtazolas|03|com"; nocase; ) # nytuvo123vaigavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|ga"; nocase; ) # nytuvo123vaigavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|gq"; nocase; ) # nytuvovaigavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|nytuvovaigavno|02|ml"; nocase; ) # o5dec1berdn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5dec1berdn|04|info"; nocase; ) # o5o8c1berdn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5o8c1berdn|03|net"; nocase; ) # oay4vbx7dfe8s1v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oay4vbx7dfe8s1v|03|net"; nocase; ) # obstipatie.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|obstipatie|02|nu"; nocase; ) # odmwooyyfoysnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|odmwooyyfoysnc|03|com"; nocase; ) # office-revision.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|office-revision|03|com"; nocase; ) # official-uploads.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|official-uploads|03|com"; nocase; ) # oldfirefox.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|oldfirefox|02|su"; nocase; ) # onlink.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|onlink|04|epac|02|to"; nocase; ) # opjis123.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|opjis123|04|ddns|03|net"; nocase; ) # osce-oscc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|osce-oscc|03|org"; nocase; ) # osce-press.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|osce-press|03|org"; nocase; ) # osgenuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|osgenuine|03|com"; nocase; ) # outlookexchange.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|outlookexchange|03|net"; nocase; ) # outlookscansafe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|outlookscansafe|03|net"; nocase; ) # oxda13oess.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|oxda13oess|03|com"; nocase; ) # pallodare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pallodare|03|com"; nocase; ) # palmeretas.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|palmeretas|03|com|02|ar"; nocase; ) # pasnirthland.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pasnirthland|03|com"; nocase; ) # patriotp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|patriotp|03|com"; nocase; ) # pavlov.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pavlov|03|xyz"; nocase; ) # paypolik.esy.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|paypolik|03|esy|02|es"; nocase; ) # pdfviewapp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pdfviewapp|03|com"; nocase; ) # perutrilhainca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|perutrilhainca|03|com"; nocase; ) # pianolessons.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pianolessons|02|co|02|vu"; nocase; ) # pingserver.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pingserver|04|info"; nocase; ) # play-mob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|play-mob|03|org"; nocase; ) # playboysplus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|playboysplus|03|com"; nocase; ) # plushbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|plushbr|03|com"; nocase; ) # pndrdbgijushci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pndrdbgijushci|03|com"; nocase; ) # pnoc-ec.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|pnoc-ec|04|vicp|03|net"; nocase; ) # podvigtitanika.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|podvigtitanika|03|com"; nocase; ) # pokerseru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pokerseru|03|com"; nocase; ) # poly-poly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|poly-poly|03|net"; nocase; ) # pornflashvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pornflashvideo|03|com"; nocase; ) # pornodrome.tv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001256; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornodrome|02|tv"; nocase; ) # pornomos.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001257; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pornomos|02|ru"; nocase; ) # pos-softwareupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001258; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pos-softwareupdate|03|com"; nocase; ) # pqwmotleodoriw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001259; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pqwmotleodoriw|03|net"; nocase; ) # pratikconsultancy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001260; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|pratikconsultancy|03|com"; nocase; ) # pressmil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001261; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pressmil|03|com"; nocase; ) # prince24.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001262; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prince24|04|ddns|03|net"; nocase; ) # prismagot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001263; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|prismagot|02|eu"; nocase; ) # projawor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001264; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|projawor|03|net"; nocase; ) # prosoknf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001265; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prosoknf|03|com"; nocase; ) # prosto24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001266; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prosto24|03|net"; nocase; ) # psiphone3.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001267; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|psiphone3|04|noip|02|me"; nocase; ) # punam.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001268; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|punam|02|in"; nocase; ) # q0yfy052w2ihkjox1nsp5n3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001269; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|q0yfy052w2ihkjox1nsp5n3|04|ddns|03|net"; nocase; ) # qemyxsdigi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001270; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|qemyxsdigi|04|info"; nocase; ) # qfwd7x38abyje0mrormjyd5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001271; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|qfwd7x38abyje0mrormjyd5|04|ddns|03|net"; nocase; ) # qoog1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001272; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|qoog1e|03|com"; nocase; ) # quartlet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001273; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|quartlet|03|com"; nocase; ) # quick-net.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001274; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|quick-net|04|info"; nocase; ) # quietbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001275; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|quietbehind|03|net"; nocase; ) # qularivafou.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001276; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|qularivafou|04|ddns|03|net"; nocase; ) # ra1nru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001277; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ra1nru|03|com"; nocase; ) # rapidmemorylink.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001278; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rapidmemorylink|03|com"; nocase; ) # rearmheadfire.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001279; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rearmheadfire|03|com"; nocase; ) # rebledughid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001280; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rebledughid|03|com"; nocase; ) # recordbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001281; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|recordbehind|03|net"; nocase; ) # recordbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001282; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|recordbroad|03|net"; nocase; ) # recorddried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001283; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|recorddried|03|net"; nocase; ) # redesparda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001284; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|redesparda|03|com"; nocase; ) # refherssuce.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001285; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|refherssuce|02|ru"; nocase; ) # religion.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001286; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|religion|04|xicp|03|net"; nocase; ) # relom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001287; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|relom|03|org"; nocase; ) # rendercodec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001288; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rendercodec|04|info"; nocase; ) # reparalia.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001289; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|reparalia|02|es"; nocase; ) # residenciasil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001290; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|residenciasil|03|com"; nocase; ) # resqdocsfirm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001291; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|resqdocsfirm|03|com"; nocase; ) # retrett.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001292; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|retrett|02|co|02|vu"; nocase; ) # rhebrisaf.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001293; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|rhebrisaf|03|xyz"; nocase; ) # ria-ru.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001294; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ria-ru|04|xicp|03|net"; nocase; ) # rinheckguny.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001295; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rinheckguny|02|ru"; nocase; ) # riusdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001296; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|riusdu|03|com"; nocase; ) # rmdszms.ro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001297; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|rmdszms|02|ro"; nocase; ) # rocklandleasing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001298; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rocklandleasing|03|com"; nocase; ) # rosupletwas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001299; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rosupletwas|03|com"; nocase; ) # rqxba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001300; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|rqxba|03|com"; nocase; ) # rxxiaoao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001301; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|rxxiaoao|03|com"; nocase; ) # rzal.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001302; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|rzal|02|pl"; nocase; ) # s2simsdor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001303; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|s2simsdor|03|com"; nocase; ) # samsung-update.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001304; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|samsung-update|03|net"; nocase; ) # sandvicaa.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001305; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sandvicaa|02|pw"; nocase; ) # sarawork.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001306; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|sarawork|02|io"; nocase; ) # savepic.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001307; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|savepic|02|su"; nocase; ) # scanmalware.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001308; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|scanmalware|04|info"; nocase; ) # scara123.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001309; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|scara123|03|com"; nocase; ) # scorpyofilms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001310; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|scorpyofilms|03|com"; nocase; ) # scvhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001311; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|scvhost|03|com"; nocase; ) # sdfochekvovu4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001312; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|tk"; nocase; ) # seasonbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001313; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seasonbehind|03|net"; nocase; ) # security.hpe.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001314; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|security|03|hpe|02|tw"; nocase; ) # securityserviceauto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001315; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|securityserviceauto|03|com"; nocase; ) # sentracatering.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001316; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|sentracatering|03|com"; nocase; ) # serfilefnom.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001317; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|serfilefnom|02|ru"; nocase; ) # serveflash.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001318; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|serveflash|04|info"; nocase; ) # sherkatkonandeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001319; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sherkatkonandeh|03|com"; nocase; ) # shivue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001320; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|shivue|03|org"; nocase; ) # shmetterheath.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001321; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|shmetterheath|02|ru"; nocase; ) # signin-verify.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001322; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|signin-verify|03|com"; nocase; ) # skinder-chatcast-topcat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001323; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|skinder-chatcast-topcat|03|net"; nocase; ) # smart-access.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001324; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|smart-access|03|net"; nocase; ) # smoothmovin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001325; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smoothmovin|03|com"; nocase; ) # smtp.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001326; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|smtp|02|gq"; nocase; ) # soft.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001327; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|soft|04|epac|02|to"; nocase; ) # sony36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001328; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|sony36|03|com"; nocase; ) # soqda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001329; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|soqda|03|com"; nocase; ) # spacewing1.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001330; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|spacewing1|04|vicp|02|cc"; nocase; ) # sptc.co.sz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001331; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|sptc|02|co|02|sz"; nocase; ) # squarestripe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001332; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|squarestripe|03|com"; nocase; ) # srv112-237-186-93.vk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001333; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|srv112-237-186-93|02|vk|03|com"; nocase; ) # ssl-vait.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001334; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ssl-vait|03|com"; nocase; ) # sslmails.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001335; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|sslmails|03|com"; nocase; ) # starpowerss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001336; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|starpowerss|03|com"; nocase; ) # start-vedioing.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001337; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|start-vedioing|03|net"; nocase; ) # stonehoof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001338; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stonehoof|03|com"; nocase; ) # su.noip.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001339; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|su|04|noip|02|us"; nocase; ) # super-cpu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001340; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|super-cpu|03|net"; nocase; ) # support-appstore.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001341; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|support-appstore|03|net"; nocase; ) # susdrego.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001342; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|susdrego|03|xyz"; nocase; ) # svars-sta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001343; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|svars-sta|03|com"; nocase; ) # svchost-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001344; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|svchost-online|03|com"; nocase; ) # svpportoffice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001345; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|svpportoffice|03|com"; nocase; ) # swissprox.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001346; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|swissprox|02|eu"; nocase; ) # swupdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001347; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|swupdt|03|com"; nocase; ) # sykavovaloh.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001348; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|ml"; nocase; ) # sykavovalohzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001349; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|ml"; nocase; ) # sykavovalohzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001350; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|tk"; nocase; ) # tabidzuwek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001351; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tabidzuwek|03|com"; nocase; ) # tahimoteev.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001352; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tahimoteev|04|ddns|03|net"; nocase; ) # tajjquartet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001353; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tajjquartet|03|com"; nocase; ) # taking-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001354; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|taking-technology|03|com"; nocase; ) # talahedtug.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001355; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|talahedtug|02|ru"; nocase; ) # tamgusyam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001356; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tamgusyam|03|com"; nocase; ) # tanhadhidown.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001357; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tanhadhidown|02|ru"; nocase; ) # techasiamusicsvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001358; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|techasiamusicsvr|03|com"; nocase; ) # techcruncln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001359; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|techcruncln|03|com"; nocase; ) # techine.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001360; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|techine|04|info"; nocase; ) # technicserv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001361; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|technicserv|03|com"; nocase; ) # teenland.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001362; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|teenland|03|biz"; nocase; ) # teenslutsporn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001363; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|teenslutsporn|03|com"; nocase; ) # teensreal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001364; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|teensreal|03|com"; nocase; ) # teever.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001365; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|teever|02|mn"; nocase; ) # telegram-apps.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001366; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|telegram-apps|03|org"; nocase; ) # telesport.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001367; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|telesport|04|mooo|03|com"; nocase; ) # teoslim.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001368; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|teoslim|02|cf"; nocase; ) # tequeryomuch.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001369; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tequeryomuch|05|space"; nocase; ) # thebeautythesis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001370; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|thebeautythesis|03|com"; nocase; ) # thedancingbutterfly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001371; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|thedancingbutterfly|03|com"; nocase; ) # thevangog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001372; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|thevangog|03|com"; nocase; ) # thoughtmaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001373; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|thoughtmaster|03|net"; nocase; ) # timechk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001374; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk1|03|net"; nocase; ) # timechk10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001375; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk10|03|net"; nocase; ) # timechk11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001376; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|net"; nocase; ) # timechk12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001377; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk12|03|com"; nocase; ) # timechk12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001378; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk12|03|net"; nocase; ) # timechk13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001379; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk13|03|net"; nocase; ) # timechk14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001380; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk14|03|com"; nocase; ) # timechk16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001381; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk16|03|net"; nocase; ) # timechk18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001382; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk18|03|com"; nocase; ) # timechk21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001383; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk21|03|com"; nocase; ) # timechk23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001384; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|net"; nocase; ) # timechk28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001385; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk28|03|net"; nocase; ) # timechk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001386; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|net"; nocase; ) # timechk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001387; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk7|03|org"; nocase; ) # timechk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001388; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|com"; nocase; ) # timechk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001389; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|org"; nocase; ) # tixufaheurvo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001390; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tixufaheurvo|04|ddns|03|net"; nocase; ) # tonecarighthe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001391; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tonecarighthe|02|ru"; nocase; ) # tontuldverbab.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001392; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tontuldverbab|02|ru"; nocase; ) # topcomfort.com.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001393; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|topcomfort|03|com|02|ua"; nocase; ) # tor-projects.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001394; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tor-projects|03|org"; nocase; ) # tornishineynarkkek2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001395; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|tornishineynarkkek2|03|org"; nocase; ) # tqadnvxgppn1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001396; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tqadnvxgppn1|03|com"; nocase; ) # trader562.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001397; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|trader562|03|com"; nocase; ) # transkf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001398; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|transkf|02|tk"; nocase; ) # tropiccritics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001399; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tropiccritics|03|com"; nocase; ) # trysuvovki.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001400; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|ga"; nocase; ) # trysuvovki.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001401; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|ml"; nocase; ) # trysuvovki.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001402; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|tk"; nocase; ) # tsvswququsamqaqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001403; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|tsvswququsamqaqq|03|net"; nocase; ) # tw252.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001404; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tw252|04|gicp|03|net"; nocase; ) # udebliena.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001405; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|udebliena|04|ddns|03|net"; nocase; ) # uityiuetyruieytreuiyt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001406; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|uityiuetyruieytreuiyt|02|co|02|vu"; nocase; ) # uizizthesocialmediaguide.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001407; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|uizizthesocialmediaguide|03|net"; nocase; ) # ukwoubapgi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001408; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ukwoubapgi|04|ddns|03|net"; nocase; ) # uldhowhedtca.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001409; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|uldhowhedtca|02|ru"; nocase; ) # unionnewsreport.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001410; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|unionnewsreport|03|net"; nocase; ) # upay360.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001411; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|upay360|02|cn"; nocase; ) # uppcl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001412; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uppcl|03|org"; nocase; ) # use.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001413; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|use|04|mooo|03|com"; nocase; ) # ustradecomp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001414; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ustradecomp|03|com"; nocase; ) # uygur.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001415; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uygur|04|eicp|03|net"; nocase; ) # vabuibofqouxog.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001416; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vabuibofqouxog|04|ddns|03|net"; nocase; ) # vdrygvovanemydak55.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001417; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak55|02|ml"; nocase; ) # vdrygvovanemydak77.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001418; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|ga"; nocase; ) # vdrygvovanemydak77.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001419; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|ml"; nocase; ) # vebiabipkilo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001420; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vebiabipkilo|04|ddns|03|net"; nocase; ) # veetdohi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001421; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|veetdohi|02|ru"; nocase; ) # venitial.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001422; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|venitial|03|org"; nocase; ) # veret-sapan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001423; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|veret-sapan|03|com"; nocase; ) # verifiedcamslive.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001424; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|verifiedcamslive|03|com"; nocase; ) # vesm-arast.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001425; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|vesm-arast|03|com"; nocase; ) # videosfero.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001426; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|videosfero|02|ru"; nocase; ) # videosk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001427; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|videosk|04|info"; nocase; ) # videoskype.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001428; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|videoskype|02|ru"; nocase; ) # videoupdates.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001429; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|videoupdates|03|org"; nocase; ) # vidxx.mobi [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001430; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|vidxx|04|mobi"; nocase; ) # villhassgom.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001431; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|villhassgom|03|xyz"; nocase; ) # viplenta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001432; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|viplenta|03|com"; nocase; ) # viprainru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001433; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|viprainru|03|com"; nocase; ) # viprambler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001434; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|viprambler|03|com"; nocase; ) # vircheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001435; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vircheck|03|com"; nocase; ) # vomsg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001436; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|vomsg|03|com"; nocase; ) # vovapizdadolboeb.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001437; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapizdadolboeb|02|cf"; nocase; ) # vovapro100gandon.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001438; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapro100gandon|02|ml"; nocase; ) # vovegarfdghhtom.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001439; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|ga"; nocase; ) # vovegarfdghhtom.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001440; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|ml"; nocase; ) # vovegaryackoletom.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001441; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|ga"; nocase; ) # vovegaryackoletom.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001442; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|tk"; nocase; ) # voveholodnozimoi.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001443; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|tk"; nocase; ) # vovenehuevotak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001444; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|cf"; nocase; ) # vovewegdfnozimoi.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001445; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|tk"; nocase; ) # vsdylqjfrdqaxzyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001446; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vsdylqjfrdqaxzyd|03|com"; nocase; ) # vucjunrhckgaiyae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001447; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vucjunrhckgaiyae|03|com"; nocase; ) # w6ujkjax343r1t3lq4o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001448; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|w6ujkjax343r1t3lq4o|04|ddns|03|net"; nocase; ) # walkingdead32.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001449; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|walkingdead32|02|ru"; nocase; ) # walterclean.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001450; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|walterclean|03|com"; nocase; ) # wastolddinghes.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001451; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wastolddinghes|02|ru"; nocase; ) # we11point.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001452; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|we11point|03|com"; nocase; ) # weekend-service.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001453; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|weekend-service|03|com"; nocase; ) # wellpoint.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001454; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|wellpoint|03|net"; nocase; ) # wellsfargoemail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001455; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|wellsfargoemail|03|com"; nocase; ) # wereldpas-2016.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001456; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wereldpas-2016|02|nl"; nocase; ) # wessexwarriors.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001457; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wessexwarriors|02|co|02|uk"; nocase; ) # wfe23x16e4khat5vgxo0s8s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001458; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wfe23x16e4khat5vgxo0s8s|04|ddns|03|net"; nocase; ) # whoknowsshitheadforyoutoudrunkfuckyou.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001459; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|25|whoknowsshitheadforyoutoudrunkfuckyou|02|co|02|vu"; nocase; ) # whotwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001460; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|whotwi|03|com"; nocase; ) # windowscentralupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001461; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|windowscentralupdate|03|com"; nocase; ) # wink.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001462; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|wink|02|ws"; nocase; ) # wins-driver-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001463; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wins-driver-check|03|com"; nocase; ) # wins-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001464; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wins-update|03|com"; nocase; ) # wlytono6mjedgl1ro41pcj7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001465; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wlytono6mjedgl1ro41pcj7|04|ddns|03|net"; nocase; ) # wm.ggpw.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001466; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|wm|04|ggpw|02|pw"; nocase; ) # womanpresident.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001467; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|womanpresident|03|net"; nocase; ) # wondertechmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001468; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wondertechmy|03|com"; nocase; ) # wtoykfedxrmujcvsalhqipz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001469; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wtoykfedxrmujcvsalhqipz|03|net"; nocase; ) # wunslewi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001470; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wunslewi|03|xyz"; nocase; ) # wuzu520.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001471; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|wuzu520|03|com"; nocase; ) # www.dicoz.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001472; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|05|dicoz|02|fr"; nocase; ) # www.yunw.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001473; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|yunw|03|top"; nocase; ) # wwwsexvidio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001474; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wwwsexvidio|03|com"; nocase; ) # wx.iosyy.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001475; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|wx|05|iosyy|02|me"; nocase; ) # xa.yimg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001476; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|xa|04|yimg|03|com"; nocase; ) # xha-mster.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001477; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xha-mster|03|com"; nocase; ) # xmailliwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001478; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xmailliwx|03|com"; nocase; ) # xmoqu38hasdf0opw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001479; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|xmoqu38hasdf0opw|03|com"; nocase; ) # xnanomailing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001480; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|xnanomailing|03|com"; nocase; ) # xxxmobiletubez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001481; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xxxmobiletubez|03|com"; nocase; ) # xyyk01.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001482; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|xyyk01|04|gicp|03|net"; nocase; ) # y3aaa48a7056d7075c3760cdbd90a75b8f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001483; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|y3aaa48a7056d7075c3760cdbd90a75b8f|02|cc"; nocase; ) # ya.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001484; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|ya|02|ru"; nocase; ) # yah00mail.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001485; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|yah00mail|04|gicp|03|net"; nocase; ) # yahooair.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001486; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|yahooair|03|com"; nocase; ) # ydoapqgxeqmvsugz.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001487; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|ydoapqgxeqmvsugz|05|onion"; nocase; ) # yesitisqqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001488; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|yesitisqqq|03|com"; nocase; ) # yoksfffhvizk8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001489; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|yoksfffhvizk8z|03|com"; nocase; ) # ys168.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001490; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ys168|03|com"; nocase; ) # ytq0olsbahc8ujwhuhs6m0a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001491; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|ytq0olsbahc8ujwhuhs6m0a|04|ddns|03|net"; nocase; ) # yyfaimjmocdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001492; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|yyfaimjmocdu|03|com"; nocase; ) # zabeir5374hnotvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001493; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|ga"; nocase; ) # zabeir5374hnotvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001494; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|gq"; nocase; ) # zabeirotvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001495; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|gq"; nocase; ) # zabeirotvova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001496; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|ml"; nocase; ) # zaniatpizdets.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001497; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zaniatpizdets|03|com"; nocase; ) # zdravstvuyfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001498; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zdravstvuyfm|03|com"; nocase; ) # zemo-numeros.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001499; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zemo-numeros|03|com"; nocase; ) # zgmtsale.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001500; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zgmtsale|03|com"; nocase; ) # zoo-porn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001501; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zoo-porn|03|net"; nocase; ) # zoramtax.inc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001502; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zoramtax|03|inc|02|in"; nocase; ) # zvovapeterda1.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001503; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|ga"; nocase; ) # 0906.toh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001504; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|0906|03|toh|04|info"; nocase; ) # 0n4tblbdfncaauxioxto.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001505; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|0n4tblbdfncaauxioxto|04|ddns|03|net"; nocase; ) # 29a.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001506; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|29a|02|de"; nocase; ) # 2kjb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001507; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb9|03|net"; nocase; ) # 34324325kgkgfkgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001508; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|34324325kgkgfkgf|03|com"; nocase; ) # 42kjb11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001509; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|42kjb11|03|net"; nocase; ) # 557869.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001510; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|557869|03|com"; nocase; ) # 567mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001511; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|567mt|03|com"; nocase; ) # 59njm3tgtwggfu3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001512; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|59njm3tgtwggfu3|03|com"; nocase; ) # 63ghdye17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001513; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|63ghdye17|03|com"; nocase; ) # 66ygg.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001514; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|66ygg|02|gq"; nocase; ) # 69gang.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001515; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|69gang|03|com"; nocase; ) # 7hwr34n18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001516; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|7hwr34n18|03|com"; nocase; ) # a1c5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001517; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|a1c5|02|tk"; nocase; ) # a4yhexpmth2ldj3v.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001518; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|a4yhexpmth2ldj3v|05|onion"; nocase; ) # aaa.swhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001519; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|aaa|04|swhk|03|net"; nocase; ) # aabazrewdatupogre.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001520; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|gq"; nocase; ) # aabazrewdatupogre.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001521; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|ml"; nocase; ) # accountid-apple.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001522; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|accountid-apple|03|com"; nocase; ) # acount-help.co.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001523; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|acount-help|02|co|03|com"; nocase; ) # acvariimarine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001524; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|acvariimarine|03|com"; nocase; ) # adhotspot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001525; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|adhotspot|03|biz"; nocase; ) # adode-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001526; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adode-update|03|com"; nocase; ) # adservicestats.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001527; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|adservicestats|03|com"; nocase; ) # affiliand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001528; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|affiliand|03|com"; nocase; ) # afive.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001529; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|afive|03|net"; nocase; ) # againstangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001530; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|againstangry|03|net"; nocase; ) # agaliarept.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001531; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|agaliarept|03|com"; nocase; ) # agdedopribili.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001532; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|agdedopribili|03|com"; nocase; ) # agentclientclient.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001533; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|agentclientclient|02|me"; nocase; ) # ahnielinkury.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001534; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahnielinkury|03|net"; nocase; ) # ahyushkavovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001535; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|ml"; nocase; ) # akam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001536; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|akam|03|net"; nocase; ) # aktogavnovova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001537; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|ml"; nocase; ) # al-rddadi.com.sa [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001538; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|al-rddadi|03|com|02|sa"; nocase; ) # alamoadgroup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001539; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|alamoadgroup|03|com"; nocase; ) # alien12socket.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001540; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|alien12socket|04|ddns|03|net"; nocase; ) # alienspy2.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001541; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|alienspy2|04|ddns|03|net"; nocase; ) # aliserv2013.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001542; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|aliserv2013|02|ru"; nocase; ) # allinanma.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001543; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|allinanma|03|xyz"; nocase; ) # allowclientaxpalagent.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001544; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|allowclientaxpalagent|02|me"; nocase; ) # alongroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001545; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|alongroad|03|net"; nocase; ) # andrlova-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001546; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|andrlova-manager|03|com"; nocase; ) # andromike.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001547; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|andromike|03|com"; nocase; ) # andropaul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001548; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|andropaul|03|com"; nocase; ) # anptlnadkpkhmc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001549; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|anptlnadkpkhmc3|03|net"; nocase; ) # antivirus-up.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001550; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|antivirus-up|03|com"; nocase; ) # anylowso.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001551; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|anylowso|03|xyz"; nocase; ) # anywhere-staring.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001552; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|anywhere-staring|03|com"; nocase; ) # aogf.co.ke [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001553; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|aogf|02|co|02|ke"; nocase; ) # apipiskavovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001554; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|gq"; nocase; ) # apipiskavovujgf.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001555; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|ga"; nocase; ) # apipiskavovujgf.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001556; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|ml"; nocase; ) # appeal.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001557; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|appeal|02|ml"; nocase; ) # applefinder.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001558; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|applefinder|02|eu"; nocase; ) # appleupdate.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001559; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|appleupdate|03|biz"; nocase; ) # apps-guard.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001560; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|apps-guard|03|com"; nocase; ) # arcticllp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001561; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|arcticllp|03|com"; nocase; ) # asop83uyteramxop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001562; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|asop83uyteramxop|03|com"; nocase; ) # asozcmwuukrgydmzb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001563; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|asozcmwuukrgydmzb|03|com"; nocase; ) # assso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001564; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|assso|03|net"; nocase; ) # astro-travels.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001565; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|astro-travels|03|net"; nocase; ) # atomictrivia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001566; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|atomictrivia|02|ru"; nocase; ) # ausameetings.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001567; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ausameetings|03|com"; nocase; ) # auvovumalenkiu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001568; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|gq"; nocase; ) # auvovumalenkiu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001569; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|tk"; nocase; ) # auvovumalenkiu678.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001570; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|ga"; nocase; ) # auvovumalenkiu678.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001571; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|gq"; nocase; ) # avdrygvovanemydak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001572; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|cf"; nocase; ) # avdrygvovanemydak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001573; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|ga"; nocase; ) # avdrygvovanemydak.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001574; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|gq"; nocase; ) # avdrygvovanemydak.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001575; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|ml"; nocase; ) # avdrygvovanemydak.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001576; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|tk"; nocase; ) # avdrygvovanemydak1.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001577; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|gq"; nocase; ) # avdrygvovanemydakaa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001578; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|tk"; nocase; ) # avdrygvovanemydakaa5.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001579; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakaa5|02|ml"; nocase; ) # avdrygvovanemydakzz3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001580; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakzz3|02|cf"; nocase; ) # avdrygvovanemyz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001581; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avdrygvovanemyz|02|tk"; nocase; ) # avovagomosek.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001582; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovagomosek|02|cf"; nocase; ) # avovagomosek2.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001583; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|ga"; nocase; ) # avovagomosek2.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001584; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|gq"; nocase; ) # avovagomosek2.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001585; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|ml"; nocase; ) # avovakusokgavna.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001586; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avovakusokgavna|02|gq"; nocase; ) # avovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001587; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|ml"; nocase; ) # avovapeterda77.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001588; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|cf"; nocase; ) # azvdrygvovanemyz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001589; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|azvdrygvovanemyz|02|ml"; nocase; ) # azvdrygvovanemyz81.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001590; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|azvdrygvovanemyz81|02|cf"; nocase; ) # baazsawetukovcsa.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001591; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|ga"; nocase; ) # babkokohtybvcfreso.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001592; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|babkokohtybvcfreso|02|ga"; nocase; ) # bacuhytgbnvedhhko.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001593; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|bacuhytgbnvedhhko|02|ga"; nocase; ) # baepudavemanuel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001594; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|baepudavemanuel|03|net"; nocase; ) # baltichost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001595; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|baltichost|03|org"; nocase; ) # banglasexyvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001596; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|banglasexyvideo|03|com"; nocase; ) # bankruptcompanynews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001597; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bankruptcompanynews|03|com"; nocase; ) # bannerzone.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001598; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bannerzone|02|in"; nocase; ) # baomoi.coyo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001599; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|baomoi|04|coyo|02|eu"; nocase; ) # baugkoosdui.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001600; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|baugkoosdui|04|ddns|03|net"; nocase; ) # bb-apps-world.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001601; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bb-apps-world|03|com"; nocase; ) # beatrinko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001602; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|beatrinko|03|org"; nocase; ) # beinsportslivetv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001603; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|beinsportslivetv|03|com"; nocase; ) # beirut-memorial.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001604; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|beirut-memorial|03|org"; nocase; ) # best-drum-set.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001605; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|best-drum-set|03|com"; nocase; ) # bestcomputeradvisor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001606; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bestcomputeradvisor|03|com"; nocase; ) # bestcomputeradvisro.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001607; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bestcomputeradvisro|04|info"; nocase; ) # biketools.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001608; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|biketools|02|ru"; nocase; ) # bitblogoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001609; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bitblogoo|03|com"; nocase; ) # blackberry-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001610; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|blackberry-update|03|com"; nocase; ) # bloggarotosdegyn.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001611; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bloggarotosdegyn|03|com|02|br"; nocase; ) # blogging-host.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001612; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|blogging-host|04|info"; nocase; ) # blogsute.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001613; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|blogsute|03|com"; nocase; ) # blyavovarealn44ogavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001614; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|ga"; nocase; ) # blyavovarealn44ogavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001615; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|ml"; nocase; ) # blyavovarealnogavno.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001616; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|tk"; nocase; ) # bntnl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001617; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bntnl|03|com"; nocase; ) # boch256on1okvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001618; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|ga"; nocase; ) # boch256on1okvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001619; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|ml"; nocase; ) # boch256on1okvovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001620; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|tk"; nocase; ) # bochonokvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001621; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bochonokvovu|02|gq"; nocase; ) # bodihemouxk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001622; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|bodihemouxk|04|ddns|03|net"; nocase; ) # bogenyvovailoh.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001623; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|gq"; nocase; ) # bogevovaneudachnik.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001624; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|cf"; nocase; ) # bogevovaneudachnik.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001625; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|tk"; nocase; ) # boxandpad.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001626; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|boxandpad|03|com|02|cn"; nocase; ) # breadbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001627; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|breadbroad|03|net"; nocase; ) # breadunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001628; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|breadunderstand|03|net"; nocase; ) # brokenpiano.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001629; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|brokenpiano|02|ru"; nocase; ) # businessdirectnessource.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001630; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|businessdirectnessource|03|com"; nocase; ) # businessedgeadvance.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001631; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|businessedgeadvance|03|com"; nocase; ) # buzzercom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001632; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|buzzercom|03|com"; nocase; ) # bvovapeterdass.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001633; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|cf"; nocase; ) # bvovapeterdass.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001634; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|ml"; nocase; ) # bzfdcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001635; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bzfdcp|03|com"; nocase; ) # c1b1jfi2pdi8w1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001636; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1b1jfi2pdi8w1f|03|net"; nocase; ) # c1jczbhcpdi8w1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001637; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1jczbhcpdi8w1f|03|biz"; nocase; ) # c9cca04cec2588918820cf33ba4337cca8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001638; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|c9cca04cec2588918820cf33ba4337cca8|02|hk"; nocase; ) # cakedhisjohn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001639; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cakedhisjohn|03|com"; nocase; ) # cappadeterojo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001640; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|cappadeterojo|02|eu"; nocase; ) # captainfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001641; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|captainfifteen|03|net"; nocase; ) # cawasuse.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001642; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|cawasuse|02|ru"; nocase; ) # cawnqrvbmfgfysdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001643; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|cawnqrvbmfgfysdb|03|com"; nocase; ) # centerssweet.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001644; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|centerssweet|02|cf"; nocase; ) # charging-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001645; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|charging-technology|03|com"; nocase; ) # charmedno1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001646; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|charmedno1|03|com"; nocase; ) # chartered.co.th [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001647; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chartered|02|co|02|th"; nocase; ) # chchengine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001648; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chchengine|03|com"; nocase; ) # chebroom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001649; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|chebroom|03|com"; nocase; ) # chiproses.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001650; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chiproses|03|net"; nocase; ) # chromeupdt.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001651; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chromeupdt|02|tk"; nocase; ) # clients4-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001652; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|clients4-google|03|com"; nocase; ) # combilling.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001653; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|combilling|03|com"; nocase; ) # come-apple.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001654; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|come-apple|03|com"; nocase; ) # comixed.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001655; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|comixed|03|org"; nocase; ) # compagniealysia.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001656; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|compagniealysia|02|fr"; nocase; ) # confnet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001657; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|confnet|03|net"; nocase; ) # conforama.csod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001658; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|conforama|04|csod|03|com"; nocase; ) # connectads.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001659; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|connectads|03|com"; nocase; ) # conntsopan.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001660; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|conntsopan|03|xyz"; nocase; ) # containy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001661; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|containy|03|com"; nocase; ) # continental-transit-mail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001662; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|continental-transit-mail|03|com"; nocase; ) # coolnclassy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001663; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|coolnclassy|03|com"; nocase; ) # coosiean.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001664; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|coosiean|03|xyz"; nocase; ) # correos-portal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001665; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|correos-portal|03|com"; nocase; ) # correos-portal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001666; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|correos-portal|03|net"; nocase; ) # crashinfo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001667; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|crashinfo|04|info"; nocase; ) # crenshaw-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001668; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|crenshaw-manager|03|com"; nocase; ) # criollomedia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001669; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|criollomedia|03|com"; nocase; ) # csicohelp.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001670; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|csicohelp|04|ddns|02|us"; nocase; ) # cubbyusercontent.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001671; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|cubbyusercontent|03|com"; nocase; ) # cuencaluantricspace.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001672; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|cuencaluantricspace|03|com"; nocase; ) # cultureacess.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001673; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cultureacess|03|com"; nocase; ) # cvaglobal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001674; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|cvaglobal|03|com"; nocase; ) # cvovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001675; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|ga"; nocase; ) # cvovapeterda.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001676; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|gq"; nocase; ) # cvovapeterdaga.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001677; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|ga"; nocase; ) # daaserthupo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001678; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|ga"; nocase; ) # daaserthupo.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001679; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|gq"; nocase; ) # dabuhutregl.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001680; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|cf"; nocase; ) # dabuhutregl.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001681; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|gq"; nocase; ) # daceduyokon.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001682; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daceduyokon|02|tk"; nocase; ) # dailynewsupdater.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001683; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dailynewsupdater|03|com"; nocase; ) # daladryport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001684; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daladryport|03|com"; nocase; ) # damavandkuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001685; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|damavandkuh|03|com"; nocase; ) # damuk1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001686; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|damuk1|04|ddns|03|net"; nocase; ) # debka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001687; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|debka|02|ga"; nocase; ) # decidefifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001688; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|decidefifteen|03|net"; nocase; ) # deepskype.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001689; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|deepskype|03|net"; nocase; ) # defendersecurityauto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001690; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|defendersecurityauto|03|com"; nocase; ) # deivekmiuwoxe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001691; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|deivekmiuwoxe|04|ddns|03|net"; nocase; ) # derjihuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001692; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|derjihuy|03|com"; nocase; ) # deruserbikl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001693; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|deruserbikl|03|com"; nocase; ) # deyrep24.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001694; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|deyrep24|04|ddns|03|net"; nocase; ) # dfj3d8w3n27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001695; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dfj3d8w3n27|03|com"; nocase; ) # dfwsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001696; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dfwsd|02|co|02|vu"; nocase; ) # dinghareun.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001697; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dinghareun|02|ru"; nocase; ) # disaaxpalallow.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001698; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|disaaxpalallow|02|me"; nocase; ) # diskoco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001699; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|diskoco|03|com"; nocase; ) # divenewsletter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001700; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|divenewsletter|03|com"; nocase; ) # diyalready.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001701; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|diyalready|03|com"; nocase; ) # dkilograzmvovuf3.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001702; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|gq"; nocase; ) # dll-host-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001703; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dll-host-check|03|com"; nocase; ) # dmforever.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001704; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dmforever|03|biz"; nocase; ) # doctorbetween.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001705; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|doctorbetween|03|net"; nocase; ) # doctrashformater.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001706; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|doctrashformater|03|com"; nocase; ) # document-organizer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001707; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|document-organizer|03|com"; nocase; ) # document-qiew-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001708; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|document-qiew-online|03|com"; nocase; ) # documentfacilitysec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001709; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|documentfacilitysec|03|com"; nocase; ) # documents-live.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001710; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|documents-live|03|com"; nocase; ) # doqument-view-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001711; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|doqument-view-online|03|com"; nocase; ) # dortwindfayer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001712; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dortwindfayer|03|com"; nocase; ) # dotnetadvisor.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001713; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dotnetadvisor|04|info"; nocase; ) # dotntexplorere.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001714; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dotntexplorere|04|info"; nocase; ) # doubtarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001715; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|doubtarticle|03|net"; nocase; ) # doubtdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001716; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|doubtdried|03|net"; nocase; ) # doubtfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001717; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|doubtfifteen|03|net"; nocase; ) # dovimos.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001718; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dovimos|03|org"; nocase; ) # drag2008.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001719; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|drag2008|03|com"; nocase; ) # dreplicag.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001720; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dreplicag|02|ru"; nocase; ) # dribt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001721; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dribt|03|com"; nocase; ) # drivercenterupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001722; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|drivercenterupdate|03|com"; nocase; ) # drives-google.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001723; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drives-google|02|co"; nocase; ) # drjizz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001724; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|drjizz|03|com"; nocase; ) # drygvovanemyda4.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001725; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|ml"; nocase; ) # drygvovanemyda4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001726; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|tk"; nocase; ) # drygvovanemzz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001727; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|gq"; nocase; ) # drygvovanemzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001728; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|ml"; nocase; ) # dsffdsk323721372131.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001729; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|dsffdsk323721372131|03|com"; nocase; ) # dt1blog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001730; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dt1blog|03|com"; nocase; ) # dtjqugz5wkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001731; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dtjqugz5wkc|03|com"; nocase; ) # dtnvleoidsncuz7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001732; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dtnvleoidsncuz7i|03|com"; nocase; ) # dynarunner.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001733; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dynarunner|04|info"; nocase; ) # e3d68349d47efa0d5a9a92b1239bc4d48c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001734; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|e3d68349d47efa0d5a9a92b1239bc4d48c|02|tk"; nocase; ) # easyadvertonline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001735; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|easyadvertonline|03|com"; nocase; ) # edal.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001736; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|edal|02|cc"; nocase; ) # electricunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001737; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|electricunderstand|03|net"; nocase; ) # electronicfrontierfoundation.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001738; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|electronicfrontierfoundation|03|org"; nocase; ) # elorfans5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001739; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans5|03|com"; nocase; ) # emailotest.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001740; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|emailotest|02|co|02|vu"; nocase; ) # empireb1ue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001741; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|empireb1ue|03|com"; nocase; ) # empresasdevigilancia.com.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001742; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|empresasdevigilancia|03|com|02|ve"; nocase; ) # enduro.si [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001743; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|enduro|02|si"; nocase; ) # enhancerburnable.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001744; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|enhancerburnable|02|ru"; nocase; ) # eonlineworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001745; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|eonlineworld|03|net"; nocase; ) # eroomspeakblindly.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001746; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|eroomspeakblindly|02|ru"; nocase; ) # erreala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001747; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|erreala|03|com"; nocase; ) # esatelcode.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001748; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|esatelcode|03|com"; nocase; ) # f520.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001749; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|f520|03|net"; nocase; ) # fa23.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001750; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|fa23|02|ru"; nocase; ) # facetoo.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001751; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|facetoo|02|co|02|vu"; nocase; ) # faetsandrep.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001752; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|faetsandrep|02|ru"; nocase; ) # fallattret.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001753; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fallattret|02|co|02|vu"; nocase; ) # fast-update.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001754; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fast-update|03|net"; nocase; ) # faverfed.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001755; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|faverfed|03|xyz"; nocase; ) # fdfdfdggghgh.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001756; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fdfdfdggghgh|02|co|02|vu"; nocase; ) # fedpress.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001757; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fedpress|03|net"; nocase; ) # fenesihert.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001758; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fenesihert|02|ru"; nocase; ) # fersob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001759; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|fersob|03|org"; nocase; ) # fishecthinker.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001760; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|fishecthinker|04|ddns|03|net"; nocase; ) # fliteilex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001761; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fliteilex|03|com"; nocase; ) # fmfgrzebel.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001762; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fmfgrzebel|02|pl"; nocase; ) # following-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001763; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|following-technology|03|com"; nocase; ) # forcaltonttof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001764; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|forcaltonttof|03|com"; nocase; ) # formaterdocstras.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001765; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|formaterdocstras|03|com"; nocase; ) # formatmcl.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001766; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|formatmcl|04|gicp|03|net"; nocase; ) # fraser-ais.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001767; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fraser-ais|03|com"; nocase; ) # free3dprint.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001768; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|free3dprint|02|cf"; nocase; ) # freeworldgo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001769; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|freeworldgo|03|com"; nocase; ) # frijd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001770; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|frijd|03|com"; nocase; ) # frimeset.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001771; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|frimeset|03|com"; nocase; ) # frontlinegulf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001772; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|frontlinegulf|03|com"; nocase; ) # fuckingyoursister.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001773; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fuckingyoursister|02|ru"; nocase; ) # fulo-centums.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001774; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fulo-centums|03|com"; nocase; ) # functional-business.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001775; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|functional-business|03|com"; nocase; ) # g1osp1odin1ytui1dayn1vova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001776; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|cf"; nocase; ) # g1osp1odin1ytui1dayn1vova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001777; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|tk"; nocase; ) # gamesgirlscoat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001778; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|gamesgirlscoat|03|com"; nocase; ) # gatherbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001779; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gatherbehind|03|net"; nocase; ) # gaurav.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001780; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gaurav|04|mooo|03|com"; nocase; ) # gavnsxuwkavova3.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001781; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|ml"; nocase; ) # gavnuwkavova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001782; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|cf"; nocase; ) # gavnuwkavova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001783; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|ml"; nocase; ) # gavnuwkavova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001784; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|tk"; nocase; ) # gcrnbgjlsgchu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001785; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gcrnbgjlsgchu|03|com"; nocase; ) # geocities.efnet.at [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001786; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|geocities|05|efnet|02|at"; nocase; ) # gfsdgfgsdfgsdagasdgsad.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001787; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|gfsdgfgsdfgsdagasdgsad|02|co|02|vu"; nocase; ) # ghalibaft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001788; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ghalibaft|03|com"; nocase; ) # ghostwriter-24.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001789; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ghostwriter-24|02|de"; nocase; ) # ginfovalidationrequest.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001790; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|ginfovalidationrequest|03|com"; nocase; ) # gladolimo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001791; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|gladolimo|03|com"; nocase; ) # globaluniversitiesplacement.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001792; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1b|globaluniversitiesplacement|03|com"; nocase; ) # globemaster.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001793; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|globemaster|04|info"; nocase; ) # glonass-map.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001794; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|glonass-map|03|com"; nocase; ) # goodwebmail.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001795; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|goodwebmail|02|tk"; nocase; ) # google-ap1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001796; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|google-ap1|03|com"; nocase; ) # googleadvrt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001797; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|googleadvrt|03|com"; nocase; ) # googleapiserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001798; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|googleapiserver|03|net"; nocase; ) # googledoc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001799; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|googledoc|02|in"; nocase; ) # googledomain.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001800; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|googledomain|04|otzo|03|com"; nocase; ) # googlemm.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001801; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|googlemm|04|vicp|03|net"; nocase; ) # googleoffice.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001802; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|googleoffice|02|in"; nocase; ) # gooleg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001803; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gooleg|03|com"; nocase; ) # gorotza.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001804; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gorotza|03|biz"; nocase; ) # gotthendiran.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001805; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gotthendiran|03|com"; nocase; ) # gov.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001806; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|gov|03|uae|03|kim"; nocase; ) # grandemab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001807; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|grandemab|03|org"; nocase; ) # grom90.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001808; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|grom90|04|ddns|03|net"; nocase; ) # grouptumbler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001809; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|grouptumbler|03|com"; nocase; ) # gshsol4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001810; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gshsol4|03|com"; nocase; ) # gsx-idmsa-apple.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001811; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gsx-idmsa-apple|03|top"; nocase; ) # gtyu.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001812; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|gtyu|02|co|02|vu"; nocase; ) # hahahahaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001813; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hahahahaa|03|com"; nocase; ) # hamman.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001814; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|hamman|02|io"; nocase; ) # harropthenthe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001815; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|harropthenthe|02|ru"; nocase; ) # haufidasu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001816; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|haufidasu|04|ddns|03|net"; nocase; ) # headshot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001817; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|headshot|03|com"; nocase; ) # heckwassleftran.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001818; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|heckwassleftran|02|ru"; nocase; ) # hello-today.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001819; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hello-today|03|com"; nocase; ) # helpdesk7r.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001820; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|helpdesk7r|02|ru"; nocase; ) # hentaiha.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001821; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hentaiha|02|ru"; nocase; ) # herssofhaprigh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001822; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|herssofhaprigh|02|ru"; nocase; ) # hibromineltdpromefugeline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001823; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|hibromineltdpromefugeline|03|com"; nocase; ) # hirobakan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001824; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hirobakan|03|com"; nocase; ) # holopvovochka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001825; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holopvovochka|02|ga"; nocase; ) # holopvovochka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001826; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holopvovochka|02|gq"; nocase; ) # homedecks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001827; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|homedecks|03|com"; nocase; ) # honarkhabar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001828; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|honarkhabar|03|com"; nocase; ) # honarkhaneh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001829; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|honarkhaneh|03|net"; nocase; ) # hornet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001830; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|hornet|03|com"; nocase; ) # horningflux.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001831; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|horningflux|02|eu"; nocase; ) # hostshield.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001832; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hostshield|03|net"; nocase; ) # hotinfonews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001833; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hotinfonews|03|com"; nocase; ) # houstonpuryear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001834; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|houstonpuryear|03|com"; nocase; ) # hydrabad-ur.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001835; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hydrabad-ur|04|ddns|03|net"; nocase; ) # hymen-defloration.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001836; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|hymen-defloration|03|com"; nocase; ) # i6shm0u0o2yhopu8ip1d5f3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001837; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|i6shm0u0o2yhopu8ip1d5f3|04|ddns|03|net"; nocase; ) # icbcqsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001838; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|icbcqsz|03|com"; nocase; ) # idedroatyxoaxi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001839; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|idedroatyxoaxi|02|ru"; nocase; ) # idsp.org.pk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001840; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|idsp|03|org|02|pk"; nocase; ) # ihifg8u6etwpc0ktorc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001841; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|ihifg8u6etwpc0ktorc|04|ddns|03|net"; nocase; ) # illuminatework.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001842; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|illuminatework|02|ru"; nocase; ) # illuminatistudios.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001843; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|illuminatistudios|03|net"; nocase; ) # ima03.now.im [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001844; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ima03|03|now|02|im"; nocase; ) # imugoqsoakiqahi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001845; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|imugoqsoakiqahi|04|ddns|03|net"; nocase; ) # infovlasinkak.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001846; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|infovlasinkak|04|info"; nocase; ) # ingoarten.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001847; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ingoarten|03|org"; nocase; ) # intl-knapp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001848; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|intl-knapp|03|com"; nocase; ) # invoicewindow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001849; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|invoicewindow|03|com"; nocase; ) # ios9remote.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001850; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ios9remote|03|com"; nocase; ) # iosbefound.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001851; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|iosbefound|03|top"; nocase; ) # iplayer.fm [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001852; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|iplayer|02|fm"; nocase; ) # irantaraz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001853; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|irantaraz|03|com"; nocase; ) # irmatexoitn.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001854; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|irmatexoitn|04|ddns|03|net"; nocase; ) # isyncautoupdater.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001855; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|isyncautoupdater|02|in"; nocase; ) # iwork-sys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001856; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|iwork-sys|03|com"; nocase; ) # jackkk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001857; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|jackkk|03|com"; nocase; ) # jce68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001858; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jce68|03|com"; nocase; ) # jfglock.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001859; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|jfglock|02|ru"; nocase; ) # jhfdgjkdhgfiuyt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001860; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|jhfdgjkdhgfiuyt|02|co|02|vu"; nocase; ) # jjeyd2u37an30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001861; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|jjeyd2u37an30|03|com"; nocase; ) # johnsonsammy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001862; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|johnsonsammy|04|ddns|03|net"; nocase; ) # jozaglobal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001863; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jozaglobal|03|com"; nocase; ) # js-rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001864; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|js-rz|03|com"; nocase; ) # junomaat81.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001865; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|junomaat81|02|us"; nocase; ) # justufogame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001866; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|justufogame|03|com"; nocase; ) # jxouhxclhzdlwa1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001867; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|jxouhxclhzdlwa1d|03|com"; nocase; ) # k2qai2yeodm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001868; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2qai2yeodm|03|net"; nocase; ) # kaaalosa-set.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001869; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kaaalosa-set|03|com"; nocase; ) # kabur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001870; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kabur|03|org"; nocase; ) # kakoi5getulo5hvov5a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001871; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|tk"; nocase; ) # kanafany.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001872; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|kanafany|03|org"; nocase; ) # kannada.sexy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001873; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kannada|04|sexy|03|com"; nocase; ) # kaprizylka.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001874; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|cf"; nocase; ) # kaprizylka.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001875; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|tk"; nocase; ) # kavkazcentr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001876; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kavkazcentr|04|info"; nocase; ) # kdioqw873-kioas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001877; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|kdioqw873-kioas|03|com"; nocase; ) # kdqjqd5ni0inct1fo2ub38w.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001878; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|kdqjqd5ni0inct1fo2ub38w|04|ddns|03|net"; nocase; ) # killingmoon.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001879; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|killingmoon|03|top"; nocase; ) # kira.xxx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001880; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|kira|03|xxx"; nocase; ) # klydest.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001881; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|klydest|04|ddns|03|net"; nocase; ) # kolll.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001882; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kolll|02|co|02|vu"; nocase; ) # koslnotreamouyer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001883; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|koslnotreamouyer|03|com"; nocase; ) # kpddkeeded.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001884; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|cf"; nocase; ) # kpybuhnosdrm.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001885; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kpybuhnosdrm|02|in"; nocase; ) # ktbr-virus-r3i7-detected-qkuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001886; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1d|ktbr-virus-r3i7-detected-qkuj|03|com"; nocase; ) # kysochekvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001887; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kysochekvovu|02|ga"; nocase; ) # lacdileftre.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001888; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lacdileftre|02|ru"; nocase; ) # lastooooomene2ie2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001889; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|lastooooomene2ie2e|03|com"; nocase; ) # ledshoppen.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001890; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ledshoppen|02|nl"; nocase; ) # lemdingo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001891; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lemdingo|03|com"; nocase; ) # leonardomateus131.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001892; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|leonardomateus131|04|ddns|03|net"; nocase; ) # lev1tan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001893; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lev1tan|03|com"; nocase; ) # lifegreen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001894; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lifegreen|03|net"; nocase; ) # lifelift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001895; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lifelift|03|net"; nocase; ) # linkbucks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001896; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|linkbucks|03|com"; nocase; ) # linksbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001897; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|linksbo|03|com"; nocase; ) # listennewsnetwork.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001898; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|listennewsnetwork|03|com"; nocase; ) # litpou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001899; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|litpou|03|org"; nocase; ) # litramoloka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001900; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|litramoloka|03|com"; nocase; ) # liveservice.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001901; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|liveservice|03|biz"; nocase; ) # living-help.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001902; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|living-help|03|com"; nocase; ) # lkjhgf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001903; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|lkjhgf|02|eu"; nocase; ) # lkjhgfdsa01.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001904; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lkjhgfdsa01|03|xyz"; nocase; ) # loanscrub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001905; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|loanscrub|03|com"; nocase; ) # localconf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001906; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|localconf|03|com"; nocase; ) # localgroupnet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001907; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|localgroupnet|03|com"; nocase; ) # loginfo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001908; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|loginfo|04|info"; nocase; ) # logottitne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001909; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|logottitne|03|com"; nocase; ) # lovemail-rus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001910; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|lovemail-rus|03|net"; nocase; ) # lovethai.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001911; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lovethai|04|vicp|03|net"; nocase; ) # lowbalance.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001912; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|lowbalance|02|su"; nocase; ) # ltsectur2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001913; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ltsectur2|03|com"; nocase; ) # lulzsec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001914; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lulzsec|04|info"; nocase; ) # m0ntecrist0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001915; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|m0ntecrist0|02|cc"; nocase; ) # m0ntecrist0.co.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001916; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|m0ntecrist0|02|co|02|ve"; nocase; ) # m2lfk2jfqdj8x1o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001917; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2lfk2jfqdj8x1o|04|info"; nocase; ) # maarip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001918; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|maarip|03|org"; nocase; ) # macsupport247.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001919; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|macsupport247|03|com"; nocase; ) # madman1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001920; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|madman1|04|ddns|03|net"; nocase; ) # maefu1tejdt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001921; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|maefu1tejdt|03|net"; nocase; ) # maxcdnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001922; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|maxcdnn|03|com"; nocase; ) # mbuildersny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001923; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mbuildersny|03|com"; nocase; ) # mdlquote.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001924; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mdlquote|03|com"; nocase; ) # mega123b.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001925; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mega123b|04|ddns|03|net"; nocase; ) # mlhxqydhcjqvei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001926; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mlhxqydhcjqvei|03|com"; nocase; ) # mnogochat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001927; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mnogochat|03|com"; nocase; ) # mobileimho.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001928; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mobileimho|02|ru"; nocase; ) # molnarstuxedo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001929; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|molnarstuxedo|03|com"; nocase; ) # montiza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001930; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|montiza|03|net"; nocase; ) # moskalskiybodun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001931; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|moskalskiybodun|03|com"; nocase; ) # mostotransfer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001932; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|mostotransfer|03|com"; nocase; ) # motobit.cz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001933; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|motobit|02|cz"; nocase; ) # moziliafirefox.wicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001934; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|moziliafirefox|04|wicp|03|net"; nocase; ) # mozilla-plugins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001935; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mozilla-plugins|03|com"; nocase; ) # mrwashington.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001936; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mrwashington|02|eu"; nocase; ) # msonlineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001937; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|msonlineupdate|03|com"; nocase; ) # msr2006.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001938; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|msr2006|03|com"; nocase; ) # mssinfosys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001939; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mssinfosys|03|com"; nocase; ) # muvindebx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001940; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|muvindebx|02|eu"; nocase; ) # muzhikgusei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001941; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|muzhikgusei|03|com"; nocase; ) # n0vinite.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001942; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|n0vinite|03|com"; nocase; ) # nadeenk.sa [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001943; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nadeenk|02|sa"; nocase; ) # nasedrontit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001944; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nasedrontit|03|com"; nocase; ) # nato-hq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001945; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nato-hq|03|com"; nocase; ) # nato-info.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001946; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nato-info|03|com"; nocase; ) # nato-int.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001947; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nato-int|03|com"; nocase; ) # nato-news.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001948; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nato-news|03|com"; nocase; ) # natopress.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001949; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|natopress|03|org"; nocase; ) # nav1002.ath.cx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001950; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nav1002|03|ath|02|cx"; nocase; ) # nazgul.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001951; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nazgul|04|zyns|03|com"; nocase; ) # nba-79.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001952; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nba-79|03|com"; nocase; ) # neran.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001953; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|neran|03|net"; nocase; ) # netau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001954; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|netau|03|net"; nocase; ) # netsharepoint.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001955; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|netsharepoint|04|info"; nocase; ) # newderty.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001956; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|newderty|02|co|02|vu"; nocase; ) # newinfo32.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001957; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|newinfo32|04|eicp|03|net"; nocase; ) # news20158.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001958; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|news20158|02|co|02|vu"; nocase; ) # newstatisticfeeder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001959; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|newstatisticfeeder|03|com"; nocase; ) # nightdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001960; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nightdried|03|net"; nocase; ) # nightfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001961; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|nightfifteen|03|net"; nocase; ) # nimyusfhqwizzgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001962; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|nimyusfhqwizzgb|03|com"; nocase; ) # ninthclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001963; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ninthclub|03|com"; nocase; ) # nisog.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001964; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|nisog|02|co|02|uk"; nocase; ) # nitmurmansk.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001965; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nitmurmansk|02|su"; nocase; ) # niubsacaosuce.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001966; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|niubsacaosuce|04|ddns|03|net"; nocase; ) # nolanbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001967; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nolanbg|03|com"; nocase; ) # nortiniolosto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001968; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|nortiniolosto|03|com"; nocase; ) # notebookhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001969; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|notebookhk|03|net"; nocase; ) # ns02.xeex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001970; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ns02|04|xeex|03|com"; nocase; ) # ns2.oxeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001971; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|ns2|04|oxeo|03|com"; nocase; ) # nudiworld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001972; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nudiworld|03|org"; nocase; ) # nycosedfor.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001973; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nycosedfor|02|ru"; nocase; ) # nytuvovaigavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001974; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|nytuvovaigavno|02|gq"; nocase; ) # o5tac1berdn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001975; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5tac1berdn|03|biz"; nocase; ) # objectqueries.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001976; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|objectqueries|03|net"; nocase; ) # ogovugtuipawi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001977; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ogovugtuipawi|04|ddns|03|net"; nocase; ) # oilnewsblog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001978; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|oilnewsblog|03|com"; nocase; ) # oilstates.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001979; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oilstates|02|pw"; nocase; ) # okpole123.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001980; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|okpole123|04|ddns|03|net"; nocase; ) # omtimes.india [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001981; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|omtimes|05|india"; nocase; ) # ontiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001982; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ontiq|03|com"; nocase; ) # oowdesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001983; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oowdesign|03|com"; nocase; ) # opmsecurity.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001984; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|opmsecurity|03|org"; nocase; ) # oqkema.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001985; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|oqkema|03|com"; nocase; ) # os-microsoft-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001986; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|os-microsoft-update|03|com"; nocase; ) # osce-press.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001987; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|osce-press|03|com"; nocase; ) # ovqelj.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001988; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ovqelj|02|us"; nocase; ) # oxy0qt16mfsfm23fgvo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001989; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|oxy0qt16mfsfm23fgvo|04|ddns|03|net"; nocase; ) # pacific0147.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001990; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|pacific0147|04|ddns|03|net"; nocase; ) # papybrown.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001991; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|papybrown|04|mooo|03|com"; nocase; ) # parkingcrew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001992; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|parkingcrew|03|net"; nocase; ) # parterledhed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001993; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|parterledhed|03|com"; nocase; ) # pass-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001994; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|pass-google|03|com"; nocase; ) # pay-appstore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001995; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pay-appstore|03|com"; nocase; ) # pcal2.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001996; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|pcal2|03|dwy|02|cc"; nocase; ) # pe.hu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001997; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|pe|02|hu"; nocase; ) # peopleunion.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001998; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|peopleunion|04|gicp|03|net"; nocase; ) # perupacotes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001999; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|perupacotes|03|com"; nocase; ) # peter123456.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|peter123456|04|ddns|03|net"; nocase; ) # philsa.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|philsa|04|ddns|03|net"; nocase; ) # photograph.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|photograph|04|myfw|02|us"; nocase; ) # pickleweb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pickleweb|03|net"; nocase; ) # pizdakakoivovadaun.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|gq"; nocase; ) # pizdakakoivovadaun.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|ml"; nocase; ) # pizdakakoivovadaun.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|tk"; nocase; ) # pkdejexati0o4yje.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|pkdejexati0o4yje|04|ddns|03|net"; nocase; ) # pkspring.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pkspring|03|net"; nocase; ) # plaizenet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|plaizenet|03|net"; nocase; ) # playpso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|playpso|03|com"; nocase; ) # pnoc.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|pnoc|04|vicp|03|net"; nocase; ) # pocztapolska.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pocztapolska|03|biz"; nocase; ) # podin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|podin|03|net"; nocase; ) # poiuytre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|poiuytre|03|org"; nocase; ) # pomppondy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pomppondy|03|net"; nocase; ) # pornokan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pornokan|03|com"; nocase; ) # pornostarz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornostarz|03|org"; nocase; ) # pornostein.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornostein|03|com"; nocase; ) # privacy-live.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|privacy-live|03|com"; nocase; ) # privacy-yahoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|privacy-yahoo|03|com"; nocase; ) # profiles-google.uk.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|profiles-google|02|uk|02|to"; nocase; ) # psmt.usa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|psmt|03|usa|03|com"; nocase; ) # pstcmedia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pstcmedia|03|com"; nocase; ) # pusheasy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pusheasy|03|net"; nocase; ) # q4ydijevkvalgrm4o4a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|q4ydijevkvalgrm4o4a|04|ddns|03|net"; nocase; ) # q5w0f4n5lfm8a1p.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5w0f4n5lfm8a1p|04|info"; nocase; ) # qgjhmerjec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|qgjhmerjec|04|info"; nocase; ) # qov.hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|qov|02|hu|03|com"; nocase; ) # qtidg8khe4mrwr567na.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|qtidg8khe4mrwr567na|04|ddns|03|net"; nocase; ) # qtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|qtk|03|com"; nocase; ) # quaverse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|quaverse|03|com"; nocase; ) # radiobutton.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|radiobutton|04|mooo|03|com"; nocase; ) # rampagegramar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rampagegramar|03|com"; nocase; ) # randomwfu365.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|randomwfu365|03|com"; nocase; ) # rapidmyhardware.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rapidmyhardware|03|com"; nocase; ) # rausers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|rausers|03|com"; nocase; ) # rb.okta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|rb|04|okta|03|com"; nocase; ) # realget.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|realget|04|info"; nocase; ) # rechbaby.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|rechbaby|03|com|02|br"; nocase; ) # recordbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|recordbutter|03|net"; nocase; ) # redlrect-winav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redlrect-winav|03|com"; nocase; ) # regdexsecurity.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|regdexsecurity|03|com"; nocase; ) # renovationkingdom.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|renovationkingdom|03|com|02|au"; nocase; ) # responsecomputersupport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|responsecomputersupport|03|com"; nocase; ) # resumeofinstall.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|resumeofinstall|03|org"; nocase; ) # retravopoytem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|retravopoytem|03|com"; nocase; ) # rgoyfuadvkebxhjm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|rgoyfuadvkebxhjm|04|ddns|03|net"; nocase; ) # ricush.ath.cx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ricush|03|ath|02|cx"; nocase; ) # romnsiebabanahujtr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|romnsiebabanahujtr|03|org"; nocase; ) # romnsiebabanahujtr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|romnsiebabanahujtr2|03|org"; nocase; ) # rterybrstutnrsbberve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|rterybrstutnrsbberve|03|com"; nocase; ) # safesuns.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|safesuns|04|info"; nocase; ) # safpobdazy.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|safpobdazy|02|kz"; nocase; ) # safranchisebrands.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|safranchisebrands|02|co|02|za"; nocase; ) # salesmarkting.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|salesmarkting|02|co|02|vu"; nocase; ) # samp.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|samp|02|lv"; nocase; ) # san.edu.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|san|03|edu|02|mn"; nocase; ) # sanygroup.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sanygroup|02|co|02|uk"; nocase; ) # saytargetworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|saytargetworld|03|net"; nocase; ) # schitskivodka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|schitskivodka|03|com"; nocase; ) # sdfochekvovu4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|gq"; nocase; ) # seasonbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seasonbutter|03|net"; nocase; ) # secureinvoicedocs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|secureinvoicedocs|03|com"; nocase; ) # security-issue.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|security-issue|02|us"; nocase; ) # seichtechnip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seichtechnip|03|net"; nocase; ) # senhorchico.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|senhorchico|03|com|02|br"; nocase; ) # servelatmiru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|servelatmiru|03|com"; nocase; ) # services-mails.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|services-mails|03|com"; nocase; ) # sex-3gp-mp4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sex-3gp-mp4|03|com"; nocase; ) # sex-toy-shop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|sex-toy-shop|03|org"; nocase; ) # shatiko-mero.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|shatiko-mero|03|com"; nocase; ) # shineyourcareer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|shineyourcareer|03|com"; nocase; ) # signin-users.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|signin-users|03|com"; nocase; ) # siriomilfomu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|siriomilfomu|04|ddns|03|net"; nocase; ) # sixsquare.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sixsquare|03|net"; nocase; ) # sky.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|sky|04|otzo|03|com"; nocase; ) # skyvideo24.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|skyvideo24|02|in|02|ua"; nocase; ) # smilydesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smilydesign|03|com"; nocase; ) # smokeoffice.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smokeoffice|03|net"; nocase; ) # softrango.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|softrango|03|com"; nocase; ) # somedocushare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|somedocushare|03|com"; nocase; ) # sopheheadusnext.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sopheheadusnext|03|net"; nocase; ) # specthosting.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|specthosting|03|biz"; nocase; ) # speedynewsclips.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|speedynewsclips|03|com"; nocase; ) # srachechno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|srachechno|03|com"; nocase; ) # srvdexpress4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|srvdexpress4|03|com"; nocase; ) # srvdexpress6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|srvdexpress6|03|com"; nocase; ) # sshowmethemoney.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sshowmethemoney|03|com"; nocase; ) # stephanomerloda.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|stephanomerloda|02|eu"; nocase; ) # storsvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|storsvc|03|org"; nocase; ) # streamdating.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|streamdating|02|ru"; nocase; ) # streetbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|streetbutter|03|net"; nocase; ) # sykavovaloh.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|cf"; nocase; ) # sykavovaloh.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|tk"; nocase; ) # sykavovalohzz.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|cf"; nocase; ) # symantec-inc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|symantec-inc|03|com"; nocase; ) # syncdomain.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|syncdomain|04|info"; nocase; ) # syncprovider.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|syncprovider|04|info"; nocase; ) # systemsvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|systemsvc|03|net"; nocase; ) # tabsync.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|tabsync|03|net"; nocase; ) # tainttuy.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tainttuy|03|xyz"; nocase; ) # tamilhits.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tamilhits|03|net"; nocase; ) # tanmii.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|tanmii|04|gicp|03|net"; nocase; ) # taukband.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|taukband|03|com"; nocase; ) # team4heat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|team4heat|03|net"; nocase; ) # teenpornotube.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|teenpornotube|03|org"; nocase; ) # tggtghyhyrghg.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tggtghyhyrghg|02|co|02|vu"; nocase; ) # tgtfgtoiloilkuilkui.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|tgtfgtoiloilkuilkui|02|co|02|vu"; nocase; ) # thailandbbs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|thailandbbs|04|ddns|03|net"; nocase; ) # thesuperdeliciousnews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|thesuperdeliciousnews|03|com"; nocase; ) # theunilab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|theunilab|03|com"; nocase; ) # thxvideos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|thxvideos|03|com"; nocase; ) # tibet.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tibet|04|zyns|03|com"; nocase; ) # tibetcongress.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tibetcongress|04|oicp|03|net"; nocase; ) # timarols.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timarols|03|org"; nocase; ) # timechk13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk13|03|org"; nocase; ) # timechk14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk14|03|net"; nocase; ) # timechk17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|com"; nocase; ) # timechk17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|net"; nocase; ) # timechk17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|org"; nocase; ) # timechk18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk18|03|org"; nocase; ) # timechk20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|com"; nocase; ) # timechk23.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|com"; nocase; ) # timechk23.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|org"; nocase; ) # timechk25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|com"; nocase; ) # timechk27.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk27|03|org"; nocase; ) # timechk28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk28|03|org"; nocase; ) # timechk4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|com"; nocase; ) # timechk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|org"; nocase; ) # timechk8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk8|03|org"; nocase; ) # tisone360.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tisone360|03|com"; nocase; ) # titanikvmoskalii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|titanikvmoskalii|03|com"; nocase; ) # toldbiledin.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|toldbiledin|02|ru"; nocase; ) # topbullka.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|topbullka|02|ru"; nocase; ) # torsmimyred.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|torsmimyred|02|ru"; nocase; ) # trackmytraffic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|trackmytraffic|03|biz"; nocase; ) # tradebehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tradebehind|03|net"; nocase; ) # transactiona.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|transactiona|03|com"; nocase; ) # trik.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|trik|02|su"; nocase; ) # trkbox.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|trkbox|02|ru"; nocase; ) # truecryptrussia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|truecryptrussia|02|ru"; nocase; ) # trust-ing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|trust-ing|03|com"; nocase; ) # tumanmoskalskiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|tumanmoskalskiy|03|com"; nocase; ) # tweeter-stat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tweeter-stat|02|ru"; nocase; ) # ubeisyavovapls.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|gq"; nocase; ) # ubeisyavovapls.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|tk"; nocase; ) # ubjcl5ucn9g3m.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ubjcl5ucn9g3m|04|info"; nocase; ) # udts.de.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|udts|02|de|02|vu"; nocase; ) # ufrasequcoequdi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ufrasequcoequdi|04|ddns|03|net"; nocase; ) # ultrasoft.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ultrasoft|02|in"; nocase; ) # umashadilauru.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|umashadilauru|04|ddns|03|net"; nocase; ) # unitar.cms.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|unitar|03|cms|02|my"; nocase; ) # unlearnt.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|unlearnt|02|in"; nocase; ) # update.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|update|04|ddns|03|net"; nocase; ) # updatemarketltd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|updatemarketltd|02|in"; nocase; ) # upgratedns.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|upgratedns|04|zyns|03|com"; nocase; ) # uptime.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|uptime|03|uae|03|kim"; nocase; ) # uquoointime.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|uquoointime|03|net"; nocase; ) # usa-moon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|usa-moon|03|net"; nocase; ) # usababa.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|usababa|04|myfw|02|us"; nocase; ) # useralcliclient.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|useralcliclient|02|me"; nocase; ) # uyghur.sov.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|uyghur|03|sov|02|tw"; nocase; ) # vdrygvovanemydak3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vdrygvovanemydak3|02|tk"; nocase; ) # velevtattoo.bg [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|velevtattoo|02|bg"; nocase; ) # vemisaio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vemisaio|03|org"; nocase; ) # verification-identity.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|verification-identity|03|biz"; nocase; ) # verified-deal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|verified-deal|03|com"; nocase; ) # vertus-adusa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vertus-adusa|03|com"; nocase; ) # videoreview247.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|videoreview247|03|com"; nocase; ) # videosearcher.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|videosearcher|03|org"; nocase; ) # videoss.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|videoss|02|in|02|ua"; nocase; ) # vietkey.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|vietkey|04|xicp|03|net"; nocase; ) # vipmailru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vipmailru|03|com"; nocase; ) # vireacvio.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vireacvio|04|ddns|03|net"; nocase; ) # vitevecaasbaim.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vitevecaasbaim|04|ddns|03|net"; nocase; ) # vladivkansada.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|vladivkansada|04|info"; nocase; ) # vo55nehuevotak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vo55nehuevotak|02|cf"; nocase; ) # vovapizdadolboeb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapizdadolboeb|02|tk"; nocase; ) # vovapizdadolboebgh.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|ga"; nocase; ) # vovapizdadolboebgh.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|gq"; nocase; ) # vovapro100gandon.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapro100gandon|02|tk"; nocase; ) # vovapro100gandon23.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|gq"; nocase; ) # vovegarfdghhtom.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|cf"; nocase; ) # vovegaryackoletom.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|cf"; nocase; ) # voveholodnozimoi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|ga"; nocase; ) # voveholodnozimoi.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|ml"; nocase; ) # vovenehuevotak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|ga"; nocase; ) # vovenehuevotak.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|gq"; nocase; ) # vovewegdfnozimoi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|cf"; nocase; ) # vovewegdfnozimoi.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|gq"; nocase; ) # vtvykahskh9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vtvykahskh9m|03|com"; nocase; ) # vxuiweipowe92j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vxuiweipowe92j|03|com"; nocase; ) # waktrick.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|waktrick|03|com"; nocase; ) # wallnet.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|wallnet|04|zyns|03|com"; nocase; ) # wantools40.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wantools40|03|com"; nocase; ) # webbizwild.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|webbizwild|03|com"; nocase; ) # webhop.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|webhop|04|info"; nocase; ) # webmailgoogle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|webmailgoogle|03|com"; nocase; ) # wefandurtix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wefandurtix|03|com"; nocase; ) # wertstumbahn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wertstumbahn|02|ru"; nocase; ) # westinqhousenuclear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|westinqhousenuclear|03|com"; nocase; ) # wetguqan.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wetguqan|02|ru"; nocase; ) # wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|wha|02|la"; nocase; ) # widifu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|widifu|03|com"; nocase; ) # williasom.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|williasom|04|ddns|03|net"; nocase; ) # window-defender-security-alert.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1e|window-defender-security-alert|04|info"; nocase; ) # windows-notifications.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|windows-notifications|03|com"; nocase; ) # winupdateonline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|winupdateonline|03|com"; nocase; ) # wip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|wip|03|com"; nocase; ) # wj32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|wj32|03|org"; nocase; ) # wodebeizi119.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wodebeizi119|04|jkub|03|com"; nocase; ) # wordpress-catalog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wordpress-catalog|03|com"; nocase; ) # workwithdocuments.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|workwithdocuments|03|com"; nocase; ) # worldnewsonline.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|worldnewsonline|02|pw"; nocase; ) # wpqkvmpezecumbvl7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wpqkvmpezecumbvl7|03|com"; nocase; ) # wsghbfgb.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wsghbfgb|02|co|02|vu"; nocase; ) # www.jpta.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|jpta|02|jp"; nocase; ) # www.powr.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|powr|02|io"; nocase; ) # www.svsk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|svsk|03|net"; nocase; ) # www.vxea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|vxea|03|com"; nocase; ) # wxanalytics.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wxanalytics|02|ru"; nocase; ) # xaaag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|xaaag|03|com"; nocase; ) # xiupfisuaw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|xiupfisuaw|04|ddns|03|net"; nocase; ) # xoegfeima.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xoegfeima|04|ddns|03|net"; nocase; ) # xumooruthfull.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|xumooruthfull|03|net"; nocase; ) # xvideosock.vn.hn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|xvideosock|02|vn|02|hn"; nocase; ) # xxx.fap.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|xxx|03|fap|02|to"; nocase; ) # yamenswash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|yamenswash|03|com"; nocase; ) # yangdex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|yangdex|03|org"; nocase; ) # yhtooo.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|yhtooo|02|co|02|vu"; nocase; ) # youturbe.co.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|youturbe|02|co|02|cc"; nocase; ) # yt1ng6583vk8av5rwfy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|yt1ng6583vk8av5rwfy|04|ddns|03|net"; nocase; ) # yvgxmrurslexuty.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|yvgxmrurslexuty|04|ddns|03|net"; nocase; ) # z376dfe4955a257a78944864dd0158d172.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|z376dfe4955a257a78944864dd0158d172|02|ws"; nocase; ) # zabeirotvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|ga"; nocase; ) # zarafint.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zarafint|03|org"; nocase; ) # zbqaf5zcv9s3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zbqaf5zcv9s3x|03|biz"; nocase; ) # zhalehziba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|zhalehziba|03|com"; nocase; ) # zmbkfrdpnaec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zmbkfrdpnaec|03|com"; nocase; ) # zumo-afetuk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|zumo-afetuk|03|com"; nocase; ) # zvovapeterda1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|tk"; nocase; ) # zvovapeterda6.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda6|02|gq"; nocase; ) # 0xota.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|0xota|03|com"; nocase; ) # 1001010.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|1001010|03|org"; nocase; ) # 12-68.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|12-68|04|xicp|03|net"; nocase; ) # 16qvklkb3b58sfix54kf5lq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|16qvklkb3b58sfix54kf5lq|04|ddns|03|net"; nocase; ) # 18andabused.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|18andabused|03|com"; nocase; ) # 1qw2.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|1qw2|03|wha|02|la"; nocase; ) # 1vyrexifwt5rqpwvepm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|1vyrexifwt5rqpwvepm|04|ddns|03|net"; nocase; ) # 21sexlory.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|21sexlory|03|com"; nocase; ) # 24onlineskyvideo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|24onlineskyvideo|04|info"; nocase; ) # 2696666.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|2696666|03|com"; nocase; ) # 2kjb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb8|03|net"; nocase; ) # 3322.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|3322|03|org"; nocase; ) # 394iopwekmcopw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|394iopwekmcopw|03|com"; nocase; ) # formail.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002256; reference:url,www.spamhaus.org/query/dbl?domain=formail.su; priority:1; content:"|07|formail|02|su"; nocase; ) # gromovieotvodidiejj40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002257; reference:url,www.spamhaus.org/query/dbl?domain=gromovieotvodidiejj40.net; priority:1; content:"|15|gromovieotvodidiejj40|03|net"; nocase; ) # evarisms.bl.ee [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002258; reference:url,www.spamhaus.org/query/dbl?domain=evarisms.bl.ee; priority:1; content:"|08|evarisms|02|bl|02|ee"; nocase; ) # joyrideengend.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002259; reference:url,www.spamhaus.org/query/dbl?domain=joyrideengend.net; priority:1; content:"|0d|joyrideengend|03|net"; nocase; ) # flexinlala.grandshost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002260; reference:url,www.spamhaus.org/query/dbl?domain=flexinlala.grandshost.com; priority:1; content:"|0a|flexinlala|0a|grandshost|03|com"; nocase; ) # ponnammaleducationaltrust.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002261; reference:url,www.spamhaus.org/query/dbl?domain=ponnammaleducationaltrust.org; priority:1; content:"|19|ponnammaleducationaltrust|03|org"; nocase; ) # maxapps.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002262; reference:url,www.spamhaus.org/query/dbl?domain=maxapps.pl; priority:1; content:"|07|maxapps|02|pl"; nocase; ) # nq.sytes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002263; reference:url,www.spamhaus.org/query/dbl?domain=nq.sytes.net; priority:1; content:"|02|nq|05|sytes|03|net"; nocase; ) # loj7g.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002264; reference:url,www.spamhaus.org/query/dbl?domain=loj7g.cz.cc; priority:1; content:"|05|loj7g|02|cz|02|cc"; nocase; ) # melko.allalla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002265; reference:url,www.spamhaus.org/query/dbl?domain=melko.allalla.com; priority:1; content:"|05|melko|07|allalla|03|com"; nocase; ) # oshelveticagnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002266; reference:url,www.spamhaus.org/query/dbl?domain=oshelveticagnk.com; priority:1; content:"|0e|oshelveticagnk|03|com"; nocase; ) # sp11bialystok.neostrada.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002267; reference:url,www.spamhaus.org/query/dbl?domain=sp11bialystok.neostrada.pl; priority:1; content:"|0d|sp11bialystok|09|neostrada|02|pl"; nocase; ) # new-friha.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002268; reference:url,www.spamhaus.org/query/dbl?domain=new-friha.cz.cc; priority:1; content:"|09|new-friha|02|cz|02|cc"; nocase; ) # onestopinstru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002269; reference:url,www.spamhaus.org/query/dbl?domain=onestopinstru.net; priority:1; content:"|0d|onestopinstru|03|net"; nocase; ) # vcoverage.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002270; reference:url,www.spamhaus.org/query/dbl?domain=vcoverage.net; priority:1; content:"|09|vcoverage|03|net"; nocase; ) # silvuple.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002271; reference:url,www.spamhaus.org/query/dbl?domain=silvuple.org; priority:1; content:"|08|silvuple|03|org"; nocase; ) # www.netropoton.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002272; reference:url,www.spamhaus.org/query/dbl?domain=www.netropoton.com; priority:1; content:"|03|www|0a|netropoton|03|com"; nocase; ) # shaliron.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002273; reference:url,www.spamhaus.org/query/dbl?domain=shaliron.cz.cc; priority:1; content:"|08|shaliron|02|cz|02|cc"; nocase; ) # upfile.url.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002274; reference:url,www.spamhaus.org/query/dbl?domain=upfile.url.ph; priority:1; content:"|06|upfile|03|url|02|ph"; nocase; ) # marytraders.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002275; reference:url,www.spamhaus.org/query/dbl?domain=marytraders.in; priority:1; content:"|0b|marytraders|02|in"; nocase; ) # yrpdgiti.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002276; reference:url,www.spamhaus.org/query/dbl?domain=yrpdgiti.cz.cc; priority:1; content:"|08|yrpdgiti|02|cz|02|cc"; nocase; ) # unicorn.bl.ee [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002277; reference:url,www.spamhaus.org/query/dbl?domain=unicorn.bl.ee; priority:1; content:"|07|unicorn|02|bl|02|ee"; nocase; ) # w2c.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002278; reference:url,www.spamhaus.org/query/dbl?domain=w2c.ru; priority:1; content:"|03|w2c|02|ru"; nocase; ) # www.loongweed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002279; reference:url,www.spamhaus.org/query/dbl?domain=www.loongweed.com; priority:1; content:"|03|www|09|loongweed|03|com"; nocase; ) # lamonde.uni.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002280; reference:url,www.spamhaus.org/query/dbl?domain=lamonde.uni.me; priority:1; content:"|07|lamonde|03|uni|02|me"; nocase; ) # prosperobaro.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002281; reference:url,www.spamhaus.org/query/dbl?domain=prosperobaro.in; priority:1; content:"|0c|prosperobaro|02|in"; nocase; ) # willubmyscr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002282; reference:url,www.spamhaus.org/query/dbl?domain=willubmyscr.com; priority:1; content:"|0b|willubmyscr|03|com"; nocase; ) # akunamatata.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002283; reference:url,www.spamhaus.org/query/dbl?domain=akunamatata.cz.cc; priority:1; content:"|0b|akunamatata|02|cz|02|cc"; nocase; ) # aiirmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002284; reference:url,www.spamhaus.org/query/dbl?domain=aiirmr.com; priority:1; content:"|06|aiirmr|03|com"; nocase; ) # eriwa.uni.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002285; reference:url,www.spamhaus.org/query/dbl?domain=eriwa.uni.me; priority:1; content:"|05|eriwa|03|uni|02|me"; nocase; ) # www.lfjiayi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002286; reference:url,www.spamhaus.org/query/dbl?domain=www.lfjiayi.com; priority:1; content:"|03|www|07|lfjiayi|03|com"; nocase; ) # ecstasy.sx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002287; reference:url,www.spamhaus.org/query/dbl?domain=ecstasy.sx; priority:1; content:"|07|ecstasy|02|sx"; nocase; ) # mail.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002288; reference:url,www.spamhaus.org/query/dbl?domain=mail.honeybot.us; priority:1; content:"|04|mail|08|honeybot|02|us"; nocase; ) # destnarrowweek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002289; reference:url,www.spamhaus.org/query/dbl?domain=destnarrowweek.com; priority:1; content:"|0e|destnarrowweek|03|com"; nocase; ) # ns2.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002290; reference:url,www.spamhaus.org/query/dbl?domain=ns2.honeybot.us; priority:1; content:"|03|ns2|08|honeybot|02|us"; nocase; ) # donquertofear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002291; reference:url,www.spamhaus.org/query/dbl?domain=donquertofear.com; priority:1; content:"|0d|donquertofear|03|com"; nocase; ) # dortehthisnet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002292; reference:url,www.spamhaus.org/query/dbl?domain=dortehthisnet.com; priority:1; content:"|0d|dortehthisnet|03|com"; nocase; ) # o8rad5ccx9f3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002293; reference:url,www.spamhaus.org/query/dbl?domain=o8rad5ccx9f3r.net; priority:1; content:"|0d|o8rad5ccx9f3r|03|net"; nocase; ) # ng.marketallone.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002294; reference:url,www.spamhaus.org/query/dbl?domain=ng.marketallone.com; priority:1; content:"|02|ng|0c|marketallone|03|com"; nocase; ) # dd.ka3ek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002295; reference:url,www.spamhaus.org/query/dbl?domain=dd.ka3ek.com; priority:1; content:"|02|dd|05|ka3ek|03|com"; nocase; ) # omstbriyhtgkuhxpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002296; reference:url,www.spamhaus.org/query/dbl?domain=omstbriyhtgkuhxpi.com; priority:1; content:"|11|omstbriyhtgkuhxpi|03|com"; nocase; ) # hub3.toikgame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002297; reference:url,www.spamhaus.org/query/dbl?domain=hub3.toikgame.com; priority:1; content:"|04|hub3|08|toikgame|03|com"; nocase; ) # xi.r4t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002298; reference:url,www.spamhaus.org/query/dbl?domain=xi.r4t.biz; priority:1; content:"|02|xi|03|r4t|03|biz"; nocase; ) # againstfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002299; reference:url,www.spamhaus.org/query/dbl?domain=againstfifteen.net; priority:1; content:"|0e|againstfifteen|03|net"; nocase; ) # appridefirstcom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002300; reference:url,www.spamhaus.org/query/dbl?domain=appridefirstcom.com; priority:1; content:"|0f|appridefirstcom|03|com"; nocase; ) # alertmymail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002301; reference:url,www.spamhaus.org/query/dbl?domain=alertmymail.com; priority:1; content:"|0b|alertmymail|03|com"; nocase; ) # applemedia1236.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002302; reference:url,www.spamhaus.org/query/dbl?domain=applemedia1236.com; priority:1; content:"|0e|applemedia1236|03|com"; nocase; ) # google-dns-public.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002303; reference:url,www.spamhaus.org/query/dbl?domain=google-dns-public.com; priority:1; content:"|11|google-dns-public|03|com"; nocase; ) # betterbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002304; reference:url,www.spamhaus.org/query/dbl?domain=betterbroad.net; priority:1; content:"|0b|betterbroad|03|net"; nocase; ) # vesnarusural.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002305; reference:url,www.spamhaus.org/query/dbl?domain=vesnarusural.ru; priority:1; content:"|0c|vesnarusural|02|ru"; nocase; ) # votublist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002306; reference:url,www.spamhaus.org/query/dbl?domain=votublist.com; priority:1; content:"|09|votublist|03|com"; nocase; ) # fedorena.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002307; reference:url,www.spamhaus.org/query/dbl?domain=fedorena.com; priority:1; content:"|08|fedorena|03|com"; nocase; ) # helpcenter1it6238.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002308; reference:url,www.spamhaus.org/query/dbl?domain=helpcenter1it6238.cz.cc; priority:1; content:"|11|helpcenter1it6238|02|cz|02|cc"; nocase; ) # luckydaydirect.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002309; reference:url,www.spamhaus.org/query/dbl?domain=luckydaydirect.info; priority:1; content:"|0e|luckydaydirect|04|info"; nocase; ) # mag8u1tejdt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002310; reference:url,www.spamhaus.org/query/dbl?domain=mag8u1tejdt.biz; priority:1; content:"|0b|mag8u1tejdt|03|biz"; nocase; ) # mediacontent2.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002311; reference:url,www.spamhaus.org/query/dbl?domain=mediacontent2.us; priority:1; content:"|0d|mediacontent2|02|us"; nocase; ) # rebteugrigh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002312; reference:url,www.spamhaus.org/query/dbl?domain=rebteugrigh.com; priority:1; content:"|0b|rebteugrigh|03|com"; nocase; ) # idthentehed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002313; reference:url,www.spamhaus.org/query/dbl?domain=idthentehed.com; priority:1; content:"|0b|idthentehed|03|com"; nocase; ) # richdilly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002314; reference:url,www.spamhaus.org/query/dbl?domain=richdilly.com; priority:1; content:"|09|richdilly|03|com"; nocase; ) # csu.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002315; reference:url,www.spamhaus.org/query/dbl?domain=csu.su; priority:1; content:"|03|csu|02|su"; nocase; ) # cyberwise.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002316; reference:url,www.spamhaus.org/query/dbl?domain=cyberwise.biz; priority:1; content:"|09|cyberwise|03|biz"; nocase; ) # intelligiblemailer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002317; reference:url,www.spamhaus.org/query/dbl?domain=intelligiblemailer.eu; priority:1; content:"|12|intelligiblemailer|02|eu"; nocase; ) # mukosoma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002318; reference:url,www.spamhaus.org/query/dbl?domain=mukosoma.com; priority:1; content:"|08|mukosoma|03|com"; nocase; ) # x7sbu5hcg9b3f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002319; reference:url,www.spamhaus.org/query/dbl?domain=x7sbu5hcg9b3f.net; priority:1; content:"|0d|x7sbu5hcg9b3f|03|net"; nocase; ) # updatewindowsplayer.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002320; reference:url,www.spamhaus.org/query/dbl?domain=updatewindowsplayer.gq; priority:1; content:"|13|updatewindowsplayer|02|gq"; nocase; ) # ysg9ivv311.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002321; reference:url,www.spamhaus.org/query/dbl?domain=ysg9ivv311.com; priority:1; content:"|0a|ysg9ivv311|03|com"; nocase; ) # error.hostinger.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002322; reference:url,www.spamhaus.org/query/dbl?domain=unicorn.bl.ee; priority:1; content:"|05|error|09|hostinger|02|eu"; nocase; ) # www.chemicalguysmexico.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002323; reference:url,www.spamhaus.org/query/dbl?domain=www.chemicalguysmexico.com.mx; priority:1; content:"|03|www|12|chemicalguysmexico|03|com|02|mx"; nocase; ) # iprotect.com.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002324; reference:url,www.spamhaus.org/query/dbl?domain=iprotect.com.my; priority:1; content:"|08|iprotect|03|com|02|my"; nocase; ) # ns1.www.madunixxx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002325; reference:url,www.spamhaus.org/query/dbl?domain=ns1.www.madunixxx.ru; priority:1; content:"|03|ns1|03|www|09|madunixxx|02|ru"; nocase; ) # www.cefix.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002326; reference:url,www.spamhaus.org/query/dbl?domain=www.cefix.com.tr; priority:1; content:"|03|www|05|cefix|03|com|02|tr"; nocase; ) # www.arthurwinley.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002327; reference:url,www.spamhaus.org/query/dbl?domain=www.arthurwinley.com; priority:1; content:"|03|www|0c|arthurwinley|03|com"; nocase; ) # ns1.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002328; reference:url,www.spamhaus.org/query/dbl?domain=ns1.honeybot.us; priority:1; content:"|03|ns1|08|honeybot|02|us"; nocase; ) # www.hairwearebeautyboutique.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002329; reference:url,www.spamhaus.org/query/dbl?domain=www.hairwearebeautyboutique.com; priority:1; content:"|03|www|17|hairwearebeautyboutique|03|com"; nocase; ) # 516515-de-prob-kenntnis-nachweis.schutz-schutz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002330; reference:url,www.spamhaus.org/query/dbl?domain=516515-de-prob-kenntnis-nachweis.schutz-schutz.ml; priority:1; content:"|20|516515-de-prob-kenntnis-nachweis|0d|schutz-schutz|02|ml"; nocase; ) # paypa1.update.hollywoodshowgirls.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002331; reference:url,www.spamhaus.org/query/dbl?domain=paypa1.update.hollywoodshowgirls.com.au; priority:1; content:"|06|paypa1|06|update|12|hollywoodshowgirls|03|com|02|au"; nocase; ) # www.ssaua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002332; reference:url,www.spamhaus.org/query/dbl?domain=www.ssaua.org; priority:1; content:"|03|www|05|ssaua|03|org"; nocase; ) # www.griffin-media.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002333; reference:url,www.spamhaus.org/query/dbl?domain=www.griffin-media.com; priority:1; content:"|03|www|0d|griffin-media|03|com"; nocase; ) # www.accountinfos.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002334; reference:url,www.spamhaus.org/query/dbl?domain=www.accountinfos.info; priority:1; content:"|03|www|0c|accountinfos|04|info"; nocase; ) # irc.eu.immortal-anime.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002335; reference:url,www.spamhaus.org/query/dbl?domain=irc.eu.immortal-anime.net; priority:1; content:"|03|irc|02|eu|0e|immortal-anime|03|net"; nocase; ) # ns1.heaventreewebhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002336; reference:url,www.spamhaus.org/query/dbl?domain=ns1.heaventreewebhost.com; priority:1; content:"|03|ns1|11|heaventreewebhost|03|com"; nocase; ) # www.coffeeguru.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002337; reference:url,www.spamhaus.org/query/dbl?domain=www.coffeeguru.it; priority:1; content:"|03|www|0a|coffeeguru|02|it"; nocase; ) # 03a6f57.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002338; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03a6f57.netsolhost.com; priority:1; content:"|07|03a6f57|0a|netsolhost|03|com"; nocase; ) # 0if1nl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002339; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=0if1nl6.org; priority:1; content:"|07|0if1nl6|03|org"; nocase; ) # ahmedashid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002340; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ahmedashid.com; priority:1; content:"|0a|ahmedashid|03|com"; nocase; ) # anlacviettravel.com.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002341; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=anlacviettravel.com.vn; priority:1; content:"|0f|anlacviettravel|03|com|02|vn"; nocase; ) # arthur-thomas.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002342; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arthur-thomas.info; priority:1; content:"|0d|arthur-thomas|04|info"; nocase; ) # atmape.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002343; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=atmape.ru; priority:1; content:"|06|atmape|02|ru"; nocase; ) # bestdove.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002344; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bestdove.in.ua; priority:1; content:"|08|bestdove|02|in|02|ua"; nocase; ) # bethelnorthbay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002345; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bethelnorthbay.com; priority:1; content:"|0e|bethelnorthbay|03|com"; nocase; ) # bin1.kns1.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002346; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bin1.kns1.al; priority:1; content:"|04|bin1|04|kns1|02|al"; nocase; ) # brausincsystem.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002347; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=brausincsystem.pro; priority:1; content:"|0e|brausincsystem|03|pro"; nocase; ) # bright.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002348; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bright.su; priority:1; content:"|06|bright|02|su"; nocase; ) # bryckerhire.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002349; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bryckerhire.com.au; priority:1; content:"|0b|bryckerhire|03|com|02|au"; nocase; ) # bubbliezsisters.com.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002350; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bubbliezsisters.com.my; priority:1; content:"|0f|bubbliezsisters|03|com|02|my"; nocase; ) # capacitacion.inami.gob.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002351; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=capacitacion.inami.gob.mx; priority:1; content:"|0c|capacitacion|05|inami|03|gob|02|mx"; nocase; ) # chambercb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002352; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chambercb.tk; priority:1; content:"|09|chambercb|02|tk"; nocase; ) # championbft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002353; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=championbft.com; priority:1; content:"|0b|championbft|03|com"; nocase; ) # cp53072.cloudhosting.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002354; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cp53072.cloudhosting.lv; priority:1; content:"|07|cp53072|0c|cloudhosting|02|lv"; nocase; ) # crimunalbot001.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002355; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=crimunalbot001.ga; priority:1; content:"|0e|crimunalbot001|02|ga"; nocase; ) # danislenefc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002356; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=danislenefc.info; priority:1; content:"|0b|danislenefc|04|info"; nocase; ) # dasch.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002357; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dasch.pl; priority:1; content:"|05|dasch|02|pl"; nocase; ) # delaponitan.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002358; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=delaponitan.pw; priority:1; content:"|0b|delaponitan|02|pw"; nocase; ) # dlauten.bplaced.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002359; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dlauten.bplaced.net; priority:1; content:"|07|dlauten|07|bplaced|03|net"; nocase; ) # domifondery.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002360; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domifondery.com; priority:1; content:"|0b|domifondery|03|com"; nocase; ) # dominoziele.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002361; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dominoziele.pw; priority:1; content:"|0b|dominoziele|02|pw"; nocase; ) # eavgwy5suy.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002362; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=eavgwy5suy.tk; priority:1; content:"|0a|eavgwy5suy|02|tk"; nocase; ) # escuelanet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002363; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=escuelanet.com; priority:1; content:"|0a|escuelanet|03|com"; nocase; ) # fapet.ipb.ac.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002364; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fapet.ipb.ac.id; priority:1; content:"|05|fapet|03|ipb|02|ac|02|id"; nocase; ) # finalcrashtest.co.nz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002365; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=finalcrashtest.co.nz; priority:1; content:"|0e|finalcrashtest|02|co|02|nz"; nocase; ) # genteatsss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002366; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=genteatsss.com; priority:1; content:"|0a|genteatsss|03|com"; nocase; ) # gskpresident.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002367; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gskpresident.tk; priority:1; content:"|0c|gskpresident|02|tk"; nocase; ) # icleanforyou.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002368; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=icleanforyou.com.au; priority:1; content:"|0c|icleanforyou|03|com|02|au"; nocase; ) # imamnhearte.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002369; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=imamnhearte.hotmail.ru; priority:1; content:"|0b|imamnhearte|07|hotmail|02|ru"; nocase; ) # jacoblanderville.myjino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002370; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jacoblanderville.myjino.ru; priority:1; content:"|10|jacoblanderville|06|myjino|02|ru"; nocase; ) # joepussy.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002371; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joepussy.tk; priority:1; content:"|08|joepussy|02|tk"; nocase; ) # juanadearco.com.uy [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002372; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=juanadearco.com.uy; priority:1; content:"|0b|juanadearco|03|com|02|uy"; nocase; ) # jump1ng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002373; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jump1ng.net; priority:1; content:"|07|jump1ng|03|net"; nocase; ) # kesikelyaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002374; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kesikelyaf.com; priority:1; content:"|0a|kesikelyaf|03|com"; nocase; ) # kraonkelaere.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002375; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kraonkelaere.com; priority:1; content:"|0c|kraonkelaere|03|com"; nocase; ) # krestenbv.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002376; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=krestenbv.nl; priority:1; content:"|09|krestenbv|02|nl"; nocase; ) # lp.sa-baba.co.il [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002377; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lp.sa-baba.co.il; priority:1; content:"|02|lp|07|sa-baba|02|co|02|il"; nocase; ) # madaniashop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002378; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=madaniashop.com; priority:1; content:"|0b|madaniashop|03|com"; nocase; ) # maminoleinc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002379; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=maminoleinc.tk; priority:1; content:"|0b|maminoleinc|02|tk"; nocase; ) # matt001.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002380; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=matt001.tk; priority:1; content:"|07|matt001|02|tk"; nocase; ) # metromall.good-media.co.il [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002381; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=metromall.good-media.co.il; priority:1; content:"|09|metromall|0a|good-media|02|co|02|il"; nocase; ) # myfcb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002382; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=myfcb.tk; priority:1; content:"|05|myfcb|02|tk"; nocase; ) # mymytonnymaxltd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002383; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mymytonnymaxltd.org; priority:1; content:"|0f|mymytonnymaxltd|03|org"; nocase; ) # newsmedia.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002384; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=newsmedia.com.br; priority:1; content:"|09|newsmedia|03|com|02|br"; nocase; ) # ns416017.ip-37-187-144.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002385; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns416017.ip-37-187-144.eu; priority:1; content:"|08|ns416017|0d|ip-37-187-144|02|eu"; nocase; ) # obyno.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002386; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=obyno.xyz; priority:1; content:"|05|obyno|03|xyz"; nocase; ) # pharmaspan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002387; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pharmaspan.com; priority:1; content:"|0a|pharmaspan|03|com"; nocase; ) # physiotherapyusa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002388; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=physiotherapyusa.org; priority:1; content:"|10|physiotherapyusa|03|org"; nocase; ) # portal.100am100.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002389; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=portal.100am100.kz; priority:1; content:"|06|portal|08|100am100|02|kz"; nocase; ) # registerdrivegoogle.sytes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002390; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=registerdrivegoogle.sytes.net; priority:1; content:"|13|registerdrivegoogle|05|sytes|03|net"; nocase; ) # sdhfjksdhfjksdh.biz.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002391; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sdhfjksdhfjksdh.biz.ua; priority:1; content:"|0f|sdhfjksdhfjksdh|03|biz|02|ua"; nocase; ) # servmill.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002392; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=servmill.com; priority:1; content:"|08|servmill|03|com"; nocase; ) # shammah.openbrazil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002393; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shammah.openbrazil.org; priority:1; content:"|07|shammah|0a|openbrazil|03|org"; nocase; ) # spotmarka.ap0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002394; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spotmarka.ap0x.com; priority:1; content:"|09|spotmarka|04|ap0x|03|com"; nocase; ) # systemhelpr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002395; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=systemhelpr.com; priority:1; content:"|0b|systemhelpr|03|com"; nocase; ) # tekchuks.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002396; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekchuks.xyz; priority:1; content:"|08|tekchuks|03|xyz"; nocase; ) # thegreenwayup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002397; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=thegreenwayup.com; priority:1; content:"|0d|thegreenwayup|03|com"; nocase; ) # tronuprising.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002398; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tronuprising.heliohost.org; priority:1; content:"|0c|tronuprising|09|heliohost|03|org"; nocase; ) # webtahmin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002399; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=webtahmin.com; priority:1; content:"|09|webtahmin|03|com"; nocase; ) # www.bilbobaggins.comxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002400; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.bilbobaggins.comxa.com; priority:1; content:"|03|www|0c|bilbobaggins|05|comxa|03|com"; nocase; ) # www.danielevarriale.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002401; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.danielevarriale.it; priority:1; content:"|03|www|0f|danielevarriale|02|it"; nocase; ) # www.florin-skincare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002402; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.florin-skincare.com; priority:1; content:"|03|www|0f|florin-skincare|03|com"; nocase; ) # www.foxload.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002403; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.foxload.in.net; priority:1; content:"|03|www|07|foxload|02|in|03|net"; nocase; ) # www.halfwayfilm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002404; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.halfwayfilm.com; priority:1; content:"|03|www|0b|halfwayfilm|03|com"; nocase; ) # www.horizonmagazine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002405; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.horizonmagazine.com; priority:1; content:"|03|www|0f|horizonmagazine|03|com"; nocase; ) # www.jobdeliver.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002406; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.jobdeliver.tk; priority:1; content:"|03|www|0a|jobdeliver|02|tk"; nocase; ) # www.personxing.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002407; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.personxing.in.net; priority:1; content:"|03|www|0a|personxing|02|in|03|net"; nocase; ) # www.proacti.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002408; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.proacti.com.br; priority:1; content:"|03|www|07|proacti|03|com|02|br"; nocase; ) # www.riverwalktrader.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002409; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.riverwalktrader.co.za; priority:1; content:"|03|www|0f|riverwalktrader|02|co|02|za"; nocase; ) # www.wecontrol-com.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002410; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.wecontrol-com.tk; priority:1; content:"|03|www|0d|wecontrol-com|02|tk"; nocase; ) # xbsezlmaha.loan [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002411; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xbsezlmaha.loan; priority:1; content:"|0a|xbsezlmaha|04|loan"; nocase; ) # xpipemotoring.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002412; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xpipemotoring.top; priority:1; content:"|0d|xpipemotoring|03|top"; nocase; ) # z0bu.dynu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002413; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=z0bu.dynu.com; priority:1; content:"|04|z0bu|04|dynu|03|com"; nocase; ) # z3us1.z-ed.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002414; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=z3us1.z-ed.info; priority:1; content:"|05|z3us1|04|z-ed|04|info"; nocase; ) # zabava-bel.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002415; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zabava-bel.ru; priority:1; content:"|0a|zabava-bel|02|ru"; nocase; ) # zetes.vdsinside.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002416; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zetes.vdsinside.com; priority:1; content:"|05|zetes|09|vdsinside|03|com"; nocase; ) # zhyravlik.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002417; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zhyravlik.ru; priority:1; content:"|09|zhyravlik|02|ru"; nocase; ) # zxyinternational.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002418; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zxyinternational.net; priority:1; content:"|10|zxyinternational|03|net"; nocase; ) # 76tguy6hh6tgftrt7tg.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002419; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=76tguy6hh6tgftrt7tg.su; priority:1; content:"|13|76tguy6hh6tgftrt7tg|02|su"; nocase; ) # angryshippflyforok.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002420; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=angryshippflyforok.su; priority:1; content:"|12|angryshippflyforok|02|su"; nocase; ) # arcelikpendikservisi.gen.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002421; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arcelikpendikservisi.gen.tr; priority:1; content:"|14|arcelikpendikservisi|03|gen|02|tr"; nocase; ) # arvision.com.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002422; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arvision.com.co; priority:1; content:"|08|arvision|03|com|02|co"; nocase; ) # auslaser.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002423; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=auslaser.net; priority:1; content:"|08|auslaser|03|net"; nocase; ) # axpoium.echange.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002424; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=axpoium.echange.su; priority:1; content:"|07|axpoium|07|echange|02|su"; nocase; ) # bestboy.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002425; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bestboy.top; priority:1; content:"|07|bestboy|03|top"; nocase; ) # blog.raw-recruits.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002426; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=blog.raw-recruits.com; priority:1; content:"|04|blog|0c|raw-recruits|03|com"; nocase; ) # casher777soft.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002427; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=casher777soft.pw; priority:1; content:"|0d|casher777soft|02|pw"; nocase; ) # ccpmacake.faith [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002428; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ccpmacake.faith; priority:1; content:"|09|ccpmacake|05|faith"; nocase; ) # cd31411.tmweb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002429; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cd31411.tmweb.ru; priority:1; content:"|07|cd31411|05|tmweb|02|ru"; nocase; ) # chezhiyasweheropasl.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002430; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chezhiyasweheropasl.su; priority:1; content:"|13|chezhiyasweheropasl|02|su"; nocase; ) # developer.cdn.com.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002431; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=developer.cdn.com.kz; priority:1; content:"|09|developer|03|cdn|03|com|02|kz"; nocase; ) # diguing-store.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002432; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diguing-store.net; priority:1; content:"|0d|diguing-store|03|net"; nocase; ) # doubleglazing-perth.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002433; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=doubleglazing-perth.com.au; priority:1; content:"|13|doubleglazing-perth|03|com|02|au"; nocase; ) # duty.sitatech.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002434; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=duty.sitatech.org; priority:1; content:"|04|duty|08|sitatech|03|org"; nocase; ) # eresimgbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002435; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=eresimgbo.com; priority:1; content:"|09|eresimgbo|03|com"; nocase; ) # felceconserve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002436; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=felceconserve.com; priority:1; content:"|0d|felceconserve|03|com"; nocase; ) # finsolutions.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002437; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=finsolutions.top; priority:1; content:"|0c|finsolutions|03|top"; nocase; ) # frank1.ddf.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002438; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=frank1.ddf.al; priority:1; content:"|06|frank1|03|ddf|02|al"; nocase; ) # freelancergyn.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002439; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=freelancergyn.com.br; priority:1; content:"|0d|freelancergyn|03|com|02|br"; nocase; ) # fx45.pp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002440; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fx45.pp.ru; priority:1; content:"|04|fx45|02|pp|02|ru"; nocase; ) # grupojpdecarvalho.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002441; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=grupojpdecarvalho.com.br; priority:1; content:"|11|grupojpdecarvalho|03|com|02|br"; nocase; ) # gyodundena.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002442; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gyodundena.hotmail.ru; priority:1; content:"|0a|gyodundena|07|hotmail|02|ru"; nocase; ) # havaianasartesanais.art.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002443; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=havaianasartesanais.art.br; priority:1; content:"|13|havaianasartesanais|03|art|02|br"; nocase; ) # hui-ain-apparel.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002444; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hui-ain-apparel.tk; priority:1; content:"|0f|hui-ain-apparel|02|tk"; nocase; ) # ijoe.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002445; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ijoe.xyz; priority:1; content:"|04|ijoe|03|xyz"; nocase; ) # interlogistics.com.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002446; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=interlogistics.com.vn; priority:1; content:"|0e|interlogistics|03|com|02|vn"; nocase; ) # islenpiding.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002447; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=islenpiding.hotmail.ru; priority:1; content:"|0b|islenpiding|07|hotmail|02|ru"; nocase; ) # jazmany.cu.ma [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002448; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jazmany.cu.ma; priority:1; content:"|07|jazmany|02|cu|02|ma"; nocase; ) # junniper.mcdir.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002449; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=junniper.mcdir.ru; priority:1; content:"|08|junniper|05|mcdir|02|ru"; nocase; ) # karma-bodrum.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002450; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=karma-bodrum.com; priority:1; content:"|0c|karma-bodrum|03|com"; nocase; ) # katagi-weblogs.lolipop.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002451; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=katagi-weblogs.lolipop.jp; priority:1; content:"|0e|katagi-weblogs|07|lolipop|02|jp"; nocase; ) # kntksales.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002452; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kntksales.tk; priority:1; content:"|09|kntksales|02|tk"; nocase; ) # leaningbokubo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002453; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leaningbokubo.ru; priority:1; content:"|0d|leaningbokubo|02|ru"; nocase; ) # leon10.5gbfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002454; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leon10.5gbfree.com; priority:1; content:"|06|leon10|07|5gbfree|03|com"; nocase; ) # liveresellerweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002455; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=liveresellerweb.eu; priority:1; content:"|0f|liveresellerweb|02|eu"; nocase; ) # livinglounges.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002456; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=livinglounges.su; priority:1; content:"|0d|livinglounges|02|su"; nocase; ) # luenhinpearl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002457; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=luenhinpearl.com; priority:1; content:"|0c|luenhinpearl|03|com"; nocase; ) # machine.cu.ma [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002458; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=machine.cu.ma; priority:1; content:"|07|machine|02|cu|02|ma"; nocase; ) # megastats.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002459; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=megastats.top; priority:1; content:"|09|megastats|03|top"; nocase; ) # ns513726.ip-192-99-148.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002460; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns513726.ip-192-99-148.net; priority:1; content:"|08|ns513726|0d|ip-192-99-148|03|net"; nocase; ) # petroyeda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002461; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=petroyeda.com; priority:1; content:"|09|petroyeda|03|com"; nocase; ) # prtscrentercn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002462; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prtscrentercn.info; priority:1; content:"|0d|prtscrentercn|04|info"; nocase; ) # regame.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002463; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=regame.su; priority:1; content:"|06|regame|02|su"; nocase; ) # rexafajay.axfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002464; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rexafajay.axfree.com; priority:1; content:"|09|rexafajay|06|axfree|03|com"; nocase; ) # samoniklo.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002465; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=samoniklo.pw; priority:1; content:"|09|samoniklo|02|pw"; nocase; ) # shell-fisheries.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002466; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shell-fisheries.com; priority:1; content:"|0f|shell-fisheries|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # slot.sub-zero.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002467; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=slot.sub-zero.it; priority:1; content:"|04|slot|08|sub-zero|02|it"; nocase; ) # smartfoodsglutenfree.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002468; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=smartfoodsglutenfree.kz; priority:1; content:"|14|smartfoodsglutenfree|02|kz"; nocase; ) # storroliko.club [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002469; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=storroliko.club; priority:1; content:"|0a|storroliko|04|club"; nocase; ) # sv1.eyeonmusica.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002470; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sv1.eyeonmusica.it; priority:1; content:"|03|sv1|0b|eyeonmusica|02|it"; nocase; ) # tanthanhdanh.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002471; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tanthanhdanh.vn; priority:1; content:"|0c|tanthanhdanh|02|vn"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # techemeka.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002472; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techemeka.work; priority:1; content:"|09|techemeka|04|work"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # toneexcelgreat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002473; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=toneexcelgreat.com; priority:1; content:"|0e|toneexcelgreat|03|com"; nocase; ) # turkeyhotelnoslafas.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002474; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=turkeyhotelnoslafas.su; priority:1; content:"|13|turkeyhotelnoslafas|02|su"; nocase; ) # u8781a21.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002475; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=u8781a21.pw; priority:1; content:"|08|u8781a21|02|pw"; nocase; ) # vegantravelshow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002476; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vegantravelshow.com; priority:1; content:"|0f|vegantravelshow|03|com"; nocase; ) # villaggiodiitaici.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002477; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=villaggiodiitaici.com.br; priority:1; content:"|11|villaggiodiitaici|03|com|02|br"; nocase; ) # vuanongsan.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002478; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vuanongsan.vn; priority:1; content:"|0a|vuanongsan|02|vn"; nocase; ) # www.ipm.upel.edu.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002479; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.ipm.upel.edu.ve; priority:1; content:"|03|www|03|ipm|04|upel|03|edu|02|ve"; nocase; ) # www.jung201.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002480; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.jung201.tk; priority:1; content:"|03|www|07|jung201|02|tk"; nocase; ) # www.mauritaniecoeur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002481; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.mauritaniecoeur.org; priority:1; content:"|03|www|0f|mauritaniecoeur|03|org"; nocase; ) # www.me404.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002482; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.me404.net; priority:1; content:"|03|www|05|me404|03|net"; nocase; ) # www.teleeye.com.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002483; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.teleeye.com.ph; priority:1; content:"|03|www|07|teleeye|03|com|02|ph"; nocase; ) # 039b1ee.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002484; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=039b1ee.netsolhost.com; priority:1; content:"|07|039b1ee|0a|netsolhost|03|com"; nocase; ) # 03bbec4.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002485; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03bbec4.netsolhost.com; priority:1; content:"|07|03bbec4|0a|netsolhost|03|com"; nocase; ) # 0x.x.gg [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002486; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=0x.x.gg; priority:1; content:"|02|0x|01|x|02|gg"; nocase; ) # 54g35546-5g6hbggffhb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002487; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=54g35546-5g6hbggffhb.tk; priority:1; content:"|14|54g35546-5g6hbggffhb|02|tk"; nocase; ) # ashoesheestono.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002488; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ashoesheestono.eu; priority:1; content:"|0e|ashoesheestono|02|eu"; nocase; ) # b.1s2.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002489; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=b.1s2.in.ua; priority:1; content:"|01|b|03|1s2|02|in|02|ua"; nocase; ) # barselkab.bps.go.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002490; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=barselkab.bps.go.id; priority:1; content:"|09|barselkab|03|bps|02|go|02|id"; nocase; ) # bellinghambar.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002491; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bellinghambar.tk; priority:1; content:"|0d|bellinghambar|02|tk"; nocase; ) # bolerakopsoa.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002492; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bolerakopsoa.pw; priority:1; content:"|0c|bolerakopsoa|02|pw"; nocase; ) # bppkbsulsel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002493; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bppkbsulsel.com; priority:1; content:"|0b|bppkbsulsel|03|com"; nocase; ) # cakessolovely.ca [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002494; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cakessolovely.ca; priority:1; content:"|0d|cakessolovely|02|ca"; nocase; ) # circleread-view.com.mocha2003.mochahost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002495; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=circleread-view.com.mocha2003.mochahost.com; priority:1; content:"|0f|circleread-view|03|com|09|mocha2003|09|mochahost|03|com"; nocase; ) # cryptmyexe.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002496; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cryptmyexe.pw; priority:1; content:"|0a|cryptmyexe|02|pw"; nocase; ) # dau43vt5wtrd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002497; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dau43vt5wtrd.tk; priority:1; content:"|0c|dau43vt5wtrd|02|tk"; nocase; ) # diagnosticdubai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002498; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diagnosticdubai.com; priority:1; content:"|0f|diagnosticdubai|03|com"; nocase; ) # domifondery3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002499; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domifondery3d.com; priority:1; content:"|0d|domifondery3d|03|com"; nocase; ) # doratopelase.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002500; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=doratopelase.pw; priority:1; content:"|0c|doratopelase|02|pw"; nocase; ) # felanco.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002501; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=felanco.heliohost.org; priority:1; content:"|07|felanco|09|heliohost|03|org"; nocase; ) # foxmanwer.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002502; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=foxmanwer.pw; priority:1; content:"|09|foxmanwer|02|pw"; nocase; ) # go.everli-killz.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002503; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=go.everli-killz.xyz; priority:1; content:"|02|go|0c|everli-killz|03|xyz"; nocase; ) # hillalala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002504; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hillalala.com; priority:1; content:"|09|hillalala|03|com"; nocase; ) # iddc.co.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002505; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=iddc.co.id; priority:1; content:"|04|iddc|02|co|02|id"; nocase; ) # joyclasses.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002506; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joyclasses.eu; priority:1; content:"|0a|joyclasses|02|eu"; nocase; ) # junllian.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002507; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=junllian.net; priority:1; content:"|08|junllian|03|net"; nocase; ) # land-create.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002508; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=land-create.com; priority:1; content:"|0b|land-create|03|com"; nocase; ) # lebedev30.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002509; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lebedev30.ru; priority:1; content:"|09|lebedev30|02|ru"; nocase; ) # leo94dhgfyw-df87fb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002510; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leo94dhgfyw-df87fb.tk; priority:1; content:"|12|leo94dhgfyw-df87fb|02|tk"; nocase; ) # micheal766.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002511; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=micheal766.info; priority:1; content:"|0a|micheal766|04|info"; nocase; ) # movieofgoodies.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002512; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=movieofgoodies.kz; priority:1; content:"|0e|movieofgoodies|02|kz"; nocase; ) # mycraft.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002513; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mycraft.com.br; priority:1; content:"|07|mycraft|03|com|02|br"; nocase; ) # mygoodness.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002514; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mygoodness.in.ua; priority:1; content:"|0a|mygoodness|02|in|02|ua"; nocase; ) # nasscomminc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002515; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nasscomminc.tk; priority:1; content:"|0b|nasscomminc|02|tk"; nocase; ) # natlalirans.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002516; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=natlalirans.hotmail.ru; priority:1; content:"|0b|natlalirans|07|hotmail|02|ru"; nocase; ) # newversionpdun.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002517; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=newversionpdun.in.net; priority:1; content:"|0e|newversionpdun|02|in|03|net"; nocase; ) # ozowarac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002518; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ozowarac.com; priority:1; content:"|08|ozowarac|03|com"; nocase; ) # platinum-casino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002519; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=platinum-casino.ru; priority:1; content:"|0f|platinum-casino|02|ru"; nocase; ) # prosmile.net.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002520; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prosmile.net.au; priority:1; content:"|08|prosmile|03|net|02|au"; nocase; ) # prtscrinsertcn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002521; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prtscrinsertcn.net; priority:1; content:"|0e|prtscrinsertcn|03|net"; nocase; ) # rarabarnfi.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002522; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rarabarnfi.hotmail.ru; priority:1; content:"|0a|rarabarnfi|07|hotmail|02|ru"; nocase; ) # securetalk.cwsurf.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002523; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=securetalk.cwsurf.de; priority:1; content:"|0a|securetalk|06|cwsurf|02|de"; nocase; ) # shadowraze.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002524; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shadowraze.pw; priority:1; content:"|0a|shadowraze|02|pw"; nocase; ) # spacco-inc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002525; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spacco-inc.com; priority:1; content:"|0a|spacco-inc|03|com"; nocase; ) # sparrow-cap-manufacturer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002526; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sparrow-cap-manufacturer.com; priority:1; content:"|18|sparrow-cap-manufacturer|03|com"; nocase; ) # speroni.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002527; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=speroni.pw; priority:1; content:"|07|speroni|02|pw"; nocase; ) # sro.giuseppemarotta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002528; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sro.giuseppemarotta.com; priority:1; content:"|03|sro|0f|giuseppemarotta|03|com"; nocase; ) # stats.lead.mysitehosted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002529; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=stats.lead.mysitehosted.com; priority:1; content:"|05|stats|04|lead|0c|mysitehosted|03|com"; nocase; ) # sus.nieuwmoer.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002530; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sus.nieuwmoer.info; priority:1; content:"|03|sus|09|nieuwmoer|04|info"; nocase; ) # tech-dan.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002531; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tech-dan.xyz; priority:1; content:"|08|tech-dan|03|xyz"; nocase; ) # techmag.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002532; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techmag.space; priority:1; content:"|07|techmag|05|space"; nocase; ) # techmaha.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002533; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techmaha.pw; priority:1; content:"|08|techmaha|02|pw"; nocase; ) # teeth.co.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002534; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=teeth.co.jp; priority:1; content:"|05|teeth|02|co|02|jp"; nocase; ) # traveller.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002535; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=traveller.to; priority:1; content:"|09|traveller|02|to"; nocase; ) # ukabenerji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002536; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ukabenerji.com; priority:1; content:"|0a|ukabenerji|03|com"; nocase; ) # waserazer.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002537; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=waserazer.pw; priority:1; content:"|09|waserazer|02|pw"; nocase; ) # wayufilm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002538; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wayufilm.com; priority:1; content:"|08|wayufilm|03|com"; nocase; ) # webpowerstudio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002539; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=webpowerstudio.com; priority:1; content:"|0e|webpowerstudio|03|com"; nocase; ) # www.02level.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002540; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.02level.tk; priority:1; content:"|03|www|07|02level|02|tk"; nocase; ) # www.antibasic.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002541; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.antibasic.ga; priority:1; content:"|03|www|09|antibasic|02|ga"; nocase; ) # www.egypt-dream.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002542; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.egypt-dream.net; priority:1; content:"|03|www|0b|egypt-dream|03|net"; nocase; ) # www.mikewine.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002543; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.mikewine.tk; priority:1; content:"|03|www|08|mikewine|02|tk"; nocase; ) # www.ohimmades.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002544; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.ohimmades.pw; priority:1; content:"|03|www|09|ohimmades|02|pw"; nocase; ) # www.sofishome.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002545; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.sofishome.com.mx; priority:1; content:"|03|www|09|sofishome|03|com|02|mx"; nocase; ) # www.vhvn.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002546; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.vhvn.vn; priority:1; content:"|03|www|04|vhvn|02|vn"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # akdenizklima.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002547; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=akdenizklima.com.tr; priority:1; content:"|0c|akdenizklima|03|com|02|tr"; nocase; ) # alexiscorp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002548; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=alexiscorp.com; priority:1; content:"|0a|alexiscorp|03|com"; nocase; ) # analiticwebexperience.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002549; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=analiticwebexperience.com; priority:1; content:"|15|analiticwebexperience|03|com"; nocase; ) # aquaremedialworks.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002550; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=aquaremedialworks.com.au; priority:1; content:"|11|aquaremedialworks|03|com|02|au"; nocase; ) # baliwag.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002551; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=baliwag.xyz; priority:1; content:"|07|baliwag|03|xyz"; nocase; ) # bibrath.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002552; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bibrath.eu; priority:1; content:"|07|bibrath|02|eu"; nocase; ) # bitcointalks.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002553; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bitcointalks.info; priority:1; content:"|0c|bitcointalks|04|info"; nocase; ) # bots.configbinbots.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002554; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bots.configbinbots.info; priority:1; content:"|04|bots|0d|configbinbots|04|info"; nocase; ) # branchtist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002555; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=branchtist.com; priority:1; content:"|0a|branchtist|03|com"; nocase; ) # bytes.darktech.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002556; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bytes.darktech.org; priority:1; content:"|05|bytes|08|darktech|03|org"; nocase; ) # canadianonlineagreementservices.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002557; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=canadianonlineagreementservices.kz; priority:1; content:"|1f|canadianonlineagreementservices|02|kz"; nocase; ) # chat.altacom.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002558; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chat.altacom.it; priority:1; content:"|04|chat|07|altacom|02|it"; nocase; ) # classicalbitu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002559; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=classicalbitu.com; priority:1; content:"|0d|classicalbitu|03|com"; nocase; ) # cosmosdady.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002560; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cosmosdady.su; priority:1; content:"|0a|cosmosdady|02|su"; nocase; ) # cy-m0ld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002561; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cy-m0ld.com; priority:1; content:"|07|cy-m0ld|03|com"; nocase; ) # cynthialemos1225.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002562; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cynthialemos1225.ddns.net; priority:1; content:"|10|cynthialemos1225|04|ddns|03|net"; nocase; ) # depolakoeasre.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002563; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=depolakoeasre.pw; priority:1; content:"|0d|depolakoeasre|02|pw"; nocase; ) # diabetespal.ps [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002564; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diabetespal.ps; priority:1; content:"|0b|diabetespal|02|ps"; nocase; ) # dino1.ddf.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002565; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dino1.ddf.al; priority:1; content:"|05|dino1|03|ddf|02|al"; nocase; ) # domnicpeter.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002566; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domnicpeter.in.net; priority:1; content:"|0b|domnicpeter|02|in|03|net"; nocase; ) # elta-th.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002567; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=elta-th.com; priority:1; content:"|07|elta-th|03|com"; nocase; ) # enginbilgidenizi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002568; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=enginbilgidenizi.com; priority:1; content:"|10|enginbilgidenizi|03|com"; nocase; ) # extremesports.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002569; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=extremesports.kz; priority:1; content:"|0d|extremesports|02|kz"; nocase; ) # ganhedwakar.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002570; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ganhedwakar.tk; priority:1; content:"|0b|ganhedwakar|02|tk"; nocase; ) # googlepetkavanis4.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002571; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=googlepetkavanis4.pw; priority:1; content:"|11|googlepetkavanis4|02|pw"; nocase; ) # gpdi-lippocikarang.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002572; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gpdi-lippocikarang.com; priority:1; content:"|12|gpdi-lippocikarang|03|com"; nocase; ) # grupocava-mx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002573; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=grupocava-mx.com; priority:1; content:"|0c|grupocava-mx|03|com"; nocase; ) # homedeco.com.bo [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002574; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=homedeco.com.bo; priority:1; content:"|08|homedeco|03|com|02|bo"; nocase; ) # honestme.com.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002575; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=honestme.com.ua; priority:1; content:"|08|honestme|03|com|02|ua"; nocase; ) # host1.swenabler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002576; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=host1.swenabler.com; priority:1; content:"|05|host1|09|swenabler|03|com"; nocase; ) # hotelavalon.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002577; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hotelavalon.org; priority:1; content:"|0b|hotelavalon|03|org"; nocase; ) # hyperbolic.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002578; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hyperbolic.tk; priority:1; content:"|0a|hyperbolic|02|tk"; nocase; ) # ingenicopads.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002579; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ingenicopads.kz; priority:1; content:"|0c|ingenicopads|02|kz"; nocase; ) # japanparts.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002580; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=japanparts.pw; priority:1; content:"|0a|japanparts|02|pw"; nocase; ) # jomo.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002581; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jomo.in.ua; priority:1; content:"|04|jomo|02|in|02|ua"; nocase; ) # khoangiengthutiep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002582; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=khoangiengthutiep.com; priority:1; content:"|11|khoangiengthutiep|03|com"; nocase; ) # kw34h-lithi-owo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002583; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kw34h-lithi-owo.tk; priority:1; content:"|0f|kw34h-lithi-owo|02|tk"; nocase; ) # mailslots.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002584; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mailslots.top; priority:1; content:"|09|mailslots|03|top"; nocase; ) # mm266.bplaced.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002585; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mm266.bplaced.com; priority:1; content:"|05|mm266|07|bplaced|03|com"; nocase; ) # naijabids.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002586; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=naijabids.co.uk; priority:1; content:"|09|naijabids|02|co|02|uk"; nocase; ) # nonstopeddanceraz.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002587; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nonstopeddanceraz.su; priority:1; content:"|11|nonstopeddanceraz|02|su"; nocase; ) # ns511849.ip-192-99-19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002588; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns511849.ip-192-99-19.net; priority:1; content:"|08|ns511849|0c|ip-192-99-19|03|net"; nocase; ) # programtotalatoma.esy.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002589; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=programtotalatoma.esy.es; priority:1; content:"|11|programtotalatoma|03|esy|02|es"; nocase; ) # pureescents.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002590; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pureescents.com.au; priority:1; content:"|0b|pureescents|03|com|02|au"; nocase; ) # regsways.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002591; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=regsways.top; priority:1; content:"|08|regsways|03|top"; nocase; ) # rfvn.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002592; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rfvn.vn; priority:1; content:"|04|rfvn|02|vn"; nocase; ) # rhwndkf45.codns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002593; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rhwndkf45.codns.com; priority:1; content:"|09|rhwndkf45|05|codns|03|com"; nocase; ) # ricasad.sx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002594; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ricasad.sx; priority:1; content:"|07|ricasad|02|sx"; nocase; ) # s1.eyeonmusica.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002595; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=s1.eyeonmusica.it; priority:1; content:"|02|s1|0b|eyeonmusica|02|it"; nocase; ) # sandokan66.no-ip.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002596; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sandokan66.no-ip.info; priority:1; content:"|0a|sandokan66|05|no-ip|04|info"; nocase; ) # secure.lynxbowlingservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002597; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=secure.lynxbowlingservices.com; priority:1; content:"|06|secure|13|lynxbowlingservices|03|com"; nocase; ) # securetestingnetwotk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002598; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=securetestingnetwotk.com; priority:1; content:"|14|securetestingnetwotk|03|com"; nocase; ) # seqwcs.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002599; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=seqwcs.com.au; priority:1; content:"|06|seqwcs|03|com|02|au"; nocase; ) # shaktitextileengr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002600; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shaktitextileengr.com; priority:1; content:"|11|shaktitextileengr|03|com"; nocase; ) # spartanr.5gbfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002601; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spartanr.5gbfree.com; priority:1; content:"|08|spartanr|07|5gbfree|03|com"; nocase; ) # systemscfg.olympe.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002602; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=systemscfg.olympe.in; priority:1; content:"|0a|systemscfg|06|olympe|02|in"; nocase; ) # tekadrian.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002603; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekadrian.pro; priority:1; content:"|09|tekadrian|03|pro"; nocase; ) # tekadrian.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002604; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekadrian.xyz; priority:1; content:"|09|tekadrian|03|xyz"; nocase; ) # telefonfiyatlari.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002605; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=telefonfiyatlari.org; priority:1; content:"|10|telefonfiyatlari|03|org"; nocase; ) # tesab.org.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002606; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tesab.org.uk; priority:1; content:"|05|tesab|03|org|02|uk"; nocase; ) # updateacces.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002607; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=updateacces.org; priority:1; content:"|0b|updateacces|03|org"; nocase; ) # uptight.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002608; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=uptight.su; priority:1; content:"|07|uptight|02|su"; nocase; ) # valdmir.noriysha.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002609; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=valdmir.noriysha.ru; priority:1; content:"|07|valdmir|08|noriysha|02|ru"; nocase; ) # valntooglesakrundigk.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002610; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=valntooglesakrundigk.pw; priority:1; content:"|14|valntooglesakrundigk|02|pw"; nocase; ) # vankapetkavanis4.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002611; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vankapetkavanis4.pw; priority:1; content:"|10|vankapetkavanis4|02|pw"; nocase; ) # wasabi.mine.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002612; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wasabi.mine.nu; priority:1; content:"|06|wasabi|04|mine|02|nu"; nocase; ) # web-tv-production.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002613; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=web-tv-production.fr; priority:1; content:"|11|web-tv-production|02|fr"; nocase; ) # www.angelyard.com.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002614; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.angelyard.com.hk; priority:1; content:"|03|www|09|angelyard|03|com|02|hk"; nocase; ) # www.basecinco.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002615; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.basecinco.com.ar; priority:1; content:"|03|www|09|basecinco|03|com|02|ar"; nocase; ) # www.changeexchange2.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002616; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.changeexchange2.ru; priority:1; content:"|03|www|0f|changeexchange2|02|ru"; nocase; ) # www.cpro.moscow [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002617; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.cpro.moscow; priority:1; content:"|03|www|04|cpro|06|moscow"; nocase; ) # www.creativequilts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002618; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.creativequilts.net; priority:1; content:"|03|www|0e|creativequilts|03|net"; nocase; ) # www.demexsoft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002619; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.demexsoft.com; priority:1; content:"|03|www|09|demexsoft|03|com"; nocase; ) # www.dphcustompins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002620; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.dphcustompins.com; priority:1; content:"|03|www|0d|dphcustompins|03|com"; nocase; ) # www.impm.upel.edu.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002621; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.impm.upel.edu.ve; priority:1; content:"|03|www|04|impm|04|upel|03|edu|02|ve"; nocase; ) # www.kasaraomoveis.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002622; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.kasaraomoveis.com.br; priority:1; content:"|03|www|0d|kasaraomoveis|03|com|02|br"; nocase; ) # www.orquestanacaona.cult.cu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002623; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.orquestanacaona.cult.cu; priority:1; content:"|03|www|0f|orquestanacaona|04|cult|02|cu"; nocase; ) # www.tekyalhaja.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002624; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.tekyalhaja.xyz; priority:1; content:"|03|www|0a|tekyalhaja|03|xyz"; nocase; ) # www.webos.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002625; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.webos.in; priority:1; content:"|03|www|05|webos|02|in"; nocase; ) # xclones.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002626; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xclones.in.net; priority:1; content:"|07|xclones|02|in|03|net"; nocase; ) # yahoo-action.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002627; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=yahoo-action.com; priority:1; content:"|0c|yahoo-action|03|com"; nocase; ) # zs.technogatti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002628; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zs.technogatti.com; priority:1; content:"|02|zs|0b|technogatti|03|com"; nocase; ) # 03a6b7a.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002629; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03a6b7a.netsolhost.com; priority:1; content:"|07|03a6b7a|0a|netsolhost|03|com"; nocase; ) # actdhaka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002630; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=actdhaka.com; priority:1; content:"|08|actdhaka|03|com"; nocase; ) # aljazeera.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002631; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=aljazeera.kz; priority:1; content:"|09|aljazeera|02|kz"; nocase; ) # apple-trusted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002632; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=apple-trusted.com; priority:1; content:"|0d|apple-trusted|03|com"; nocase; ) # beatyhousesupporte.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002633; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=beatyhousesupporte.su; priority:1; content:"|12|beatyhousesupporte|02|su"; nocase; ) # bitters.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002634; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bitters.su; priority:1; content:"|07|bitters|02|su"; nocase; ) # bl1nqz8yrf7tgdsq.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002635; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bl1nqz8yrf7tgdsq.tk; priority:1; content:"|10|bl1nqz8yrf7tgdsq|02|tk"; nocase; ) # bocaautocenters.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002636; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bocaautocenters.com; priority:1; content:"|0f|bocaautocenters|03|com"; nocase; ) # bqtest2.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002637; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bqtest2.ru; priority:1; content:"|07|bqtest2|02|ru"; nocase; ) # brothersmt2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002638; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=brothersmt2.tk; priority:1; content:"|0b|brothersmt2|02|tk"; nocase; ) # burgerspendingbusiness.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002639; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=burgerspendingbusiness.kz; priority:1; content:"|16|burgerspendingbusiness|02|kz"; nocase; ) # chhathpuja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002640; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chhathpuja.com; priority:1; content:"|0a|chhathpuja|03|com"; nocase; ) # codebacktowork2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002641; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=codebacktowork2.tk; priority:1; content:"|0f|codebacktowork2|02|tk"; nocase; ) # corefwdgroup.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002642; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=corefwdgroup.tk; priority:1; content:"|0c|corefwdgroup|02|tk"; nocase; ) # cp53091.cloudhosting.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002643; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cp53091.cloudhosting.lv; priority:1; content:"|07|cp53091|0c|cloudhosting|02|lv"; nocase; ) # cscomnsinc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002644; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cscomnsinc.tk; priority:1; content:"|0a|cscomnsinc|02|tk"; nocase; ) # cupomkinghost.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002645; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cupomkinghost.com.br; priority:1; content:"|0d|cupomkinghost|03|com|02|br"; nocase; ) # cybernet.uz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002646; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cybernet.uz; priority:1; content:"|08|cybernet|02|uz"; nocase; ) # dejavu-now.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002647; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dejavu-now.tk; priority:1; content:"|0a|dejavu-now|02|tk"; nocase; ) # derma-fusion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002648; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=derma-fusion.com; priority:1; content:"|0c|derma-fusion|03|com"; nocase; ) # dileconme.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002649; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dileconme.hotmail.ru; priority:1; content:"|09|dileconme|07|hotmail|02|ru"; nocase; ) # emaillifecoaching.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002650; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=emaillifecoaching.com.au; priority:1; content:"|11|emaillifecoaching|03|com|02|au"; nocase; ) # fadzulani.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002651; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fadzulani.com; priority:1; content:"|09|fadzulani|03|com"; nocase; ) # franka.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002652; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=franka.in.net; priority:1; content:"|06|franka|02|in|03|net"; nocase; ) # galataiplik.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002653; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=galataiplik.com.tr; priority:1; content:"|0b|galataiplik|03|com|02|tr"; nocase; ) # galaxystarshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002654; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=galaxystarshop.com; priority:1; content:"|0e|galaxystarshop|03|com"; nocase; ) # graysstonofices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002655; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=graysstonofices.com; priority:1; content:"|0f|graysstonofices|03|com"; nocase; ) # guatemalavisible.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002656; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=guatemalavisible.net; priority:1; content:"|10|guatemalavisible|03|net"; nocase; ) # haksuara.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002657; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=haksuara.com; priority:1; content:"|08|haksuara|03|com"; nocase; ) # holydoome.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002658; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=holydoome.co.uk; priority:1; content:"|09|holydoome|02|co|02|uk"; nocase; ) # iltempo.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002659; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=iltempo.com.au; priority:1; content:"|07|iltempo|03|com|02|au"; nocase; ) # joejdbjrmrkklfnmf.usr.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002660; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joejdbjrmrkklfnmf.usr.me; priority:1; content:"|11|joejdbjrmrkklfnmf|03|usr|02|me"; nocase; ) # kintapa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002661; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kintapa.com; priority:1; content:"|07|kintapa|03|com"; nocase; ) # kudrnwosas.faith [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002662; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kudrnwosas.faith; priority:1; content:"|0a|kudrnwosas|05|faith"; nocase; ) # lasnetlk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002663; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lasnetlk.co.uk; priority:1; content:"|08|lasnetlk|02|co|02|uk"; nocase; ) # lavormakina.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002664; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lavormakina.com; priority:1; content:"|0b|lavormakina|03|com"; nocase; ) # links.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002665; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=links.heliohost.org; priority:1; content:"|05|links|09|heliohost|03|org"; nocase; ) # mapsresearch.ca [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002666; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mapsresearch.ca; priority:1; content:"|0c|mapsresearch|02|ca"; nocase; ) # molowo.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002667; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=molowo.in.ua; priority:1; content:"|06|molowo|02|in|02|ua"; nocase; ) # moviepaidinfullsexy.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002668; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=moviepaidinfullsexy.kz; priority:1; content:"|13|moviepaidinfullsexy|02|kz"; nocase; ) # muazymaur.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002669; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=muazymaur.tk; priority:1; content:"|09|muazymaur|02|tk"; nocase; ) # naaninggeschcho.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002670; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=naaninggeschcho.hotmail.ru; priority:1; content:"|0f|naaninggeschcho|07|hotmail|02|ru"; nocase; ) # nancycemt1225.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002671; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nancycemt1225.ddns.net; priority:1; content:"|0d|nancycemt1225|04|ddns|03|net"; nocase; ) # neorandom.dothome.co.kr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002672; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=neorandom.dothome.co.kr; priority:1; content:"|09|neorandom|07|dothome|02|co|02|kr"; nocase; ) # pedropedreiromoxik.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002673; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pedropedreiromoxik.su; priority:1; content:"|12|pedropedreiromoxik|02|su"; nocase; ) # pharirgatic.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002674; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pharirgatic.hotmail.ru; priority:1; content:"|0b|pharirgatic|07|hotmail|02|ru"; nocase; ) # poolkingsthailand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002675; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=poolkingsthailand.com; priority:1; content:"|11|poolkingsthailand|03|com"; nocase; ) # preapprovedloansoffline.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002676; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=preapprovedloansoffline.kz; priority:1; content:"|17|preapprovedloansoffline|02|kz"; nocase; ) # preapprovedloansonline.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002677; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=preapprovedloansonline.kz; priority:1; content:"|16|preapprovedloansonline|02|kz"; nocase; ) # renasup-nord-de-france.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002678; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=renasup-nord-de-france.fr; priority:1; content:"|16|renasup-nord-de-france|02|fr"; nocase; ) # robertstolpe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002679; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=robertstolpe.com; priority:1; content:"|0c|robertstolpe|03|com"; nocase; ) # rsslessons.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002680; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rsslessons.su; priority:1; content:"|0a|rsslessons|02|su"; nocase; ) # sanyai-love.rmu.ac.th [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002681; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sanyai-love.rmu.ac.th; priority:1; content:"|0b|sanyai-love|03|rmu|02|ac|02|th"; nocase; ) # secufast.bplaced.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002682; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=secufast.bplaced.net; priority:1; content:"|08|secufast|07|bplaced|03|net"; nocase; ) # slivoratikam.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002683; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=slivoratikam.pw; priority:1; content:"|0c|slivoratikam|02|pw"; nocase; ) # solubaba.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002684; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=solubaba.tk; priority:1; content:"|08|solubaba|02|tk"; nocase; ) # sslsam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002685; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sslsam.com; priority:1; content:"|06|sslsam|03|com"; nocase; ) # suryapolix.club [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002686; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=suryapolix.club; priority:1; content:"|0a|suryapolix|04|club"; nocase; ) # svitor.hostev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002687; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=svitor.hostev.net; priority:1; content:"|06|svitor|06|hostev|03|net"; nocase; ) # techakym.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002688; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techakym.pw; priority:1; content:"|08|techakym|02|pw"; nocase; ) # tekcharles.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002689; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekcharles.xyz; priority:1; content:"|0a|tekcharles|03|xyz"; nocase; ) # tekjoe.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002690; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekjoe.space; priority:1; content:"|06|tekjoe|05|space"; nocase; ) # teksoft.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002691; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=teksoft.pro; priority:1; content:"|07|teksoft|03|pro"; nocase; ) # toolsathomes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002692; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=toolsathomes.com; priority:1; content:"|0c|toolsathomes|03|com"; nocase; ) # tosh.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002693; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tosh.com.au; priority:1; content:"|04|tosh|03|com|02|au"; nocase; ) # trust-s-b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002694; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=trust-s-b.com; priority:1; content:"|09|trust-s-b|03|com"; nocase; ) # tt.onmypc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002695; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tt.onmypc.org; priority:1; content:"|02|tt|06|onmypc|03|org"; nocase; ) # u0003321.cp.regruhosting.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002696; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=u0003321.cp.regruhosting.ru; priority:1; content:"|08|u0003321|02|cp|0c|regruhosting|02|ru"; nocase; ) # vashadvokat.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002697; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vashadvokat.in.ua; priority:1; content:"|0b|vashadvokat|02|in|02|ua"; nocase; ) # winhelptech.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002698; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=winhelptech.xyz; priority:1; content:"|0b|winhelptech|03|xyz"; nocase; ) # wvin.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002699; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wvin.su; priority:1; content:"|04|wvin|02|su"; nocase; ) # www.chrischapmanhair.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002700; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.chrischapmanhair.co.uk; priority:1; content:"|03|www|10|chrischapmanhair|02|co|02|uk"; nocase; ) # www.dracotec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002701; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.dracotec.org; priority:1; content:"|03|www|08|dracotec|03|org"; nocase; ) # www.nikey.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002702; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.nikey.cn; priority:1; content:"|03|www|05|nikey|02|cn"; nocase; ) # www.pizzachezmichel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002703; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.pizzachezmichel.com; priority:1; content:"|03|www|0f|pizzachezmichel|03|com"; nocase; ) # www.rimmugygur.is [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002704; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.rimmugygur.is; priority:1; content:"|03|www|0a|rimmugygur|02|is"; nocase; ) # www.stroiclimat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002705; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.stroiclimat.ru; priority:1; content:"|03|www|0b|stroiclimat|02|ru"; nocase; ) # ya-aaaa123123.myjino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002706; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ya-aaaa123123.myjino.ru; priority:1; content:"|0d|ya-aaaa123123|06|myjino|02|ru"; nocase; ) # chemicalguysmexico.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002707; reference:url,www.spamhaus.org/query/dbl?domain=www.chemicalguysmexico.com.mx; priority:1; content:"|12|chemicalguysmexico|03|com|02|mx"; nocase; ) # vk.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002708; reference:url,www.spamhaus.org/query/dbl?domain=vk.me; priority:1; content:"|02|vk|02|me"; nocase; ) # bulkemailseller.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002709; reference:url,www.spamhaus.org/query/dbl?domain=bulkemailseller.com; priority:1; content:"|0f|bulkemailseller|03|com"; nocase; ) # onlinux-it.setupdns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002710; reference:url,www.spamhaus.org/query/dbl?domain=www.coffeeguru.it; priority:1; content:"|0a|onlinux-it|08|setupdns|03|net"; nocase; ) # cefix.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002711; reference:url,www.spamhaus.org/query/dbl?domain=www.cefix.com.tr; priority:1; content:"|05|cefix|03|com|02|tr"; nocase; ) # comprasonlinemiami.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002712; reference:url,www.spamhaus.org/query/dbl?domain=comprasonlinemiami.com; priority:1; content:"|12|comprasonlinemiami|03|com"; nocase; ) # freedom.ns.tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002713; reference:url,www.spamhaus.org/query/dbl?domain=freedom.ns.tinyurl.com; priority:1; content:"|07|freedom|02|ns|07|tinyurl|03|com"; nocase; ) # revolution.ns.tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002714; reference:url,www.spamhaus.org/query/dbl?domain=revolution.ns.tinyurl.com; priority:1; content:"|0a|revolution|02|ns|07|tinyurl|03|com"; nocase; ) # ns2.heaventreewebhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002715; reference:url,www.spamhaus.org/query/dbl?domain=ns2.heaventreewebhost.com; priority:1; content:"|03|ns2|11|heaventreewebhost|03|com"; nocase; ) # ssaua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002716; reference:url,www.spamhaus.org/query/dbl?domain=ssaua.org; priority:1; content:"|05|ssaua|03|org"; nocase; ) # investment-cloud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002717; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|10|investment-cloud|03|com"; nocase; ) # pckffwcqdebn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002718; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|pckffwcqdebn|03|com"; nocase; ) # piwxvumpyptp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002719; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|piwxvumpyptp|03|com"; nocase; ) # qubrrfmnwtqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002720; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|qubrrfmnwtqf|03|com"; nocase; ) # receptionassist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002721; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|0f|receptionassist|03|com"; nocase; ) # www.tuedo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002722; reference:url,www.spamhaus.org/query/dbl?domain=www.tuedo.co.uk; priority:1; content:"|03|www|05|tuedo|02|co|02|uk"; nocase; ) # lyset.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002723; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyset|02|eu"; nocase; ) # acosas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002724; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|acosas|03|com"; nocase; ) # sharpcluster.lidhostingservice.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002725; reference:url,www.spamhaus.org/query/dbl?domain=sharpcluster.lidhostingservice.net; priority:1; content:"|0c|sharpcluster|11|lidhostingservice|03|net"; nocase; ) # fallgift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002726; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|fallgift|03|net"; nocase; ) # foreignobject.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002727; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|foreignobject|03|net"; nocase; ) # machinestation.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002728; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0e|machinestation|03|net"; nocase; ) # takeover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002729; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|takeover|03|net"; nocase; ) # toreserve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002730; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|toreserve|03|net"; nocase; ) # yourhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002731; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|yourhouse|03|net"; nocase; ) # englishspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002732; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|englishspace|03|net"; nocase; ) # familytravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002733; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|familytravel|03|net"; nocase; ) # lrstnpeace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002734; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|lrstnpeace|03|net"; nocase; ) # righttravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002735; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|righttravel|03|net"; nocase; ) # takehome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002736; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|takehome|03|net"; nocase; ) # weeklive.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002737; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|weeklive|03|net"; nocase; ) # yourgold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002738; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourgold|03|net"; nocase; ) # childrenspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002739; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|childrenspace|03|net"; nocase; ) # learnover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002740; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|learnover|03|net"; nocase; ) # learnserve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002741; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|learnserve|03|net"; nocase; ) # picturestation.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002742; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0e|picturestation|03|net"; nocase; ) # yourhome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002743; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourhome|03|net"; nocase; ) # yourpeace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002744; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|yourpeace|03|net"; nocase; ) # foreigntravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002745; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|foreigntravel|03|net"; nocase; ) # personchildhood.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002746; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0f|personchildhood|03|net"; nocase; ) # planthome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002747; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|planthome|03|net"; nocase; ) # planthouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002748; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|planthouse|03|net"; nocase; ) # rightspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002749; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|rightspace|03|net"; nocase; ) # toreover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002750; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|toreover|03|net"; nocase; ) # verygold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002751; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|verygold|03|net"; nocase; ) # viewhome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002752; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|viewhome|03|net"; nocase; ) # viewhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002753; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|viewhouse|03|net"; nocase; ) # yourgift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002754; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourgift|03|net"; nocase; ) # k0sda8gh1bu0un5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002755; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|k0sda8gh1bu0un5|04|ddns|03|net"; nocase; ) # figuretravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002756; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|figuretravel|03|net"; nocase; ) # muchhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002757; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|muchhouse|03|net"; nocase; ) # takehouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002758; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|takehouse|03|net"; nocase; ) # tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002759; reference:url,www.spamhaus.org/query/dbl?domain=tinyurl.com; priority:1; content:"|07|tinyurl|03|com"; nocase; ) # kunfpuqcsyd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002760; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|kunfpuqcsyd|02|ru"; nocase; ) # ohplsuljopekq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002761; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ohplsuljopekq|03|biz"; nocase; ) # pbkdlfhspepj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002762; reference:url,www.spamhaus.org/query/dbl?domain=pbkdlfhspepj.com; priority:1; content:"|0c|pbkdlfhspepj|03|com"; nocase; ) # ns2.bwreg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002763; reference:url,www.spamhaus.org/query/dbl?domain=ns2.bwreg.com; priority:1; content:"|03|ns2|05|bwreg|03|com"; nocase; ) # gwfxxliquuhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002764; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|gwfxxliquuhf|03|com"; nocase; ) # purel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002765; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purel|02|eu"; nocase; ) # lyrex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002766; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyrex|02|eu"; nocase; ) # lyran.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002767; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyran|02|eu"; nocase; ) # rninnvvfsbok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002768; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|rninnvvfsbok|03|biz"; nocase; ) # dckdcpmdnnoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002769; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dckdcpmdnnoo|03|com"; nocase; ) # jiilkunuxyxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002770; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jiilkunuxyxx|03|com"; nocase; ) # lykil.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002771; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lykil|02|eu"; nocase; ) # mabus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002772; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mabus|02|eu"; nocase; ) # lygysij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002773; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lygysij|03|com"; nocase; ) # deepearth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002774; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|deepearth|03|net"; nocase; ) # gfellcoxdeyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002775; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|gfellcoxdeyt|03|com"; nocase; ) # nvfitloxipni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002776; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nvfitloxipni|03|biz"; nocase; ) # hcufggldtxgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002777; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|hcufggldtxgm|03|biz"; nocase; ) # hncnnipijmlg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002778; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|hncnnipijmlg|03|org"; nocase; ) # jixxuvuexcmv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002779; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jixxuvuexcmv|03|com"; nocase; ) # nrotuvokihgl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002780; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nrotuvokihgl|03|biz"; nocase; ) # dctltffbvswt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002781; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dctltffbvswt|03|com"; nocase; ) # dqfuxkhijorq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002782; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dqfuxkhijorq|03|com"; nocase; ) # dufeloolteuv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002783; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dufeloolteuv|03|biz"; nocase; ) # jisrupdykdeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002784; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jisrupdykdeb|03|com"; nocase; ) # mdqjmwvqtsjk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002785; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mdqjmwvqtsjk|03|biz"; nocase; ) # ufvifsopgbbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002786; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ufvifsopgbbm|03|com"; nocase; ) # wghkbbreemmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002787; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wghkbbreemmn|03|com"; nocase; ) # communication.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002788; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|0d|communication|03|com"; nocase; ) # epxwwgbqwliy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002789; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|epxwwgbqwliy|03|com"; nocase; ) # kviynoppvwwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002790; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|kviynoppvwwc|03|com"; nocase; ) # lkonelxuvmlk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002791; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lkonelxuvmlk|03|com"; nocase; ) # ovrqxskrtglh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002792; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ovrqxskrtglh|03|com"; nocase; ) # bbrutcnbglij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002793; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|bbrutcnbglij|03|com"; nocase; ) # dwhxopmcgpix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002794; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dwhxopmcgpix|03|com"; nocase; ) # vstgbqpqtsnm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002795; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|vstgbqpqtsnm|03|com"; nocase; ) # vwpuvcbedcjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002796; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|vwpuvcbedcjd|03|biz"; nocase; ) # ddvfmhsjirfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002797; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ddvfmhsjirfs|03|com"; nocase; ) # enutltmpiixg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002798; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|enutltmpiixg|03|com"; nocase; ) # jyxqfghympqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002799; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jyxqfghympqu|03|biz"; nocase; ) # lhcnxovuhhcc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002800; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lhcnxovuhhcc|03|biz"; nocase; ) # lllplpphbcpq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002801; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lllplpphbcpq|03|com"; nocase; ) # lxtssopmjtfj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002802; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lxtssopmjtfj|03|biz"; nocase; ) # mlotpqnlkfpb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002803; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mlotpqnlkfpb|03|com"; nocase; ) # nlwwssqnenwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002804; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nlwwssqnenwo|03|biz"; nocase; ) # nnnohofnmngs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002805; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nnnohofnmngs|03|com"; nocase; ) # nshbmqihoqdn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002806; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nshbmqihoqdn|03|net"; nocase; ) # veswvrkdsboo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002807; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|veswvrkdsboo|03|com"; nocase; ) # wirflltwfnee.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002808; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wirflltwfnee|02|ru"; nocase; ) # wnnhwvdxxhop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002809; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wnnhwvdxxhop|03|biz"; nocase; ) # wpovemncrgcy.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002810; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wpovemncrgcy|03|xyz"; nocase; ) # ynidxudlckkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002811; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ynidxudlckkr|03|com"; nocase; ) # investment-ready.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002812; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|10|investment-ready|03|com"; nocase; ) # cbggtmpgovbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002813; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|cbggtmpgovbj|03|com"; nocase; ) # ddwkclunmeeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002814; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ddwkclunmeeq|03|com"; nocase; ) # effcjjkeeekp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002815; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|effcjjkeeekp|03|com"; nocase; ) # mlidkpydnwcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002816; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mlidkpydnwcx|03|com"; nocase; ) # segpdhcssteq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002817; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|segpdhcssteq|03|com"; nocase; ) # yqdtemmxurjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002818; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|yqdtemmxurjn|03|com"; nocase; ) # pgahbyurf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002819; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|pgahbyurf|03|com"; nocase; ) # anxsmqyfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002820; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|anxsmqyfy|03|com"; nocase; ) # fidjlfphserhycexjhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002821; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|13|fidjlfphserhycexjhf|03|com"; nocase; ) # ubgjsqkad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002822; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|ubgjsqkad|03|com"; nocase; ) # lkmlcore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002823; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|lkmlcore|03|com"; nocase; ) # oaifpapl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002824; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|oaifpapl|03|com"; nocase; ) # flkheyxtcedehipox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002825; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|11|flkheyxtcedehipox|03|com"; nocase; ) # havonolwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002826; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|havonolwc|03|com"; nocase; ) # lbdlmcmfuinc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002827; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|0c|lbdlmcmfuinc|03|com"; nocase; ) # cxatodxefolgkokdqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002828; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|12|cxatodxefolgkokdqy|03|com"; nocase; ) # mtankfqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002829; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|mtankfqv|03|com"; nocase; ) # nkootxbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002830; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|nkootxbt|03|com"; nocase; ) # vupkimcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002831; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|vupkimcu|03|com"; nocase; ) # wcqqjiixqutt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002832; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|0c|wcqqjiixqutt|03|com"; nocase; ) # bovet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002833; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bovet|02|eu"; nocase; ) # cityhut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002834; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|cityhut|03|com"; nocase; ) # foden.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002835; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foden|02|eu"; nocase; ) # foqus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002836; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foqus|02|eu"; nocase; ) # foton.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002837; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foton|02|eu"; nocase; ) # gadap.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002838; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadap|02|eu"; nocase; ) # galif.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002839; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galif|02|eu"; nocase; ) # galik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002840; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galik|02|eu"; nocase; ) # galip.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002841; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galip|02|eu"; nocase; ) # galor.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002842; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galor|02|eu"; nocase; ) # gatic.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002843; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gatic|02|eu"; nocase; ) # makom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002844; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makom|02|eu"; nocase; ) # marusic.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002845; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|marusic|04|info"; nocase; ) # masol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002846; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masol|02|eu"; nocase; ) # namax.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002847; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|namax|02|eu"; nocase; ) # purol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002848; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purol|02|eu"; nocase; ) # simagas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002849; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|simagas|03|com"; nocase; ) # simob.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002850; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simob|02|eu"; nocase; ) # siseb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002851; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|siseb|02|eu"; nocase; ) # volez.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002852; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volez|02|eu"; nocase; ) # vonak.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002853; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vonak|02|eu"; nocase; ) # vowypim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002854; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|vowypim|03|com"; nocase; ) # boweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002855; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|boweb|02|eu"; nocase; ) # cidef.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002856; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cidef|02|eu"; nocase; ) # cinop.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002857; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cinop|02|eu"; nocase; ) # dimelaw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002858; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|dimelaw|04|info"; nocase; ) # doran.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002859; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|doran|02|eu"; nocase; ) # fotos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002860; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotos|02|eu"; nocase; ) # galek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002861; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galek|02|eu"; nocase; ) # haluk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002862; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|haluk|02|eu"; nocase; ) # lygynud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002863; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lygynud|03|com"; nocase; ) # lyken.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002864; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyken|02|eu"; nocase; ) # lyxam.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002865; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyxam|02|eu"; nocase; ) # mabox.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002866; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mabox|02|eu"; nocase; ) # makes.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002867; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makes|02|eu"; nocase; ) # makot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002868; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makot|02|eu"; nocase; ) # nametok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002869; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|nametok|03|com"; nocase; ) # pufymoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002870; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|pufymoq|03|com"; nocase; ) # pujol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002871; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pujol|02|eu"; nocase; ) # qetynev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002872; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|qetynev|03|com"; nocase; ) # sikom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002873; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sikom|02|eu"; nocase; ) # simet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002874; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simet|02|eu"; nocase; ) # tuweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002875; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuweb|02|eu"; nocase; ) # vocer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002876; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocer|02|eu"; nocase; ) # vocoret.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002877; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|vocoret|03|com"; nocase; ) # volar.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002878; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volar|02|eu"; nocase; ) # volig.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002879; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volig|02|eu"; nocase; ) # wyles.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002880; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|wyles|02|eu"; nocase; ) # zukov.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002881; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|zukov|02|eu"; nocase; ) # bozet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002882; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bozet|02|eu"; nocase; ) # cicop.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002883; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cicop|02|eu"; nocase; ) # cidec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002884; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cidec|02|eu"; nocase; ) # dimaweb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002885; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|dimaweb|04|info"; nocase; ) # dobat.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002886; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|dobat|02|eu"; nocase; ) # dogit.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002887; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|dogit|02|eu"; nocase; ) # doril.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002888; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|doril|02|eu"; nocase; ) # fobus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002889; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fobus|02|eu"; nocase; ) # foker.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002890; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foker|02|eu"; nocase; ) # fotorob.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002891; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|fotorob|04|info"; nocase; ) # gadar.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002892; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadar|02|eu"; nocase; ) # ganiq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002893; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganiq|02|eu"; nocase; ) # gatun.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002894; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gatun|02|eu"; nocase; ) # gatyhub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002895; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|gatyhub|03|com"; nocase; ) # lyman.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002896; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyman|02|eu"; nocase; ) # lyryx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002897; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyryx|02|eu"; nocase; ) # lyxos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002898; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyxos|02|eu"; nocase; ) # maramit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002899; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|maramit|03|com"; nocase; ) # marex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002900; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|marex|02|eu"; nocase; ) # masen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002901; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masen|02|eu"; nocase; ) # masex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002902; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masex|02|eu"; nocase; ) # najisom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002903; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|najisom|03|com"; nocase; ) # navis.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002904; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|navis|02|eu"; nocase; ) # pumot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002905; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pumot|02|eu"; nocase; ) # purex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002906; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purex|02|eu"; nocase; ) # tucer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002907; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tucer|02|eu"; nocase; ) # vocab.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002908; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocab|02|eu"; nocase; ) # zusex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002909; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|zusex|02|eu"; nocase; ) # bozec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002910; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bozec|02|eu"; nocase; ) # cilen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002911; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cilen|02|eu"; nocase; ) # cineb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002912; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cineb|02|eu"; nocase; ) # citon.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002913; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|citon|02|eu"; nocase; ) # fotek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002914; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotek|02|eu"; nocase; ) # gacek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002915; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gacek|02|eu"; nocase; ) # galen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002916; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galen|02|eu"; nocase; ) # galep.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002917; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galep|02|eu"; nocase; ) # galev.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002918; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galev|02|eu"; nocase; ) # ganed.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002919; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganed|02|eu"; nocase; ) # hapoc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002920; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|hapoc|02|eu"; nocase; ) # lymos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002921; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lymos|02|eu"; nocase; ) # makel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002922; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makel|02|eu"; nocase; ) # marotek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002923; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|marotek|03|com"; nocase; ) # masum.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002924; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masum|02|eu"; nocase; ) # nagal.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002925; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|nagal|02|eu"; nocase; ) # nasim.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002926; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|nasim|02|eu"; nocase; ) # novodom.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002927; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|novodom|04|info"; nocase; ) # pufal.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002928; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pufal|02|eu"; nocase; ) # puput.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002929; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|puput|02|eu"; nocase; ) # qetaf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002930; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|qetaf|02|eu"; nocase; ) # ryhan.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002931; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ryhan|02|eu"; nocase; ) # simul.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002932; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simul|02|eu"; nocase; ) # sirex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002933; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sirex|02|eu"; nocase; ) # sisol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002934; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sisol|02|eu"; nocase; ) # tuced.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002935; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuced|02|eu"; nocase; ) # videcam.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002936; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|videcam|04|info"; nocase; ) # volac.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002937; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volac|02|eu"; nocase; ) # vonik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002938; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vonik|02|eu"; nocase; ) # vowap.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002939; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vowap|02|eu"; nocase; ) # bomed.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002940; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bomed|02|eu"; nocase; ) # cicuk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002941; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cicuk|02|eu"; nocase; ) # fotor.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002942; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotor|02|eu"; nocase; ) # gacynuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002943; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|gacynuz|03|com"; nocase; ) # gadak.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002944; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadak|02|eu"; nocase; ) # gadic.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002945; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadic|02|eu"; nocase; ) # ganek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002946; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganek|02|eu"; nocase; ) # gater.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002947; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gater|02|eu"; nocase; ) # hafod.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002948; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|hafod|02|eu"; nocase; ) # halimaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002949; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|halimaw|03|com"; nocase; ) # kymos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002950; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|kymos|02|eu"; nocase; ) # lykymox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002951; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lykymox|03|com"; nocase; ) # mages.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002952; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mages|02|eu"; nocase; ) # makun.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002953; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makun|02|eu"; nocase; ) # mamet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002954; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mamet|02|eu"; nocase; ) # mamitam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002955; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|mamitam|03|com"; nocase; ) # mamon.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002956; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mamon|02|eu"; nocase; ) # maros.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002957; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|maros|02|eu"; nocase; ) # maxel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002958; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|maxel|02|eu"; nocase; ) # purac.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002959; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purac|02|eu"; nocase; ) # pured.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002960; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pured|02|eu"; nocase; ) # puric.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002961; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|puric|02|eu"; nocase; ) # tunez.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002962; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tunez|02|eu"; nocase; ) # tuzer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002963; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuzer|02|eu"; nocase; ) # vocom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002964; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocom|02|eu"; nocase; ) # cjgsnenansnan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002965; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|0d|cjgsnenansnan|03|com"; nocase; ) # getadobeflashplayer.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002966; reference:url,osint.bambenekconsulting.com/manual/volatile.txt; priority:1; content:"|13|getadobeflashplayer|03|net"; nocase; ) # vlbqryjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002967; reference:url,osint.bambenekconsulting.com/manual/dircrypt-iplist.txt; priority:1; content:"|08|vlbqryjd|03|com"; nocase; ) # ceffor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002968; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|ceffor|03|net"; nocase; ) # kovacs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002969; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|kovacs|03|biz"; nocase; ) # meguia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002970; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|meguia|03|net"; nocase; ) # kdrccwnansnan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002971; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|0d|kdrccwnansnan|03|com"; nocase; ) # cealis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002972; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|cealis|03|net"; nocase; ) # crowdaround.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002973; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|crowdaround|03|net"; nocase; ) # experiencecover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002974; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0f|experiencecover|03|net"; nocase; ) # freshcompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002975; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|freshcompany|03|net"; nocase; ) # knownprobable.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002976; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|knownprobable|03|net"; nocase; ) # knownshoulder.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002977; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|knownshoulder|03|net"; nocase; ) # lifehorse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002978; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifehorse|03|net"; nocase; ) # lifetaste.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002979; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifetaste|03|net"; nocase; ) # longiron.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002980; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|longiron|03|net"; nocase; ) # longshow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002981; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|longshow|03|net"; nocase; ) # pushmoon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002982; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|pushmoon|03|net"; nocase; ) # saidtook.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002983; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|saidtook|03|net"; nocase; ) # watercompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002984; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|watercompany|03|net"; nocase; ) # watercomplete.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002985; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|watercomplete|03|net"; nocase; ) # watercover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002986; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|watercover|03|net"; nocase; ) # wheelcome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002987; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|wheelcome|03|net"; nocase; ) # ns1.dnsfor15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002988; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|08|dnsfor15|03|com"; nocase; ) # alpsam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002989; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|alpsam|03|com"; nocase; ) # logher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002990; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|logher|03|com"; nocase; ) # ns1.dnsfor8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002991; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|07|dnsfor8|03|com"; nocase; ) # aehtcdb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002992; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|aehtcdb|04|info"; nocase; ) # bagpump.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002993; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|bagpump|02|eu"; nocase; ) # deepworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002994; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|deepworld|03|net"; nocase; ) # fightcompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002995; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|fightcompany|03|net"; nocase; ) # freshcover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002996; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|freshcover|03|net"; nocase; ) # lifeenjoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002997; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifeenjoy|03|net"; nocase; ) # lifefeed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002998; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|lifefeed|03|net"; nocase; ) # longearth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002999; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|longearth|03|net"; nocase; ) # mouthiron.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003000; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|mouthiron|03|net"; nocase; ) # partycompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003001; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|partycompany|03|net"; nocase; ) # partycover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003002; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|partycover|03|net"; nocase; ) # pushdeal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003003; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|pushdeal|03|net"; nocase; ) # summerkitchen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003004; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|summerkitchen|03|net"; nocase; ) # wheeldeal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003005; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|wheeldeal|03|net"; nocase; ) # wheelworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003006; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|wheelworld|03|net"; nocase; ) # alreadybridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003007; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|alreadybridge|03|net"; nocase; ) # decemberfirst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003008; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|decemberfirst|03|net"; nocase; ) # experiencenature.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003009; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|10|experiencenature|03|net"; nocase; ) # fridayguess.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003010; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|fridayguess|03|net"; nocase; ) # lifebuild.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003011; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifebuild|03|net"; nocase; ) # liferule.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003012; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|liferule|03|net"; nocase; ) # lifeworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003013; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifeworld|03|net"; nocase; ) # stickworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003014; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|stickworld|03|net"; nocase; ) # summercompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003015; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|summercompany|03|net"; nocase; ) # thoughtboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003016; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|thoughtboard|03|net"; nocase; ) # tillroll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003017; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|tillroll|03|net"; nocase; ) # waterenough.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003018; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|waterenough|03|net"; nocase; ) # waterwagon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003019; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|waterwagon|03|net"; nocase; ) # womanboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003020; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|womanboard|03|net"; nocase; ) # gbjtyyhrhk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003021; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|gbjtyyhrhk|03|com"; nocase; ) # twkpwfuecvvzcincq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003022; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|11|twkpwfuecvvzcincq|03|net"; nocase; ) # epeidu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003023; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|epeidu|03|com"; nocase; ) # lecajst.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003024; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|lecajst|04|info"; nocase; ) # decembermoon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003025; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|decembermoon|03|net"; nocase; ) # freshboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003026; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|freshboard|03|net"; nocase; ) # lifefirst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003027; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifefirst|03|net"; nocase; ) # lifeoctover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003028; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|lifeoctover|03|net"; nocase; ) # partyboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003029; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|partyboard|03|net"; nocase; ) # partybridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003030; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|partybridge|03|net"; nocase; ) # smokecompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003031; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|smokecompany|03|net"; nocase; ) # smokewagon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003032; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|smokewagon|03|net"; nocase; ) # ns1.backdates10.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003033; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|0b|backdates10|03|com"; nocase; ) # ns1.dnsfor7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003034; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|07|dnsfor7|03|com"; nocase; ) # vhfcdxydyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003035; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|vhfcdxydyp|03|com"; nocase; ) # akbbags.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003036; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|akbbags|03|com"; nocase; ) # qprweb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003037; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qprweb|03|com"; nocase; ) # ns1.backdates2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003038; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|0a|backdates2|03|com"; nocase; ) # drohppbkxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003039; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|drohppbkxj|03|com"; nocase; ) # gjsbydmrpfzsmnfiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003040; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|11|gjsbydmrpfzsmnfiu|03|net"; nocase; ) # origii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003041; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|origii|03|com"; nocase; ) # bjcanqv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003042; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|bjcanqv|02|eu"; nocase; ) # crowdbridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003043; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|crowdbridge|03|net"; nocase; ) # freshbecome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003044; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|freshbecome|03|net"; nocase; ) # lifehunt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003045; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|lifehunt|03|net"; nocase; ) # smokerealize.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003046; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|smokerealize|03|net"; nocase; ) # summerboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003047; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|summerboard|03|net"; nocase; ) # wheelunder.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003048; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|wheelunder|03|net"; nocase; ) # wheelweight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003049; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|wheelweight|03|net"; nocase; ) # mbfolblryjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003050; reference:url,osint.bambenekconsulting.com/manual/tempedreve.txt; priority:1; content:"|0b|mbfolblryjv|03|net"; nocase; ) # vbvyuewvklknya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003051; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|vbvyuewvklknya|03|biz"; nocase; ) # thoitrangaodacaocap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003052; reference:url,www.spamhaus.org/query/dbl?domain=thoitrangaodacaocap.com; priority:1; content:"|13|thoitrangaodacaocap|03|com"; nocase; ) # metalexvietnamreed.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003053; reference:url,www.spamhaus.org/query/dbl?domain=metalexvietnamreed.tk; priority:1; content:"|12|metalexvietnamreed|02|tk"; nocase; ) # mx.shammah.openbrazil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003054; reference:url,www.spamhaus.org/query/dbl?domain=mx.shammah.openbrazil.org; priority:1; content:"|02|mx|07|shammah|0a|openbrazil|03|org"; nocase; ) # ninjastgeorge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003055; reference:url,www.spamhaus.org/query/dbl?domain=ninjastgeorge.com; priority:1; content:"|0d|ninjastgeorge|03|com"; nocase; ) # banana.dp.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003056; reference:url,www.spamhaus.org/query/dbl?domain=banana.dp.ua; priority:1; content:"|06|banana|02|dp|02|ua"; nocase; ) # mail.thoitrangaodacaocap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003057; reference:url,www.spamhaus.org/query/dbl?domain=mail.thoitrangaodacaocap.com; priority:1; content:"|04|mail|13|thoitrangaodacaocap|03|com"; nocase; ) # ns1.verinetinternet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003058; reference:url,www.spamhaus.org/query/dbl?domain=ns1.verinetinternet.com; priority:1; content:"|03|ns1|0f|verinetinternet|03|com"; nocase; ) # ocqiwseygwqyeuma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003059; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ocqiwseygwqyeuma|03|org"; nocase; ) # d.s1.chengshizhixing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003060; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|01|d|02|s1|0f|chengshizhixing|03|com"; nocase; ) # bdubefoeug.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003061; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|bdubefoeug|02|yi|03|org"; nocase; ) # cdggua.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003062; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|cdggua|02|yi|03|org"; nocase; ) # hdredirect-lb-399551664.us-east-1.elb.amazonaws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003063; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|17|hdredirect-lb-399551664|09|us-east-1|03|elb|09|amazonaws|03|com"; nocase; ) # hzmwxlmu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003064; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|hzmwxlmu|02|yi|03|org"; nocase; ) # pcajqcaof.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003065; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|pcajqcaof|02|yi|03|org"; nocase; ) # vsdvzwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003066; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|vsdvzwt|03|com"; nocase; ) # adhbtib.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003067; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|adhbtib|02|yi|03|org"; nocase; ) # denalits.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003068; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|denalits|03|com"; nocase; ) # kqrhri.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003069; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|kqrhri|04|mooo|03|com"; nocase; ) # ngbmfsbuql.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003070; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|ngbmfsbuql|02|yi|03|org"; nocase; ) # gmaeesguiokeyqwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003071; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|gmaeesguiokeyqwo|03|org"; nocase; ) # iqswksmkegumawkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003072; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|iqswksmkegumawkm|03|org"; nocase; ) # bitrik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003073; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bitrik|03|com"; nocase; ) # oboyka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003074; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oboyka|03|com"; nocase; ) # klofmvcx.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003075; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|klofmvcx|02|yi|03|org"; nocase; ) # muodaclf.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003076; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|muodaclf|02|yi|03|org"; nocase; ) # wpodosail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003077; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|wpodosail|03|com"; nocase; ) # zssdxcq.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003078; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|zssdxcq|02|yi|03|org"; nocase; ) # fofond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003079; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fofond|03|com"; nocase; ) # huffee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003080; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|huffee|03|com"; nocase; ) # mnmkhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003081; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mnmkhl|03|com"; nocase; ) # usenti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003082; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|usenti|03|com"; nocase; ) # afmbtgyktty.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003083; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|afmbtgyktty|02|yi|03|org"; nocase; ) # bpdyttrlp.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003084; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|bpdyttrlp|02|yi|03|org"; nocase; ) # grohhgebtxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003085; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|grohhgebtxa|03|com"; nocase; ) # gviailawmc.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003086; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|gviailawmc|02|yi|03|org"; nocase; ) # ihouxyds.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003087; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|ihouxyds|02|yi|03|org"; nocase; ) # itifvo.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003088; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|itifvo|02|yi|03|org"; nocase; ) # lbimniu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003089; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|lbimniu|02|yi|03|org"; nocase; ) # niirdoewt.dyndns.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003090; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|niirdoewt|06|dyndns|03|org"; nocase; ) # wmvrlpvpqxu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003091; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|wmvrlpvpqxu|02|yi|03|org"; nocase; ) # ceigqweqwaywiqgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003092; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ceigqweqwaywiqgu|03|org"; nocase; ) # ywoekqumwmygouka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003093; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ywoekqumwmygouka|03|org"; nocase; ) # iqwifsunu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003094; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|iqwifsunu|02|yi|03|org"; nocase; ) # qpyosxkmcc.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003095; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|qpyosxkmcc|02|yi|03|org"; nocase; ) # qwzsprieo.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003096; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|qwzsprieo|02|yi|03|org"; nocase; ) # udtwirqzhdm.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003097; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|udtwirqzhdm|02|yi|03|org"; nocase; ) # xlfstaxlrui.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003098; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|xlfstaxlrui|02|yi|03|org"; nocase; ) # crowdwelcome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003099; reference:url,www.spamhaus.org/query/dbl?domain=crowdwelcome.net; priority:1; content:"|0c|crowdwelcome|03|net"; nocase; ) # womanproud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003100; reference:url,www.spamhaus.org/query/dbl?domain=womanproud.net; priority:1; content:"|0a|womanproud|03|net"; nocase; ) # lgqvnnbqlggc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003101; reference:url,www.spamhaus.org/query/dbl?domain=lgqvnnbqlggc.biz; priority:1; content:"|0c|lgqvnnbqlggc|03|biz"; nocase; ) # gentlemanfurther.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003102; reference:url,www.spamhaus.org/query/dbl?domain=gentlemanfurther.net; priority:1; content:"|10|gentlemanfurther|03|net"; nocase; ) # mail.bagpump.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003103; reference:url,www.spamhaus.org/query/dbl?domain=mail.bagpump.eu; priority:1; content:"|04|mail|07|bagpump|02|eu"; nocase; ) # ns1.bwreg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003104; reference:url,www.spamhaus.org/query/dbl?domain=ns1.bwreg.com; priority:1; content:"|03|ns1|05|bwreg|03|com"; nocase; ) # dsbmcrxepqocq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dsbmcrxepqocq|03|net"; nocase; ) # ujldfdvipnxpf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ujldfdvipnxpf|03|biz"; nocase; ) # vfrrkqloatkgi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vfrrkqloatkgi|02|co|02|uk"; nocase; ) # vcldghlargdog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vcldghlargdog|03|biz"; nocase; ) # xlqjrmuuuhely.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xlqjrmuuuhely|04|info"; nocase; ) # ahvyuslkrgucg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ahvyuslkrgucg|02|ru"; nocase; ) # buuqbnvfjgbqx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|buuqbnvfjgbqx|03|org"; nocase; ) # ljabmtliqdaywdp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ljabmtliqdaywdp|03|org"; nocase; ) # ynbfplbnosjhglc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ynbfplbnosjhglc|02|co|02|uk"; nocase; ) # mrkwmjygfuwmesp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mrkwmjygfuwmesp|04|info"; nocase; ) # qpofdcxktjboiww.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qpofdcxktjboiww|02|ru"; nocase; ) # etpjgtnprykwikw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|etpjgtnprykwikw|03|org"; nocase; ) # ygnkxoqjirgdjuy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ygnkxoqjirgdjuy|02|ru"; nocase; ) # geqyoyfbmlfkamj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|geqyoyfbmlfkamj|02|co|02|uk"; nocase; ) # kpugxqyuduncesm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kpugxqyuduncesm|03|biz"; nocase; ) # lfvrsldcpddkfix.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lfvrsldcpddkfix|02|ru"; nocase; ) # nxpseoovngclxdk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nxpseoovngclxdk|02|co|02|uk"; nocase; ) # rimmlcaydjiibgq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rimmlcaydjiibgq|02|ru"; nocase; ) # bhvngegvgjkkerg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bhvngegvgjkkerg|02|co|02|uk"; nocase; ) # hwogwyhmvjvkqfh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hwogwyhmvjvkqfh|02|co|02|uk"; nocase; ) # josrxredodlfcwx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|josrxredodlfcwx|03|biz"; nocase; ) # uvvjlwmouwalyku.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uvvjlwmouwalyku|02|ru"; nocase; ) # vjqwmoacdujxagy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vjqwmoacdujxagy|03|org"; nocase; ) # frpmwjwiibpnohw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|frpmwjwiibpnohw|03|org"; nocase; ) # tkpwaljvxieygmt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tkpwaljvxieygmt|04|info"; nocase; ) # iuuuwmtswysindj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iuuuwmtswysindj|03|biz"; nocase; ) # ytspvnttddapshf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ytspvnttddapshf|03|net"; nocase; ) # ipxbkmbweplkdng.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ipxbkmbweplkdng|04|info"; nocase; ) # khcmlrlbbiledxs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khcmlrlbbiledxs|02|ru"; nocase; ) # nybtgrcdkfhbbcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nybtgrcdkfhbbcs|03|net"; nocase; ) # yoirlftcmanujno.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yoirlftcmanujno|04|info"; nocase; ) # asgrmuhagiciqrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|asgrmuhagiciqrg|03|net"; nocase; ) # dmmacxsgborwuym.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003137; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dmmacxsgborwuym|02|ru"; nocase; ) # qqnclpiaujmkeom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003138; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qqnclpiaujmkeom|03|org"; nocase; ) # jomselidwdwbusa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003139; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jomselidwdwbusa|02|co|02|uk"; nocase; ) # wsnungoqndjwuoy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003140; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wsnungoqndjwuoy|04|info"; nocase; ) # qqpmsobbuijjtme.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003141; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qqpmsobbuijjtme|02|co|02|uk"; nocase; ) # efkhkenbupudnuf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003142; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|efkhkenbupudnuf|02|ru"; nocase; ) # xllcvmjohcekljj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003143; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xllcvmjohcekljj|04|info"; nocase; ) # amjfavemgfuclbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003144; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|amjfavemgfuclbu|03|net"; nocase; ) # ahrmystfbjmpkjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003145; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ahrmystfbjmpkjv|03|com"; nocase; ) # blpmaihdurbdrnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003146; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|blpmaihdurbdrnn|03|biz"; nocase; ) # ikpifvwmmhtwisa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003147; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ikpifvwmmhtwisa|03|org"; nocase; ) # mitqvbfrfmnabst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003148; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mitqvbfrfmnabst|03|net"; nocase; ) # ntsyhcwgrtvujbr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003149; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ntsyhcwgrtvujbr|04|info"; nocase; ) # qecvqmbpwcykmkf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003150; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qecvqmbpwcykmkf|03|biz"; nocase; ) # gcrcybgpglprkwn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003151; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gcrcybgpglprkwn|04|info"; nocase; ) # hpxnywvcgnjodtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003152; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hpxnywvcgnjodtg|03|net"; nocase; ) # kxahtmccxbwxhcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003153; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kxahtmccxbwxhcp|03|com"; nocase; ) # mpesurmgutwrsds.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003154; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mpesurmgutwrsds|03|org"; nocase; ) # nbrxeovvxdqayqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003155; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nbrxeovvxdqayqw|03|net"; nocase; ) # bdmxhjcjlcwriae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003156; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bdmxhjcjlcwriae|03|biz"; nocase; ) # duqjiomniuwliru.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003157; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|duqjiomniuwliru|04|info"; nocase; ) # skuoguvpdpsxafh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003158; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|skuoguvpdpsxafh|02|ru"; nocase; ) # rnglvvhanilmmpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003159; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rnglvvhanilmmpa|03|org"; nocase; ) # lsxhvoarellfbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003160; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lsxhvoarellfbs|03|net"; nocase; ) # pidhohyvgwiymb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003161; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pidhohyvgwiymb|02|co|02|uk"; nocase; ) # tcgwvysbjjtume.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003162; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tcgwvysbjjtume|03|biz"; nocase; ) # ukqoiogcpssxtf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003163; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ukqoiogcpssxtf|03|org"; nocase; ) # ptlwwtdjiunsgn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003164; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ptlwwtdjiunsgn|04|info"; nocase; ) # eafpuciepssrkg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003165; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eafpuciepssrkg|03|com"; nocase; ) # itifctcxsfirht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003166; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itifctcxsfirht|03|org"; nocase; ) # jjjqwogffnxayv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003167; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jjjqwogffnxayv|02|co|02|uk"; nocase; ) # mjnfumbcuqflhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003168; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjnfumbcuqflhl|03|net"; nocase; ) # peythwsqpqycyo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003169; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|peythwsqpqycyo|03|org"; nocase; ) # asgppodpyoobdm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003170; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|asgppodpyoobdm|02|co|02|uk"; nocase; ) # bbqhcxxexlfnde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003171; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bbqhcxxexlfnde|03|com"; nocase; ) # kaaiwaebblhpgp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003172; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kaaiwaebblhpgp|03|biz"; nocase; ) # mjfcvsbrhvosgt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003173; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjfcvsbrhvosgt|04|info"; nocase; ) # wtqnvtfsngdylf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003174; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wtqnvtfsngdylf|03|net"; nocase; ) # xjryqojaaoshdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003175; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xjryqojaaoshdh|03|biz"; nocase; ) # yybqndatoppxcm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003176; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yybqndatoppxcm|02|ru"; nocase; ) # aswsphgqgyakvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003177; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aswsphgqgyakvh|04|info"; nocase; ) # uwuhwrbxwjgjdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003178; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uwuhwrbxwjgjdu|03|com"; nocase; ) # pvuemdhttjrtpo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003179; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pvuemdhttjrtpo|03|biz"; nocase; ) # duuechheyknfim.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003180; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|duuechheyknfim|02|ru"; nocase; ) # hddulncmqumghs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003181; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hddulncmqumghs|02|ru"; nocase; ) # hqdjwreovhajtl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003182; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hqdjwreovhajtl|03|org"; nocase; ) # iexwxjrcefjvuh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003183; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iexwxjrcefjvuh|02|co|02|uk"; nocase; ) # htcrwgrmmkbspp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003184; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|htcrwgrmmkbspp|03|net"; nocase; ) # umulfchlvfevew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003185; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|umulfchlvfevew|02|ru"; nocase; ) # acetipenlpbjar.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003186; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|acetipenlpbjar|02|co|02|uk"; nocase; ) # ngfvrhthfkvwax.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003187; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ngfvrhthfkvwax|04|info"; nocase; ) # ilmjibexlpowid.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003188; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ilmjibexlpowid|04|info"; nocase; ) # mmuwovdavksrcf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003189; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mmuwovdavksrcf|03|biz"; nocase; ) # fagqwlrloreupx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003190; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fagqwlrloreupx|02|co|02|uk"; nocase; ) # hbepnbfscaolna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003191; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hbepnbfscaolna|03|com"; nocase; ) # yukrpokkulxbbn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003192; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yukrpokkulxbbn|02|co|02|uk"; nocase; ) # oyppxrvdfumesy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003193; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oyppxrvdfumesy|03|com"; nocase; ) # nxogoatkhqeguj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003194; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nxogoatkhqeguj|03|com"; nocase; ) # epsxktbjmykjgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003195; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|epsxktbjmykjgg|03|com"; nocase; ) # xqcpneqlnbywvt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003196; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xqcpneqlnbywvt|02|co|02|uk"; nocase; ) # vbmxhuphdcffkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003197; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vbmxhuphdcffkl|03|org"; nocase; ) # escipprsctxfxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003198; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|escipprsctxfxf|03|com"; nocase; ) # owioyutkdwarbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003199; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owioyutkdwarbk|03|com"; nocase; ) # ripsekooaydrdi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003200; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ripsekooaydrdi|03|biz"; nocase; ) # itnkbofvjufioh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003201; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itnkbofvjufioh|03|net"; nocase; ) # vvikejljwtlaxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003202; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vvikejljwtlaxq|03|biz"; nocase; ) # mjskttnbrlvdhe.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003203; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjskttnbrlvdhe|02|co|02|uk"; nocase; ) # koxqfknmncgcqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003204; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|koxqfknmncgcqf|03|com"; nocase; ) # mpvpvabtbkqsos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003205; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mpvpvabtbkqsos|03|biz"; nocase; ) # prxcfkanjpnktd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003206; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|prxcfkanjpnktd|02|co|02|uk"; nocase; ) # dwqwsocpefbxrj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003207; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dwqwsocpefbxrj|03|org"; nocase; ) # fgvqrtmtqmoarb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003208; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fgvqrtmtqmoarb|03|net"; nocase; ) # smggwyntmmceox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003209; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|smggwyntmmceox|03|biz"; nocase; ) # tabreqbsqpwvpx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003210; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tabreqbsqpwvpx|02|ru"; nocase; ) # vajvjnsmewtsat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003211; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vajvjnsmewtsat|03|net"; nocase; ) # bpexptjccqbjhl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003212; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bpexptjccqbjhl|04|info"; nocase; ) # uqoryvuuwcodg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003213; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uqoryvuuwcodg|03|net"; nocase; ) # xgimoyeugayuy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003214; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xgimoyeugayuy|02|ru"; nocase; ) # yvjwgqxpeltfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003215; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yvjwgqxpeltfa|03|org"; nocase; ) # iagefdopysucw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003216; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iagefdopysucw|03|net"; nocase; ) # mxkuuvlnwichw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003217; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mxkuuvlnwichw|02|co|02|uk"; nocase; ) # sxawtrbfqjgxt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003218; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sxawtrbfqjgxt|04|info"; nocase; ) # utdkgjuvtgpgs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003219; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|utdkgjuvtgpgs|03|biz"; nocase; ) # qltlbkhauvhxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003220; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qltlbkhauvhxo|03|net"; nocase; ) # sdcemywbsqeyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003221; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sdcemywbsqeyj|03|com"; nocase; ) # kocljhlwbjvth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003222; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kocljhlwbjvth|03|biz"; nocase; ) # huemsyucemunb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003223; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|huemsyucemunb|03|biz"; nocase; ) # vxtsetvdljway.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003224; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vxtsetvdljway|02|ru"; nocase; ) # ebivkjdnwwvca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003225; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ebivkjdnwwvca|03|net"; nocase; ) # dgacdvbsrwiqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003226; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dgacdvbsrwiqv|03|org"; nocase; ) # ecqcsmfkwtwmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003227; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ecqcsmfkwtwmt|03|com"; nocase; ) # ftgutbptgilps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003228; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ftgutbptgilps|03|net"; nocase; ) # eweukphdnbaxl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003229; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eweukphdnbaxl|04|info"; nocase; ) # irkmyikpqtdwp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003230; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|irkmyikpqtdwp|02|ru"; nocase; ) # llqdnltpubvoi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003231; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|llqdnltpubvoi|02|co|02|uk"; nocase; ) # yaftcxjhcfwjl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003232; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yaftcxjhcfwjl|03|biz"; nocase; ) # npmfagmasaivl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003233; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|npmfagmasaivl|02|ru"; nocase; ) # ofnnxbwdjvkhd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003234; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ofnnxbwdjvkhd|03|org"; nocase; ) # sdrenttbhlrmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003235; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sdrenttbhlrmd|03|net"; nocase; ) # gdinsdjybucxg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003236; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gdinsdjybucxg|03|net"; nocase; ) # ulhqgearrnrgn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003237; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ulhqgearrnrgn|03|org"; nocase; ) # oxnkvwykqvruc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003238; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oxnkvwykqvruc|03|net"; nocase; ) # ovsvwojjcdmcd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003239; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ovsvwojjcdmcd|03|biz"; nocase; ) # plteugdpvtave.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003240; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|plteugdpvtave|02|ru"; nocase; ) # knemuxacusnla.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003241; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|knemuxacusnla|04|info"; nocase; ) # xrfphsmwlaifa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003242; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xrfphsmwlaifa|03|com"; nocase; ) # mocpyhuatvedq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003243; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mocpyhuatvedq|03|net"; nocase; ) # asdslchukdywa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003244; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|asdslchukdywa|03|biz"; nocase; ) # mfiguqyywhcje.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003245; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mfiguqyywhcje|02|ru"; nocase; ) # uxsoycyuxpxve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003246; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxsoycyuxpxve|03|org"; nocase; ) # vntwwwjxolahv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003247; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vntwwwjxolahv|02|co|02|uk"; nocase; ) # xorabgevnoqyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003248; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xorabgevnoqyd|03|com"; nocase; ) # wetkhxxgrskkw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003249; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wetkhxxgrskkw|02|co|02|uk"; nocase; ) # kgojhpthvruag.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003250; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kgojhpthvruag|04|info"; nocase; ) # ydsstlqlyccbs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003251; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ydsstlqlyccbs|02|co|02|uk"; nocase; ) # sjmfnvniqjjlw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003252; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sjmfnvniqjjlw|02|ru"; nocase; ) # dnaykrypqroew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003253; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dnaykrypqroew|03|org"; nocase; ) # jmcsemwlvbxly.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003254; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jmcsemwlvbxly|02|ru"; nocase; ) # bstdrkglvhnxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003255; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bstdrkglvhnxd|03|org"; nocase; ) # dgaviqtabirqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003256; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dgaviqtabirqa|03|net"; nocase; ) # etuisingfrwkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003257; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|etuisingfrwkr|03|biz"; nocase; ) # aldqwxvmpjwr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003258; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aldqwxvmpjwr|02|co|02|uk"; nocase; ) # dsxhcbfjugtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003259; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dsxhcbfjugtl|03|com"; nocase; ) # xhhkatcghcbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003260; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xhhkatcghcbl|03|com"; nocase; ) # nuuhqgiqhcpl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003261; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nuuhqgiqhcpl|02|co|02|uk"; nocase; ) # cvefcbjodhtj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003262; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cvefcbjodhtj|04|info"; nocase; ) # ijekovoffrwl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003263; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ijekovoffrwl|02|co|02|uk"; nocase; ) # jyfugqytrjhr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003264; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jyfugqytrjhr|04|info"; nocase; ) # ollyqvhpxhpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003265; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ollyqvhpxhpj|03|biz"; nocase; ) # gjsuamgbnffk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003266; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gjsuamgbnffk|03|net"; nocase; ) # yowvajnsvjce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003267; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yowvajnsvjce|03|org"; nocase; ) # bxcxxcmplumk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003268; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bxcxxcmplumk|03|net"; nocase; ) # kiujgwwmcams.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003269; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kiujgwwmcams|03|biz"; nocase; ) # jppvsmvkyeof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003270; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jppvsmvkyeof|03|org"; nocase; ) # llucjtdgnbyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003271; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|llucjtdgnbyw|03|com"; nocase; ) # onfvwhtweuyg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003272; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|onfvwhtweuyg|02|ru"; nocase; ) # xrmaacstyfhg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003273; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xrmaacstyfhg|03|biz"; nocase; ) # nyrelmskqlod.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003274; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nyrelmskqlod|02|co|02|uk"; nocase; ) # yumsdcpvlbtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003275; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yumsdcpvlbtk|03|com"; nocase; ) # bawvurddtsxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003276; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bawvurddtsxs|03|biz"; nocase; ) # cwwmqmpsbafc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003277; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cwwmqmpsbafc|02|ru"; nocase; ) # hmispxbiujkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003278; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hmispxbiujkl|03|net"; nocase; ) # iuskchvwtgbx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003279; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iuskchvwtgbx|02|ru"; nocase; ) # ydssqivbwxqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003280; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ydssqivbwxqh|03|biz"; nocase; ) # aydgkvkerfax.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003281; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aydgkvkerfax|02|co|02|uk"; nocase; ) # bhnxwffsqcqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003282; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bhnxwffsqcqk|03|com"; nocase; ) # cuimbwynypcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003283; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cuimbwynypcy|03|net"; nocase; ) # asaglkejduoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003284; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|asaglkejduoa|03|biz"; nocase; ) # nuubwgvobfcj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003285; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nuubwgvobfcj|03|org"; nocase; ) # qvpriaoyvbjh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003286; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qvpriaoyvbjh|03|biz"; nocase; ) # yeakdcdtjhgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003287; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yeakdcdtjhgr|03|org"; nocase; ) # qxgvhmvsopla.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003288; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qxgvhmvsopla|03|biz"; nocase; ) # jqjwsuklpurk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003289; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jqjwsuklpurk|03|net"; nocase; ) # mqnwmvndhkan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003290; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mqnwmvndhkan|03|org"; nocase; ) # paikaorvmogb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003291; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|paikaorvmogb|03|biz"; nocase; ) # bijvjxdkfgeh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003292; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bijvjxdkfgeh|03|biz"; nocase; ) # wbqwobcirpjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003293; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wbqwobcirpjm|03|org"; nocase; ) # tgilyrifawfv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003294; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tgilyrifawfv|02|ru"; nocase; ) # xqlmntcdwbjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003295; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqlmntcdwbjb|03|biz"; nocase; ) # cystddibbfbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003296; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cystddibbfbi|03|org"; nocase; ) # eaqstmdcixuh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003297; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eaqstmdcixuh|04|info"; nocase; ) # fprbrhnfytws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003298; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fprbrhnfytws|03|com"; nocase; ) # hywdpamcofhy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003299; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hywdpamcofhy|03|org"; nocase; ) # hvguoudjkslb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003300; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hvguoudjkslb|03|net"; nocase; ) # llldganujawy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003301; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|llldganujawy|02|co|02|uk"; nocase; ) # 4ytjzgm5m2i8ctr72wevq5c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4ytjzgm5m2i8ctr72wevq5c|03|com"; nocase; ) # 1729bul1tn8iah18pd3gofjzfdq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1729bul1tn8iah18pd3gofjzfdq|03|net"; nocase; ) # ympr1h104u7knk54d3b13wpfqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ympr1h104u7knk54d3b13wpfqo|03|biz"; nocase; ) # 1469c6z1sskyiesoin7jpl6ljt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1469c6z1sskyiesoin7jpl6ljt|03|com"; nocase; ) # cs72g5e1l5bdo8lfbt136omnn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs72g5e1l5bdo8lfbt136omnn|03|net"; nocase; ) # 164k6ow180x8hc1m2c2k1w40zdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|164k6ow180x8hc1m2c2k1w40zdk|03|net"; nocase; ) # 1hde1r3r302kcj8sp17mwdlj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hde1r3r302kcj8sp17mwdlj1|03|biz"; nocase; ) # 1v7o9lido6o4uui8j3h156h6sz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v7o9lido6o4uui8j3h156h6sz|03|net"; nocase; ) # dygnxy1m5xm5f7zw4xa1r926k8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dygnxy1m5xm5f7zw4xa1r926k8|03|net"; nocase; ) # 1t2fgwczc5kjv1kh2du91qyokwg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t2fgwczc5kjv1kh2du91qyokwg|03|com"; nocase; ) # naspib1pc5pzq1yzgqr41w01xgm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|naspib1pc5pzq1yzgqr41w01xgm|03|net"; nocase; ) # ygphehzhsq575lx6k3u67uy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ygphehzhsq575lx6k3u67uy|03|com"; nocase; ) # 1f37fdz3gxzdu1n5kgz11mapx40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f37fdz3gxzdu1n5kgz11mapx40|03|net"; nocase; ) # tn01wl1j5vvkw148b74nhm4ixq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tn01wl1j5vvkw148b74nhm4ixq|03|com"; nocase; ) # 32b33i1p0xwrzzswafk2ervr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|32b33i1p0xwrzzswafk2ervr|03|org"; nocase; ) # 1yhjdrd1way5nh14ygkvt1ktlsw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yhjdrd1way5nh14ygkvt1ktlsw5|03|org"; nocase; ) # qq8k7b1pr96gq19j0xl319elrye.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qq8k7b1pr96gq19j0xl319elrye|03|biz"; nocase; ) # qh6or088k2uww0pwd014e27ow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qh6or088k2uww0pwd014e27ow|03|net"; nocase; ) # 1mohrb84xuwv5er44wd4rcz3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mohrb84xuwv5er44wd4rcz3t|03|com"; nocase; ) # 1uqbmtq5knty1daddwosk1me2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uqbmtq5knty1daddwosk1me2|03|com"; nocase; ) # io8x7d1oqwxoiknm8s81itdukg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io8x7d1oqwxoiknm8s81itdukg|03|org"; nocase; ) # n1ljrcd7gw1p2lcxtlooa6qw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n1ljrcd7gw1p2lcxtlooa6qw|03|com"; nocase; ) # i076gx1j2fygl1urtrk4o91bbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i076gx1j2fygl1urtrk4o91bbp|03|org"; nocase; ) # z4h8d8ipx58l14rgxxvav33xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4h8d8ipx58l14rgxxvav33xe|03|net"; nocase; ) # 1yhdkxf1z8ye7djmb7u1bxdzie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhdkxf1z8ye7djmb7u1bxdzie|03|net"; nocase; ) # 1fyq39diclrzg984hx111je3wi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fyq39diclrzg984hx111je3wi|03|com"; nocase; ) # 1xb21y91eqekly1tgoh5g10aly5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xb21y91eqekly1tgoh5g10aly5i|03|net"; nocase; ) # 18da5fbt2f82n1rld8ka18d5lns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18da5fbt2f82n1rld8ka18d5lns|03|net"; nocase; ) # 18tlrc11h1kfg91foxry4vf6t6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tlrc11h1kfg91foxry4vf6t6h|03|net"; nocase; ) # 98x4fvq0x6x1kziq6o1ktw1ct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98x4fvq0x6x1kziq6o1ktw1ct|03|org"; nocase; ) # 1msg5uj17fncgvzd38dvue9m9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1msg5uj17fncgvzd38dvue9m9v|03|org"; nocase; ) # xylfke1kus13r1xn8n5r1wrlxgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xylfke1kus13r1xn8n5r1wrlxgz|03|org"; nocase; ) # edsm181k3jne1hv5grxkjoum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|edsm181k3jne1hv5grxkjoum|03|org"; nocase; ) # 17fkyw754n9it176wg23ognill.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17fkyw754n9it176wg23ognill|03|net"; nocase; ) # i941xn1yp4ai7exhay83myfal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i941xn1yp4ai7exhay83myfal|03|net"; nocase; ) # tgsqv6hi9jjrtz0qb4iby12d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tgsqv6hi9jjrtz0qb4iby12d|03|com"; nocase; ) # 97zg2s1j5wmhf1pq4y721nsmrxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|97zg2s1j5wmhf1pq4y721nsmrxs|03|net"; nocase; ) # 1ln0n8e16s4xkk1gjgv9tifpoqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ln0n8e16s4xkk1gjgv9tifpoqx|03|com"; nocase; ) # 84d1zy1qc9rq81ommk4u1hd337b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|84d1zy1qc9rq81ommk4u1hd337b|03|net"; nocase; ) # 1xjyl8s2lbi886kpu3u7wg0jc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xjyl8s2lbi886kpu3u7wg0jc|03|net"; nocase; ) # 18ulk7z1qr6ig918g8dicovk52g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ulk7z1qr6ig918g8dicovk52g|03|com"; nocase; ) # 1t607131fwwg1t1b0eydlcw1xm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t607131fwwg1t1b0eydlcw1xm2|03|com"; nocase; ) # 5p3d73hvb9aa1clca7vvo5tt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5p3d73hvb9aa1clca7vvo5tt|03|com"; nocase; ) # rc5a79i2q9f8tne4dk1y81bo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rc5a79i2q9f8tne4dk1y81bo1|03|net"; nocase; ) # 1d4szvo4ibbvz1lssoul1e58z56.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4szvo4ibbvz1lssoul1e58z56|03|biz"; nocase; ) # 14v6naw15ne1t13wr8cra379b4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14v6naw15ne1t13wr8cra379b4|03|net"; nocase; ) # 1b1pwpo12v5g745fkz8y1lclei8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1pwpo12v5g745fkz8y1lclei8|03|com"; nocase; ) # 1lotcrhw3zglhqznwsqv1zrm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lotcrhw3zglhqznwsqv1zrm|03|org"; nocase; ) # 1o3cgm612r84qa1h2qrkzxyzp99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3cgm612r84qa1h2qrkzxyzp99|03|com"; nocase; ) # yce8kjuqo8ln1wnmhzkf12duu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yce8kjuqo8ln1wnmhzkf12duu|03|org"; nocase; ) # 1qxcpraffrvf234fxjq11wz4gx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qxcpraffrvf234fxjq11wz4gx|03|net"; nocase; ) # 1msq2u416zob1h29njo110mvz5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1msq2u416zob1h29njo110mvz5t|03|org"; nocase; ) # 1xk7yn61skrd8510vj2vxdednzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xk7yn61skrd8510vj2vxdednzw|03|net"; nocase; ) # 1fzvprn37cwfk1cpxssfrkeble.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fzvprn37cwfk1cpxssfrkeble|03|com"; nocase; ) # f1j8al5e33tfbhcwib17d9ud4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f1j8al5e33tfbhcwib17d9ud4|03|net"; nocase; ) # 1kzw1dxrz8xj312r688h18xrxpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzw1dxrz8xj312r688h18xrxpz|03|net"; nocase; ) # 16biez21geg22y1nzqmew70v82g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16biez21geg22y1nzqmew70v82g|03|net"; nocase; ) # 1b0uxb3lk4cqo15vdh9z1pc3ws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b0uxb3lk4cqo15vdh9z1pc3ws|03|net"; nocase; ) # 377jbs1c74szu14wbvtd1f3ijp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|377jbs1c74szu14wbvtd1f3ijp0|03|org"; nocase; ) # 6ktwu71rtkvp31qv8j4q1myh7yo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ktwu71rtkvp31qv8j4q1myh7yo|03|org"; nocase; ) # et0w9i13kanld1mmxqe1ntmsw3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|et0w9i13kanld1mmxqe1ntmsw3|03|org"; nocase; ) # 17mpkuc1xcgwkzkg6zd31o9n3p7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mpkuc1xcgwkzkg6zd31o9n3p7|03|com"; nocase; ) # 1a6yqkq118hxbf15krczutgq7p1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6yqkq118hxbf15krczutgq7p1|03|biz"; nocase; ) # iq7156lttcoq1u4qh4u1uc9xj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iq7156lttcoq1u4qh4u1uc9xj1|03|biz"; nocase; ) # 1ws8y3h1n1u3pu7s5tva26olvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ws8y3h1n1u3pu7s5tva26olvw|03|org"; nocase; ) # 1j63gw01qk81aed3i5pj1qf0qub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j63gw01qk81aed3i5pj1qf0qub|03|org"; nocase; ) # 8yod4b167my841oume5a16bc07j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8yod4b167my841oume5a16bc07j|03|net"; nocase; ) # 1sck70f1yayrsqhyy0tmh3p9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sck70f1yayrsqhyy0tmh3p9b|03|org"; nocase; ) # 1mni74s1rs2s4i18yynfu11rkt2y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mni74s1rs2s4i18yynfu11rkt2y|03|net"; nocase; ) # 1rwurs21fcbeuv1peqaozvee82u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rwurs21fcbeuv1peqaozvee82u|03|com"; nocase; ) # clpyi052pcdnd89kwjnats4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|clpyi052pcdnd89kwjnats4u|03|biz"; nocase; ) # 1lv5e2xc4ny8k138qm1a112m0ne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv5e2xc4ny8k138qm1a112m0ne|03|com"; nocase; ) # g0zbc8scgs2xkkxmad17bpqb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g0zbc8scgs2xkkxmad17bpqb1|03|net"; nocase; ) # 21ztdt1obvor1msmxtmrlt9zv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21ztdt1obvor1msmxtmrlt9zv|03|com"; nocase; ) # 1evbh9k9wlapynzmptl1c8cx1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evbh9k9wlapynzmptl1c8cx1t|03|org"; nocase; ) # fxsqgk1s2qqkd9pn8vm15tpxjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxsqgk1s2qqkd9pn8vm15tpxjh|03|org"; nocase; ) # 1k4xhkr1vbgphdyv2omfokgqzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4xhkr1vbgphdyv2omfokgqzo|03|net"; nocase; ) # 1qgl3o613xhhu11f0wvhpjtdny4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qgl3o613xhhu11f0wvhpjtdny4|03|org"; nocase; ) # 9bmxpcesliif139sqeyxwcay5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bmxpcesliif139sqeyxwcay5|03|com"; nocase; ) # 1f0jl1j1pr22bb1se1fdkkk57p0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f0jl1j1pr22bb1se1fdkkk57p0|03|net"; nocase; ) # ccs43x12fonea1qz7zo1bv1g8e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ccs43x12fonea1qz7zo1bv1g8e|03|com"; nocase; ) # 1f5iyxu1plbbcjc9mrutigx4td.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f5iyxu1plbbcjc9mrutigx4td|03|net"; nocase; ) # 1f50w5u1t25oy01yaqyhi5hkfpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f50w5u1t25oy01yaqyhi5hkfpi|03|com"; nocase; ) # 11pn0i6pmy7dm1lxd253it8los.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11pn0i6pmy7dm1lxd253it8los|03|biz"; nocase; ) # hn3rahwnzf0numvk5m1caj024.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hn3rahwnzf0numvk5m1caj024|03|com"; nocase; ) # 1gw1m5ke8pe1xrf7lml1g3lrgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gw1m5ke8pe1xrf7lml1g3lrgf|03|com"; nocase; ) # 1nf6fco5l4fib1vw07yyf539j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nf6fco5l4fib1vw07yyf539j6|03|net"; nocase; ) # 15c02qd990em26applv1bkxhg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15c02qd990em26applv1bkxhg8|03|org"; nocase; ) # sfwnzaovm7yr1537sass4dn8k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfwnzaovm7yr1537sass4dn8k|03|org"; nocase; ) # 83qimz1shmb41w0sbqy1pg9mnn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|83qimz1shmb41w0sbqy1pg9mnn|03|org"; nocase; ) # 1t7cxb9a1ox591iq2ui959iv53.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t7cxb9a1ox591iq2ui959iv53|03|biz"; nocase; ) # fw4y3q1sl93gj11uwp0avmx6ec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fw4y3q1sl93gj11uwp0avmx6ec|03|com"; nocase; ) # 19pfj88xjx3s31lt297l1rdhk37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19pfj88xjx3s31lt297l1rdhk37|03|net"; nocase; ) # g9iouo1tw0ahkehovbizl1gvm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g9iouo1tw0ahkehovbizl1gvm|03|biz"; nocase; ) # tt62t117p2ox1k1ruol1s44w1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tt62t117p2ox1k1ruol1s44w1d|03|net"; nocase; ) # 129xiz768r4001r5tyy310oivy0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129xiz768r4001r5tyy310oivy0|03|org"; nocase; ) # r6l2j61n0hqw11sgig6w7usdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6l2j61n0hqw11sgig6w7usdw|03|net"; nocase; ) # a0n428o790ro1ygving1j1g3pf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a0n428o790ro1ygving1j1g3pf|03|biz"; nocase; ) # mi7xsm1muid8s1kp1cyzew2owo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mi7xsm1muid8s1kp1cyzew2owo|03|com"; nocase; ) # z21xrr10x35er1dudlzfl7bc4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z21xrr10x35er1dudlzfl7bc4q|03|biz"; nocase; ) # xlbzc6lfs4q85p6wymae80x2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xlbzc6lfs4q85p6wymae80x2|03|biz"; nocase; ) # 1wb1f9xqzwwhry5pu6a1uebyuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wb1f9xqzwwhry5pu6a1uebyuq|03|net"; nocase; ) # 18vyycjdmylolc2lz1z10v7sbh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18vyycjdmylolc2lz1z10v7sbh|03|org"; nocase; ) # b88i0l1wwuyv3enjx3h1jjhl6y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b88i0l1wwuyv3enjx3h1jjhl6y|03|org"; nocase; ) # 6i3fcwx8wieggnwxrd3id0kj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6i3fcwx8wieggnwxrd3id0kj|03|net"; nocase; ) # yjhu0ipmtnqu10dyljbdau4gw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjhu0ipmtnqu10dyljbdau4gw|03|com"; nocase; ) # 116wdpc102jjc6t1ap231lurn13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|116wdpc102jjc6t1ap231lurn13|03|net"; nocase; ) # 9pgiim1xanl4qyqy4lke2zz9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pgiim1xanl4qyqy4lke2zz9r|03|com"; nocase; ) # om5opb3nzhvubqnd1m1fdoave.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|om5opb3nzhvubqnd1m1fdoave|03|net"; nocase; ) # 1u107saeagh2gyrjq2iomeitd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u107saeagh2gyrjq2iomeitd|03|biz"; nocase; ) # roqibgawvvwpat1rzx1wskk2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|roqibgawvvwpat1rzx1wskk2z|03|com"; nocase; ) # 178w166i1yl6r1llh9qz10kc1hw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178w166i1yl6r1llh9qz10kc1hw|03|net"; nocase; ) # bz8p5f1q4p6aoo3h8171l8cdap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bz8p5f1q4p6aoo3h8171l8cdap|03|com"; nocase; ) # 1sgxocp1guoi7n1myq3hy9yvt9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sgxocp1guoi7n1myq3hy9yvt9m|03|net"; nocase; ) # 1rkc8l9q6bb9w1b2kbwm1xzx2ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkc8l9q6bb9w1b2kbwm1xzx2ob|03|net"; nocase; ) # 1d9qcodw2vjmgnop9lc1m6743z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d9qcodw2vjmgnop9lc1m6743z|03|org"; nocase; ) # 9evr2i1vm84p11bggb37fqptfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9evr2i1vm84p11bggb37fqptfx|03|com"; nocase; ) # 1abcr8a1by2efo1q4bp7z1n6r183.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abcr8a1by2efo1q4bp7z1n6r183|03|com"; nocase; ) # tovt7w5n1wwoztwh92cz78j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tovt7w5n1wwoztwh92cz78j|03|org"; nocase; ) # xnf1oni0ak0al7txxnwlekj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xnf1oni0ak0al7txxnwlekj6|03|org"; nocase; ) # 1vr0b7rw36dp0sfn3wt72w5la.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vr0b7rw36dp0sfn3wt72w5la|03|biz"; nocase; ) # 1v3oubadep330sxtx5lsraac9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v3oubadep330sxtx5lsraac9|03|net"; nocase; ) # 16iqobjgbzz39mgoij011nbx24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16iqobjgbzz39mgoij011nbx24|03|com"; nocase; ) # 2jz35jqale3ug3e6kxlbt1ou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2jz35jqale3ug3e6kxlbt1ou|03|com"; nocase; ) # 1kvwh981d0s1b71sgsklv1qh72gn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kvwh981d0s1b71sgsklv1qh72gn|03|net"; nocase; ) # xafyj1b3arda4fpaxf1elt6yi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xafyj1b3arda4fpaxf1elt6yi|03|com"; nocase; ) # 11d7pqeb173hlmy93o91m9mgv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d7pqeb173hlmy93o91m9mgv1|03|com"; nocase; ) # 44uglt1szj0l9xd11mvkl6so4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|44uglt1szj0l9xd11mvkl6so4|03|org"; nocase; ) # m7kk6d1ojbhzx5o2hck1gcu263.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m7kk6d1ojbhzx5o2hck1gcu263|03|biz"; nocase; ) # jqtr8e1oxwn0zyfnzzelugvkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jqtr8e1oxwn0zyfnzzelugvkp|03|net"; nocase; ) # az5pxhty0saawfff87kfrah2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|az5pxhty0saawfff87kfrah2|03|net"; nocase; ) # ax0eqdsqa7vo1i7fipz143ofhl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ax0eqdsqa7vo1i7fipz143ofhl|03|biz"; nocase; ) # 1se5z5kqbt4rpdvc1bj50ctq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1se5z5kqbt4rpdvc1bj50ctq4|03|org"; nocase; ) # 5bw3fj15xk9xg1jhbunm1pilx3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5bw3fj15xk9xg1jhbunm1pilx3v|03|biz"; nocase; ) # 1qrbuqf1ggug7dvpy11z1vd7r12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qrbuqf1ggug7dvpy11z1vd7r12|03|com"; nocase; ) # 1yotcco1uhs94y1d2txjseb4ggv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yotcco1uhs94y1d2txjseb4ggv|03|net"; nocase; ) # znjyntr7u59v1rd2apt170lp2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znjyntr7u59v1rd2apt170lp2z|03|org"; nocase; ) # 1en8iql1hnv3ck10eodvs1d13p1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1en8iql1hnv3ck10eodvs1d13p1|03|com"; nocase; ) # 17oz1o8rjicuh1gf56qy12f0vm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17oz1o8rjicuh1gf56qy12f0vm4|03|org"; nocase; ) # bhfxb6nqz0kenrzura12ozp1x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bhfxb6nqz0kenrzura12ozp1x|03|biz"; nocase; ) # j8girh1o18g0mysczx31l31mu1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8girh1o18g0mysczx31l31mu1|03|org"; nocase; ) # 4rrlw77azj2z1qnouw3yie333.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rrlw77azj2z1qnouw3yie333|03|com"; nocase; ) # 1k3edfl7546zb4f5vo0i7s0u4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k3edfl7546zb4f5vo0i7s0u4|03|org"; nocase; ) # 1kqmvbw156at1p1ew3t4ot8spv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqmvbw156at1p1ew3t4ot8spv1|03|com"; nocase; ) # c21nufqh7qc1rq3mro1qqa46v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c21nufqh7qc1rq3mro1qqa46v|03|net"; nocase; ) # 9o8i2nhd3zyy1m9yzozgocy7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9o8i2nhd3zyy1m9yzozgocy7x|03|org"; nocase; ) # oz9qajsnk4mk1ti21oq9x9mm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oz9qajsnk4mk1ti21oq9x9mm8|03|net"; nocase; ) # 128az2a1fznpzmh3wh8x1utc0e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|128az2a1fznpzmh3wh8x1utc0e0|03|biz"; nocase; ) # hx8k8r129i4es1r4296w1wo5cbm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hx8k8r129i4es1r4296w1wo5cbm|03|biz"; nocase; ) # b4magcyj2sm3b1llrjb6mwe7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b4magcyj2sm3b1llrjb6mwe7|03|org"; nocase; ) # 1cv2zs1p7um44hakb3faahy7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cv2zs1p7um44hakb3faahy7u|03|com"; nocase; ) # rmindqe207ve12pgj5v194fpjf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rmindqe207ve12pgj5v194fpjf|03|biz"; nocase; ) # q77ucp1uyuze51wgx79nz9ta85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q77ucp1uyuze51wgx79nz9ta85|03|net"; nocase; ) # e4lixex5ozn91ncvg7z7la2mz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e4lixex5ozn91ncvg7z7la2mz|03|biz"; nocase; ) # 136w5021517d0dcbdwt37eudr1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136w5021517d0dcbdwt37eudr1|03|org"; nocase; ) # 1pkzaj1ax6ujw1ilrlv51vg77ei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkzaj1ax6ujw1ilrlv51vg77ei|03|com"; nocase; ) # 1wux5c6apow6t6ms5jespyn33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wux5c6apow6t6ms5jespyn33|03|com"; nocase; ) # 1rmw1sv1kvey271v5gbs51ldfuf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rmw1sv1kvey271v5gbs51ldfuf4|03|com"; nocase; ) # 1l9pqsm7exq4jzhch8u3qfs5y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l9pqsm7exq4jzhch8u3qfs5y|03|biz"; nocase; ) # 1jj98f035kyoesoxl761gu820d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jj98f035kyoesoxl761gu820d|03|net"; nocase; ) # 16h3rs11hum05t1t6xoel1ckrzw6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16h3rs11hum05t1t6xoel1ckrzw6|03|biz"; nocase; ) # fkcnoy15ut0xgoaw53g9afhlp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fkcnoy15ut0xgoaw53g9afhlp|03|net"; nocase; ) # tz7ueb1al1zsm1yol76i1t1yqqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tz7ueb1al1zsm1yol76i1t1yqqb|03|biz"; nocase; ) # 1afhsqg1derh6tpqzsmu0k5d4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1afhsqg1derh6tpqzsmu0k5d4|03|org"; nocase; ) # i32cdvolwlf51xfjgos8ye2xg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i32cdvolwlf51xfjgos8ye2xg|03|org"; nocase; ) # 1l0epfihmcz2nk2boi11xoszk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l0epfihmcz2nk2boi11xoszk|03|com"; nocase; ) # w2birpx1mpek151j1sxg288c3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w2birpx1mpek151j1sxg288c3|03|biz"; nocase; ) # m1rxoyfbkq8l7s2nq31vcs1vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m1rxoyfbkq8l7s2nq31vcs1vi|03|net"; nocase; ) # p0czgk1i8ngj01qfe5xxlit567.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0czgk1i8ngj01qfe5xxlit567|03|com"; nocase; ) # 1nigjlyzh2n99j4o0ly1nykd85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nigjlyzh2n99j4o0ly1nykd85|03|net"; nocase; ) # k3vsy61tvujyjdm7yyzh4jqbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k3vsy61tvujyjdm7yyzh4jqbp|03|com"; nocase; ) # 1kd6dy3c3i83bd8h5yb1hbmieu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kd6dy3c3i83bd8h5yb1hbmieu|03|org"; nocase; ) # 1og9e111xjqxpttzlckpz8yjoy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1og9e111xjqxpttzlckpz8yjoy|03|org"; nocase; ) # yzqlj1wem28m1seg5grtv58ur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yzqlj1wem28m1seg5grtv58ur|03|org"; nocase; ) # 1pg6juhd11xdlbgqoy51lqrkp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pg6juhd11xdlbgqoy51lqrkp7|03|net"; nocase; ) # cj877wnfbsjs1rcajzzhwo8kh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cj877wnfbsjs1rcajzzhwo8kh|03|net"; nocase; ) # 1jzff9umuw03io79d1q42ky2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jzff9umuw03io79d1q42ky2h|03|org"; nocase; ) # 1ulxwjdeilhczr9g6nw7r2gjl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ulxwjdeilhczr9g6nw7r2gjl|03|com"; nocase; ) # 1nce5d81nzhzxk1l5rupwl66pj1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nce5d81nzhzxk1l5rupwl66pj1|03|org"; nocase; ) # jichll5hg5veemp2rs1otombh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jichll5hg5veemp2rs1otombh|03|net"; nocase; ) # 1id06sdiha4801qa9ph38m3dat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1id06sdiha4801qa9ph38m3dat|03|com"; nocase; ) # 1uvp1o31vlc2oq1crcnsa18ijamw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uvp1o31vlc2oq1crcnsa18ijamw|03|net"; nocase; ) # vo760f1u6cfjk99hkr3t8gjzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vo760f1u6cfjk99hkr3t8gjzm|03|org"; nocase; ) # 1figsndzg0gwe3b5u5et9dlv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1figsndzg0gwe3b5u5et9dlv6|03|net"; nocase; ) # 1h7482710uqh5kff06ovm7s4sp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h7482710uqh5kff06ovm7s4sp|03|org"; nocase; ) # h7stke3c4efxv9efly1jrha64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h7stke3c4efxv9efly1jrha64|03|com"; nocase; ) # 4o7vwx1uw5ozs11bwxtsl03e0k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4o7vwx1uw5ozs11bwxtsl03e0k|03|biz"; nocase; ) # 5kqk4ivcii9gy1akiu19n6lqd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5kqk4ivcii9gy1akiu19n6lqd|03|com"; nocase; ) # 1t4o4921ap02lvlefjqi1v86ggg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4o4921ap02lvlefjqi1v86ggg|03|org"; nocase; ) # hxl1fw44ng1i13cdujdl0wb8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hxl1fw44ng1i13cdujdl0wb8m|03|net"; nocase; ) # gzi61xz6sqopigwniep6uur0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gzi61xz6sqopigwniep6uur0|03|net"; nocase; ) # x0hrqkunl94ykf9o1kew1oty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x0hrqkunl94ykf9o1kew1oty|03|biz"; nocase; ) # 1st9i5l15ca348vliybk1qvvwiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1st9i5l15ca348vliybk1qvvwiq|03|org"; nocase; ) # np5x161q9rezc1wgyox0188gem9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|np5x161q9rezc1wgyox0188gem9|03|biz"; nocase; ) # 1pddgj6qq4gwue3bwps1rdos3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pddgj6qq4gwue3bwps1rdos3d|03|net"; nocase; ) # jhph3i1crtg3x1uqj73t343zvx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhph3i1crtg3x1uqj73t343zvx|03|biz"; nocase; ) # hbusdnnk92kf1el0950t9y1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hbusdnnk92kf1el0950t9y1s|03|biz"; nocase; ) # 1qfcog48s19wd1lkrfzp90alch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfcog48s19wd1lkrfzp90alch|03|net"; nocase; ) # 48td34jw7pvuuspa5a1rlbjim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|48td34jw7pvuuspa5a1rlbjim|03|org"; nocase; ) # 17tbtjhlmueyg18uwqcq1gtycpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tbtjhlmueyg18uwqcq1gtycpz|03|net"; nocase; ) # 1mwyn4etkfjrh12r2c1q1y3f4k1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mwyn4etkfjrh12r2c1q1y3f4k1|03|com"; nocase; ) # 1j87ble1difme9cspwmd1bu19jr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j87ble1difme9cspwmd1bu19jr|03|net"; nocase; ) # 14znx2ecnwr2h4574q71p2rv8f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14znx2ecnwr2h4574q71p2rv8f|03|com"; nocase; ) # 1knskl16walu912iew4v1whr0ki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1knskl16walu912iew4v1whr0ki|03|net"; nocase; ) # e3y7uuhtexg91s0bz4d2tm3ak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e3y7uuhtexg91s0bz4d2tm3ak|03|net"; nocase; ) # 184okd91kp1j756602273raz5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184okd91kp1j756602273raz5m|03|com"; nocase; ) # 6sqoa6ypc12f22zbik10t03pl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sqoa6ypc12f22zbik10t03pl|03|net"; nocase; ) # dzxbx71kdlu1v4pm5jg1xx4t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzxbx71kdlu1v4pm5jg1xx4t9|03|com"; nocase; ) # 1nbo1sby8zwf817zr82pvck55g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nbo1sby8zwf817zr82pvck55g|03|biz"; nocase; ) # tgvx2a9ogtco18xr5ncxvxi00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tgvx2a9ogtco18xr5ncxvxi00|03|org"; nocase; ) # i1cmky1v1qv6di802vb18ypecy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i1cmky1v1qv6di802vb18ypecy|03|biz"; nocase; ) # 1v8mr01bubx2e16a1hvl12599h8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8mr01bubx2e16a1hvl12599h8|03|com"; nocase; ) # yt8o3c1907yqlyn2juin1beg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yt8o3c1907yqlyn2juin1beg|03|org"; nocase; ) # 1ald0171pgvr1x1q0p6hzw6q1ni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ald0171pgvr1x1q0p6hzw6q1ni|03|biz"; nocase; ) # xpqcnnagu0ksw5disb15ubqlo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xpqcnnagu0ksw5disb15ubqlo|03|biz"; nocase; ) # 1gnvqqt7ig5i8lk00n3tpc8nb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gnvqqt7ig5i8lk00n3tpc8nb|03|com"; nocase; ) # 1yjketj1kc8l7g15wdrc11qd2zbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yjketj1kc8l7g15wdrc11qd2zbo|03|com"; nocase; ) # ru1o4c19v5jsd1bzt4ven79x6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ru1o4c19v5jsd1bzt4ven79x6h|03|org"; nocase; ) # 15d0bat1qg7bzu1ngo33b1tu6gqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15d0bat1qg7bzu1ngo33b1tu6gqh|03|com"; nocase; ) # 1lo2ifcag0l28115mcqo11avcce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lo2ifcag0l28115mcqo11avcce|03|biz"; nocase; ) # 13q3js4sgo7481tsjetpw5wpec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13q3js4sgo7481tsjetpw5wpec|03|com"; nocase; ) # xsdlqa1m3g2868vygnp8cojh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xsdlqa1m3g2868vygnp8cojh|03|net"; nocase; ) # 5l84mp1nbe2qk1p8r7kixuhbcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5l84mp1nbe2qk1p8r7kixuhbcx|03|org"; nocase; ) # 8q4om1uqnhc7fp6rnvqt0isz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8q4om1uqnhc7fp6rnvqt0isz|03|net"; nocase; ) # vifg7w1wmmhii1nzvbr81vsbdb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vifg7w1wmmhii1nzvbr81vsbdb1|03|com"; nocase; ) # dfi7rw1c8n5zxuax8hgbm6722.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfi7rw1c8n5zxuax8hgbm6722|03|net"; nocase; ) # 1kkol9ch66v2rc4fa86pq9t4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kkol9ch66v2rc4fa86pq9t4a|03|net"; nocase; ) # 1p8n5vc1bbrrv77vrzamepii12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p8n5vc1bbrrv77vrzamepii12|03|com"; nocase; ) # 1xmr49q5bye27101ittk15zfkvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xmr49q5bye27101ittk15zfkvu|03|net"; nocase; ) # n1520vtn3h161xps6qj3erooz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n1520vtn3h161xps6qj3erooz|03|biz"; nocase; ) # hbfndk1rp6o4oc40hy5oeuwan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hbfndk1rp6o4oc40hy5oeuwan|03|org"; nocase; ) # 1x94h5t1by8i151ig91c018qi7u5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x94h5t1by8i151ig91c018qi7u5|03|org"; nocase; ) # 4sms6xfatnehf393cl1peukkg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4sms6xfatnehf393cl1peukkg|03|com"; nocase; ) # 1bd56spy32n8jeovrruzkdcs1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bd56spy32n8jeovrruzkdcs1|03|com"; nocase; ) # 79wber1r22fhziw8l2c4p2smt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79wber1r22fhziw8l2c4p2smt|03|biz"; nocase; ) # 10o678v1t5jh6k1tzf2s5mqqvk1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10o678v1t5jh6k1tzf2s5mqqvk1|03|biz"; nocase; ) # j3qe09t8lfk71hlco2w1328foj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j3qe09t8lfk71hlco2w1328foj|03|net"; nocase; ) # yf684a15wx3ym2xs46x1kxz4ns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yf684a15wx3ym2xs46x1kxz4ns|03|com"; nocase; ) # 46xm7rswt2cy703khwbfom0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|46xm7rswt2cy703khwbfom0s|03|org"; nocase; ) # ha7i4q1i2en2b13kx2e4ac1w0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ha7i4q1i2en2b13kx2e4ac1w0y|03|net"; nocase; ) # fq0p3s68wpnyooyx92qc280o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fq0p3s68wpnyooyx92qc280o|03|net"; nocase; ) # 1juxvul1y25wyn1xlm8ap1mz468x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1juxvul1y25wyn1xlm8ap1mz468x|03|net"; nocase; ) # hhd2lc1vvxl01uipv0s14ej5l2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhd2lc1vvxl01uipv0s14ej5l2|03|org"; nocase; ) # 1ybsu7n1nx1elvo4rd76m9em8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ybsu7n1nx1elvo4rd76m9em8p|03|net"; nocase; ) # dfq23zn0rbww1493rcdf798ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfq23zn0rbww1493rcdf798ip|03|net"; nocase; ) # 1nn3svi6fxjw11wic0uu1mar0zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nn3svi6fxjw11wic0uu1mar0zw|03|org"; nocase; ) # 1bttdi27zw8xj1wvci4b1adp49x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bttdi27zw8xj1wvci4b1adp49x|03|biz"; nocase; ) # e1osfw1b6fzq81mewxbq11x26dp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e1osfw1b6fzq81mewxbq11x26dp|03|biz"; nocase; ) # zo3oah17bsf37h8i7vi103hvxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zo3oah17bsf37h8i7vi103hvxk|03|net"; nocase; ) # 1mm0sbi7c5lu21poxlhb4z50xx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mm0sbi7c5lu21poxlhb4z50xx|03|com"; nocase; ) # 1otmnfp1b92rs71ovysoxb7haa8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1otmnfp1b92rs71ovysoxb7haa8|03|net"; nocase; ) # 1vnmwa667vdceepxgp7z3w9c8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vnmwa667vdceepxgp7z3w9c8|03|biz"; nocase; ) # 1lr28cz1easo1kun4zs1nwuykb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lr28cz1easo1kun4zs1nwuykb|03|biz"; nocase; ) # 19lf08b1lpe1kh1xes9k5chlduw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19lf08b1lpe1kh1xes9k5chlduw|03|org"; nocase; ) # z2fit81n23anuxrux77chv5zp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z2fit81n23anuxrux77chv5zp|03|com"; nocase; ) # 36omfw1misf6952d18314bedh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|36omfw1misf6952d18314bedh9|03|biz"; nocase; ) # 7jyiy412zjx1w1t4h7hy173ph3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7jyiy412zjx1w1t4h7hy173ph3i|03|com"; nocase; ) # gv70wp1lzirca1rfwigmcnp35a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gv70wp1lzirca1rfwigmcnp35a|03|net"; nocase; ) # 1683e43hzqe4v18h08y5174x5xy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1683e43hzqe4v18h08y5174x5xy|03|net"; nocase; ) # 5lmyhp141yur3p3i5qn15ub7hg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5lmyhp141yur3p3i5qn15ub7hg|03|org"; nocase; ) # 1gobufn1o02gfe1wxytxoup2pt1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gobufn1o02gfe1wxytxoup2pt1|03|biz"; nocase; ) # d5rgd2gb6p5dnbiuu015c2bs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d5rgd2gb6p5dnbiuu015c2bs|03|com"; nocase; ) # 1he7huqoioilw1r3sls31muel6x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1he7huqoioilw1r3sls31muel6x|03|net"; nocase; ) # 8eskh5dkeirj534hvgnpousn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8eskh5dkeirj534hvgnpousn|03|net"; nocase; ) # 10rbms71dm992s1maqgrl16dfb39.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10rbms71dm992s1maqgrl16dfb39|03|net"; nocase; ) # 1luz9c0bteibc15shr8o1dkux7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1luz9c0bteibc15shr8o1dkux7g|03|net"; nocase; ) # 10r50981w07zzkfwrqay1k4mder.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10r50981w07zzkfwrqay1k4mder|03|org"; nocase; ) # lva9qgkrkha5d7tp2m1h5zg16.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lva9qgkrkha5d7tp2m1h5zg16|03|biz"; nocase; ) # 169u1857tbr171k1ax811immrkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|169u1857tbr171k1ax811immrkf|03|com"; nocase; ) # 1qm7d0s1epq7t31vkmvfb17q2c03.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qm7d0s1epq7t31vkmvfb17q2c03|03|net"; nocase; ) # 19s22431l06be61ffq55p1sv03hq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19s22431l06be61ffq55p1sv03hq|03|com"; nocase; ) # fbvuav11sdzfa1gqggbwluhuy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fbvuav11sdzfa1gqggbwluhuy|03|biz"; nocase; ) # 1a3mvczz39dmtal5zj8dv8cs2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a3mvczz39dmtal5zj8dv8cs2|03|org"; nocase; ) # 8jaqhxsdoovf8hxhs11rppn5r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8jaqhxsdoovf8hxhs11rppn5r|03|org"; nocase; ) # vsicxv1v64wb613xlrvw8ytril.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vsicxv1v64wb613xlrvw8ytril|03|net"; nocase; ) # ryslxuwkvivr1kv93ys1ksu2nd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ryslxuwkvivr1kv93ys1ksu2nd|03|com"; nocase; ) # hwm9qd1kwdpnf1xj49l36t9y2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hwm9qd1kwdpnf1xj49l36t9y2|03|net"; nocase; ) # 1joxkt3l85rio1ufon6h16xti24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1joxkt3l85rio1ufon6h16xti24|03|net"; nocase; ) # 1j8n50p1eia21p519dh71sm4bts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j8n50p1eia21p519dh71sm4bts|03|org"; nocase; ) # 1i0wvgk1lf3tm7yiy95r17o1z47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i0wvgk1lf3tm7yiy95r17o1z47|03|org"; nocase; ) # 1cb72on1qxbnf4wpmf4dysrexa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cb72on1qxbnf4wpmf4dysrexa|03|org"; nocase; ) # m4js8zw07z162s7m1h1te02on.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m4js8zw07z162s7m1h1te02on|03|com"; nocase; ) # 1ptt1n5q8jx2ny57euu6oxqto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ptt1n5q8jx2ny57euu6oxqto|03|org"; nocase; ) # 1gldq24akerxgw11cpf251j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gldq24akerxgw11cpf251j6|03|net"; nocase; ) # 112h4kskipzksdvcn97i9mcrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|112h4kskipzksdvcn97i9mcrp|03|net"; nocase; ) # 1jfd02qbep2h29zkdep1kj5743.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jfd02qbep2h29zkdep1kj5743|03|org"; nocase; ) # yqbymiad1udi1abpdgx5timwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yqbymiad1udi1abpdgx5timwm|03|net"; nocase; ) # 1q0t4a21pw5ygf1wbdi46p47sez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q0t4a21pw5ygf1wbdi46p47sez|03|com"; nocase; ) # uzfcffufjel11p7wqr8gi8c0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uzfcffufjel11p7wqr8gi8c0x|03|org"; nocase; ) # v9glcd1duftm5l5he8w1vuc8bq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9glcd1duftm5l5he8w1vuc8bq|03|biz"; nocase; ) # 11scj7ncftgy4sd1ozl1ynsr05.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11scj7ncftgy4sd1ozl1ynsr05|03|biz"; nocase; ) # 1nvhean1g6sxtk3m64f81bwrvpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nvhean1g6sxtk3m64f81bwrvpk|03|net"; nocase; ) # le53mb5tu3jpr3exfp1wk753w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|le53mb5tu3jpr3exfp1wk753w|03|biz"; nocase; ) # i0t6jze8zfnq1s4mkrkzhpu6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i0t6jze8zfnq1s4mkrkzhpu6r|03|org"; nocase; ) # 19ece6j1fwcnikobef7bv0d8ys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ece6j1fwcnikobef7bv0d8ys|03|net"; nocase; ) # ko3ou010thoma1wisi7814fmumn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ko3ou010thoma1wisi7814fmumn|03|org"; nocase; ) # gamxfm1ixlfw4volywb19tvri3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gamxfm1ixlfw4volywb19tvri3|03|biz"; nocase; ) # 1q52je511226091bek3ck1hvgcca.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q52je511226091bek3ck1hvgcca|03|org"; nocase; ) # t9gm63a78ukk1f5ee6239vumr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t9gm63a78ukk1f5ee6239vumr|03|com"; nocase; ) # 1t0rp7j1vti7agtmcn8q1ghkfkh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t0rp7j1vti7agtmcn8q1ghkfkh|03|com"; nocase; ) # tawzgt1iow10dueq8e6rqpwb3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tawzgt1iow10dueq8e6rqpwb3|03|org"; nocase; ) # 14jxczkhtfh0ck14r9vc1hzzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14jxczkhtfh0ck14r9vc1hzzw|03|net"; nocase; ) # 13r71m0ni0fy51hfes21t2tjmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13r71m0ni0fy51hfes21t2tjmi|03|org"; nocase; ) # 1mrg21xbz1yyw6wby27djqecr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mrg21xbz1yyw6wby27djqecr|03|net"; nocase; ) # 3prvaw1r5phtf9tfxli18dzs14.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3prvaw1r5phtf9tfxli18dzs14|03|biz"; nocase; ) # 8li35rmk0hp61e0cf5neg9yrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8li35rmk0hp61e0cf5neg9yrd|03|com"; nocase; ) # 1npt8kx1kgrvqstti9o4au8bzs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1npt8kx1kgrvqstti9o4au8bzs|03|biz"; nocase; ) # 1l3rg2sz8gqd3ljlg5r14oyv6f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l3rg2sz8gqd3ljlg5r14oyv6f|03|org"; nocase; ) # 11c7tvdrjku1j1uuhipp1cxqhfr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11c7tvdrjku1j1uuhipp1cxqhfr|03|net"; nocase; ) # 19wscq7xn1i0xolphqd1p2iaww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19wscq7xn1i0xolphqd1p2iaww|03|net"; nocase; ) # 6y0d1gtmd9ay1wskodm1rizj9l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6y0d1gtmd9ay1wskodm1rizj9l|03|com"; nocase; ) # 1oq7u4km0awy11ff5h1100c931.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oq7u4km0awy11ff5h1100c931|03|net"; nocase; ) # hj9zymdqpnkea7yvd91dz78gg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hj9zymdqpnkea7yvd91dz78gg|03|com"; nocase; ) # 1r6kq4y1scdo711njsced72cket.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r6kq4y1scdo711njsced72cket|03|org"; nocase; ) # 17ipco1gqk1sjeog2u617opobc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ipco1gqk1sjeog2u617opobc|03|net"; nocase; ) # 1uwxrv5nbap4t1tq4usw1vt6h29.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uwxrv5nbap4t1tq4usw1vt6h29|03|biz"; nocase; ) # 1806xm81jgzyshez1fx1u81f89.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1806xm81jgzyshez1fx1u81f89|03|com"; nocase; ) # 1p0btt37ax1fug7jn6hic6ea1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p0btt37ax1fug7jn6hic6ea1|03|org"; nocase; ) # 1qnwpsni2pnntbyy37n1fwvhaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qnwpsni2pnntbyy37n1fwvhaq|03|net"; nocase; ) # 1q6eqt91lxharm2l4yacl6vndq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q6eqt91lxharm2l4yacl6vndq|03|org"; nocase; ) # vzusktzlbhknhy9i4ydos6aw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vzusktzlbhknhy9i4ydos6aw|03|org"; nocase; ) # 1glrbr1v4syhy1qe80oo1csh6z9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1glrbr1v4syhy1qe80oo1csh6z9|03|net"; nocase; ) # plnp541tx72immq439w1q37em2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|plnp541tx72immq439w1q37em2|03|com"; nocase; ) # 1e5vacy1pmzz6weguaci16atafv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e5vacy1pmzz6weguaci16atafv|03|biz"; nocase; ) # 56r2uw1dt0zt61o6m2bmsh3a9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|56r2uw1dt0zt61o6m2bmsh3a9f|03|net"; nocase; ) # heowwa3lgkr5nfoj3c1psr2gw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|heowwa3lgkr5nfoj3c1psr2gw|03|org"; nocase; ) # 1uwr7471q1g3261ddbagvo5x1e6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uwr7471q1g3261ddbagvo5x1e6|03|org"; nocase; ) # 1x63gc6i1u4cmo7x49o1prca7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x63gc6i1u4cmo7x49o1prca7t|03|net"; nocase; ) # ufesa9j9e461b5gij2qrphgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ufesa9j9e461b5gij2qrphgz|03|org"; nocase; ) # 1n1e33g1giabe91779l1kqgjjqm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n1e33g1giabe91779l1kqgjjqm|03|net"; nocase; ) # 19tmhi41amzeawv9rmg3ygrab0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19tmhi41amzeawv9rmg3ygrab0|03|com"; nocase; ) # k3rfhf1ivatzu15jfk6ipywqxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3rfhf1ivatzu15jfk6ipywqxd|03|org"; nocase; ) # 1nzjigxvopka71rkohf4xr4hc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nzjigxvopka71rkohf4xr4hc|03|com"; nocase; ) # 10hx2bdq9v8ek1yurc6tr4cak2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10hx2bdq9v8ek1yurc6tr4cak2|03|com"; nocase; ) # 1p3azyu3p6wzqom5y06406tgp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p3azyu3p6wzqom5y06406tgp|03|net"; nocase; ) # 2vwur614eaapq1s3qe9d1gqo8hd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2vwur614eaapq1s3qe9d1gqo8hd|03|biz"; nocase; ) # y8uvq5v5n0vkg4qwi11q5boxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y8uvq5v5n0vkg4qwi11q5boxi|03|org"; nocase; ) # 1yohpxa1wxi75s12x4iwr1pyfc0f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yohpxa1wxi75s12x4iwr1pyfc0f|03|com"; nocase; ) # ehvvi59fbpcz1sa9q361kmnlx6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehvvi59fbpcz1sa9q361kmnlx6|03|net"; nocase; ) # vuuodgqfpnypssl2te802ocw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vuuodgqfpnypssl2te802ocw|03|net"; nocase; ) # 1sg9prw15uw5p92d5y6d7t2ru0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sg9prw15uw5p92d5y6d7t2ru0|03|net"; nocase; ) # 1k3m9n4lp3ge0172x08b2mwezl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3m9n4lp3ge0172x08b2mwezl|03|org"; nocase; ) # 1oeonf718lmq1p3kme5410r0rgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oeonf718lmq1p3kme5410r0rgh|03|net"; nocase; ) # 1d1h3188qtc6b1mukl78zogypc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d1h3188qtc6b1mukl78zogypc|03|biz"; nocase; ) # 1mphqwmv88seh1o29isn6ornr7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mphqwmv88seh1o29isn6ornr7|03|biz"; nocase; ) # ip705lqxfcugolwrqqh00m5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ip705lqxfcugolwrqqh00m5|03|net"; nocase; ) # 1o5mbxn11ctku5kqx81bp5i84.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o5mbxn11ctku5kqx81bp5i84|03|org"; nocase; ) # 2cfkiej7slo2e9qvva1f0wj37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2cfkiej7slo2e9qvva1f0wj37|03|net"; nocase; ) # 1a50ujn10mxpm913bthafd7m4az.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a50ujn10mxpm913bthafd7m4az|03|org"; nocase; ) # wdq81pkibkfmz6ubjr1coflax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wdq81pkibkfmz6ubjr1coflax|03|net"; nocase; ) # e2d5b61kruixc17hqkwd1qv0p1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e2d5b61kruixc17hqkwd1qv0p1x|03|org"; nocase; ) # 9p6zmh1hybwy4a8btqsi8anj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9p6zmh1hybwy4a8btqsi8anj3|03|net"; nocase; ) # 11wfd8wk4c6f31uv10ivzp3124.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11wfd8wk4c6f31uv10ivzp3124|03|org"; nocase; ) # 18vm3q2k8x1243jape3amzq74.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18vm3q2k8x1243jape3amzq74|03|org"; nocase; ) # 8gsj5i1kq4p401ioy6d5c3nhxn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8gsj5i1kq4p401ioy6d5c3nhxn|03|biz"; nocase; ) # k2xmjld9y8xf1olksl717gs4hi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k2xmjld9y8xf1olksl717gs4hi|03|net"; nocase; ) # 1k718qog6un0191aukgaken3g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k718qog6un0191aukgaken3g|03|net"; nocase; ) # kqlninv3922t1yc3fob10oh3xx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kqlninv3922t1yc3fob10oh3xx|03|com"; nocase; ) # 1jxgmki9ushl81cq7yhq17x6vz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jxgmki9ushl81cq7yhq17x6vz0|03|org"; nocase; ) # iosby3wq2e183gtqpkle9ehf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iosby3wq2e183gtqpkle9ehf|03|biz"; nocase; ) # znkpxf1ylsvkrkrckgm1ic9hmo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znkpxf1ylsvkrkrckgm1ic9hmo|03|com"; nocase; ) # 14grqeo3tn93n117fz4jigfi64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14grqeo3tn93n117fz4jigfi64|03|net"; nocase; ) # 12tnw232p5y4f1r05vwrfgzdxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12tnw232p5y4f1r05vwrfgzdxf|03|com"; nocase; ) # 9ac7vzkmkj991vnk5uf1i3otnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ac7vzkmkj991vnk5uf1i3otnx|03|net"; nocase; ) # diayvubku6wu1jaoxrxky0l9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|diayvubku6wu1jaoxrxky0l9y|03|com"; nocase; ) # 1sotipe1s815jg1efja7j1mmqd19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sotipe1s815jg1efja7j1mmqd19|03|org"; nocase; ) # 1i6dvljabm7nljcvax1wk6rp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1i6dvljabm7nljcvax1wk6rp|03|net"; nocase; ) # mjmmcr19uw6bx2jrhhn1vo3iww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mjmmcr19uw6bx2jrhhn1vo3iww|03|com"; nocase; ) # ubgsdzyu2kk51hrsd8cee6frx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ubgsdzyu2kk51hrsd8cee6frx|03|biz"; nocase; ) # 13j2mw75azzzvn5sa5hx99qf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13j2mw75azzzvn5sa5hx99qf|03|com"; nocase; ) # 8wlf3zefulbh5awttv1c4qcb5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8wlf3zefulbh5awttv1c4qcb5|03|net"; nocase; ) # tzdn09x2znr9v8had51qz4mnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tzdn09x2znr9v8had51qz4mnk|03|com"; nocase; ) # 1dhqqg54gkalbkp260h89ghe7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dhqqg54gkalbkp260h89ghe7|03|org"; nocase; ) # k6mbqk1cu1pgs333jptw75fzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k6mbqk1cu1pgs333jptw75fzm|03|net"; nocase; ) # 1od0te9f0ww9f1w792zpig3rtn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1od0te9f0ww9f1w792zpig3rtn|03|com"; nocase; ) # w1q79jszvl40awnmwqhmrpce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w1q79jszvl40awnmwqhmrpce|03|org"; nocase; ) # 1w1duni1taceb8wa19poost6h1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1duni1taceb8wa19poost6h1|03|net"; nocase; ) # 1nnweg01ytfjiy18amsg51l2bf7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nnweg01ytfjiy18amsg51l2bf7|03|com"; nocase; ) # 1pqbrin1ammu571awzpad1f6mr36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pqbrin1ammu571awzpad1f6mr36|03|com"; nocase; ) # ok2mp8phkgu78awspa18s880j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ok2mp8phkgu78awspa18s880j|03|com"; nocase; ) # 1ch11yh19r1jjqkg5hcw11l80xl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ch11yh19r1jjqkg5hcw11l80xl|03|net"; nocase; ) # h7x1h41qs872qhdkqgt1j1orh0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h7x1h41qs872qhdkqgt1j1orh0|03|net"; nocase; ) # 14pz06a1p6zg0l1jnqsm41can03i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14pz06a1p6zg0l1jnqsm41can03i|03|net"; nocase; ) # 1ypeofc1d6hwnw19fkkc8hwu9bw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ypeofc1d6hwnw19fkkc8hwu9bw|03|com"; nocase; ) # rb4n4dws5miypo291ezynios.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rb4n4dws5miypo291ezynios|03|com"; nocase; ) # 17xai3q19fdnvhkl7udwjfazgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17xai3q19fdnvhkl7udwjfazgr|03|org"; nocase; ) # 1dui3yfupdt65fvjjn91wd2w51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dui3yfupdt65fvjjn91wd2w51|03|org"; nocase; ) # 1s5ul2ejx94cid9duqbptlqq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s5ul2ejx94cid9duqbptlqq2|03|net"; nocase; ) # 10u549m5jjd6u1sls9d9ucf0a0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10u549m5jjd6u1sls9d9ucf0a0|03|biz"; nocase; ) # 1uhi2mn1exndbyy5nchj1rlcj7g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uhi2mn1exndbyy5nchj1rlcj7g|03|biz"; nocase; ) # 7f5zh1tiybjm1o9zfuc5ke2xt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7f5zh1tiybjm1o9zfuc5ke2xt|03|biz"; nocase; ) # 1nantwh1rn7gjkil4qlmts2pzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nantwh1rn7gjkil4qlmts2pzw|03|com"; nocase; ) # bwmvsl1lmhd4x14mdbu11939i9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bwmvsl1lmhd4x14mdbu11939i9b|03|org"; nocase; ) # 1ird5g614rzzptlob293w4wuaq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ird5g614rzzptlob293w4wuaq|03|org"; nocase; ) # 1bwkce22y0vt112khrie19choik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bwkce22y0vt112khrie19choik|03|com"; nocase; ) # bwszt2sf895a1nza16t17401l0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwszt2sf895a1nza16t17401l0|03|net"; nocase; ) # 1yd98b9y4y3ed1liv66vgtz6ov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yd98b9y4y3ed1liv66vgtz6ov|03|com"; nocase; ) # j6ew1n1336jhmuir4mtbs6v38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6ew1n1336jhmuir4mtbs6v38|03|com"; nocase; ) # n8yl51qji4jm1rt8pule224ag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n8yl51qji4jm1rt8pule224ag|03|com"; nocase; ) # 1gkrelkdslgz51ageee13e11gm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gkrelkdslgz51ageee13e11gm|03|biz"; nocase; ) # 1frhbxx1nkss3l66rx7bd8cuvu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1frhbxx1nkss3l66rx7bd8cuvu|03|com"; nocase; ) # 1p5664s1yq2k6iqmk7r11r7ovim.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p5664s1yq2k6iqmk7r11r7ovim|03|net"; nocase; ) # fhhf831a9g93j1a2tcn8tla0p3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fhhf831a9g93j1a2tcn8tla0p3|03|org"; nocase; ) # 48jhru18b86rtr4zvx1wx14py.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|48jhru18b86rtr4zvx1wx14py|03|net"; nocase; ) # qehp3tovkpcc1hrop66ce4ne1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qehp3tovkpcc1hrop66ce4ne1|03|net"; nocase; ) # st3su6y7fg0n1tns51d54rclb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|st3su6y7fg0n1tns51d54rclb|03|com"; nocase; ) # oc94ld1juis1f1x115zy1vw07jz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oc94ld1juis1f1x115zy1vw07jz|03|org"; nocase; ) # y3jjxb1ven0rc115iq4k1cp9784.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y3jjxb1ven0rc115iq4k1cp9784|03|net"; nocase; ) # 1h2t0601a5rak56tctve165awbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h2t0601a5rak56tctve165awbv|03|com"; nocase; ) # 14cz8oo1bls72xgsorfz1gr7qal.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cz8oo1bls72xgsorfz1gr7qal|03|biz"; nocase; ) # 8941lr1ax4inn10ke0g4jgl00b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8941lr1ax4inn10ke0g4jgl00b|03|biz"; nocase; ) # qyrdq21ce2m5hbgjhkopp5dlr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qyrdq21ce2m5hbgjhkopp5dlr|03|com"; nocase; ) # 1t5nd0u6qairz1iyk27j11mjl7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5nd0u6qairz1iyk27j11mjl7q|03|net"; nocase; ) # 1xjf5orbkd7swirslac5b70t5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xjf5orbkd7swirslac5b70t5|03|biz"; nocase; ) # 1lqtogm1dc7rd41d12hgzt57l27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lqtogm1dc7rd41d12hgzt57l27|03|com"; nocase; ) # 1gm1ma3blqq8oapghiq3gkcph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gm1ma3blqq8oapghiq3gkcph|03|net"; nocase; ) # bqwuq8ximsatd9ie7zgjh0b8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bqwuq8ximsatd9ie7zgjh0b8|03|org"; nocase; ) # xrm56n1kpw7jcn0or7pas1qop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrm56n1kpw7jcn0or7pas1qop|03|com"; nocase; ) # 1f9qr34r7r5tnhm850h5bt8y7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f9qr34r7r5tnhm850h5bt8y7|03|net"; nocase; ) # hyns7410y311dbfgf1b37vv58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hyns7410y311dbfgf1b37vv58|03|net"; nocase; ) # 8682r81f8u70q1jkzvg9trkn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8682r81f8u70q1jkzvg9trkn6|03|org"; nocase; ) # ev1lb6sr8xdfe0kzmj1nq75sw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ev1lb6sr8xdfe0kzmj1nq75sw|03|biz"; nocase; ) # 5snkb9o0bsn21xml9ar15y5jyj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5snkb9o0bsn21xml9ar15y5jyj|03|net"; nocase; ) # u1nujn1wb60rl1iknn4e1dx233y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u1nujn1wb60rl1iknn4e1dx233y|03|biz"; nocase; ) # 17xdo171o7z4bx17urfp112qucs1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17xdo171o7z4bx17urfp112qucs1|03|net"; nocase; ) # 4ix0no1l8nbh1xlbgos1q20mrl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ix0no1l8nbh1xlbgos1q20mrl|03|com"; nocase; ) # xjok6kd5bmmg2q6zvp1yiri1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xjok6kd5bmmg2q6zvp1yiri1t|03|org"; nocase; ) # 1k6hluvp27rge15k2cb86btzch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k6hluvp27rge15k2cb86btzch|03|com"; nocase; ) # 1pe082zjvr09ip3z6r1w07y7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pe082zjvr09ip3z6r1w07y7z|03|net"; nocase; ) # 5bqcoobpkpwnzm8z3944qpgm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5bqcoobpkpwnzm8z3944qpgm|03|com"; nocase; ) # 1kjq9mrg775yu15fy37g1id3xkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kjq9mrg775yu15fy37g1id3xkf|03|net"; nocase; ) # 1d1csr9j22g9816fdphq7b1sbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d1csr9j22g9816fdphq7b1sbn|03|com"; nocase; ) # 1vg3o3u1sdjrlrn3jt7v1nog4i6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vg3o3u1sdjrlrn3jt7v1nog4i6|03|net"; nocase; ) # bmmkfr16cdqv01nqglqg1tvt8qk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bmmkfr16cdqv01nqglqg1tvt8qk|03|net"; nocase; ) # 1g7kfx71bqnxyjc7z1zil4j3cn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7kfx71bqnxyjc7z1zil4j3cn|03|org"; nocase; ) # 1fwn0d51l06px61k4ysal28tbw2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fwn0d51l06px61k4ysal28tbw2|03|com"; nocase; ) # 1a4ptr49mxc2l5wekl11nk3piq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a4ptr49mxc2l5wekl11nk3piq|03|com"; nocase; ) # b8j6fu1awdiep1o2wphjumhtki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b8j6fu1awdiep1o2wphjumhtki|03|net"; nocase; ) # 174rwv31m8sz8lt4cumgn8x2vn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|174rwv31m8sz8lt4cumgn8x2vn|03|net"; nocase; ) # 161musg11ckoaakkvc0m1pprajp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161musg11ckoaakkvc0m1pprajp|03|net"; nocase; ) # ljyfua19ojj4hi9f7fp7jh6ke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ljyfua19ojj4hi9f7fp7jh6ke|03|com"; nocase; ) # mnwh1o1futb9116k0qkclzvch4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mnwh1o1futb9116k0qkclzvch4|03|org"; nocase; ) # mq8qbsodp9k6capxxbgema4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mq8qbsodp9k6capxxbgema4l|03|net"; nocase; ) # 6xd0do1uxqyw1buc24w1iwg9cl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xd0do1uxqyw1buc24w1iwg9cl|03|net"; nocase; ) # 1penibttrn30815ju07gu8ofp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1penibttrn30815ju07gu8ofp|03|net"; nocase; ) # 1k4sn3dou8dlh1yu5cf11snpjox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k4sn3dou8dlh1yu5cf11snpjox|03|com"; nocase; ) # 1qsjchpgvwyqkylf8t31vybiml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qsjchpgvwyqkylf8t31vybiml|03|com"; nocase; ) # 1os1fxd1v3uu8uloh35hr9nmdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1os1fxd1v3uu8uloh35hr9nmdz|03|com"; nocase; ) # 6t86cwi1vvcfixbc0712rowhz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6t86cwi1vvcfixbc0712rowhz|03|net"; nocase; ) # 1d4tkf717ugf07cpm9ni125d3ps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4tkf717ugf07cpm9ni125d3ps|03|biz"; nocase; ) # xbd1rs16ja7nuvmic8y1fmbj0g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xbd1rs16ja7nuvmic8y1fmbj0g|03|org"; nocase; ) # aklkto1kjun7i1vcmxr1wmxzb3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aklkto1kjun7i1vcmxr1wmxzb3|03|com"; nocase; ) # 1gtlop8epxk91ejh8ox8jkofy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gtlop8epxk91ejh8ox8jkofy|03|com"; nocase; ) # 132hwww10i9bkjfm79ad1fyeohn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|132hwww10i9bkjfm79ad1fyeohn|03|net"; nocase; ) # 1lwenzam8udqge9qe661u9mjjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lwenzam8udqge9qe661u9mjjc|03|com"; nocase; ) # sbidjusvhgvn1ye9fpkpcsfgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbidjusvhgvn1ye9fpkpcsfgx|03|net"; nocase; ) # 9brsth1vecykw1amwzja1mcbgg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9brsth1vecykw1amwzja1mcbgg4|03|org"; nocase; ) # 1kqyuka244fhk1dsetzx14er5nx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqyuka244fhk1dsetzx14er5nx|03|biz"; nocase; ) # 18cito7fd7f571bt1ov98uhce6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18cito7fd7f571bt1ov98uhce6|03|org"; nocase; ) # nn1swr709wam1ws8j2o15jtpa9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nn1swr709wam1ws8j2o15jtpa9|03|com"; nocase; ) # udh3r9b9vfulgytl5i1qkhzd3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|udh3r9b9vfulgytl5i1qkhzd3|03|net"; nocase; ) # 6pmg3sdg96hg1mpj6a41d8wa9o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6pmg3sdg96hg1mpj6a41d8wa9o|03|biz"; nocase; ) # 1qdm4iq1v8mhw01lr7idv1ognv5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qdm4iq1v8mhw01lr7idv1ognv5a|03|net"; nocase; ) # 1wcykle1yo8jj8tfckcjcq6e0i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wcykle1yo8jj8tfckcjcq6e0i|03|biz"; nocase; ) # 7w6xgnvso3071gfsr1f8k1dyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7w6xgnvso3071gfsr1f8k1dyx|03|net"; nocase; ) # 1yf8lrfydnl2b1f93rwwjh1p2m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yf8lrfydnl2b1f93rwwjh1p2m|03|com"; nocase; ) # lm8rlk1fvml0u13s2jxn1d7db7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lm8rlk1fvml0u13s2jxn1d7db7j|03|org"; nocase; ) # 2jii7119qfwqm6id9op1diq1un.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2jii7119qfwqm6id9op1diq1un|03|com"; nocase; ) # xvb2m913qmb691rlq8ee1m8cy1p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xvb2m913qmb691rlq8ee1m8cy1p|03|org"; nocase; ) # 1eczer113knqs82xf7dh9bzy1y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eczer113knqs82xf7dh9bzy1y|03|biz"; nocase; ) # 11objvu3vr0roxugfkro4ywhk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11objvu3vr0roxugfkro4ywhk|03|biz"; nocase; ) # g8c9fc11qtutl1edkfxf1i8v7lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g8c9fc11qtutl1edkfxf1i8v7lr|03|net"; nocase; ) # 1o30be21b9vm1d1nexgxv1wiva08.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o30be21b9vm1d1nexgxv1wiva08|03|biz"; nocase; ) # 1b2d8fjdkdxzv38nlykg6ygch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b2d8fjdkdxzv38nlykg6ygch|03|com"; nocase; ) # 81w48ss80nj8yl6rtz1i3it0t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|81w48ss80nj8yl6rtz1i3it0t|03|com"; nocase; ) # 1oaebuv3sc3lbdwa3gswpbpep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oaebuv3sc3lbdwa3gswpbpep|03|org"; nocase; ) # 6iqi4j1te7tzw19rribn1mxx5sg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6iqi4j1te7tzw19rribn1mxx5sg|03|biz"; nocase; ) # w63lxb1ufmusc3rrq20xrsj83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w63lxb1ufmusc3rrq20xrsj83|03|com"; nocase; ) # 1v37mwt14xr1vl1bz6qlp13c7gae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v37mwt14xr1vl1bz6qlp13c7gae|03|biz"; nocase; ) # ugqnu21xc1spl14l7bu2e3d72s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ugqnu21xc1spl14l7bu2e3d72s|03|com"; nocase; ) # 1e05u95luj7iljxraxm1sm2j23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e05u95luj7iljxraxm1sm2j23|03|net"; nocase; ) # 1df44qv15gj4y01w898x1vexivf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1df44qv15gj4y01w898x1vexivf|03|biz"; nocase; ) # 1rycmav10nh7n31rnoxfv1sxdwe4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rycmav10nh7n31rnoxfv1sxdwe4|03|org"; nocase; ) # hwq7bo18xk0e7y1bdkt1rwju66.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hwq7bo18xk0e7y1bdkt1rwju66|03|biz"; nocase; ) # 1gknrbh17pul9u1sziw2oomk1q9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gknrbh17pul9u1sziw2oomk1q9|03|net"; nocase; ) # 1v1i3sp1ju23nxtf6dav1t7majt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v1i3sp1ju23nxtf6dav1t7majt|03|org"; nocase; ) # bo5g6dx8eq7h16okbpwtbx98.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bo5g6dx8eq7h16okbpwtbx98|03|biz"; nocase; ) # uzmodjb9luxl1b9645w1dv5lbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uzmodjb9luxl1b9645w1dv5lbd|03|org"; nocase; ) # 1ijro0xx7482t11t2b5se87ked.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ijro0xx7482t11t2b5se87ked|03|com"; nocase; ) # oew1lagnn4jdco3sxr5nlozo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oew1lagnn4jdco3sxr5nlozo|03|biz"; nocase; ) # 12eoihr18mczsgeg3j8p3kxaj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12eoihr18mczsgeg3j8p3kxaj6|03|net"; nocase; ) # 1c9nx3hxtk47j1m1f77h381wn3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c9nx3hxtk47j1m1f77h381wn3|03|org"; nocase; ) # iep5iakhgvm7xhichworyt8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iep5iakhgvm7xhichworyt8v|03|com"; nocase; ) # 16nc27d1c0z0gdc892ay1mk1tjk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16nc27d1c0z0gdc892ay1mk1tjk|03|com"; nocase; ) # 18xkif214ltj7c1f2sh9x1s1fkx5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18xkif214ltj7c1f2sh9x1s1fkx5|03|com"; nocase; ) # ma80rt5mr30p1n0yqkx1a03tiv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ma80rt5mr30p1n0yqkx1a03tiv|03|biz"; nocase; ) # j8f7jevmuntj1dtb4721se5pmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8f7jevmuntj1dtb4721se5pmo|03|net"; nocase; ) # 3ux9v31lb2iwp1xl4fp5p2beza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ux9v31lb2iwp1xl4fp5p2beza|03|com"; nocase; ) # 1v4utih15obin1ta8uephkvffn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v4utih15obin1ta8uephkvffn|03|org"; nocase; ) # vb9v9x1vk3xwdjp6fwhy5qx67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vb9v9x1vk3xwdjp6fwhy5qx67|03|com"; nocase; ) # 1srtjwsp12k21dgzsdvma5qlu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1srtjwsp12k21dgzsdvma5qlu|03|net"; nocase; ) # 1bu2k201m41e2bkh31faxmlwcy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bu2k201m41e2bkh31faxmlwcy|03|org"; nocase; ) # 1svsts24c2yx1tgb3mivsy86q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1svsts24c2yx1tgb3mivsy86q|03|com"; nocase; ) # zj6iw0bm3x1t14srdoyl9u4v2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zj6iw0bm3x1t14srdoyl9u4v2|03|biz"; nocase; ) # fbljuf1mvuoq41oigkgl1ulg68q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fbljuf1mvuoq41oigkgl1ulg68q|03|net"; nocase; ) # nij33hbre0bc16zl3hk1ao5hbg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nij33hbre0bc16zl3hk1ao5hbg|03|net"; nocase; ) # 1f95r0t11ww566157793e12eq55y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f95r0t11ww566157793e12eq55y|03|net"; nocase; ) # 5ao5y61vlynhu8uy52bu1pro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5ao5y61vlynhu8uy52bu1pro|03|org"; nocase; ) # m1o5fz3mk5261xr4okm8bpyam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m1o5fz3mk5261xr4okm8bpyam|03|biz"; nocase; ) # 179dv1g1nuzhl9n09efb1chgz0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|179dv1g1nuzhl9n09efb1chgz0h|03|net"; nocase; ) # ies4fkw6ak7j7mmcla1motbr5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ies4fkw6ak7j7mmcla1motbr5|03|net"; nocase; ) # 18kfe4n1cp374d1i7nqrsbrs3ic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18kfe4n1cp374d1i7nqrsbrs3ic|03|net"; nocase; ) # 149xjkm1ytfyl0wlif8e1krpit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|149xjkm1ytfyl0wlif8e1krpit|03|com"; nocase; ) # 1aa4q2j1j8dr1vulwyrtvhzkwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aa4q2j1j8dr1vulwyrtvhzkwp|03|com"; nocase; ) # zne4l3rhgp7z1f8t7j4fegc69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zne4l3rhgp7z1f8t7j4fegc69|03|net"; nocase; ) # 7sc4565xfpwjrnegh14vybeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7sc4565xfpwjrnegh14vybeb|03|com"; nocase; ) # defts6yykhkfjqzyvbjr4ltj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|defts6yykhkfjqzyvbjr4ltj|03|net"; nocase; ) # l31ql1y29irlbow661fvrwe7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l31ql1y29irlbow661fvrwe7|03|org"; nocase; ) # 1qug32pv4fhtvgf7o0p15blvr6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qug32pv4fhtvgf7o0p15blvr6|03|com"; nocase; ) # pd7yb5u6p8w21f0icaf9p8qaj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pd7yb5u6p8w21f0icaf9p8qaj|03|org"; nocase; ) # 19rr5i35zrkad1bd9nwu151dlof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19rr5i35zrkad1bd9nwu151dlof|03|biz"; nocase; ) # 18wenwh11ryndg1ky27ia1ky0t47.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18wenwh11ryndg1ky27ia1ky0t47|03|net"; nocase; ) # kilvpn1nibcpdr9bnfcj199t0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kilvpn1nibcpdr9bnfcj199t0|03|com"; nocase; ) # 19nivgz874uxbojopwk1l5xcqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19nivgz874uxbojopwk1l5xcqk|03|biz"; nocase; ) # 5gq7u0qini13lhw9bjyp4m9i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5gq7u0qini13lhw9bjyp4m9i|03|org"; nocase; ) # 1ceg39mi29ya970o2802wz033.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ceg39mi29ya970o2802wz033|03|biz"; nocase; ) # i0n7jrt59btxt5bn751dg8wmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i0n7jrt59btxt5bn751dg8wmd|03|net"; nocase; ) # nagozobxk1tobsi7dzk64y74.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nagozobxk1tobsi7dzk64y74|03|com"; nocase; ) # 1iofh97xdxr4kl2apb21t6po2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iofh97xdxr4kl2apb21t6po2i|03|org"; nocase; ) # 1699fpl125i3b21e1ij801boyel0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1699fpl125i3b21e1ij801boyel0|03|com"; nocase; ) # 1h202m6vv4bht76d5z71uahz3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h202m6vv4bht76d5z71uahz3v|03|biz"; nocase; ) # 1jcru5m1t60kra1myu1h51hzs7wv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jcru5m1t60kra1myu1h51hzs7wv|03|com"; nocase; ) # h9xft21vn0mqm11pp0sqix298h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h9xft21vn0mqm11pp0sqix298h|03|org"; nocase; ) # 7djjd61v1oajijhxtpig609ff.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7djjd61v1oajijhxtpig609ff|03|biz"; nocase; ) # 1oym0z257r3n31gpqtf6mx8ydd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oym0z257r3n31gpqtf6mx8ydd|03|net"; nocase; ) # 1vb8vaqzdcy9v1o9edop1yxc6mk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vb8vaqzdcy9v1o9edop1yxc6mk|03|org"; nocase; ) # 1knopj7ddzegjtuslq9sy7iij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1knopj7ddzegjtuslq9sy7iij|03|biz"; nocase; ) # 29fdf51ejgplix65ohs1f9oroz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|29fdf51ejgplix65ohs1f9oroz|03|org"; nocase; ) # 16rb880bf1hlvncx4qwucyba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|16rb880bf1hlvncx4qwucyba|03|org"; nocase; ) # sjgcw43txfkj1nsswmt14qmiwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sjgcw43txfkj1nsswmt14qmiwj|03|net"; nocase; ) # 442q031jxto4q1vhmbuf1vwwf45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|442q031jxto4q1vhmbuf1vwwf45|03|com"; nocase; ) # od4utgpw6fnm1egwvbu1uhskwe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|od4utgpw6fnm1egwvbu1uhskwe|03|org"; nocase; ) # 1459yc21n6tms810tuzp1193u4iw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1459yc21n6tms810tuzp1193u4iw|03|biz"; nocase; ) # 684sk0x1vc9qzolavk1ij5ars.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|684sk0x1vc9qzolavk1ij5ars|03|com"; nocase; ) # 1ru9c4kvwjpvh1lmx2gti93t20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ru9c4kvwjpvh1lmx2gti93t20|03|net"; nocase; ) # km0ozab4uf2vsx80rqctsuxe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|km0ozab4uf2vsx80rqctsuxe|03|biz"; nocase; ) # 7w50hp1t4d5ud8kjzy6qk76wp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7w50hp1t4d5ud8kjzy6qk76wp|03|org"; nocase; ) # 18sb86flyn1s91ptic9x1r3tp5n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18sb86flyn1s91ptic9x1r3tp5n|03|com"; nocase; ) # 9ffsyzupwxu1dye2vi1algqzg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ffsyzupwxu1dye2vi1algqzg|03|net"; nocase; ) # 18l67ikpljdh81nqypb24arrm8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18l67ikpljdh81nqypb24arrm8|03|com"; nocase; ) # 10wk9zy177dcbnho4sf61hvozv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wk9zy177dcbnho4sf61hvozv1|03|com"; nocase; ) # 1mxyrn4c8w0q1j7fs4c58dj2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mxyrn4c8w0q1j7fs4c58dj2d|03|net"; nocase; ) # 197qx1cy5n6fp1bi2z7i1xjmtaj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|197qx1cy5n6fp1bi2z7i1xjmtaj|03|net"; nocase; ) # 1i6xx901xzbwg6jthlh64p43g0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i6xx901xzbwg6jthlh64p43g0|03|com"; nocase; ) # bvyjsu12uuehhd9fb3m1nbqhj0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bvyjsu12uuehhd9fb3m1nbqhj0|03|net"; nocase; ) # 1x72qsqqz2nud153n7vs1xm2p9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x72qsqqz2nud153n7vs1xm2p9g|03|com"; nocase; ) # n5lyzykvz4fk1sorf5qxo64t2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5lyzykvz4fk1sorf5qxo64t2|03|org"; nocase; ) # 1rel9fbpwr5qs1rl8bcp1txf8ct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rel9fbpwr5qs1rl8bcp1txf8ct|03|net"; nocase; ) # ab765c1r5rfia1ipnaqseal6vd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ab765c1r5rfia1ipnaqseal6vd|03|com"; nocase; ) # 1rfoezar07np6kfvrqr1qwx57p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rfoezar07np6kfvrqr1qwx57p|03|org"; nocase; ) # 2xii831cvwbq31l22d4a1enxh67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2xii831cvwbq31l22d4a1enxh67|03|net"; nocase; ) # 1fkffbck7redb652l31f6lmhj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fkffbck7redb652l31f6lmhj|03|org"; nocase; ) # 1rd5iapor2l9wim4ydp1lavudr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rd5iapor2l9wim4ydp1lavudr|03|biz"; nocase; ) # 1j9xbf51xok9gwcvwuf5dyyo7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9xbf51xok9gwcvwuf5dyyo7w|03|net"; nocase; ) # 1a518o8d1kfwn1d7dqwu1tlxmbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a518o8d1kfwn1d7dqwu1tlxmbi|03|net"; nocase; ) # 57api61licqu113hgxrge9ck5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|57api61licqu113hgxrge9ck5r|03|com"; nocase; ) # yse9je11hw1bm1t210fh1tf3s65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yse9je11hw1bm1t210fh1tf3s65|03|net"; nocase; ) # 1nqc131i1aq831r5htmp171chxr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nqc131i1aq831r5htmp171chxr|03|org"; nocase; ) # hiuiat1jiosaly2notk18hkuh1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hiuiat1jiosaly2notk18hkuh1|03|net"; nocase; ) # 18lq09aytneccq21clb94o47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18lq09aytneccq21clb94o47|03|com"; nocase; ) # x3f6opzphv8o1amf66u14r7wv2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3f6opzphv8o1amf66u14r7wv2|03|org"; nocase; ) # 1swwa8y1blatmi1tadcp5gpya9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1swwa8y1blatmi1tadcp5gpya9y|03|net"; nocase; ) # owegiht4h75xxlw8e63gfwb9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|owegiht4h75xxlw8e63gfwb9|03|org"; nocase; ) # 1hut5ky1yljys01opxj7szwgayl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hut5ky1yljys01opxj7szwgayl|03|net"; nocase; ) # 6rjl7kvyv8npvx41181tpd1ji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rjl7kvyv8npvx41181tpd1ji|03|com"; nocase; ) # 1aqyyx95g3s7cfihyni17rp9kt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqyyx95g3s7cfihyni17rp9kt|03|com"; nocase; ) # 54k1491cde2rs1pwe1taahx5h2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|54k1491cde2rs1pwe1taahx5h2|03|org"; nocase; ) # xhhckfl8fidt108do6pnhrmp2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xhhckfl8fidt108do6pnhrmp2|03|com"; nocase; ) # 1nsn18y5agkj71a11sk87t1l6n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nsn18y5agkj71a11sk87t1l6n|03|biz"; nocase; ) # 1sba3di2x89hi1jcc2615ckped.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sba3di2x89hi1jcc2615ckped|03|com"; nocase; ) # w5r6041cffb3b1x1cncc1l07swe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w5r6041cffb3b1x1cncc1l07swe|03|org"; nocase; ) # 1p9u0np2uim4q8jmqm31lxnme7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p9u0np2uim4q8jmqm31lxnme7|03|com"; nocase; ) # ya45od16mqghlccmv0l1mkowgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ya45od16mqghlccmv0l1mkowgm|03|biz"; nocase; ) # 1ur0z4c1w1kvfi12lhls5rg5pv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ur0z4c1w1kvfi12lhls5rg5pv3|03|net"; nocase; ) # 1dri071rtygbx9zz6w255yrqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dri071rtygbx9zz6w255yrqi|03|biz"; nocase; ) # 10iv6m6uyc2l91blxvbv1ezqfka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10iv6m6uyc2l91blxvbv1ezqfka|03|net"; nocase; ) # 1dn0le8v95ul7vwk7kgahuido.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dn0le8v95ul7vwk7kgahuido|03|org"; nocase; ) # cmoejb7txa6zrghsj53ulopt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cmoejb7txa6zrghsj53ulopt|03|org"; nocase; ) # jbkbgh14dcwf6o94wk4xepxm1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jbkbgh14dcwf6o94wk4xepxm1|03|com"; nocase; ) # jbqrrc1i5j5pr1b5uw7l1j8m7qh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jbqrrc1i5j5pr1b5uw7l1j8m7qh|03|com"; nocase; ) # bs08jppxwcta1eqx3c51413kni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bs08jppxwcta1eqx3c51413kni|03|com"; nocase; ) # 9w5ce1bnpz10azx3und1vdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9w5ce1bnpz10azx3und1vdc|03|com"; nocase; ) # 13caupb1nl7oi9e2eyyd12pbj3y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13caupb1nl7oi9e2eyyd12pbj3y|03|biz"; nocase; ) # 1no4zjs11wmgba1vwyybz1l98408.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1no4zjs11wmgba1vwyybz1l98408|03|com"; nocase; ) # 18ta4zf1a6si4e19h08l51n0p74u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18ta4zf1a6si4e19h08l51n0p74u|03|com"; nocase; ) # medx2opcgd4p1elalls1qsu1kx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|medx2opcgd4p1elalls1qsu1kx|03|net"; nocase; ) # rvhsqj1ngiibr2euqf413terb8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rvhsqj1ngiibr2euqf413terb8|03|com"; nocase; ) # 1jt3o5n12ug9111r34nta1f2ymhd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jt3o5n12ug9111r34nta1f2ymhd|03|net"; nocase; ) # 1e4nth919uh5rtbbkzpr9w0qt9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e4nth919uh5rtbbkzpr9w0qt9|03|net"; nocase; ) # 5mbxcorutsbg16fuuvrldztlo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5mbxcorutsbg16fuuvrldztlo|03|net"; nocase; ) # 1pz9qd41o5mexjp669ka62qayz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pz9qd41o5mexjp669ka62qayz|03|biz"; nocase; ) # 17ng7821vm8ynx168o9hucm9b26.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ng7821vm8ynx168o9hucm9b26|03|biz"; nocase; ) # mfa9b6onxv9c5z6n0blmy599.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mfa9b6onxv9c5z6n0blmy599|03|net"; nocase; ) # 6anwznohn3j3g7ghx91psggj8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6anwznohn3j3g7ghx91psggj8|03|net"; nocase; ) # 59s3i3jtup39huy5401s5m2x3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|59s3i3jtup39huy5401s5m2x3|03|org"; nocase; ) # 16p169ycsl1rvaqj4bo1nndc2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16p169ycsl1rvaqj4bo1nndc2x|03|net"; nocase; ) # rgac4dnipxdrlq0wx015gm3rr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rgac4dnipxdrlq0wx015gm3rr|03|net"; nocase; ) # th35hj1723np01fho9dq4wu6oi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|th35hj1723np01fho9dq4wu6oi|03|com"; nocase; ) # 1csq7tb9tx5qpuscelb1m7s6nb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1csq7tb9tx5qpuscelb1m7s6nb|03|net"; nocase; ) # 1awfbm91dmje1z1ab5of1lz12af.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awfbm91dmje1z1ab5of1lz12af|03|org"; nocase; ) # 1204kuftyhfh5udcor9mbrsa8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1204kuftyhfh5udcor9mbrsa8|03|net"; nocase; ) # 1hbujwd1pw6idihoh6c9l4k8j3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbujwd1pw6idihoh6c9l4k8j3|03|com"; nocase; ) # 1nm2she1wju19s9eq9gn1mwz70z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nm2she1wju19s9eq9gn1mwz70z|03|org"; nocase; ) # e96bn3ef27ry19f4r771vx0zc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e96bn3ef27ry19f4r771vx0zc5|03|net"; nocase; ) # 6coq8n124gy5vw183xrtzroia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6coq8n124gy5vw183xrtzroia|03|com"; nocase; ) # e9184s12c1he9ldu7s0efv54t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9184s12c1he9ldu7s0efv54t|03|org"; nocase; ) # 1l005vguuz4gdjf5vsofzly7p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l005vguuz4gdjf5vsofzly7p|03|com"; nocase; ) # 6cu6l61mm3j4f1xcvju112k1gig.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6cu6l61mm3j4f1xcvju112k1gig|03|org"; nocase; ) # gk5tcv1x9ymt4d29qa818cnmn5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gk5tcv1x9ymt4d29qa818cnmn5|03|org"; nocase; ) # 114w241810q4f11qut711xo1s4o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|114w241810q4f11qut711xo1s4o|03|org"; nocase; ) # tl0h4o1ike8a2bvzjh96kira9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tl0h4o1ike8a2bvzjh96kira9|03|net"; nocase; ) # ccy2nq1s9p470n8sdd484dlna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccy2nq1s9p470n8sdd484dlna|03|biz"; nocase; ) # kwyy2cfls5t1qkb24e1oz529x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kwyy2cfls5t1qkb24e1oz529x|03|biz"; nocase; ) # fobxtc15a6ct9zf7g5a3h0fsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fobxtc15a6ct9zf7g5a3h0fsq|03|org"; nocase; ) # 1k5svpx1mrbmp9xqebyz1ln3l9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k5svpx1mrbmp9xqebyz1ln3l9|03|org"; nocase; ) # 11agsjejq1msrjr30fn1lvmccf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11agsjejq1msrjr30fn1lvmccf|03|net"; nocase; ) # 1hi0wxf1nmf2a012dt5ai8bjvgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hi0wxf1nmf2a012dt5ai8bjvgo|03|net"; nocase; ) # jo2l0k1ha7u4mq8jc0m32e6s9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jo2l0k1ha7u4mq8jc0m32e6s9|03|net"; nocase; ) # v9rpq91fafz101qntk0vsx3pta.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9rpq91fafz101qntk0vsx3pta|03|org"; nocase; ) # 6ebw98jd585ngsaj6wq810we.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6ebw98jd585ngsaj6wq810we|03|com"; nocase; ) # 1imu93x1hlclxzsip6q119495jd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1imu93x1hlclxzsip6q119495jd|03|biz"; nocase; ) # uwsth67oabgk1bua8p21b7xfr5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uwsth67oabgk1bua8p21b7xfr5|03|net"; nocase; ) # 181cmyd8rjnum1l5wrw01lx01cq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|181cmyd8rjnum1l5wrw01lx01cq|03|net"; nocase; ) # 167vk7c753w3n1xodvr5cn2tet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|167vk7c753w3n1xodvr5cn2tet|03|com"; nocase; ) # 1qiryscu60eg1c2kbog1cktrnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qiryscu60eg1c2kbog1cktrnb|03|biz"; nocase; ) # tjccxk1vdd8bw3ovnpjt970a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tjccxk1vdd8bw3ovnpjt970a|03|net"; nocase; ) # v4up4d50asqd1ptfo4m1e2y9s5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4up4d50asqd1ptfo4m1e2y9s5|03|biz"; nocase; ) # vacg0m1q4syakx0544r13afo1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vacg0m1q4syakx0544r13afo1a|03|com"; nocase; ) # 1rhau7f1sr7oas1vl8hr01b14fcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rhau7f1sr7oas1vl8hr01b14fcs|03|net"; nocase; ) # 1sqhvx25zzdueprwuuohcq2to.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sqhvx25zzdueprwuuohcq2to|03|org"; nocase; ) # 3g0ahd180ri7sryibas1prppik.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3g0ahd180ri7sryibas1prppik|03|org"; nocase; ) # s5c7n6pi7p7h1is26fl81cf0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s5c7n6pi7p7h1is26fl81cf0n|03|biz"; nocase; ) # 1mf4qv9ri5r6d2hk8n136moyn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mf4qv9ri5r6d2hk8n136moyn|03|net"; nocase; ) # om7ovo1qmynyqv9qv1b1dh7ybc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|om7ovo1qmynyqv9qv1b1dh7ybc|03|biz"; nocase; ) # 1djkr0c953e3w1ssu3oq5ef4s7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1djkr0c953e3w1ssu3oq5ef4s7|03|org"; nocase; ) # 1og1mtkps19y89cgbgn12pov5t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1og1mtkps19y89cgbgn12pov5t|03|biz"; nocase; ) # 1skbwij1ayh3r12oj48wqin6em.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1skbwij1ayh3r12oj48wqin6em|03|org"; nocase; ) # 14biaom1pr3pzo1ktz6sh1bd3swc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14biaom1pr3pzo1ktz6sh1bd3swc|03|org"; nocase; ) # enlh30ymlkvu1oqkrw8ztl7ed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|enlh30ymlkvu1oqkrw8ztl7ed|03|net"; nocase; ) # 8incuh131gm3o1fvipohhdgxg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8incuh131gm3o1fvipohhdgxg4|03|org"; nocase; ) # 1ftgyqtrjab3rlvk3x416cu8g1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftgyqtrjab3rlvk3x416cu8g1|03|biz"; nocase; ) # 18bb5i71nujwah1kgoqwa10f4z5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18bb5i71nujwah1kgoqwa10f4z5n|03|net"; nocase; ) # yxifrnyik8i5ahhwft15fg5oo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yxifrnyik8i5ahhwft15fg5oo|03|net"; nocase; ) # 6bqlod1nri94rxk4aebprtw0r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6bqlod1nri94rxk4aebprtw0r|03|biz"; nocase; ) # 1orpfqw1k6bcb911mhvm61f7o7bi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1orpfqw1k6bcb911mhvm61f7o7bi|03|biz"; nocase; ) # 177ql93hu02gbxyk0ea13cvzy9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|177ql93hu02gbxyk0ea13cvzy9|03|com"; nocase; ) # 1u4h6py1n28vsyv5bi96d8gtdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u4h6py1n28vsyv5bi96d8gtdt|03|org"; nocase; ) # 4w8sb3b00cvv1o5u1fc1n0y7ev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4w8sb3b00cvv1o5u1fc1n0y7ev|03|biz"; nocase; ) # ssek7wlow7q91l5w16vt26lis.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssek7wlow7q91l5w16vt26lis|03|org"; nocase; ) # 1jwus1r1p9zapgu1k0in1o12dms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jwus1r1p9zapgu1k0in1o12dms|03|com"; nocase; ) # 13ggoch1wux4wb1qjidnj1yipeqm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13ggoch1wux4wb1qjidnj1yipeqm|03|net"; nocase; ) # ytyanv7kdx211ao9ovdo0fewj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ytyanv7kdx211ao9ovdo0fewj|03|biz"; nocase; ) # 19vkjt31ffivuwvqx0xf11appng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19vkjt31ffivuwvqx0xf11appng|03|org"; nocase; ) # affq1z1leqxob9oahlbmjjwyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|affq1z1leqxob9oahlbmjjwyn|03|biz"; nocase; ) # 1s3e4qdrz7vy71wjfbqtpq6xke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s3e4qdrz7vy71wjfbqtpq6xke|03|net"; nocase; ) # 1aytsofdljremki8b1x1wwzfem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aytsofdljremki8b1x1wwzfem|03|net"; nocase; ) # 5egq53wfe1z01lvs38g1p7dlme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5egq53wfe1z01lvs38g1p7dlme|03|org"; nocase; ) # 1rv13vdew1rqpcgpbyt1a226c4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rv13vdew1rqpcgpbyt1a226c4|03|net"; nocase; ) # 1vqck1017fdz79gowpqj1tkl762.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqck1017fdz79gowpqj1tkl762|03|com"; nocase; ) # 1wrwhin1jptwzc1urcj3shv1yl3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wrwhin1jptwzc1urcj3shv1yl3|03|biz"; nocase; ) # px9u2v1i0i8fr1g7e8ib1g67m7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|px9u2v1i0i8fr1g7e8ib1g67m7i|03|com"; nocase; ) # 6xwf1d1ohp0po7mdcbt1c0ui79.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xwf1d1ohp0po7mdcbt1c0ui79|03|biz"; nocase; ) # 1xy7ryc1ib4we2tj79c41dfepby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xy7ryc1ib4we2tj79c41dfepby|03|com"; nocase; ) # x255mloo0t9gh1un1xpb02t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|x255mloo0t9gh1un1xpb02t|03|org"; nocase; ) # 1n1p9k4m6t2ltrbyc0c1cq877j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1p9k4m6t2ltrbyc0c1cq877j|03|com"; nocase; ) # 1pm4jhnxu2y3w18mzeoa16eybg2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pm4jhnxu2y3w18mzeoa16eybg2|03|com"; nocase; ) # 1309ygpq89c7r1fs8bdb1t296fg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1309ygpq89c7r1fs8bdb1t296fg|03|com"; nocase; ) # lpa5bjfor679olwdz81c0r9kg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lpa5bjfor679olwdz81c0r9kg|03|net"; nocase; ) # 17rjnyyd5njw1vyn2n01gwa4ik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17rjnyyd5njw1vyn2n01gwa4ik|03|net"; nocase; ) # 2pp39f1p3esef181pxy5n0nlhr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2pp39f1p3esef181pxy5n0nlhr|03|net"; nocase; ) # uy0ego110g9zc76o5dm1vk9c3f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uy0ego110g9zc76o5dm1vk9c3f|03|org"; nocase; ) # 1n7y54u1u01ig81yp7gs1193kudf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n7y54u1u01ig81yp7gs1193kudf|03|net"; nocase; ) # 1eo3sgrzkyarhtbrvu91wlblxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eo3sgrzkyarhtbrvu91wlblxa|03|com"; nocase; ) # 1a2ypzu3khcn41ueussf1qs35kd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a2ypzu3khcn41ueussf1qs35kd|03|biz"; nocase; ) # 17huhm013j7551cb69yq1rzv7wi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17huhm013j7551cb69yq1rzv7wi|03|net"; nocase; ) # 10aw3ep13akvy5rvdcmu1ilj4j1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10aw3ep13akvy5rvdcmu1ilj4j1|03|biz"; nocase; ) # w8dwi99ej04i1gtwjqip3kvdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8dwi99ej04i1gtwjqip3kvdz|03|com"; nocase; ) # yo9f711ilmoy0ubslja13duzf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yo9f711ilmoy0ubslja13duzf1|03|org"; nocase; ) # 1rfmepp3yg46b19fjxdj1qjhz9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rfmepp3yg46b19fjxdj1qjhz9y|03|net"; nocase; ) # fg77amppitcb1hoqd811uem4i0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fg77amppitcb1hoqd811uem4i0|03|net"; nocase; ) # 1icu5me1x8dykyf5euzz1h2vz2m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1icu5me1x8dykyf5euzz1h2vz2m|03|biz"; nocase; ) # ofzijyxo01dwgkj6wm15b69s9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ofzijyxo01dwgkj6wm15b69s9|03|org"; nocase; ) # 1j45jlpjm0vx4k1tj2r14xo2zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j45jlpjm0vx4k1tj2r14xo2zy|03|net"; nocase; ) # 1gpx2gdoh0w9t1ibsoq61azcp1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gpx2gdoh0w9t1ibsoq61azcp1m|03|net"; nocase; ) # 1ijnlrsxuxesg1q8ylpy1lcpmrq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ijnlrsxuxesg1q8ylpy1lcpmrq|03|org"; nocase; ) # yde6gm1uevg4o9pzx9w10qghso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yde6gm1uevg4o9pzx9w10qghso|03|biz"; nocase; ) # on82si1upmg6s180q51p181v7g2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|on82si1upmg6s180q51p181v7g2|03|net"; nocase; ) # 1lvdoek1xy41uu1o9vgsv1vpgmyl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lvdoek1xy41uu1o9vgsv1vpgmyl|03|org"; nocase; ) # tb3naa43qr0ptbigas1p6vgr4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tb3naa43qr0ptbigas1p6vgr4|03|com"; nocase; ) # 1f7vtwxhi21h1iiymbsw2a4fj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f7vtwxhi21h1iiymbsw2a4fj|03|net"; nocase; ) # 1urafcv1xzi22z1fxfzzvxq912v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1urafcv1xzi22z1fxfzzvxq912v|03|net"; nocase; ) # 14qdn7iv4j8ezeanms116jnmna.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14qdn7iv4j8ezeanms116jnmna|03|net"; nocase; ) # 1uuywlxyoxz0h1upk1fg106f5pi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uuywlxyoxz0h1upk1fg106f5pi|03|biz"; nocase; ) # 17rgz1oqb66dq154iuop1b9mlfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rgz1oqb66dq154iuop1b9mlfr|03|com"; nocase; ) # 1hlgszr1rrvqa9135m0x3ob69qc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hlgszr1rrvqa9135m0x3ob69qc|03|net"; nocase; ) # 1ppjl36mfoffll94idm17apv5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ppjl36mfoffll94idm17apv5p|03|net"; nocase; ) # 1x4mylwm2slex7s2jmr1jk1ukp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x4mylwm2slex7s2jmr1jk1ukp|03|org"; nocase; ) # 14vafjzzwtzqy1hepjx93sy66h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14vafjzzwtzqy1hepjx93sy66h|03|net"; nocase; ) # 1tzuvup1jlbhh8uh278x1x2i9ir.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tzuvup1jlbhh8uh278x1x2i9ir|03|biz"; nocase; ) # p6a8ya155c8hhs69b051efq4iv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p6a8ya155c8hhs69b051efq4iv|03|org"; nocase; ) # 6wkbqk1tidtwpxk7m69uklfzf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6wkbqk1tidtwpxk7m69uklfzf|03|org"; nocase; ) # ph11m0183ykbknnkpd15u860p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ph11m0183ykbknnkpd15u860p|03|biz"; nocase; ) # 1h0j5vy1j9y9ma1bsklklsx5u41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h0j5vy1j9y9ma1bsklklsx5u41|03|com"; nocase; ) # 19t7oi2qt4kzr1wcet4krs0fio.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19t7oi2qt4kzr1wcet4krs0fio|03|net"; nocase; ) # sasw501qs87rp12kr8o71nt1ius.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sasw501qs87rp12kr8o71nt1ius|03|net"; nocase; ) # kxm4nxrwbwjg1dlxl6r1fwbjrt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kxm4nxrwbwjg1dlxl6r1fwbjrt|03|com"; nocase; ) # 1y9vxb2nxhed7hblgl11norvd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y9vxb2nxhed7hblgl11norvd0|03|org"; nocase; ) # 1fo1chk9rrn3tzu1b751rz50vd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fo1chk9rrn3tzu1b751rz50vd|03|org"; nocase; ) # zv0z4h1n0gpsg288fi1cmkt88.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zv0z4h1n0gpsg288fi1cmkt88|03|biz"; nocase; ) # rv89hsfe9fo515th3762vf9mp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rv89hsfe9fo515th3762vf9mp|03|biz"; nocase; ) # n0r0xzowibo1bk324hfbort.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|n0r0xzowibo1bk324hfbort|03|com"; nocase; ) # 13u6a8g15zx72m57fpm1brknov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13u6a8g15zx72m57fpm1brknov|03|com"; nocase; ) # 1xli5ap1idzrw319sih37c4v901.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xli5ap1idzrw319sih37c4v901|03|org"; nocase; ) # rirv1ltukeo6d6ncbu10gthzc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rirv1ltukeo6d6ncbu10gthzc|03|org"; nocase; ) # mazu5pk02hbvjzri071q8p6fe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mazu5pk02hbvjzri071q8p6fe|03|com"; nocase; ) # 1fl79tjrw96dbwtpzxb19146dv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fl79tjrw96dbwtpzxb19146dv|03|net"; nocase; ) # 27chxes1gde51vn9jv9yu4vgg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27chxes1gde51vn9jv9yu4vgg|03|net"; nocase; ) # aj7d0t1f6waui1q7w6io1epeo6a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aj7d0t1f6waui1q7w6io1epeo6a|03|net"; nocase; ) # kdpivs198j6w31btxqvmhc92tb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kdpivs198j6w31btxqvmhc92tb|03|net"; nocase; ) # 15nxhxj49lhwj10nw17315ym3rk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15nxhxj49lhwj10nw17315ym3rk|03|org"; nocase; ) # gxv1h2nygvgc6nkgqe1hxtxw7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gxv1h2nygvgc6nkgqe1hxtxw7|03|net"; nocase; ) # 8lqcd3rrwi5e1szjjfq1evylrb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8lqcd3rrwi5e1szjjfq1evylrb|03|net"; nocase; ) # h2i5np10aa8jmcola0f1xp82yy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2i5np10aa8jmcola0f1xp82yy|03|com"; nocase; ) # ybpjrg152h50u1wuzhlq1egvn25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ybpjrg152h50u1wuzhlq1egvn25|03|org"; nocase; ) # 2wxc871bjuvghnz5d9x1hsh1wm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2wxc871bjuvghnz5d9x1hsh1wm|03|net"; nocase; ) # gagxo61ucemoiqwlynp2am744.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gagxo61ucemoiqwlynp2am744|03|org"; nocase; ) # 18cd47h1xbdf6d14h9a9z1vo5jfv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18cd47h1xbdf6d14h9a9z1vo5jfv|03|org"; nocase; ) # jok7ltcgu63dk13kpp7y0m3z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jok7ltcgu63dk13kpp7y0m3z|03|com"; nocase; ) # 1d3gsd51ukm6kmb31mgy1bkia43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d3gsd51ukm6kmb31mgy1bkia43|03|net"; nocase; ) # myawyfqtuzjwg4md2tseb7pv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|myawyfqtuzjwg4md2tseb7pv|03|com"; nocase; ) # pbu36a1e7uj59qn7hpzqmnae1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbu36a1e7uj59qn7hpzqmnae1|03|net"; nocase; ) # v5yjhd1gxhd0t6f9m2p17knn7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5yjhd1gxhd0t6f9m2p17knn7v|03|com"; nocase; ) # 1r0sdihcxrof9gzbb371ot9dxt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r0sdihcxrof9gzbb371ot9dxt|03|com"; nocase; ) # 1uuasgaclx2cm1cede1bewvk1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uuasgaclx2cm1cede1bewvk1|03|org"; nocase; ) # hlv85g1g88q93znuik8h2n9lw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hlv85g1g88q93znuik8h2n9lw|03|biz"; nocase; ) # 1oqydh71amfi5v1g1ii9k1kx0wvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oqydh71amfi5v1g1ii9k1kx0wvw|03|net"; nocase; ) # cfpvmr1q86jkk15vw4izl2fmkz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cfpvmr1q86jkk15vw4izl2fmkz|03|net"; nocase; ) # ixalizh3yqyk1a265nf12bvim2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ixalizh3yqyk1a265nf12bvim2|03|com"; nocase; ) # 1k9rtq01e64wbgjxlty1ipjf6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k9rtq01e64wbgjxlty1ipjf6|03|org"; nocase; ) # yf1y7qsrdxciah24kh1rqxktd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yf1y7qsrdxciah24kh1rqxktd|03|org"; nocase; ) # am5gryyqdyaj12b9jig1ugj4k7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|am5gryyqdyaj12b9jig1ugj4k7|03|com"; nocase; ) # 1s5vhxl9787o1ctd096v5j7wl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s5vhxl9787o1ctd096v5j7wl|03|net"; nocase; ) # nnec5v1xm4irm1sqv7lyzrfw4e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnec5v1xm4irm1sqv7lyzrfw4e|03|org"; nocase; ) # iqhuoqeqn3sf1nz90ub9vrdni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iqhuoqeqn3sf1nz90ub9vrdni|03|org"; nocase; ) # 1h8l9ak13l16h266yuqu1v4cdbc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h8l9ak13l16h266yuqu1v4cdbc|03|biz"; nocase; ) # 3v9wji12srgs713k3rih1hpgqd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3v9wji12srgs713k3rih1hpgqd1|03|net"; nocase; ) # 16fhsdg1fjysk3v493h9t5430o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16fhsdg1fjysk3v493h9t5430o|03|org"; nocase; ) # n9bs7q124kwtg1nxln0x1d6eqaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n9bs7q124kwtg1nxln0x1d6eqaq|03|net"; nocase; ) # 1n810oa10xdgk616w8b951nl313n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n810oa10xdgk616w8b951nl313n|03|biz"; nocase; ) # 6u86cd1kgm371uut3bnldzno5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6u86cd1kgm371uut3bnldzno5|03|biz"; nocase; ) # 1oirja31wwa56u150pyx71nvjta4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oirja31wwa56u150pyx71nvjta4|03|com"; nocase; ) # 1i5auhcop2xb51nf8hor1s2xoej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i5auhcop2xb51nf8hor1s2xoej|03|net"; nocase; ) # 1jgw6nt11lp35i1wf9utmv4ln4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jgw6nt11lp35i1wf9utmv4ln4n|03|net"; nocase; ) # 154dbo3njbkcd1m13tjfu1jsfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|154dbo3njbkcd1m13tjfu1jsfc|03|com"; nocase; ) # 1ll5o3e19xmguzbk894c1wsv2x2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ll5o3e19xmguzbk894c1wsv2x2|03|biz"; nocase; ) # 8qq00dzr9ycc1tveytjzqtyvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8qq00dzr9ycc1tveytjzqtyvn|03|com"; nocase; ) # 3ppr6typtit41ei3d39w0mu3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ppr6typtit41ei3d39w0mu3v|03|org"; nocase; ) # c3t50e1i3sbwe1bl7xd212mqpw6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c3t50e1i3sbwe1bl7xd212mqpw6|03|biz"; nocase; ) # 5ybmm5b7b9xy1op6fzz165z6lv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ybmm5b7b9xy1op6fzz165z6lv|03|com"; nocase; ) # 15frjeiv11b4jwohwiguxfw7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15frjeiv11b4jwohwiguxfw7|03|net"; nocase; ) # xt4j4agsnkld1u29btc1w1k2qj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xt4j4agsnkld1u29btc1w1k2qj|03|biz"; nocase; ) # 1ur5lzyw3ggi11xyqowp13bdsj5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ur5lzyw3ggi11xyqowp13bdsj5|03|com"; nocase; ) # 1cz89zdf8zz131xygj8vc7d6n9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cz89zdf8zz131xygj8vc7d6n9|03|net"; nocase; ) # p9pi5pjnkjqe1hepzh81kp8xfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9pi5pjnkjqe1hepzh81kp8xfe|03|biz"; nocase; ) # 11ummpu1ucb44z141hl6n1gexe0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11ummpu1ucb44z141hl6n1gexe0k|03|org"; nocase; ) # 1mau4os6byde91t07ltoucf1if.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mau4os6byde91t07ltoucf1if|03|net"; nocase; ) # 46xkeyixfgw18qqvnmua2kp0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|46xkeyixfgw18qqvnmua2kp0|03|biz"; nocase; ) # 1qasz16y4tt4q1c6esz41dyu7jx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qasz16y4tt4q1c6esz41dyu7jx|03|org"; nocase; ) # n5hvhr19rs6084n0dor6nhos7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5hvhr19rs6084n0dor6nhos7|03|com"; nocase; ) # jbug5d1vehxsg1rl3s6v154somd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jbug5d1vehxsg1rl3s6v154somd|03|net"; nocase; ) # xa8fwrvbp831rmatbxk2mr7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xa8fwrvbp831rmatbxk2mr7j|03|com"; nocase; ) # 1os8liu1hvx7wp6qkmly5e3cm3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1os8liu1hvx7wp6qkmly5e3cm3|03|net"; nocase; ) # xhq3ydw3edcb1k2sysu1tk020c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xhq3ydw3edcb1k2sysu1tk020c|03|org"; nocase; ) # 1gi19w61s8ioi9212yiatks379.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gi19w61s8ioi9212yiatks379|03|net"; nocase; ) # qodt4c59awata7e64q9kjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|qodt4c59awata7e64q9kjs|03|com"; nocase; ) # 1vyjfj0x2e9h51nvxaqopxhv0o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vyjfj0x2e9h51nvxaqopxhv0o|03|biz"; nocase; ) # nkv752aievug1ym6upsin14ph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nkv752aievug1ym6upsin14ph|03|net"; nocase; ) # 1admvbb1918fuy1ay41xtr4cbym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1admvbb1918fuy1ay41xtr4cbym|03|net"; nocase; ) # 16nx5oxztcom41brnsk11bzxvty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16nx5oxztcom41brnsk11bzxvty|03|com"; nocase; ) # pl4ppi1vkno0gtblsc9ky8ezf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pl4ppi1vkno0gtblsc9ky8ezf|03|net"; nocase; ) # k1tyypbdfil3136rz051qqr45a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k1tyypbdfil3136rz051qqr45a|03|com"; nocase; ) # 76w3qsz1sg0815ibhwx1831ns6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|76w3qsz1sg0815ibhwx1831ns6|03|net"; nocase; ) # 1wfxdqs14rqc6j1rhnfrdyuu2yl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfxdqs14rqc6j1rhnfrdyuu2yl|03|org"; nocase; ) # 10hhlr11t7i32rwjl7k114285i7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10hhlr11t7i32rwjl7k114285i7|03|net"; nocase; ) # jwr5q31awpfx8ax02lsxbrhj4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jwr5q31awpfx8ax02lsxbrhj4|03|biz"; nocase; ) # 1ail1548wjvke7i9z9e4m0bib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ail1548wjvke7i9z9e4m0bib|03|com"; nocase; ) # 1fac09e1dtj3dv19a015a40rjil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fac09e1dtj3dv19a015a40rjil|03|biz"; nocase; ) # 6jii4o15uq22v1kmra1t1pno3x3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6jii4o15uq22v1kmra1t1pno3x3|03|net"; nocase; ) # dzye5f1letuxuzqjnjsz3gjzy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzye5f1letuxuzqjnjsz3gjzy|03|com"; nocase; ) # xb6wwt1pcz5mf11obewr1489k42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xb6wwt1pcz5mf11obewr1489k42|03|net"; nocase; ) # 1b7s5e31vsxxb74sv31pcuglp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b7s5e31vsxxb74sv31pcuglp|03|org"; nocase; ) # 18erc5f6tmluj1vlkbjjj4qkur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18erc5f6tmluj1vlkbjjj4qkur|03|org"; nocase; ) # r45y1da6n7a19s4t74yw73n0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r45y1da6n7a19s4t74yw73n0|03|net"; nocase; ) # uufzgp9lfs1y80487jhdz8na.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uufzgp9lfs1y80487jhdz8na|03|net"; nocase; ) # mtjn1m1tpohorv26lozlfmgle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mtjn1m1tpohorv26lozlfmgle|03|org"; nocase; ) # 1piyuv01o6crqj125mk2b1lw68kq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1piyuv01o6crqj125mk2b1lw68kq|03|biz"; nocase; ) # 1mlkj0y1uooxlfvez6wtohz7ft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mlkj0y1uooxlfvez6wtohz7ft|03|com"; nocase; ) # bi1bsp1fdwt4918x3ho3n5w04h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bi1bsp1fdwt4918x3ho3n5w04h|03|net"; nocase; ) # w7pp6lghhqjtwsknyw10hqcmx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w7pp6lghhqjtwsknyw10hqcmx|03|net"; nocase; ) # 1ar3tks1r48649v9xb7hrl63q5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ar3tks1r48649v9xb7hrl63q5|03|com"; nocase; ) # j6ry0zklvlpw1rvb2xc4dprig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6ry0zklvlpw1rvb2xc4dprig|03|net"; nocase; ) # 1dm4dufs0uaop1ti7fm7cw43fv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dm4dufs0uaop1ti7fm7cw43fv|03|biz"; nocase; ) # 1dpeu5716gh7p1du0gyh120tnx8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dpeu5716gh7p1du0gyh120tnx8|03|net"; nocase; ) # ohrk841v7qsr3hvevo51nvp5a3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ohrk841v7qsr3hvevo51nvp5a3|03|org"; nocase; ) # 1864ja41c0pkcg102e38dv93muh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1864ja41c0pkcg102e38dv93muh|03|org"; nocase; ) # cnkhy055u0ooxzxpo21qcuam7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cnkhy055u0ooxzxpo21qcuam7|03|com"; nocase; ) # a9bfi213y3br5x0f3habk1hp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a9bfi213y3br5x0f3habk1hp7|03|net"; nocase; ) # vwcuormym6gm10pza1gjlzspm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vwcuormym6gm10pza1gjlzspm|03|com"; nocase; ) # j0c99g17bq7x9a9w6j3e7zz9o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0c99g17bq7x9a9w6j3e7zz9o|03|org"; nocase; ) # c3be9gnpamlr1i1lhat1jyjhrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c3be9gnpamlr1i1lhat1jyjhrn|03|com"; nocase; ) # 1tdwhc32wci0j6rkpjxfd79sz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tdwhc32wci0j6rkpjxfd79sz|03|org"; nocase; ) # slkamg1jhw1131i28p69104cbjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|slkamg1jhw1131i28p69104cbjn|03|com"; nocase; ) # 16myuq1ky9n4hchizz5dt00md.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16myuq1ky9n4hchizz5dt00md|03|com"; nocase; ) # 1b4wtfrjyx9mr7a7v3m1o6oln2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4wtfrjyx9mr7a7v3m1o6oln2|03|net"; nocase; ) # 1siye7i264h5e15kn4hw64lv9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1siye7i264h5e15kn4hw64lv9b|03|org"; nocase; ) # 14uj7rhqixcn7bvswm7nm8845.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14uj7rhqixcn7bvswm7nm8845|03|biz"; nocase; ) # 1kxrye8b7vbnvbugtar1arswkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kxrye8b7vbnvbugtar1arswkf|03|net"; nocase; ) # 7srk7m1e9zwvx1ol6c0wy9wmtp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7srk7m1e9zwvx1ol6c0wy9wmtp|03|com"; nocase; ) # 1ga36m51xt3pw510dm77gw884l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ga36m51xt3pw510dm77gw884l|03|biz"; nocase; ) # 1ns75cr19r94j5xzvoan2cph41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ns75cr19r94j5xzvoan2cph41|03|net"; nocase; ) # lbjzf6suu12se5w5m1sb23oy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lbjzf6suu12se5w5m1sb23oy|03|net"; nocase; ) # 16rbhza1g8t7p61hn68fq1529ews.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16rbhza1g8t7p61hn68fq1529ews|03|net"; nocase; ) # njtaod1v0vz9t1bv89dx1k5j98g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|njtaod1v0vz9t1bv89dx1k5j98g|03|biz"; nocase; ) # 1sru6zy1lcyo1m9evmh1l2ouzt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sru6zy1lcyo1m9evmh1l2ouzt|03|net"; nocase; ) # zq9oo9azz9hlnvx15g1d4kh1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zq9oo9azz9hlnvx15g1d4kh1q|03|org"; nocase; ) # e1dqf4d7wj6mod6emp1v86pi5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1dqf4d7wj6mod6emp1v86pi5|03|biz"; nocase; ) # 1pcoqnthmajl91jcwdyxpudx0n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pcoqnthmajl91jcwdyxpudx0n|03|net"; nocase; ) # 1lnn5cje1eh77ldtljj1itc0ro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnn5cje1eh77ldtljj1itc0ro|03|com"; nocase; ) # rditx817kubxg17tg4dw1ws2ryu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rditx817kubxg17tg4dw1ws2ryu|03|net"; nocase; ) # 1t5ghfb4gwndl1ici9otyoajsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5ghfb4gwndl1ici9otyoajsf|03|net"; nocase; ) # ax4t2a1u3x1xt95acx41eo7uyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ax4t2a1u3x1xt95acx41eo7uyk|03|org"; nocase; ) # hfgn0w1tkmlo7wwo6kk1gfxn5y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfgn0w1tkmlo7wwo6kk1gfxn5y|03|biz"; nocase; ) # 19agsok1wpodxi1isfulpl5vh8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19agsok1wpodxi1isfulpl5vh8w|03|org"; nocase; ) # 18yc5s32h11foy167e0qe0vjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18yc5s32h11foy167e0qe0vjg|03|com"; nocase; ) # 1mq3fvbukb65j6sd6x1yhwfc6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mq3fvbukb65j6sd6x1yhwfc6|03|net"; nocase; ) # uix143kwm3f73guj4yali2ue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uix143kwm3f73guj4yali2ue|03|org"; nocase; ) # hwarcqspn5kcgvgdc6a9zme5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hwarcqspn5kcgvgdc6a9zme5|03|biz"; nocase; ) # 1bpi6wm1mn3svuk76yzh1j2z6hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bpi6wm1mn3svuk76yzh1j2z6hd|03|com"; nocase; ) # 195qjp1rn5dcy7575ue1gmbnba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|195qjp1rn5dcy7575ue1gmbnba|03|net"; nocase; ) # 1j29obb1kanujhlr0bdwyxptd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j29obb1kanujhlr0bdwyxptd2|03|biz"; nocase; ) # 4v165l1955ksn1ls50j31wy55ti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4v165l1955ksn1ls50j31wy55ti|03|net"; nocase; ) # 1nrexzg1ydq12nigp7ltqn35ov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nrexzg1ydq12nigp7ltqn35ov|03|com"; nocase; ) # 13ix0yv1l7d7e7ek4yq21an479u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ix0yv1l7d7e7ek4yq21an479u|03|biz"; nocase; ) # ssi24x1b3kz65131jzitmt7n1e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ssi24x1b3kz65131jzitmt7n1e|03|net"; nocase; ) # 1uql9y812jge1s1jnnq8q124lsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uql9y812jge1s1jnnq8q124lsr|03|net"; nocase; ) # wgsm3rw45l1w0u5u94qv90x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|wgsm3rw45l1w0u5u94qv90x|03|net"; nocase; ) # v5d9puphirhcaukbq8r5vrgj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v5d9puphirhcaukbq8r5vrgj|03|org"; nocase; ) # 1b59b53m26tfc1jp898aq2yfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b59b53m26tfc1jp898aq2yfh|03|net"; nocase; ) # 17irh96pzuc3d136cc6a1k5w916.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17irh96pzuc3d136cc6a1k5w916|03|org"; nocase; ) # 1fo3tvaprsrrw1gd3zck1x2g3hw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fo3tvaprsrrw1gd3zck1x2g3hw|03|biz"; nocase; ) # ro4bemt85n181w2ynqersz86d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ro4bemt85n181w2ynqersz86d|03|net"; nocase; ) # padfx31a5wr71c7iwsfcfm4ay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|padfx31a5wr71c7iwsfcfm4ay|03|com"; nocase; ) # mj6iyo1beid0f0mfloy7gd83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mj6iyo1beid0f0mfloy7gd83|03|org"; nocase; ) # 1rr7v8ulvqepq1f7quwwiqj31r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rr7v8ulvqepq1f7quwwiqj31r|03|biz"; nocase; ) # 1abtfykv21o37pc9ik01b4spgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1abtfykv21o37pc9ik01b4spgb|03|net"; nocase; ) # h76rfw18ix1uu1qcf3tu1wlec7l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h76rfw18ix1uu1qcf3tu1wlec7l|03|biz"; nocase; ) # 1lodwou1hryply9vz4t61r5l1o7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lodwou1hryply9vz4t61r5l1o7|03|net"; nocase; ) # t3nfyhepet411p5y0wk1ghezrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t3nfyhepet411p5y0wk1ghezrv|03|net"; nocase; ) # 1xzhsfvca6od01qc7hc29s35np.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xzhsfvca6od01qc7hc29s35np|03|biz"; nocase; ) # 1kg70kflqzuar1gwxc1lfmn3mj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kg70kflqzuar1gwxc1lfmn3mj|03|com"; nocase; ) # 4qanos1jlrm8p1tdpwki1uo2h3i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4qanos1jlrm8p1tdpwki1uo2h3i|03|net"; nocase; ) # gyy651r4iwsp54k3g0vf33ch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gyy651r4iwsp54k3g0vf33ch|03|org"; nocase; ) # 1jny1rg1gwhgso1t91g0s1y9m88s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jny1rg1gwhgso1t91g0s1y9m88s|03|com"; nocase; ) # egfsq11r80cbs1xsl4d81327bbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|egfsq11r80cbs1xsl4d81327bbs|03|com"; nocase; ) # 1k4z7lg1af40bp1b9f33ix0y5zh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k4z7lg1af40bp1b9f33ix0y5zh|03|biz"; nocase; ) # cdyu5vx974d01moebxu1l7lsme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cdyu5vx974d01moebxu1l7lsme|03|org"; nocase; ) # 5mhm1fbybqpf1u9ufiv12txspm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5mhm1fbybqpf1u9ufiv12txspm|03|org"; nocase; ) # sq42l54xcu3u7d1f901etznxs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sq42l54xcu3u7d1f901etznxs|03|com"; nocase; ) # 9eqodabsofaqu6iy4al7rxsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9eqodabsofaqu6iy4al7rxsf|03|net"; nocase; ) # 1g1fn1e12g4g86gkltpa28m880.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g1fn1e12g4g86gkltpa28m880|03|com"; nocase; ) # 135n99b4d4ue914r6ocg5ke3yz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135n99b4d4ue914r6ocg5ke3yz|03|net"; nocase; ) # fx046dbsyssluoaqc11dq2cuv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fx046dbsyssluoaqc11dq2cuv|03|com"; nocase; ) # 1dfr1osrx77qx1j508851ol7ev7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dfr1osrx77qx1j508851ol7ev7|03|org"; nocase; ) # 102bxh9177cnimkgl9911r8c13m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|102bxh9177cnimkgl9911r8c13m|03|biz"; nocase; ) # xpxmvu1aapuh41phiop17alp73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xpxmvu1aapuh41phiop17alp73|03|net"; nocase; ) # f77s7b1gecxw01nzuvtxafhi0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f77s7b1gecxw01nzuvtxafhi0x|03|org"; nocase; ) # 1ut3u3fo9ekml1wjw1z31k0v3yk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ut3u3fo9ekml1wjw1z31k0v3yk|03|net"; nocase; ) # i21ytt17fgove1dnhcxlaado7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i21ytt17fgove1dnhcxlaado7t|03|net"; nocase; ) # 842epr12147kr1y6yut01ofxmvl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|842epr12147kr1y6yut01ofxmvl|03|biz"; nocase; ) # a65ayjzoz1a2qlc5za63xqck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a65ayjzoz1a2qlc5za63xqck|03|net"; nocase; ) # 1asxjnl1s8lbkq6q5poklfw43r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1asxjnl1s8lbkq6q5poklfw43r|03|net"; nocase; ) # 1pcw8de1b0vo1coz51nsjkkg0o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pcw8de1b0vo1coz51nsjkkg0o|03|biz"; nocase; ) # 10sk8e5vzghrck9jsmzuti9ya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10sk8e5vzghrck9jsmzuti9ya|03|com"; nocase; ) # gxlhoejgzaudonbtz91lxjlev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gxlhoejgzaudonbtz91lxjlev|03|com"; nocase; ) # 1waqkjw1icxyxzaluyok1efvdt5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1waqkjw1icxyxzaluyok1efvdt5|03|net"; nocase; ) # 1ui65b172n8hmp8an3612zlb48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ui65b172n8hmp8an3612zlb48|03|com"; nocase; ) # 1p480l51g9pq5f3kx2zk142ygkn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p480l51g9pq5f3kx2zk142ygkn|03|org"; nocase; ) # hpw5fs16k11o11ux922n3dei2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hpw5fs16k11o11ux922n3dei2v|03|org"; nocase; ) # l2zl38nc8jln2bwb4s19ung52.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l2zl38nc8jln2bwb4s19ung52|03|biz"; nocase; ) # sq35w71c6gni59rqul11roupup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sq35w71c6gni59rqul11roupup|03|net"; nocase; ) # 1cgf81is422uy1yax0vk14wh5mo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cgf81is422uy1yax0vk14wh5mo|03|com"; nocase; ) # 7r5xmh11piglc1xxf451aah1ee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7r5xmh11piglc1xxf451aah1ee|03|net"; nocase; ) # 1008fbw1xjhiik1wh2di7x35onw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1008fbw1xjhiik1wh2di7x35onw|03|org"; nocase; ) # 16u2rldt5tton8ajxkjkci86g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16u2rldt5tton8ajxkjkci86g|03|biz"; nocase; ) # 1740z2qazpcnesvuzkuit69a7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1740z2qazpcnesvuzkuit69a7|03|com"; nocase; ) # saeu2acajb5wfbgp91z7i3go.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|saeu2acajb5wfbgp91z7i3go|03|net"; nocase; ) # 1y5uq4j7yiwue13pbd22m11iob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y5uq4j7yiwue13pbd22m11iob|03|com"; nocase; ) # xr22pv1tzos0z1mtqhj3fdm0wv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xr22pv1tzos0z1mtqhj3fdm0wv|03|biz"; nocase; ) # 1aymg3x19qwqhz1rxnjlbe8dvso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aymg3x19qwqhz1rxnjlbe8dvso|03|net"; nocase; ) # 1p3s053rsky6j19kucm91yaqr23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3s053rsky6j19kucm91yaqr23|03|net"; nocase; ) # jhyr0n115w8ijfqho0w1hoys0t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhyr0n115w8ijfqho0w1hoys0t|03|org"; nocase; ) # e88l2u1kunhwo17q46tjswt2cg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e88l2u1kunhwo17q46tjswt2cg|03|org"; nocase; ) # qhienc1rqpsjbycyr7k1mf5htt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qhienc1rqpsjbycyr7k1mf5htt|03|net"; nocase; ) # 1j8cce81fqtqaefaxa8c1vi3a9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j8cce81fqtqaefaxa8c1vi3a9y|03|net"; nocase; ) # 1lr9gk519nuvmc1ptzgd14vzxme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lr9gk519nuvmc1ptzgd14vzxme|03|com"; nocase; ) # 1fxp4a51kigjjzxrht4v1sx7cdv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fxp4a51kigjjzxrht4v1sx7cdv|03|com"; nocase; ) # p87tnu1tdcjvbg7kt8i1a7fnrg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p87tnu1tdcjvbg7kt8i1a7fnrg|03|org"; nocase; ) # 13u6oa51r7q1fw1lwk4x6y9wjcn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13u6oa51r7q1fw1lwk4x6y9wjcn|03|biz"; nocase; ) # bcbgyy13pd8xzm8skqo1exjmd3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcbgyy13pd8xzm8skqo1exjmd3|03|net"; nocase; ) # 16sjoi6yhlngxgqcz26agj5yr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16sjoi6yhlngxgqcz26agj5yr|03|biz"; nocase; ) # c54mnk1vk84kd4zt5s8tezn5l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c54mnk1vk84kd4zt5s8tezn5l|03|biz"; nocase; ) # 1ghh60i106bo0a19hfxamx1y6is.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghh60i106bo0a19hfxamx1y6is|03|org"; nocase; ) # w1yce71ied6moem052urql4p1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w1yce71ied6moem052urql4p1|03|biz"; nocase; ) # ebrdco1fm7k38lfnbgr1enof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ebrdco1fm7k38lfnbgr1enof|03|org"; nocase; ) # 14uaw0x1utzlfa1gsnw981yekl9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14uaw0x1utzlfa1gsnw981yekl9c|03|net"; nocase; ) # vs55tlaxdgoo17sih841k9sval.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vs55tlaxdgoo17sih841k9sval|03|biz"; nocase; ) # 130lya81qhouon27cn90110r0bd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|130lya81qhouon27cn90110r0bd|03|net"; nocase; ) # 10lqg37t2zcr116y03swokn9us.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10lqg37t2zcr116y03swokn9us|03|com"; nocase; ) # 128uyj8out194lnp0r8zxnvyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|128uyj8out194lnp0r8zxnvyi|03|net"; nocase; ) # syp0ei7b74pf3p4j3m7pjgbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|syp0ei7b74pf3p4j3m7pjgbw|03|biz"; nocase; ) # 9g7fv51i42d3y1coenma1nxg7wj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9g7fv51i42d3y1coenma1nxg7wj|03|com"; nocase; ) # jcaohmug0uui1wns48g1ava66e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jcaohmug0uui1wns48g1ava66e|03|com"; nocase; ) # yx7lis1kqcoog1n2xh12ec2bto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yx7lis1kqcoog1n2xh12ec2bto|03|org"; nocase; ) # yvz68q1u43e1csnlh0j1ibspt5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yvz68q1u43e1csnlh0j1ibspt5|03|com"; nocase; ) # y3le2bhxpcqb3zwd8t1l0hioh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y3le2bhxpcqb3zwd8t1l0hioh|03|net"; nocase; ) # 18dsqz41d1kprc1syr77h1a93tvg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18dsqz41d1kprc1syr77h1a93tvg|03|org"; nocase; ) # 14khvjq1x0pzos1dkuxvy166gxzb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14khvjq1x0pzos1dkuxvy166gxzb|03|biz"; nocase; ) # 14ir9eh9kjmmn142u8z416hi4pr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ir9eh9kjmmn142u8z416hi4pr|03|net"; nocase; ) # 1he0jpy1df0dgynur62t1d2wh7u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1he0jpy1df0dgynur62t1d2wh7u|03|org"; nocase; ) # m2eqa73zlzq5mggdd37s11w8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m2eqa73zlzq5mggdd37s11w8|03|com"; nocase; ) # 15tz6dcl7907uzus3v21mu8rr9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tz6dcl7907uzus3v21mu8rr9|03|biz"; nocase; ) # 15qdlkz1phhebuw24t621w1i297.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15qdlkz1phhebuw24t621w1i297|03|net"; nocase; ) # qovzcapp082c9u9oy8vbrof2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qovzcapp082c9u9oy8vbrof2|03|biz"; nocase; ) # 5lz3u4rp7prpt03xdc10yjqby.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5lz3u4rp7prpt03xdc10yjqby|03|net"; nocase; ) # 5vaps81afqp7mzsdw9184lok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5vaps81afqp7mzsdw9184lok|03|net"; nocase; ) # fki7m4ql6hwn122wfjr1r78lcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fki7m4ql6hwn122wfjr1r78lcq|03|com"; nocase; ) # 3uhqlwj7qnebxsw2qs11nnbk0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3uhqlwj7qnebxsw2qs11nnbk0|03|biz"; nocase; ) # 1szdw0213tyh7b1k9vlir1m805zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1szdw0213tyh7b1k9vlir1m805zw|03|org"; nocase; ) # 1c2us2oz7qrtl1wohb0z14y8fzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c2us2oz7qrtl1wohb0z14y8fzj|03|com"; nocase; ) # 1o4bz3t1uc6ypfu96giv18yyepg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4bz3t1uc6ypfu96giv18yyepg|03|net"; nocase; ) # 1bjvj711rxrr021tttsg01aj5rl1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bjvj711rxrr021tttsg01aj5rl1|03|net"; nocase; ) # 19lu2ss47rate1paw8jv1efp1el.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19lu2ss47rate1paw8jv1efp1el|03|org"; nocase; ) # 15phhc9nyg8cr1u4w1zciphqs0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15phhc9nyg8cr1u4w1zciphqs0|03|org"; nocase; ) # k866ax175mjal1l6ut34kgkzzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k866ax175mjal1l6ut34kgkzzz|03|net"; nocase; ) # 7bbaecjcjhdo1f4vr7f15w9vih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7bbaecjcjhdo1f4vr7f15w9vih|03|net"; nocase; ) # j439wl1lnarkz11zwl94zthg8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j439wl1lnarkz11zwl94zthg8g|03|org"; nocase; ) # ymfwayskunhdpvokzb1tpx8pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ymfwayskunhdpvokzb1tpx8pm|03|net"; nocase; ) # dz9hk912l2nmq1fmatna18bn2tp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dz9hk912l2nmq1fmatna18bn2tp|03|org"; nocase; ) # okeljmwkbki1k5uivimi5m97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|okeljmwkbki1k5uivimi5m97|03|net"; nocase; ) # 1rjenhm1qtkxbabigtf2gdiih7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rjenhm1qtkxbabigtf2gdiih7|03|net"; nocase; ) # 13llda113i465s1f9711f1xb0p8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13llda113i465s1f9711f1xb0p8|03|org"; nocase; ) # 1fybdsya2gilpb3vuor993yoq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fybdsya2gilpb3vuor993yoq|03|net"; nocase; ) # 1ssylbv1i2a67k5d1qx16u2oez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ssylbv1i2a67k5d1qx16u2oez|03|org"; nocase; ) # 1zxb5atwhwws8ydl4ocwxm8e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1zxb5atwhwws8ydl4ocwxm8e|03|net"; nocase; ) # guisbt1qg8q986i7a5beityyr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|guisbt1qg8q986i7a5beityyr|03|com"; nocase; ) # hocate19yk8cs17j3ntc12dgw6b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hocate19yk8cs17j3ntc12dgw6b|03|biz"; nocase; ) # 1cg86ylisis191csoxi516u4l52.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cg86ylisis191csoxi516u4l52|03|net"; nocase; ) # 1xufwek1yxh5dq1m1wn7k1x1ddlt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xufwek1yxh5dq1m1wn7k1x1ddlt|03|net"; nocase; ) # id9t2m18n440o1nstq6f1sea1dy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|id9t2m18n440o1nstq6f1sea1dy|03|biz"; nocase; ) # 1s71kjl1rfopph18f7dj7s93sjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s71kjl1rfopph18f7dj7s93sjq|03|net"; nocase; ) # 1v19pmg1hg1m0v1jrybsyg0z5i0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v19pmg1hg1m0v1jrybsyg0z5i0|03|org"; nocase; ) # 19q6v5snax6mi18g9vw28otyuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19q6v5snax6mi18g9vw28otyuo|03|net"; nocase; ) # 1rdkavcq6ds8d1prkgm9q0832z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdkavcq6ds8d1prkgm9q0832z|03|com"; nocase; ) # uvkses1j79ix61si1kn1jenj0x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uvkses1j79ix61si1kn1jenj0x|03|net"; nocase; ) # 1mltjss18lfjysc1e06o16e56ms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mltjss18lfjysc1e06o16e56ms|03|biz"; nocase; ) # 1o10uqi14sy20rxrdl071lgkkd0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o10uqi14sy20rxrdl071lgkkd0|03|net"; nocase; ) # twizwd1lkhi0q1r6pjdi1tggseg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|twizwd1lkhi0q1r6pjdi1tggseg|03|net"; nocase; ) # p9zrb21i5vb2q1xq542b14x1r5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p9zrb21i5vb2q1xq542b14x1r5m|03|net"; nocase; ) # mvs2tb182usbhzzyjej1k0pg85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mvs2tb182usbhzzyjej1k0pg85|03|net"; nocase; ) # 1dklb3d6wvi0f185wyn4ylnz5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dklb3d6wvi0f185wyn4ylnz5l|03|net"; nocase; ) # 1g9y5cb145ababsffrh8d3ox02.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9y5cb145ababsffrh8d3ox02|03|com"; nocase; ) # aojqw51qjvbms1h5m6h21iqje03.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aojqw51qjvbms1h5m6h21iqje03|03|biz"; nocase; ) # 1trr9md1lhx1mqc9qgxm14q6jb0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1trr9md1lhx1mqc9qgxm14q6jb0|03|net"; nocase; ) # 11f7e4aqergtxj535hbgyofly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11f7e4aqergtxj535hbgyofly|03|org"; nocase; ) # 9y5klhqy945wsb4vs1va5xfr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9y5klhqy945wsb4vs1va5xfr|03|biz"; nocase; ) # 1xrwh3ae7r0t5t44aigpy45bx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xrwh3ae7r0t5t44aigpy45bx|03|com"; nocase; ) # 5o29vw1g5janaop0k9s13rbzf9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5o29vw1g5janaop0k9s13rbzf9|03|com"; nocase; ) # zmhqjbp7a127uuhb3c1u7nji0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zmhqjbp7a127uuhb3c1u7nji0|03|net"; nocase; ) # 1yvpdzl1murzvl23csny5mvsj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yvpdzl1murzvl23csny5mvsj7|03|net"; nocase; ) # 3u41kn13n3v3d1t0c8y7ls2vlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3u41kn13n3v3d1t0c8y7ls2vlh|03|org"; nocase; ) # i6e4le1dmxko118c5ybra66fmm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6e4le1dmxko118c5ybra66fmm|03|net"; nocase; ) # 1wiy7r01nduxabbm1kk51ycw5n1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wiy7r01nduxabbm1kk51ycw5n1|03|net"; nocase; ) # eoi108x2vox1a8j5go1jj2x4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eoi108x2vox1a8j5go1jj2x4t|03|com"; nocase; ) # 1do4ekrjp4euifg52jatrwnhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1do4ekrjp4euifg52jatrwnhs|03|com"; nocase; ) # xnrgbo11tcpcld4mcxx1sgcw8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xnrgbo11tcpcld4mcxx1sgcw8i|03|com"; nocase; ) # aswpvz18zhgy21frhmzxxh0cqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aswpvz18zhgy21frhmzxxh0cqy|03|org"; nocase; ) # 8mk8dt1lgoj5qdhybss1en5yrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8mk8dt1lgoj5qdhybss1en5yrd|03|net"; nocase; ) # 1oe9p941yx2f9u1jutjn7o202pi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oe9p941yx2f9u1jutjn7o202pi|03|org"; nocase; ) # yho6bz7syrdl1jrkhmo1wza6u9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yho6bz7syrdl1jrkhmo1wza6u9|03|biz"; nocase; ) # xbjm6akd0lx91memvyf13n698r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xbjm6akd0lx91memvyf13n698r|03|org"; nocase; ) # 17hnd7n17twoz5rg5ypmez3gw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17hnd7n17twoz5rg5ypmez3gw6|03|net"; nocase; ) # 7dtf4a1u1hx6s1o1gb891rjskwm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7dtf4a1u1hx6s1o1gb891rjskwm|03|com"; nocase; ) # 16w4enbb69ag0omqk0012d2ifo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16w4enbb69ag0omqk0012d2ifo|03|net"; nocase; ) # 1qxk8ogo4hlw21vjc4ywrrx2k3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qxk8ogo4hlw21vjc4ywrrx2k3|03|net"; nocase; ) # 17vlsto12xameei8e9ww1gxzbea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17vlsto12xameei8e9ww1gxzbea|03|biz"; nocase; ) # 16nnqgwmmc54acv0g0ifpaqnb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16nnqgwmmc54acv0g0ifpaqnb|03|net"; nocase; ) # pae0jo1rpf4mfxb3cnx1ssipy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pae0jo1rpf4mfxb3cnx1ssipy8|03|net"; nocase; ) # 1b5tn241dk6z7qznmz9wl8t8bn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b5tn241dk6z7qznmz9wl8t8bn|03|org"; nocase; ) # 1cmjp7dvggu4u1t6jya7vfr7ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cmjp7dvggu4u1t6jya7vfr7ty|03|net"; nocase; ) # ao675b2ardua1z06bv1a1feyi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ao675b2ardua1z06bv1a1feyi|03|biz"; nocase; ) # 16h15warnh02g11xlrv4zqhx5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16h15warnh02g11xlrv4zqhx5m|03|net"; nocase; ) # 1to4h7513mvene7apbwt1e0iq89.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1to4h7513mvene7apbwt1e0iq89|03|biz"; nocase; ) # 8wmavx1dm56t9158g6cn1rj8zeo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8wmavx1dm56t9158g6cn1rj8zeo|03|biz"; nocase; ) # gic4dr1ue7pmqx5sfsj13sp0sk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gic4dr1ue7pmqx5sfsj13sp0sk|03|org"; nocase; ) # 5fve821i8rakexizlxjnvd5vc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fve821i8rakexizlxjnvd5vc|03|net"; nocase; ) # sz4lycvtefip1h3urh01ou2jaw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sz4lycvtefip1h3urh01ou2jaw|03|biz"; nocase; ) # 8o43hq1dlc0gq16mxazj1byf089.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8o43hq1dlc0gq16mxazj1byf089|03|com"; nocase; ) # 1v2pro77o1znamg1gc812oyy8j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2pro77o1znamg1gc812oyy8j|03|com"; nocase; ) # rbg1z11dvlhjcgqoudw10nvttu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rbg1z11dvlhjcgqoudw10nvttu|03|net"; nocase; ) # 1hnpdltwbml53bihq841vuj3gw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hnpdltwbml53bihq841vuj3gw|03|biz"; nocase; ) # di2831r3y14fdj9pdqx047c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|di2831r3y14fdj9pdqx047c|03|org"; nocase; ) # 14hzrej4rye8e12tm4lq154sir6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hzrej4rye8e12tm4lq154sir6|03|org"; nocase; ) # m3rftobfj7nxeebu2g7a86gt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m3rftobfj7nxeebu2g7a86gt|03|com"; nocase; ) # 1fq92hgevyodtbnpztg1pn7r3g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fq92hgevyodtbnpztg1pn7r3g|03|net"; nocase; ) # 1m83f1n4bmmu3s8tnyj100ojwp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m83f1n4bmmu3s8tnyj100ojwp|03|net"; nocase; ) # r0pznx1fxln4287z9501kxd8bk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r0pznx1fxln4287z9501kxd8bk|03|com"; nocase; ) # oqvgv6swm0c4rnvc8tx9qlny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oqvgv6swm0c4rnvc8tx9qlny|03|net"; nocase; ) # 9orlv4a8emetr1jga116s8t80.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9orlv4a8emetr1jga116s8t80|03|biz"; nocase; ) # wl2n5h1dyvtya13sp72i1gt1ea6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wl2n5h1dyvtya13sp72i1gt1ea6|03|net"; nocase; ) # 1x31zg1qacgdtx5ibso1waustc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x31zg1qacgdtx5ibso1waustc|03|com"; nocase; ) # ynznfp13x98jp11i0f69158qsc9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ynznfp13x98jp11i0f69158qsc9|03|com"; nocase; ) # 1i5fdblb5w97d1dhjpar1q9qgk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i5fdblb5w97d1dhjpar1q9qgk7|03|net"; nocase; ) # 18m0wv3m4nq1p129s0asl0m2dg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18m0wv3m4nq1p129s0asl0m2dg|03|com"; nocase; ) # x9n6u319i9n8q1q44c0d146nf8y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x9n6u319i9n8q1q44c0d146nf8y|03|net"; nocase; ) # 1fws9k1ynvzr51llwm2beax26x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fws9k1ynvzr51llwm2beax26x|03|org"; nocase; ) # kpd5m0pjwtdxbzkbxj1r2dtpq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kpd5m0pjwtdxbzkbxj1r2dtpq|03|net"; nocase; ) # m8i03313qcdennaslfuuzjwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m8i03313qcdennaslfuuzjwp|03|com"; nocase; ) # n1cu45xr0v1rvd2k3q227i5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|n1cu45xr0v1rvd2k3q227i5|03|org"; nocase; ) # tvwb0xiymnex19ojtye1u298dt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tvwb0xiymnex19ojtye1u298dt|03|biz"; nocase; ) # p8xct31jz0yox17nkxyghs755i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8xct31jz0yox17nkxyghs755i|03|net"; nocase; ) # 1tb8x25162laudfg5wlt1wgdxw2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tb8x25162laudfg5wlt1wgdxw2|03|org"; nocase; ) # an8ft3l4ptgm14yzrl2f2w4z8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|an8ft3l4ptgm14yzrl2f2w4z8|03|com"; nocase; ) # 1ck3q3px41eyr18t13ot1v3oz3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ck3q3px41eyr18t13ot1v3oz3o|03|net"; nocase; ) # cqjmc0a7ur3q116igvu1pzvcrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cqjmc0a7ur3q116igvu1pzvcrn|03|com"; nocase; ) # 10v1183utaxtglh8zj71rjv0nu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10v1183utaxtglh8zj71rjv0nu|03|net"; nocase; ) # p5vks1ks0d791hc30421vdope6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p5vks1ks0d791hc30421vdope6|03|net"; nocase; ) # 1v32eeduveruq10bn8wq1svi68u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v32eeduveruq10bn8wq1svi68u|03|org"; nocase; ) # isw3hk11penx710ahzy51c1si2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|isw3hk11penx710ahzy51c1si2e|03|com"; nocase; ) # vewb83degkryompkbj17zpsan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vewb83degkryompkbj17zpsan|03|com"; nocase; ) # p24xg35rht11fx80251t62mpc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p24xg35rht11fx80251t62mpc|03|org"; nocase; ) # l6cztr1xwfnno221t1v9t00r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l6cztr1xwfnno221t1v9t00r|03|org"; nocase; ) # 3h38ct1lqr3vp1durcgu43vdre.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3h38ct1lqr3vp1durcgu43vdre|03|biz"; nocase; ) # 1cr58so1owr9am7z4a94gxyp2a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cr58so1owr9am7z4a94gxyp2a|03|net"; nocase; ) # 3ywbfc4th3lwmjayfl5oxo5z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ywbfc4th3lwmjayfl5oxo5z|03|biz"; nocase; ) # 102f4wjx80oncgtqyi1refbeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|102f4wjx80oncgtqyi1refbeb|03|com"; nocase; ) # 1qf3rqf18agfmq18xrwu0vemvpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qf3rqf18agfmq18xrwu0vemvpk|03|net"; nocase; ) # 1j50s7def1801yxftr292qa2u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j50s7def1801yxftr292qa2u|03|biz"; nocase; ) # icxus7gf6hbhn8cp111eqptyq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icxus7gf6hbhn8cp111eqptyq|03|org"; nocase; ) # 1fnakec1o2kxdx3fc14g1nljht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fnakec1o2kxdx3fc14g1nljht|03|net"; nocase; ) # 1mnwhlo19be2141fdcusxx7746t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnwhlo19be2141fdcusxx7746t|03|biz"; nocase; ) # 1jxz0l141v3aaa6pogmsu6fca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jxz0l141v3aaa6pogmsu6fca|03|net"; nocase; ) # l7ibts9guzi87ol9i41kx6kx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l7ibts9guzi87ol9i41kx6kx4|03|com"; nocase; ) # hfwvka1ynpuif1nhwftx8kom0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfwvka1ynpuif1nhwftx8kom0d|03|org"; nocase; ) # 1wwimmq1uqr5md1lzxdie1p2mnrk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wwimmq1uqr5md1lzxdie1p2mnrk|03|biz"; nocase; ) # g9uruu1c45z9t1r4qhk61nh4s7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g9uruu1c45z9t1r4qhk61nh4s7h|03|org"; nocase; ) # 1tjkt23jify2gx1limc181s39o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tjkt23jify2gx1limc181s39o|03|net"; nocase; ) # kblr6z1b1vb00qqq18athxb26.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kblr6z1b1vb00qqq18athxb26|03|biz"; nocase; ) # 1vdvokp19q8sch182dkqr1uu48h0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vdvokp19q8sch182dkqr1uu48h0|03|org"; nocase; ) # 10t8s3w168m14d1ie7g7p1be2ii2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10t8s3w168m14d1ie7g7p1be2ii2|03|net"; nocase; ) # 1sn4y5ai6irn62j4c61kh9lxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sn4y5ai6irn62j4c61kh9lxw|03|net"; nocase; ) # 1tc59g11059t1v1x5hr311xqkfxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tc59g11059t1v1x5hr311xqkfxw|03|com"; nocase; ) # 15tiy5cjwc8c9sanmm51hp65np.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tiy5cjwc8c9sanmm51hp65np|03|net"; nocase; ) # 1bxshes37w7nf1moasn11cymclk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bxshes37w7nf1moasn11cymclk|03|org"; nocase; ) # o33y1910ruj6oqfxbq317luoj5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o33y1910ruj6oqfxbq317luoj5|03|net"; nocase; ) # 1iyz9s91xby6m77r7746kr0xmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iyz9s91xby6m77r7746kr0xmh|03|com"; nocase; ) # 1x9xf3ael03t01r4snsc10k7741.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x9xf3ael03t01r4snsc10k7741|03|biz"; nocase; ) # 100wiyu7tjbg1748zppho4exa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|100wiyu7tjbg1748zppho4exa|03|com"; nocase; ) # gu4o4jz8u13wwb08nsi10hbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gu4o4jz8u13wwb08nsi10hbs|03|net"; nocase; ) # 1i7op44soj6v5dold6p1sz5wq4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i7op44soj6v5dold6p1sz5wq4|03|com"; nocase; ) # 14rx7nkplg4k11kcmgni1v0ulwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14rx7nkplg4k11kcmgni1v0ulwu|03|net"; nocase; ) # 1g763bt2dj9bc1cgj8v61vypx82.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g763bt2dj9bc1cgj8v61vypx82|03|net"; nocase; ) # 6j4nkt13tg0z2123r0jzaz7r2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6j4nkt13tg0z2123r0jzaz7r2p|03|org"; nocase; ) # ck2x9q1221y6gsazqfm1vuyzyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ck2x9q1221y6gsazqfm1vuyzyc|03|net"; nocase; ) # 1cj7z5c14v7kh21jwdn9vz546am.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cj7z5c14v7kh21jwdn9vz546am|03|biz"; nocase; ) # p3xcbp1ln03xmx4zuc918sosva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p3xcbp1ln03xmx4zuc918sosva|03|com"; nocase; ) # nbomp3enib016bqzud1xmm68k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nbomp3enib016bqzud1xmm68k|03|biz"; nocase; ) # c2po0xmo5ogmkdw9wn1svwcwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c2po0xmo5ogmkdw9wn1svwcwi|03|com"; nocase; ) # 14r6o7jar99urlojsrbqpzgbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14r6o7jar99urlojsrbqpzgbz|03|net"; nocase; ) # 1m9lfnu1x01q89gfqqrf1frn1s2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9lfnu1x01q89gfqqrf1frn1s2|03|net"; nocase; ) # 9bii861ci43lkxh4u6n1yf0zm6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9bii861ci43lkxh4u6n1yf0zm6|03|biz"; nocase; ) # b4os2w1hfjalv3ocqd91oyu8on.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4os2w1hfjalv3ocqd91oyu8on|03|com"; nocase; ) # 1abmwbruk4no79bk2ot12hc3qp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1abmwbruk4no79bk2ot12hc3qp|03|com"; nocase; ) # bj6qrbjzd39x1xz0g791k90z9f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bj6qrbjzd39x1xz0g791k90z9f|03|biz"; nocase; ) # miw051l264r1oa3s82owa81l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|miw051l264r1oa3s82owa81l|03|com"; nocase; ) # 18yr3wy1er7c07u5vxlsr8rkkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18yr3wy1er7c07u5vxlsr8rkkn|03|net"; nocase; ) # 64xvya13he966pmue5bx4zont.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|64xvya13he966pmue5bx4zont|03|org"; nocase; ) # p4iz5nn37iw31grwa0h18c503d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4iz5nn37iw31grwa0h18c503d|03|net"; nocase; ) # 1bvix5o1srfwe116qvh98hduk80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bvix5o1srfwe116qvh98hduk80|03|net"; nocase; ) # lstyph1fo6uud1dwqhvqf379js.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lstyph1fo6uud1dwqhvqf379js|03|net"; nocase; ) # 1imlmq1197fqow18o1jqn2x50hw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1imlmq1197fqow18o1jqn2x50hw|03|com"; nocase; ) # mdbco21d7obftmya3bo1jsv77i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mdbco21d7obftmya3bo1jsv77i|03|biz"; nocase; ) # 18ya5ox1uo2zdd1d2gf1q1ep34f6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18ya5ox1uo2zdd1d2gf1q1ep34f6|03|com"; nocase; ) # 16dxd3a1tsxtpq1xux4ux17m9zvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16dxd3a1tsxtpq1xux4ux17m9zvb|03|biz"; nocase; ) # 1hkh0bjqj5qnnz1ol1g1mj1zzl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkh0bjqj5qnnz1ol1g1mj1zzl|03|biz"; nocase; ) # 15kkmd63mqfwc1j7j6tmx5tkox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15kkmd63mqfwc1j7j6tmx5tkox|03|biz"; nocase; ) # 1v5p11l1kymtgcddwgji56cyx2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5p11l1kymtgcddwgji56cyx2|03|com"; nocase; ) # 1ndfr5t1l7fs9tt9lflydqzo6r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ndfr5t1l7fs9tt9lflydqzo6r|03|biz"; nocase; ) # avw7xtnxcfox44t7tmmsueph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|avw7xtnxcfox44t7tmmsueph|03|biz"; nocase; ) # li53m1p4lv131w4sjjh46cbez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|li53m1p4lv131w4sjjh46cbez|03|com"; nocase; ) # jhxtqw1vwshvy7e7wg7bsma72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jhxtqw1vwshvy7e7wg7bsma72|03|org"; nocase; ) # av4y4e16lffudhkrq95v8fh3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|av4y4e16lffudhkrq95v8fh3i|03|com"; nocase; ) # 1g35mh519gyp5dfsaguq19b4l4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g35mh519gyp5dfsaguq19b4l4u|03|net"; nocase; ) # 1smrsvb1rbsmk14x8bmdkhatoe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1smrsvb1rbsmk14x8bmdkhatoe|03|com"; nocase; ) # ogklk81uedje81745fomuozppr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ogklk81uedje81745fomuozppr|03|org"; nocase; ) # 1fynxl6dwxvvbqt57mhfnd5g2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fynxl6dwxvvbqt57mhfnd5g2|03|biz"; nocase; ) # 338pfc1guanrdqgy6lq1a13iy7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|338pfc1guanrdqgy6lq1a13iy7|03|biz"; nocase; ) # 1wg0ub7f2pc4v1izkj3214mi7ud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wg0ub7f2pc4v1izkj3214mi7ud|03|net"; nocase; ) # vqpxc3ego08vqqvlkymin8dn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vqpxc3ego08vqqvlkymin8dn|03|org"; nocase; ) # 10oq1lxvzdkt1o5b8p16nyi9d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10oq1lxvzdkt1o5b8p16nyi9d|03|biz"; nocase; ) # oce2j7m264qv1hzp2t1jsztgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oce2j7m264qv1hzp2t1jsztgp|03|org"; nocase; ) # l9vvtorqzj9q14dgdfo14j43np.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l9vvtorqzj9q14dgdfo14j43np|03|net"; nocase; ) # 1a08q9y19r0uhnpt9gtqim3c1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a08q9y19r0uhnpt9gtqim3c1q|03|net"; nocase; ) # n2quxdaid6ml5enq2j1evyq8w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n2quxdaid6ml5enq2j1evyq8w|03|com"; nocase; ) # zwclgp15c5jnu4qdpjbogoc6v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwclgp15c5jnu4qdpjbogoc6v|03|org"; nocase; ) # 17fowlmwcrmvqc3pausjvvgl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17fowlmwcrmvqc3pausjvvgl8|03|com"; nocase; ) # 1n2ahx513vb1am14d58bq4myups.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n2ahx513vb1am14d58bq4myups|03|net"; nocase; ) # 1h5qx1c1fufob1a5ie52190beoh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5qx1c1fufob1a5ie52190beoh|03|com"; nocase; ) # sm3sc91nxlxy2m74z9cp9r2ep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sm3sc91nxlxy2m74z9cp9r2ep|03|org"; nocase; ) # 1xmqi0qjoj66yiy5zm01h5e5ud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmqi0qjoj66yiy5zm01h5e5ud|03|net"; nocase; ) # 1g0497lv2h4k0tbauaz1mhe1vw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g0497lv2h4k0tbauaz1mhe1vw|03|biz"; nocase; ) # a4hf7xa035q0otwmmx1bo5n9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a4hf7xa035q0otwmmx1bo5n9m|03|net"; nocase; ) # 1xg8g1p1yjegm31b6fg661tjw3d3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xg8g1p1yjegm31b6fg661tjw3d3|03|org"; nocase; ) # ei2f8yi4y8kq17bdiog1i62y6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ei2f8yi4y8kq17bdiog1i62y6|03|org"; nocase; ) # f3t6fw1nukp401qlvfc91p15yj8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f3t6fw1nukp401qlvfc91p15yj8|03|net"; nocase; ) # aau0vmpn118nkqi1q31am3zyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aau0vmpn118nkqi1q31am3zyx|03|com"; nocase; ) # 1c482dg6kxtfjhpmoyrx912vf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c482dg6kxtfjhpmoyrx912vf|03|net"; nocase; ) # 1owtjmsxkhtuywkhopm8gsthm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1owtjmsxkhtuywkhopm8gsthm|03|biz"; nocase; ) # 1o4ysc3ddbnqa1yo202f1ouwhwk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4ysc3ddbnqa1yo202f1ouwhwk|03|net"; nocase; ) # 1aql45j1mi7wionarrs31knspa3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aql45j1mi7wionarrs31knspa3|03|biz"; nocase; ) # 18sjc2v1o37myt13xzhkz1w948ki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18sjc2v1o37myt13xzhkz1w948ki|03|net"; nocase; ) # ikibx71ruh41ooshp951ujcw0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikibx71ruh41ooshp951ujcw0x|03|org"; nocase; ) # 10l5o9v1j3ljjd1pa3fiy1rwls89.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10l5o9v1j3ljjd1pa3fiy1rwls89|03|net"; nocase; ) # 1p0w58h17cx76w1x5bvxi1h27dao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p0w58h17cx76w1x5bvxi1h27dao|03|net"; nocase; ) # hutsi1jrs4ko7y8fb10wignm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hutsi1jrs4ko7y8fb10wignm|03|com"; nocase; ) # 1oitfxh1ijdeu212ki6l0fu4m4j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oitfxh1ijdeu212ki6l0fu4m4j|03|net"; nocase; ) # 1mfp7xifh51c41djfs08rcfrvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mfp7xifh51c41djfs08rcfrvz|03|com"; nocase; ) # aqy26j14hd1g72e7t4d1nq0sf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aqy26j14hd1g72e7t4d1nq0sf|03|biz"; nocase; ) # q8hw011ff0zvj1svs61kysyip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q8hw011ff0zvj1svs61kysyip|03|net"; nocase; ) # 1r5yupqvnqgie1jgyzrapbd524.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r5yupqvnqgie1jgyzrapbd524|03|org"; nocase; ) # mkbr1bbqqejfa6x602vg9bc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mkbr1bbqqejfa6x602vg9bc1|03|com"; nocase; ) # 1iruo7ttw1la3xxrbgr1imbgfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iruo7ttw1la3xxrbgr1imbgfb|03|net"; nocase; ) # 1dfueog1r4umyf1dtgl1hlb18yt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dfueog1r4umyf1dtgl1hlb18yt|03|net"; nocase; ) # nom9ku1cyw5p6pekziz10hsbxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nom9ku1cyw5p6pekziz10hsbxb|03|org"; nocase; ) # 1d2a35l1s5xqg3gg24nwd98je.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d2a35l1s5xqg3gg24nwd98je|03|biz"; nocase; ) # qxx54o1h0vfg3tmy1gqmbl65e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qxx54o1h0vfg3tmy1gqmbl65e|03|org"; nocase; ) # 1erfiy670u2k21xvc7rd7en6e1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1erfiy670u2k21xvc7rd7en6e1|03|com"; nocase; ) # 1dce7ghmnoaay14ilz513hmfca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dce7ghmnoaay14ilz513hmfca|03|biz"; nocase; ) # 1ksv97w1m9txfb52oc9l18rjnxd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ksv97w1m9txfb52oc9l18rjnxd|03|net"; nocase; ) # 1tlf48p1lu04i7y6vjfckt8idl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tlf48p1lu04i7y6vjfckt8idl|03|biz"; nocase; ) # 1nnnapb16568271tnvqtlplcc97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nnnapb16568271tnvqtlplcc97|03|org"; nocase; ) # 1sdciab1204vtj5rscbn166wajc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sdciab1204vtj5rscbn166wajc|03|com"; nocase; ) # xnubj313vkmpt197mm5k1oduj7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xnubj313vkmpt197mm5k1oduj7b|03|com"; nocase; ) # 3gwflg1aah9lp1cataqbyolb1l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3gwflg1aah9lp1cataqbyolb1l|03|net"; nocase; ) # 1l3okqv14dinhq8hzi0k1xy21am.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l3okqv14dinhq8hzi0k1xy21am|03|net"; nocase; ) # soiueq1agghaapswtxs1fbo75r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|soiueq1agghaapswtxs1fbo75r|03|org"; nocase; ) # s6yw9p1tnavwt12b39gdnfsuok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6yw9p1tnavwt12b39gdnfsuok|03|net"; nocase; ) # 2eub1o140990lern9ji18is72s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2eub1o140990lern9ji18is72s|03|net"; nocase; ) # 35p4xj1vpqi11iwtnb1195i3li.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|35p4xj1vpqi11iwtnb1195i3li|03|net"; nocase; ) # 1mrjkpati534x1ma2ocr1jlmhtc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mrjkpati534x1ma2ocr1jlmhtc|03|com"; nocase; ) # vyzgjy1kpygtctis0c0kzczyi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vyzgjy1kpygtctis0c0kzczyi|03|org"; nocase; ) # ltjk8l1lmggpwigx0p31b44siv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ltjk8l1lmggpwigx0p31b44siv|03|net"; nocase; ) # ubqvte1pjuxvp1vf531a153jd53.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ubqvte1pjuxvp1vf531a153jd53|03|biz"; nocase; ) # tmd70o16em9r6ithcnwtn21c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tmd70o16em9r6ithcnwtn21c|03|net"; nocase; ) # 1w3tev1oi0yr5hhjp671a3ugug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w3tev1oi0yr5hhjp671a3ugug|03|com"; nocase; ) # mf8aa511ioamn1xzjkmpvqo2hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mf8aa511ioamn1xzjkmpvqo2hk|03|net"; nocase; ) # j21nz319adq8f1ukl6ow1mwv2za.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j21nz319adq8f1ukl6ow1mwv2za|03|com"; nocase; ) # 9486fx1dfkeud99tdj71my8rpa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9486fx1dfkeud99tdj71my8rpa|03|net"; nocase; ) # 93hhijysulfs19incz1sncdwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93hhijysulfs19incz1sncdwa|03|org"; nocase; ) # 1535jxe8r4i4y1wllbno12gpdwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1535jxe8r4i4y1wllbno12gpdwg|03|net"; nocase; ) # 15zvmhpf4hu7f1r4xyw31gagtou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15zvmhpf4hu7f1r4xyw31gagtou|03|com"; nocase; ) # 1j3u073f3bwro4juvzk453s2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j3u073f3bwro4juvzk453s2z|03|net"; nocase; ) # 14ev3mn1hebbaqycfnbc13fzc6c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ev3mn1hebbaqycfnbc13fzc6c|03|net"; nocase; ) # 4sg96p1lfuy6ynpi09n14z6nqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4sg96p1lfuy6ynpi09n14z6nqj|03|biz"; nocase; ) # penptw16wyyzb1musih3n5ein9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|penptw16wyyzb1musih3n5ein9|03|com"; nocase; ) # ghicvq16fg83s1g5fx0afxfypp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ghicvq16fg83s1g5fx0afxfypp|03|net"; nocase; ) # 1me18dz1lj48un1x7pamqxc5exq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1me18dz1lj48un1x7pamqxc5exq|03|org"; nocase; ) # wdw6tr19fgt8ut3dsqrrl9yc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wdw6tr19fgt8ut3dsqrrl9yc6|03|com"; nocase; ) # 1ba4gl71dkkvyn15brzwsnavejt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ba4gl71dkkvyn15brzwsnavejt|03|org"; nocase; ) # 1y8vxqq9qi1cz1kzx6531bxj2nh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8vxqq9qi1cz1kzx6531bxj2nh|03|biz"; nocase; ) # 15q3snh6fm5gu1wb4cw01c6yp6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15q3snh6fm5gu1wb4cw01c6yp6u|03|com"; nocase; ) # 18mb399qup46d1mnc4jm1l3kevd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18mb399qup46d1mnc4jm1l3kevd|03|net"; nocase; ) # qb9hye1q7hiqe1bq45pm149ws40.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qb9hye1q7hiqe1bq45pm149ws40|03|biz"; nocase; ) # 1t3n9bhj0bm2b1rah7596mhiee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t3n9bhj0bm2b1rah7596mhiee|03|net"; nocase; ) # 1by34z818bpnvc1mrnxyldlz19a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1by34z818bpnvc1mrnxyldlz19a|03|net"; nocase; ) # 2vqee95nciie1j14kjwzrv3cy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2vqee95nciie1j14kjwzrv3cy|03|biz"; nocase; ) # x6ty3p1rvgv321nztz0r3ldywd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x6ty3p1rvgv321nztz0r3ldywd|03|com"; nocase; ) # ad5pzmz88yqnjokywq1gdcakf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ad5pzmz88yqnjokywq1gdcakf|03|org"; nocase; ) # yxu4vv8bqfr3lkmue0x2gukv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yxu4vv8bqfr3lkmue0x2gukv|03|com"; nocase; ) # y7j4d1ztcydl3tkc9o20r59a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y7j4d1ztcydl3tkc9o20r59a|03|org"; nocase; ) # eiazcq1rjswes1r864wtmvbq86.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eiazcq1rjswes1r864wtmvbq86|03|net"; nocase; ) # rqyuhd183mzjwo9vm7i1276tq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rqyuhd183mzjwo9vm7i1276tq8|03|net"; nocase; ) # 1g3ufjj5k3l861ua1tkkpdo8ay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g3ufjj5k3l861ua1tkkpdo8ay|03|com"; nocase; ) # hlolu2v3xlsqsl94u9lay0l8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hlolu2v3xlsqsl94u9lay0l8|03|org"; nocase; ) # 64hczp1vb5qwp1854ufd1sxw65q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|64hczp1vb5qwp1854ufd1sxw65q|03|net"; nocase; ) # 20mplz9bksqlh2xev80ov8a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|20mplz9bksqlh2xev80ov8a|03|com"; nocase; ) # 1gaje5e1ek7lgg1kdkxc615ndif6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gaje5e1ek7lgg1kdkxc615ndif6|03|com"; nocase; ) # 7lncxs9n9uym1adiykd18x34sm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7lncxs9n9uym1adiykd18x34sm|03|net"; nocase; ) # 185py281x5mc1t1clqu0hyg58ik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|185py281x5mc1t1clqu0hyg58ik|03|net"; nocase; ) # n86t8x18uv51o1xf8zz1vqasq9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n86t8x18uv51o1xf8zz1vqasq9|03|org"; nocase; ) # b4y5ha1wk8a3lqumlo9dc0lbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b4y5ha1wk8a3lqumlo9dc0lbr|03|com"; nocase; ) # 3goinftitdnhn02mx01fgm97p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3goinftitdnhn02mx01fgm97p|03|com"; nocase; ) # 6smiszq6k1sv10vvidzgcz7c3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6smiszq6k1sv10vvidzgcz7c3|03|net"; nocase; ) # q8ntip1gvhgfu1hknqmc1r2p809.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q8ntip1gvhgfu1hknqmc1r2p809|03|biz"; nocase; ) # t0eupu99wxz1rz7a6n10o5h2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t0eupu99wxz1rz7a6n10o5h2|03|biz"; nocase; ) # 5j95ax1tg8eie12cj5um18cav15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5j95ax1tg8eie12cj5um18cav15|03|net"; nocase; ) # 1hx2p961izc1vz8blewc35xdxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hx2p961izc1vz8blewc35xdxi|03|biz"; nocase; ) # xt4gw0w5pcrhkanoen207u97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xt4gw0w5pcrhkanoen207u97|03|net"; nocase; ) # f1rro514v1nbnljwzqj1kpy12w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1rro514v1nbnljwzqj1kpy12w|03|org"; nocase; ) # 6q55dx142yhfwxn5aoy1hmumji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6q55dx142yhfwxn5aoy1hmumji|03|net"; nocase; ) # 1pmuth1tw387f10nbnspuqyult.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pmuth1tw387f10nbnspuqyult|03|biz"; nocase; ) # eqiehymcf88w1jk8lzp1uvz5s0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eqiehymcf88w1jk8lzp1uvz5s0|03|org"; nocase; ) # 1fj091alsakzun0mo4a97ivf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fj091alsakzun0mo4a97ivf|03|org"; nocase; ) # ru0ycb1nctajn4qv0yu1x7cknd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ru0ycb1nctajn4qv0yu1x7cknd|03|biz"; nocase; ) # 1xczx3a1f2pmd86ccq6s1co3wg3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xczx3a1f2pmd86ccq6s1co3wg3|03|org"; nocase; ) # 78hhvi1hq31x7nopsnlkf5xsu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|78hhvi1hq31x7nopsnlkf5xsu|03|com"; nocase; ) # l92gsvqq4x923el15z1q86emv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l92gsvqq4x923el15z1q86emv|03|com"; nocase; ) # 1r7h9sruxsrk011mi7wyweraw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r7h9sruxsrk011mi7wyweraw6|03|net"; nocase; ) # ndw4temaclmrm3jl6lfd5wy9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ndw4temaclmrm3jl6lfd5wy9|03|org"; nocase; ) # 1vj0qdp1slsygp1mjjqca1h8pxgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vj0qdp1slsygp1mjjqca1h8pxgt|03|net"; nocase; ) # kx2r1it51kgibih9c3kddmw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|kx2r1it51kgibih9c3kddmw|03|net"; nocase; ) # visso5k7noxo1ndim6y1eidkmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|visso5k7noxo1ndim6y1eidkmf|03|net"; nocase; ) # xw2oh6183mhh31mmz27g4mfnx2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xw2oh6183mhh31mmz27g4mfnx2|03|biz"; nocase; ) # 1hntez7l3vhy71v33ci3xzzbdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hntez7l3vhy71v33ci3xzzbdi|03|net"; nocase; ) # 10hriv21mbgdnw1f817blxxeyty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10hriv21mbgdnw1f817blxxeyty|03|net"; nocase; ) # 1jlknaa1elybwy187xkb41sqio5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jlknaa1elybwy187xkb41sqio5g|03|org"; nocase; ) # z58vsj1pl5ctlt9sw7xchrjny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z58vsj1pl5ctlt9sw7xchrjny|03|net"; nocase; ) # h2alve1diazce1ohacbn6u2se9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2alve1diazce1ohacbn6u2se9|03|com"; nocase; ) # f6886c1npqthx73w4szwcwa81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6886c1npqthx73w4szwcwa81|03|net"; nocase; ) # 2fx1ixfg3w6w1b4qp0g1uf6dnw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2fx1ixfg3w6w1b4qp0g1uf6dnw|03|com"; nocase; ) # aa99jq1hh7rcnkmucjj1638zzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aa99jq1hh7rcnkmucjj1638zzm|03|org"; nocase; ) # ycwgmg1vk077urko39v1mys4ca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycwgmg1vk077urko39v1mys4ca|03|net"; nocase; ) # 1jsml3v8qm1tnudm5ru1f592vl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jsml3v8qm1tnudm5ru1f592vl|03|biz"; nocase; ) # 162l9mb12pwmxyzrc9gzstrqhu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|162l9mb12pwmxyzrc9gzstrqhu|03|org"; nocase; ) # zi5l81vqfcr41pzq792fh6vkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zi5l81vqfcr41pzq792fh6vkn|03|com"; nocase; ) # 1fin6z01uxuqic11finhw14mq38r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fin6z01uxuqic11finhw14mq38r|03|net"; nocase; ) # 1nuv9g11wcr0jd1iekhz1oyh7ry.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nuv9g11wcr0jd1iekhz1oyh7ry|03|biz"; nocase; ) # p5264f1n3yruwhc551pogbi1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5264f1n3yruwhc551pogbi1d|03|com"; nocase; ) # tbn7r01fd14tw2n06jzbkxbjh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tbn7r01fd14tw2n06jzbkxbjh|03|biz"; nocase; ) # 571cha3922gy1pqdg0vg6q7t5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|571cha3922gy1pqdg0vg6q7t5|03|biz"; nocase; ) # 1nhhv2irhz4q21jlnv204wqspm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nhhv2irhz4q21jlnv204wqspm|03|org"; nocase; ) # 1m7qqbklygbpq1m0474sdequ6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7qqbklygbpq1m0474sdequ6o|03|net"; nocase; ) # s7g05u135pvx61tqag74163fhrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s7g05u135pvx61tqag74163fhrv|03|net"; nocase; ) # 1x5j5t4kmzdlxknlt4kwvrkmv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x5j5t4kmzdlxknlt4kwvrkmv|03|net"; nocase; ) # 1irc125zlt0s71tu8dda1umzmec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1irc125zlt0s71tu8dda1umzmec|03|net"; nocase; ) # 1bnw25l95ukuk1gy59xet46dp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bnw25l95ukuk1gy59xet46dp|03|com"; nocase; ) # 1e9jdzm1n1rj2f18lylqw1mkm74e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e9jdzm1n1rj2f18lylqw1mkm74e|03|net"; nocase; ) # gyqecj53knqz66uop61tmrsx7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gyqecj53knqz66uop61tmrsx7|03|net"; nocase; ) # 1hw09101t1jmpzpy7i0t1bmev0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hw09101t1jmpzpy7i0t1bmev0r|03|com"; nocase; ) # jr118w8lcyl81ag9v3814vpdks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jr118w8lcyl81ag9v3814vpdks|03|com"; nocase; ) # iwetnnhjr2k0bbuxut17qjrpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwetnnhjr2k0bbuxut17qjrpi|03|net"; nocase; ) # 1q4f9xt1geqyrc1ko4u3zsat9hp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4f9xt1geqyrc1ko4u3zsat9hp|03|net"; nocase; ) # 42bbiw1v8u495124bktb1rnfag3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|42bbiw1v8u495124bktb1rnfag3|03|org"; nocase; ) # ynh5s1w5gchp147c41s1x6az9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ynh5s1w5gchp147c41s1x6az9g|03|com"; nocase; ) # loglxs1meo5h63qgp8fcnaqjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|loglxs1meo5h63qgp8fcnaqjk|03|net"; nocase; ) # 7qwd16c9efcn1jk6smx1f91hpo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7qwd16c9efcn1jk6smx1f91hpo|03|biz"; nocase; ) # 1wnvcws1a8b6yv1vfoo7g1bej1pa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wnvcws1a8b6yv1vfoo7g1bej1pa|03|biz"; nocase; ) # egq7iz1sdu6ann39xvr1aolb4e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|egq7iz1sdu6ann39xvr1aolb4e|03|org"; nocase; ) # 1k3oupw1qm9tcovy6ewq5omdaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3oupw1qm9tcovy6ewq5omdaq|03|com"; nocase; ) # evzovgexc0w1bcqvk21y8skmc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|evzovgexc0w1bcqvk21y8skmc|03|net"; nocase; ) # 8maoip1hxzlx91vn90ny9v53pw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8maoip1hxzlx91vn90ny9v53pw|03|org"; nocase; ) # lfbbfw118dtqharrqrp130gacd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lfbbfw118dtqharrqrp130gacd|03|org"; nocase; ) # 171efup3hnzel6vka0d1fhk8y2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|171efup3hnzel6vka0d1fhk8y2|03|com"; nocase; ) # 6uptrym4gmwh18mj1ne1kjj2dl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6uptrym4gmwh18mj1ne1kjj2dl|03|org"; nocase; ) # krhobr1qq5bou1aemujze16rmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|krhobr1qq5bou1aemujze16rmj|03|net"; nocase; ) # ee6fhr1d2ntau1lesudx2m8nfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ee6fhr1d2ntau1lesudx2m8nfe|03|net"; nocase; ) # 1kwj3y15wmmoo1ems0w711lhk9c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kwj3y15wmmoo1ems0w711lhk9c|03|org"; nocase; ) # f9kqpy6ekda9xw884z1jnwr67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f9kqpy6ekda9xw884z1jnwr67|03|org"; nocase; ) # 1gk04fac3vyja111qt7v90ti9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gk04fac3vyja111qt7v90ti9r|03|com"; nocase; ) # 1ucrqp81ep31ao82xs731sio83v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ucrqp81ep31ao82xs731sio83v|03|biz"; nocase; ) # n5pp9g5paog11dpgezac7mhl8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5pp9g5paog11dpgezac7mhl8|03|net"; nocase; ) # 1bhisv61tnlpp6uetg9d1xxlwqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bhisv61tnlpp6uetg9d1xxlwqw|03|org"; nocase; ) # 19c828g1djlzty1o2y19b973htm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19c828g1djlzty1o2y19b973htm|03|com"; nocase; ) # h2id0t1fi2s5zgwdpl712sbc6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2id0t1fi2s5zgwdpl712sbc6h|03|net"; nocase; ) # zjcwqnp9kuvvi07yv7a28rvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zjcwqnp9kuvvi07yv7a28rvc|03|biz"; nocase; ) # 1x8gzr4ylsagu1ng8g1k4ykcyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8gzr4ylsagu1ng8g1k4ykcyv|03|net"; nocase; ) # 1j735wx174qpxe1364a971b0wx38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j735wx174qpxe1364a971b0wx38|03|com"; nocase; ) # 1nbmq7cm0t111119ph6c1yro5s0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nbmq7cm0t111119ph6c1yro5s0|03|biz"; nocase; ) # 1oe3br97qaaxyfd7z1kev7wlb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oe3br97qaaxyfd7z1kev7wlb|03|net"; nocase; ) # 1k2szv2hr3gar21cppyacdrax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k2szv2hr3gar21cppyacdrax|03|com"; nocase; ) # yxy9gj1rpfo2fqy954h1a28460.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yxy9gj1rpfo2fqy954h1a28460|03|com"; nocase; ) # owo25q1fodk5k794j9s16ajvhg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|owo25q1fodk5k794j9s16ajvhg|03|org"; nocase; ) # e86by1psd2y54r1qda1dxlh0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e86by1psd2y54r1qda1dxlh0l|03|com"; nocase; ) # 1pkmw5mlc8fmkn5v47o17oyv9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pkmw5mlc8fmkn5v47o17oyv9o|03|net"; nocase; ) # 1cnctfq13mnfz31gifhc5a4pun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cnctfq13mnfz31gifhc5a4pun|03|com"; nocase; ) # 1abhs5r1sz9qh4y77km21f8kiyl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1abhs5r1sz9qh4y77km21f8kiyl|03|com"; nocase; ) # 1fnly8355uxi10bgq3jlxlbw1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fnly8355uxi10bgq3jlxlbw1|03|biz"; nocase; ) # 177wv6tlf6oc31qlxa1l1m3htgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|177wv6tlf6oc31qlxa1l1m3htgu|03|org"; nocase; ) # id6m08mxm550q0vgk8zkmn9h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|id6m08mxm550q0vgk8zkmn9h|03|org"; nocase; ) # xwepeis4guh8u3cdofpw0wfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xwepeis4guh8u3cdofpw0wfl|03|net"; nocase; ) # 3t10uerqr495dsws27if6wgd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3t10uerqr495dsws27if6wgd|03|biz"; nocase; ) # vhj1m1vtctrd4j4r5q1qmfl1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vhj1m1vtctrd4j4r5q1qmfl1|03|org"; nocase; ) # 1ey6enw1vmh6l81a6cw9u1ybza72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ey6enw1vmh6l81a6cw9u1ybza72|03|org"; nocase; ) # 1gvkd9ndvfz5ekl1logk6n014.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gvkd9ndvfz5ekl1logk6n014|03|org"; nocase; ) # hw4io9szdtdvsih0pl1yd83xn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hw4io9szdtdvsih0pl1yd83xn|03|org"; nocase; ) # hqlmee1nvcn1s1ox9eve11nq9yb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hqlmee1nvcn1s1ox9eve11nq9yb|03|biz"; nocase; ) # 1n9kf80cisry74xe20svgfv4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n9kf80cisry74xe20svgfv4x|03|org"; nocase; ) # 1482rvc1pvduq5ufxb6f1q6vbev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1482rvc1pvduq5ufxb6f1q6vbev|03|com"; nocase; ) # 17nsfcfkoz9271cee70g16td1wv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17nsfcfkoz9271cee70g16td1wv|03|org"; nocase; ) # go6eop1j2hhkq1r4twmk1f93dz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|go6eop1j2hhkq1r4twmk1f93dz6|03|net"; nocase; ) # cdz8xc77ijam1ymo20v10u7k5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cdz8xc77ijam1ymo20v10u7k5w|03|com"; nocase; ) # jc7r30tladwcb19unt18lvqj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jc7r30tladwcb19unt18lvqj7|03|net"; nocase; ) # y5xvus1624yfx9gym7x7702n7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y5xvus1624yfx9gym7x7702n7|03|org"; nocase; ) # o3gwzh19f033oe59fmf1wffx9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o3gwzh19f033oe59fmf1wffx9v|03|net"; nocase; ) # 1p86gyz1bev1ua1qrfuv6pfp21c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p86gyz1bev1ua1qrfuv6pfp21c|03|net"; nocase; ) # 15ipgc4scv1r6ib3f8uordx28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15ipgc4scv1r6ib3f8uordx28|03|net"; nocase; ) # rvoamoqougns117bbzxh7v3m9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rvoamoqougns117bbzxh7v3m9|03|biz"; nocase; ) # 1kpc5ob1979cpw1gy0w9kfph4gt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kpc5ob1979cpw1gy0w9kfph4gt|03|org"; nocase; ) # 1rp9yji87hpdw1d24h3b1j3m8hw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rp9yji87hpdw1d24h3b1j3m8hw|03|com"; nocase; ) # p3i9vc1sfjvg61kb57mc15gmrqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p3i9vc1sfjvg61kb57mc15gmrqq|03|org"; nocase; ) # 10fsb071k9qs2c1dnlnj3np1i5z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10fsb071k9qs2c1dnlnj3np1i5z|03|biz"; nocase; ) # 1atswg9zrfxympgztjogshgs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1atswg9zrfxympgztjogshgs|03|biz"; nocase; ) # 119tw58m3yor31pccd44115s2rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|119tw58m3yor31pccd44115s2rz|03|com"; nocase; ) # ho2hhz1k45ueh1tknqvu14r1prt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ho2hhz1k45ueh1tknqvu14r1prt|03|com"; nocase; ) # 5gu1ika6yel31xb10qa1j1eg3r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5gu1ika6yel31xb10qa1j1eg3r|03|biz"; nocase; ) # 1ynvbmbocr85l1iajs321dcibas.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ynvbmbocr85l1iajs321dcibas|03|biz"; nocase; ) # 1wvd1rz1l2qmiad6tqxwbekmw0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvd1rz1l2qmiad6tqxwbekmw0|03|org"; nocase; ) # 18tj1361q21owuw7a11h1yoy1cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tj1361q21owuw7a11h1yoy1cj|03|net"; nocase; ) # ucng971qxsi1sggz152s54mq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ucng971qxsi1sggz152s54mq|03|org"; nocase; ) # 97ma1vb2jqsq1eq63j81dowcg0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|97ma1vb2jqsq1eq63j81dowcg0|03|org"; nocase; ) # bcpj1v15ld89o17ioqb8h1jo8t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcpj1v15ld89o17ioqb8h1jo8t|03|com"; nocase; ) # 1jouz1p1stf27e10f3jzj3t2vn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jouz1p1stf27e10f3jzj3t2vn|03|biz"; nocase; ) # knq8089uuqs11w9ytn6x9zyi6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|knq8089uuqs11w9ytn6x9zyi6|03|org"; nocase; ) # 15ol8q5t2fvdw1rq985hlxfci4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ol8q5t2fvdw1rq985hlxfci4|03|net"; nocase; ) # 1oj8y2bsocq5e1cmww8a8863bb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oj8y2bsocq5e1cmww8a8863bb|03|org"; nocase; ) # 9jy75q17xhkwe1j5ud02zhi3hq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9jy75q17xhkwe1j5ud02zhi3hq|03|net"; nocase; ) # p9ghfnum1bbokycn88bxzk7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p9ghfnum1bbokycn88bxzk7w|03|org"; nocase; ) # 1bfb400gihbkseqm98a17s3x7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfb400gihbkseqm98a17s3x7x|03|org"; nocase; ) # 17txsf110gr1he1fzpfui1w8elgn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17txsf110gr1he1fzpfui1w8elgn|03|biz"; nocase; ) # 5dden0noa4ad9f9n691v5puhg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5dden0noa4ad9f9n691v5puhg|03|org"; nocase; ) # yclw1z1bpt93nezuh6k1oj36cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yclw1z1bpt93nezuh6k1oj36cj|03|net"; nocase; ) # 1k0qsqq1h3a0xz10ycbvd7y16ty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k0qsqq1h3a0xz10ycbvd7y16ty|03|biz"; nocase; ) # 1x5a1ol61p20zzsu8609pidtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x5a1ol61p20zzsu8609pidtj|03|net"; nocase; ) # 1pdxylf8em9sq12mnlyv9es7zp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pdxylf8em9sq12mnlyv9es7zp|03|net"; nocase; ) # 1cs747i1uu4ztq2046ja14phlr8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cs747i1uu4ztq2046ja14phlr8|03|biz"; nocase; ) # 16mraqz177phimubvko0nzvp5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16mraqz177phimubvko0nzvp5p|03|org"; nocase; ) # 1qdwp361hb7mgar7t0gz1l2pt83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdwp361hb7mgar7t0gz1l2pt83|03|org"; nocase; ) # g9dhmh10ygzs4g9ij2h1mupbo7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g9dhmh10ygzs4g9ij2h1mupbo7|03|biz"; nocase; ) # ajrzpd1jxp8vn1kuilerh8b149.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajrzpd1jxp8vn1kuilerh8b149|03|net"; nocase; ) # karsjh1jpy1cjqru8z41r97ulz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|karsjh1jpy1cjqru8z41r97ulz|03|net"; nocase; ) # 1dwqpyegm5pq01oglxou1juj2bh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dwqpyegm5pq01oglxou1juj2bh|03|biz"; nocase; ) # iaa3a415xmn7qy3wcs9sawefy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iaa3a415xmn7qy3wcs9sawefy|03|net"; nocase; ) # 1jn0jla1846zvyhvw5921r2bnk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jn0jla1846zvyhvw5921r2bnk1|03|net"; nocase; ) # ky3v6j1dy261z1605zes7natl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ky3v6j1dy261z1605zes7natl3|03|org"; nocase; ) # 1d4ppxmrq9hhg13snj0119t9fb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4ppxmrq9hhg13snj0119t9fb|03|net"; nocase; ) # n4l5p8iw2qdq13ehnmz88qm7h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n4l5p8iw2qdq13ehnmz88qm7h|03|biz"; nocase; ) # 1vqgnj71v09akkd27iyf1katvw8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqgnj71v09akkd27iyf1katvw8|03|com"; nocase; ) # 1pc10xhzt6k1lb7x3sodmr2ti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pc10xhzt6k1lb7x3sodmr2ti|03|org"; nocase; ) # 1axv7wc1o1a7m8w2iwizt1s2wb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1axv7wc1o1a7m8w2iwizt1s2wb|03|org"; nocase; ) # 1q5ux55lyb8zc1sz9o691gqbu46.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q5ux55lyb8zc1sz9o691gqbu46|03|net"; nocase; ) # 1u6yl0sw3kiehra1q5s9jinld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u6yl0sw3kiehra1q5s9jinld|03|com"; nocase; ) # 1ln5jq9lg1pjo19r6un216r4nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ln5jq9lg1pjo19r6un216r4nf|03|com"; nocase; ) # huirls19hdb9b4yrk1d1sg551j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|huirls19hdb9b4yrk1d1sg551j|03|biz"; nocase; ) # 1bc8zb417zkyhn1309t201jt7ea6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bc8zb417zkyhn1309t201jt7ea6|03|org"; nocase; ) # 1k5a78pij5q4a4zjfudu8d5ok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k5a78pij5q4a4zjfudu8d5ok|03|com"; nocase; ) # 15ejhte11vguqn143ks0710hpwuv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15ejhte11vguqn143ks0710hpwuv|03|org"; nocase; ) # lw24j6hhigio1swjkzg1bxlh2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lw24j6hhigio1swjkzg1bxlh2s|03|com"; nocase; ) # 1r8z4qx1sikbmcfr92aywlsc7b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8z4qx1sikbmcfr92aywlsc7b|03|org"; nocase; ) # 12gdtx41r6vcj5crf1731skixvt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12gdtx41r6vcj5crf1731skixvt|03|biz"; nocase; ) # 1pot06t1wmnprmeuvzk4cxqr8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pot06t1wmnprmeuvzk4cxqr8m|03|com"; nocase; ) # 14t1izh3xmu71q1irbdnf8inw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14t1izh3xmu71q1irbdnf8inw|03|org"; nocase; ) # z4se381nfg1dkddpy8vwroz8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4se381nfg1dkddpy8vwroz8v|03|net"; nocase; ) # ug1vhh1b833ki1yquyw11qpke39.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ug1vhh1b833ki1yquyw11qpke39|03|org"; nocase; ) # 1lwlvny1mgjnmw14yplhpz07rp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lwlvny1mgjnmw14yplhpz07rp4|03|net"; nocase; ) # 1trc4nn19maqk01r4tqdjosr671.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1trc4nn19maqk01r4tqdjosr671|03|org"; nocase; ) # 127zfrp3l3hxe1l1901y1dm1dhf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|127zfrp3l3hxe1l1901y1dm1dhf|03|biz"; nocase; ) # luh75r49y0ba1n8cy0wv5fjyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|luh75r49y0ba1n8cy0wv5fjyd|03|com"; nocase; ) # 1tiufqvuawgft1bde1ssx6zvs6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tiufqvuawgft1bde1ssx6zvs6|03|net"; nocase; ) # p012rw1h1intq1pr97rw1dgci8r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p012rw1h1intq1pr97rw1dgci8r|03|org"; nocase; ) # h8l5z6ezp0owpb2xy0hx32e8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h8l5z6ezp0owpb2xy0hx32e8|03|com"; nocase; ) # 1b91rkhy7luta1tzqmv92ar0uh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b91rkhy7luta1tzqmv92ar0uh|03|org"; nocase; ) # ermcbb1sp3a5s2whoh71q2xwnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ermcbb1sp3a5s2whoh71q2xwnb|03|biz"; nocase; ) # f4kgf912ur41ctjk2sa19yxiff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f4kgf912ur41ctjk2sa19yxiff|03|net"; nocase; ) # qx8fmf1bw70u84vvu891m5pm7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qx8fmf1bw70u84vvu891m5pm7|03|org"; nocase; ) # mnvyne1lfjat4152pvc11vbs097.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mnvyne1lfjat4152pvc11vbs097|03|org"; nocase; ) # ddwgve160b2iy1amnyi14ysjee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ddwgve160b2iy1amnyi14ysjee|03|net"; nocase; ) # 1y4tb9aypphhs1npzpu01tqugaf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4tb9aypphhs1npzpu01tqugaf|03|net"; nocase; ) # h3nlut9nspy0eegmvl1knzz6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3nlut9nspy0eegmvl1knzz6p|03|com"; nocase; ) # 78dciudqu5wr1oim3sq13vaidm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|78dciudqu5wr1oim3sq13vaidm|03|net"; nocase; ) # hcdqui1kf31ku1uc19b0eukmo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hcdqui1kf31ku1uc19b0eukmo|03|org"; nocase; ) # pyx12h12hxnqq1vnjuia8mk5t1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pyx12h12hxnqq1vnjuia8mk5t1|03|net"; nocase; ) # 1iyuunn1v5t5vc1lhotcukzo597.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iyuunn1v5t5vc1lhotcukzo597|03|com"; nocase; ) # ve2oah19hvcj71ide8teeje7zn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ve2oah19hvcj71ide8teeje7zn|03|net"; nocase; ) # opk85lvnxwnxd9kf801cucr0e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|opk85lvnxwnxd9kf801cucr0e|03|biz"; nocase; ) # 12mxzkg15h5no91pp1che16fxrc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12mxzkg15h5no91pp1che16fxrc6|03|com"; nocase; ) # df2gdw16pclac1r30plu10yo10k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|df2gdw16pclac1r30plu10yo10k|03|net"; nocase; ) # 8bx0efstgpvfh9iibf10jysx0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8bx0efstgpvfh9iibf10jysx0|03|org"; nocase; ) # 9hgvnm1q3f2lz1otwcsc15ynz99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9hgvnm1q3f2lz1otwcsc15ynz99|03|net"; nocase; ) # 7xwo7t148bpzsf02j8z1sp43zt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7xwo7t148bpzsf02j8z1sp43zt|03|net"; nocase; ) # 1fnp41jh1u075egididlr1r44.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fnp41jh1u075egididlr1r44|03|net"; nocase; ) # 3xizk683vc481x6jhkt1tu7fw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3xizk683vc481x6jhkt1tu7fw|03|org"; nocase; ) # cdjvs31fmxwrt1deld3111fiex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cdjvs31fmxwrt1deld3111fiex|03|net"; nocase; ) # 1eckhlq1pspr7w1wk3qvm1qt3d6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eckhlq1pspr7w1wk3qvm1qt3d6h|03|org"; nocase; ) # 1v4aat01o8oo2k1shbq3weksdzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4aat01o8oo2k1shbq3weksdzm|03|com"; nocase; ) # zkosgu1skcmriz8nu45tdf5nq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zkosgu1skcmriz8nu45tdf5nq|03|biz"; nocase; ) # db0zm8rr7fjbc2rrqmaz3mm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|db0zm8rr7fjbc2rrqmaz3mm9|03|net"; nocase; ) # cj7fb6i4v0bm1aobxkz1g84d0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cj7fb6i4v0bm1aobxkz1g84d0q|03|biz"; nocase; ) # 1k923h8qxaax712wvfzc1v6fz6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k923h8qxaax712wvfzc1v6fz6z|03|net"; nocase; ) # 3ndfzonnlobp92ul21tvyvjj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ndfzonnlobp92ul21tvyvjj|03|net"; nocase; ) # 1wlbvmgnnrciw1l84es61phh8hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wlbvmgnnrciw1l84es61phh8hr|03|net"; nocase; ) # 1a0lkns1t8ws8l1uucled1gqlcj2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a0lkns1t8ws8l1uucled1gqlcj2|03|org"; nocase; ) # 1nox6hi8gvp1o13k9zdia6pivp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nox6hi8gvp1o13k9zdia6pivp|03|biz"; nocase; ) # pmkccjar67ibfmc8li120zyhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pmkccjar67ibfmc8li120zyhm|03|com"; nocase; ) # d308s2l9men6jd2bcv18m67gm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d308s2l9men6jd2bcv18m67gm|03|biz"; nocase; ) # 1hep8jybsmpxkgg53ek867s63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hep8jybsmpxkgg53ek867s63|03|org"; nocase; ) # 1oggaww1kor1wk4ed7tu1w05gp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oggaww1kor1wk4ed7tu1w05gp7|03|net"; nocase; ) # 1oy8j0a18tokq41xo5ymtbpdukv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oy8j0a18tokq41xo5ymtbpdukv|03|com"; nocase; ) # wr8i9r1bu99cpnihvcmogchy9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wr8i9r1bu99cpnihvcmogchy9|03|net"; nocase; ) # 1ogv6scnomcus1mr5ms91al3tou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ogv6scnomcus1mr5ms91al3tou|03|com"; nocase; ) # 1odoaj8biq0ty8qy74hnwxeje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1odoaj8biq0ty8qy74hnwxeje|03|org"; nocase; ) # 1y5hnn1yeujq2m00ixty046n6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y5hnn1yeujq2m00ixty046n6|03|net"; nocase; ) # 5ff0c911ed65y824w7nsl1uf3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ff0c911ed65y824w7nsl1uf3|03|net"; nocase; ) # eykivypphopj3so2921yndyrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eykivypphopj3so2921yndyrd|03|org"; nocase; ) # 1kzofr614vkxfv4cf7mf7plnt6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kzofr614vkxfv4cf7mf7plnt6|03|com"; nocase; ) # j7qqy71xuafzx156unc61hd3iar.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j7qqy71xuafzx156unc61hd3iar|03|biz"; nocase; ) # 1u9k1nrsxf4wir83l9fi841yo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9k1nrsxf4wir83l9fi841yo|03|org"; nocase; ) # 16vy33f1rtu1ay1n2xzkk2f28js.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16vy33f1rtu1ay1n2xzkk2f28js|03|net"; nocase; ) # 5lhu6j1bt8hdoxwkmctsgc0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5lhu6j1bt8hdoxwkmctsgc0m|03|net"; nocase; ) # qp800m1dcvea511m7n6arn7yby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qp800m1dcvea511m7n6arn7yby|03|org"; nocase; ) # l92a5o15fex816taq8qbx5npq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l92a5o15fex816taq8qbx5npq|03|com"; nocase; ) # 15oqeou2j7h3k15wzqzo1hhftsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15oqeou2j7h3k15wzqzo1hhftsz|03|org"; nocase; ) # sf77e0mqnq3coxcjal1gzrd37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sf77e0mqnq3coxcjal1gzrd37|03|net"; nocase; ) # uvvin2toh3drz1cvpq10rru1y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvvin2toh3drz1cvpq10rru1y|03|biz"; nocase; ) # 1jtsieeygs9xe1uzgaz015tg5ov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtsieeygs9xe1uzgaz015tg5ov|03|org"; nocase; ) # yic7biu50n5o1xd3amp79x6bb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yic7biu50n5o1xd3amp79x6bb|03|com"; nocase; ) # xvurz0o2db7p1k46nj9vyzqu1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvurz0o2db7p1k46nj9vyzqu1|03|biz"; nocase; ) # 1kjpklzcdwolb2idyc31ago53.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kjpklzcdwolb2idyc31ago53|03|com"; nocase; ) # 6ajhx7182a0dx1n3p0hqvb4niz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ajhx7182a0dx1n3p0hqvb4niz|03|org"; nocase; ) # eu8stn1jau9z2w6ax4x178kkxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eu8stn1jau9z2w6ax4x178kkxv|03|net"; nocase; ) # q4rm6m1ic2k1a18n4irp1xdzqpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q4rm6m1ic2k1a18n4irp1xdzqpa|03|biz"; nocase; ) # lsmnvhu5z4fg1m6mf8q19ga72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lsmnvhu5z4fg1m6mf8q19ga72|03|net"; nocase; ) # h4mre6rychpbp1hwgiaxvvaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h4mre6rychpbp1hwgiaxvvaq|03|com"; nocase; ) # 2imelvdmhpushkjbrs1i0qd3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2imelvdmhpushkjbrs1i0qd3l|03|net"; nocase; ) # izxnhp1a0n7zpivernybcllma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|izxnhp1a0n7zpivernybcllma|03|net"; nocase; ) # sc86zk1sz4jmkikm6ic139slqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sc86zk1sz4jmkikm6ic139slqo|03|org"; nocase; ) # lpneda1j1oftb6bf10l14ifbmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lpneda1j1oftb6bf10l14ifbmd|03|org"; nocase; ) # bb7ohwecxm7x1so8nd8x13cif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bb7ohwecxm7x1so8nd8x13cif|03|biz"; nocase; ) # udiafacm23jyyobeeg3mx79s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|udiafacm23jyyobeeg3mx79s|03|net"; nocase; ) # w0nhyc11uo8do9vnvk6yq9sw4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w0nhyc11uo8do9vnvk6yq9sw4|03|com"; nocase; ) # h74hih152maxx16ox5jjf3zfmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h74hih152maxx16ox5jjf3zfmp|03|net"; nocase; ) # 1bgnw1z7h2pcgnv9ve9v2v7jh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bgnw1z7h2pcgnv9ve9v2v7jh|03|org"; nocase; ) # 5j0ztqui5yqi1spes7ox0wgi0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5j0ztqui5yqi1spes7ox0wgi0|03|org"; nocase; ) # c4ayzp1pvewkex2pvp1osh3xp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4ayzp1pvewkex2pvp1osh3xp|03|net"; nocase; ) # 1l68umbq6qycitb19w01m3apuk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l68umbq6qycitb19w01m3apuk|03|org"; nocase; ) # 1ht0zj9er8jx512xk6qk1jpi4w6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ht0zj9er8jx512xk6qk1jpi4w6|03|net"; nocase; ) # 5btphjdes7wd1nh4i0g1es0nvs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5btphjdes7wd1nh4i0g1es0nvs|03|net"; nocase; ) # 1qpiula1i5mebz1mtw61zzv3po8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qpiula1i5mebz1mtw61zzv3po8|03|biz"; nocase; ) # 12k0yfnt4i57c1p1btj49ya1ia.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12k0yfnt4i57c1p1btj49ya1ia|03|biz"; nocase; ) # 14j3sd61rd3dhz25dwxniwyu8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14j3sd61rd3dhz25dwxniwyu8h|03|net"; nocase; ) # 1pmi5zz1bcisai12tqwwl6ao159.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pmi5zz1bcisai12tqwwl6ao159|03|org"; nocase; ) # 1wynoen1wwa44v1k3t8battof4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wynoen1wwa44v1k3t8battof4u|03|biz"; nocase; ) # 16m9xig5kb49hg048yw12yf02y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16m9xig5kb49hg048yw12yf02y|03|com"; nocase; ) # jsvfbubivec61nvh12f1nlcwr3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jsvfbubivec61nvh12f1nlcwr3|03|net"; nocase; ) # ubhlx5h0gnta95xr5q12fca9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ubhlx5h0gnta95xr5q12fca9y|03|org"; nocase; ) # 6p7l1nne0ufk1c2vz2n1ta0489.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6p7l1nne0ufk1c2vz2n1ta0489|03|com"; nocase; ) # 74bp3yp3h8306ebz1vw1uwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|74bp3yp3h8306ebz1vw1uwo|03|biz"; nocase; ) # fjcvbp10qz3bejcgvkn1rz5zqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjcvbp10qz3bejcgvkn1rz5zqk|03|net"; nocase; ) # 1hgzm1xyvq9dy1dbfzlsiw14nb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hgzm1xyvq9dy1dbfzlsiw14nb|03|com"; nocase; ) # u4smll1srelswooe8qtixm5ze.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u4smll1srelswooe8qtixm5ze|03|net"; nocase; ) # 12p6rr619ytgs1m1vswonhrdlm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12p6rr619ytgs1m1vswonhrdlm|03|net"; nocase; ) # 1yriq4919xocv2iqvd5endw0dk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yriq4919xocv2iqvd5endw0dk|03|org"; nocase; ) # 1cvtkol1jhr2tn9d8ueose1qvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cvtkol1jhr2tn9d8ueose1qvz|03|com"; nocase; ) # 1kunose14vdkueciuqox3x4kcf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kunose14vdkueciuqox3x4kcf|03|net"; nocase; ) # 1fyewcrrc9dbq18is1x71rq94ys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fyewcrrc9dbq18is1x71rq94ys|03|org"; nocase; ) # q4p3xz713sbhgtidahhywxg6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q4p3xz713sbhgtidahhywxg6|03|org"; nocase; ) # 1sb4ufa11c6fd8odow81lfc9rl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sb4ufa11c6fd8odow81lfc9rl|03|biz"; nocase; ) # e57tqx1722hzzd8llu0s3oj9a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e57tqx1722hzzd8llu0s3oj9a|03|biz"; nocase; ) # nc1wwoc2mi4kmd57tj1fc9pgl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nc1wwoc2mi4kmd57tj1fc9pgl|03|net"; nocase; ) # 1xlvzxbbre44o1cxdkvr16xyu7j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xlvzxbbre44o1cxdkvr16xyu7j|03|biz"; nocase; ) # 1du6mps10dojzt1nq1lm0qhrqtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1du6mps10dojzt1nq1lm0qhrqtl|03|com"; nocase; ) # 1pfe218dit2f02yx5aeh330.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1pfe218dit2f02yx5aeh330|03|net"; nocase; ) # 1qabmhq9ife63c3n0ltfcl751.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qabmhq9ife63c3n0ltfcl751|03|org"; nocase; ) # 18p6esk10siajtmjuzlqlg607m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18p6esk10siajtmjuzlqlg607m|03|net"; nocase; ) # 1xvm8vesnj9181nucn4jhgoznr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xvm8vesnj9181nucn4jhgoznr|03|com"; nocase; ) # gqfl0317f3lxo1c56k744brhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqfl0317f3lxo1c56k744brhr|03|com"; nocase; ) # 136amfde3qmez1c6axwi414xs2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136amfde3qmez1c6axwi414xs2|03|org"; nocase; ) # 1qb9nfc1s6ntvqfso67p13c74e2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qb9nfc1s6ntvqfso67p13c74e2|03|com"; nocase; ) # 8dfnlp1deuhdzg41g0j1fa6g7y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8dfnlp1deuhdzg41g0j1fa6g7y|03|com"; nocase; ) # 89ri7o6bcern1ytc5r5pux6dx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89ri7o6bcern1ytc5r5pux6dx|03|net"; nocase; ) # j9171x77s5go1wns18q1frzhix.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9171x77s5go1wns18q1frzhix|03|org"; nocase; ) # 18a4n0k1bx3kfyn8ngqk1n0moxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18a4n0k1bx3kfyn8ngqk1n0moxq|03|biz"; nocase; ) # 1dp0090cc9x4u1msrrhc15i1l43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dp0090cc9x4u1msrrhc15i1l43|03|net"; nocase; ) # xbg4owkmml0q1huv924265pss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xbg4owkmml0q1huv924265pss|03|net"; nocase; ) # qsftwf0n3hu43740b3zcx5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qsftwf0n3hu43740b3zcx5z|03|org"; nocase; ) # 1up3htfpepsbjfvg71t6gcqyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1up3htfpepsbjfvg71t6gcqyy|03|net"; nocase; ) # 8g5w3ip3trg1yp2xry1811rl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8g5w3ip3trg1yp2xry1811rl|03|org"; nocase; ) # tj35a81hzpe3id91pdm1vx503h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tj35a81hzpe3id91pdm1vx503h|03|com"; nocase; ) # 13e1fy5igabpe9mfsuantepkh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13e1fy5igabpe9mfsuantepkh|03|net"; nocase; ) # xzrh1n18894ux12ataequhuoh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xzrh1n18894ux12ataequhuoh6|03|net"; nocase; ) # 152hztk12eedbg1bo8aiv1bdqost.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|152hztk12eedbg1bo8aiv1bdqost|03|biz"; nocase; ) # 1qwl504nnnk6ncjwf4w10arq2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qwl504nnnk6ncjwf4w10arq2h|03|org"; nocase; ) # 1hiwrcj10q3g7m1ypdutpns2s4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hiwrcj10q3g7m1ypdutpns2s4n|03|com"; nocase; ) # e2xdim1snjesa1ke9gas7mzg6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e2xdim1snjesa1ke9gas7mzg6g|03|com"; nocase; ) # tlz80r1i0iaumn37ep51k7ksbo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tlz80r1i0iaumn37ep51k7ksbo|03|net"; nocase; ) # 1sho1le1b7haab1u2qo8u1lwx0zu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sho1le1b7haab1u2qo8u1lwx0zu|03|biz"; nocase; ) # ahtnl62rvfew162tzmyxrzlh8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ahtnl62rvfew162tzmyxrzlh8|03|com"; nocase; ) # 1hxilok1q22un3z5elxamx6387.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hxilok1q22un3z5elxamx6387|03|net"; nocase; ) # 18mk103aukzjkh56iea1cy2vlg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18mk103aukzjkh56iea1cy2vlg|03|com"; nocase; ) # vmwe381rgwzi4fdcgrw1ioyn5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vmwe381rgwzi4fdcgrw1ioyn5g|03|org"; nocase; ) # 1qti6go1ymkgj21pe5hpb1axstwd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qti6go1ymkgj21pe5hpb1axstwd|03|biz"; nocase; ) # q0k3zm10ifieq27jvjm1x2a0cj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q0k3zm10ifieq27jvjm1x2a0cj|03|biz"; nocase; ) # jrygrz1iu9lha1ye60xu9joxsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jrygrz1iu9lha1ye60xu9joxsi|03|net"; nocase; ) # 1wbbum0e91cttmdp9al1havmhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbbum0e91cttmdp9al1havmhc|03|com"; nocase; ) # 1lmtw7ydurqo71gokjvi1w9514f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lmtw7ydurqo71gokjvi1w9514f|03|com"; nocase; ) # 17qr7croaqyy5b9v30v1tylxih.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17qr7croaqyy5b9v30v1tylxih|03|org"; nocase; ) # zknh6bnfdj2z1sieiutu8m9zv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zknh6bnfdj2z1sieiutu8m9zv|03|net"; nocase; ) # 1ch6ux7jb9oabym2z4eywn3ap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ch6ux7jb9oabym2z4eywn3ap|03|org"; nocase; ) # iffi2blmkh3c1rwj688t2etsg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iffi2blmkh3c1rwj688t2etsg|03|com"; nocase; ) # bykv3523822wrpmzq21fojpz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bykv3523822wrpmzq21fojpz3|03|org"; nocase; ) # 1f0cnrg1wd0i7o15ymo8u1ez4j0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f0cnrg1wd0i7o15ymo8u1ez4j0s|03|net"; nocase; ) # 88r9363qe49v16j1i6i5u763b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88r9363qe49v16j1i6i5u763b|03|org"; nocase; ) # 1sn4dbc1v0pij3dauh2dk4l8sv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sn4dbc1v0pij3dauh2dk4l8sv|03|com"; nocase; ) # 1uugoxi1ykse8u1dpqmm9ng5f3f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uugoxi1ykse8u1dpqmm9ng5f3f|03|org"; nocase; ) # 12srjtcagwbp61y0kjhh1rx20a9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12srjtcagwbp61y0kjhh1rx20a9|03|net"; nocase; ) # glutk9l831sw1dq0591hwkjck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glutk9l831sw1dq0591hwkjck|03|com"; nocase; ) # w9xnw0x5adv2190f1mh1mmqm3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w9xnw0x5adv2190f1mh1mmqm3y|03|net"; nocase; ) # gg8jnh175a1r7vdtt031ihlwgm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gg8jnh175a1r7vdtt031ihlwgm|03|org"; nocase; ) # 26r6swzw7r151u19sgz1kjnjud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|26r6swzw7r151u19sgz1kjnjud|03|net"; nocase; ) # 1893fbf1cijrwe1s88ffegrngk2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1893fbf1cijrwe1s88ffegrngk2|03|org"; nocase; ) # 1em31ec3enpie9q5xvicmua5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1em31ec3enpie9q5xvicmua5i|03|biz"; nocase; ) # 5f3ago1exedp71icubqu1fr3fe3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5f3ago1exedp71icubqu1fr3fe3|03|net"; nocase; ) # 1kowdipe2u3awmzrvh61ectdj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kowdipe2u3awmzrvh61ectdj8|03|com"; nocase; ) # ufvb921t4nybj14qf3nr95jio7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ufvb921t4nybj14qf3nr95jio7|03|org"; nocase; ) # 1iqyx3k1filgju2i7zsu68m3fd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iqyx3k1filgju2i7zsu68m3fd|03|org"; nocase; ) # 9rsvo01c2w75m1evxfj0brva73.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9rsvo01c2w75m1evxfj0brva73|03|com"; nocase; ) # 1tpdysn1uxl25b1ck5uawze8cgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tpdysn1uxl25b1ck5uawze8cgu|03|org"; nocase; ) # 1ye2yva1yk21ergjycks1iwpsvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ye2yva1yk21ergjycks1iwpsvk|03|net"; nocase; ) # zy8prskl8av51r5zl51ytsl7n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zy8prskl8av51r5zl51ytsl7n|03|biz"; nocase; ) # 15cafvj13jhufs1ok6gme1trvlqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15cafvj13jhufs1ok6gme1trvlqx|03|biz"; nocase; ) # w4ur6jbburh5ti53tl1c5yh58.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w4ur6jbburh5ti53tl1c5yh58|03|biz"; nocase; ) # 1ntg2zg1pp61tq1a70czu1vp3zba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ntg2zg1pp61tq1a70czu1vp3zba|03|org"; nocase; ) # 17adusm5h0eb15y0oum1tj1spz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17adusm5h0eb15y0oum1tj1spz|03|net"; nocase; ) # kzf20l1oh07ro1aoo7rgmpkrpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kzf20l1oh07ro1aoo7rgmpkrpn|03|biz"; nocase; ) # 119utyk1o46aj41gapfu4z7qauy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|119utyk1o46aj41gapfu4z7qauy|03|net"; nocase; ) # 1edvc0ghrucj2vowp651sxvjsa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1edvc0ghrucj2vowp651sxvjsa|03|org"; nocase; ) # b1op4t18wl00i13gshfgoiyu68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b1op4t18wl00i13gshfgoiyu68|03|com"; nocase; ) # ebpw0h1xgs7761byp2mz1rjj9rv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ebpw0h1xgs7761byp2mz1rjj9rv|03|com"; nocase; ) # pjj2721d5cx79yhzui4me34ch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pjj2721d5cx79yhzui4me34ch|03|org"; nocase; ) # 1aq6iqeb0mo5rjkpnx21gd3ssj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aq6iqeb0mo5rjkpnx21gd3ssj|03|com"; nocase; ) # eyynpn1dk2kft1jc5w5sg67ul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eyynpn1dk2kft1jc5w5sg67ul|03|net"; nocase; ) # hvxnm01p4yanr1nw4ehe1mbp7m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hvxnm01p4yanr1nw4ehe1mbp7m7|03|com"; nocase; ) # 1o5iupu1spfkh8c74il5s343cr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o5iupu1spfkh8c74il5s343cr|03|net"; nocase; ) # oi0q3i1vux16517m95pw1lud1jh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oi0q3i1vux16517m95pw1lud1jh|03|net"; nocase; ) # j0hdzh1bwycep5n9rld1w2oqoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j0hdzh1bwycep5n9rld1w2oqoc|03|biz"; nocase; ) # 1piqp97lwtdzw92i5vidw3iui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1piqp97lwtdzw92i5vidw3iui|03|net"; nocase; ) # aakdr32xst6d1jq8iuaci5m2n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aakdr32xst6d1jq8iuaci5m2n|03|biz"; nocase; ) # wgp6pbeommo31hwpgoq1sdh1en.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wgp6pbeommo31hwpgoq1sdh1en|03|com"; nocase; ) # 535eg317u90211oz79kao05fjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|535eg317u90211oz79kao05fjy|03|org"; nocase; ) # 9s89lp1kdfq1iy3fg611mr8e7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9s89lp1kdfq1iy3fg611mr8e7s|03|com"; nocase; ) # 1ngzgrzi3b4woqmuq241kgzc2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ngzgrzi3b4woqmuq241kgzc2e|03|net"; nocase; ) # b3xpn6z441cmeaqdtl126q755.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3xpn6z441cmeaqdtl126q755|03|net"; nocase; ) # 1rvhar3gev3tar5tndi1lwr141.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rvhar3gev3tar5tndi1lwr141|03|org"; nocase; ) # 71mkn6z6lrfohuuszu1txpaiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|71mkn6z6lrfohuuszu1txpaiv|03|org"; nocase; ) # jkyurwfqga5h1hsac8gahp8ns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jkyurwfqga5h1hsac8gahp8ns|03|com"; nocase; ) # 1rkqpiu1avyvh21g2239g14ehsp8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rkqpiu1avyvh21g2239g14ehsp8|03|org"; nocase; ) # 1sk2cbf99srzv9b9jjt1gof8o5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sk2cbf99srzv9b9jjt1gof8o5|03|net"; nocase; ) # gpoj77td2lq21pzvg831xhfhvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpoj77td2lq21pzvg831xhfhvs|03|org"; nocase; ) # 1kvkiemn3w5drbxhb5b15fo1ex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kvkiemn3w5drbxhb5b15fo1ex|03|org"; nocase; ) # 3uzwgk15nu3ho1absopt5kgt8j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3uzwgk15nu3ho1absopt5kgt8j|03|biz"; nocase; ) # 13aqqvpp20hqd1akxrxd1gjj07x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13aqqvpp20hqd1akxrxd1gjj07x|03|net"; nocase; ) # 13uie2t9pyguk83envo1386g83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13uie2t9pyguk83envo1386g83|03|net"; nocase; ) # 1fazkf6273cic15x7gmk4le550.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fazkf6273cic15x7gmk4le550|03|org"; nocase; ) # 1svlkyutoqoh512hg278xtz0xo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1svlkyutoqoh512hg278xtz0xo|03|com"; nocase; ) # yq17ut1nxn0lrgf3w6vba6ab3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yq17ut1nxn0lrgf3w6vba6ab3|03|net"; nocase; ) # 3kywtd1a02i9iczzfpqryowzz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3kywtd1a02i9iczzfpqryowzz|03|biz"; nocase; ) # vr4nw8eq1t8e16n197d1e81uno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vr4nw8eq1t8e16n197d1e81uno|03|org"; nocase; ) # menray1cn8iw71u2lpdx1h7zl16.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|menray1cn8iw71u2lpdx1h7zl16|03|org"; nocase; ) # sqvfs9ojbq12pgb1yb3ls5sb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sqvfs9ojbq12pgb1yb3ls5sb|03|net"; nocase; ) # 1jr00rg2anilgf123kje74iji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jr00rg2anilgf123kje74iji|03|net"; nocase; ) # 1elhpse1wac2cl2emw2q1l3umhu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elhpse1wac2cl2emw2q1l3umhu|03|biz"; nocase; ) # s7z22rim959djjs7501ndd89n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s7z22rim959djjs7501ndd89n|03|org"; nocase; ) # 8m5mf1t3axk110f4h2672tkth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8m5mf1t3axk110f4h2672tkth|03|net"; nocase; ) # 5wx7n91o6wcd41f8rkxb1kc5s9o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5wx7n91o6wcd41f8rkxb1kc5s9o|03|biz"; nocase; ) # 1mqs8nj7alc3d1ir8tx9imx6vs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqs8nj7alc3d1ir8tx9imx6vs|03|org"; nocase; ) # 1nlpxpl1m2bgq1gumtppf7kdwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nlpxpl1m2bgq1gumtppf7kdwv|03|net"; nocase; ) # gtr8tl1p066e01lw7fsz1nuycvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gtr8tl1p066e01lw7fsz1nuycvb|03|biz"; nocase; ) # 70dg5alr92411455zirox2fzl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|70dg5alr92411455zirox2fzl|03|org"; nocase; ) # 1jecowl14eje4r149lzry1l8m13a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jecowl14eje4r149lzry1l8m13a|03|net"; nocase; ) # 1m89b3ejeyap313vmkur1x1mvcn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m89b3ejeyap313vmkur1x1mvcn|03|biz"; nocase; ) # 104jx7w1eqyo4x1tnzqyk13qml64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|104jx7w1eqyo4x1tnzqyk13qml64|03|net"; nocase; ) # 19qkgyl10i9qkgomvo5t9vd975.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19qkgyl10i9qkgomvo5t9vd975|03|com"; nocase; ) # ces32ocj0qsk1vy08vcd2yhvs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ces32ocj0qsk1vy08vcd2yhvs|03|net"; nocase; ) # 144v223158ace619r2f6rmhpibe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|144v223158ace619r2f6rmhpibe|03|org"; nocase; ) # szt0lt4ig4bk6ufeurtj4uph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|szt0lt4ig4bk6ufeurtj4uph|03|org"; nocase; ) # 15qz9911ldbn2a1g4wgqe1im74i3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15qz9911ldbn2a1g4wgqe1im74i3|03|org"; nocase; ) # nrudndk7z384j5z4nh164teip.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nrudndk7z384j5z4nh164teip|03|biz"; nocase; ) # gcshigr8a3f9f0o6e54lj27p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gcshigr8a3f9f0o6e54lj27p|03|net"; nocase; ) # 1va33mg8dvs4oo5xvgwst84ci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1va33mg8dvs4oo5xvgwst84ci|03|net"; nocase; ) # bvzhwe1qovi931db92dl1pb8flw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bvzhwe1qovi931db92dl1pb8flw|03|org"; nocase; ) # ewxdpntg7c591h2w3uc12jl8zg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ewxdpntg7c591h2w3uc12jl8zg|03|net"; nocase; ) # q3m89bqrejzpk2o551w17nzt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q3m89bqrejzpk2o551w17nzt|03|com"; nocase; ) # 1wz911q69nn7nb9luvv12ye118.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wz911q69nn7nb9luvv12ye118|03|biz"; nocase; ) # 19h56obd2thfrdx3oebgmikzr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19h56obd2thfrdx3oebgmikzr|03|net"; nocase; ) # 1hbrp7w1cg6k6f1au6m8l1t1biyz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hbrp7w1cg6k6f1au6m8l1t1biyz|03|biz"; nocase; ) # 172jxahk3g6ij1p7697o1fcg8d2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|172jxahk3g6ij1p7697o1fcg8d2|03|org"; nocase; ) # yyfok61w6oyo0172psdz1edgoes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yyfok61w6oyo0172psdz1edgoes|03|net"; nocase; ) # 1o6qoei14tomdh1entg2x1ljikfk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o6qoei14tomdh1entg2x1ljikfk|03|biz"; nocase; ) # 6gx1c21wcccnqte39fa1ps87uk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6gx1c21wcccnqte39fa1ps87uk|03|net"; nocase; ) # noqfrg1ntwhh71u10bkvn40964.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|noqfrg1ntwhh71u10bkvn40964|03|org"; nocase; ) # jgqz7kx3jvccmx2lsr7okwn0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jgqz7kx3jvccmx2lsr7okwn0|03|biz"; nocase; ) # x7b2nn1da9c3nkmgaj51m8gyjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x7b2nn1da9c3nkmgaj51m8gyjh|03|org"; nocase; ) # 11xlju71ve6kn3y3dsci7fccua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11xlju71ve6kn3y3dsci7fccua|03|com"; nocase; ) # 1j5vebftbrxsr15qg3fx1hy9do7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j5vebftbrxsr15qg3fx1hy9do7|03|com"; nocase; ) # 1po5orh1w3po17ya81igt46e8n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1po5orh1w3po17ya81igt46e8n|03|org"; nocase; ) # 4abjo9qap46w18p8q6t17k5t38.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4abjo9qap46w18p8q6t17k5t38|03|biz"; nocase; ) # 1uva1g2fjsxqrfo3caj1orcrbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uva1g2fjsxqrfo3caj1orcrbx|03|com"; nocase; ) # 1bh5geo3dl1amptav35161plxg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bh5geo3dl1amptav35161plxg|03|org"; nocase; ) # k0wwoff16ql1pyw1kk8fzipi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k0wwoff16ql1pyw1kk8fzipi|03|org"; nocase; ) # 6ibjr51eujqi21mwpcdgu2pisl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ibjr51eujqi21mwpcdgu2pisl|03|net"; nocase; ) # fpfvbvokflhrs6fsqc1jqargk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fpfvbvokflhrs6fsqc1jqargk|03|net"; nocase; ) # 1deulbbgkuazy1rachbgrqflsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1deulbbgkuazy1rachbgrqflsy|03|com"; nocase; ) # 1fdgo85sce8uj71tcsd7fu5qp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fdgo85sce8uj71tcsd7fu5qp|03|net"; nocase; ) # 99izlppyxbyk55uif5wp3vxi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|99izlppyxbyk55uif5wp3vxi|03|net"; nocase; ) # ghkq07z5g7d3ds2sj817g6joa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ghkq07z5g7d3ds2sj817g6joa|03|org"; nocase; ) # w1y8mm1sg94134fwwcy6h3eyl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w1y8mm1sg94134fwwcy6h3eyl|03|net"; nocase; ) # 1ybep4wx4epwy1lns1k8tc2dvl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ybep4wx4epwy1lns1k8tc2dvl|03|org"; nocase; ) # 1xposjx12539j17m0t0y118o3sx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xposjx12539j17m0t0y118o3sx|03|biz"; nocase; ) # 1ch543tnf73ej1hsz0jb14xk1az.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ch543tnf73ej1hsz0jb14xk1az|03|org"; nocase; ) # 1egy8n6xz3611132xbjkchgox4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egy8n6xz3611132xbjkchgox4|03|net"; nocase; ) # 13417xz193nnrl1apkufe1ndfaqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13417xz193nnrl1apkufe1ndfaqz|03|org"; nocase; ) # gb7ujl1qgkz26klmimoc9aetz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gb7ujl1qgkz26klmimoc9aetz|03|net"; nocase; ) # 3ht07e1jgsh0e1rpepre1p9ezmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3ht07e1jgsh0e1rpepre1p9ezmu|03|net"; nocase; ) # 160bajf8qyjwe8vvfeav3jvuz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|160bajf8qyjwe8vvfeav3jvuz|03|org"; nocase; ) # 1p4y4uumxf8l8v34gkqywhcgc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p4y4uumxf8l8v34gkqywhcgc|03|biz"; nocase; ) # huwrvq1j3u1cpzzfi3p1ub05u5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|huwrvq1j3u1cpzzfi3p1ub05u5|03|net"; nocase; ) # j4wq9319uscgv1fyyjmz98zibe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4wq9319uscgv1fyyjmz98zibe|03|com"; nocase; ) # giyoczst3hy01l0hkga1s4x3mu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|giyoczst3hy01l0hkga1s4x3mu|03|org"; nocase; ) # 1kaipgdr1flqrwwnn1z1frp2pz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kaipgdr1flqrwwnn1z1frp2pz|03|net"; nocase; ) # 1kwb5n21cfd01go4kd5k1ot8bv9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kwb5n21cfd01go4kd5k1ot8bv9|03|org"; nocase; ) # 1anwf3cwpkjiqwki811bkr8mf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1anwf3cwpkjiqwki811bkr8mf|03|net"; nocase; ) # 1cgnu631rjo1t01cs0tre1280p2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cgnu631rjo1t01cs0tre1280p2r|03|org"; nocase; ) # wkufd81hdh1uo9w2hs1ui59ft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wkufd81hdh1uo9w2hs1ui59ft|03|com"; nocase; ) # 13wlmcsjur4x01vhm0o818tpwq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13wlmcsjur4x01vhm0o818tpwq3|03|com"; nocase; ) # 1tgjiso2puovhilwo0188xazu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tgjiso2puovhilwo0188xazu|03|org"; nocase; ) # 1400uwfjpymf1xk68rjtm2aja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1400uwfjpymf1xk68rjtm2aja|03|com"; nocase; ) # 1wv86z38e4mwo1u7kky46trvb9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wv86z38e4mwo1u7kky46trvb9|03|org"; nocase; ) # 1jlq04s14jv8i018klrjv1clwifl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jlq04s14jv8i018klrjv1clwifl|03|biz"; nocase; ) # 1fwe8wb1yj8jq61c3i5gg1aeg53s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fwe8wb1yj8jq61c3i5gg1aeg53s|03|net"; nocase; ) # o7g5g11muhsca1ncrgtol3schd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o7g5g11muhsca1ncrgtol3schd|03|com"; nocase; ) # 114nkaq1ymwjpr1y5yv8g1n0elej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|114nkaq1ymwjpr1y5yv8g1n0elej|03|net"; nocase; ) # 9vruqr1uj7f9btvvb5p1ct4riz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9vruqr1uj7f9btvvb5p1ct4riz|03|com"; nocase; ) # ivrnvj4j1nl0c8jy11ut4nvp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ivrnvj4j1nl0c8jy11ut4nvp|03|biz"; nocase; ) # pcvjgpp4985kbhd4yep25ij4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pcvjgpp4985kbhd4yep25ij4|03|com"; nocase; ) # 1gdi4mpjc8vrc1ixiyvh169g5w3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gdi4mpjc8vrc1ixiyvh169g5w3|03|biz"; nocase; ) # 11hkbcp14y8g4gblvwjo1awudg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hkbcp14y8g4gblvwjo1awudg4|03|org"; nocase; ) # ii67ny16av4vatxitqw17w05py.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ii67ny16av4vatxitqw17w05py|03|org"; nocase; ) # rb8jkz19darha14ommi4hy5gnf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rb8jkz19darha14ommi4hy5gnf|03|net"; nocase; ) # 7drbpb1s4jytodrkr2718yqvsu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7drbpb1s4jytodrkr2718yqvsu|03|org"; nocase; ) # 6ygkz01uq7sma1d67u3g1uatamx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ygkz01uq7sma1d67u3g1uatamx|03|org"; nocase; ) # u2brzrrmjyuf1fye0dw1r0hqqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2brzrrmjyuf1fye0dw1r0hqqt|03|org"; nocase; ) # 1he9g2o7dzecq5ahrb2b4dl8x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1he9g2o7dzecq5ahrb2b4dl8x|03|org"; nocase; ) # 1y2qrhxanmeex6uio1dx4ul6w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y2qrhxanmeex6uio1dx4ul6w|03|com"; nocase; ) # 9g3gj9drkglhuh34im1hxzsic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9g3gj9drkglhuh34im1hxzsic|03|org"; nocase; ) # 1p65cjy1e2x2z415lql0li40r45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p65cjy1e2x2z415lql0li40r45|03|com"; nocase; ) # 1t7jc631mux8lk15dsc7v1p3i5qr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t7jc631mux8lk15dsc7v1p3i5qr|03|org"; nocase; ) # 3obd4h1y5fe1o6pdepa1wh9fun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3obd4h1y5fe1o6pdepa1wh9fun|03|net"; nocase; ) # 70xjs21k2z8ci1ikqnxiw4vn1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|70xjs21k2z8ci1ikqnxiw4vn1s|03|com"; nocase; ) # nolhkp1yc08s1sdhs8xgqgft7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nolhkp1yc08s1sdhs8xgqgft7|03|net"; nocase; ) # 1jho5f9jugm3x1hfj11n10tubn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jho5f9jugm3x1hfj11n10tubn7|03|net"; nocase; ) # swn01r1w8t9vn1w8d7aw5t57q4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swn01r1w8t9vn1w8d7aw5t57q4|03|com"; nocase; ) # 1astd3o1mfunqd66sijg17myo2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1astd3o1mfunqd66sijg17myo2v|03|org"; nocase; ) # 10kco441vj79ck1ewnuak1i7yjzg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10kco441vj79ck1ewnuak1i7yjzg|03|net"; nocase; ) # nf6qiadla70g5rthl1fvx9rd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nf6qiadla70g5rthl1fvx9rd|03|biz"; nocase; ) # bp9or5pejqxj18vb0bz4te57p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bp9or5pejqxj18vb0bz4te57p|03|org"; nocase; ) # a3bqpt1jd6grnc2n1601bziqy8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a3bqpt1jd6grnc2n1601bziqy8|03|com"; nocase; ) # 144u6ko1p7min01fag6el1cj3y46.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|144u6ko1p7min01fag6el1cj3y46|03|net"; nocase; ) # 1pocy7d1e4hd5yrqc6v1vwskja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pocy7d1e4hd5yrqc6v1vwskja|03|biz"; nocase; ) # jdy5mr1xdl0xvgfeob414p6a3r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jdy5mr1xdl0xvgfeob414p6a3r|03|org"; nocase; ) # rqzfd0e77alr1gg9k414aucfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rqzfd0e77alr1gg9k414aucfe|03|net"; nocase; ) # oawj6910898a91f4sgm21kknv2g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oawj6910898a91f4sgm21kknv2g|03|org"; nocase; ) # wd9bs1e2jcd2139725o19q3ozy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wd9bs1e2jcd2139725o19q3ozy|03|com"; nocase; ) # 1x4pbmf5kc66s16ikajm4616ww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x4pbmf5kc66s16ikajm4616ww|03|net"; nocase; ) # 1r2yugmovbsgw1101r5w1gvgnpj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r2yugmovbsgw1101r5w1gvgnpj|03|net"; nocase; ) # o2vg0i1h0987f1l7exr3mkb6b8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o2vg0i1h0987f1l7exr3mkb6b8|03|biz"; nocase; ) # 1nomdsh1qicfrx1p616v1himrxo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nomdsh1qicfrx1p616v1himrxo|03|com"; nocase; ) # t4lcxpfjcd5b13a6v48zsdyfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4lcxpfjcd5b13a6v48zsdyfw|03|net"; nocase; ) # 1b7uh6ze0v4xy1y1mz69mvpu6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b7uh6ze0v4xy1y1mz69mvpu6j|03|org"; nocase; ) # 130y1nc1no39ta1kt7ton1v8bb84.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|130y1nc1no39ta1kt7ton1v8bb84|03|com"; nocase; ) # retflrjpc6116nrb0o134lble.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|retflrjpc6116nrb0o134lble|03|org"; nocase; ) # hjreqc10d4anz1oj080c1yhkqjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hjreqc10d4anz1oj080c1yhkqjt|03|net"; nocase; ) # 13ggwu31i9itb15nviim13fxdug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ggwu31i9itb15nviim13fxdug|03|net"; nocase; ) # jt8gaad7u9j7z0l392vwiljm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jt8gaad7u9j7z0l392vwiljm|03|com"; nocase; ) # 55s8i015hoioc1s615e61rrgk01.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|55s8i015hoioc1s615e61rrgk01|03|com"; nocase; ) # 12k7x8j1n15c6q9rcdzj1ipz0il.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12k7x8j1n15c6q9rcdzj1ipz0il|03|org"; nocase; ) # 1spzl0pi02t7y78szvwo4h3ee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1spzl0pi02t7y78szvwo4h3ee|03|net"; nocase; ) # 1ca1reybqjjer5hu1e81vo9fyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ca1reybqjjer5hu1e81vo9fyt|03|org"; nocase; ) # cbf27e7zje6316p3i9u11wcbff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cbf27e7zje6316p3i9u11wcbff|03|com"; nocase; ) # 14uw8sppamxi411fr9sc11ivreg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14uw8sppamxi411fr9sc11ivreg|03|net"; nocase; ) # 1yi9t0glih3u1u3c5p31ltjuov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000004999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yi9t0glih3u1u3c5p31ltjuov|03|org"; nocase; ) # 1van9nm1eu92oekkpd6b1ugv4nc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1van9nm1eu92oekkpd6b1ugv4nc|03|net"; nocase; ) # l0slhe1u1q91517h6804kh9h96.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0slhe1u1q91517h6804kh9h96|03|biz"; nocase; ) # f8w37m1pu34pawr3yua1bso5li.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f8w37m1pu34pawr3yua1bso5li|03|net"; nocase; ) # nsd41mourngb1scj4l1auudxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nsd41mourngb1scj4l1auudxw|03|net"; nocase; ) # 1oljxa13pia1w5qa96a3ajfxa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oljxa13pia1w5qa96a3ajfxa|03|org"; nocase; ) # c5zjo41rpd2hh1u1em0um8fbim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c5zjo41rpd2hh1u1em0um8fbim|03|org"; nocase; ) # 6rniph1fuzymi1m575njbs9ifs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6rniph1fuzymi1m575njbs9ifs|03|biz"; nocase; ) # 1488up2hs0rs318pra4i1rja98e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1488up2hs0rs318pra4i1rja98e|03|net"; nocase; ) # 1bxcrj41p6d239t3u2b4pj84gj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bxcrj41p6d239t3u2b4pj84gj|03|net"; nocase; ) # 1tci0w01pcnffz1a71ogkyv8b1e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tci0w01pcnffz1a71ogkyv8b1e|03|biz"; nocase; ) # 1hblifwa27ybebobwo9bs5c29.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hblifwa27ybebobwo9bs5c29|03|net"; nocase; ) # 1nos68z1h07u4j95jhilzd85o6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nos68z1h07u4j95jhilzd85o6|03|com"; nocase; ) # 1yasptbtm8gnu117mq2gsljqx0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yasptbtm8gnu117mq2gsljqx0|03|com"; nocase; ) # ozsu0nkjrru1oas301q574fw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ozsu0nkjrru1oas301q574fw|03|biz"; nocase; ) # 1f3nqatwfclsr14pzabd1jrce9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3nqatwfclsr14pzabd1jrce9p|03|com"; nocase; ) # cqz5dmq8v4exqm5fz6w8mg4d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cqz5dmq8v4exqm5fz6w8mg4d|03|net"; nocase; ) # 1ba0n24210gz51qsbh3z13gecv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ba0n24210gz51qsbh3z13gecv7|03|net"; nocase; ) # 1h3jr8jubva3r1lyjhcra85cfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h3jr8jubva3r1lyjhcra85cfs|03|com"; nocase; ) # 1pii6hk1pin1y01vkbneg1w9qvnb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pii6hk1pin1y01vkbneg1w9qvnb|03|net"; nocase; ) # lojmzo4mme0a1glegca87qaqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lojmzo4mme0a1glegca87qaqi|03|org"; nocase; ) # 1rlg6pt1qt0r7e1ap824mf83wk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rlg6pt1qt0r7e1ap824mf83wk2|03|net"; nocase; ) # 26cap316e69kb10f5vspa3vwct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|26cap316e69kb10f5vspa3vwct|03|net"; nocase; ) # iykxvo1hffku11et0uy1qrs9uq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iykxvo1hffku11et0uy1qrs9uq|03|org"; nocase; ) # sw3xyj18gcsw71uj34jznwsdau.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sw3xyj18gcsw71uj34jznwsdau|03|org"; nocase; ) # 718hjk1v7set7yq5byqrxhlvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|718hjk1v7set7yq5byqrxhlvw|03|net"; nocase; ) # 1hkwl14rwlbp1sqooq11ep1ov5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkwl14rwlbp1sqooq11ep1ov5|03|com"; nocase; ) # 12pme0i1t7dsx616tvkdq42fz9q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12pme0i1t7dsx616tvkdq42fz9q|03|net"; nocase; ) # 1hxf9dc8hmd5q8yk4691yrwd7f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hxf9dc8hmd5q8yk4691yrwd7f|03|com"; nocase; ) # 8e3mfi69ooxk1g3wnt7sowam4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8e3mfi69ooxk1g3wnt7sowam4|03|biz"; nocase; ) # 1tmtj551pqgc49lt0m9ksh4sy1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tmtj551pqgc49lt0m9ksh4sy1|03|net"; nocase; ) # 1ttglslzu2i0j193nn5zmihre2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttglslzu2i0j193nn5zmihre2|03|com"; nocase; ) # 69g7iflrd7qi1xfbvcs1ohahva.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|69g7iflrd7qi1xfbvcs1ohahva|03|org"; nocase; ) # 1tee9f1hdag1y6c7xyq179m42p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tee9f1hdag1y6c7xyq179m42p|03|net"; nocase; ) # 1ibsd0qnut6558o2uqv1bbonok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ibsd0qnut6558o2uqv1bbonok|03|org"; nocase; ) # c1seok11kfyef1cw586rlitcxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c1seok11kfyef1cw586rlitcxh|03|com"; nocase; ) # 16rkxhq7uu0hq3q2zb0160z3a0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16rkxhq7uu0hq3q2zb0160z3a0|03|org"; nocase; ) # mcg3ff6o5gr178sir11rbnvo2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mcg3ff6o5gr178sir11rbnvo2|03|net"; nocase; ) # r4y3ff1cddnbqs231021jfiddy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4y3ff1cddnbqs231021jfiddy|03|org"; nocase; ) # awfz181uialpuead4l49ui81z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|awfz181uialpuead4l49ui81z|03|net"; nocase; ) # 7gv4ofx93jrcpyrys1imxdqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7gv4ofx93jrcpyrys1imxdqv|03|net"; nocase; ) # n6lggqwot3cy13ghhcpxmi8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n6lggqwot3cy13ghhcpxmi8z|03|com"; nocase; ) # 7w3jv0hn887kezl36c1qv4suk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7w3jv0hn887kezl36c1qv4suk|03|com"; nocase; ) # 1pawr15gh0lza1tao8jxemavck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pawr15gh0lza1tao8jxemavck|03|net"; nocase; ) # u6o6nw139kync4p1wkp5jj2o2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u6o6nw139kync4p1wkp5jj2o2|03|com"; nocase; ) # 10jeoch1blt0bc13fja8k1y90e9p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10jeoch1blt0bc13fja8k1y90e9p|03|biz"; nocase; ) # cke2z2ghzmsnvswfqh1et2qjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cke2z2ghzmsnvswfqh1et2qjv|03|net"; nocase; ) # 15xuqo4o56n9wtpeeb1z0cp3b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15xuqo4o56n9wtpeeb1z0cp3b|03|biz"; nocase; ) # 11od0qpsaasje1u37k5sabrap2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11od0qpsaasje1u37k5sabrap2|03|com"; nocase; ) # 1omaksp1lw47j9lcxixm1c3g0zd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1omaksp1lw47j9lcxixm1c3g0zd|03|com"; nocase; ) # 1oha0xw12ugwho1y89f6vmffvke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oha0xw12ugwho1y89f6vmffvke|03|net"; nocase; ) # 1s9dbn41iv5xxu189i3ehm9kcxa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s9dbn41iv5xxu189i3ehm9kcxa|03|net"; nocase; ) # 1mycndr1riii3v1btoq8g1s6dikg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mycndr1riii3v1btoq8g1s6dikg|03|net"; nocase; ) # veol011xaeo401olg37ra7dai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|veol011xaeo401olg37ra7dai|03|com"; nocase; ) # k7j9q3f49h101ssa2t9vmxmjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k7j9q3f49h101ssa2t9vmxmjk|03|net"; nocase; ) # ghrl5g1nexw03t6y8eym8bufx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ghrl5g1nexw03t6y8eym8bufx|03|biz"; nocase; ) # ompgec1o9wv9u156vqyid6yj3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ompgec1o9wv9u156vqyid6yj3d|03|net"; nocase; ) # 1vzfis11r8yya6vhx0zsqlq9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vzfis11r8yya6vhx0zsqlq9g|03|com"; nocase; ) # 1rkfk287ookpia3779p16t0uy3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rkfk287ookpia3779p16t0uy3|03|org"; nocase; ) # ugt9jkxlry9qkhemw35kurfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ugt9jkxlry9qkhemw35kurfn|03|com"; nocase; ) # nm0et0p13lni1jw4og31y98amt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nm0et0p13lni1jw4og31y98amt|03|com"; nocase; ) # 1yer7d315pyjzi137bjq8pjge2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yer7d315pyjzi137bjq8pjge2d|03|net"; nocase; ) # mc42n81dp2fx5vqqjjw990cld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mc42n81dp2fx5vqqjjw990cld|03|org"; nocase; ) # w4ywj21tu5yyvjj5xg5vu0omo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w4ywj21tu5yyvjj5xg5vu0omo|03|com"; nocase; ) # j575wvijc59rvsuv4xo8455b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j575wvijc59rvsuv4xo8455b|03|net"; nocase; ) # zlebhn3ogxpa1i3ftzmp7j2ce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zlebhn3ogxpa1i3ftzmp7j2ce|03|org"; nocase; ) # swg7vy6ue19u1ynsyzgy2l769.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|swg7vy6ue19u1ynsyzgy2l769|03|biz"; nocase; ) # 1oyxdne1y9y1lq1avsh3tzlclv4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oyxdne1y9y1lq1avsh3tzlclv4|03|biz"; nocase; ) # tphltw1mvy5ij10awy5m1skrkj2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tphltw1mvy5ij10awy5m1skrkj2|03|org"; nocase; ) # zvckhp1hnd3qhla098kvi7vwh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zvckhp1hnd3qhla098kvi7vwh|03|net"; nocase; ) # 1eywvzt7ww3k7si0htl1gk594m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eywvzt7ww3k7si0htl1gk594m|03|org"; nocase; ) # 14x6nlzpypg5u9a05p4bh7q0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14x6nlzpypg5u9a05p4bh7q0o|03|com"; nocase; ) # 1d5m95i1az0pmov5s6nq1xutusk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5m95i1az0pmov5s6nq1xutusk|03|net"; nocase; ) # 1pgfc4i2hu53uigx5xchb2soj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pgfc4i2hu53uigx5xchb2soj|03|com"; nocase; ) # 6zl32y1c94qafzgk3iv10jeejh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6zl32y1c94qafzgk3iv10jeejh|03|org"; nocase; ) # 1ru7s7qfgjvt9sen78g1d61tg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ru7s7qfgjvt9sen78g1d61tg9|03|net"; nocase; ) # 1tsfauy1ulp0cq14pxo21al3oqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tsfauy1ulp0cq14pxo21al3oqi|03|net"; nocase; ) # 1s5r1jaa7ulxbynsm0281shx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1s5r1jaa7ulxbynsm0281shx|03|org"; nocase; ) # 1dqo77je3rj93185s3xkcjdpf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dqo77je3rj93185s3xkcjdpf5|03|net"; nocase; ) # 1waebo1bzwaayi6zvxo1puz7mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1waebo1bzwaayi6zvxo1puz7mi|03|net"; nocase; ) # m5h6hul6rcjg6lcz811di6g9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5h6hul6rcjg6lcz811di6g9i|03|com"; nocase; ) # mxiap0jiqb1teo7zz1jwxi0b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mxiap0jiqb1teo7zz1jwxi0b|03|biz"; nocase; ) # h13mqv1h3t1jy199tprzulpfqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h13mqv1h3t1jy199tprzulpfqn|03|org"; nocase; ) # 130a80jutpy8bzf2swh1ltwkao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|130a80jutpy8bzf2swh1ltwkao|03|biz"; nocase; ) # 1wadwlw1p30bapbn0x0d8wk9ej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wadwlw1p30bapbn0x0d8wk9ej|03|com"; nocase; ) # 14ev6i2ipwpi7119yu9d16mkomm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ev6i2ipwpi7119yu9d16mkomm|03|com"; nocase; ) # u1gtrzc4wo7jg4lvwteepxpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u1gtrzc4wo7jg4lvwteepxpz|03|net"; nocase; ) # 11qrshxlbvbq3t5deg1hmqm9m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11qrshxlbvbq3t5deg1hmqm9m|03|org"; nocase; ) # 1idqeg415kekcynf1tvl13maklh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1idqeg415kekcynf1tvl13maklh|03|com"; nocase; ) # 12eriyvmkm7fz1pdsuf0ej7pkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12eriyvmkm7fz1pdsuf0ej7pkt|03|org"; nocase; ) # x851bmz3j2fw14ksayf2a98ra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x851bmz3j2fw14ksayf2a98ra|03|net"; nocase; ) # wvqumn12p3jyo1ygnojdoqqcrw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wvqumn12p3jyo1ygnojdoqqcrw|03|com"; nocase; ) # 12j02371022ocvq3k3vx1pq6d1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12j02371022ocvq3k3vx1pq6d1s|03|net"; nocase; ) # 1d6sldf1hzvc4gfhteqi1q34nlk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d6sldf1hzvc4gfhteqi1q34nlk|03|net"; nocase; ) # n84ucb113k97ekgvc97x9xkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n84ucb113k97ekgvc97x9xkr|03|com"; nocase; ) # jikjmc1ipn8qwkmv0pv1dbi7n4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jikjmc1ipn8qwkmv0pv1dbi7n4|03|org"; nocase; ) # 1c8xcaj1noipxcj132o61az19e7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c8xcaj1noipxcj132o61az19e7|03|net"; nocase; ) # 16tielaax2f5ugyik61gv5xy5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16tielaax2f5ugyik61gv5xy5|03|biz"; nocase; ) # fmaqm31r5vpyf18b0et51lvke0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fmaqm31r5vpyf18b0et51lvke0d|03|net"; nocase; ) # v11p4tkqhg7u1r4d8imy8jxx5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v11p4tkqhg7u1r4d8imy8jxx5|03|org"; nocase; ) # 1yc21rl1wr91epgqxkgoexobm0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yc21rl1wr91epgqxkgoexobm0|03|net"; nocase; ) # 1cfzk51p9zofk1r5x4r41v4vii2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cfzk51p9zofk1r5x4r41v4vii2|03|org"; nocase; ) # no93kh187bf1637gqa7i6r04a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|no93kh187bf1637gqa7i6r04a|03|net"; nocase; ) # 1py1hpqg4vnu8ayjlawpxf29y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1py1hpqg4vnu8ayjlawpxf29y|03|net"; nocase; ) # 1uj2ghc1be1i0t1tgxalo143oo06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uj2ghc1be1i0t1tgxalo143oo06|03|net"; nocase; ) # 89uab3117eumg1168dszowbnuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89uab3117eumg1168dszowbnuh|03|com"; nocase; ) # tf72mwa178du17yy4oa8mlgzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tf72mwa178du17yy4oa8mlgzm|03|net"; nocase; ) # ry7kzilpugit31xujiowtj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ry7kzilpugit31xujiowtj0|03|com"; nocase; ) # 1mw6i4ihdwure1shp48uadif1x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mw6i4ihdwure1shp48uadif1x|03|net"; nocase; ) # 18q9bqz1ygu6c2t3mmhc1ebzooa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18q9bqz1ygu6c2t3mmhc1ebzooa|03|org"; nocase; ) # 1cjg6101eltfa5dvvwsl7vcvee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cjg6101eltfa5dvvwsl7vcvee|03|net"; nocase; ) # 16jsmznovqez5e6fgnh1mwrgz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16jsmznovqez5e6fgnh1mwrgz5|03|com"; nocase; ) # 2ynqs91f84ily1nhahfj1q8k2jo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2ynqs91f84ily1nhahfj1q8k2jo|03|biz"; nocase; ) # a4i2uz12uch2t1hblyfv1opzbij.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a4i2uz12uch2t1hblyfv1opzbij|03|org"; nocase; ) # x23v7c6kdi9816dum4jzl7gsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x23v7c6kdi9816dum4jzl7gsl|03|org"; nocase; ) # 15krif02mg8uizbvzys14c3g0t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15krif02mg8uizbvzys14c3g0t|03|net"; nocase; ) # r55d1mip6j1tz5stht1mnux30.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r55d1mip6j1tz5stht1mnux30|03|org"; nocase; ) # 3jl56d1wi1j1y5ucdxmum2em7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3jl56d1wi1j1y5ucdxmum2em7|03|net"; nocase; ) # nsnxck9xd7ae16c507n41zuuu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nsnxck9xd7ae16c507n41zuuu|03|com"; nocase; ) # bpjcnz13y12v81fnqujipt5q85.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bpjcnz13y12v81fnqujipt5q85|03|com"; nocase; ) # 9gop8o1cxto9919aok471g5dajl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9gop8o1cxto9919aok471g5dajl|03|org"; nocase; ) # 3v2a8m5v59w01uqfpts6s833y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3v2a8m5v59w01uqfpts6s833y|03|biz"; nocase; ) # 1uoe76o1uvk6mc1b466cl1037tw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uoe76o1uvk6mc1b466cl1037tw5|03|org"; nocase; ) # 1bk2p33ivnqybzq2o81tpt79m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bk2p33ivnqybzq2o81tpt79m|03|org"; nocase; ) # qnyyvx18q6n8yk038gv428xhz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qnyyvx18q6n8yk038gv428xhz|03|org"; nocase; ) # ktlh7o1cwbstbhs168z1bxx1k9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktlh7o1cwbstbhs168z1bxx1k9|03|net"; nocase; ) # ove70p1xyyvem197wygmos5i71.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ove70p1xyyvem197wygmos5i71|03|net"; nocase; ) # qf3qo0pjdcxi16yhg4hucyqh2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qf3qo0pjdcxi16yhg4hucyqh2|03|org"; nocase; ) # 1v2iud92h3qxa4h2lej1378ilh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2iud92h3qxa4h2lej1378ilh|03|com"; nocase; ) # 1vjckzbc8xxhf1fdwnyz1242l76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vjckzbc8xxhf1fdwnyz1242l76|03|org"; nocase; ) # ywp5ug1jyod281v8koyb18q2i8i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ywp5ug1jyod281v8koyb18q2i8i|03|biz"; nocase; ) # 1nec5oq1aav0yssquz7n6ea46p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nec5oq1aav0yssquz7n6ea46p|03|net"; nocase; ) # 1ajk7pj1q6ip3g122rgzw10k6zj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ajk7pj1q6ip3g122rgzw10k6zj4|03|org"; nocase; ) # 17tp3mluydqsk1a7m9cg15xt3gg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tp3mluydqsk1a7m9cg15xt3gg|03|com"; nocase; ) # 1edm8mifgmxi0wkl6j01ez5tzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1edm8mifgmxi0wkl6j01ez5tzu|03|com"; nocase; ) # v4ycozmfrs7s1asypcz3wtrbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v4ycozmfrs7s1asypcz3wtrbi|03|org"; nocase; ) # 1rxqh7a1rruni812ouvzy1cbt7ji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rxqh7a1rruni812ouvzy1cbt7ji|03|biz"; nocase; ) # 1antflz1waci8b1n4rwoxx45p9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1antflz1waci8b1n4rwoxx45p9r|03|net"; nocase; ) # 1bvs7ft18zhmh4pzivzq1n1ltoc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bvs7ft18zhmh4pzivzq1n1ltoc|03|net"; nocase; ) # 1b4ynd01sew53r1wbphrz7l4mao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b4ynd01sew53r1wbphrz7l4mao|03|biz"; nocase; ) # 1djhvh51i6rdqz4i8zul1f91k9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1djhvh51i6rdqz4i8zul1f91k9u|03|com"; nocase; ) # 1qkst021c29qo01ue0rao154mgr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qkst021c29qo01ue0rao154mgr0|03|net"; nocase; ) # 1lx9yzk1l1mqxadz21g51k2rgwa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lx9yzk1l1mqxadz21g51k2rgwa|03|biz"; nocase; ) # 1h22rsr1284wkiz1jpl74e2h15.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h22rsr1284wkiz1jpl74e2h15|03|org"; nocase; ) # lvo4yut5yi72zpsdmd1ngu74o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lvo4yut5yi72zpsdmd1ngu74o|03|biz"; nocase; ) # 9yvhrsvlcz5911a0ogn179tve5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9yvhrsvlcz5911a0ogn179tve5|03|net"; nocase; ) # 1pla1th1ryglid1gz47s41tcoote.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pla1th1ryglid1gz47s41tcoote|03|net"; nocase; ) # 1x82c6p1wk0bex1k8burcix79xv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x82c6p1wk0bex1k8burcix79xv|03|org"; nocase; ) # defignb8dfq0oeww3unzb9et.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|defignb8dfq0oeww3unzb9et|03|com"; nocase; ) # 1d3yj3eoet4jt14yl09c1b7scj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d3yj3eoet4jt14yl09c1b7scj|03|biz"; nocase; ) # 1gubn8q1kblhob11nlws3ps7rqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gubn8q1kblhob11nlws3ps7rqy|03|net"; nocase; ) # 1aa746zgxe01f1n7r52q10znkcz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa746zgxe01f1n7r52q10znkcz|03|com"; nocase; ) # esp7fni07fbq12bmr8h1d5h7d3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|esp7fni07fbq12bmr8h1d5h7d3|03|biz"; nocase; ) # sjdydxkat74umkihj8kf8ved.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sjdydxkat74umkihj8kf8ved|03|com"; nocase; ) # 1ilytn618worcwrw6n6n1bciqe1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ilytn618worcwrw6n6n1bciqe1|03|com"; nocase; ) # 16ax1r71opxejb5v20ehiwguc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ax1r71opxejb5v20ehiwguc|03|com"; nocase; ) # 1rtzjhl1vblpayehbcgy18ejoj2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rtzjhl1vblpayehbcgy18ejoj2|03|com"; nocase; ) # 58cpom1afzlwuswxbw314xmde6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|58cpom1afzlwuswxbw314xmde6|03|biz"; nocase; ) # 14p3fi1qhr5r41ra33go189708x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14p3fi1qhr5r41ra33go189708x|03|net"; nocase; ) # 1wqvh3dp7ur1m1j2kzh6y39wu3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wqvh3dp7ur1m1j2kzh6y39wu3|03|biz"; nocase; ) # ql41pd1uob50w1bip0zv1rkfpjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ql41pd1uob50w1bip0zv1rkfpjq|03|com"; nocase; ) # xx9n291puy51p1japmc81bidq7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xx9n291puy51p1japmc81bidq7v|03|org"; nocase; ) # kl4o9g19ijl141jww9b41469aoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kl4o9g19ijl141jww9b41469aoe|03|org"; nocase; ) # 1652g8n1ppw07wpc6n8p11uic2u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1652g8n1ppw07wpc6n8p11uic2u|03|com"; nocase; ) # 1jlxzw1gksu9cyovm5219k0vlu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jlxzw1gksu9cyovm5219k0vlu|03|net"; nocase; ) # tdcbe11laq7rbwdd1ew1o8ts67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdcbe11laq7rbwdd1ew1o8ts67|03|com"; nocase; ) # hjgwam1mmnmnv1mid0ca1lsilwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hjgwam1mmnmnv1mid0ca1lsilwh|03|org"; nocase; ) # 1jaw4a5bv9pm2poyks8y45wd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jaw4a5bv9pm2poyks8y45wd6|03|net"; nocase; ) # lv2gj1xn2nyrf95d9lto2gpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lv2gj1xn2nyrf95d9lto2gpw|03|org"; nocase; ) # 11iyjgm1p2rd6cn9pgmpe7661w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11iyjgm1p2rd6cn9pgmpe7661w|03|org"; nocase; ) # 1ao6zz62m74wz87axwbkbmiix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ao6zz62m74wz87axwbkbmiix|03|net"; nocase; ) # o6csu23qb38gjqfdec1u4aumx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o6csu23qb38gjqfdec1u4aumx|03|com"; nocase; ) # z8jbuyw4vqf810yxkmxr6kjek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z8jbuyw4vqf810yxkmxr6kjek|03|org"; nocase; ) # yr8u47vrzc2o1swtm441atnnv6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yr8u47vrzc2o1swtm441atnnv6|03|biz"; nocase; ) # 16x39of1ih2wko19equ4z1k4b75h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16x39of1ih2wko19equ4z1k4b75h|03|biz"; nocase; ) # 1wkl4toefny9sws8rq913cx4w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wkl4toefny9sws8rq913cx4w4|03|org"; nocase; ) # 1negqy9k1gp5i1tko5zgs9kj1x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1negqy9k1gp5i1tko5zgs9kj1x|03|net"; nocase; ) # q64yem7u6gf91519gnt1m3nq19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q64yem7u6gf91519gnt1m3nq19|03|org"; nocase; ) # 1rv2n3s18vgdtagcx9sz18ivm0o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rv2n3s18vgdtagcx9sz18ivm0o|03|biz"; nocase; ) # 3fmqnp1v691gc1vko0od1um70df.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3fmqnp1v691gc1vko0od1um70df|03|net"; nocase; ) # 1shd8dw18nu5xz16sgjt41h9lfmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1shd8dw18nu5xz16sgjt41h9lfmc|03|com"; nocase; ) # 1a3dsxpgfu3k3vv997o1macs9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a3dsxpgfu3k3vv997o1macs9b|03|org"; nocase; ) # 1vi2jjz1gy8evn17klh4gvo7i72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vi2jjz1gy8evn17klh4gvo7i72|03|net"; nocase; ) # 1w19gbp1kgyi4bb1kzc411j71s4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w19gbp1kgyi4bb1kzc411j71s4|03|org"; nocase; ) # 1r5ee2r1xoa1nx1wj7k7u7u5n8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r5ee2r1xoa1nx1wj7k7u7u5n8z|03|org"; nocase; ) # eymwgs1r4r09s1bisgm3h2a3by.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eymwgs1r4r09s1bisgm3h2a3by|03|net"; nocase; ) # 2174oklk97fawqdewp1yur3it.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2174oklk97fawqdewp1yur3it|03|com"; nocase; ) # 6998m7m7vp0csv1klipyhzlz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6998m7m7vp0csv1klipyhzlz|03|org"; nocase; ) # 9n0e4gkkwkx3t2m8p0p2frrd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9n0e4gkkwkx3t2m8p0p2frrd|03|biz"; nocase; ) # 3lg68ystr8eb1ae9qip1hne3cb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3lg68ystr8eb1ae9qip1hne3cb|03|net"; nocase; ) # 7p2g4gzjw35fio117n1b3rdsm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7p2g4gzjw35fio117n1b3rdsm|03|org"; nocase; ) # rt1eps13k90hb13g99v91ecl084.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rt1eps13k90hb13g99v91ecl084|03|biz"; nocase; ) # 18nahe26te5xiypayekoczo5r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18nahe26te5xiypayekoczo5r|03|org"; nocase; ) # rafg4pd2sv0a1dxtjxg1865ccl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rafg4pd2sv0a1dxtjxg1865ccl|03|com"; nocase; ) # dvgtwusx09uos0m5um1uuvreb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dvgtwusx09uos0m5um1uuvreb|03|com"; nocase; ) # 13nhk41z76nxk11htlfvvmqsq9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13nhk41z76nxk11htlfvvmqsq9|03|biz"; nocase; ) # 9y33961otayy41ctrpyq14yywpn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9y33961otayy41ctrpyq14yywpn|03|com"; nocase; ) # kx4uxcv1n6xwxbejb5187ktxp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kx4uxcv1n6xwxbejb5187ktxp|03|org"; nocase; ) # 2hfp2qw83dwo5296i31gdgcod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2hfp2qw83dwo5296i31gdgcod|03|com"; nocase; ) # hg8ib21bdem4y1gfztuzmno2je.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hg8ib21bdem4y1gfztuzmno2je|03|net"; nocase; ) # enlm84vcflnj151b9hk1jg0vfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|enlm84vcflnj151b9hk1jg0vfx|03|net"; nocase; ) # tp3gnbliknquwlufin1etv3m8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tp3gnbliknquwlufin1etv3m8|03|com"; nocase; ) # w08dlvb0qmfg12fhh2t1dago0b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w08dlvb0qmfg12fhh2t1dago0b|03|org"; nocase; ) # 1na69afe68yened4m9wcrjdns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1na69afe68yened4m9wcrjdns|03|net"; nocase; ) # 1ja6eoz1rk261t1si9p0252njxl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ja6eoz1rk261t1si9p0252njxl|03|net"; nocase; ) # 1f79dm71rbv6848ai3ef15url72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f79dm71rbv6848ai3ef15url72|03|org"; nocase; ) # 1hezzrm8dy6gl1d9sn7u1p7i7nt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hezzrm8dy6gl1d9sn7u1p7i7nt|03|com"; nocase; ) # 1tt4t2fg9348g8shbks11rxjvj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tt4t2fg9348g8shbks11rxjvj|03|biz"; nocase; ) # 9f0c8iehci241heom11qln3xv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f0c8iehci241heom11qln3xv|03|org"; nocase; ) # 9z77ge1lu8275a5u53wn5f43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9z77ge1lu8275a5u53wn5f43|03|net"; nocase; ) # 1qkwo7p1dbm6lg3y973ejrm6jk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qkwo7p1dbm6lg3y973ejrm6jk|03|org"; nocase; ) # 2f4xcrdsn9c8y644kf12vjjlm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2f4xcrdsn9c8y644kf12vjjlm|03|net"; nocase; ) # 1iif23nigj2tpbuqtjs1d9jv48.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iif23nigj2tpbuqtjs1d9jv48|03|org"; nocase; ) # wv3y8v1dw6b8317hrvqsz6dauw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wv3y8v1dw6b8317hrvqsz6dauw|03|com"; nocase; ) # 1h1f4q51c3gle31la967df9wd29.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h1f4q51c3gle31la967df9wd29|03|biz"; nocase; ) # s8y4ql1fxlzic10nxzib1dwvav9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s8y4ql1fxlzic10nxzib1dwvav9|03|com"; nocase; ) # adnrefyw2bk039szuf1ccdpkk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|adnrefyw2bk039szuf1ccdpkk|03|org"; nocase; ) # i573bkmaf9sad84al4gd0zkx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i573bkmaf9sad84al4gd0zkx|03|net"; nocase; ) # 72g4omjqsewct99vjv1h2y4kl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72g4omjqsewct99vjv1h2y4kl|03|org"; nocase; ) # 112lqerqox7yb18akn1t1c49aru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|112lqerqox7yb18akn1t1c49aru|03|biz"; nocase; ) # i1ylu0814t581k5xjik1f6k1mb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i1ylu0814t581k5xjik1f6k1mb|03|net"; nocase; ) # za0gbm11iki7vuyzmuf10jgyr9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|za0gbm11iki7vuyzmuf10jgyr9|03|com"; nocase; ) # ftizngquwm811mldzepvbojwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ftizngquwm811mldzepvbojwo|03|org"; nocase; ) # 11mxw1023qr4klg1yghc1lr99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11mxw1023qr4klg1yghc1lr99|03|com"; nocase; ) # zjs6lrlidswmr79aj7c0klyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zjs6lrlidswmr79aj7c0klyc|03|net"; nocase; ) # 1sf7zb718f4tmy1v3z4d3s2rdgc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sf7zb718f4tmy1v3z4d3s2rdgc|03|org"; nocase; ) # sifsg45po2dt1bc625mp6jo6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sifsg45po2dt1bc625mp6jo6l|03|net"; nocase; ) # 16urxlj4jsfdz12bt21k1aif2o5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16urxlj4jsfdz12bt21k1aif2o5|03|net"; nocase; ) # 1q8qi1k1p7hi2kjsqus1pxp9ea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q8qi1k1p7hi2kjsqus1pxp9ea|03|org"; nocase; ) # 1helxi51nmp1mu132fnd4zbo6y5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1helxi51nmp1mu132fnd4zbo6y5|03|net"; nocase; ) # 1yj89gx1k0gnffxe3lo41gr8eme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yj89gx1k0gnffxe3lo41gr8eme|03|com"; nocase; ) # 1n3d2571it7fr88l2oh713hlnli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n3d2571it7fr88l2oh713hlnli|03|org"; nocase; ) # 1tbjlrw11c6m5e1007sde8tw9fu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbjlrw11c6m5e1007sde8tw9fu|03|net"; nocase; ) # 14zmhe3bk3ujyh83635f974as.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14zmhe3bk3ujyh83635f974as|03|org"; nocase; ) # ok5f20o10q9ll7pm231q6hhf8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ok5f20o10q9ll7pm231q6hhf8|03|com"; nocase; ) # s5ck4ehjh64k1vpyulq10v9u66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s5ck4ehjh64k1vpyulq10v9u66|03|net"; nocase; ) # 1u0tnyt643zwcpl3izabqratj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u0tnyt643zwcpl3izabqratj|03|org"; nocase; ) # 1idauio1gjcbhy49pjn21na9iir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1idauio1gjcbhy49pjn21na9iir|03|net"; nocase; ) # 16iw20b1xcdcp9at8o6yk5trq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16iw20b1xcdcp9at8o6yk5trq1|03|net"; nocase; ) # 12v2ss71jvkxlgmr26uf1a9583m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12v2ss71jvkxlgmr26uf1a9583m|03|biz"; nocase; ) # r7x2slthwvz0kf2y29dc0atb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r7x2slthwvz0kf2y29dc0atb|03|com"; nocase; ) # 1j5b9yr1pst8srtnt0of1ltfwqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j5b9yr1pst8srtnt0of1ltfwqh|03|biz"; nocase; ) # jy0uhr14tr53v1j8ko48ezi3zj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jy0uhr14tr53v1j8ko48ezi3zj|03|biz"; nocase; ) # 1uvafr118c7b0ldo22m141p6z9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvafr118c7b0ldo22m141p6z9|03|com"; nocase; ) # rtum83y4p9ox16dprspnrc0c4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rtum83y4p9ox16dprspnrc0c4|03|biz"; nocase; ) # zwgfrwuc6e7bwmctqc1lgxh5a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwgfrwuc6e7bwmctqc1lgxh5a|03|com"; nocase; ) # g3pj9bs36nli15x47ra7emjv6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3pj9bs36nli15x47ra7emjv6|03|org"; nocase; ) # xuy8ok1bd77ig1gzmi7y6b3lg2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xuy8ok1bd77ig1gzmi7y6b3lg2|03|com"; nocase; ) # 1n6bpcz1ubfup6ek6apeeagrzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n6bpcz1ubfup6ek6apeeagrzv|03|net"; nocase; ) # yygexv1yszs8h1wg0voz1lx1ttg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yygexv1yszs8h1wg0voz1lx1ttg|03|com"; nocase; ) # s28k1llu6cwe3zflruhtbkza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s28k1llu6cwe3zflruhtbkza|03|net"; nocase; ) # 10la04c1izui0418js4way6omgz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10la04c1izui0418js4way6omgz|03|biz"; nocase; ) # 1seseb6v5hzzh1wyytgh1tse7ro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1seseb6v5hzzh1wyytgh1tse7ro|03|org"; nocase; ) # goljumiuutrx1ozg3efodik5l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|goljumiuutrx1ozg3efodik5l|03|biz"; nocase; ) # wgn0ysx5bixn17plpby109o98x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wgn0ysx5bixn17plpby109o98x|03|org"; nocase; ) # x3al0cdbxen41bpifonildwrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x3al0cdbxen41bpifonildwrn|03|net"; nocase; ) # 1s9hk8l1xtp4yw11mormd2orf0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s9hk8l1xtp4yw11mormd2orf0h|03|org"; nocase; ) # i68qjqap5i1dbu5xli1tbjba3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i68qjqap5i1dbu5xli1tbjba3|03|com"; nocase; ) # ycy9zpl9bb651grz7xn13twot5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycy9zpl9bb651grz7xn13twot5|03|com"; nocase; ) # nv5fz8gfcbed8nek81bj523l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nv5fz8gfcbed8nek81bj523l|03|com"; nocase; ) # 13qvssq1t6s60d826a851w723li.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13qvssq1t6s60d826a851w723li|03|net"; nocase; ) # 1uzsh5m1scrfzz18xj6h71juf55n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uzsh5m1scrfzz18xj6h71juf55n|03|org"; nocase; ) # lf2v36qwblf4kaoiyunqmfc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lf2v36qwblf4kaoiyunqmfc4|03|net"; nocase; ) # fmhom6bum6qz1d3vr3z4a56s2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fmhom6bum6qz1d3vr3z4a56s2|03|net"; nocase; ) # o2o3fi1u1in67czbn6p1l77cl1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o2o3fi1u1in67czbn6p1l77cl1|03|com"; nocase; ) # tdaokvnxnyv61xp16w61pm7nx2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdaokvnxnyv61xp16w61pm7nx2|03|biz"; nocase; ) # 1tuldnjsqfuae1qqpew41cnwsmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tuldnjsqfuae1qqpew41cnwsmu|03|org"; nocase; ) # 1wvsdi81lls8b2y3bsan1tf18dt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wvsdi81lls8b2y3bsan1tf18dt|03|net"; nocase; ) # vlc9rmqiwhdy1dczehf1ffdyy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vlc9rmqiwhdy1dczehf1ffdyy|03|com"; nocase; ) # 1t8omh217ochau1rdsroe1phrmfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t8omh217ochau1rdsroe1phrmfe|03|net"; nocase; ) # 1sg4tkf1vi1oew1tqi1x6184olst.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sg4tkf1vi1oew1tqi1x6184olst|03|org"; nocase; ) # 105rqcdhyxt5z1wd449zftesni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|105rqcdhyxt5z1wd449zftesni|03|net"; nocase; ) # 1uw4lm51jvnywl1i16r2i1o83qiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uw4lm51jvnywl1i16r2i1o83qiq|03|org"; nocase; ) # h5ihrh1xeuc3gkhpkn2u36e0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h5ihrh1xeuc3gkhpkn2u36e0n|03|org"; nocase; ) # 8g8byv129mlpn2nhcxp8qy4hz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8g8byv129mlpn2nhcxp8qy4hz|03|biz"; nocase; ) # 7ukum3bm5fx1opbc2ii50r4x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7ukum3bm5fx1opbc2ii50r4x|03|biz"; nocase; ) # 257mn4eci53l1xjukju1jkwkd2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|257mn4eci53l1xjukju1jkwkd2|03|net"; nocase; ) # 1xqclsp1dja48x69ffpvg3lbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xqclsp1dja48x69ffpvg3lbi|03|org"; nocase; ) # q6i1vjf37ypot9518h199xg5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6i1vjf37ypot9518h199xg5i|03|net"; nocase; ) # 1hdq25i1yjarig1dyyy791vhywu7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hdq25i1yjarig1dyyy791vhywu7|03|biz"; nocase; ) # 17vsqii9hn5vcwolm6i1imlx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17vsqii9hn5vcwolm6i1imlx6|03|biz"; nocase; ) # cq9qu61cuslq85rm12d9ekfxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cq9qu61cuslq85rm12d9ekfxe|03|net"; nocase; ) # 1xtxypw1ffe8p83v6qab1t9c0o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xtxypw1ffe8p83v6qab1t9c0o3|03|net"; nocase; ) # 1ltw1ol1grsxy8iot63b16kczc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ltw1ol1grsxy8iot63b16kczc1|03|com"; nocase; ) # 1jtxxip1hlvda51j7ic7slmj3rx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtxxip1hlvda51j7ic7slmj3rx|03|biz"; nocase; ) # 14spcqere2z8qyev2u39wtoce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14spcqere2z8qyev2u39wtoce|03|net"; nocase; ) # you8h71q88fqz1kassa2gfzcuf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|you8h71q88fqz1kassa2gfzcuf|03|com"; nocase; ) # ywe6yo15g2prt9b62bb15jtrz1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ywe6yo15g2prt9b62bb15jtrz1|03|biz"; nocase; ) # 1bk9cxotueejq1g6aclidpa4c4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bk9cxotueejq1g6aclidpa4c4|03|org"; nocase; ) # s019a110jtiaie34iz3za4o6b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s019a110jtiaie34iz3za4o6b|03|org"; nocase; ) # 1ncokd0153w20x1c0wkk71vwajb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ncokd0153w20x1c0wkk71vwajb2|03|net"; nocase; ) # 1t5x2gwss421b1vdgiry8reqp0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5x2gwss421b1vdgiry8reqp0|03|com"; nocase; ) # egyodk17b23kzkl20c918ysrpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|egyodk17b23kzkl20c918ysrpb|03|org"; nocase; ) # 6m7uvisorhud1h57q021487uzt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6m7uvisorhud1h57q021487uzt|03|net"; nocase; ) # 6vhay41rz3hj016dj40q1ajfmx1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6vhay41rz3hj016dj40q1ajfmx1|03|org"; nocase; ) # zdm90f1ks2k406k9ns5122koln.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zdm90f1ks2k406k9ns5122koln|03|net"; nocase; ) # 44bstvvdqsfv1u87det1dv40oq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|44bstvvdqsfv1u87det1dv40oq|03|biz"; nocase; ) # kclfr51q23v2j13loju51acx1oq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kclfr51q23v2j13loju51acx1oq|03|com"; nocase; ) # 1qdevd8cesfph1illlo91e4du0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdevd8cesfph1illlo91e4du0r|03|net"; nocase; ) # 3v0gox7a2czo13hbj8tq4s00d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3v0gox7a2czo13hbj8tq4s00d|03|net"; nocase; ) # 1v4l41arj89k1ks379f2m9200.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v4l41arj89k1ks379f2m9200|03|org"; nocase; ) # 1thpig0f809amcboyghhx7xax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1thpig0f809amcboyghhx7xax|03|net"; nocase; ) # goyds0wa4h6gp0gkb9a5rujq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|goyds0wa4h6gp0gkb9a5rujq|03|com"; nocase; ) # sgzlkifuhj8t12g3mt81agmdgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sgzlkifuhj8t12g3mt81agmdgt|03|net"; nocase; ) # 14lukye1efurjdlx7la61h5jct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14lukye1efurjdlx7la61h5jct|03|net"; nocase; ) # 1pahwemvhtl862nx7001df7sj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pahwemvhtl862nx7001df7sj0|03|com"; nocase; ) # 1v3u13u6ucu8ogr9oulbk6e6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v3u13u6ucu8ogr9oulbk6e6p|03|net"; nocase; ) # 18cwm6610d2nq4e98ljtvmvbm1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18cwm6610d2nq4e98ljtvmvbm1|03|net"; nocase; ) # 6t6z78117feui2ojie2hdfopz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6t6z78117feui2ojie2hdfopz|03|biz"; nocase; ) # 1elr3mjyeqi6915khodm18gtjt7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elr3mjyeqi6915khodm18gtjt7|03|net"; nocase; ) # 1obrb1h42y7ox166iz061b4ab5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obrb1h42y7ox166iz061b4ab5w|03|com"; nocase; ) # v3j9yi1ttvqpajc933ndjb9h7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v3j9yi1ttvqpajc933ndjb9h7|03|net"; nocase; ) # 1k79eha1espg7q1r8vydcyepnjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k79eha1espg7q1r8vydcyepnjc|03|org"; nocase; ) # p02icm1c3sb2mfgcdjb2z3gh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p02icm1c3sb2mfgcdjb2z3gh4|03|net"; nocase; ) # 5stmak8z9wy614jw2d71pmhqd8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5stmak8z9wy614jw2d71pmhqd8|03|com"; nocase; ) # ya7majmirm8a18z825no301p3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ya7majmirm8a18z825no301p3|03|org"; nocase; ) # 1oy7vediuyvou12lfeze1bk7ixy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oy7vediuyvou12lfeze1bk7ixy|03|com"; nocase; ) # 4ocl691wkzsur3ugzh01ah2zk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ocl691wkzsur3ugzh01ah2zk1|03|net"; nocase; ) # 3vaieflvrv241kpuvrl1a44o54.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3vaieflvrv241kpuvrl1a44o54|03|org"; nocase; ) # 1imtaod1wsm31x17ogua61p4q3f2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1imtaod1wsm31x17ogua61p4q3f2|03|com"; nocase; ) # t4eavgztxy9nu2petqwu14x2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t4eavgztxy9nu2petqwu14x2|03|net"; nocase; ) # 1qbjixu3gfraz128d3k71w2hftp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qbjixu3gfraz128d3k71w2hftp|03|net"; nocase; ) # 1xgvtgid1l13n1ji7m2p1hbcw17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xgvtgid1l13n1ji7m2p1hbcw17|03|com"; nocase; ) # suz8h5iu5avw55sw8y1fa7tg8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|suz8h5iu5avw55sw8y1fa7tg8|03|net"; nocase; ) # 1lj5ogdydholf1gblwt344lltp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lj5ogdydholf1gblwt344lltp|03|com"; nocase; ) # 1bkvbds1ylvuf51jjdgoocw2eh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bkvbds1ylvuf51jjdgoocw2eh6|03|biz"; nocase; ) # 484xzu1j5fq4h1f91mqhappib0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|484xzu1j5fq4h1f91mqhappib0|03|com"; nocase; ) # gffpp0nzbgs91ndu2yy1f58yrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gffpp0nzbgs91ndu2yy1f58yrj|03|net"; nocase; ) # e9b7tvwk8xvq15kgc5d154udb6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e9b7tvwk8xvq15kgc5d154udb6|03|com"; nocase; ) # 1lrq3fm1ptje4mcbc8os1jwo38m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lrq3fm1ptje4mcbc8os1jwo38m|03|net"; nocase; ) # 1yzq4xq13opa8w1khcm4k8ns7iz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yzq4xq13opa8w1khcm4k8ns7iz|03|biz"; nocase; ) # yiha48emq17k16q2qs7yqakz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yiha48emq17k16q2qs7yqakz9|03|com"; nocase; ) # py6gp18yvsg91k6bbh4m9pjte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|py6gp18yvsg91k6bbh4m9pjte|03|com"; nocase; ) # 1b42r3tr3s9hf175b1851mf17fw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b42r3tr3s9hf175b1851mf17fw|03|net"; nocase; ) # 1m6f76z1e4goqo183tgcx9prdhl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m6f76z1e4goqo183tgcx9prdhl|03|org"; nocase; ) # aldff015pw8vcnwxz8ipf8p6a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aldff015pw8vcnwxz8ipf8p6a|03|biz"; nocase; ) # 9cmfy4pewbtagdd7lx1pky7r0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9cmfy4pewbtagdd7lx1pky7r0|03|com"; nocase; ) # 1a2aqrt19hxnju9ofux91xlwusd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a2aqrt19hxnju9ofux91xlwusd|03|net"; nocase; ) # me3xlyk4yok51y1x06b1k9rgl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|me3xlyk4yok51y1x06b1k9rgl0|03|com"; nocase; ) # 1alb1fyo3s1kx2yxxdo12dgkwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alb1fyo3s1kx2yxxdo12dgkwk|03|org"; nocase; ) # 1ly8lcm1lfs8ch1wa6eqm1eaggld.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ly8lcm1lfs8ch1wa6eqm1eaggld|03|biz"; nocase; ) # xq7botz9nsfw1da3imdrx7309.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xq7botz9nsfw1da3imdrx7309|03|biz"; nocase; ) # 107rklp1nxm35anh2q24in3nw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107rklp1nxm35anh2q24in3nw8|03|net"; nocase; ) # zqp1r0cyc1s41s4thpu1wkrayd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zqp1r0cyc1s41s4thpu1wkrayd|03|biz"; nocase; ) # 6dr5wj169dyku7d0cb9y5h8ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6dr5wj169dyku7d0cb9y5h8ty|03|net"; nocase; ) # ytjb5718z4luu1sdhcst1u5een0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ytjb5718z4luu1sdhcst1u5een0|03|com"; nocase; ) # 8f4hts1a44wqenc0qn8b2xs6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8f4hts1a44wqenc0qn8b2xs6g|03|com"; nocase; ) # jy877gl8vdh3uiq5x250uka4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jy877gl8vdh3uiq5x250uka4|03|net"; nocase; ) # 1yijbxza3rkzy1dzekbx1s2y3uo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yijbxza3rkzy1dzekbx1s2y3uo|03|biz"; nocase; ) # 1f7yxh31i53euxozn38n1eo5tes.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f7yxh31i53euxozn38n1eo5tes|03|org"; nocase; ) # 13m8c1z1kv22dty5np621tn9swm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13m8c1z1kv22dty5np621tn9swm|03|com"; nocase; ) # 12e4rzk91hau14wiq9qxjwhca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12e4rzk91hau14wiq9qxjwhca|03|biz"; nocase; ) # ttqg94pqrwxu1kyr1r21uia9em.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ttqg94pqrwxu1kyr1r21uia9em|03|net"; nocase; ) # 1madnqe1we89zu1bem3dlpmta00.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1madnqe1we89zu1bem3dlpmta00|03|com"; nocase; ) # 1a58jga1debxpp1v15bubxewiwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a58jga1debxpp1v15bubxewiwi|03|net"; nocase; ) # m2ph437xic6j1yq3e097v25ft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m2ph437xic6j1yq3e097v25ft|03|net"; nocase; ) # gollnbznym1072xjln1xvrjxt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gollnbznym1072xjln1xvrjxt|03|com"; nocase; ) # 1qo53t69oy4elorwjrzzdlx4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qo53t69oy4elorwjrzzdlx4b|03|net"; nocase; ) # 184gflmz8i70p1edkc1dkox9vt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184gflmz8i70p1edkc1dkox9vt|03|net"; nocase; ) # 1afxkamuoav572ytxx12unjj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1afxkamuoav572ytxx12unjj4|03|org"; nocase; ) # 10yv60a1efabw51f2pmmeu3sotl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10yv60a1efabw51f2pmmeu3sotl|03|com"; nocase; ) # zqtoocxhkpgy5h8r4dj0zkap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zqtoocxhkpgy5h8r4dj0zkap|03|net"; nocase; ) # 1yo4bwi16e7hlx16i9vlk1w4kn8e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yo4bwi16e7hlx16i9vlk1w4kn8e|03|net"; nocase; ) # 1hg8z5h8qnqzz55eb0ecbwv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1hg8z5h8qnqzz55eb0ecbwv3|03|org"; nocase; ) # ftwu022a7qpg11zjgyd111l76z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ftwu022a7qpg11zjgyd111l76z|03|com"; nocase; ) # avbmu11gprtrb1khbntd195naee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|avbmu11gprtrb1khbntd195naee|03|org"; nocase; ) # ruadu112l1lkl1edv9y41etjwg1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ruadu112l1lkl1edv9y41etjwg1|03|net"; nocase; ) # fdxr3szxgj0lhdk4nbck1qxp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fdxr3szxgj0lhdk4nbck1qxp|03|org"; nocase; ) # d6r6901nsbsts1w03o6tty4f8j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d6r6901nsbsts1w03o6tty4f8j|03|org"; nocase; ) # 1vqzsvs17jjoti17sv6s41cq38d3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vqzsvs17jjoti17sv6s41cq38d3|03|net"; nocase; ) # mygqfcb6rtoy136cl6fvf526j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mygqfcb6rtoy136cl6fvf526j|03|net"; nocase; ) # 8k5bzf1noid46r1ptl411nl4cb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8k5bzf1noid46r1ptl411nl4cb|03|com"; nocase; ) # lfgd1xmprh2t1v2ff91k7cdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lfgd1xmprh2t1v2ff91k7cdu|03|net"; nocase; ) # f8gbft12lyz18vfywi71rvwl50.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f8gbft12lyz18vfywi71rvwl50|03|com"; nocase; ) # p5wpv21btx6xd1pe7d1z1r8odeo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p5wpv21btx6xd1pe7d1z1r8odeo|03|org"; nocase; ) # icjsbf82yn57xqaf1qrvqm8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|icjsbf82yn57xqaf1qrvqm8h|03|org"; nocase; ) # c7bar218207mij6282gh1in3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c7bar218207mij6282gh1in3k|03|com"; nocase; ) # 1negwxm2ptbvi1q3m3l3122wlru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1negwxm2ptbvi1q3m3l3122wlru|03|org"; nocase; ) # 4mwymb1y2r2wmxe2dsh6919ph.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4mwymb1y2r2wmxe2dsh6919ph|03|com"; nocase; ) # uvtgtn1vgjk5u175wf1h7quxnq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uvtgtn1vgjk5u175wf1h7quxnq|03|org"; nocase; ) # i2oableroxj3am09af8x3mzm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i2oableroxj3am09af8x3mzm|03|biz"; nocase; ) # vqaplv5xnqlz1lzwom2gclnwt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vqaplv5xnqlz1lzwom2gclnwt|03|net"; nocase; ) # tc3aj41czulm2bs2dz416ffk4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tc3aj41czulm2bs2dz416ffk4f|03|net"; nocase; ) # 1w4kmz1nayeew51gqm71gtmual.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w4kmz1nayeew51gqm71gtmual|03|net"; nocase; ) # 1j9ivdbis6x9n15q44vdlztkh7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9ivdbis6x9n15q44vdlztkh7|03|net"; nocase; ) # 13pvdje1meojphr8fyed1aoh2fn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13pvdje1meojphr8fyed1aoh2fn|03|com"; nocase; ) # 1bhewr15vr1yq9r3xfgmow4o3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bhewr15vr1yq9r3xfgmow4o3|03|org"; nocase; ) # xi7ei11mpkcgc1dcxsfpma3gup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xi7ei11mpkcgc1dcxsfpma3gup|03|org"; nocase; ) # 1rieni7cy5v7xuabgv1a45d4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rieni7cy5v7xuabgv1a45d4i|03|net"; nocase; ) # sew1yn1x1ydsg11tmjp71l390vx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sew1yn1x1ydsg11tmjp71l390vx|03|net"; nocase; ) # m1zmd5fzbh6e135miyweihcpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m1zmd5fzbh6e135miyweihcpi|03|com"; nocase; ) # mix0pxl4rrvind1gqjo2e1ea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mix0pxl4rrvind1gqjo2e1ea|03|biz"; nocase; ) # 181ogui2tmtn17bytg51g2vp0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|181ogui2tmtn17bytg51g2vp0r|03|net"; nocase; ) # 1fr5fc1p3y7mv1h2iskiwk9zmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fr5fc1p3y7mv1h2iskiwk9zmt|03|net"; nocase; ) # 1w1wzvdxmwtujlqbqww1nletux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1wzvdxmwtujlqbqww1nletux|03|org"; nocase; ) # 7ogqxi5gw2xs13cuiew1ng7ate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ogqxi5gw2xs13cuiew1ng7ate|03|com"; nocase; ) # 1ncac4zi03vra6u647ixj07zo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ncac4zi03vra6u647ixj07zo|03|biz"; nocase; ) # 1ruef7m134l69c1307u2ojsmx6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ruef7m134l69c1307u2ojsmx6t|03|net"; nocase; ) # 2ofx7d83md7cp1rj1pn03aqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ofx7d83md7cp1rj1pn03aqr|03|net"; nocase; ) # xsahtu1lht6hu189x5h419k6710.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xsahtu1lht6hu189x5h419k6710|03|net"; nocase; ) # fg98vh1m5ianw17c2mv21wp1bmk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fg98vh1m5ianw17c2mv21wp1bmk|03|biz"; nocase; ) # 1f4oepdh7zakajakokj1f20vy7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f4oepdh7zakajakokj1f20vy7|03|com"; nocase; ) # 14rnkrm3a1xnb3hri9u1lcmvsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14rnkrm3a1xnb3hri9u1lcmvsd|03|net"; nocase; ) # 6e2v1vzol3jxngaqvb1e3c0no.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6e2v1vzol3jxngaqvb1e3c0no|03|org"; nocase; ) # b82j18ehvcp17i7tk71ixnmbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b82j18ehvcp17i7tk71ixnmbo|03|org"; nocase; ) # kfig6618eihkebjinh718ratz4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kfig6618eihkebjinh718ratz4|03|com"; nocase; ) # 1h4pl0s18hd3xp11xjfz6h2zzm2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h4pl0s18hd3xp11xjfz6h2zzm2|03|org"; nocase; ) # qi62ok10ie6v83puezn16tkh0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qi62ok10ie6v83puezn16tkh0f|03|net"; nocase; ) # bcg2xi1dibdxf1wwxj4h1j54r1d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bcg2xi1dibdxf1wwxj4h1j54r1d|03|biz"; nocase; ) # 1s584bwzrx5gxf9qmltnnopgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s584bwzrx5gxf9qmltnnopgg|03|biz"; nocase; ) # qu9gv98wotw610pktom11slx34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qu9gv98wotw610pktom11slx34|03|net"; nocase; ) # 2sudvj1m18o3r1q77alnx9mkxa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2sudvj1m18o3r1q77alnx9mkxa|03|net"; nocase; ) # 19s068ecmgzc9w8clxf1sjcmyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19s068ecmgzc9w8clxf1sjcmyg|03|biz"; nocase; ) # n0k1ud196e0qj19sh0pvrmq71s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n0k1ud196e0qj19sh0pvrmq71s|03|org"; nocase; ) # 104lselob4ps61yxbh4qq0qh4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|104lselob4ps61yxbh4qq0qh4t|03|com"; nocase; ) # r2gr9q1mqivnnq4y81r1iw0ent.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r2gr9q1mqivnnq4y81r1iw0ent|03|org"; nocase; ) # ylqbk6x3yp8p13d345t1elcif6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ylqbk6x3yp8p13d345t1elcif6|03|com"; nocase; ) # qvggtqmjj5ck1q7duahpac9g7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qvggtqmjj5ck1q7duahpac9g7|03|biz"; nocase; ) # 1dx08s61gyu1ej1fegsqnbxeqna.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dx08s61gyu1ej1fegsqnbxeqna|03|net"; nocase; ) # tvw58wpk9k1ttaulw313x18nu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tvw58wpk9k1ttaulw313x18nu|03|org"; nocase; ) # amco0h1hy9vlznjc1aw1mdif64.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|amco0h1hy9vlznjc1aw1mdif64|03|biz"; nocase; ) # 14hfi2ffvcgkr1q8xiktvf438y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14hfi2ffvcgkr1q8xiktvf438y|03|com"; nocase; ) # sapwqflylsfue7qi9r3225i8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sapwqflylsfue7qi9r3225i8|03|net"; nocase; ) # nehydn1a5ofwn1pdazzupkqp4d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nehydn1a5ofwn1pdazzupkqp4d|03|org"; nocase; ) # 3jivqj1lypmsx1q5vpsk1k9yqxu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3jivqj1lypmsx1q5vpsk1k9yqxu|03|net"; nocase; ) # szg0fd31mrm31iqghgpojmyli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|szg0fd31mrm31iqghgpojmyli|03|com"; nocase; ) # 17bldxp1dyezvixuj3ax5a4gpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17bldxp1dyezvixuj3ax5a4gpe|03|biz"; nocase; ) # 1qex6rc1ikzvfz1b5d9lamy1g3a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qex6rc1ikzvfz1b5d9lamy1g3a|03|org"; nocase; ) # 1ei5301nvf84l9u9be72ikqd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ei5301nvf84l9u9be72ikqd9|03|net"; nocase; ) # u2z3rw1k6xxoozdiagv17okcx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2z3rw1k6xxoozdiagv17okcx4|03|com"; nocase; ) # 1ffd7471mjc2u0o0f1lm1m4z30b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ffd7471mjc2u0o0f1lm1m4z30b|03|net"; nocase; ) # 1bmtkk0168q5lr3sw0ys109fctb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bmtkk0168q5lr3sw0ys109fctb|03|com"; nocase; ) # 1icgbi1sc6cw1p2702z1jksrz4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1icgbi1sc6cw1p2702z1jksrz4|03|org"; nocase; ) # 1oagkqz1l1cx8u16txbg5plgdat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oagkqz1l1cx8u16txbg5plgdat|03|com"; nocase; ) # ast3a81nc05ej7czfog3qk7jk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ast3a81nc05ej7czfog3qk7jk|03|net"; nocase; ) # 1wa4kpz8vsp2m1p7p3eiebwju2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wa4kpz8vsp2m1p7p3eiebwju2|03|org"; nocase; ) # jqfotz150phum1oy4wa9156tmhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jqfotz150phum1oy4wa9156tmhb|03|com"; nocase; ) # 1lmv7or1p95uev1q0f58wrrckpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lmv7or1p95uev1q0f58wrrckpa|03|org"; nocase; ) # mvl0ezviab7q1ni4qy0o891ax.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mvl0ezviab7q1ni4qy0o891ax|03|org"; nocase; ) # 9asq0y1kb0g0xejij41tpu3l5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9asq0y1kb0g0xejij41tpu3l5|03|net"; nocase; ) # 1d56pjq1poml4h1ydoextcs98kb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d56pjq1poml4h1ydoextcs98kb|03|com"; nocase; ) # 1d11a5g18gjmfs1xkyw4c12w4ojt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d11a5g18gjmfs1xkyw4c12w4ojt|03|net"; nocase; ) # 1twrl9h1hv0us21spbrmcf1acvk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twrl9h1hv0us21spbrmcf1acvk|03|biz"; nocase; ) # 1wk1v0rmy1ynsmo0rr71qi7pbt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wk1v0rmy1ynsmo0rr71qi7pbt|03|biz"; nocase; ) # 1q1evbe1i1lj1p1j8yjvk16jlcj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q1evbe1i1lj1p1j8yjvk16jlcj8|03|com"; nocase; ) # 5dni5z17bds9f1uvuvqq1x892qx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5dni5z17bds9f1uvuvqq1x892qx|03|biz"; nocase; ) # 1u2pvdg1sm682nnfyd7q17kswzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u2pvdg1sm682nnfyd7q17kswzu|03|com"; nocase; ) # tbut441gcjqtj7dmj7t100j4jd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbut441gcjqtj7dmj7t100j4jd|03|net"; nocase; ) # lvd11j20omcsl86fwu9jbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|lvd11j20omcsl86fwu9jbi|03|com"; nocase; ) # b9zmlo1pkgbca1v7zeez190sxb7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b9zmlo1pkgbca1v7zeez190sxb7|03|com"; nocase; ) # w1j8jb1wbb8pxw4mta118vjfy8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w1j8jb1wbb8pxw4mta118vjfy8|03|org"; nocase; ) # 1s96ai1xjpidm1xbgl00yu4yz2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s96ai1xjpidm1xbgl00yu4yz2|03|net"; nocase; ) # ek1aob1t3y6841p0hqiu1j24d34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ek1aob1t3y6841p0hqiu1j24d34|03|com"; nocase; ) # 1ye2shm1exr4b5hlek6pdvtem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ye2shm1exr4b5hlek6pdvtem|03|net"; nocase; ) # qj1ciui9ksbymjj2m31053adk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qj1ciui9ksbymjj2m31053adk|03|biz"; nocase; ) # vob9cd1cqxzqhvc728c4q881h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vob9cd1cqxzqhvc728c4q881h|03|org"; nocase; ) # 16kpmz51vvws011ueq4s81thrisa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16kpmz51vvws011ueq4s81thrisa|03|biz"; nocase; ) # pw6ksy1nynzwz109k6g8nu9yjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pw6ksy1nynzwz109k6g8nu9yjd|03|com"; nocase; ) # 1tl2ntnbkurhxtjadw21i5ti5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tl2ntnbkurhxtjadw21i5ti5g|03|org"; nocase; ) # 168ps0m2c9o48g0gsuw1dvr00.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|168ps0m2c9o48g0gsuw1dvr00|03|com"; nocase; ) # r3iokj16fw6g33tp14kz5ncg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r3iokj16fw6g33tp14kz5ncg|03|com"; nocase; ) # 1wn24mq74c50c1sgk0v6jb6veo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wn24mq74c50c1sgk0v6jb6veo|03|com"; nocase; ) # tt5ij91rw3c4e13epp4y19cz9kl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tt5ij91rw3c4e13epp4y19cz9kl|03|com"; nocase; ) # tqwhuy5i98upvimmrv1lulwwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tqwhuy5i98upvimmrv1lulwwq|03|com"; nocase; ) # 1wwyc5u1ribcpl1obejab69nfu0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wwyc5u1ribcpl1obejab69nfu0|03|biz"; nocase; ) # 1c1vzmg1oi2xps13d24pfuy5gs6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c1vzmg1oi2xps13d24pfuy5gs6|03|com"; nocase; ) # oway0imy3ss1tnz5ni1usjyhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oway0imy3ss1tnz5ni1usjyhw|03|net"; nocase; ) # 1lmm5u1srnvaa1yhslhl1hu65tt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lmm5u1srnvaa1yhslhl1hu65tt|03|biz"; nocase; ) # 18oy2mlix634t1gpga111qma6go.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18oy2mlix634t1gpga111qma6go|03|biz"; nocase; ) # i5drzisqcbmk15pkev11vwx39.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i5drzisqcbmk15pkev11vwx39|03|org"; nocase; ) # h2m5s71s3s85hv0lksb1lsh56y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2m5s71s3s85hv0lksb1lsh56y|03|net"; nocase; ) # tcha62nu1ud01k6oopq4heo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tcha62nu1ud01k6oopq4heo4|03|net"; nocase; ) # k919r71mc8845zjdfoh1neg5m6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k919r71mc8845zjdfoh1neg5m6|03|com"; nocase; ) # hzte8ghltkz01t902mwqp2brz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hzte8ghltkz01t902mwqp2brz|03|net"; nocase; ) # kwwoeh7w0e4z1sbdmix1oi1dfh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kwwoeh7w0e4z1sbdmix1oi1dfh|03|biz"; nocase; ) # 1wty8ke1ga8p7hy2fgs21436d6z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wty8ke1ga8p7hy2fgs21436d6z|03|org"; nocase; ) # 164rwk03onya911rqmjlvp3aaf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|164rwk03onya911rqmjlvp3aaf|03|net"; nocase; ) # 1o2zpyzk4e8wdj99esh4hajxe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o2zpyzk4e8wdj99esh4hajxe|03|biz"; nocase; ) # zs10tyno02uq5ya7qeqfreig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zs10tyno02uq5ya7qeqfreig|03|com"; nocase; ) # 1wwrdz7t95jhv2ahq0sf5nakf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wwrdz7t95jhv2ahq0sf5nakf|03|net"; nocase; ) # 6utnny1dpibts19ti01r17i4smv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6utnny1dpibts19ti01r17i4smv|03|net"; nocase; ) # 1xsatf5186pf89bbf2za6ngk6t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xsatf5186pf89bbf2za6ngk6t|03|com"; nocase; ) # 1srybv6f04hp0pofoftydmgix.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1srybv6f04hp0pofoftydmgix|03|biz"; nocase; ) # d3672ofxnz2t98ha7f1035niv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d3672ofxnz2t98ha7f1035niv|03|org"; nocase; ) # hv3q3f1tpd8v1dtxwvx6jhj5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hv3q3f1tpd8v1dtxwvx6jhj5b|03|com"; nocase; ) # 1qcduwe1i5sx11ep3hn4147iy28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qcduwe1i5sx11ep3hn4147iy28|03|org"; nocase; ) # vt8v87r4o0mmtevof61qgbnk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vt8v87r4o0mmtevof61qgbnk2|03|net"; nocase; ) # n7ppx819rri4b6b7xkma02ppy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7ppx819rri4b6b7xkma02ppy|03|org"; nocase; ) # 1kjfixz1wutk2z1on0yuz1tvckn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kjfixz1wutk2z1on0yuz1tvckn|03|com"; nocase; ) # 1sx05qlldnnnsmdmq0iqtv5c7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sx05qlldnnnsmdmq0iqtv5c7|03|net"; nocase; ) # 1cdn57gajnu8ds8ppw11ac8it2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cdn57gajnu8ds8ppw11ac8it2|03|net"; nocase; ) # 1lft57e3is79k18zup5ycb0dc9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lft57e3is79k18zup5ycb0dc9|03|org"; nocase; ) # 1gzhiplkfzsy5g6cbjhlnu07n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gzhiplkfzsy5g6cbjhlnu07n|03|org"; nocase; ) # 1cm7z974oyzyf11ik52ggs5yfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cm7z974oyzyf11ik52ggs5yfc|03|com"; nocase; ) # 1o1831f5ouf3b1ixybqq1w8toa9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o1831f5ouf3b1ixybqq1w8toa9|03|org"; nocase; ) # fy4r3t8rz0hk2z6muc1ikdh0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fy4r3t8rz0hk2z6muc1ikdh0x|03|com"; nocase; ) # kow6al16bh0gz19p9tqjc35bjo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kow6al16bh0gz19p9tqjc35bjo|03|net"; nocase; ) # 1aawxc01tgzi92181x6rd184igyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aawxc01tgzi92181x6rd184igyd|03|org"; nocase; ) # qknb97u517hiwi0c481pru24f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qknb97u517hiwi0c481pru24f|03|com"; nocase; ) # sqmnoe1uis8wxb6xvohmjl2ev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sqmnoe1uis8wxb6xvohmjl2ev|03|biz"; nocase; ) # 1abgp96c1gtsga9pqx6tesisy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1abgp96c1gtsga9pqx6tesisy|03|net"; nocase; ) # 1q0v2zy1q29hq7r337nh1kzz94q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q0v2zy1q29hq7r337nh1kzz94q|03|org"; nocase; ) # vyhqsu1vnfj9w1ugmst881xdbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vyhqsu1vnfj9w1ugmst881xdbz|03|net"; nocase; ) # 1bqv32s15rvhux1013z071v85urd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bqv32s15rvhux1013z071v85urd|03|org"; nocase; ) # c19idr1nwu2gjhm9xis10bhqwi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c19idr1nwu2gjhm9xis10bhqwi|03|biz"; nocase; ) # g2aiqe17iogjs17uq48u15z9uyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g2aiqe17iogjs17uq48u15z9uyx|03|net"; nocase; ) # 13kvhws1lu1f861s2mbbk1jv05ld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13kvhws1lu1f861s2mbbk1jv05ld|03|com"; nocase; ) # 1nq8iy51huuivfwy80tw1cqz3fk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nq8iy51huuivfwy80tw1cqz3fk|03|net"; nocase; ) # x62u03a2qgi81ewoiw6zlx4k9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x62u03a2qgi81ewoiw6zlx4k9|03|net"; nocase; ) # thajp91cysrow4jcs7hxq7aho.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thajp91cysrow4jcs7hxq7aho|03|org"; nocase; ) # e99c19d2ew9own3tje1s0lufl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e99c19d2ew9own3tje1s0lufl|03|net"; nocase; ) # 1kzdacb1r03e0eswd17sm89nmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kzdacb1r03e0eswd17sm89nmx|03|org"; nocase; ) # frtnxv178d2ro10t69ri1he9ndo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|frtnxv178d2ro10t69ri1he9ndo|03|net"; nocase; ) # bq4nq16nk7xz1elf4s71izvieu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bq4nq16nk7xz1elf4s71izvieu|03|net"; nocase; ) # 18amw4gfx9xut1bz0nwm1thh8sd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18amw4gfx9xut1bz0nwm1thh8sd|03|org"; nocase; ) # 1osvq495ywknxxg5tbo1fysa5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osvq495ywknxxg5tbo1fysa5c|03|net"; nocase; ) # 12bl5i1tjco5e1ffs6gx59bu44.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12bl5i1tjco5e1ffs6gx59bu44|03|biz"; nocase; ) # 1rtnvhtucbnv8wiuqb9810bie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rtnvhtucbnv8wiuqb9810bie|03|org"; nocase; ) # vgowjm13igvmx18n40bk16vlqkg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vgowjm13igvmx18n40bk16vlqkg|03|biz"; nocase; ) # 1a1nl5nvicgc1yz2mfa12i3l8a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a1nl5nvicgc1yz2mfa12i3l8a|03|net"; nocase; ) # nfgpgc5cwquw6cpmfa22qf6k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nfgpgc5cwquw6cpmfa22qf6k|03|org"; nocase; ) # brq1h71o3tp4i1edxmt71r03sp0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|brq1h71o3tp4i1edxmt71r03sp0|03|net"; nocase; ) # 137yjcm1p8q449oeil1q10pmw7o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137yjcm1p8q449oeil1q10pmw7o|03|biz"; nocase; ) # 1pj8zdy1ltg7yt1szom3vr7lsvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pj8zdy1ltg7yt1szom3vr7lsvw|03|org"; nocase; ) # 13ig4h91bhvi541uukdcw11nul3h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13ig4h91bhvi541uukdcw11nul3h|03|biz"; nocase; ) # 2msltu1njbb8i1if1lmt1kjyvoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2msltu1njbb8i1if1lmt1kjyvoj|03|org"; nocase; ) # 1en6hsk5yszky17pe6ich68zw1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1en6hsk5yszky17pe6ich68zw1|03|net"; nocase; ) # uixjnv1rwaa511bzio0kkj7dt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uixjnv1rwaa511bzio0kkj7dt|03|org"; nocase; ) # 1550srx1ynmpz1cmyc6p1ch4duw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1550srx1ynmpz1cmyc6p1ch4duw|03|net"; nocase; ) # 14buspiyl9obi19lp2ixt8tdkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14buspiyl9obi19lp2ixt8tdkl|03|org"; nocase; ) # m6omjc14fci914b1gzowr31fq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6omjc14fci914b1gzowr31fq|03|net"; nocase; ) # 11m5xrq1piissx1omowhhm0vouk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11m5xrq1piissx1omowhhm0vouk|03|org"; nocase; ) # 1r9yna51f1190ji9eul610ga63t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9yna51f1190ji9eul610ga63t|03|net"; nocase; ) # 1ghy42w14qe4dk1mybq3l5uup0y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghy42w14qe4dk1mybq3l5uup0y|03|org"; nocase; ) # m179vpx88xbphud0cdlgjdgh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m179vpx88xbphud0cdlgjdgh|03|org"; nocase; ) # hn9ycm1t33ln812vi7tu15jvmiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hn9ycm1t33ln812vi7tu15jvmiz|03|com"; nocase; ) # 1l9dqmy6k90gkb1ge3cqev7sf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l9dqmy6k90gkb1ge3cqev7sf|03|biz"; nocase; ) # vxg1y5522xrv169s0nf1fb8hgf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vxg1y5522xrv169s0nf1fb8hgf|03|org"; nocase; ) # 17jtoqh1wtf0qo1nkrdy8cu5bgk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17jtoqh1wtf0qo1nkrdy8cu5bgk|03|net"; nocase; ) # zp6gfr186ntx41k3gz72vxb0bz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zp6gfr186ntx41k3gz72vxb0bz|03|org"; nocase; ) # 6eyvda1mecfdj1a54nuahba399.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6eyvda1mecfdj1a54nuahba399|03|net"; nocase; ) # q2j6fj610ay11psm81lprve0r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2j6fj610ay11psm81lprve0r|03|org"; nocase; ) # id7mtkvrb8xdzux8s1136j4jl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|id7mtkvrb8xdzux8s1136j4jl|03|org"; nocase; ) # k4849n1on7qtrj5pqu6mzg26t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k4849n1on7qtrj5pqu6mzg26t|03|biz"; nocase; ) # euoduacqmuolslry.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005543; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|euoduacqmuolslry|02|eu"; nocase; ) # xbinfbgqjmhjfwfg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005544; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xbinfbgqjmhjfwfg|02|eu"; nocase; ) # rffphfjnuxsrhwry.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005545; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rffphfjnuxsrhwry|02|eu"; nocase; ) # rmxxfsvrfmhhnpmy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005546; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rmxxfsvrfmhhnpmy|02|eu"; nocase; ) # rehyiwugruohjkgx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005547; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rehyiwugruohjkgx|02|eu"; nocase; ) # lcjvximsiiqlerwf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005548; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lcjvximsiiqlerwf|02|eu"; nocase; ) # lquauwyoqxspppyr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005549; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lquauwyoqxspppyr|02|eu"; nocase; ) # lxnvskygomhfvitr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005550; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lxnvskygomhfvitr|02|eu"; nocase; ) # lmmnpylpwcwjhtve.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005551; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lmmnpylpwcwjhtve|02|eu"; nocase; ) # fcxxuocqalgblvgx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005552; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fcxxuocqalgblvgx|02|eu"; nocase; ) # ywpmcegassbdjfjr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005553; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ywpmcegassbdjfjr|02|eu"; nocase; ) # yvrvdvrscpwfxfkd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005554; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yvrvdvrscpwfxfkd|02|eu"; nocase; ) # swecmkvkwiqfdjsw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005555; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|swecmkvkwiqfdjsw|02|eu"; nocase; ) # ssvchmildauyhapj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005556; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ssvchmildauyhapj|02|eu"; nocase; ) # shutqnuhlpwdglrv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005557; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|shutqnuhlpwdglrv|02|eu"; nocase; ) # mtiidbmdxsbymqkd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005558; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mtiidbmdxsbymqkd|02|eu"; nocase; ) # mboeooyhihpbsjfd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005559; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mboeooyhihpbsjfd|02|eu"; nocase; ) # mskresxvhpwboeyo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005560; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mskresxvhpwboeyo|02|eu"; nocase; ) # gflgqscrtsbwujrv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005561; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gflgqscrtsbwujrv|02|eu"; nocase; ) # gtwkahcbpvqbtuti.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005562; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gtwkahcbpvqbtuti|02|eu"; nocase; ) # ajiiswfofraskwec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005563; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ajiiswfofraskwec|02|eu"; nocase; ) # tlgsxmvcinjwbyoi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005564; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tlgsxmvcinjwbyoi|02|eu"; nocase; ) # tafkubvlqdybakei.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005565; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tafkubvlqdybakei|02|eu"; nocase; ) # toqoepiuysbsligu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005566; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|toqoepiuysbsligu|02|eu"; nocase; ) # tkicmruifkfmdmdh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005567; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tkicmruifkfmdmdh|02|eu"; nocase; ) # ba0161fe8250a670d6f52a595da9d46e00.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ba0161fe8250a670d6f52a595da9d46e00|02|ws"; nocase; ) # kdd149ec8a699553241b549ac909d197f4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kdd149ec8a699553241b549ac909d197f4|02|to"; nocase; ) # q2083035064acd532401e2fa24e770aba8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2083035064acd532401e2fa24e770aba8|02|cc"; nocase; ) # u978e666650975afe1bd02da86a2aa5d92.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u978e666650975afe1bd02da86a2aa5d92|02|hk"; nocase; ) # wd7ec76f158ce6af67c2400133971ab9a5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd7ec76f158ce6af67c2400133971ab9a5|02|tk"; nocase; ) # y8fadfb65368f0e711e2f66682a07447b7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8fadfb65368f0e711e2f66682a07447b7|02|cc"; nocase; ) # w513e335031c06dab2d745c2f900b85fb9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w513e335031c06dab2d745c2f900b85fb9|02|cc"; nocase; ) # zb4b1dbde058ee699329a3074b09e22252.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zb4b1dbde058ee699329a3074b09e22252|02|in"; nocase; ) # g1fb9fcca60301b2f97723361a8bfc3524.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g1fb9fcca60301b2f97723361a8bfc3524|02|to"; nocase; ) # j8ff8d524da5311429797e3361fc0d41f1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j8ff8d524da5311429797e3361fc0d41f1|02|cn"; nocase; ) # p3ab324865e8624b7b03213c53821dc7ab.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p3ab324865e8624b7b03213c53821dc7ab|02|in"; nocase; ) # x4489234bbf6d105d647f1b95cc79b2054.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4489234bbf6d105d647f1b95cc79b2054|02|in"; nocase; ) # y06376faf91be3e952d40c1f69d5949efd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y06376faf91be3e952d40c1f69d5949efd|02|hk"; nocase; ) # a7da5679ed25e7a4728b08336ec8bf34fc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a7da5679ed25e7a4728b08336ec8bf34fc|02|tk"; nocase; ) # ead347d95c441d403bbd705535f4569452.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ead347d95c441d403bbd705535f4569452|02|to"; nocase; ) # g551608d797fa75377a812ea0dabdcb910.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g551608d797fa75377a812ea0dabdcb910|02|hk"; nocase; ) # vdf2e8868144ee2a7ef09722b2dac89ed5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vdf2e8868144ee2a7ef09722b2dac89ed5|02|in"; nocase; ) # b5b1dfc8fde843b675b959293dc5637fdc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5b1dfc8fde843b675b959293dc5637fdc|02|ws"; nocase; ) # cc21e6e57bfbcbfbe4cb4c7ef6d7b5beaf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc21e6e57bfbcbfbe4cb4c7ef6d7b5beaf|02|to"; nocase; ) # d59568fe38e765cf2cdf45a77d5e36310c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d59568fe38e765cf2cdf45a77d5e36310c|02|in"; nocase; ) # f7b5ef66d7050601a73f488b57f2adce2f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7b5ef66d7050601a73f488b57f2adce2f|02|cn"; nocase; ) # md00cf64fb3f3a832da2f6eb32711eef7b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md00cf64fb3f3a832da2f6eb32711eef7b|02|hk"; nocase; ) # z2b205c4ed837be9590070fd26eecfb395.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z2b205c4ed837be9590070fd26eecfb395|02|ws"; nocase; ) # e7b95194188806eb50808b98e399b95506.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e7b95194188806eb50808b98e399b95506|02|tk"; nocase; ) # f9afee158e38095f58fc77c23b93e8ec70.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9afee158e38095f58fc77c23b93e8ec70|02|so"; nocase; ) # hc65ddde88ff308c76840fd797527dced9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc65ddde88ff308c76840fd797527dced9|02|ws"; nocase; ) # pd639bc6f7d404d57c4c4c5aabf27cc76e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd639bc6f7d404d57c4c4c5aabf27cc76e|02|ws"; nocase; ) # r38c01fea90bf1af002187545cdfb08b20.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r38c01fea90bf1af002187545cdfb08b20|02|in"; nocase; ) # h565ac7127c8e255c427ea5b0df845cdd5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h565ac7127c8e255c427ea5b0df845cdd5|02|in"; nocase; ) # l1d08fd9ae44438445f6dd33987ba71d0f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1d08fd9ae44438445f6dd33987ba71d0f|02|so"; nocase; ) # p09fb6460d48a40268166d7d99c6da6885.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p09fb6460d48a40268166d7d99c6da6885|02|in"; nocase; ) # x9db2766f1ba6aab95e31d41eb4855786e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9db2766f1ba6aab95e31d41eb4855786e|02|in"; nocase; ) # z75d20331599748b803069fb6da0666b30.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z75d20331599748b803069fb6da0666b30|02|cn"; nocase; ) # c61f0a568f73c2f61261a56e61ed4e0d1b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c61f0a568f73c2f61261a56e61ed4e0d1b|02|cc"; nocase; ) # k70797f59379319b6db49a9ac76626f4dd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k70797f59379319b6db49a9ac76626f4dd|02|cc"; nocase; ) # q597af75fa9c3d663a6a2e8cd0946afae5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q597af75fa9c3d663a6a2e8cd0946afae5|02|tk"; nocase; ) # t22d073125934166ce0313ad344c756139.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t22d073125934166ce0313ad344c756139|02|ws"; nocase; ) # vb388bcc5e17e2490464f8b3166a09fb14.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vb388bcc5e17e2490464f8b3166a09fb14|02|in"; nocase; ) # x23ef840e5dad49f311c9063788fa3388b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x23ef840e5dad49f311c9063788fa3388b|02|cn"; nocase; ) # g7d1425dfdd2a3ed734cbab5f682f0eaa7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g7d1425dfdd2a3ed734cbab5f682f0eaa7|02|tk"; nocase; ) # ie0b7164629416d79e713d919f10738af9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005608; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ie0b7164629416d79e713d919f10738af9|02|cc"; nocase; ) # tc13ef657e51bdcece8a5b339b5c97ffc3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005609; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc13ef657e51bdcece8a5b339b5c97ffc3|02|in"; nocase; ) # y32829070510d5d09010b63986ab52e74d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005610; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y32829070510d5d09010b63986ab52e74d|02|cc"; nocase; ) # b7473763377a082cd858953cf2e69d8971.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005611; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7473763377a082cd858953cf2e69d8971|02|in"; nocase; ) # c79cd38c8a8b92448ecd4a39a08d14fb33.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005612; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c79cd38c8a8b92448ecd4a39a08d14fb33|02|hk"; nocase; ) # i3a2942c040dae4ab18d6c3f7e9b41dc31.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005613; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3a2942c040dae4ab18d6c3f7e9b41dc31|02|to"; nocase; ) # tf645c11462062e607ebf0ae6573904d80.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005614; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf645c11462062e607ebf0ae6573904d80|02|cn"; nocase; ) # u31d4a1593c14c719465f4e45fc313fb12.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005615; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u31d4a1593c14c719465f4e45fc313fb12|02|tk"; nocase; ) # x91b01f2aabfbdf04caa84179934c519d4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005616; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x91b01f2aabfbdf04caa84179934c519d4|02|ws"; nocase; ) # a96a0e9ff4ecb473f664a49ca600b7fde9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005617; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a96a0e9ff4ecb473f664a49ca600b7fde9|02|hk"; nocase; ) # e0100a332e7305b2dfd0bb8fc820fd838f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005618; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0100a332e7305b2dfd0bb8fc820fd838f|02|cc"; nocase; ) # hfda5c113f4dcdeedf2c2f77ae0cfdcd04.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005619; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hfda5c113f4dcdeedf2c2f77ae0cfdcd04|02|in"; nocase; ) # jf500362a6d9f6232098280ca1f87074c5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005620; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jf500362a6d9f6232098280ca1f87074c5|02|cn"; nocase; ) # m5105247c321d3e6c2aec9cd5f51e3542d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005621; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5105247c321d3e6c2aec9cd5f51e3542d|02|cc"; nocase; ) # s63bafb1cd8a4e0c6265aff66096a61dcb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005622; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s63bafb1cd8a4e0c6265aff66096a61dcb|02|tk"; nocase; ) # w1131189933a560c66d42df80c6b11ff99.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005623; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1131189933a560c66d42df80c6b11ff99|02|to"; nocase; ) # a75ee7a92804b7bd7823b7765fefa2fbcc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005624; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a75ee7a92804b7bd7823b7765fefa2fbcc|02|tk"; nocase; ) # f1ab6daec7e0de7f3d2c35549ab5019ba5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005625; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1ab6daec7e0de7f3d2c35549ab5019ba5|02|in"; nocase; ) # n7a666c1ff2d4f965898b856b962f97dc6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005626; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7a666c1ff2d4f965898b856b962f97dc6|02|in"; nocase; ) # peb758553d49131b333b28955d8a175bdb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005627; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|peb758553d49131b333b28955d8a175bdb|02|cn"; nocase; ) # u2e7cef14af065ec338d8a87fdffeacd4c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005628; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2e7cef14af065ec338d8a87fdffeacd4c|02|to"; nocase; ) # l5e81f9a789c4ae326f89cedc1a0429c67.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005629; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l5e81f9a789c4ae326f89cedc1a0429c67|02|in"; nocase; ) # o42b454e68fdef1054679107f7c8fb38d8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005630; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o42b454e68fdef1054679107f7c8fb38d8|02|tk"; nocase; ) # w2ee821e9b87ce8ef9524bb0dcd73706f7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005631; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w2ee821e9b87ce8ef9524bb0dcd73706f7|02|tk"; nocase; ) # d4c9ea71c7960bd8da60e03cc3f1b9c6d0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005632; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d4c9ea71c7960bd8da60e03cc3f1b9c6d0|02|cn"; nocase; ) # n53636b0b2dcf6068a6bb4e5c1d1200f77.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005633; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n53636b0b2dcf6068a6bb4e5c1d1200f77|02|so"; nocase; ) # q953fe098bad5c820ae42af43c7a091ffe.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005634; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q953fe098bad5c820ae42af43c7a091ffe|02|to"; nocase; ) # ud08cf3b9250736d9bdc3670d1e123b03e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005635; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ud08cf3b9250736d9bdc3670d1e123b03e|02|tk"; nocase; ) # c3c58848bf650d6abdbe59b36928fa8438.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005636; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3c58848bf650d6abdbe59b36928fa8438|02|tk"; nocase; ) # j80f81d3ef371094b3b5d5a0dfdf3f6f90.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005637; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j80f81d3ef371094b3b5d5a0dfdf3f6f90|02|cn"; nocase; ) # k14afe4cc371c1a57fd852bb521991c358.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005638; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k14afe4cc371c1a57fd852bb521991c358|02|tk"; nocase; ) # z02fae87e8827831ca6c2d2d074aa5a269.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005639; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z02fae87e8827831ca6c2d2d074aa5a269|02|cn"; nocase; ) # h3a2748940631f2375067e00c0674c900d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005640; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3a2748940631f2375067e00c0674c900d|02|cn"; nocase; ) # je6b643b916b557a1639c79c3149a53859.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|je6b643b916b557a1639c79c3149a53859|02|so"; nocase; ) # qf8da91ae4f298cd3517c8a8053dd5777f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf8da91ae4f298cd3517c8a8053dd5777f|02|tk"; nocase; ) # r901472cbcfac4c631f218e03904e930db.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r901472cbcfac4c631f218e03904e930db|02|so"; nocase; ) # tc2bc96aee15ee058e35501b8ac678c176.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc2bc96aee15ee058e35501b8ac678c176|02|ws"; nocase; ) # w93d4ac10d2a5dc51095d3a10e24899476.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w93d4ac10d2a5dc51095d3a10e24899476|02|hk"; nocase; ) # k93aba7efe0d383d66a401261327d4eec7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k93aba7efe0d383d66a401261327d4eec7|02|to"; nocase; ) # l3192c382185f0ecf6266d58656051e396.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l3192c382185f0ecf6266d58656051e396|02|in"; nocase; ) # p5c0840b3e26e65daf7594944f6cd2a8f1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5c0840b3e26e65daf7594944f6cd2a8f1|02|so"; nocase; ) # q250448fb1b9c40328a9e51d570dc18997.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q250448fb1b9c40328a9e51d570dc18997|02|cc"; nocase; ) # iccc125448cb6f84fa951c45850054717c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iccc125448cb6f84fa951c45850054717c|02|to"; nocase; ) # nb04a7d69c3bbfff8ddc01e52794541b07.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb04a7d69c3bbfff8ddc01e52794541b07|02|so"; nocase; ) # oe6dfb01aa17428150095171b84be3ddc6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe6dfb01aa17428150095171b84be3ddc6|02|cc"; nocase; ) # t41754ba8b18254a0263c65feeb9e08f2e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t41754ba8b18254a0263c65feeb9e08f2e|02|cn"; nocase; ) # udf3ca444294e839a69933a862fed3152f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|udf3ca444294e839a69933a862fed3152f|02|tk"; nocase; ) # x5ffa05ad415a1f8dd23277f38a28d0849.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x5ffa05ad415a1f8dd23277f38a28d0849|02|ws"; nocase; ) # b2c468f23da608063694a42d9c301950b8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b2c468f23da608063694a42d9c301950b8|02|cn"; nocase; ) # g9c41c5ca3fe0345df236390e48a1cf0aa.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g9c41c5ca3fe0345df236390e48a1cf0aa|02|to"; nocase; ) # q482ed81d6d678fb7f27045abba6dc1e9e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q482ed81d6d678fb7f27045abba6dc1e9e|02|hk"; nocase; ) # w472c01f1ac69753678e0f21b2e31b1200.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w472c01f1ac69753678e0f21b2e31b1200|02|to"; nocase; ) # z0857d262dd6dee2f87302aa13394e9659.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z0857d262dd6dee2f87302aa13394e9659|02|cn"; nocase; ) # h46dbc3d98c94214664ffad27abb3cdcbb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h46dbc3d98c94214664ffad27abb3cdcbb|02|cn"; nocase; ) # q1033bed09d45cc1c74cab9a711734d5ea.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1033bed09d45cc1c74cab9a711734d5ea|02|tk"; nocase; ) # ud83f562f48b9b945922883758c856d508.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ud83f562f48b9b945922883758c856d508|02|to"; nocase; ) # va31f302796c5a5fcf9593b2289ed741a2.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va31f302796c5a5fcf9593b2289ed741a2|02|in"; nocase; ) # zda50c06851ffe0e9fd798d49b82944497.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zda50c06851ffe0e9fd798d49b82944497|02|so"; nocase; ) # acca70782e08bc5f4d7d58f6b728979a43.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|acca70782e08bc5f4d7d58f6b728979a43|02|cc"; nocase; ) # b0dd93d240b546e9cc74e1fe041bcf1233.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0dd93d240b546e9cc74e1fe041bcf1233|02|ws"; nocase; ) # d8df5ed2e2ee3e93e9ddf1c364dee98a26.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8df5ed2e2ee3e93e9ddf1c364dee98a26|02|in"; nocase; ) # ead5df804b2fa6f948e7fc3933062599b5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ead5df804b2fa6f948e7fc3933062599b5|02|hk"; nocase; ) # pe47b95e4fc0e69325f97a1d45d4c7a718.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe47b95e4fc0e69325f97a1d45d4c7a718|02|so"; nocase; ) # q673c561cd541e9b5fa8ae0dbdb484bd4b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005671; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q673c561cd541e9b5fa8ae0dbdb484bd4b|02|cc"; nocase; ) # e9fb75b90af7d2fb3905a3679b0e7c134a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005672; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9fb75b90af7d2fb3905a3679b0e7c134a|02|tk"; nocase; ) # jcf7461c934817ef0eace4cbbf9281316e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005673; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jcf7461c934817ef0eace4cbbf9281316e|02|in"; nocase; ) # l4b5fc1f548478670732b635b4989b89dc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005674; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4b5fc1f548478670732b635b4989b89dc|02|cn"; nocase; ) # oa5c846342146f8710e80a90db891698ad.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005675; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oa5c846342146f8710e80a90db891698ad|02|cc"; nocase; ) # t27996edadfe8584d8309aed8ef43a10df.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005676; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t27996edadfe8584d8309aed8ef43a10df|02|cn"; nocase; ) # y8e695a49b41166c5a886c0701931e78d8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005677; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8e695a49b41166c5a886c0701931e78d8|02|to"; nocase; ) # g78d0ccfbc6d19b8601682b53563fb0a9a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005678; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g78d0ccfbc6d19b8601682b53563fb0a9a|02|to"; nocase; ) # i5aec3d1fd6040a8461fac4b69b6d46bf9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005679; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5aec3d1fd6040a8461fac4b69b6d46bf9|02|hk"; nocase; ) # j320fe999a285144d8555990ad9f153d54.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005680; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j320fe999a285144d8555990ad9f153d54|02|cn"; nocase; ) # pb4bcc55136fe884dcc659d03a4545337f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005681; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb4bcc55136fe884dcc659d03a4545337f|02|in"; nocase; ) # r64cd3119dd744f37ef29c0b03dd760145.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005682; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r64cd3119dd744f37ef29c0b03dd760145|02|cn"; nocase; ) # ue86c5c85d28e80628325fe0c549b5a723.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005683; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue86c5c85d28e80628325fe0c549b5a723|02|cc"; nocase; ) # cb69dee5c66395438210d92eb8cfd7e239.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005684; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb69dee5c66395438210d92eb8cfd7e239|02|cc"; nocase; ) # f914d70ef922a44a97cc6d144418691047.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005685; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f914d70ef922a44a97cc6d144418691047|02|in"; nocase; ) # ifafded75342c4dc9bff9cfb9a4b6ba3dd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005686; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifafded75342c4dc9bff9cfb9a4b6ba3dd|02|tk"; nocase; ) # n3b51abc971bb65e7ee1470a2109a246f9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005687; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3b51abc971bb65e7ee1470a2109a246f9|02|in"; nocase; ) # o085c4a3f69e94328621f5ed34753581e2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005688; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o085c4a3f69e94328621f5ed34753581e2|02|hk"; nocase; ) # t942ddf6f9b315918e2e5837a03ebfa69c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005689; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t942ddf6f9b315918e2e5837a03ebfa69c|02|ws"; nocase; ) # ca18b13ccfc021048c1212e8392568f8c5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005690; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca18b13ccfc021048c1212e8392568f8c5|02|to"; nocase; ) # k7885f214b775aaac9822a8eb7aaa73db3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005691; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k7885f214b775aaac9822a8eb7aaa73db3|02|to"; nocase; ) # m851e55a9f78f3e3a57e645aafbe57ef76.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005692; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m851e55a9f78f3e3a57e645aafbe57ef76|02|hk"; nocase; ) # sd23fc3e2ce3e5bbd253d75605ffa53e3e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005693; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sd23fc3e2ce3e5bbd253d75605ffa53e3e|02|to"; nocase; ) # ye4e129eafb5b312b97990faeecb4c1e68.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005694; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ye4e129eafb5b312b97990faeecb4c1e68|02|cc"; nocase; ) # a905c356c37ec39e64db81beb5e33eb6f4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005695; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a905c356c37ec39e64db81beb5e33eb6f4|02|to"; nocase; ) # d65a6fa4a9e5691840b2a5c441c8bd8ba1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005696; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d65a6fa4a9e5691840b2a5c441c8bd8ba1|02|cn"; nocase; ) # ibcb92ca77cf5d4ef7ebf6ccb77d0bc6cb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005697; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ibcb92ca77cf5d4ef7ebf6ccb77d0bc6cb|02|to"; nocase; ) # t143dbcd1ab0f787bcc8204b00fb9b1a53.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005698; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t143dbcd1ab0f787bcc8204b00fb9b1a53|02|cn"; nocase; ) # u7b883282daa23bb4f008c23a74c7528eb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005699; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u7b883282daa23bb4f008c23a74c7528eb|02|tk"; nocase; ) # vaa700644be179f073548168f62f9d0cb0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005700; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vaa700644be179f073548168f62f9d0cb0|02|so"; nocase; ) # afacac3367a4fb15ecb74501be58ee6483.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005701; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|afacac3367a4fb15ecb74501be58ee6483|02|hk"; nocase; ) # efae36d2533bd34a2afcaf2e8740bd70ea.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005702; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|efae36d2533bd34a2afcaf2e8740bd70ea|02|cc"; nocase; ) # hf41a01c4e369312cc4f3335200ade8acd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005703; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf41a01c4e369312cc4f3335200ade8acd|02|in"; nocase; ) # lfcf9da2448f78e54064aa1f4643b83350.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005704; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lfcf9da2448f78e54064aa1f4643b83350|02|so"; nocase; ) # t5eef1fad0a23194e0325564152f9cc652.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005705; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t5eef1fad0a23194e0325564152f9cc652|02|so"; nocase; ) # wd458a712c8261216f1d7fbb0dda0b84e3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005706; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd458a712c8261216f1d7fbb0dda0b84e3|02|to"; nocase; ) # x8540e3a568c1374c7c0c06fc203c670ff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005707; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x8540e3a568c1374c7c0c06fc203c670ff|02|in"; nocase; ) # yb625fe4ecd495ab251968d1116259231c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005708; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yb625fe4ecd495ab251968d1116259231c|02|hk"; nocase; ) # d9ab83e015f39f772ffdb5fe4c155e418d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005709; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d9ab83e015f39f772ffdb5fe4c155e418d|02|ws"; nocase; ) # e30630fca1f308bbc0ed79fd5a0a1f880f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005710; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e30630fca1f308bbc0ed79fd5a0a1f880f|02|to"; nocase; ) # jca6c62bd99814a4c01a67764fd67232ea.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005711; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jca6c62bd99814a4c01a67764fd67232ea|02|so"; nocase; ) # k50ff37bf21d45ef475756229dbe88ef53.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005712; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k50ff37bf21d45ef475756229dbe88ef53|02|cc"; nocase; ) # pfdcb6b5b314881823778d99a1597c2245.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005713; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfdcb6b5b314881823778d99a1597c2245|02|cn"; nocase; ) # acd6f3a913fa5ee49ffc19735476073cca.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005714; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|acd6f3a913fa5ee49ffc19735476073cca|02|cc"; nocase; ) # f2d2b6ab70f0f3867b3966af0ea8d83a4a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005715; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2d2b6ab70f0f3867b3966af0ea8d83a4a|02|cn"; nocase; ) # g435e7971ee9792c96e744a2a9cd3ec620.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005716; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g435e7971ee9792c96e744a2a9cd3ec620|02|tk"; nocase; ) # j6d9ec54a9f31bc993c170802a192170da.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005717; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j6d9ec54a9f31bc993c170802a192170da|02|ws"; nocase; ) # lfaa6052600cdcd8f15f776f6451bfd00f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005718; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lfaa6052600cdcd8f15f776f6451bfd00f|02|in"; nocase; ) # pb132d0af5dacd2e56ae537c91dd2910e4.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005719; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb132d0af5dacd2e56ae537c91dd2910e4|02|so"; nocase; ) # q8d3221d5c2da8ee5ebac5ce29536cc4cc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005720; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8d3221d5c2da8ee5ebac5ce29536cc4cc|02|cc"; nocase; ) # y3fd606861e65e442f09ddc2861b00aadd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005721; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3fd606861e65e442f09ddc2861b00aadd|02|cc"; nocase; ) # cb175b06ebd8836ce295f4938264d53298.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005722; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb175b06ebd8836ce295f4938264d53298|02|hk"; nocase; ) # h2ac5687f5097e902a21a17bf0d42d04f4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005723; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2ac5687f5097e902a21a17bf0d42d04f4|02|ws"; nocase; ) # id510be7a004e5789cd4c1fff8a2069833.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005724; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id510be7a004e5789cd4c1fff8a2069833|02|to"; nocase; ) # p8c3c15f416fa461e8fa56b47bdfbb3d96.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005725; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p8c3c15f416fa461e8fa56b47bdfbb3d96|02|ws"; nocase; ) # s24a27736ca85c74ed775c316bae2aa930.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005726; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s24a27736ca85c74ed775c316bae2aa930|02|hk"; nocase; ) # u31630ef8082683bec865d8345112e795b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005727; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u31630ef8082683bec865d8345112e795b|02|tk"; nocase; ) # za535d2c6c03baaf056ed6ab14dd8f630c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005728; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za535d2c6c03baaf056ed6ab14dd8f630c|02|in"; nocase; ) # b1e90cd66ea9440f5258ace125d4e11682.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005729; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1e90cd66ea9440f5258ace125d4e11682|02|cn"; nocase; ) # h906261db10b560b6e8101a3e8ab1a1e2d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005730; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h906261db10b560b6e8101a3e8ab1a1e2d|02|in"; nocase; ) # iadafc2f179ed480c03d12f25e687a5c08.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005731; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iadafc2f179ed480c03d12f25e687a5c08|02|hk"; nocase; ) # s3e6cb0608ffab7f492cce42aeb274b48a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005732; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s3e6cb0608ffab7f492cce42aeb274b48a|02|tk"; nocase; ) # ub5324f4a16316267763a61aa06fb23fe3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005733; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub5324f4a16316267763a61aa06fb23fe3|02|cc"; nocase; ) # y459b6899a79165b4ca210f4bd41096bcc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005734; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y459b6899a79165b4ca210f4bd41096bcc|02|hk"; nocase; ) # b150df8f7c3ae2330065b159dd985cf553.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005735; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b150df8f7c3ae2330065b159dd985cf553|02|so"; nocase; ) # j178d278039c8a1af21083e841e5adaf7a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005736; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j178d278039c8a1af21083e841e5adaf7a|02|so"; nocase; ) # m2eacbf4070eb55b4c2e99ef073e0c138f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005737; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m2eacbf4070eb55b4c2e99ef073e0c138f|02|to"; nocase; ) # n6a7755c2890061a00fc3c1c2af1e3bade.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005738; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n6a7755c2890061a00fc3c1c2af1e3bade|02|in"; nocase; ) # vcb92b29389b3e1151c3a66e9e9141f1b4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005739; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vcb92b29389b3e1151c3a66e9e9141f1b4|02|in"; nocase; ) # c41724529a26e50c280f99b7127d3da479.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005740; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c41724529a26e50c280f99b7127d3da479|02|to"; nocase; ) # i3eb25f4b6f15ec2bf20a7d3a3c4558dac.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005741; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3eb25f4b6f15ec2bf20a7d3a3c4558dac|02|cc"; nocase; ) # l9e37bb12f43fa39acbe98d1f04314bb4e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005742; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9e37bb12f43fa39acbe98d1f04314bb4e|02|in"; nocase; ) # nfe40e61a8869612e422e083cd0a6e0fe2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005743; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfe40e61a8869612e422e083cd0a6e0fe2|02|cn"; nocase; ) # pd17388d5e172b9116204244fb73187c57.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005744; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd17388d5e172b9116204244fb73187c57|02|so"; nocase; ) # y8344ba42ea077f506aa30b6f30f3672e3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005745; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8344ba42ea077f506aa30b6f30f3672e3|02|cc"; nocase; ) # ef29b076933cc1048cf457c285cef0d6d8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005746; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef29b076933cc1048cf457c285cef0d6d8|02|tk"; nocase; ) # gc82e2290d809ad597075ac8595eb064e5.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005747; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc82e2290d809ad597075ac8595eb064e5|02|cc"; nocase; ) # m08bf503ff9404161c4a5f1075976f6e75.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005748; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m08bf503ff9404161c4a5f1075976f6e75|02|tk"; nocase; ) # p927024cdea1bd97fcc10692e54631ac8c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005749; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p927024cdea1bd97fcc10692e54631ac8c|02|ws"; nocase; ) # s116fbff3630f113bf0cbee940fe873566.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005750; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s116fbff3630f113bf0cbee940fe873566|02|hk"; nocase; ) # y91b2584151cff7a4d9d2056d86a92902a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005751; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y91b2584151cff7a4d9d2056d86a92902a|02|to"; nocase; ) # de1e648db53a21923b1ddadc76e63c9c06.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005752; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de1e648db53a21923b1ddadc76e63c9c06|02|so"; nocase; ) # e6804c2d95a95feeee60f58a10143231e2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005753; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e6804c2d95a95feeee60f58a10143231e2|02|cc"; nocase; ) # v99e9e179a54a258b82f19684d64a46405.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005754; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v99e9e179a54a258b82f19684d64a46405|02|ws"; nocase; ) # w1093820babab2adea0eee49fb036ccf6d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005755; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1093820babab2adea0eee49fb036ccf6d|02|to"; nocase; ) # e07ac358ce2e8552b147eee4840a2f9fe0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005756; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e07ac358ce2e8552b147eee4840a2f9fe0|02|to"; nocase; ) # f8b2fd3a98c8057e977065401bbd628694.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005757; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8b2fd3a98c8057e977065401bbd628694|02|in"; nocase; ) # gde833da3c70feee153027930100c6fb0f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005758; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gde833da3c70feee153027930100c6fb0f|02|hk"; nocase; ) # ha4c7c8a3bdf41b8f2af858d857b2d816f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005759; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha4c7c8a3bdf41b8f2af858d857b2d816f|02|cn"; nocase; ) # k01bfeaec14ea8af41cad179de71f051b6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005760; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k01bfeaec14ea8af41cad179de71f051b6|02|cc"; nocase; ) # r2dfd3d4b95f161b884da5c70425faa7a0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005761; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2dfd3d4b95f161b884da5c70425faa7a0|02|so"; nocase; ) # u3f24ccf74ba1ee0ee47b2b482f423d6d5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005762; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3f24ccf74ba1ee0ee47b2b482f423d6d5|02|to"; nocase; ) # z857e6820293a51858572a849e665d3578.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005763; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z857e6820293a51858572a849e665d3578|02|so"; nocase; ) # aea8ada13cb6ed6f3f86d652c30d8cd22b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005764; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aea8ada13cb6ed6f3f86d652c30d8cd22b|02|cc"; nocase; ) # yff82c41d8d3eddafa93f6278c7c2fb3af.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005765; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yff82c41d8d3eddafa93f6278c7c2fb3af|02|cc"; nocase; ) # e6bee76830487f989d91501215d4634f4e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005766; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e6bee76830487f989d91501215d4634f4e|02|tk"; nocase; ) # kae086eea1edd39edd8c2d986942c01824.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005767; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kae086eea1edd39edd8c2d986942c01824|02|hk"; nocase; ) # q09dc7a54681339e66ac80728e8e2f7291.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005768; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q09dc7a54681339e66ac80728e8e2f7291|02|to"; nocase; ) # x0f70cc48ee8ff7a49684f4a960f5349ba.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005769; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0f70cc48ee8ff7a49684f4a960f5349ba|02|ws"; nocase; ) # j0a0d1ecda8fe9ff40726be07a62ce5029.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005770; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0a0d1ecda8fe9ff40726be07a62ce5029|02|cn"; nocase; ) # b08cced2f0376618a94eb09824b16db25e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005771; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b08cced2f0376618a94eb09824b16db25e|02|ws"; nocase; ) # da4ff84a7239c5031303fc98f6600f0fa3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005772; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|da4ff84a7239c5031303fc98f6600f0fa3|02|in"; nocase; ) # iee90ce4e8c101ed477d7ac6f5dc96fcda.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005773; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iee90ce4e8c101ed477d7ac6f5dc96fcda|02|cc"; nocase; ) # j15fb7afa5e973c056ebe5e1d68488e86a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005774; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j15fb7afa5e973c056ebe5e1d68488e86a|02|ws"; nocase; ) # s911242ebfc1ae9c28c60663738e9257b4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005775; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s911242ebfc1ae9c28c60663738e9257b4|02|to"; nocase; ) # zde0aaa9b1b0118d0c3b37d9dc6ee8c5eb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005776; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zde0aaa9b1b0118d0c3b37d9dc6ee8c5eb|02|ws"; nocase; ) # d0409de3a93c2e19637ecd902872c12222.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005777; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0409de3a93c2e19637ecd902872c12222|02|cn"; nocase; ) # mb1014a13c2874561b7782a92d966e6d1d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005778; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb1014a13c2874561b7782a92d966e6d1d|02|tk"; nocase; ) # td5a0f756c704e709338583fa369d26eba.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005779; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|td5a0f756c704e709338583fa369d26eba|02|cn"; nocase; ) # ue92bbb1423de8fb53887d4a86e8e474e3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005780; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue92bbb1423de8fb53887d4a86e8e474e3|02|tk"; nocase; ) # w88b19f029853f825c8dc14f49a23d6fd2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005781; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w88b19f029853f825c8dc14f49a23d6fd2|02|cc"; nocase; ) # y4bfe753943e941cd45095db9e5897f9b6.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005782; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4bfe753943e941cd45095db9e5897f9b6|02|to"; nocase; ) # hac004da932c875a534e083d56528ac42a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005783; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hac004da932c875a534e083d56528ac42a|02|in"; nocase; ) # ibda95d782a998b92420dd1d2a6fcbeb50.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005784; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ibda95d782a998b92420dd1d2a6fcbeb50|02|hk"; nocase; ) # q4b551986f771e171abf3806f2b08f228c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005785; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4b551986f771e171abf3806f2b08f228c|02|hk"; nocase; ) # k568446e832a93f4a3ce881d9c601f7786.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005786; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k568446e832a93f4a3ce881d9c601f7786|02|cc"; nocase; ) # l2376d832cb5a6216334e44812b58e6034.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005787; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l2376d832cb5a6216334e44812b58e6034|02|ws"; nocase; ) # mbaae18cd55b6c4127bb84338d37a82098.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005788; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mbaae18cd55b6c4127bb84338d37a82098|02|to"; nocase; ) # sde5ad9b58a321e9c44165c65ab4518722.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005789; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sde5ad9b58a321e9c44165c65ab4518722|02|cc"; nocase; ) # t82dfe0629e82350a9a112ca1a0644abef.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005790; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t82dfe0629e82350a9a112ca1a0644abef|02|ws"; nocase; ) # u734e968f8227791dda588c95ab2556b4d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005791; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u734e968f8227791dda588c95ab2556b4d|02|to"; nocase; ) # ve4e0947ba24c1f75a06496e78aac61be5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005792; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ve4e0947ba24c1f75a06496e78aac61be5|02|in"; nocase; ) # z03731b71a41c196be713243c0535e07be.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005793; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z03731b71a41c196be713243c0535e07be|02|so"; nocase; ) # hdb5641f8a81445efd54c758c7b29f5654.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005794; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hdb5641f8a81445efd54c758c7b29f5654|02|so"; nocase; ) # q7e2f47e37234f3cfdebfadd2a05c0ee12.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005795; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q7e2f47e37234f3cfdebfadd2a05c0ee12|02|cc"; nocase; ) # y95f2708e77cb756bc93d0c1ba9d01b55c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005796; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y95f2708e77cb756bc93d0c1ba9d01b55c|02|cc"; nocase; ) # jd6f486da10f3500caea5a8506f215d30c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005797; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd6f486da10f3500caea5a8506f215d30c|02|in"; nocase; ) # s347a9c9348ad87fd1ff5220c5dcf5fd8c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005798; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s347a9c9348ad87fd1ff5220c5dcf5fd8c|02|hk"; nocase; ) # t955a262e971ec1f11314016fddc853505.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005799; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t955a262e971ec1f11314016fddc853505|02|cn"; nocase; ) # yf188b9e8a2119cae885125166e14a9890.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005800; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yf188b9e8a2119cae885125166e14a9890|02|to"; nocase; ) # aca33d55127b8326bc5f3f87570fc3c211.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005801; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aca33d55127b8326bc5f3f87570fc3c211|02|hk"; nocase; ) # fdfba641fe4b49db152c6638f9d214b9e6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005802; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fdfba641fe4b49db152c6638f9d214b9e6|02|ws"; nocase; ) # j6021c91e393ac2c6bc455e710525b050b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005803; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j6021c91e393ac2c6bc455e710525b050b|02|cn"; nocase; ) # of287dfe476cec9157a5eb5410c2862490.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005804; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|of287dfe476cec9157a5eb5410c2862490|02|to"; nocase; ) # e134386973c547e374d3ff157789a2c690.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005805; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e134386973c547e374d3ff157789a2c690|02|to"; nocase; ) # rae516d992b16cb38a4ad15292229a70b0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005806; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rae516d992b16cb38a4ad15292229a70b0|02|so"; nocase; ) # ead8e0a831235a13ffca8f16ffb9cac64a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005807; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ead8e0a831235a13ffca8f16ffb9cac64a|02|hk"; nocase; ) # f6aed7c6e17ab0181846a43c63fb5c9cf2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005808; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6aed7c6e17ab0181846a43c63fb5c9cf2|02|cn"; nocase; ) # ifb533e51ee473e9a7847e09bdb065800f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005809; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifb533e51ee473e9a7847e09bdb065800f|02|cc"; nocase; ) # o546f3946d6effdf86bc8d71b1aadfb57b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005810; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o546f3946d6effdf86bc8d71b1aadfb57b|02|tk"; nocase; ) # p86919d07e2a906710b3c7c21df47fde42.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005811; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p86919d07e2a906710b3c7c21df47fde42|02|so"; nocase; ) # s434ba83ac94f4548ad1d55c6bc41de229.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005812; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s434ba83ac94f4548ad1d55c6bc41de229|02|to"; nocase; ) # x802d48226058e0541b36061242b785279.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005813; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x802d48226058e0541b36061242b785279|02|so"; nocase; ) # ybcadc5c168eb7f09bd70930a7ff50646e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005814; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybcadc5c168eb7f09bd70930a7ff50646e|02|cc"; nocase; ) # c6475aa7d7ab9e9fc2a280099bc59513d1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005815; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6475aa7d7ab9e9fc2a280099bc59513d1|02|hk"; nocase; ) # kb06e982e9c6f7c0b815fe456615cfa469.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005816; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kb06e982e9c6f7c0b815fe456615cfa469|02|hk"; nocase; ) # nbd739ad158deb21458eb4d9d492b7ca66.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005817; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nbd739ad158deb21458eb4d9d492b7ca66|02|so"; nocase; ) # p5fc9bba41aef56e382ae7c7b0a0dce2aa.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005818; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5fc9bba41aef56e382ae7c7b0a0dce2aa|02|ws"; nocase; ) # df3b20cdc2e76d7bb0235b29f11771ee1f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005819; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df3b20cdc2e76d7bb0235b29f11771ee1f|02|so"; nocase; ) # j47d5fe416c24ced055df6a953513b78ee.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005820; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j47d5fe416c24ced055df6a953513b78ee|02|cn"; nocase; ) # l73406fe4e74da835d7db844d0f870044a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005821; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l73406fe4e74da835d7db844d0f870044a|02|so"; nocase; ) # s9aba17f7f1b454d5c540ecdc3edc5dd73.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005822; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9aba17f7f1b454d5c540ecdc3edc5dd73|02|tk"; nocase; ) # u16cb559d113aeac38aed4a8885eaa83bf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005823; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u16cb559d113aeac38aed4a8885eaa83bf|02|cc"; nocase; ) # v76e47f2e4fb48562fa745af8c6373e548.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005824; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v76e47f2e4fb48562fa745af8c6373e548|02|ws"; nocase; ) # wb9cefe99f34cacaf22a9bb3ecf26a091c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005825; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb9cefe99f34cacaf22a9bb3ecf26a091c|02|to"; nocase; ) # x489c10b91439e3342c26da4770aebfa9e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005826; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x489c10b91439e3342c26da4770aebfa9e|02|in"; nocase; ) # bd49eff5f533c7b0e00307732ad92d4f07.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005827; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd49eff5f533c7b0e00307732ad92d4f07|02|so"; nocase; ) # ddb8affb60d9e829200359270469f64c6f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005828; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ddb8affb60d9e829200359270469f64c6f|02|ws"; nocase; ) # j79ffbe4d7aca461d5deed8649f4f69b0d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005829; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j79ffbe4d7aca461d5deed8649f4f69b0d|02|so"; nocase; ) # ld8db49bb0c1b26cff1fb4d00b61be373d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005830; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ld8db49bb0c1b26cff1fb4d00b61be373d|02|ws"; nocase; ) # a517868d5fd50991bdb7ab25bf6cafabcb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005831; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a517868d5fd50991bdb7ab25bf6cafabcb|02|cc"; nocase; ) # b5117d2678971fb09e783ee65af02ed069.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005832; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5117d2678971fb09e783ee65af02ed069|02|ws"; nocase; ) # ced6eb7c263f804f41e6b7e355b3664b38.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005833; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ced6eb7c263f804f41e6b7e355b3664b38|02|to"; nocase; ) # de15705bcd584b99ec24f5526820c1df3e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005834; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de15705bcd584b99ec24f5526820c1df3e|02|in"; nocase; ) # fdce68a4de112ef149de48454ac60462fc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005835; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fdce68a4de112ef149de48454ac60462fc|02|cn"; nocase; ) # m5933b03fedfa9bf0feafc1f426f11c47e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005836; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5933b03fedfa9bf0feafc1f426f11c47e|02|hk"; nocase; ) # oc243ce9d732b6e5e60458782d9ae79604.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005837; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc243ce9d732b6e5e60458782d9ae79604|02|tk"; nocase; ) # 2cvuru6e6cbcvwjot5x1vs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005838; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|16|2cvuru6e6cbcvwjot5x1vs|04|ddns|03|net"; nocase; ) # gxgh56ofqhuxs0mrotq838w.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005839; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|gxgh56ofqhuxs0mrotq838w|04|ddns|03|net"; nocase; ) # svm4admfmt54if7batc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005840; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|svm4admfmt54if7batc|04|ddns|03|net"; nocase; ) # 7panuxgj7jmp5jwf7lgl7x3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005841; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|7panuxgj7jmp5jwf7lgl7x3|04|ddns|03|net"; nocase; ) # k4367dcdijqj3vwbu0u.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005842; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|k4367dcdijqj3vwbu0u|04|ddns|03|net"; nocase; ) # ujghqtc2qpqt3vw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005843; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|ujghqtc2qpqt3vw|04|ddns|03|net"; nocase; ) # arwd3lc0e21bk41j3ny.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005844; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|arwd3lc0e21bk41j3ny|04|ddns|03|net"; nocase; ) # ypmds4s4u87jo4ahu6k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005845; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|ypmds4s4u87jo4ahu6k|04|ddns|03|net"; nocase; ) # ar5hyls4w01tivmdoly4idi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005846; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|ar5hyls4w01tivmdoly4idi|04|ddns|03|net"; nocase; ) # c0wnghg218wr1xo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005847; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|c0wnghg218wr1xo|04|ddns|03|net"; nocase; ) # 1pcfk4mf5tol5xo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005848; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|1pcfk4mf5tol5xo|04|ddns|03|net"; nocase; ) # ej1nyjop7h14cvy8whc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005849; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|ej1nyjop7h14cvy8whc|04|ddns|03|net"; nocase; ) # 3ri2e83ryv3j5pensby.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005850; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|3ri2e83ryv3j5pensby|04|ddns|03|net"; nocase; ) # qt1l1bivyfkju23tohe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005851; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|qt1l1bivyfkju23tohe|04|ddns|03|net"; nocase; ) # op7dopmjq4127xahw0o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005852; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|op7dopmjq4127xahw0o|04|ddns|03|net"; nocase; ) # iparathuvu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005853; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|iparathuvu|04|ddns|03|net"; nocase; ) # adpeodaren.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005854; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|adpeodaren|04|ddns|03|net"; nocase; ) # atocfaestiarxo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005855; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|atocfaestiarxo|04|ddns|03|net"; nocase; ) # xtpyytxec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005856; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xtpyytxec|03|com"; nocase; ) # eoqdohr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005857; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eoqdohr|03|com"; nocase; ) # fjxgjsjrwt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005858; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fjxgjsjrwt|04|info"; nocase; ) # rdymnymhco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005859; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rdymnymhco|03|com"; nocase; ) # wjbjolmns.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005860; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wjbjolmns|03|biz"; nocase; ) # dsmwdtcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005861; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dsmwdtcl|03|com"; nocase; ) # rhvunnfbxdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005862; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rhvunnfbxdm|03|com"; nocase; ) # pdjcazsaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005863; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pdjcazsaa|03|com"; nocase; ) # xwupvj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005864; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xwupvj|04|info"; nocase; ) # vdzaxcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005865; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vdzaxcq|03|com"; nocase; ) # tewkhslc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005866; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tewkhslc|03|org"; nocase; ) # byjtrfnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005867; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|byjtrfnd|03|biz"; nocase; ) # srudmtyes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005868; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|srudmtyes|03|com"; nocase; ) # ydqxozgrr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005869; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ydqxozgrr|03|net"; nocase; ) # chmsgtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005870; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|chmsgtz|03|net"; nocase; ) # inzcqirc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005871; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|inzcqirc|03|net"; nocase; ) # saocwbmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005872; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|saocwbmn|03|org"; nocase; ) # tncspjtrgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005873; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tncspjtrgr|03|com"; nocase; ) # olowuooljbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005874; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|olowuooljbv|03|com"; nocase; ) # qwgzaph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005875; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qwgzaph|03|biz"; nocase; ) # viqjfyjvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005876; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|viqjfyjvs|04|info"; nocase; ) # vhmaksvre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005877; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vhmaksvre|03|net"; nocase; ) # ewcmqiyrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005878; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ewcmqiyrc|03|net"; nocase; ) # fszdemgdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005879; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fszdemgdx|03|com"; nocase; ) # tyhjwefyilu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005880; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tyhjwefyilu|03|org"; nocase; ) # tcdlhvkcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005881; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tcdlhvkcd|03|com"; nocase; ) # mjvugj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005882; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mjvugj|03|com"; nocase; ) # tarjzzeec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005883; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tarjzzeec|03|com"; nocase; ) # yjiecjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005884; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yjiecjc|03|org"; nocase; ) # afgwcf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005885; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|afgwcf|03|com"; nocase; ) # eptjiehbbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005886; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|eptjiehbbg|03|com"; nocase; ) # bpihqnmbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005887; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bpihqnmbd|03|com"; nocase; ) # gucres.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005888; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gucres|03|com"; nocase; ) # nwhhjou.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005889; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nwhhjou|03|biz"; nocase; ) # jlkbudoco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005890; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jlkbudoco|03|com"; nocase; ) # obnzqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005891; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|obnzqf|03|biz"; nocase; ) # pjjuhwpye.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005892; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pjjuhwpye|04|info"; nocase; ) # gusqtxghlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005893; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gusqtxghlt|03|org"; nocase; ) # bgdyamdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005894; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bgdyamdp|03|com"; nocase; ) # wibozgesv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005895; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wibozgesv|03|net"; nocase; ) # doqqat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005896; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|doqqat|03|com"; nocase; ) # alcaciqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005897; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|alcaciqf|03|biz"; nocase; ) # mapfcvablbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005898; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mapfcvablbg|03|com"; nocase; ) # ahatef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005899; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ahatef|03|com"; nocase; ) # ackqopfoacd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005900; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ackqopfoacd|03|com"; nocase; ) # qiyggypoxis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005901; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qiyggypoxis|03|com"; nocase; ) # scxiepdmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005902; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|scxiepdmm|03|org"; nocase; ) # pjlajaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005903; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pjlajaa|03|com"; nocase; ) # jsbyap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005904; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jsbyap|03|com"; nocase; ) # kssokuko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005905; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kssokuko|03|org"; nocase; ) # euobygwpd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005906; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|euobygwpd|03|biz"; nocase; ) # aqlfvl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005907; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aqlfvl|04|info"; nocase; ) # kzegsigi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005908; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kzegsigi|03|com"; nocase; ) # wtirgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005909; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wtirgv|03|com"; nocase; ) # dynqbgu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005910; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dynqbgu|03|com"; nocase; ) # dparufnfsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005911; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dparufnfsi|03|net"; nocase; ) # vkwgkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005912; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vkwgkf|03|org"; nocase; ) # jmcjblv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005913; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jmcjblv|03|org"; nocase; ) # jmuozgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005914; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jmuozgg|03|com"; nocase; ) # hfckyrgpav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005915; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hfckyrgpav|03|com"; nocase; ) # tsyardo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005916; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tsyardo|03|com"; nocase; ) # tucrnvkbguq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005917; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tucrnvkbguq|03|net"; nocase; ) # dwaxdgko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005918; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dwaxdgko|03|org"; nocase; ) # mbcbmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005919; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mbcbmb|03|org"; nocase; ) # johswnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005920; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|johswnt|03|biz"; nocase; ) # fcsfcz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005921; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fcsfcz|03|com"; nocase; ) # hgmvytlv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005922; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hgmvytlv|03|org"; nocase; ) # jaricgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005923; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jaricgy|03|com"; nocase; ) # jxtjieadmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005924; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jxtjieadmv|03|org"; nocase; ) # awdsxpplqzv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005925; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|awdsxpplqzv|04|info"; nocase; ) # efptgpjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005926; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|efptgpjc|03|org"; nocase; ) # aqlcjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005927; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aqlcjg|03|org"; nocase; ) # zkvfch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005928; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zkvfch|03|com"; nocase; ) # ovfokwshl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005929; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ovfokwshl|03|com"; nocase; ) # opbluxonnk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005930; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|opbluxonnk|03|biz"; nocase; ) # pgiahcflcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005931; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pgiahcflcx|03|com"; nocase; ) # rqhpckhh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005932; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rqhpckhh|03|com"; nocase; ) # dklmfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005933; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dklmfy|03|com"; nocase; ) # atfius.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005934; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|atfius|03|net"; nocase; ) # oaqvsjkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005935; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|oaqvsjkg|03|org"; nocase; ) # wcbjxbbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005936; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wcbjxbbc|03|com"; nocase; ) # xxnuxdxuny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005937; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xxnuxdxuny|03|biz"; nocase; ) # zvmhtsapa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005938; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zvmhtsapa|03|biz"; nocase; ) # mkzotzt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005939; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mkzotzt|04|info"; nocase; ) # mbcoyulog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005940; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mbcoyulog|03|biz"; nocase; ) # eilansol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005941; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eilansol|03|biz"; nocase; ) # nifhsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005942; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nifhsh|03|net"; nocase; ) # vmytcdnia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005943; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vmytcdnia|03|com"; nocase; ) # ikhrvnpsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005944; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ikhrvnpsa|03|net"; nocase; ) # hzjsizf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005945; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hzjsizf|04|info"; nocase; ) # jxwxztxxdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005946; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jxwxztxxdx|03|com"; nocase; ) # amwfad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005947; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|amwfad|03|com"; nocase; ) # mmmfzlsdyyo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005948; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mmmfzlsdyyo|04|info"; nocase; ) # xebbgac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005949; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xebbgac|03|com"; nocase; ) # gvhhztcgbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005950; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gvhhztcgbf|03|com"; nocase; ) # vzlobajkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005951; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vzlobajkd|03|org"; nocase; ) # tjsyvvdldtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005952; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tjsyvvdldtt|03|net"; nocase; ) # hfqzwntmic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005953; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hfqzwntmic|03|com"; nocase; ) # ysnqeddv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005954; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ysnqeddv|03|com"; nocase; ) # nixbzsoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005955; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nixbzsoy|03|biz"; nocase; ) # ijkmrgshvlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005956; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ijkmrgshvlx|03|org"; nocase; ) # rotgckdhwkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005957; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rotgckdhwkm|03|org"; nocase; ) # thczsjccil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005958; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|thczsjccil|03|com"; nocase; ) # mftnqrycy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005959; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mftnqrycy|03|com"; nocase; ) # vxawsrhyhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005960; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vxawsrhyhe|03|com"; nocase; ) # mobamwubr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005961; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mobamwubr|03|com"; nocase; ) # xetrbnguuze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005962; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xetrbnguuze|04|info"; nocase; ) # xgdruke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005963; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xgdruke|03|org"; nocase; ) # qdqwtlvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005964; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qdqwtlvv|04|info"; nocase; ) # hctbfyfprls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005965; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hctbfyfprls|03|org"; nocase; ) # gpfyztl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005966; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gpfyztl|03|net"; nocase; ) # kudejps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005967; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kudejps|03|biz"; nocase; ) # rrrdewqbzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005968; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rrrdewqbzr|04|info"; nocase; ) # mttoeu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005969; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mttoeu|03|com"; nocase; ) # biyivipyt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005970; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|biyivipyt|04|info"; nocase; ) # vursvvoseh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005971; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vursvvoseh|03|com"; nocase; ) # vclcpbem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005972; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vclcpbem|03|com"; nocase; ) # shtvsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005973; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|shtvsr|03|net"; nocase; ) # gvfkqhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005974; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gvfkqhc|03|com"; nocase; ) # tinxhpjwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005975; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tinxhpjwb|04|info"; nocase; ) # qvtowydcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005976; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qvtowydcb|03|com"; nocase; ) # illppcob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005977; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|illppcob|03|biz"; nocase; ) # ekwnuwzld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005978; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ekwnuwzld|03|org"; nocase; ) # dajrdacj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005979; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dajrdacj|03|com"; nocase; ) # smznrfsau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005980; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|smznrfsau|03|com"; nocase; ) # widlju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005981; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|widlju|03|org"; nocase; ) # oufvlhtcwv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005982; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|oufvlhtcwv|04|info"; nocase; ) # gmltzvp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005983; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gmltzvp|04|info"; nocase; ) # divtqlcppiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005984; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|divtqlcppiu|03|com"; nocase; ) # ktefguauzhh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005985; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ktefguauzhh|03|com"; nocase; ) # nhcvmdybvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005986; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nhcvmdybvx|04|info"; nocase; ) # jtqetj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005987; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jtqetj|03|net"; nocase; ) # iormenbzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005988; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iormenbzr|04|info"; nocase; ) # szpzwgzcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005989; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|szpzwgzcy|03|com"; nocase; ) # dggxxyrwc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005990; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dggxxyrwc|04|info"; nocase; ) # ymffrzvcim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005991; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ymffrzvcim|03|com"; nocase; ) # oxaotewb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005992; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|oxaotewb|04|info"; nocase; ) # ehmlyqcvls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005993; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ehmlyqcvls|03|org"; nocase; ) # bnvaefrkxvc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005994; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bnvaefrkxvc|04|info"; nocase; ) # pnaxijfoot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005995; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pnaxijfoot|03|biz"; nocase; ) # wnklhjgzja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005996; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wnklhjgzja|03|org"; nocase; ) # hlsmexeom.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005997; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hlsmexeom|03|biz"; nocase; ) # gvyvnli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005998; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gvyvnli|03|org"; nocase; ) # ftiyvjsigx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000005999; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ftiyvjsigx|03|com"; nocase; ) # aeirlnmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006000; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aeirlnmi|03|org"; nocase; ) # frghtky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006001; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|frghtky|03|org"; nocase; ) # qjsuwwtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006002; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qjsuwwtk|03|net"; nocase; ) # tghczlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006003; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tghczlc|03|org"; nocase; ) # daqcbyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006004; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|daqcbyf|04|info"; nocase; ) # qgljeazjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006005; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qgljeazjo|03|org"; nocase; ) # hylfip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006006; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hylfip|03|com"; nocase; ) # dwbteup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006007; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dwbteup|03|net"; nocase; ) # hicbafl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006008; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hicbafl|03|com"; nocase; ) # aonvskyqem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006009; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aonvskyqem|03|com"; nocase; ) # utgoyrvo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006010; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|utgoyrvo|04|info"; nocase; ) # wuehlbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006011; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wuehlbj|03|com"; nocase; ) # sxmxdndwf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006012; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sxmxdndwf|04|info"; nocase; ) # gwlmanes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006013; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gwlmanes|03|com"; nocase; ) # tmqznaniol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006014; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tmqznaniol|03|biz"; nocase; ) # jtnwvfcqdgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006015; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jtnwvfcqdgd|03|com"; nocase; ) # idoiaoogkmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006016; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|idoiaoogkmr|03|org"; nocase; ) # itrvlpigic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006017; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|itrvlpigic|03|com"; nocase; ) # yjqalnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006018; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yjqalnw|03|biz"; nocase; ) # druwlflw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006019; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|druwlflw|03|org"; nocase; ) # vxngxawq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006020; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vxngxawq|04|info"; nocase; ) # wybmyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006021; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wybmyq|04|info"; nocase; ) # qnhbdfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006022; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qnhbdfq|03|com"; nocase; ) # hscwolwk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006023; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hscwolwk|04|info"; nocase; ) # cabgip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006024; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cabgip|03|com"; nocase; ) # japwnoyufqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006025; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|japwnoyufqz|03|biz"; nocase; ) # jgitildj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006026; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jgitildj|03|com"; nocase; ) # kzubcgvgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006027; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kzubcgvgx|03|com"; nocase; ) # mshbtbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006028; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mshbtbr|03|com"; nocase; ) # vqfdncndr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006029; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vqfdncndr|03|com"; nocase; ) # gcwirl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006030; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gcwirl|03|net"; nocase; ) # akikwvjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006031; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|akikwvjx|03|org"; nocase; ) # crxxlzyog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006032; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|crxxlzyog|03|biz"; nocase; ) # mqlibanonhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006033; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mqlibanonhf|03|com"; nocase; ) # ytwaan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006034; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ytwaan|03|com"; nocase; ) # ixwajwpwokq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006035; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ixwajwpwokq|03|org"; nocase; ) # tfhuuth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006036; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tfhuuth|03|net"; nocase; ) # stpralvi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006037; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|stpralvi|04|info"; nocase; ) # ffkzlicys.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006038; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ffkzlicys|04|info"; nocase; ) # lvqhzqrtvyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006039; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lvqhzqrtvyc|04|info"; nocase; ) # bdcnynwyaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006040; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bdcnynwyaq|03|com"; nocase; ) # hpujiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006041; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hpujiv|03|com"; nocase; ) # qjkbehomzyd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006042; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qjkbehomzyd|04|info"; nocase; ) # xlryheyshq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006043; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xlryheyshq|03|com"; nocase; ) # pzadhtcrluz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006044; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pzadhtcrluz|03|net"; nocase; ) # eekdnaeie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006045; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eekdnaeie|03|com"; nocase; ) # klidpjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006046; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|klidpjo|03|org"; nocase; ) # xqbeqkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006047; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xqbeqkt|03|org"; nocase; ) # uxaeoirpaim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006048; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uxaeoirpaim|03|com"; nocase; ) # mceygo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006049; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mceygo|03|com"; nocase; ) # zkwjerizhms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006050; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zkwjerizhms|03|org"; nocase; ) # gnfbzdos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006051; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gnfbzdos|03|biz"; nocase; ) # jvisbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006052; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jvisbf|03|com"; nocase; ) # zpdneni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006053; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zpdneni|03|biz"; nocase; ) # fogzrlefc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006054; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fogzrlefc|03|com"; nocase; ) # qnbnvjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006055; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qnbnvjf|03|org"; nocase; ) # seetel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006056; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|seetel|03|com"; nocase; ) # kssokotmjyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006057; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kssokotmjyq|04|info"; nocase; ) # auqaasplqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006058; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|auqaasplqx|03|biz"; nocase; ) # lipwugbkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006059; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lipwugbkr|03|org"; nocase; ) # krmeutpik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006060; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|krmeutpik|03|com"; nocase; ) # iifjnkepp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006061; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iifjnkepp|03|biz"; nocase; ) # vfvyjhef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006062; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vfvyjhef|03|com"; nocase; ) # lydzix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006063; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lydzix|03|com"; nocase; ) # nqaffvxv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006064; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nqaffvxv|04|info"; nocase; ) # rbincwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006065; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rbincwp|04|info"; nocase; ) # wougkrqud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006066; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wougkrqud|03|net"; nocase; ) # pftiwzorqnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006067; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pftiwzorqnw|03|biz"; nocase; ) # vycpcajga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006068; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vycpcajga|03|com"; nocase; ) # knodfffblffafacn.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006069; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|knodfffblffafacn|06|online"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # ondleoambfadocec.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006070; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ondleoambfadocec|02|cc"; nocase; ) # kbnmfccffmaamadf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006071; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kbnmfccffmaamadf|03|com"; nocase; ) # kddoekbfbamecofb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006072; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kddoekbfbamecofb|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # bddbcffckloondno.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006073; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bddbcffckloondno|02|de"; nocase; ) # bkcdffncbclnaabd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006074; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bkcdffncbclnaabd|02|cc"; nocase; ) # kfdadfemldflfccf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006075; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kfdadfemldflfccf|03|org"; nocase; ) # mfocblmcedacfcab.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006076; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mfocblmcedacfcab|06|online"; nocase; ) # bdckdnkafccdknbo.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006077; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bdckdnkafccdknbo|02|de"; nocase; ) # mcacblkdfldfbcek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006078; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mcacblkdfldfbcek|03|com"; nocase; ) # cnbddkccfdocaaaf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006079; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cnbddkccfdocaaaf|02|eu"; nocase; ) # fdadfdabbbebfecm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006080; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdadfdabbbebfecm|03|org"; nocase; ) # cdlafocbfefdkccc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006081; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdlafocbfefdkccc|03|com"; nocase; ) # cobbcmbamfkaoabb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006082; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cobbcmbamfkaoabb|02|eu"; nocase; ) # olfbcbnkcndckloa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006083; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|olfbcbnkcndckloa|03|net"; nocase; ) # dckcdfealebcdbfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006084; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dckcdfealebcdbfn|03|com"; nocase; ) # bfdbcmmdcclefkdl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006085; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bfdbcmmdcclefkdl|03|net"; nocase; ) # rmaivz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006086; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rmaivz|03|com"; nocase; ) # ktgyyy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006087; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ktgyyy|03|com"; nocase; ) # booyli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006088; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|booyli|03|com"; nocase; ) # anpmgh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006089; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|anpmgh|03|com"; nocase; ) # adouoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006090; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|adouoa|03|com"; nocase; ) # rjfdgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006091; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rjfdgf|03|com"; nocase; ) # ddkhrj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006092; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ddkhrj|03|com"; nocase; ) # yjgdte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006093; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yjgdte|03|com"; nocase; ) # hlgiik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006094; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hlgiik|03|com"; nocase; ) # cyeeew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006095; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cyeeew|03|com"; nocase; ) # scvkeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006096; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|scvkeh|03|com"; nocase; ) # hcyqve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006097; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hcyqve|03|com"; nocase; ) # yfhigo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006098; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yfhigo|03|com"; nocase; ) # winycb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006099; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|winycb|03|com"; nocase; ) # cucriv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006100; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cucriv|03|com"; nocase; ) # umjaiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006101; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|umjaiw|03|com"; nocase; ) # ewqwnbgqqffth.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ewqwnbgqqffth|02|ru"; nocase; ) # rahvvflpatbka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rahvvflpatbka|03|org"; nocase; ) # sewghotcbirch.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sewghotcbirch|04|info"; nocase; ) # xdbxaqtyuijlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xdbxaqtyuijlw|03|org"; nocase; ) # lfaurlglmlgrg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lfaurlglmlgrg|02|co|02|uk"; nocase; ) # lnpgjhhhmkbry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lnpgjhhhmkbry|03|com"; nocase; ) # amgelvdtxjkiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|amgelvdtxjkiw|03|net"; nocase; ) # cqbfgxufuhvyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cqbfgxufuhvyk|03|com"; nocase; ) # vqtxhlfdiuyohxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vqtxhlfdiuyohxm|03|net"; nocase; ) # xqmydwdvkpmqigy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xqmydwdvkpmqigy|03|biz"; nocase; ) # yywudmqtyhjeida.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yywudmqtyhjeida|03|org"; nocase; ) # nfdnvlyothjtxjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nfdnvlyothjtxjn|03|com"; nocase; ) # ikkysblkmjibgtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ikkysblkmjibgtl|03|com"; nocase; ) # fmnqotpebyrqbbu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fmnqotpebyrqbbu|03|org"; nocase; ) # freyrpmodmhbapv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|freyrpmodmhbapv|02|ru"; nocase; ) # nbmorafmiktuiux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nbmorafmiktuiux|03|org"; nocase; ) # nktrawuwtmqruqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nktrawuwtmqruqb|03|com"; nocase; ) # bmotwokccvrvueb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bmotwokccvrvueb|03|net"; nocase; ) # rgcwuhrhqjdvuea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rgcwuhrhqjdvuea|03|net"; nocase; ) # btlegeodpvvkogt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|btlegeodpvvkogt|03|com"; nocase; ) # uyuvytquiqnbova.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uyuvytquiqnbova|03|com"; nocase; ) # fptjbolcmsawlro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fptjbolcmsawlro|03|net"; nocase; ) # rsllygyrbpefngh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rsllygyrbpefngh|03|biz"; nocase; ) # sbvhyptjrwrknbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sbvhyptjrwrknbj|03|org"; nocase; ) # gdqjvhjoagsonoj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gdqjvhjoagsonoj|02|co|02|uk"; nocase; ) # hmkywdybgrfdpug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hmkywdybgrfdpug|03|com"; nocase; ) # wwemtaqtoteonub.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wwemtaqtoteonub|02|co|02|uk"; nocase; ) # xgxcuvggufqdrlb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xgxcuvggufqdrlb|03|com"; nocase; ) # acdlvwoltknuqbq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|acdlvwoltknuqbq|02|ru"; nocase; ) # vrsdhhhyntewmlf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vrsdhhhyntewmlf|03|com"; nocase; ) # icrfgiqdilwufbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|icrfgiqdilwufbq|03|net"; nocase; ) # ltqmbihfrisrbkh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ltqmbihfrisrbkh|04|info"; nocase; ) # inrqmihlgxvesun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|inrqmihlgxvesun|03|net"; nocase; ) # nptyeqtnouotjab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nptyeqtnouotjab|03|com"; nocase; ) # fqiknsjyiosyjks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fqiknsjyiosyjks|03|net"; nocase; ) # sujmwnpmyofujnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006137; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sujmwnpmyofujnv|03|biz"; nocase; ) # hrgnriwjefbahjt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006138; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hrgnriwjefbahjt|02|ru"; nocase; ) # naqanejuioxuuxr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006139; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|naqanejuioxuuxr|03|biz"; nocase; ) # snvrfrmungfkmsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006140; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|snvrfrmungfkmsy|03|com"; nocase; ) # tbpuuoalheflbxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006141; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tbpuuoalheflbxv|03|net"; nocase; ) # moswkpnlupiqvbk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006142; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|moswkpnlupiqvbk|03|org"; nocase; ) # netglhbkondmwiw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006143; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|netglhbkondmwiw|02|co|02|uk"; nocase; ) # nsqwlyidrgonvvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006144; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nsqwlyidrgonvvm|04|info"; nocase; ) # qavrnjssexyenqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006145; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qavrnjssexyenqt|03|org"; nocase; ) # urqsqmxupfncnpj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006146; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|urqsqmxupfncnpj|03|net"; nocase; ) # vxxkoqejaypshkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006147; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vxxkoqejaypshkm|03|org"; nocase; ) # wjuerfuliydwnbh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006148; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wjuerfuliydwnbh|02|co|02|uk"; nocase; ) # onkmdawwywdqrmv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006149; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|onkmdawwywdqrmv|02|ru"; nocase; ) # efvupxcktogsknp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006150; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|efvupxcktogsknp|03|org"; nocase; ) # gusdclqoqkdbgyw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006151; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gusdclqoqkdbgyw|03|org"; nocase; ) # gjrfbgjcqqlvkty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006152; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gjrfbgjcqqlvkty|03|biz"; nocase; ) # tlmfebppeprnkpx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006153; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tlmfebppeprnkpx|02|ru"; nocase; ) # pqyetrrboihwnoq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006154; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pqyetrrboihwnoq|03|net"; nocase; ) # rrwhxhflkypxnoi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006155; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rrwhxhflkypxnoi|02|ru"; nocase; ) # fxtcxrlxjujuknt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006156; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fxtcxrlxjujuknt|03|org"; nocase; ) # temccsvjkqrfkvv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006157; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|temccsvjkqrfkvv|03|com"; nocase; ) # ndyecjafywrjkww.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006158; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ndyecjafywrjkww|02|co|02|uk"; nocase; ) # btsgefrpjrgtbss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006159; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|btsgefrpjrgtbss|03|org"; nocase; ) # toeoafcxmlcekmc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006160; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|toeoafcxmlcekmc|04|info"; nocase; ) # afjdlvdxiktqia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006161; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|afjdlvdxiktqia|03|org"; nocase; ) # dmelryobemrhvc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006162; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dmelryobemrhvc|04|info"; nocase; ) # apwavystpgjeeq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006163; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|apwavystpgjeeq|03|biz"; nocase; ) # gfpsmrvlxkwabm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006164; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gfpsmrvlxkwabm|03|biz"; nocase; ) # ooximcojdijtxg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006165; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ooximcojdijtxg|02|ru"; nocase; ) # ofrlfpnjvbovdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006166; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ofrlfpnjvbovdy|03|net"; nocase; ) # dkvbbquuevmqov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006167; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dkvbbquuevmqov|03|org"; nocase; ) # qowfeikaclvyoj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006168; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qowfeikaclvyoj|02|co|02|uk"; nocase; ) # lbukjjgdiyxgiw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006169; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lbukjjgdiyxgiw|03|org"; nocase; ) # okixvjmuiiqfda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006170; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|okixvjmuiiqfda|03|com"; nocase; ) # syxumlempckhfh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006171; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|syxumlempckhfh|04|info"; nocase; ) # gdyypgkocxxtof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006172; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gdyypgkocxxtof|03|com"; nocase; ) # mlhcjcvirvdkro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006173; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mlhcjcvirvdkro|03|biz"; nocase; ) # sdumrtthdaxeqm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006174; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sdumrtthdaxeqm|04|info"; nocase; ) # vffyjhoydsfmdu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006175; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vffyjhoydsfmdu|03|biz"; nocase; ) # bdjkpwfquktbpe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006176; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bdjkpwfquktbpe|03|org"; nocase; ) # uatpwmhfuwhqpt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006177; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uatpwmhfuwhqpt|03|org"; nocase; ) # fkwxxbhiadnqpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006178; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fkwxxbhiadnqpb|03|org"; nocase; ) # rmwmicqjcwvhiq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006179; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rmwmicqjcwvhiq|02|co|02|uk"; nocase; ) # trhpallkdgiggk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006180; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|trhpallkdgiggk|03|com"; nocase; ) # wrfowlcmwoquer.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006181; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wrfowlcmwoquer|02|co|02|uk"; nocase; ) # ybkivqmqjvewpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006182; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ybkivqmqjvewpa|03|biz"; nocase; ) # mchaerggtviccn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006183; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mchaerggtviccn|03|org"; nocase; ) # qrmawkfkvhfvno.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006184; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qrmawkfkvhfvno|03|net"; nocase; ) # hhonulqwabbcbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006185; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hhonulqwabbcbq|03|org"; nocase; ) # iwpwvdevtyvxcx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006186; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iwpwvdevtyvxcx|02|co|02|uk"; nocase; ) # nqssclqbhygmsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006187; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nqssclqbhygmsd|03|org"; nocase; ) # uffrwvlgsabhwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006188; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uffrwvlgsabhwq|03|net"; nocase; ) # wtmsyywdhdnkbf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006189; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wtmsyywdhdnkbf|02|ru"; nocase; ) # tarfgfeselqbrj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006190; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tarfgfeselqbrj|02|co|02|uk"; nocase; ) # upsohaiouotosg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006191; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|upsohaiouotosg|04|info"; nocase; ) # bcpixrjeblyteg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006192; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bcpixrjeblyteg|03|net"; nocase; ) # xbvbdmcigrqcub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006193; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xbvbdmcigrqcub|03|org"; nocase; ) # taoyqlugvjlgte.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006194; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|taoyqlugvjlgte|03|biz"; nocase; ) # hepbagbtmjxcth.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006195; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hepbagbtmjxcth|02|ru"; nocase; ) # xkrrgnmxjmmiva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006196; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xkrrgnmxjmmiva|03|net"; nocase; ) # dyxxrryxmmtpwl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006197; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dyxxrryxmmtpwl|03|org"; nocase; ) # bunovdeqyrxebl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006198; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bunovdeqyrxebl|04|info"; nocase; ) # ktvfqlvhdbqwtk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006199; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ktvfqlvhdbqwtk|02|co|02|uk"; nocase; ) # gsplkyrovmurqf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006200; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gsplkyrovmurqf|04|info"; nocase; ) # xkplgyghrcreqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006201; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xkplgyghrcreqm|03|org"; nocase; ) # alnkwotofkcuqu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006202; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|alnkwotofkcuqu|04|info"; nocase; ) # oqxbcnrhuwuxre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006203; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oqxbcnrhuwuxre|03|net"; nocase; ) # rebqocwamhmmru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006204; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rebqocwamhmmru|03|com"; nocase; ) # vjgldvlwdwkxtc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006205; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vjgldvlwdwkxtc|03|com"; nocase; ) # wnehqfgliaokrn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006206; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wnehqfgliaokrn|03|biz"; nocase; ) # usxteysddivaqm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006207; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|usxteysddivaqm|02|ru"; nocase; ) # iusthtyqqhcrqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006208; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iusthtyqqhcrqi|03|org"; nocase; ) # kexngyjudoptjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006209; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kexngyjudoptjv|03|net"; nocase; ) # ydbmtnxiwidbhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006210; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ydbmtnxiwidbhb|03|biz"; nocase; ) # yogyykobuxhkqs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006211; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yogyykobuxhkqs|03|org"; nocase; ) # cdyjwonxpnrwii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006212; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cdyjwonxpnrwii|03|com"; nocase; ) # aetsgglnsdqsq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006213; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|aetsgglnsdqsq|04|info"; nocase; ) # ahvvbsvroqnro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006214; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ahvvbsvroqnro|03|com"; nocase; ) # pqhimdvlrosdv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006215; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pqhimdvlrosdv|02|ru"; nocase; ) # efamqlspmguwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006216; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|efamqlspmguwa|03|org"; nocase; ) # jphowxyelkfio.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006217; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jphowxyelkfio|03|biz"; nocase; ) # oducalyxnthin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006218; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oducalyxnthin|03|com"; nocase; ) # psvmrgjmalroo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006219; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|psvmrgjmalroo|03|net"; nocase; ) # aohvpbomwijqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006220; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|aohvpbomwijqc|03|org"; nocase; ) # ahqhxspjpeclb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006221; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ahqhxspjpeclb|02|co|02|uk"; nocase; ) # bwrrpkjenpwvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006222; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bwrrpkjenpwvs|04|info"; nocase; ) # cglpptnjywxou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006223; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cglpptnjywxou|03|net"; nocase; ) # fxxlavjpffbxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006224; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fxxlavjpffbxo|03|org"; nocase; ) # hdisffenxcphf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006225; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hdisffenxcphf|04|info"; nocase; ) # hpcfaoimhtpvs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006226; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hpcfaoimhtpvs|03|net"; nocase; ) # ogjevbmccysoo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006227; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ogjevbmccysoo|04|info"; nocase; ) # rnwujivikslpn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006228; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rnwujivikslpn|03|org"; nocase; ) # tlmamokyhibmh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006229; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tlmamokyhibmh|03|biz"; nocase; ) # lcwanyfrjwhiy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006230; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lcwanyfrjwhiy|02|ru"; nocase; ) # orqudocfexlbm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006231; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|orqudocfexlbm|02|co|02|uk"; nocase; ) # jaotxoimuxaoi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006232; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jaotxoimuxaoi|03|org"; nocase; ) # nxskntsxeqbub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006233; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nxskntsxeqbub|03|net"; nocase; ) # xtetlcmcjhuup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006234; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xtetlcmcjhuup|03|org"; nocase; ) # nrxirytffelqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006235; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nrxirytffelqg|03|biz"; nocase; ) # pfebieirtpdhg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006236; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pfebieirtpdhg|04|info"; nocase; ) # qoxyiavxqrkyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006237; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qoxyiavxqrkyk|03|net"; nocase; ) # skdjmbkkpmjsj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006238; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|skdjmbkkpmjsj|03|org"; nocase; ) # bbpuxmguyathx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006239; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bbpuxmguyathx|03|biz"; nocase; ) # qiudwqncbllff.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006240; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qiudwqncbllff|02|co|02|uk"; nocase; ) # fgahowdtburdg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006241; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fgahowdtburdg|02|ru"; nocase; ) # gtuvsrnikdrjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006242; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gtuvsrnikdrjx|03|org"; nocase; ) # yucethwhvdefa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006243; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yucethwhvdefa|03|com"; nocase; ) # mydhgysipfnqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006244; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mydhgysipfnqj|03|net"; nocase; ) # qwhxvrpgnuuvu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006245; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qwhxvrpgnuuvu|02|co|02|uk"; nocase; ) # jhluwaevkkqqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006246; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jhluwaevkkqqh|03|org"; nocase; ) # mpodobhnojkci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006247; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mpodobhnojkci|03|com"; nocase; ) # fwcwvumerrmja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006248; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fwcwvumerrmja|03|biz"; nocase; ) # rpfwfcgdsiwll.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006249; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rpfwfcgdsiwll|02|co|02|uk"; nocase; ) # fpctttftvwtwc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006250; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fpctttftvwtwc|04|info"; nocase; ) # ntpkunestflxl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006251; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ntpkunestflxl|04|info"; nocase; ) # ckhmlugrmrnul.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006252; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ckhmlugrmrnul|04|info"; nocase; ) # vwngbnfylacbd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006253; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vwngbnfylacbd|02|ru"; nocase; ) # wyqrdltswsonc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006254; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wyqrdltswsonc|04|info"; nocase; ) # sgptrsnuiajew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006255; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sgptrsnuiajew|03|net"; nocase; ) # xirkinlelbyxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006256; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xirkinlelbyxw|03|com"; nocase; ) # cwyjibnyomotg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006257; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cwyjibnyomotg|03|com"; nocase; ) # qiocjgaxusbkw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006258; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qiocjgaxusbkw|03|net"; nocase; ) # xwrjqvdvlhmed.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006259; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xwrjqvdvlhmed|02|co|02|uk"; nocase; ) # nqqcqshudprqf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006260; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nqqcqshudprqf|02|ru"; nocase; ) # eyrcsjsvbmarb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006261; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eyrcsjsvbmarb|03|com"; nocase; ) # gapfwsntapqjr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006262; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gapfwsntapqjr|03|biz"; nocase; ) # gqvvsobtovuot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006263; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gqvvsobtovuot|03|org"; nocase; ) # irtywxvrnylgr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006264; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|irtywxvrnylgr|04|info"; nocase; ) # vtoxwsimbrgab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006265; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vtoxwsimbrgab|03|com"; nocase; ) # lsuexytugduss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006266; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lsuexytugduss|03|org"; nocase; ) # lyrteqmyltii.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006267; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lyrteqmyltii|03|biz"; nocase; ) # ydsykiiljaxo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006268; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ydsykiiljaxo|02|ru"; nocase; ) # ebiyoqskbpso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006269; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ebiyoqskbpso|03|biz"; nocase; ) # trccibfivvfo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006270; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|trccibfivvfo|02|ru"; nocase; ) # afsmebjclwuy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006271; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|afsmebjclwuy|02|ru"; nocase; ) # aqtcklvhuppb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006272; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aqtcklvhuppb|03|org"; nocase; ) # koonglcmnjbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006273; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|koonglcmnjbt|03|com"; nocase; ) # oetvxeykypwq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006274; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oetvxeykypwq|03|org"; nocase; ) # ptugpyjylhhw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006275; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ptugpyjylhhw|02|co|02|uk"; nocase; ) # ndbhemmbykyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006276; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ndbhemmbykyw|03|com"; nocase; ) # eanscthextue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006277; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eanscthextue|03|org"; nocase; ) # cndipwwexmwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006278; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cndipwwexmwq|03|biz"; nocase; ) # kxanfcjlfnni.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006279; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kxanfcjlfnni|04|info"; nocase; ) # ospsojaqgylr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006280; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ospsojaqgylr|03|biz"; nocase; ) # hecscrurjmyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006281; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hecscrurjmyw|04|info"; nocase; ) # vhruamvpipaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006282; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vhruamvpipaq|03|com"; nocase; ) # jjmvthiyredf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006283; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jjmvthiyredf|03|net"; nocase; ) # lthbtwfditku.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006284; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lthbtwfditku|02|ru"; nocase; ) # dkrbuhahkifi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006285; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dkrbuhahkifi|03|org"; nocase; ) # vtsttlntpknk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006286; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vtsttlntpknk|03|org"; nocase; ) # kexmameuwbvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006287; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kexmameuwbvd|03|com"; nocase; ) # yxivyawunhvf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006288; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yxivyawunhvf|02|ru"; nocase; ) # bmxuoneyaslm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006289; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bmxuoneyaslm|04|info"; nocase; ) # mqffrpratgll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006290; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mqffrpratgll|03|net"; nocase; ) # mhamsllarwcd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006291; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mhamsllarwcd|02|ru"; nocase; ) # rjkgmuynfjjn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006292; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rjkgmuynfjjn|02|ru"; nocase; ) # ibioudqfveeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006293; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ibioudqfveeq|03|com"; nocase; ) # lmpbygacvvms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006294; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lmpbygacvvms|03|biz"; nocase; ) # fgadfnesxxax.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006295; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fgadfnesxxax|04|info"; nocase; ) # ulyfixeucnfi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006296; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ulyfixeucnfi|03|biz"; nocase; ) # qpjsxjcydkim.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006297; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qpjsxjcydkim|02|ru"; nocase; ) # tpnsrhotxucx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006298; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tpnsrhotxucx|04|info"; nocase; ) # qrlqiibugsjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006299; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qrlqiibugsjo|03|com"; nocase; ) # wmtjyjbagdst.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006300; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wmtjyjbagdst|02|ru"; nocase; ) # xqrfmsvolgwg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006301; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqrfmsvolgwg|02|co|02|uk"; nocase; ) # hkjolmuaqeap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006302; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hkjolmuaqeap|03|org"; nocase; ) # vpnnwkhcpipc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006303; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vpnnwkhcpipc|03|com"; nocase; ) # jtoqjftwgpkv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006304; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jtoqjftwgpkv|03|net"; nocase; ) # wfsissestmyo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006305; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wfsissestmyo|03|biz"; nocase; ) # 1kh2wl1l2l45p8s2uzu9pawdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kh2wl1l2l45p8s2uzu9pawdq|03|com"; nocase; ) # jab64i1qv1lhj13qah0nn3lznq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jab64i1qv1lhj13qah0nn3lznq|03|org"; nocase; ) # 1yr6h072b5ni41se154r192zvm3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yr6h072b5ni41se154r192zvm3|03|net"; nocase; ) # w76k4ptditk8h27j377dqwqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w76k4ptditk8h27j377dqwqz|03|biz"; nocase; ) # nr09dc1fbqcwkai2vyqi1usba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nr09dc1fbqcwkai2vyqi1usba|03|org"; nocase; ) # 1v28z0n1p59hb71lo3qca199oqyz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v28z0n1p59hb71lo3qca199oqyz|03|org"; nocase; ) # 1kw1l9b5vu5fm4q017qosujga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kw1l9b5vu5fm4q017qosujga|03|org"; nocase; ) # l74qb51iidos4els70p19pa06g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l74qb51iidos4els70p19pa06g|03|biz"; nocase; ) # 11nmi6xj2xeu7geypqaeujtde.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11nmi6xj2xeu7geypqaeujtde|03|biz"; nocase; ) # 15koyephxtz2b1tu73ze15ga9g5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15koyephxtz2b1tu73ze15ga9g5|03|com"; nocase; ) # 78fp52f9uelouq7aa810iz7x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|78fp52f9uelouq7aa810iz7x|03|net"; nocase; ) # 8i8sbt1yu6ei51zfsodb1a6e1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8i8sbt1yu6ei51zfsodb1a6e1|03|org"; nocase; ) # 1kpr2km1tsfwu31jymksw1kc0stg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kpr2km1tsfwu31jymksw1kc0stg|03|org"; nocase; ) # m18x671ekuvyrcuzzkx72043.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m18x671ekuvyrcuzzkx72043|03|com"; nocase; ) # 1dn6ra93yxqrqy7i7m81q5k89z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dn6ra93yxqrqy7i7m81q5k89z|03|org"; nocase; ) # vbrave1k6mxj81qgsm40dn5zzx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vbrave1k6mxj81qgsm40dn5zzx|03|net"; nocase; ) # 23bfgemlcqq417bxilwm19p9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|23bfgemlcqq417bxilwm19p9m|03|com"; nocase; ) # gni39lemcnkek9cl5z1q7buvd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gni39lemcnkek9cl5z1q7buvd|03|org"; nocase; ) # 1g98r3d1hkbe0d1l80s4lqsy84k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g98r3d1hkbe0d1l80s4lqsy84k|03|org"; nocase; ) # 5qmyy71km718x1bmeann1unahm4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5qmyy71km718x1bmeann1unahm4|03|biz"; nocase; ) # 1rosbybic42ds3h6mfb16q8czj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rosbybic42ds3h6mfb16q8czj|03|net"; nocase; ) # asmk1sgzv4qtxu5m31sco5us.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|asmk1sgzv4qtxu5m31sco5us|03|net"; nocase; ) # 18u21x54uqpm6sfdbtd2i4bf8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18u21x54uqpm6sfdbtd2i4bf8|03|com"; nocase; ) # 18a0z1g1ewogh1ndbff9gsx46m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18a0z1g1ewogh1ndbff9gsx46m|03|net"; nocase; ) # weag2f1itq6691xb4qk5j0phke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|weag2f1itq6691xb4qk5j0phke|03|biz"; nocase; ) # 12vstyr1gwcfoo38u7r2q0wg0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vstyr1gwcfoo38u7r2q0wg0e|03|com"; nocase; ) # 1g4jzna1nfzp5310cs9wy1vcwwhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g4jzna1nfzp5310cs9wy1vcwwhn|03|net"; nocase; ) # 177g9zmtxd5x5wqcnnizn3l4m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|177g9zmtxd5x5wqcnnizn3l4m|03|net"; nocase; ) # uuoenq1rx9u8fzghwjo1rjq7jv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uuoenq1rx9u8fzghwjo1rjq7jv|03|net"; nocase; ) # 1f1297qjfu83m1mn1gm017wf3ke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f1297qjfu83m1mn1gm017wf3ke|03|biz"; nocase; ) # 10o2ae71g7bhsl1yjs0hojupozb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10o2ae71g7bhsl1yjs0hojupozb|03|biz"; nocase; ) # rfkc2o1bk63391c726ft69o83i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rfkc2o1bk63391c726ft69o83i|03|org"; nocase; ) # 1pfiu3s186y66h7im6vy8n9puy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pfiu3s186y66h7im6vy8n9puy|03|net"; nocase; ) # swvltc1g387aw1gofwwphcbl1v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swvltc1g387aw1gofwwphcbl1v|03|biz"; nocase; ) # 1lsprny1lzc9cd1gsz3b6w6kaji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsprny1lzc9cd1gsz3b6w6kaji|03|org"; nocase; ) # ncowve1h9sqvj1f6b14z1lug6cr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ncowve1h9sqvj1f6b14z1lug6cr|03|net"; nocase; ) # 1bdyoa21177jt7185pznx17c04zt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bdyoa21177jt7185pznx17c04zt|03|com"; nocase; ) # 1e6qfzl1g00nv31j13ypv580wqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6qfzl1g00nv31j13ypv580wqq|03|net"; nocase; ) # o7x8tbz6kaoo50avf5d7w9cu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o7x8tbz6kaoo50avf5d7w9cu|03|biz"; nocase; ) # 1eu52sk1jp2sx32skm7kdvo0og.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eu52sk1jp2sx32skm7kdvo0og|03|com"; nocase; ) # shilvo17lbzgt1ckblquwxvz23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shilvo17lbzgt1ckblquwxvz23|03|net"; nocase; ) # kbjhj51t47dbjcdf0z21978ryg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbjhj51t47dbjcdf0z21978ryg|03|biz"; nocase; ) # 1e8b1ev1x5ht0z1raazrmsj9uzl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e8b1ev1x5ht0z1raazrmsj9uzl|03|net"; nocase; ) # epnr40khmxy6zcysei1nty4nl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epnr40khmxy6zcysei1nty4nl|03|biz"; nocase; ) # 1nzyphv1jbvctda5ua0r40hk3l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzyphv1jbvctda5ua0r40hk3l|03|org"; nocase; ) # 1uzego50uf61279x94mv6v5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1uzego50uf61279x94mv6v5h|03|net"; nocase; ) # 1qs1brl15z10o89kilas8hxv5x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qs1brl15z10o89kilas8hxv5x|03|org"; nocase; ) # 1pr1yuh1q3mybae16etk1cyky3s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pr1yuh1q3mybae16etk1cyky3s|03|net"; nocase; ) # 15upy29p9fxztre51rk9jhjvy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15upy29p9fxztre51rk9jhjvy|03|org"; nocase; ) # v7gom717wphk6k0erf71jhhz4l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v7gom717wphk6k0erf71jhhz4l|03|org"; nocase; ) # w54xov1uhllz2uoepa9x58hwx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w54xov1uhllz2uoepa9x58hwx|03|org"; nocase; ) # 1ghzlnb17pzsq01gvozffo5wxvr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghzlnb17pzsq01gvozffo5wxvr|03|biz"; nocase; ) # as1j2jncj2pi149gyiokxozj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|as1j2jncj2pi149gyiokxozj6|03|net"; nocase; ) # j0zoc61yv0ytqucy0lu1r4ak5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0zoc61yv0ytqucy0lu1r4ak5|03|biz"; nocase; ) # 1r57ubfligu4019e79f1x6wnyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r57ubfligu4019e79f1x6wnyt|03|org"; nocase; ) # 8aengghdifv1tiwanf1dwc3fy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8aengghdifv1tiwanf1dwc3fy|03|biz"; nocase; ) # r8lgdwfygtbhmo26wjrhekgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r8lgdwfygtbhmo26wjrhekgu|03|net"; nocase; ) # rmfnljbhxvez7rxws9q1693t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rmfnljbhxvez7rxws9q1693t|03|net"; nocase; ) # p6es7wtvomwt1fjsfex1l7kq8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p6es7wtvomwt1fjsfex1l7kq8o|03|org"; nocase; ) # 12lktt21o6gtpo1a25es4aipk3y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12lktt21o6gtpo1a25es4aipk3y|03|biz"; nocase; ) # 1rkjl64cuq2dx19no7at4el84l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rkjl64cuq2dx19no7at4el84l|03|com"; nocase; ) # 1mv1kmj1d1mjs21butc7q1inl39c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mv1kmj1d1mjs21butc7q1inl39c|03|net"; nocase; ) # 1kqu7shrt0x0i1slqeaj1fwj3uo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqu7shrt0x0i1slqeaj1fwj3uo|03|com"; nocase; ) # 17ohq4s9repfq14m1yn31l27xk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ohq4s9repfq14m1yn31l27xk1|03|net"; nocase; ) # 1uaaqsl1d3uefa1e50n7s1knqv2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uaaqsl1d3uefa1e50n7s1knqv2s|03|com"; nocase; ) # 1t8pbyuifmy3z1tsst041fobxkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t8pbyuifmy3z1tsst041fobxkj|03|org"; nocase; ) # dq6o874blsh7co9e451vzssze.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dq6o874blsh7co9e451vzssze|03|net"; nocase; ) # 14lnlc41nsu1rnnhpe7l4ih98c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14lnlc41nsu1rnnhpe7l4ih98c|03|com"; nocase; ) # 1hf0q9ibujepp1vujeoz8znuvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hf0q9ibujepp1vujeoz8znuvm|03|net"; nocase; ) # 1u9t57j8bbzfc1bei7zk1ij3u04.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9t57j8bbzfc1bei7zk1ij3u04|03|biz"; nocase; ) # 1gv9u0nna1m8uz2erca19txue0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gv9u0nna1m8uz2erca19txue0|03|net"; nocase; ) # 117q3ospevah61ohwzaj1bqus0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|117q3ospevah61ohwzaj1bqus0k|03|org"; nocase; ) # 5h80az83cnvk1jfttg2a8qjlr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5h80az83cnvk1jfttg2a8qjlr|03|net"; nocase; ) # 2n2ec61drjrbz1aj0u2hrewqtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2n2ec61drjrbz1aj0u2hrewqtb|03|net"; nocase; ) # 16vm52bc5k80czj2ges146hrh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16vm52bc5k80czj2ges146hrh5|03|com"; nocase; ) # hzvfog1k7usrzu11jycvwiumn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hzvfog1k7usrzu11jycvwiumn|03|biz"; nocase; ) # u0lncd9rep1316xx6hp1b8gvnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u0lncd9rep1316xx6hp1b8gvnt|03|net"; nocase; ) # 85nwbjf3j1ql1hj66nzrfts5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|85nwbjf3j1ql1hj66nzrfts5|03|org"; nocase; ) # 13v2ftn15yp4jo1vee7p01flh2u3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13v2ftn15yp4jo1vee7p01flh2u3|03|net"; nocase; ) # g3degv11d68gdjlnf5t1agrivj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g3degv11d68gdjlnf5t1agrivj|03|com"; nocase; ) # 17mg8cjc0tv6xaj3gpamqz1rp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17mg8cjc0tv6xaj3gpamqz1rp|03|biz"; nocase; ) # 17ztmrhcgvmj963js021erxa7o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ztmrhcgvmj963js021erxa7o|03|org"; nocase; ) # 8rfoel1jqep5e1wzds6mk677p6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8rfoel1jqep5e1wzds6mk677p6|03|com"; nocase; ) # 11f2l5w1yer69xnu9ach1doad2g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11f2l5w1yer69xnu9ach1doad2g|03|org"; nocase; ) # t18gpfrbzk8nktyii4cv1wc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t18gpfrbzk8nktyii4cv1wc9|03|net"; nocase; ) # 1l6653harwe7p21ojbcyrp1ns.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l6653harwe7p21ojbcyrp1ns|03|biz"; nocase; ) # 1mt7rxm18a7j5u1xarl0b1wt13ep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mt7rxm18a7j5u1xarl0b1wt13ep|03|org"; nocase; ) # 1i00t518mofluhwnftzufsknp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i00t518mofluhwnftzufsknp|03|org"; nocase; ) # 1mh2m2f1jfnnbl12518sr1db633v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mh2m2f1jfnnbl12518sr1db633v|03|net"; nocase; ) # nxsbmqkao8ywr8anfr1r2qtoz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nxsbmqkao8ywr8anfr1r2qtoz|03|com"; nocase; ) # 11hpvb8kh0p2m1x75irqrv4zlr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11hpvb8kh0p2m1x75irqrv4zlr|03|org"; nocase; ) # 1phvexo1yr7rtc1mf95d913vrxdd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1phvexo1yr7rtc1mf95d913vrxdd|03|net"; nocase; ) # 1527hveebxaks1uy4drerg763e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1527hveebxaks1uy4drerg763e|03|biz"; nocase; ) # ndlx681hwsh9qmor0ytw934kr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ndlx681hwsh9qmor0ytw934kr|03|biz"; nocase; ) # 1i37u1s90ebx71oh8jlarwf3p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i37u1s90ebx71oh8jlarwf3p|03|com"; nocase; ) # gba2cujl2vnw1v7m7951q4uz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gba2cujl2vnw1v7m7951q4uz3|03|org"; nocase; ) # kvax5g3aviro1lwcqqbqijtig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kvax5g3aviro1lwcqqbqijtig|03|net"; nocase; ) # 13d51hsmlvw3bcdw0o71efqj7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13d51hsmlvw3bcdw0o71efqj7c|03|net"; nocase; ) # gpg65j1qlayyt7gkdqroyzda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gpg65j1qlayyt7gkdqroyzda|03|biz"; nocase; ) # plmmx2vbwki54fb5n2sjkh70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|plmmx2vbwki54fb5n2sjkh70|03|net"; nocase; ) # luwv4e1s9mzw319hcb44kvu7hq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|luwv4e1s9mzw319hcb44kvu7hq|03|biz"; nocase; ) # fci2oq1rlgm1w1gkfy0elw4t0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fci2oq1rlgm1w1gkfy0elw4t0x|03|com"; nocase; ) # 44dz2u1fv2ndf1l1pibydvt07x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|44dz2u1fv2ndf1l1pibydvt07x|03|net"; nocase; ) # 11gppmc9lb8841cxwi8w1ti1w9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11gppmc9lb8841cxwi8w1ti1w9y|03|com"; nocase; ) # tj09v1ofgs2zq8gtmzlktxx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tj09v1ofgs2zq8gtmzlktxx6|03|biz"; nocase; ) # lqbm1d1cdl64myivtm81afrnfs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lqbm1d1cdl64myivtm81afrnfs|03|net"; nocase; ) # 1dcynwgq86wi5ndf3ilw78xh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1dcynwgq86wi5ndf3ilw78xh|03|com"; nocase; ) # 1xbekyj1m60fkh1j5ctoq1wjlzip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xbekyj1m60fkh1j5ctoq1wjlzip|03|com"; nocase; ) # hpzisf1n0mp60um0d8l15vsghi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hpzisf1n0mp60um0d8l15vsghi|03|org"; nocase; ) # 10nmnpnzg7oenpk83ot1bhz77x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10nmnpnzg7oenpk83ot1bhz77x|03|com"; nocase; ) # 6sa7fc1xwrr8dcd70d9pp8ol3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sa7fc1xwrr8dcd70d9pp8ol3|03|org"; nocase; ) # 7mea5l1en5zhlb4cbg412ptexc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7mea5l1en5zhlb4cbg412ptexc|03|biz"; nocase; ) # 1pkp7nj7g0rzd1k4au9rlf83u1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pkp7nj7g0rzd1k4au9rlf83u1|03|net"; nocase; ) # 1gikd83b0k818100r2nn1do6xd0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gikd83b0k818100r2nn1do6xd0|03|com"; nocase; ) # jynnfy56f0il13d6botgb9iiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jynnfy56f0il13d6botgb9iiu|03|net"; nocase; ) # xqhe4c64qq5c4xryevfbvsfz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xqhe4c64qq5c4xryevfbvsfz|03|com"; nocase; ) # 11pk9eujic9m01upr4051uby8ly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11pk9eujic9m01upr4051uby8ly|03|net"; nocase; ) # 1o8g5ll8f6yhd1h4nvv1w29acs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o8g5ll8f6yhd1h4nvv1w29acs|03|com"; nocase; ) # 1cr6bi31xkt43a1ouwnsa1r8j5yl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cr6bi31xkt43a1ouwnsa1r8j5yl|03|org"; nocase; ) # 1eikqmy1huotuc5py0aax4z07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eikqmy1huotuc5py0aax4z07|03|com"; nocase; ) # viqkr46whqrwya7lkzalkb57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|viqkr46whqrwya7lkzalkb57|03|com"; nocase; ) # 1ybdx6yp3qo3iav0lp467wjt2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ybdx6yp3qo3iav0lp467wjt2|03|org"; nocase; ) # 19khsu919orqefj2wsnfuw6aii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19khsu919orqefj2wsnfuw6aii|03|com"; nocase; ) # dgzqa71lbozv41a91vzt1jyjopp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dgzqa71lbozv41a91vzt1jyjopp|03|net"; nocase; ) # 1080ssl1khtdm9py7zw51rpryqc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1080ssl1khtdm9py7zw51rpryqc|03|com"; nocase; ) # 14l6aqc1hfnwzs19c49g8a1xhx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14l6aqc1hfnwzs19c49g8a1xhx2|03|org"; nocase; ) # 50r44t1a1urygkkw0jm1dzorb3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|50r44t1a1urygkkw0jm1dzorb3|03|org"; nocase; ) # 1liz6gl1rjopg1jyagjq1otlb3t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1liz6gl1rjopg1jyagjq1otlb3t|03|net"; nocase; ) # 17zyi7487sjs81bkv9098s5i7a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zyi7487sjs81bkv9098s5i7a|03|org"; nocase; ) # jq60k88iiynhuvr9dgfj1qf3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jq60k88iiynhuvr9dgfj1qf3|03|biz"; nocase; ) # 106873k1m3rpua7b4qnjwp3tww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|106873k1m3rpua7b4qnjwp3tww|03|net"; nocase; ) # 1d26cbxy9bpek1r6229eg6oo8l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d26cbxy9bpek1r6229eg6oo8l|03|net"; nocase; ) # 1pr0nkd1xt6frio8ux2f1cp2bod.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pr0nkd1xt6frio8ux2f1cp2bod|03|biz"; nocase; ) # 17jmqjegu9z8t1vojh8y1i0o3o5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17jmqjegu9z8t1vojh8y1i0o3o5|03|net"; nocase; ) # 9lwzx51vfxk37xaqr7d1qgffck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9lwzx51vfxk37xaqr7d1qgffck|03|net"; nocase; ) # 1npcazcp2n2711mbst046q8ah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1npcazcp2n2711mbst046q8ah|03|com"; nocase; ) # 1g7ok9125pbuz1u20osh4zp3r4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7ok9125pbuz1u20osh4zp3r4|03|biz"; nocase; ) # 1b3jk4r1bvapi5ffhy6sr9keey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3jk4r1bvapi5ffhy6sr9keey|03|org"; nocase; ) # ma19t7hqr8gf5gxeusyzj1zj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ma19t7hqr8gf5gxeusyzj1zj|03|net"; nocase; ) # kmnchtzccx0u1kpqab7n1xufu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmnchtzccx0u1kpqab7n1xufu|03|net"; nocase; ) # fmonlnfcsngrfytr3sdvrmkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fmonlnfcsngrfytr3sdvrmkz|03|org"; nocase; ) # 1obb16w15c3tc715gnwheugxzyb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obb16w15c3tc715gnwheugxzyb|03|biz"; nocase; ) # 1buti7f1elo9ypbizcbo9cunyw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1buti7f1elo9ypbizcbo9cunyw|03|org"; nocase; ) # 1xw4nec3zwp1j1l6zj7w19ee0qf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xw4nec3zwp1j1l6zj7w19ee0qf|03|com"; nocase; ) # 9tceo1j1lmm7q9b7um18bn2cs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9tceo1j1lmm7q9b7um18bn2cs|03|net"; nocase; ) # 16klkwv12acgqf1mzrr1iq6821n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16klkwv12acgqf1mzrr1iq6821n|03|net"; nocase; ) # ycuspl1xzhhlz1mpfwyn1yhzqpp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ycuspl1xzhhlz1mpfwyn1yhzqpp|03|com"; nocase; ) # 19oh87k1mbnscw1myka8x1csd9pp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19oh87k1mbnscw1myka8x1csd9pp|03|net"; nocase; ) # 1mcd1f244aun01pqujq3z0l8ko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mcd1f244aun01pqujq3z0l8ko|03|com"; nocase; ) # 11q857z1r45fx11d4lb4j1hpwols.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11q857z1r45fx11d4lb4j1hpwols|03|org"; nocase; ) # 1qpraxrmgymo51ex12p18vyemm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qpraxrmgymo51ex12p18vyemm|03|org"; nocase; ) # drdpb8hqkrxzg6mscv1ge0nyb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|drdpb8hqkrxzg6mscv1ge0nyb|03|biz"; nocase; ) # bjnq8413a034dx8uwx77liek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bjnq8413a034dx8uwx77liek|03|net"; nocase; ) # qmmogl1ppmy84gtml4eydpna9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmmogl1ppmy84gtml4eydpna9|03|biz"; nocase; ) # up7fjx1b98p351aqb4r31sbe3ct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|up7fjx1b98p351aqb4r31sbe3ct|03|com"; nocase; ) # 1ojnw1qjfh926zvyeu3y58ajv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ojnw1qjfh926zvyeu3y58ajv|03|org"; nocase; ) # en7kwg1lf18b11novaok1mvtzre.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|en7kwg1lf18b11novaok1mvtzre|03|biz"; nocase; ) # 12rlf44166lj2fpwbjwk16i68j7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12rlf44166lj2fpwbjwk16i68j7|03|net"; nocase; ) # 1ik6mih14srs661mrp58h1jpk9pf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ik6mih14srs661mrp58h1jpk9pf|03|org"; nocase; ) # ghpj0ae5qthj1h5kwcecfocl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ghpj0ae5qthj1h5kwcecfocl4|03|com"; nocase; ) # 1co1ze0wi4f8l1mh0nrz1gv4j3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1co1ze0wi4f8l1mh0nrz1gv4j3i|03|com"; nocase; ) # ypkam19ks5rm10e0l9wk31zsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypkam19ks5rm10e0l9wk31zsy|03|org"; nocase; ) # hwv7ahow59gn1ioy29e1uh40av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hwv7ahow59gn1ioy29e1uh40av|03|com"; nocase; ) # 73fspk4nkzewdrpo8d1gstjn6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|73fspk4nkzewdrpo8d1gstjn6|03|net"; nocase; ) # 5q777a1k15x78pnkjxs14hxx9m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5q777a1k15x78pnkjxs14hxx9m|03|biz"; nocase; ) # 1ydx001lnvtwaz04vz51o7b6w0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ydx001lnvtwaz04vz51o7b6w0|03|net"; nocase; ) # qb85c016movezk4xdrc1b5im68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qb85c016movezk4xdrc1b5im68|03|org"; nocase; ) # 1qfa5bo2aecqzt3y9rz8epqe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qfa5bo2aecqzt3y9rz8epqe|03|net"; nocase; ) # 1jbv02lgbrvh3ms9hql1qjjhjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbv02lgbrvh3ms9hql1qjjhjt|03|biz"; nocase; ) # 148cs87qdswx41m89aoj1eo7ijn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|148cs87qdswx41m89aoj1eo7ijn|03|com"; nocase; ) # hxr9r41geqctkvbsv9917bxr3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hxr9r41geqctkvbsv9917bxr3r|03|net"; nocase; ) # 9wv8o417e6zsq1lcz6pbqairsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wv8o417e6zsq1lcz6pbqairsk|03|org"; nocase; ) # md5qqb1w8qqrq10a2zeubew1f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|md5qqb1w8qqrq10a2zeubew1f2|03|net"; nocase; ) # rapkavp38lcj9m9ywssfsfp1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rapkavp38lcj9m9ywssfsfp1|03|com"; nocase; ) # 1vofasi1leduuc305yaq1de12t9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vofasi1leduuc305yaq1de12t9|03|org"; nocase; ) # 5pcewv116gl2rrgv90n3t9f4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5pcewv116gl2rrgv90n3t9f4|03|net"; nocase; ) # 1xjvq8r1267drhebaqx6e8znsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xjvq8r1267drhebaqx6e8znsq|03|org"; nocase; ) # 1b5s9ofnr9r5i02lkndjaq86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1b5s9ofnr9r5i02lkndjaq86|03|com"; nocase; ) # 1rnqzfsekk6wsryar9h1qpp8t8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rnqzfsekk6wsryar9h1qpp8t8|03|com"; nocase; ) # b73uqrt22lle11l6jp01fjoocm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b73uqrt22lle11l6jp01fjoocm|03|net"; nocase; ) # 1xjvvym5snyhqynlq2y1o9h95a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xjvvym5snyhqynlq2y1o9h95a|03|org"; nocase; ) # 1e4bg81xs4vkaytz40bx013v2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e4bg81xs4vkaytz40bx013v2|03|org"; nocase; ) # 1x4qd0o1eizkkx12b41jd1fvnaq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x4qd0o1eizkkx12b41jd1fvnaq8|03|com"; nocase; ) # wt76vs1f7fpowui36129hsrnv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wt76vs1f7fpowui36129hsrnv|03|net"; nocase; ) # fb4zfghrcb821wswm6c1fzc1n9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fb4zfghrcb821wswm6c1fzc1n9|03|biz"; nocase; ) # ekk50w2rkccma2kb50wlgacr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ekk50w2rkccma2kb50wlgacr|03|biz"; nocase; ) # 1tv3f03176m5ll1gicuxu1mte70s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tv3f03176m5ll1gicuxu1mte70s|03|com"; nocase; ) # 1mb81shzsjdy58dglik1izy5g0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mb81shzsjdy58dglik1izy5g0|03|biz"; nocase; ) # qoza9y2eswff16t5ttg1fgbgi8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qoza9y2eswff16t5ttg1fgbgi8|03|com"; nocase; ) # 1c6pzcq1uuockl1nz7a4tpw68ve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c6pzcq1uuockl1nz7a4tpw68ve|03|org"; nocase; ) # glbn0u1kes1ck1stdp911d7vnj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|glbn0u1kes1ck1stdp911d7vnj7|03|net"; nocase; ) # cacxepnjzbj517uieok1redbdu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cacxepnjzbj517uieok1redbdu|03|biz"; nocase; ) # hdtf741i50uix1mv5q2itume1b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hdtf741i50uix1mv5q2itume1b|03|biz"; nocase; ) # mpap9zammccr1u0t9tz1sqge1n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mpap9zammccr1u0t9tz1sqge1n|03|org"; nocase; ) # zwk14a1bgliqv1p9qs2v1kjsxp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zwk14a1bgliqv1p9qs2v1kjsxp0|03|org"; nocase; ) # 5kz3kvw3we0z1o0zup41uvn0qe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5kz3kvw3we0z1o0zup41uvn0qe|03|org"; nocase; ) # 1alaiz61gxdlf3l23sxpv0vf5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alaiz61gxdlf3l23sxpv0vf5z|03|net"; nocase; ) # 14ed6tx1owzpbwtcc6yd14ale4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ed6tx1owzpbwtcc6yd14ale4o|03|net"; nocase; ) # 2xci2v74tga9f43v4w4t0rl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2xci2v74tga9f43v4w4t0rl9|03|net"; nocase; ) # 1u2aw26fnu9ox1qqok86u48dis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u2aw26fnu9ox1qqok86u48dis|03|com"; nocase; ) # 1pl1axh1at2gmy1wn04da1vgkb9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pl1axh1at2gmy1wn04da1vgkb9y|03|com"; nocase; ) # sg5257fkz43y1nh6p981bnnoy2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sg5257fkz43y1nh6p981bnnoy2|03|biz"; nocase; ) # fz75j91cq1enuheogv8l6vrdr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fz75j91cq1enuheogv8l6vrdr|03|org"; nocase; ) # sjpdr53ulr9n1cozjkdgil62y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sjpdr53ulr9n1cozjkdgil62y|03|com"; nocase; ) # 1q7vo1y1gx5xx0j48n571lfc832.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q7vo1y1gx5xx0j48n571lfc832|03|com"; nocase; ) # 14tld0emy7ro71r3u9qn1ln9a5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14tld0emy7ro71r3u9qn1ln9a5t|03|net"; nocase; ) # 1652l726vrjawab86fg146kvk4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1652l726vrjawab86fg146kvk4|03|biz"; nocase; ) # yu86guz48gi3eip0voir8gcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yu86guz48gi3eip0voir8gcq|03|com"; nocase; ) # yje05f1ohbj3y1t59jbi15itx3b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yje05f1ohbj3y1t59jbi15itx3b|03|org"; nocase; ) # u8t69s1nouhg7c9bcwn1xhsckd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u8t69s1nouhg7c9bcwn1xhsckd|03|biz"; nocase; ) # 1sza6roz97991c37odq3sny9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sza6roz97991c37odq3sny9y|03|com"; nocase; ) # kbjzai1yuyn4e10xulz3s49cb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbjzai1yuyn4e10xulz3s49cb8|03|net"; nocase; ) # roksy61mwbmru1yozxec1d14na4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|roksy61mwbmru1yozxec1d14na4|03|com"; nocase; ) # ze3yxd1uk95ut107oitmvkqtzg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ze3yxd1uk95ut107oitmvkqtzg|03|biz"; nocase; ) # tz1k7yp8voq9wsaiouly5r2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tz1k7yp8voq9wsaiouly5r2t|03|net"; nocase; ) # 1khuydafon14yw6chyif7yofa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1khuydafon14yw6chyif7yofa|03|org"; nocase; ) # ht3txc1wl6fpl1pgjmxe1eh5y9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ht3txc1wl6fpl1pgjmxe1eh5y9t|03|net"; nocase; ) # 1j203n7rn77fibuvhpd1bmeqsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j203n7rn77fibuvhpd1bmeqsa|03|com"; nocase; ) # 1fujzzd177y4mvwpf4gzskl1vo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fujzzd177y4mvwpf4gzskl1vo|03|org"; nocase; ) # 1aie1561oy1tfw1pr3n6x1qlye3s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aie1561oy1tfw1pr3n6x1qlye3s|03|net"; nocase; ) # 1fsy8if1v0gm1613wvp6o1qw1rqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fsy8if1v0gm1613wvp6o1qw1rqp|03|com"; nocase; ) # 1fp768k1aix0121j5filx17oopq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fp768k1aix0121j5filx17oopq7|03|biz"; nocase; ) # 172en1zo3bxxvoz2ip5fsw3hl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|172en1zo3bxxvoz2ip5fsw3hl|03|org"; nocase; ) # 1ol2fbf1nhijt210cpos31lv55f9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ol2fbf1nhijt210cpos31lv55f9|03|org"; nocase; ) # qzjsdx5ujwh81j8op0q16b3u64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qzjsdx5ujwh81j8op0q16b3u64|03|com"; nocase; ) # k2op8710utb291hwxjg312qy9ex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k2op8710utb291hwxjg312qy9ex|03|org"; nocase; ) # 1nlw5dtec9nqf1kyesvxns94y7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nlw5dtec9nqf1kyesvxns94y7|03|biz"; nocase; ) # wkwlik189ky32wprrr6142jya4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkwlik189ky32wprrr6142jya4|03|net"; nocase; ) # wikmyz1e3aytu1lm4rnp1l9mo2m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wikmyz1e3aytu1lm4rnp1l9mo2m|03|biz"; nocase; ) # mf3db1xndcufl3t3aa118didk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mf3db1xndcufl3t3aa118didk|03|org"; nocase; ) # ktljtcacb2f1m124o46uxl08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ktljtcacb2f1m124o46uxl08|03|net"; nocase; ) # 1u2q7bb1xdfkla1lrfhfk1am5r24.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u2q7bb1xdfkla1lrfhfk1am5r24|03|biz"; nocase; ) # 2p4w0u1ilku1f1ycp7xjcbtgge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2p4w0u1ilku1f1ycp7xjcbtgge|03|org"; nocase; ) # 14tc28h11lporgrm57m1139p6ml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14tc28h11lporgrm57m1139p6ml|03|com"; nocase; ) # g09vlg6z62wwz7g4cgkp2mkj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g09vlg6z62wwz7g4cgkp2mkj|03|net"; nocase; ) # enut111ebpal5f3wj1wy43jm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|enut111ebpal5f3wj1wy43jm|03|biz"; nocase; ) # f53kou1ll1uc9kc98jy15foxje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f53kou1ll1uc9kc98jy15foxje|03|net"; nocase; ) # px4jfndyuq1qf41er615frec1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|px4jfndyuq1qf41er615frec1|03|net"; nocase; ) # 1kr3n7v1axv7b118ici8jx31sxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kr3n7v1axv7b118ici8jx31sxe|03|org"; nocase; ) # q4jlcweg599mr8dx5d13dyp6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q4jlcweg599mr8dx5d13dyp6i|03|org"; nocase; ) # ujxm6xzfknda12f9isnfh2nu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ujxm6xzfknda12f9isnfh2nu|03|net"; nocase; ) # zr1itv1pqjv2ymv95gbzsx5w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zr1itv1pqjv2ymv95gbzsx5w4|03|org"; nocase; ) # 1x02j61jsf3hn1opf5fx2syf90.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x02j61jsf3hn1opf5fx2syf90|03|org"; nocase; ) # 1emgr61kbwffxgypbyp1i1l8ba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1emgr61kbwffxgypbyp1i1l8ba|03|net"; nocase; ) # 1drxu1cnmzgkt1nf565x1hx96er.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1drxu1cnmzgkt1nf565x1hx96er|03|org"; nocase; ) # wlzu5n17kyu2s1chyva8a4810.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wlzu5n17kyu2s1chyva8a4810|03|org"; nocase; ) # s978e3ovmm5ily01yf1mhlebh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s978e3ovmm5ily01yf1mhlebh|03|net"; nocase; ) # 14ixsdk1yomkoky6h1evr08pr9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ixsdk1yomkoky6h1evr08pr9|03|net"; nocase; ) # 1r58thsl41z3k1tdcynlxetm71.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r58thsl41z3k1tdcynlxetm71|03|net"; nocase; ) # 193zi7mxqwgge1nvpft41fvuvv5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|193zi7mxqwgge1nvpft41fvuvv5|03|com"; nocase; ) # ds9pkr1ying541qzh2ir1vf2n42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ds9pkr1ying541qzh2ir1vf2n42|03|org"; nocase; ) # 7kxpfdd6wbo41ua013xo6t4o3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7kxpfdd6wbo41ua013xo6t4o3|03|biz"; nocase; ) # yj62om18zhv2mxrpg1r1r1c4pd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yj62om18zhv2mxrpg1r1r1c4pd|03|org"; nocase; ) # kyydw91udg2y3188796015i4in2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kyydw91udg2y3188796015i4in2|03|com"; nocase; ) # brp90517zfi451scqvd3e9ctrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|brp90517zfi451scqvd3e9ctrx|03|net"; nocase; ) # 1h77sdh4hhwq8qoihcz15e62gi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h77sdh4hhwq8qoihcz15e62gi|03|net"; nocase; ) # 13s0cu187oguj1bvdtpw1smjzwd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13s0cu187oguj1bvdtpw1smjzwd|03|org"; nocase; ) # 1sd3dsk1x08o25177873wmv0wjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sd3dsk1x08o25177873wmv0wjl|03|net"; nocase; ) # tfcz2g169drgoafibyl1pxyerv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tfcz2g169drgoafibyl1pxyerv|03|net"; nocase; ) # 14jy1e3wcsnik1yps7cc1xznm3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14jy1e3wcsnik1yps7cc1xznm3s|03|com"; nocase; ) # 1qft9244hze8fksinq1epsjlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qft9244hze8fksinq1epsjlh|03|org"; nocase; ) # 1zghuh1r537vro4a97t1y3yf1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1zghuh1r537vro4a97t1y3yf1z|03|net"; nocase; ) # 12nj4h05ieb751hrhfqcs40hot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12nj4h05ieb751hrhfqcs40hot|03|com"; nocase; ) # 1xbm84n1dpcadsvxs3e71axnldd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xbm84n1dpcadsvxs3e71axnldd|03|biz"; nocase; ) # xy62ex6rftna1ds5grs1c8t15c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xy62ex6rftna1ds5grs1c8t15c|03|com"; nocase; ) # 1p9apy21p5funy18dobw81rmrzpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p9apy21p5funy18dobw81rmrzpk|03|net"; nocase; ) # diiymvfhy2fvyo3273qbd1m8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|diiymvfhy2fvyo3273qbd1m8|03|org"; nocase; ) # 183tnue1btpt3n1psny1auva4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|183tnue1btpt3n1psny1auva4a|03|net"; nocase; ) # qk9fltrkeglm1psoenz1g1gfu1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qk9fltrkeglm1psoenz1g1gfu1|03|com"; nocase; ) # 1f320pi7vp4x1osrt7717j7zt6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f320pi7vp4x1osrt7717j7zt6|03|org"; nocase; ) # 85695erx6rxze5jcef13f16sn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|85695erx6rxze5jcef13f16sn|03|net"; nocase; ) # 1kqh12j1hv197vawz8xn1cgujz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqh12j1hv197vawz8xn1cgujz8|03|com"; nocase; ) # g4lna31m8hy114xbsw8ajzrou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g4lna31m8hy114xbsw8ajzrou|03|org"; nocase; ) # 1ux3k12138sbr81qz4qb61ga52td.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ux3k12138sbr81qz4qb61ga52td|03|com"; nocase; ) # 1ls8wzsynqrql152f7v01p5l4hj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ls8wzsynqrql152f7v01p5l4hj|03|com"; nocase; ) # 1qxvh51sdjjl71558zsu4qw50y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qxvh51sdjjl71558zsu4qw50y|03|com"; nocase; ) # u0x65v1ks88ea1i6urhl1pnd6pu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u0x65v1ks88ea1i6urhl1pnd6pu|03|net"; nocase; ) # xgu80q1qnsy0ra6xnum1hdfktx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xgu80q1qnsy0ra6xnum1hdfktx|03|org"; nocase; ) # 35cdnt1kuzh4z1vol2xk1eobku0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|35cdnt1kuzh4z1vol2xk1eobku0|03|biz"; nocase; ) # 1yx4mp111qvr8czgoxnj1hkfdj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yx4mp111qvr8czgoxnj1hkfdj6|03|net"; nocase; ) # xevwdo1h67dk41xdu6jpzd7fva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xevwdo1h67dk41xdu6jpzd7fva|03|net"; nocase; ) # tpm4yldaw6q3qt9dh5ois3x7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tpm4yldaw6q3qt9dh5ois3x7|03|com"; nocase; ) # 1bds0sx15ksoa6125l0w7ijkgh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bds0sx15ksoa6125l0w7ijkgh6|03|net"; nocase; ) # y2zq761uegg18wyxljlcuee87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2zq761uegg18wyxljlcuee87|03|org"; nocase; ) # 142npof1tkjnub187p97y1hprm7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|142npof1tkjnub187p97y1hprm7a|03|com"; nocase; ) # 18kj8uxb050yu1o4aggz15hc4ic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18kj8uxb050yu1o4aggz15hc4ic|03|net"; nocase; ) # i9yy80cfjcevdtc6a3xravxy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i9yy80cfjcevdtc6a3xravxy|03|org"; nocase; ) # thqybg1ido02g1kj9g4z14vtibs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|thqybg1ido02g1kj9g4z14vtibs|03|org"; nocase; ) # d30gpv1di790b1jgcgvno2p55m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d30gpv1di790b1jgcgvno2p55m|03|biz"; nocase; ) # 1ug345n1k5so0vo9wopxe7uo5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ug345n1k5so0vo9wopxe7uo5g|03|org"; nocase; ) # 1ac8rzzrzfjpy1jjsn831c4u71t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ac8rzzrzfjpy1jjsn831c4u71t|03|biz"; nocase; ) # 4my50r103hy874wwg6p9wgm63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4my50r103hy874wwg6p9wgm63|03|com"; nocase; ) # 1xdq5e41twyf7l1s9yu341b314b0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xdq5e41twyf7l1s9yu341b314b0|03|biz"; nocase; ) # w5v4ftw2qogdl7d2d2taortq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w5v4ftw2qogdl7d2d2taortq|03|net"; nocase; ) # 1056ih81ipiudm1avwugd104gyq7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1056ih81ipiudm1avwugd104gyq7|03|net"; nocase; ) # v1g48v1u1p8sd13fnns277m801.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1g48v1u1p8sd13fnns277m801|03|com"; nocase; ) # izbv9rrjx8g81ra33wg1jemxhw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|izbv9rrjx8g81ra33wg1jemxhw|03|com"; nocase; ) # ipje9b12n6x3c1bc5i261ddii6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ipje9b12n6x3c1bc5i261ddii6e|03|org"; nocase; ) # cjmipzs3wqlbkdjxq91axfall.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cjmipzs3wqlbkdjxq91axfall|03|com"; nocase; ) # n51iey1kg3qo1f9lq301vfz05d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n51iey1kg3qo1f9lq301vfz05d|03|biz"; nocase; ) # 1cokb1d6hf5o81fa0jom1r54kzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cokb1d6hf5o81fa0jom1r54kzu|03|net"; nocase; ) # 1knjz6b1wf9z4o191j67yk3202t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1knjz6b1wf9z4o191j67yk3202t|03|biz"; nocase; ) # g6aaez1ymowbiuif6zf1m81b7p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6aaez1ymowbiuif6zf1m81b7p|03|com"; nocase; ) # 1fzjcukccxiiv1iqgk9a134dcwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fzjcukccxiiv1iqgk9a134dcwg|03|org"; nocase; ) # 4x461hbteax1k0666xxuzcc1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4x461hbteax1k0666xxuzcc1|03|biz"; nocase; ) # ydrqns12ekqgpynglqcwyoq6a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ydrqns12ekqgpynglqcwyoq6a|03|net"; nocase; ) # 13g7e5dxizccz17a6ypq1a9c7nq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13g7e5dxizccz17a6ypq1a9c7nq|03|org"; nocase; ) # u4ramkuhilb2smcq1czunndu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u4ramkuhilb2smcq1czunndu|03|net"; nocase; ) # 1v4u058i02kv5dg6s3w1l6k9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v4u058i02kv5dg6s3w1l6k9m|03|com"; nocase; ) # 1bl0q7wm46r9t1bf03ey1vc3bgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bl0q7wm46r9t1bf03ey1vc3bgt|03|org"; nocase; ) # cydqxg1vg5gn81pgzkih137g2q2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cydqxg1vg5gn81pgzkih137g2q2|03|net"; nocase; ) # 1b8bqer1avegh0mxnvmn10b77vh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b8bqer1avegh0mxnvmn10b77vh|03|org"; nocase; ) # 1jiexw611yku8v14tynm2l2vqbn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jiexw611yku8v14tynm2l2vqbn|03|net"; nocase; ) # 1xe72ex1welmlzu4yofa1xhoxb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xe72ex1welmlzu4yofa1xhoxb7|03|net"; nocase; ) # 1ugnwen1w62nqbi0qy6g1o8ujor.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ugnwen1w62nqbi0qy6g1o8ujor|03|org"; nocase; ) # njs5gi4ixraozy0p0l157zp6y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|njs5gi4ixraozy0p0l157zp6y|03|com"; nocase; ) # xr2ttw1h8dgfb1cfrcte33j9vk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xr2ttw1h8dgfb1cfrcte33j9vk|03|org"; nocase; ) # 10psgenhpzjbrpvzr2w1aiii8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10psgenhpzjbrpvzr2w1aiii8c|03|com"; nocase; ) # 5wtiw11l56ht5vu2vc8e1cdt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5wtiw11l56ht5vu2vc8e1cdt|03|net"; nocase; ) # q9fmee1lr26y61ersqapmwtav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q9fmee1lr26y61ersqapmwtav|03|com"; nocase; ) # qo3ylk1z098941v8k2a41214bz4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qo3ylk1z098941v8k2a41214bz4|03|org"; nocase; ) # 3d3ign16tyqgq12aflfbjlq2jr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3d3ign16tyqgq12aflfbjlq2jr|03|org"; nocase; ) # m0w8qreq1gh2l4vmzqqzn77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|m0w8qreq1gh2l4vmzqqzn77|03|net"; nocase; ) # 1q5hkwkvwqv8c1yftvxk11d6tvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q5hkwkvwqv8c1yftvxk11d6tvb|03|biz"; nocase; ) # 3rl6zlsaccou1c6sdximw45pu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3rl6zlsaccou1c6sdximw45pu|03|net"; nocase; ) # mm1iqeekkgnv16po75ntioxta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mm1iqeekkgnv16po75ntioxta|03|net"; nocase; ) # f4k9de1l40mih14z6tqf1ctwb30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f4k9de1l40mih14z6tqf1ctwb30|03|com"; nocase; ) # 1adrh4j14n817t1m5f3etquo0pk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adrh4j14n817t1m5f3etquo0pk|03|net"; nocase; ) # 1pservi1bywvv2mze9091zesfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pservi1bywvv2mze9091zesfd|03|com"; nocase; ) # z5w6rr1i5pp7jkw6sca63mmmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z5w6rr1i5pp7jkw6sca63mmmc|03|com"; nocase; ) # fg78gs1gd6j1z199k1wd1u3bn8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fg78gs1gd6j1z199k1wd1u3bn8d|03|com"; nocase; ) # 1l0e1m3b353f3v4yyuz13ru3yp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0e1m3b353f3v4yyuz13ru3yp|03|net"; nocase; ) # chj09x1rn6d01k5etxw17nqed8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chj09x1rn6d01k5etxw17nqed8|03|org"; nocase; ) # joxhooa0ibklgk9on01of3xip.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|joxhooa0ibklgk9on01of3xip|03|biz"; nocase; ) # g99d4jcv4ebl1cqn9fp1e3fj0l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g99d4jcv4ebl1cqn9fp1e3fj0l|03|biz"; nocase; ) # 162jpxk1lxc84h1phwo15u7g09g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|162jpxk1lxc84h1phwo15u7g09g|03|com"; nocase; ) # 1eofr3vwkhw93n53ji259fa0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eofr3vwkhw93n53ji259fa0o|03|net"; nocase; ) # zp4nu9venly9osxy71wu60ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zp4nu9venly9osxy71wu60ar|03|net"; nocase; ) # 1hwqgbv108hday1g4cgly8ooe65.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwqgbv108hday1g4cgly8ooe65|03|com"; nocase; ) # 1h3dnhy1nim9l42vhw0x1k2m8ky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3dnhy1nim9l42vhw0x1k2m8ky|03|net"; nocase; ) # 6oyr6rwvkof8fxp1q1exsnjz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6oyr6rwvkof8fxp1q1exsnjz|03|biz"; nocase; ) # jvkuk0161cefmqkxut32efyt6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jvkuk0161cefmqkxut32efyt6|03|org"; nocase; ) # 1k0i3wl1whonari80z9ivv25o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k0i3wl1whonari80z9ivv25o|03|biz"; nocase; ) # 1f4zc9mc3ve1o1lalp4lobko1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f4zc9mc3ve1o1lalp4lobko1x|03|com"; nocase; ) # 1e3ue4r4213431dzg7b91fidlqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3ue4r4213431dzg7b91fidlqs|03|net"; nocase; ) # 471pyc1382skt1psor7lp3kn9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|471pyc1382skt1psor7lp3kn9d|03|org"; nocase; ) # 1pxtdai1ilv9rc1qsfcqcf8k60n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pxtdai1ilv9rc1qsfcqcf8k60n|03|biz"; nocase; ) # pv731c167tswb19xrlgj1hl6i4r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pv731c167tswb19xrlgj1hl6i4r|03|org"; nocase; ) # 171z90u1bb3581spml5y17kb1t7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|171z90u1bb3581spml5y17kb1t7|03|org"; nocase; ) # dbzgs212yqlld1z0533m17m8s6z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dbzgs212yqlld1z0533m17m8s6z|03|com"; nocase; ) # nex3wb1a5i0o0i307rtrwfams.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nex3wb1a5i0o0i307rtrwfams|03|net"; nocase; ) # 19sxj2b17440sy1xus504iw5a5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19sxj2b17440sy1xus504iw5a5b|03|biz"; nocase; ) # 1czpis5qeg5lgx5zmedpyqt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1czpis5qeg5lgx5zmedpyqt|03|net"; nocase; ) # sobkvmf89ydfn97vkm1jpl123.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sobkvmf89ydfn97vkm1jpl123|03|biz"; nocase; ) # y0cl1p9wwsph551ri01b9vkqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y0cl1p9wwsph551ri01b9vkqw|03|com"; nocase; ) # 1jg8srm1tj0uru10tvnqk1xwirtp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jg8srm1tj0uru10tvnqk1xwirtp|03|net"; nocase; ) # q8fvsgfrtna7643kwi1pmkutb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q8fvsgfrtna7643kwi1pmkutb|03|biz"; nocase; ) # 80tqah3yn74d1g0kl7t1er4g7b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|80tqah3yn74d1g0kl7t1er4g7b|03|biz"; nocase; ) # 17ne3gfn713mrvtfrxgb6dp4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17ne3gfn713mrvtfrxgb6dp4x|03|org"; nocase; ) # oi1hye19mo2ebd30sp11tywceo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oi1hye19mo2ebd30sp11tywceo|03|org"; nocase; ) # 121kjmy1068tqvfmeu9anmmcq2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|121kjmy1068tqvfmeu9anmmcq2|03|org"; nocase; ) # mfqokeuxuetb1y7dfco302ltj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mfqokeuxuetb1y7dfco302ltj|03|biz"; nocase; ) # ebi20bcjttwr4wajvrxk8vy3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ebi20bcjttwr4wajvrxk8vy3|03|net"; nocase; ) # mkoenrvna8tp1m861s37j885s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mkoenrvna8tp1m861s37j885s|03|biz"; nocase; ) # 1r3u3s71t65kty1nm5xzph0o35h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r3u3s71t65kty1nm5xzph0o35h|03|com"; nocase; ) # 1u8g9uzz7ck341f038qy1y0qkgs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u8g9uzz7ck341f038qy1y0qkgs|03|net"; nocase; ) # sze9rp1acbajwtyfh9qt1qr1p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sze9rp1acbajwtyfh9qt1qr1p|03|com"; nocase; ) # 1wzgazqrkvqqotfe4nxnu3tbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wzgazqrkvqqotfe4nxnu3tbx|03|com"; nocase; ) # 1ujdbbqi64dsj1ry0d511hblo74.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujdbbqi64dsj1ry0d511hblo74|03|org"; nocase; ) # xxiqr91r5nqchxqsyyhcr21tq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xxiqr91r5nqchxqsyyhcr21tq|03|net"; nocase; ) # p28zhq11zbmgj12m8lyov0znns.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p28zhq11zbmgj12m8lyov0znns|03|org"; nocase; ) # zvs42n1q6g1fxgs6ijm1j3v231.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zvs42n1q6g1fxgs6ijm1j3v231|03|org"; nocase; ) # 4zljafz7xell6u67va1r4tkts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4zljafz7xell6u67va1r4tkts|03|net"; nocase; ) # tjc3bbm0e4d01hvgza112qthme.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tjc3bbm0e4d01hvgza112qthme|03|biz"; nocase; ) # 1p8t9a8tkb2b9sx0p3sr9j7u4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p8t9a8tkb2b9sx0p3sr9j7u4|03|biz"; nocase; ) # zj1nxpmsxgf01lyi08c1jienz7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zj1nxpmsxgf01lyi08c1jienz7|03|org"; nocase; ) # 187zo0tjz5n1l9h60jj11xcbbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|187zo0tjz5n1l9h60jj11xcbbi|03|com"; nocase; ) # 12be7ai489bqz1x15odc1selfrj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12be7ai489bqz1x15odc1selfrj|03|biz"; nocase; ) # gon9fh1uxn3bjjkbzf9t0oqzf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gon9fh1uxn3bjjkbzf9t0oqzf|03|com"; nocase; ) # 11yu7b910godd21kizp81mj8qwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11yu7b910godd21kizp81mj8qwm|03|biz"; nocase; ) # 11jm8m51eirfs91e92q2v5ttij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11jm8m51eirfs91e92q2v5ttij|03|com"; nocase; ) # 1u3hxymyy0gyh3wechy1v22tad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u3hxymyy0gyh3wechy1v22tad|03|biz"; nocase; ) # vixpi1y3ydtvqecsbc1r7i3js.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vixpi1y3ydtvqecsbc1r7i3js|03|net"; nocase; ) # 18v2wug9o8m7j1q1ajvs1vkx1a6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18v2wug9o8m7j1q1ajvs1vkx1a6|03|net"; nocase; ) # 1xk5h21atcmog1xx6xpa1vn2agc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xk5h21atcmog1xx6xpa1vn2agc|03|org"; nocase; ) # 11dhm23vjqbhu1e1dwe61gl73qu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11dhm23vjqbhu1e1dwe61gl73qu|03|biz"; nocase; ) # 17489md1u14owg12lv5bakcuok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17489md1u14owg12lv5bakcuok|03|net"; nocase; ) # d5k6bb7ga9ls9ps2wef5h0tz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d5k6bb7ga9ls9ps2wef5h0tz|03|com"; nocase; ) # 2kqjcz19nfjdzjomr74bptx2q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2kqjcz19nfjdzjomr74bptx2q|03|com"; nocase; ) # ynplhmwpkiah1bkac461uu8lh1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ynplhmwpkiah1bkac461uu8lh1|03|biz"; nocase; ) # h6pucs5n73knjemf8wm78775.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h6pucs5n73knjemf8wm78775|03|net"; nocase; ) # 14sqfrs1wx6oq91uc9mhzl5c2u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14sqfrs1wx6oq91uc9mhzl5c2u|03|org"; nocase; ) # kcoq7t3x4uam1je9dh11jspyvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kcoq7t3x4uam1je9dh11jspyvo|03|net"; nocase; ) # qfe7gi1e71vc1k0mx9n1r6mm6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qfe7gi1e71vc1k0mx9n1r6mm6n|03|net"; nocase; ) # r27jz79s3ug5byj8t5rin4ml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r27jz79s3ug5byj8t5rin4ml|03|net"; nocase; ) # 1qfxwd73n7mq8bbc9vi48bmnd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfxwd73n7mq8bbc9vi48bmnd|03|com"; nocase; ) # 1offsam1prr33l9841w16v7fiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1offsam1prr33l9841w16v7fiz|03|org"; nocase; ) # e5c4hgyhmzfrwp03ar1vdwtdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5c4hgyhmzfrwp03ar1vdwtdg|03|com"; nocase; ) # 3uaf4m1h0sk7kx83zvo1257d47.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3uaf4m1h0sk7kx83zvo1257d47|03|net"; nocase; ) # f88auc1blfkdc8codq313fav61.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f88auc1blfkdc8codq313fav61|03|biz"; nocase; ) # 5ch6nr1tpe6bdy0b2gv1lrs3h3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ch6nr1tpe6bdy0b2gv1lrs3h3|03|com"; nocase; ) # 11j2jz114osnr910uhl81ms2l2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11j2jz114osnr910uhl81ms2l2i|03|org"; nocase; ) # 1s7ad9t1x2bnpb1rut4al1t2f72q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s7ad9t1x2bnpb1rut4al1t2f72q|03|org"; nocase; ) # u8yu9gzq1kz4f6hnlpyq8duu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u8yu9gzq1kz4f6hnlpyq8duu|03|org"; nocase; ) # 1grgv1vstr0fp2be3f55mdoew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1grgv1vstr0fp2be3f55mdoew|03|net"; nocase; ) # 1robax33q0w5hmc4p931ui9dx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1robax33q0w5hmc4p931ui9dx2|03|org"; nocase; ) # 1vj6o9g1ruuugt2b2bxb1lbmzkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vj6o9g1ruuugt2b2bxb1lbmzkn|03|com"; nocase; ) # s4bp8v25lrzo102zrgp1xfveny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s4bp8v25lrzo102zrgp1xfveny|03|net"; nocase; ) # 1b1rd7fbk3pgd1mcyqra1ntv3sb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1rd7fbk3pgd1mcyqra1ntv3sb|03|net"; nocase; ) # 1c0l52vq5keme693gyaxx0375.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c0l52vq5keme693gyaxx0375|03|org"; nocase; ) # 1qz1lah1wunqt6bx40fg2o8aif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qz1lah1wunqt6bx40fg2o8aif|03|net"; nocase; ) # 1spo86d1egglkco0ou7j2f992g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1spo86d1egglkco0ou7j2f992g|03|net"; nocase; ) # c68c4x1b3ec1c1y556swkzxtc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c68c4x1b3ec1c1y556swkzxtc|03|net"; nocase; ) # 9jazsn17nwm2pm4faytodpkn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9jazsn17nwm2pm4faytodpkn2|03|net"; nocase; ) # 1fns2t314y8biw2mbuxb150qrb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fns2t314y8biw2mbuxb150qrb9|03|net"; nocase; ) # 1f2d5kw1ucclb21jbl7dc17kfaca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f2d5kw1ucclb21jbl7dc17kfaca|03|com"; nocase; ) # 10ij8lg11vp8fz1y3j4wbo7qbxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ij8lg11vp8fz1y3j4wbo7qbxn|03|com"; nocase; ) # yqwtxk1480vta1vpz996j07ccg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yqwtxk1480vta1vpz996j07ccg|03|net"; nocase; ) # 1h18dwmao3jvu1sj77691wv1pky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h18dwmao3jvu1sj77691wv1pky|03|net"; nocase; ) # cftl781cp5j1a1dhssnlbc5y98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cftl781cp5j1a1dhssnlbc5y98|03|net"; nocase; ) # hyi9sk11hlm5b7zn3vjvzxl9w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hyi9sk11hlm5b7zn3vjvzxl9w|03|net"; nocase; ) # 706nau1wvwx7b1ijgav013tlav1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|706nau1wvwx7b1ijgav013tlav1|03|org"; nocase; ) # 1grfs6x19kcdgj1pi8ti31lkya2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1grfs6x19kcdgj1pi8ti31lkya2q|03|net"; nocase; ) # nqc0eo1udli69146m65z1c7h2ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nqc0eo1udli69146m65z1c7h2ty|03|net"; nocase; ) # 1k36aoxv6exz56sfzajs8m2ri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k36aoxv6exz56sfzajs8m2ri|03|net"; nocase; ) # 14a78aibybg269391psnmrf1q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14a78aibybg269391psnmrf1q|03|com"; nocase; ) # g3p97tgu6yto19w0vi8qtn1mh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3p97tgu6yto19w0vi8qtn1mh|03|org"; nocase; ) # 1crha9d7m5a891ce20ofy6cjsi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1crha9d7m5a891ce20ofy6cjsi|03|org"; nocase; ) # 1ib6a698vsa01lva0y470lhgv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ib6a698vsa01lva0y470lhgv|03|net"; nocase; ) # hbzolf1bz1bsymxy2sy1179adt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hbzolf1bz1bsymxy2sy1179adt|03|org"; nocase; ) # mj5n4014dr4yt6yvbf51x5c800.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mj5n4014dr4yt6yvbf51x5c800|03|net"; nocase; ) # 1hxxhmol7patbv23zw14ey0t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hxxhmol7patbv23zw14ey0t9|03|com"; nocase; ) # 1639urv8sdlxj5i2cjt48xtgp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1639urv8sdlxj5i2cjt48xtgp|03|biz"; nocase; ) # 1htaa8a1kbc89r1a5a8271r44sw1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1htaa8a1kbc89r1a5a8271r44sw1|03|org"; nocase; ) # s343g5183wsnx17fcma011gv6t4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s343g5183wsnx17fcma011gv6t4|03|com"; nocase; ) # w7ngljiroxxr6ythrb4njcnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w7ngljiroxxr6ythrb4njcnn|03|biz"; nocase; ) # wacnb8177s8elz6zbo41bf9qo4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wacnb8177s8elz6zbo41bf9qo4|03|biz"; nocase; ) # 1mdlggu1x208ywp5ib7hvf7zg4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mdlggu1x208ywp5ib7hvf7zg4|03|net"; nocase; ) # 1dk1nzy9ni2mwqmfz7k1ebz0lc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dk1nzy9ni2mwqmfz7k1ebz0lc|03|org"; nocase; ) # 1wfhgl7ltdqca8jejw1kk3k9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wfhgl7ltdqca8jejw1kk3k9k|03|net"; nocase; ) # f99fk31xylkc91jd8kds1kr1wux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f99fk31xylkc91jd8kds1kr1wux|03|net"; nocase; ) # 16mcb4z1mtqf8kafuq1e1ig5150.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mcb4z1mtqf8kafuq1e1ig5150|03|org"; nocase; ) # 1jjxfra12tv4fi17k62zayrrqwr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jjxfra12tv4fi17k62zayrrqwr|03|com"; nocase; ) # aqfauk48ggcf1cqu4kj15t84qb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aqfauk48ggcf1cqu4kj15t84qb|03|net"; nocase; ) # 1bua0zw14w8nzwk9qdzql3xc74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bua0zw14w8nzwk9qdzql3xc74|03|net"; nocase; ) # bqcwn711e1y4x1pwyeuzgj7gyo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bqcwn711e1y4x1pwyeuzgj7gyo|03|net"; nocase; ) # 1xb9aq95nl9il1lznc841goios3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xb9aq95nl9il1lznc841goios3|03|org"; nocase; ) # z4pdvo1r6lw0fz254w6og9a5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4pdvo1r6lw0fz254w6og9a5e|03|net"; nocase; ) # 1n4b8f79di5gg1eyhn0jl3oad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n4b8f79di5gg1eyhn0jl3oad|03|org"; nocase; ) # 63fesfmhocuvn2un971dlzhyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|63fesfmhocuvn2un971dlzhyx|03|net"; nocase; ) # hkzukovf3nxm18jr4k9xvjd70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hkzukovf3nxm18jr4k9xvjd70|03|org"; nocase; ) # vw6w9r10j505b1ehsmsu1boncic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vw6w9r10j505b1ehsmsu1boncic|03|com"; nocase; ) # 5fyabgqd962s1ekwmsh1rv1bly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fyabgqd962s1ekwmsh1rv1bly|03|net"; nocase; ) # 1wzji2c7hpy1k14lvufq14e89ly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wzji2c7hpy1k14lvufq14e89ly|03|org"; nocase; ) # caxhprul9k171kx0nvv11lmek3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|caxhprul9k171kx0nvv11lmek3|03|biz"; nocase; ) # 4o0uml10lyj3h1o4cmuzapz1c3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4o0uml10lyj3h1o4cmuzapz1c3|03|org"; nocase; ) # zyq7aj1ed2ibl11ef4b1piax61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zyq7aj1ed2ibl11ef4b1piax61|03|org"; nocase; ) # 1qv83hm1vmtbck1510bupg41fa9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv83hm1vmtbck1510bupg41fa9|03|com"; nocase; ) # yx0g0k3h9yzu1vjr1574wxh4r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yx0g0k3h9yzu1vjr1574wxh4r|03|org"; nocase; ) # rch3vi1dk4z9zhlrf3wu1asm7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rch3vi1dk4z9zhlrf3wu1asm7|03|net"; nocase; ) # 1h5et8h1tyv5n913y42v81u40d9m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h5et8h1tyv5n913y42v81u40d9m|03|biz"; nocase; ) # 1rfipth1j7gy4d8qfpt4co4brg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rfipth1j7gy4d8qfpt4co4brg|03|org"; nocase; ) # 1j1c7zqczaslbr2oqz31h6a8gc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j1c7zqczaslbr2oqz31h6a8gc|03|com"; nocase; ) # 1dwshps1tv5jdgtswwn21dtjx4j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dwshps1tv5jdgtswwn21dtjx4j|03|net"; nocase; ) # knlx8ty9t9d3u9x0kddc1lfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|knlx8ty9t9d3u9x0kddc1lfq|03|com"; nocase; ) # 8agikt19ea4jrp7y2zmxhuty6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8agikt19ea4jrp7y2zmxhuty6|03|org"; nocase; ) # 1jrg0je1kdyump1c6vfhs1d9jxal.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jrg0je1kdyump1c6vfhs1d9jxal|03|org"; nocase; ) # 10q70a81uin9f814yg9xr19x102i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10q70a81uin9f814yg9xr19x102i|03|net"; nocase; ) # 1gqv8vwk0f2x8rx681k6n7eym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gqv8vwk0f2x8rx681k6n7eym|03|org"; nocase; ) # ng6huq1v6agm47dnqse1wbmluz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ng6huq1v6agm47dnqse1wbmluz|03|com"; nocase; ) # diuruyl0cbt41fcthd5109jdf4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|diuruyl0cbt41fcthd5109jdf4|03|org"; nocase; ) # 1vtp4unxr8tlqlarpvrg3201h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vtp4unxr8tlqlarpvrg3201h|03|net"; nocase; ) # 9u8xkz11szxojc29mu3kcp8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9u8xkz11szxojc29mu3kcp8r|03|com"; nocase; ) # 1kgru5d1odun8l86jgqs1wyif21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kgru5d1odun8l86jgqs1wyif21|03|net"; nocase; ) # qn8axzvk2v4e14gprb11fieq3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qn8axzvk2v4e14gprb11fieq3|03|biz"; nocase; ) # 16x30rc1oo32ub1kvn62v1f3r6oi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16x30rc1oo32ub1kvn62v1f3r6oi|03|biz"; nocase; ) # vjuh4u47trf21nx360u1cymc1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vjuh4u47trf21nx360u1cymc1s|03|net"; nocase; ) # g70dcf16rnl841h5wme01cdls20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g70dcf16rnl841h5wme01cdls20|03|net"; nocase; ) # 6wcb5xgzq10e1jkbv163ge05e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6wcb5xgzq10e1jkbv163ge05e|03|biz"; nocase; ) # g0tjxsb5kiu4sltibmpdmia5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g0tjxsb5kiu4sltibmpdmia5|03|net"; nocase; ) # twl5wq1f378cg1emnzz933lruh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|twl5wq1f378cg1emnzz933lruh|03|com"; nocase; ) # 1bwnmk019dnfexaw5mbv1azixiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bwnmk019dnfexaw5mbv1azixiv|03|net"; nocase; ) # n367rphjqrmn1hv70q91em3cry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n367rphjqrmn1hv70q91em3cry|03|org"; nocase; ) # mcqxyrpyscqq1pu7v5x1l2tnn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mcqxyrpyscqq1pu7v5x1l2tnn8|03|com"; nocase; ) # 73v6uz16whfb6rm7wxf1sdk5fc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|73v6uz16whfb6rm7wxf1sdk5fc|03|net"; nocase; ) # 1vo6aq11bo15iz1wsof7z6wanji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vo6aq11bo15iz1wsof7z6wanji|03|com"; nocase; ) # f4n15t1pg8mxls9x45h1qjvvv7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f4n15t1pg8mxls9x45h1qjvvv7|03|org"; nocase; ) # mj5vgdm5l178lpueyep7u78o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mj5vgdm5l178lpueyep7u78o|03|net"; nocase; ) # 1vuel83pi5d2315tet545t9moa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vuel83pi5d2315tet545t9moa|03|biz"; nocase; ) # 10plf8z5sb5zl1si2r9ydsl51x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10plf8z5sb5zl1si2r9ydsl51x|03|net"; nocase; ) # 1ivlrptzne1azls506p1ezb54z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivlrptzne1azls506p1ezb54z|03|net"; nocase; ) # 19d2etq13f7oop1cvnemx19f7jop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19d2etq13f7oop1cvnemx19f7jop|03|com"; nocase; ) # 1np4ucwoi6mpz1921mc41097rhl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1np4ucwoi6mpz1921mc41097rhl|03|org"; nocase; ) # pohqnua7cr8w1mz36au1wrv7rk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pohqnua7cr8w1mz36au1wrv7rk|03|biz"; nocase; ) # 1syixk01sjso461a88gxt1pxyyoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1syixk01sjso461a88gxt1pxyyoa|03|biz"; nocase; ) # cjggzzofyc551n2h8vy1m3uwy7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cjggzzofyc551n2h8vy1m3uwy7|03|org"; nocase; ) # 1k7urdx1izg7cf1gu3xes3281xy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k7urdx1izg7cf1gu3xes3281xy|03|org"; nocase; ) # nwewu61ixcok1tadc8118j9h17.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nwewu61ixcok1tadc8118j9h17|03|biz"; nocase; ) # 2jv6jw15574g61ug52m71tgfv8t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2jv6jw15574g61ug52m71tgfv8t|03|com"; nocase; ) # uf3oi51v734n62z0868nrbep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uf3oi51v734n62z0868nrbep|03|net"; nocase; ) # 1adov5s9fb2tm1rlsry2174hf4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adov5s9fb2tm1rlsry2174hf4s|03|net"; nocase; ) # 1o8jbz81uiww6p10c05zqs5lw12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o8jbz81uiww6p10c05zqs5lw12|03|net"; nocase; ) # 1j3r7tw1129rrt191t7sa6kwypy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3r7tw1129rrt191t7sa6kwypy|03|net"; nocase; ) # 11vzvqy1ugcq0s1rq6qz11e5vs2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11vzvqy1ugcq0s1rq6qz11e5vs2l|03|net"; nocase; ) # yse8vybfc32b1tq84k916xzuuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yse8vybfc32b1tq84k916xzuuh|03|com"; nocase; ) # a1f5b41d30xj81arzjb35yxyj5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a1f5b41d30xj81arzjb35yxyj5|03|com"; nocase; ) # bkrshl5czk7k14amiuyyvj755.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bkrshl5czk7k14amiuyyvj755|03|net"; nocase; ) # pgayby1hsfdpx1o41j838ux82c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pgayby1hsfdpx1o41j838ux82c|03|net"; nocase; ) # 1vofij91yqk23p9r1zm54lew68.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vofij91yqk23p9r1zm54lew68|03|biz"; nocase; ) # p42su3cw5tki8curgz1krn3q2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p42su3cw5tki8curgz1krn3q2|03|org"; nocase; ) # 8su4pzkmgpvn17zyguc1rsazdq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8su4pzkmgpvn17zyguc1rsazdq|03|net"; nocase; ) # 1ya9dex88o8e4x5gj8zdf6csu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ya9dex88o8e4x5gj8zdf6csu|03|com"; nocase; ) # 1ov9tn7krgi2x1ls2ctk1d2716l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ov9tn7krgi2x1ls2ctk1d2716l|03|net"; nocase; ) # 1vd7pbgehl2ba157omvi198brdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vd7pbgehl2ba157omvi198brdk|03|net"; nocase; ) # 1gn00jq1y7atk626o5sg1msp7mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gn00jq1y7atk626o5sg1msp7mt|03|com"; nocase; ) # 1w3xlow1ewj9lr3sw57p9h6t24.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w3xlow1ewj9lr3sw57p9h6t24|03|biz"; nocase; ) # cp8nmq14xla921w3qup1xs8wvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cp8nmq14xla921w3qup1xs8wvd|03|com"; nocase; ) # 18gkt671b1haln1m3u8hts74rj2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18gkt671b1haln1m3u8hts74rj2|03|com"; nocase; ) # 9qjl2y1p6i6tw1tsmyz9u9pgks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9qjl2y1p6i6tw1tsmyz9u9pgks|03|net"; nocase; ) # a71ual1uehkak171jax7cq30wq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a71ual1uehkak171jax7cq30wq|03|org"; nocase; ) # fuj1wj1kz7cr9whritq1mzof3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fuj1wj1kz7cr9whritq1mzof3f|03|com"; nocase; ) # yig6t8hqzeh81qato3j1d0a1jj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yig6t8hqzeh81qato3j1d0a1jj|03|biz"; nocase; ) # onhm6m1hhdy9s2drcrva2tu0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|onhm6m1hhdy9s2drcrva2tu0y|03|net"; nocase; ) # uu064c1gckxrcg8vcar56x5q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uu064c1gckxrcg8vcar56x5q|03|org"; nocase; ) # 1a4boptc21cek1sapsnimds78z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a4boptc21cek1sapsnimds78z|03|net"; nocase; ) # wg4lrn1j2bxfn1ovro401fltmzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wg4lrn1j2bxfn1ovro401fltmzd|03|com"; nocase; ) # 1hvctt51tjnp2dxlx5vw1levfa1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hvctt51tjnp2dxlx5vw1levfa1|03|com"; nocase; ) # 1x844t2sjkhqo1gecfzvaj4v45.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x844t2sjkhqo1gecfzvaj4v45|03|biz"; nocase; ) # 1z0jrok15jwcbn19zz87tra0u7r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1z0jrok15jwcbn19zz87tra0u7r|03|net"; nocase; ) # 1voyo6nfzll09vgwxil12yc1v7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1voyo6nfzll09vgwxil12yc1v7|03|biz"; nocase; ) # 1u3eoyq1h8760jiyzb85t8kedr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u3eoyq1h8760jiyzb85t8kedr|03|biz"; nocase; ) # 1d0bay31t1nzry47zrmf95sr57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0bay31t1nzry47zrmf95sr57|03|com"; nocase; ) # 9sjxw9o6oqey1gbuu3g1b01y6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9sjxw9o6oqey1gbuu3g1b01y6s|03|net"; nocase; ) # 10crwmf1preqgmki4ry317jsygp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10crwmf1preqgmki4ry317jsygp|03|org"; nocase; ) # twiox41pictwyjt45us9dmitn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|twiox41pictwyjt45us9dmitn|03|biz"; nocase; ) # 1n4f07g1tyiavvkp35xr16xptwx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n4f07g1tyiavvkp35xr16xptwx|03|biz"; nocase; ) # 1wayjui1o4gdaj1p9k5qvwo9u9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wayjui1o4gdaj1p9k5qvwo9u9a|03|org"; nocase; ) # locrm414v7x9g1xo37k0h0n3w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|locrm414v7x9g1xo37k0h0n3w4|03|org"; nocase; ) # 120qc5f1wjhmbt1y12mcz1k9bmlr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|120qc5f1wjhmbt1y12mcz1k9bmlr|03|net"; nocase; ) # 1kdtwgyszpc8xwoiq8j2yr5np.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kdtwgyszpc8xwoiq8j2yr5np|03|net"; nocase; ) # 1ad896o2e8ok19glck7165v31u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ad896o2e8ok19glck7165v31u|03|org"; nocase; ) # r70mp7feiziv12mw6ia1q6qtc5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r70mp7feiziv12mw6ia1q6qtc5|03|com"; nocase; ) # v2eyi819ddy961rr2tjtkjqwhh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v2eyi819ddy961rr2tjtkjqwhh|03|org"; nocase; ) # 1ftoc42sbj3f17zwqq51ta2omh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftoc42sbj3f17zwqq51ta2omh|03|net"; nocase; ) # 1e26huh2yma8x1d5mi4pqp52ao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e26huh2yma8x1d5mi4pqp52ao|03|org"; nocase; ) # 112crbddqt31zfj66qpsgdrt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|112crbddqt31zfj66qpsgdrt2|03|net"; nocase; ) # 17lycms17ocd691q2g7qr15zo8dr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17lycms17ocd691q2g7qr15zo8dr|03|net"; nocase; ) # j0aze21lepzdhtoz0ar1jiowdg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j0aze21lepzdhtoz0ar1jiowdg|03|biz"; nocase; ) # 1usv9qegjbqq327wl06plr2q3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1usv9qegjbqq327wl06plr2q3|03|net"; nocase; ) # iyzdegti40xc1qovas0149jv27.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iyzdegti40xc1qovas0149jv27|03|org"; nocase; ) # pxmmax396rssvzeu71ip1lch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pxmmax396rssvzeu71ip1lch|03|net"; nocase; ) # ywvt3v1rzo8ef5iilqc1i3cr7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ywvt3v1rzo8ef5iilqc1i3cr7k|03|biz"; nocase; ) # b1kdu0tve029uao2hn1f5jdw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1kdu0tve029uao2hn1f5jdw3|03|net"; nocase; ) # 1qjfwok1yixh1k1p0vgvo1my3idp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qjfwok1yixh1k1p0vgvo1my3idp|03|net"; nocase; ) # 2bawmo1lip2br18gw8e517nx0ts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2bawmo1lip2br18gw8e517nx0ts|03|net"; nocase; ) # zp3j7r1ey4spr4vxro4190agr5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zp3j7r1ey4spr4vxro4190agr5|03|org"; nocase; ) # 6lffjn1w9mq5nwspwlngv2psy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6lffjn1w9mq5nwspwlngv2psy|03|com"; nocase; ) # 1ih62f1u4o2bv4q7lu2xz0up4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ih62f1u4o2bv4q7lu2xz0up4|03|net"; nocase; ) # cxzydv1dbao3u1m1onqr1vaj57z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cxzydv1dbao3u1m1onqr1vaj57z|03|org"; nocase; ) # refvtpr4bgqoc9yjdb1hf4kzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|refvtpr4bgqoc9yjdb1hf4kzi|03|org"; nocase; ) # xedpgr1jyfgfa1hz7o7v17g30t2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xedpgr1jyfgfa1hz7o7v17g30t2|03|net"; nocase; ) # 1itxfp91at64ft9x06fx1f4pv63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1itxfp91at64ft9x06fx1f4pv63|03|com"; nocase; ) # mhrmbjzc7btp13zkoawpqn18f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mhrmbjzc7btp13zkoawpqn18f|03|org"; nocase; ) # 1wtbhatx0m0lxudjc3xsc87mg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wtbhatx0m0lxudjc3xsc87mg|03|net"; nocase; ) # vu0oepwezg7sxxun01sv9wi2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vu0oepwezg7sxxun01sv9wi2|03|net"; nocase; ) # dzjq4qt5fkcn12uqurb1if8tft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dzjq4qt5fkcn12uqurb1if8tft|03|org"; nocase; ) # rjj79c1d0fa4y1hgf6301ntbygp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rjj79c1d0fa4y1hgf6301ntbygp|03|net"; nocase; ) # 1lzj7z748z1e518i5dnt1wm2tid.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lzj7z748z1e518i5dnt1wm2tid|03|biz"; nocase; ) # eefdsifejxsy1lfkml6ol13aq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eefdsifejxsy1lfkml6ol13aq|03|net"; nocase; ) # 19f1wndzuzo1otjirq9tsn03q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19f1wndzuzo1otjirq9tsn03q|03|org"; nocase; ) # wf6dd83a2vwggbbr65pmxw0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wf6dd83a2vwggbbr65pmxw0q|03|biz"; nocase; ) # 1turmtb1p5t4yh1t3mwssirrvu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1turmtb1p5t4yh1t3mwssirrvu7|03|net"; nocase; ) # de9vq1nwld531bfy90ufcedi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|de9vq1nwld531bfy90ufcedi7|03|com"; nocase; ) # 1pijq5mrv1wg070d9hvmp0g1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pijq5mrv1wg070d9hvmp0g1q|03|net"; nocase; ) # 1msiahqqnr4kyjeq3p3cgaakt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1msiahqqnr4kyjeq3p3cgaakt|03|com"; nocase; ) # 145fsg5jmz6v5uic82e8k0z6v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|145fsg5jmz6v5uic82e8k0z6v|03|net"; nocase; ) # 11srt0919r3y923xsfa7xq542e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11srt0919r3y923xsfa7xq542e|03|biz"; nocase; ) # 4jo56v1vn2274s6xcug1v5joyo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4jo56v1vn2274s6xcug1v5joyo|03|net"; nocase; ) # 1e8q6zu10pnr2xgwyq5m2c3b4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e8q6zu10pnr2xgwyq5m2c3b4j|03|biz"; nocase; ) # 5rszfg1mf4u25tpij1ktigtsb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5rszfg1mf4u25tpij1ktigtsb|03|org"; nocase; ) # 92vo77165zz3kgp1mgw14js5ec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|92vo77165zz3kgp1mgw14js5ec|03|com"; nocase; ) # 17y508vgbiwcf1p043fb1q3jduj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17y508vgbiwcf1p043fb1q3jduj|03|org"; nocase; ) # 1pchk8u1kbg1at47ookw1vauwah.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pchk8u1kbg1at47ookw1vauwah|03|net"; nocase; ) # 12srqprjjkx4u1iyc2ea1jt3kni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12srqprjjkx4u1iyc2ea1jt3kni|03|org"; nocase; ) # 7ri752sha1wv1y3eb77ka76pd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ri752sha1wv1y3eb77ka76pd|03|com"; nocase; ) # amesl51315d3fut4nn583jost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|amesl51315d3fut4nn583jost|03|com"; nocase; ) # o55yt1yh858v1gmysqjcn87qv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o55yt1yh858v1gmysqjcn87qv|03|com"; nocase; ) # j8u02d11xt9651jroib61ygnd8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j8u02d11xt9651jroib61ygnd8n|03|biz"; nocase; ) # 12ut7ng15ocqxj13djh28xnqvzn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ut7ng15ocqxj13djh28xnqvzn|03|org"; nocase; ) # 1a0ojf0ym1mdll2jqtf1k1f4fs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a0ojf0ym1mdll2jqtf1k1f4fs|03|org"; nocase; ) # 16yclag17dv5i8xrh6l4ewnz1j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16yclag17dv5i8xrh6l4ewnz1j|03|biz"; nocase; ) # eqi87b1xmzp0x1lmuabp1wpbjeu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eqi87b1xmzp0x1lmuabp1wpbjeu|03|net"; nocase; ) # 8iixc7v9073d1bpj784ghhdy3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8iixc7v9073d1bpj784ghhdy3|03|biz"; nocase; ) # tt64cv1wnpdf5gouuw2920q5x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tt64cv1wnpdf5gouuw2920q5x|03|net"; nocase; ) # 1kkay2y4ecnw61idyp181nktivr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kkay2y4ecnw61idyp181nktivr|03|org"; nocase; ) # w7y6eo1eq64811ur1ke41n5jy4g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w7y6eo1eq64811ur1ke41n5jy4g|03|com"; nocase; ) # q6ypbc10q06qsj50hzn2jug9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q6ypbc10q06qsj50hzn2jug9|03|biz"; nocase; ) # 1ekncm11swkgyf16ye1pi1idw9qe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ekncm11swkgyf16ye1pi1idw9qe|03|org"; nocase; ) # 6k3nol1wu06wpgfs6r01fkafn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6k3nol1wu06wpgfs6r01fkafn0|03|net"; nocase; ) # 1rhez4dmomvxv11quqymou43z1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rhez4dmomvxv11quqymou43z1|03|com"; nocase; ) # 1cjb08s12w5dpo1krvvqm9inop2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjb08s12w5dpo1krvvqm9inop2|03|net"; nocase; ) # fp1irecs2mgia8mpt815b45fo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fp1irecs2mgia8mpt815b45fo|03|com"; nocase; ) # 1dv081fpccjcr15fzwvpunriwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dv081fpccjcr15fzwvpunriwg|03|net"; nocase; ) # enm1bczwb92y8nqx9wlznmna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|enm1bczwb92y8nqx9wlznmna|03|com"; nocase; ) # 1fcobxavgpahq5sdp8n1p081of.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fcobxavgpahq5sdp8n1p081of|03|net"; nocase; ) # qdrki5jdomiwywbljha1bf74.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qdrki5jdomiwywbljha1bf74|03|biz"; nocase; ) # 1xct3sbhze7351pcwliy47lwzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xct3sbhze7351pcwliy47lwzv|03|net"; nocase; ) # 6ivo94y5ib1quirlj018jgzqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ivo94y5ib1quirlj018jgzqw|03|com"; nocase; ) # yrd6ob153c68a1ldyj351l7gcqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yrd6ob153c68a1ldyj351l7gcqu|03|com"; nocase; ) # 2oxeoj1und7z11svt2p21n2pmz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2oxeoj1und7z11svt2p21n2pmz7|03|com"; nocase; ) # g7e8vc2l7q8nkn78871frxzqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g7e8vc2l7q8nkn78871frxzqz|03|biz"; nocase; ) # 15gx8o91ffjrfn18aafrypt3qrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15gx8o91ffjrfn18aafrypt3qrk|03|com"; nocase; ) # xzzk0a1sbc8dfcrsxtfe0trfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzzk0a1sbc8dfcrsxtfe0trfy|03|net"; nocase; ) # 15ik5rm1bvvgyn12rh71114pxeeh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15ik5rm1bvvgyn12rh71114pxeeh|03|net"; nocase; ) # 90so9k1i6477e1daijay8gonpv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|90so9k1i6477e1daijay8gonpv|03|net"; nocase; ) # 16c2saxxyzz8o1fqpjs8a7j4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16c2saxxyzz8o1fqpjs8a7j4c|03|com"; nocase; ) # n5xuor15ozqz6brafddgahuww.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5xuor15ozqz6brafddgahuww|03|biz"; nocase; ) # 168488f55rdpd2ix1vzvjj25v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|168488f55rdpd2ix1vzvjj25v|03|com"; nocase; ) # 1uypjwc1uks8kdi29t421awmj5c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uypjwc1uks8kdi29t421awmj5c|03|biz"; nocase; ) # fo2u1m19n01xq1qw96981j6vdaj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fo2u1m19n01xq1qw96981j6vdaj|03|net"; nocase; ) # 9npnn8y90zuqglf9oc1n53534.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9npnn8y90zuqglf9oc1n53534|03|net"; nocase; ) # rvrfip1d4ff981jor4lo14hz0fd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rvrfip1d4ff981jor4lo14hz0fd|03|net"; nocase; ) # 19769jfhx8uwf1r35x631jvxun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19769jfhx8uwf1r35x631jvxun|03|com"; nocase; ) # sv0efo1p22lq41mq5wbv10wqhey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sv0efo1p22lq41mq5wbv10wqhey|03|net"; nocase; ) # t4eba36xayiifjpzxohgzwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|t4eba36xayiifjpzxohgzwt|03|com"; nocase; ) # 1t1uf31148ngg41b0cd2t13x26cr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t1uf31148ngg41b0cd2t13x26cr|03|com"; nocase; ) # 1wf5u2rey1fuvuqq5kn1x5xpe5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wf5u2rey1fuvuqq5kn1x5xpe5|03|net"; nocase; ) # 1jqximn1eydnha1lene6t1ye57f6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jqximn1eydnha1lene6t1ye57f6|03|org"; nocase; ) # qt2b6lbi4myd1i4e39v14bcn0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qt2b6lbi4myd1i4e39v14bcn0s|03|org"; nocase; ) # 6tkdcdzpvzxqrfto70sv1s1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6tkdcdzpvzxqrfto70sv1s1x|03|com"; nocase; ) # eguyht1hipzb01jhvc3y1qs0hwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eguyht1hipzb01jhvc3y1qs0hwr|03|org"; nocase; ) # 1wy9iwmspuul9aws9tp19fpldk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wy9iwmspuul9aws9tp19fpldk|03|com"; nocase; ) # wy62i51snmnhf1n06fn51aepff9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wy62i51snmnhf1n06fn51aepff9|03|net"; nocase; ) # 1tb38taj9i5j515x7ng715vi80m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tb38taj9i5j515x7ng715vi80m|03|com"; nocase; ) # 1iup790g1ops1kml7ntm0l091.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iup790g1ops1kml7ntm0l091|03|net"; nocase; ) # 12k7sxk34u752awcq6o1flw69n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12k7sxk34u752awcq6o1flw69n|03|com"; nocase; ) # lbz6bx83so1o11nys1s7outa6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lbz6bx83so1o11nys1s7outa6|03|com"; nocase; ) # 6npe06177xs4h1lsiexjf8fi2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6npe06177xs4h1lsiexjf8fi2w|03|org"; nocase; ) # 1dodzot1xyhtl9fify8cip2nxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dodzot1xyhtl9fify8cip2nxv|03|biz"; nocase; ) # 17lisopwe6k4u10lftc21j723gs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17lisopwe6k4u10lftc21j723gs|03|net"; nocase; ) # 1xfd2ps1pjc1zcgn9icc32odc5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xfd2ps1pjc1zcgn9icc32odc5|03|biz"; nocase; ) # kffrmj2ri1ga1u3yuxsj7io0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kffrmj2ri1ga1u3yuxsj7io0|03|net"; nocase; ) # ju53nh15y3sdk19cb6eb1thnp85.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ju53nh15y3sdk19cb6eb1thnp85|03|biz"; nocase; ) # 1yl4mpi1sye8hv8poycxaivtlh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yl4mpi1sye8hv8poycxaivtlh|03|net"; nocase; ) # 168cdwvv3j0fml7t8yq1s3dyhj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168cdwvv3j0fml7t8yq1s3dyhj|03|com"; nocase; ) # 1orghns6ak01l12xif8a69ofed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1orghns6ak01l12xif8a69ofed|03|com"; nocase; ) # 1tpy25511s9p8o18b0w2l1dvmvvo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tpy25511s9p8o18b0w2l1dvmvvo|03|com"; nocase; ) # 45zmse1kbnl101sm549b1sajch8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|45zmse1kbnl101sm549b1sajch8|03|net"; nocase; ) # ygumps16beoml14k84rk1pzdeur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ygumps16beoml14k84rk1pzdeur|03|com"; nocase; ) # 1y5hjes9q1xmf3g0u52jkhh2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y5hjes9q1xmf3g0u52jkhh2m|03|org"; nocase; ) # 3qzbuc1h1zws013mw9ux1wb1zft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3qzbuc1h1zws013mw9ux1wb1zft|03|net"; nocase; ) # vcleei113jcw31o466xl18b8vo7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vcleei113jcw31o466xl18b8vo7|03|biz"; nocase; ) # t3kobp16l1bjpbbzmwzmx5vb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t3kobp16l1bjpbbzmwzmx5vb4|03|org"; nocase; ) # 6nm467e9m1it11jaeux1sqzgde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nm467e9m1it11jaeux1sqzgde|03|com"; nocase; ) # jbv5q31ue64nt1f49onldz238b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jbv5q31ue64nt1f49onldz238b|03|net"; nocase; ) # q99k99gu28dp1uaa9701p4wz9d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q99k99gu28dp1uaa9701p4wz9d|03|net"; nocase; ) # to6f3d14zur7h4osg3lo2cyxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|to6f3d14zur7h4osg3lo2cyxr|03|com"; nocase; ) # 92ogvi1ejwk7peub2c55iqgli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92ogvi1ejwk7peub2c55iqgli|03|net"; nocase; ) # rkfuhk18wl9kh1e9apl3qlwyzd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rkfuhk18wl9kh1e9apl3qlwyzd|03|net"; nocase; ) # eccb4d1vhkih31te0iqwbqrvz2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eccb4d1vhkih31te0iqwbqrvz2|03|net"; nocase; ) # nttalt13wjq1q1nqytcn17ml8v2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nttalt13wjq1q1nqytcn17ml8v2|03|com"; nocase; ) # 1e4rq4dcwxcs1qp0trxq44du5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e4rq4dcwxcs1qp0trxq44du5|03|net"; nocase; ) # fsnzr1k90dx81oj0aojwk922g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fsnzr1k90dx81oj0aojwk922g|03|com"; nocase; ) # jz0u171ln8108zd4hyz1cz3hsb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jz0u171ln8108zd4hyz1cz3hsb|03|net"; nocase; ) # o82s1tszbami18optex1waj4x2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o82s1tszbami18optex1waj4x2|03|org"; nocase; ) # fswmp01alltg01qyc0df1gophpc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fswmp01alltg01qyc0df1gophpc|03|net"; nocase; ) # 73427u1ngm2awo9874z7lvm8t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|73427u1ngm2awo9874z7lvm8t|03|biz"; nocase; ) # pjmlx876u7gh1l241zo1hcqpbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pjmlx876u7gh1l241zo1hcqpbr|03|net"; nocase; ) # 17p4y0yhfmnidh2y3am1xc2t58.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17p4y0yhfmnidh2y3am1xc2t58|03|org"; nocase; ) # 10wxccm1tfnl05g03ou6wal44a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wxccm1tfnl05g03ou6wal44a|03|net"; nocase; ) # 142ezm1c50llw1hp71ay180jt52.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142ezm1c50llw1hp71ay180jt52|03|com"; nocase; ) # 1fanxnv14r8ckvgp7iiqusumpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fanxnv14r8ckvgp7iiqusumpu|03|biz"; nocase; ) # q224sj1sse69g15qjnb11tlyjpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q224sj1sse69g15qjnb11tlyjpw|03|org"; nocase; ) # pwtjk4iq2ldzbk9rqlgh3orb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pwtjk4iq2ldzbk9rqlgh3orb|03|biz"; nocase; ) # 107hnxy17f7n4vukf4ap8nmx8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107hnxy17f7n4vukf4ap8nmx8v|03|org"; nocase; ) # 1rqmsb61rdyhl1332o96s96bqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqmsb61rdyhl1332o96s96bqq|03|com"; nocase; ) # 1ccozpn6hiykt1ccn5bj6i2otd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ccozpn6hiykt1ccn5bj6i2otd|03|net"; nocase; ) # coy9g9p6eydz1l4rk2d1n4bd8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|coy9g9p6eydz1l4rk2d1n4bd8b|03|com"; nocase; ) # 71x01y13hn5jmmthxuq10uxyi8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|71x01y13hn5jmmthxuq10uxyi8|03|biz"; nocase; ) # s4ployt01zzl1r4zawjnsnkwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s4ployt01zzl1r4zawjnsnkwm|03|net"; nocase; ) # 9lj4wjyrcx021h0heju1dmcog0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9lj4wjyrcx021h0heju1dmcog0|03|com"; nocase; ) # 1alcgt41pwbxi9on3doi156no3q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1alcgt41pwbxi9on3doi156no3q|03|org"; nocase; ) # 1ypnxh21x9jwvkvai2v1r2jipw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ypnxh21x9jwvkvai2v1r2jipw|03|biz"; nocase; ) # 181iu3312cf6qpd0a9pl162k98j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|181iu3312cf6qpd0a9pl162k98j|03|biz"; nocase; ) # 8u8qbp1ehzgqt1budd5f1xxmxm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8u8qbp1ehzgqt1budd5f1xxmxm3|03|org"; nocase; ) # bcoy3o1tdelr112s3j0f6ly9th.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcoy3o1tdelr112s3j0f6ly9th|03|biz"; nocase; ) # evz4pzyv4bux1ctt4pq1e9kmol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|evz4pzyv4bux1ctt4pq1e9kmol|03|com"; nocase; ) # 8p9vw31364v68lh3ill6qfgr9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8p9vw31364v68lh3ill6qfgr9|03|net"; nocase; ) # x2mzat1psz5q412x4eec1kxitzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x2mzat1psz5q412x4eec1kxitzw|03|net"; nocase; ) # 1f74p0r1xq6ohp17b6aqk1ao4n5k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f74p0r1xq6ohp17b6aqk1ao4n5k|03|org"; nocase; ) # qd9v3s15tyto51d5ex911r774zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qd9v3s15tyto51d5ex911r774zh|03|net"; nocase; ) # 14qs2vx1jlkdsonx6mj1qd4c7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14qs2vx1jlkdsonx6mj1qd4c7c|03|net"; nocase; ) # g3hzm8b7eu8q13fnjna19h7ayn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g3hzm8b7eu8q13fnjna19h7ayn|03|net"; nocase; ) # av29yj1wo853r8r8r0yvau9m5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000006999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|av29yj1wo853r8r8r0yvau9m5|03|org"; nocase; ) # dzvdo7hhm6dp1htd0yfb4w43f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzvdo7hhm6dp1htd0yfb4w43f|03|com"; nocase; ) # 1cdfs0v1knli7s1ioi1pr13z49rc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cdfs0v1knli7s1ioi1pr13z49rc|03|net"; nocase; ) # e9u2z01ksfdh7dznm9tvwq5bb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9u2z01ksfdh7dznm9tvwq5bb|03|biz"; nocase; ) # 1h9280hksq1yg12xnpgf17q2q6z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h9280hksq1yg12xnpgf17q2q6z|03|org"; nocase; ) # 22bqeul5n39n13qg0jk8xkqy5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|22bqeul5n39n13qg0jk8xkqy5|03|net"; nocase; ) # 173m0eg1k4liq81oqpi7xbn1d7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173m0eg1k4liq81oqpi7xbn1d7h|03|org"; nocase; ) # j2fekk1da4jgd16kkoyf1jyz5zj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j2fekk1da4jgd16kkoyf1jyz5zj|03|com"; nocase; ) # 1c1fq011tam1dc12n29qd11n3yil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c1fq011tam1dc12n29qd11n3yil|03|net"; nocase; ) # 16cehybnba8fk1rg7bzc13a4kp4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16cehybnba8fk1rg7bzc13a4kp4|03|com"; nocase; ) # yzei9o12fyajw1mgzyj21qj6biz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yzei9o12fyajw1mgzyj21qj6biz|03|com"; nocase; ) # aw8k9hyr1vc7i2hhnsko0a4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aw8k9hyr1vc7i2hhnsko0a4x|03|net"; nocase; ) # 7wqnn3vxu8m9mky8ph6eugp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|7wqnn3vxu8m9mky8ph6eugp|03|org"; nocase; ) # 3eyrun1g5bcg41jys1is1nlpvnk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3eyrun1g5bcg41jys1is1nlpvnk|03|net"; nocase; ) # ikxenzh1cz0uk3krlq5aukzd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ikxenzh1cz0uk3krlq5aukzd|03|net"; nocase; ) # biif6np9t3iz1ie8xyrfwqicy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|biif6np9t3iz1ie8xyrfwqicy|03|org"; nocase; ) # y5w0xoeo24ndg1bxi61st9bh3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y5w0xoeo24ndg1bxi61st9bh3|03|org"; nocase; ) # 1xq66sa19nihvhyy221t191yl4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xq66sa19nihvhyy221t191yl4v|03|net"; nocase; ) # rlkamqy0st9t1rnrmfb5ys6m8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rlkamqy0st9t1rnrmfb5ys6m8|03|org"; nocase; ) # ps954anivxk1yh89rioze1z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ps954anivxk1yh89rioze1z4|03|org"; nocase; ) # 1cu8a491t754fd1em564tu4obvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cu8a491t754fd1em564tu4obvc|03|biz"; nocase; ) # 1stgv99z1fsir1uq2h93opojja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1stgv99z1fsir1uq2h93opojja|03|net"; nocase; ) # 1suut9j4gefxf1wcxnm2du2l9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1suut9j4gefxf1wcxnm2du2l9l|03|net"; nocase; ) # 1tkqeu6zp3g719mvd8or44kjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tkqeu6zp3g719mvd8or44kjd|03|org"; nocase; ) # 1c5ekz11ra3n511sveeqo1stizd2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c5ekz11ra3n511sveeqo1stizd2|03|org"; nocase; ) # 1b2l59p7q7w4t3q3e52i14ddl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b2l59p7q7w4t3q3e52i14ddl|03|org"; nocase; ) # c66nbx17atny216vhkvg1xcbfvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c66nbx17atny216vhkvg1xcbfvn|03|net"; nocase; ) # 1qgbos51yk7ig9iyoq59czafvp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qgbos51yk7ig9iyoq59czafvp|03|com"; nocase; ) # u3qcym1fqog3pl74a8jvk4p25.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u3qcym1fqog3pl74a8jvk4p25|03|biz"; nocase; ) # 5q12nuxwkdb01644tgr4zh0ie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5q12nuxwkdb01644tgr4zh0ie|03|com"; nocase; ) # 1uoasip4j26ed15xe2o0ffslbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uoasip4j26ed15xe2o0ffslbj|03|com"; nocase; ) # 1k5r34urct4g21n6mh8w14cczp3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k5r34urct4g21n6mh8w14cczp3|03|net"; nocase; ) # 7vn87y81nt9uvfeprb1p6qbhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7vn87y81nt9uvfeprb1p6qbhf|03|com"; nocase; ) # 1th6k0m3hbehr15qp57l13cvccj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1th6k0m3hbehr15qp57l13cvccj|03|biz"; nocase; ) # e88bvnots44e1uwr2dn1aqiuzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e88bvnots44e1uwr2dn1aqiuzk|03|net"; nocase; ) # 1ny9jl391w98x1scoagw1nacwf9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ny9jl391w98x1scoagw1nacwf9|03|com"; nocase; ) # 1lzpyea1c163n51fvb1421o9xn5l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lzpyea1c163n51fvb1421o9xn5l|03|biz"; nocase; ) # 1xhkz26cotsj0k01rhhcz85qn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xhkz26cotsj0k01rhhcz85qn|03|net"; nocase; ) # pzde7uilxt4veb5r761wtnkl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pzde7uilxt4veb5r761wtnkl3|03|org"; nocase; ) # bdvk1h1rf7bts1mn8eijqxrz4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bdvk1h1rf7bts1mn8eijqxrz4d|03|com"; nocase; ) # 19jvfczjq34gk1mhv8e3x7vc71.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19jvfczjq34gk1mhv8e3x7vc71|03|biz"; nocase; ) # 1tvl2lmj5rch414lqrsl1bvxc6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tvl2lmj5rch414lqrsl1bvxc6t|03|net"; nocase; ) # 1i5ggnmk6x3io19fgf7g1x345o6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i5ggnmk6x3io19fgf7g1x345o6|03|net"; nocase; ) # 11lwqx51lz3tqg1npasmte5hp9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11lwqx51lz3tqg1npasmte5hp9b|03|org"; nocase; ) # 139i34g1whqsvd1k89glvzoa2za.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|139i34g1whqsvd1k89glvzoa2za|03|org"; nocase; ) # feqrgrzpx4wd7liejcah0t7j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|feqrgrzpx4wd7liejcah0t7j|03|biz"; nocase; ) # k7vaej2x6hev1cith8cn14ejl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k7vaej2x6hev1cith8cn14ejl|03|org"; nocase; ) # 1upxwaz1ohgn3m1bmd6jv3c99s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1upxwaz1ohgn3m1bmd6jv3c99s|03|org"; nocase; ) # 612sekwoee1u4v4guo1cg8oa2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|612sekwoee1u4v4guo1cg8oa2|03|net"; nocase; ) # 9e5xc115zsea310onjv81fl4kos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9e5xc115zsea310onjv81fl4kos|03|com"; nocase; ) # llic5k199xzp66p35gk196fx4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|llic5k199xzp66p35gk196fx4j|03|com"; nocase; ) # 1oth6spu4fbag1jqy5pbvvlvkw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oth6spu4fbag1jqy5pbvvlvkw|03|com"; nocase; ) # 1nnu1hhfuw6ax1yecz34prbpr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nnu1hhfuw6ax1yecz34prbpr|03|net"; nocase; ) # 1tkwgel1jv7qngpcsrzblmmhe2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tkwgel1jv7qngpcsrzblmmhe2|03|com"; nocase; ) # haocna18yrnuvjgtlyq9lk9w7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|haocna18yrnuvjgtlyq9lk9w7|03|net"; nocase; ) # 119gvpnojtxg21vdy7fjf3x9h8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119gvpnojtxg21vdy7fjf3x9h8|03|net"; nocase; ) # 1ynjtu4yt3ybezsvi801se67h4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ynjtu4yt3ybezsvi801se67h4|03|org"; nocase; ) # srunihlzm5mq6aalg21m91doj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|srunihlzm5mq6aalg21m91doj|03|net"; nocase; ) # 135kb0g1ehmtpl1czqhenrz3zlp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|135kb0g1ehmtpl1czqhenrz3zlp|03|org"; nocase; ) # 1mns2m9gswai1gj1sjf1dnocwu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mns2m9gswai1gj1sjf1dnocwu|03|com"; nocase; ) # 1vdifhi1lv4ylp1cwnif11qvqa7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vdifhi1lv4ylp1cwnif11qvqa7x|03|org"; nocase; ) # 19n1j6w1iawa9yd6953gw9colv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19n1j6w1iawa9yd6953gw9colv|03|com"; nocase; ) # 1rzpecw12ari9717s64lycv0g7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rzpecw12ari9717s64lycv0g7m|03|net"; nocase; ) # mixoo9wiq71rvwpo0lc7qbsn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mixoo9wiq71rvwpo0lc7qbsn|03|org"; nocase; ) # 84r7sz1ggamv3tmiel9hi5oq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|84r7sz1ggamv3tmiel9hi5oq|03|org"; nocase; ) # kfe8i81r0ww2xa3qakepxcw8q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kfe8i81r0ww2xa3qakepxcw8q|03|net"; nocase; ) # felopgnlk9scm4qdw317sewbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|felopgnlk9scm4qdw317sewbp|03|com"; nocase; ) # 1lcj0q5x5q73vp5tfpy15qevmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lcj0q5x5q73vp5tfpy15qevmt|03|org"; nocase; ) # x2c5v0yfmuly1d93ljqpqshjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x2c5v0yfmuly1d93ljqpqshjn|03|org"; nocase; ) # 1x6k7s5og2ncj17l4bfu112bdta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x6k7s5og2ncj17l4bfu112bdta|03|com"; nocase; ) # lpaa7y1ofvh8y11hl60f1vvdltx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lpaa7y1ofvh8y11hl60f1vvdltx|03|net"; nocase; ) # 1fq279movr9trcw679gfuewy6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fq279movr9trcw679gfuewy6|03|org"; nocase; ) # 1uq54ys60p3ro13irwy214o8t0w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uq54ys60p3ro13irwy214o8t0w|03|biz"; nocase; ) # rzey8b2fy30d19onz6s11z3lry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rzey8b2fy30d19onz6s11z3lry|03|com"; nocase; ) # 1egj75tbc47z21ons3509uu4iy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egj75tbc47z21ons3509uu4iy|03|net"; nocase; ) # qxu83a1n6pfua1y0dcxo1wrz6r8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qxu83a1n6pfua1y0dcxo1wrz6r8|03|org"; nocase; ) # a63xkv1b470g51v7l48w16jpp36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a63xkv1b470g51v7l48w16jpp36|03|org"; nocase; ) # z28a131ubagyoq632x21pxicww.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z28a131ubagyoq632x21pxicww|03|biz"; nocase; ) # 1avvsve9af4kxw5ckx2h1pqgl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1avvsve9af4kxw5ckx2h1pqgl|03|org"; nocase; ) # 1tx1m5c1c1ukyz1bqo0nc1rewdls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tx1m5c1c1ukyz1bqo0nc1rewdls|03|com"; nocase; ) # 1lox4tg1wstm467do8c611uqm4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lox4tg1wstm467do8c611uqm4t|03|net"; nocase; ) # kpa6651qp7zrpooalx41yp2cwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kpa6651qp7zrpooalx41yp2cwk|03|com"; nocase; ) # 1kuepje1evyaa3di3fjov2uk3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kuepje1evyaa3di3fjov2uk3|03|biz"; nocase; ) # ef24bkg5y8z35bcqw74cxj0t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ef24bkg5y8z35bcqw74cxj0t|03|com"; nocase; ) # 1np2jl21mdj7x913moxvxap4y37.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1np2jl21mdj7x913moxvxap4y37|03|org"; nocase; ) # 1umc6mf1pgb6ml1ls1pw58fsr2q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1umc6mf1pgb6ml1ls1pw58fsr2q|03|org"; nocase; ) # 1us9mf26rjee910icbau2cyyy3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1us9mf26rjee910icbau2cyyy3|03|com"; nocase; ) # 1vc12eyvnu5th1ob3sya1tldjdu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vc12eyvnu5th1ob3sya1tldjdu|03|org"; nocase; ) # oqkljxckfgvnozslpv1xn3gbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oqkljxckfgvnozslpv1xn3gbl|03|org"; nocase; ) # 1u2odu51wfmjjkzhnpwuv38khj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u2odu51wfmjjkzhnpwuv38khj|03|com"; nocase; ) # 1n17oqv1rzrcgt1d09api120e27.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n17oqv1rzrcgt1d09api120e27|03|biz"; nocase; ) # 7u7hce1ww6bfy1vr7tincakwk6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7u7hce1ww6bfy1vr7tincakwk6|03|biz"; nocase; ) # xdg35vcb4lds16gple512ohatl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xdg35vcb4lds16gple512ohatl|03|com"; nocase; ) # 2lyq55tu7iz33mrebo107rcnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2lyq55tu7iz33mrebo107rcnm|03|net"; nocase; ) # 1frif9r1f38gztxi2sja1glclow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1frif9r1f38gztxi2sja1glclow|03|com"; nocase; ) # zhy6q01vmtf108lp2mi1smixc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhy6q01vmtf108lp2mi1smixc3|03|net"; nocase; ) # y0q5gb194zor7xgsp7juleswi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y0q5gb194zor7xgsp7juleswi|03|biz"; nocase; ) # 1dv33x61ehodxxhz0l0gyvh9gq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dv33x61ehodxxhz0l0gyvh9gq|03|com"; nocase; ) # 1jmstku1l94zb91w9v1fkfztqo8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmstku1l94zb91w9v1fkfztqo8|03|com"; nocase; ) # 9m8yy7awdcii1nupu53725syz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9m8yy7awdcii1nupu53725syz|03|net"; nocase; ) # 17h566onlvoag1cjnb1ttochc0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17h566onlvoag1cjnb1ttochc0|03|net"; nocase; ) # ktntas1ipib3pcw8nvy29nitf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ktntas1ipib3pcw8nvy29nitf|03|biz"; nocase; ) # q3madzdu8kqp1s7zx2j16sl5is.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q3madzdu8kqp1s7zx2j16sl5is|03|net"; nocase; ) # 1tpy65x1ekhvvq684j8cwbxyb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tpy65x1ekhvvq684j8cwbxyb1|03|com"; nocase; ) # 12bbr6g12gl6n0etsa3375y0gh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12bbr6g12gl6n0etsa3375y0gh|03|org"; nocase; ) # qrnmt98n5i2l19dpotzhb29u8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qrnmt98n5i2l19dpotzhb29u8|03|net"; nocase; ) # isvsl51dzsn8f187xh94casm57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|isvsl51dzsn8f187xh94casm57|03|com"; nocase; ) # 4psmx119qxt0v15tm89u1we7554.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4psmx119qxt0v15tm89u1we7554|03|biz"; nocase; ) # 2hsime1eh3s9igpuylzlv8k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|2hsime1eh3s9igpuylzlv8k|03|net"; nocase; ) # 180ak6g17w5dkvgntj1wm99f9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|180ak6g17w5dkvgntj1wm99f9|03|org"; nocase; ) # li44j6ehcq0w16cpqnh11h17kk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|li44j6ehcq0w16cpqnh11h17kk|03|biz"; nocase; ) # 4c84v01dtpxtepi3cv12e5ebw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4c84v01dtpxtepi3cv12e5ebw|03|com"; nocase; ) # 1o0pw9qwwri3l1qpld5xx9nkrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o0pw9qwwri3l1qpld5xx9nkrt|03|org"; nocase; ) # m4sr1hezlfz7dme5rnbamoy6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m4sr1hezlfz7dme5rnbamoy6|03|net"; nocase; ) # pjn9igjhwfew1urwwy13xsvia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pjn9igjhwfew1urwwy13xsvia|03|com"; nocase; ) # a6gd7i1ol65ly1me9djb1r3hwv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a6gd7i1ol65ly1me9djb1r3hwv7|03|net"; nocase; ) # 754fhicn8ty9ivl0nr17qj5hi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|754fhicn8ty9ivl0nr17qj5hi|03|com"; nocase; ) # qicz43tvacph7f0zgo126t6lk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qicz43tvacph7f0zgo126t6lk|03|net"; nocase; ) # 136z8vsff9e7n1f6mo881jr6dw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136z8vsff9e7n1f6mo881jr6dw|03|org"; nocase; ) # y8t7f9qpllk1c5fj5hi1wwrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y8t7f9qpllk1c5fj5hi1wwrv|03|com"; nocase; ) # 1rowdalsgfxcs1ttw8131g4f87g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rowdalsgfxcs1ttw8131g4f87g|03|net"; nocase; ) # 14804801sy2zn41bmoxvw1qhpaya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14804801sy2zn41bmoxvw1qhpaya|03|net"; nocase; ) # 16whpegzit70rod7do1ict5mb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16whpegzit70rod7do1ict5mb|03|net"; nocase; ) # bees0g1iolb5i1pc3o30hbevw1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bees0g1iolb5i1pc3o30hbevw1|03|com"; nocase; ) # 19hxvzb1eehy2cj525331y088pe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19hxvzb1eehy2cj525331y088pe|03|org"; nocase; ) # 4qwaii1qc36ih14m0aa1dytkuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4qwaii1qc36ih14m0aa1dytkuz|03|net"; nocase; ) # 1hpxihu1n7gv741wxxwh91b59dl0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hpxihu1n7gv741wxxwh91b59dl0|03|biz"; nocase; ) # e7ggnc8tzm301x4q13s1ysmvr9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7ggnc8tzm301x4q13s1ysmvr9|03|org"; nocase; ) # gmrl5tf4y934vbdzrh12kjuwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gmrl5tf4y934vbdzrh12kjuwe|03|net"; nocase; ) # uly4lb1xjq138olbeyt146wzxj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uly4lb1xjq138olbeyt146wzxj|03|org"; nocase; ) # j7hay63jm99nn7g7p7wsns41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j7hay63jm99nn7g7p7wsns41|03|net"; nocase; ) # 1cike8q1vdx7uh17b18wk137qrfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cike8q1vdx7uh17b18wk137qrfu|03|com"; nocase; ) # 6r9lgm1vug2yb53t01urkxkb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6r9lgm1vug2yb53t01urkxkb|03|com"; nocase; ) # m9f2pa1ml3l8b15dw3w3rgaj6f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m9f2pa1ml3l8b15dw3w3rgaj6f|03|biz"; nocase; ) # 121zscojnolovosdrru1lqqold.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|121zscojnolovosdrru1lqqold|03|org"; nocase; ) # 13ln8ni1iqjg8vejr6obuxac6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ln8ni1iqjg8vejr6obuxac6n|03|net"; nocase; ) # 1weg06mpbcnix1l2gpdp9vom83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1weg06mpbcnix1l2gpdp9vom83|03|com"; nocase; ) # qg5szy120l1wy1s1d21fsf0dnw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qg5szy120l1wy1s1d21fsf0dnw|03|org"; nocase; ) # 1koobdbc6moa0c8lcjo16dszc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1koobdbc6moa0c8lcjo16dszc1|03|net"; nocase; ) # 142fu4a1ir7zpa1n85h0o1rwh9sq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|142fu4a1ir7zpa1n85h0o1rwh9sq|03|biz"; nocase; ) # xiru3c1ipmmtmbnrqod1yzy9bd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xiru3c1ipmmtmbnrqod1yzy9bd|03|net"; nocase; ) # 10zh1op15x1us419vdzvi17z9w9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10zh1op15x1us419vdzvi17z9w9x|03|net"; nocase; ) # 1jbru4f4cxwl1ws3wxz17o03y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jbru4f4cxwl1ws3wxz17o03y|03|com"; nocase; ) # 19jzrq75avldxvc3h5p1czaxeh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19jzrq75avldxvc3h5p1czaxeh|03|net"; nocase; ) # 1wocj807ycw8dybcyadzob8ux.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wocj807ycw8dybcyadzob8ux|03|biz"; nocase; ) # 190v3eb1kzmp7k1l0m7tc1p8b8wv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|190v3eb1kzmp7k1l0m7tc1p8b8wv|03|org"; nocase; ) # 1ec8sqc1mcag2r1ohm0c11tgq472.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ec8sqc1mcag2r1ohm0c11tgq472|03|com"; nocase; ) # 5wjuefa2cphkur37dd1boskk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5wjuefa2cphkur37dd1boskk9|03|net"; nocase; ) # iilewer4k991aeed7j1hxguqp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iilewer4k991aeed7j1hxguqp|03|org"; nocase; ) # pvjs3pw6azfw89guz1ysk8x2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pvjs3pw6azfw89guz1ysk8x2|03|com"; nocase; ) # 1r8eq3k1k87enb217mmnrju074.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8eq3k1k87enb217mmnrju074|03|net"; nocase; ) # x82pfc1xlwupc1r2ci4uge33fs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x82pfc1xlwupc1r2ci4uge33fs|03|org"; nocase; ) # 16n5em01aor83s1x0yvjv1sbqvd9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16n5em01aor83s1x0yvjv1sbqvd9|03|biz"; nocase; ) # tgsqym1xmrcs3f9q3omo972b4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tgsqym1xmrcs3f9q3omo972b4|03|org"; nocase; ) # q9jdxew9rgg1tlebcabku9xp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q9jdxew9rgg1tlebcabku9xp|03|org"; nocase; ) # 1fmdnkz12uh8gh94d7b51ynal9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fmdnkz12uh8gh94d7b51ynal9q|03|com"; nocase; ) # qyt94kvj0dil24ryrs1x766vn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qyt94kvj0dil24ryrs1x766vn|03|com"; nocase; ) # 17btzv7w3cxipomijc4qe79qz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17btzv7w3cxipomijc4qe79qz|03|org"; nocase; ) # 18jz6bp14p1xoh1efg4fpg90630.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18jz6bp14p1xoh1efg4fpg90630|03|org"; nocase; ) # hhc21b1axptyo16oi9tm1q8nvk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hhc21b1axptyo16oi9tm1q8nvk8|03|net"; nocase; ) # 1a5hgtr1t2gu0l12rmx2q1a92b5k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a5hgtr1t2gu0l12rmx2q1a92b5k|03|com"; nocase; ) # 1b6xa2pn26flk1es2t4nek3pxa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b6xa2pn26flk1es2t4nek3pxa|03|net"; nocase; ) # 1ttel091d47t5z1ehrnaqcjcdt1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ttel091d47t5z1ehrnaqcjcdt1|03|net"; nocase; ) # 38587vs6oivm1lukk6t37xhhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|38587vs6oivm1lukk6t37xhhl|03|com"; nocase; ) # 1s99lzb1s285hu17iirw41ldf1fy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s99lzb1s285hu17iirw41ldf1fy|03|biz"; nocase; ) # 1se3qygnopbr81obk2dg1iuy5k7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1se3qygnopbr81obk2dg1iuy5k7|03|com"; nocase; ) # 173e8xf1huyjea1buatzz3expgi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173e8xf1huyjea1buatzz3expgi|03|biz"; nocase; ) # ojnvit1c5ofa6ssc12z1bufnap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ojnvit1c5ofa6ssc12z1bufnap|03|net"; nocase; ) # m681if1l3dkcw108flcxgm88y3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m681if1l3dkcw108flcxgm88y3|03|org"; nocase; ) # 1sl1gpm1ksdnwv1iwsgi71bebdtu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sl1gpm1ksdnwv1iwsgi71bebdtu|03|com"; nocase; ) # 1t5endbjydrz21qec1p392qlh0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5endbjydrz21qec1p392qlh0|03|net"; nocase; ) # 1dn45k111ku2m71vb6frs109bkfr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dn45k111ku2m71vb6frs109bkfr|03|net"; nocase; ) # 1a43dr516913zf1lgryf41lcygdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a43dr516913zf1lgryf41lcygdi|03|net"; nocase; ) # q9u2zvmk7ddihn5m931lea1hj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q9u2zvmk7ddihn5m931lea1hj|03|org"; nocase; ) # 18srxg41pg0tkn1ubji9a1aan2hg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18srxg41pg0tkn1ubji9a1aan2hg|03|net"; nocase; ) # x6c0j51wv2exaci9t2x1gghvgl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x6c0j51wv2exaci9t2x1gghvgl|03|org"; nocase; ) # uyvedcep9xid1qh4k6b4cwlau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uyvedcep9xid1qh4k6b4cwlau|03|net"; nocase; ) # 1b8tqw43yf46yqcgxr4t6ygzw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b8tqw43yf46yqcgxr4t6ygzw|03|org"; nocase; ) # 1ytn1fw1lsnbk8eq1198agthov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ytn1fw1lsnbk8eq1198agthov|03|com"; nocase; ) # kp1uby1wt7ptb1hjnlcuh4afz7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kp1uby1wt7ptb1hjnlcuh4afz7|03|net"; nocase; ) # 1bib9t615n1etq1tauvbjnfzqzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bib9t615n1etq1tauvbjnfzqzo|03|com"; nocase; ) # 1hgfoty54ypoznuqq7b1r31g5x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hgfoty54ypoznuqq7b1r31g5x|03|biz"; nocase; ) # 1dhzz4119ea2u71rtifssna02e6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dhzz4119ea2u71rtifssna02e6|03|com"; nocase; ) # 1bzj12vwx6alf17qzw4i1fu2ytq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bzj12vwx6alf17qzw4i1fu2ytq|03|net"; nocase; ) # p03t1s1awysb6191nbbef7vd4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p03t1s1awysb6191nbbef7vd4i|03|net"; nocase; ) # 1lsy4sq1z58j31g2js181d7hzjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsy4sq1z58j31g2js181d7hzjd|03|biz"; nocase; ) # agrfnyo0738hwh73kq5tvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|agrfnyo0738hwh73kq5tvn|03|com"; nocase; ) # 7iw04e8fjfd31tyuka9kuzsz5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7iw04e8fjfd31tyuka9kuzsz5|03|net"; nocase; ) # z6wxtq199xv2w1tjk6om1aw0t3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z6wxtq199xv2w1tjk6om1aw0t3|03|net"; nocase; ) # hlc94s4vx3kh3xbnko8m557m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hlc94s4vx3kh3xbnko8m557m|03|org"; nocase; ) # xx090q19tfduccxa2cqstyeg4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xx090q19tfduccxa2cqstyeg4|03|com"; nocase; ) # 1p697zh1sywz3f1utxf6k1yh4310.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p697zh1sywz3f1utxf6k1yh4310|03|biz"; nocase; ) # uez4q1j1ives1f0bftoh0cca8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uez4q1j1ives1f0bftoh0cca8|03|org"; nocase; ) # 1ty0cf017g84zt18acfdnkn9dum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ty0cf017g84zt18acfdnkn9dum|03|org"; nocase; ) # 1elx5xc5m8ewc1d1zjcf1yij8jg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elx5xc5m8ewc1d1zjcf1yij8jg|03|biz"; nocase; ) # 1ewp4g0y5vm5v50k2gi1eb9i6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ewp4g0y5vm5v50k2gi1eb9i6z|03|net"; nocase; ) # 1rt8wd61w293jmw3255q15wf2br.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rt8wd61w293jmw3255q15wf2br|03|net"; nocase; ) # 14v7336jsdbxd1lro2py5phqct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14v7336jsdbxd1lro2py5phqct|03|com"; nocase; ) # 1wissox126kdhe1odunia1twudq3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wissox126kdhe1odunia1twudq3|03|net"; nocase; ) # aofvkb1qvino7bc7803ix8efo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aofvkb1qvino7bc7803ix8efo|03|net"; nocase; ) # 110b18lpi4vj61qqdvss1qxton7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|110b18lpi4vj61qqdvss1qxton7|03|org"; nocase; ) # 1vfk1x8bt5g5a10917ae1bjvcsu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfk1x8bt5g5a10917ae1bjvcsu|03|com"; nocase; ) # 1761i3qx2vd9w1h60tz51xmny72.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1761i3qx2vd9w1h60tz51xmny72|03|com"; nocase; ) # 1xslqe817vopz2zdaxsc16c3fag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xslqe817vopz2zdaxsc16c3fag|03|com"; nocase; ) # 160bhpv1lu92gp1titlc21lxyct2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|160bhpv1lu92gp1titlc21lxyct2|03|com"; nocase; ) # 1k7ynjf1ghgi401lb4mk117tsvkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k7ynjf1ghgi401lb4mk117tsvkl|03|net"; nocase; ) # 83p2501q8li9m1786fk2vrqq84.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|83p2501q8li9m1786fk2vrqq84|03|biz"; nocase; ) # 1mam3y8192lfte1x4fehs10qva8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mam3y8192lfte1x4fehs10qva8o|03|org"; nocase; ) # xedrgg12075uc1wg9fnu24hykb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xedrgg12075uc1wg9fnu24hykb|03|com"; nocase; ) # 1uysnvy1vd2akykeh4z0vk4vr8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uysnvy1vd2akykeh4z0vk4vr8|03|net"; nocase; ) # vo3gkzsizt5nec80arrcnwm6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vo3gkzsizt5nec80arrcnwm6|03|org"; nocase; ) # r1mr1h3hvu801p1beva1r72y4m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r1mr1h3hvu801p1beva1r72y4m|03|net"; nocase; ) # 1nfrgxwv4otqb5wlh07qnlbto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nfrgxwv4otqb5wlh07qnlbto|03|com"; nocase; ) # 1ni2t9b1w3q626abik071wlzjg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ni2t9b1w3q626abik071wlzjg5|03|org"; nocase; ) # td5l7k1kv1s011idgp6n1ojsjuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|td5l7k1kv1s011idgp6n1ojsjuk|03|net"; nocase; ) # 1wlvi8ftvcpyw12cn99q9ws4bx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlvi8ftvcpyw12cn99q9ws4bx|03|org"; nocase; ) # 1sl2hr81ruiiaidzek01xcqtno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sl2hr81ruiiaidzek01xcqtno|03|org"; nocase; ) # 1x81lx1xjhef511564lt19vulm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x81lx1xjhef511564lt19vulm6|03|net"; nocase; ) # 6ds9761s1t3bx1o87gpo11gjz1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ds9761s1t3bx1o87gpo11gjz1m|03|biz"; nocase; ) # 1fhoxj51o974pd8x723713597bk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fhoxj51o974pd8x723713597bk|03|com"; nocase; ) # m2vgzos92wb6bqjvnl1xupwcf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m2vgzos92wb6bqjvnl1xupwcf|03|net"; nocase; ) # 1x5oizsmjmont1yd7nnep1uvvi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5oizsmjmont1yd7nnep1uvvi|03|org"; nocase; ) # 177eg7owaoz871otx0o6kbi6zd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|177eg7owaoz871otx0o6kbi6zd|03|net"; nocase; ) # 1qwld491io4cvbzjequ91uo4260.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwld491io4cvbzjequ91uo4260|03|com"; nocase; ) # c6t2xyty6f1t1pb6j5813u3b2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c6t2xyty6f1t1pb6j5813u3b2v|03|org"; nocase; ) # 1mu4g0s8u1op71g54jus15u4089.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mu4g0s8u1op71g54jus15u4089|03|biz"; nocase; ) # 1lxc4au1fx036e1eqg4ar1r3iooy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxc4au1fx036e1eqg4ar1r3iooy|03|biz"; nocase; ) # b5zisf16zqr5l3utr1t1l77tte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b5zisf16zqr5l3utr1t1l77tte|03|net"; nocase; ) # m4dhmb1eg3qdt1y07ks65t4bij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m4dhmb1eg3qdt1y07ks65t4bij|03|biz"; nocase; ) # 16xfxvs1tucasw1lad89ggf8ytk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xfxvs1tucasw1lad89ggf8ytk|03|com"; nocase; ) # 1wubswe16x9xdv15tru4b1ggz79m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wubswe16x9xdv15tru4b1ggz79m|03|net"; nocase; ) # 1go9luyrvrx6vgmue7f125nrsh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1go9luyrvrx6vgmue7f125nrsh|03|biz"; nocase; ) # 14gm2drvqzkl76zunkm10y7brj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14gm2drvqzkl76zunkm10y7brj|03|net"; nocase; ) # 1y2wcl711f1x76g2384gm6wpv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2wcl711f1x76g2384gm6wpv0|03|net"; nocase; ) # 1rcgjdl13uxyl217niitq1mxrl3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rcgjdl13uxyl217niitq1mxrl3x|03|biz"; nocase; ) # amjypx1mxe591pee1pq1dzfq64.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|amjypx1mxe591pee1pq1dzfq64|03|biz"; nocase; ) # 3ytuoq1p9tf9ke3i8ym1iskd7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ytuoq1p9tf9ke3i8ym1iskd7b|03|com"; nocase; ) # 4kku531n131rj16e2g4s6nxv99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4kku531n131rj16e2g4s6nxv99|03|org"; nocase; ) # 1hzafx31uytgg11yapru4bkz65y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hzafx31uytgg11yapru4bkz65y|03|com"; nocase; ) # rfczro6g4dyj4rao2esfa42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|rfczro6g4dyj4rao2esfa42|03|org"; nocase; ) # 12khbuo1e30u9o1rrsjuo1597oij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12khbuo1e30u9o1rrsjuo1597oij|03|com"; nocase; ) # 121bm1etdvp5ssv7r81c7bi12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|121bm1etdvp5ssv7r81c7bi12|03|com"; nocase; ) # unhd0x12cjfgj1sozzl9hn5cn8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|unhd0x12cjfgj1sozzl9hn5cn8|03|org"; nocase; ) # 1t5bi9819m0c36x13fd3yjz1e9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5bi9819m0c36x13fd3yjz1e9|03|net"; nocase; ) # 1mwlkp74rb5cf15wep4mhiccg8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mwlkp74rb5cf15wep4mhiccg8|03|com"; nocase; ) # kjba7rfdxiij1v0d4sb1a70hck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kjba7rfdxiij1v0d4sb1a70hck|03|net"; nocase; ) # hk0gq019yucrh1bqcfrdkxecvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hk0gq019yucrh1bqcfrdkxecvc|03|org"; nocase; ) # 1df1agjrddzxhnsmx2r1ai55ff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1df1agjrddzxhnsmx2r1ai55ff|03|org"; nocase; ) # zg9a6d1rt3b5l1yh96ow1qiuygf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zg9a6d1rt3b5l1yh96ow1qiuygf|03|com"; nocase; ) # 1eg7dtr1tgzbc21crviufj0g3m1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eg7dtr1tgzbc21crviufj0g3m1|03|net"; nocase; ) # p6w9wy1bzmcknze4gfaq4id6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p6w9wy1bzmcknze4gfaq4id6|03|com"; nocase; ) # hu5q4vk56hbdni4vh6127yeay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hu5q4vk56hbdni4vh6127yeay|03|org"; nocase; ) # 12rozoposmt6512zxmja1gdb72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12rozoposmt6512zxmja1gdb72|03|org"; nocase; ) # 145qlql9134tb1eecqew1tx6gye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|145qlql9134tb1eecqew1tx6gye|03|com"; nocase; ) # 1phxer7hff05zkltgrc10uxnxh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1phxer7hff05zkltgrc10uxnxh|03|org"; nocase; ) # 1pzbs681em0otcg3ua0l1kscdbv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pzbs681em0otcg3ua0l1kscdbv|03|biz"; nocase; ) # 1ucl24l1016ap0rrdveq1goihjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ucl24l1016ap0rrdveq1goihjc|03|com"; nocase; ) # 1928wfn11zs14lf9c1aa13jd38x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1928wfn11zs14lf9c1aa13jd38x|03|biz"; nocase; ) # 18gxm9mepe3y144ig5y10l647j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18gxm9mepe3y144ig5y10l647j|03|org"; nocase; ) # 12ibedb12qky41gpqdllfz5p1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12ibedb12qky41gpqdllfz5p1f|03|org"; nocase; ) # oia0b5e5d6ca14kb23n805vs2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oia0b5e5d6ca14kb23n805vs2|03|biz"; nocase; ) # phgzso1xdgqdx18t4lbbl6mq9t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|phgzso1xdgqdx18t4lbbl6mq9t|03|com"; nocase; ) # j6o2bankdr7hkemk1kwcw4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|j6o2bankdr7hkemk1kwcw4w|03|net"; nocase; ) # fasocu1m1boe21re5l5vadw8hi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fasocu1m1boe21re5l5vadw8hi|03|net"; nocase; ) # 763t8k1mtxi4y1654tv416zuwvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|763t8k1mtxi4y1654tv416zuwvh|03|org"; nocase; ) # 14e8v641ejg99g1v07x261x55vbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14e8v641ejg99g1v07x261x55vbn|03|com"; nocase; ) # 13yyoyd1yp8zvzv4wtzg1kl937.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13yyoyd1yp8zvzv4wtzg1kl937|03|net"; nocase; ) # 3ev7hv1tdtzg11j5g7vfz75ufw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ev7hv1tdtzg11j5g7vfz75ufw|03|net"; nocase; ) # q585k41h6k4fv711y5716228cr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q585k41h6k4fv711y5716228cr|03|biz"; nocase; ) # 1tvp5qc16uv85my9rl791twgjnd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tvp5qc16uv85my9rl791twgjnd|03|net"; nocase; ) # 14v950zntxds0xkgk1noht0dm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14v950zntxds0xkgk1noht0dm|03|biz"; nocase; ) # 9sw17wplvbpc14gad2i9pqqfq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9sw17wplvbpc14gad2i9pqqfq|03|org"; nocase; ) # x0pluv1q3joay1uqpbumi35855.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x0pluv1q3joay1uqpbumi35855|03|com"; nocase; ) # 15euo8e4xnszf1m4ld2p1b9006f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15euo8e4xnszf1m4ld2p1b9006f|03|biz"; nocase; ) # bhjmy1pt4twegkggaw16iu22q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bhjmy1pt4twegkggaw16iu22q|03|org"; nocase; ) # uyydu018arw0g10zwulq1luvsw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uyydu018arw0g10zwulq1luvsw|03|biz"; nocase; ) # y8sbzh18x7k1l8j04w1v8fjza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y8sbzh18x7k1l8j04w1v8fjza|03|com"; nocase; ) # z8ln635vp2y3176cyza1cs4ac9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z8ln635vp2y3176cyza1cs4ac9|03|com"; nocase; ) # gt0vdm8efap6qgpdfxneldur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gt0vdm8efap6qgpdfxneldur|03|net"; nocase; ) # o8mdt1ryheb11nnh86z93f231.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o8mdt1ryheb11nnh86z93f231|03|com"; nocase; ) # 1homjf713v9jyec4woov1yggp3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1homjf713v9jyec4woov1yggp3t|03|org"; nocase; ) # h0w6b6rbdyz7in3pl6smaa70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h0w6b6rbdyz7in3pl6smaa70|03|net"; nocase; ) # 1ibwo6tnbqiq03xsuw7jrsulb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ibwo6tnbqiq03xsuw7jrsulb|03|com"; nocase; ) # 1kmvtvu4maclomc6wmgzaodx2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kmvtvu4maclomc6wmgzaodx2|03|net"; nocase; ) # gwvh661advrcrf1nruh1flrb8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gwvh661advrcrf1nruh1flrb8g|03|org"; nocase; ) # 1rhdj9e8ns74hyxl30qob857.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1rhdj9e8ns74hyxl30qob857|03|com"; nocase; ) # j1q7py10yt8451mid5gp1gic5v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j1q7py10yt8451mid5gp1gic5v|03|com"; nocase; ) # zh8d4a2d1aw3se0osx18qryaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zh8d4a2d1aw3se0osx18qryaw|03|org"; nocase; ) # winijg1waq78t6fs1yl6g8v3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|winijg1waq78t6fs1yl6g8v3|03|com"; nocase; ) # 94wrx64z30e09nm9hb1ciy89k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94wrx64z30e09nm9hb1ciy89k|03|net"; nocase; ) # sy08qn1i30x0tar4q4y1ikx7ub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sy08qn1i30x0tar4q4y1ikx7ub|03|com"; nocase; ) # 1ikbon2mvaslb636ql1gojg0r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ikbon2mvaslb636ql1gojg0r|03|biz"; nocase; ) # 356mfi233tttxn3c2d1xwzbvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|356mfi233tttxn3c2d1xwzbvq|03|net"; nocase; ) # ced5uo1nqgcwx1efnmphq6puwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ced5uo1nqgcwx1efnmphq6puwr|03|org"; nocase; ) # y4pqox1d1lcgg1inam7218oeya9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y4pqox1d1lcgg1inam7218oeya9|03|org"; nocase; ) # bpldc61ds70jm2iofb9q5jdaf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpldc61ds70jm2iofb9q5jdaf|03|net"; nocase; ) # 1uchxey1l5x7q3ux7mfshu3xdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uchxey1l5x7q3ux7mfshu3xdg|03|com"; nocase; ) # 1qibtet9t7cd31419xk119pj35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qibtet9t7cd31419xk119pj35|03|org"; nocase; ) # 1zv0zq1gva3e01x2cmwkoyar9n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1zv0zq1gva3e01x2cmwkoyar9n|03|biz"; nocase; ) # 15bhesn1bqxy6x160ndeh1htovhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15bhesn1bqxy6x160ndeh1htovhq|03|com"; nocase; ) # ws5aae1g0820kgmutyk4rkr5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ws5aae1g0820kgmutyk4rkr5t|03|org"; nocase; ) # 1p172wm1b6nrcd116vg1e1o3btqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p172wm1b6nrcd116vg1e1o3btqv|03|org"; nocase; ) # hf92pw4jgnivb7eo01p7upwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hf92pw4jgnivb7eo01p7upwv|03|org"; nocase; ) # xzk0dum2kqcv1bmddr77klcgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzk0dum2kqcv1bmddr77klcgt|03|net"; nocase; ) # 1w5dm91f1ypqg16io3omwx33ft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w5dm91f1ypqg16io3omwx33ft|03|com"; nocase; ) # 1tfl0k3ykyqk31usxemv9omoo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tfl0k3ykyqk31usxemv9omoo1|03|net"; nocase; ) # 1bs8h9ag8jlypulxzc4t22tu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bs8h9ag8jlypulxzc4t22tu|03|net"; nocase; ) # k61juo19krxk11xsjt8y1qswqxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k61juo19krxk11xsjt8y1qswqxb|03|org"; nocase; ) # ny2ovdu8rnx5zwoqqt0suw2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ny2ovdu8rnx5zwoqqt0suw2|03|biz"; nocase; ) # 1b57ayqf93k2i8wvngie5yh29.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b57ayqf93k2i8wvngie5yh29|03|org"; nocase; ) # icce092i7lu113y2wki11cy5qu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|icce092i7lu113y2wki11cy5qu|03|com"; nocase; ) # imm2v01u19bzn11jub181ayc36e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|imm2v01u19bzn11jub181ayc36e|03|net"; nocase; ) # 7gv2q71isin1g3jnimi1q9fr2a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7gv2q71isin1g3jnimi1q9fr2a|03|net"; nocase; ) # xrkj12cavl211mejo131awejko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xrkj12cavl211mejo131awejko|03|net"; nocase; ) # c5w6261fup0ls32wmob1756qep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c5w6261fup0ls32wmob1756qep|03|net"; nocase; ) # 4gops0znv5b01cu8xyc1fk2rot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4gops0znv5b01cu8xyc1fk2rot|03|biz"; nocase; ) # 1r91ds11dou6qx1m4iaf08xwcuh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r91ds11dou6qx1m4iaf08xwcuh|03|org"; nocase; ) # 13dc76zqturmu1x2zwepghkhbt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13dc76zqturmu1x2zwepghkhbt|03|net"; nocase; ) # 1of3td21hn38vqzkxh7tkl51yn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1of3td21hn38vqzkxh7tkl51yn|03|com"; nocase; ) # 136ojp06dqz1013qtgb0knwu2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136ojp06dqz1013qtgb0knwu2r|03|biz"; nocase; ) # ol824at9xwxjfubk98183kfwo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ol824at9xwxjfubk98183kfwo|03|net"; nocase; ) # ueynnu1990g701mklnbc1rf73ws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ueynnu1990g701mklnbc1rf73ws|03|net"; nocase; ) # 13m8938f3okzzo5igt01bpwpcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13m8938f3okzzo5igt01bpwpcs|03|com"; nocase; ) # 1xqda13vy96dh1dn1vtmdu6za4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xqda13vy96dh1dn1vtmdu6za4|03|net"; nocase; ) # 1rzpx4p2fuw1d1droyhv1dim1ut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rzpx4p2fuw1d1droyhv1dim1ut|03|net"; nocase; ) # w7qaghgswlaf13hpwgc1r9ehup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w7qaghgswlaf13hpwgc1r9ehup|03|net"; nocase; ) # 1nio1eu1oy5bl6v4sxgm1lbz326.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nio1eu1oy5bl6v4sxgm1lbz326|03|com"; nocase; ) # 11lrtfs1uh71m18t3w6j76epxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11lrtfs1uh71m18t3w6j76epxq|03|com"; nocase; ) # 6992aa19761361nn96e817zivv5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6992aa19761361nn96e817zivv5|03|net"; nocase; ) # 1qsagtcq5xsbcimce7nn0ufpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qsagtcq5xsbcimce7nn0ufpo|03|com"; nocase; ) # 1qdir5r1f3leci1szfwe11xj88tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qdir5r1f3leci1szfwe11xj88tm|03|net"; nocase; ) # 1kcgpd8tslqk01foa9fb15mcbsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kcgpd8tslqk01foa9fb15mcbsx|03|net"; nocase; ) # 15g0se91s1er5r1du6u391u55vii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15g0se91s1er5r1du6u391u55vii|03|org"; nocase; ) # 1fadffx1t9usbu1uwl8py128y2mo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fadffx1t9usbu1uwl8py128y2mo|03|org"; nocase; ) # imidzr1vw69aa10wq1an1bo9btu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|imidzr1vw69aa10wq1an1bo9btu|03|biz"; nocase; ) # 17r68stpwa8pbfdyslw1021cz8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17r68stpwa8pbfdyslw1021cz8|03|org"; nocase; ) # n9jtf32w683yx53t2tj51404.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n9jtf32w683yx53t2tj51404|03|com"; nocase; ) # eu1vu0iu9ed7i9gsa0pusklx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eu1vu0iu9ed7i9gsa0pusklx|03|biz"; nocase; ) # 1imtqhs1de041w1jf2csz1e41slp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1imtqhs1de041w1jf2csz1e41slp|03|net"; nocase; ) # 2chlis1e125ih16r3izi1ml76aa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2chlis1e125ih16r3izi1ml76aa|03|org"; nocase; ) # a6o1d996vhovlem7831s3s2bq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a6o1d996vhovlem7831s3s2bq|03|biz"; nocase; ) # 162s8xs1iiz1cg19g6h4fqfhu1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|162s8xs1iiz1cg19g6h4fqfhu1w|03|net"; nocase; ) # 179gnr024ftot2p7ab71n5zymy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|179gnr024ftot2p7ab71n5zymy|03|org"; nocase; ) # 16b53n41uojt8k1x4hlkt125a0ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16b53n41uojt8k1x4hlkt125a0ia|03|net"; nocase; ) # 608ked1ep58x71i5mlyg5udjvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|608ked1ep58x71i5mlyg5udjvs|03|org"; nocase; ) # 1l5chbqimg30y10w0nn916i1a2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5chbqimg30y10w0nn916i1a2t|03|com"; nocase; ) # 18k0pad13bx0p9r8xwo31aioknk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k0pad13bx0p9r8xwo31aioknk|03|org"; nocase; ) # 7n4set151c809p8ems8ixpck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7n4set151c809p8ems8ixpck|03|net"; nocase; ) # ffigc2f0xnuedwzl931eb2eob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ffigc2f0xnuedwzl931eb2eob|03|com"; nocase; ) # qn9zim1i6u181kqhmdc1bsr5t3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qn9zim1i6u181kqhmdc1bsr5t3|03|net"; nocase; ) # djxait1p5zvywgvvl801gy1ife.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|djxait1p5zvywgvvl801gy1ife|03|com"; nocase; ) # tgxcnd15cq52n1wvrzd81y5zeed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tgxcnd15cq52n1wvrzd81y5zeed|03|com"; nocase; ) # ofswb2s1tw42buze80603ic5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ofswb2s1tw42buze80603ic5|03|net"; nocase; ) # 1nkx1phlu3u461kpkrhprgzwdc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nkx1phlu3u461kpkrhprgzwdc|03|biz"; nocase; ) # 156ytn7hf0kbkvvfl0n1a1ak98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156ytn7hf0kbkvvfl0n1a1ak98|03|com"; nocase; ) # kik6nj1e86idi1fjd9d5ao33h5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kik6nj1e86idi1fjd9d5ao33h5|03|org"; nocase; ) # 1wdxi3dnzunk61qfmz0dzvyrcl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wdxi3dnzunk61qfmz0dzvyrcl|03|org"; nocase; ) # 1j8pijh1fup2ri1f1wq82k50hs9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j8pijh1fup2ri1f1wq82k50hs9|03|com"; nocase; ) # j5792f1r26q9ytoht0a9ehyiy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j5792f1r26q9ytoht0a9ehyiy|03|org"; nocase; ) # 180otbp1aabfsp1a78mrcafqmbt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|180otbp1aabfsp1a78mrcafqmbt|03|biz"; nocase; ) # rg593w1ugbncy1od1xo51fswmrt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rg593w1ugbncy1od1xo51fswmrt|03|net"; nocase; ) # 14hsmn11amjc331616g4t1uwmldx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14hsmn11amjc331616g4t1uwmldx|03|net"; nocase; ) # clsrqt1slqcijntmylc1v4qvb5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|clsrqt1slqcijntmylc1v4qvb5|03|org"; nocase; ) # uodn241jw09dmc5bgnd1clsiip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uodn241jw09dmc5bgnd1clsiip|03|com"; nocase; ) # 1gk35ua15qk1u3cuqk251nl5m7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gk35ua15qk1u3cuqk251nl5m7q|03|net"; nocase; ) # hnk8701je7jxrwpmxd61gqbzjm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnk8701je7jxrwpmxd61gqbzjm|03|net"; nocase; ) # 2wn8e118yg1h1brp6vy8qvkhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2wn8e118yg1h1brp6vy8qvkhc|03|org"; nocase; ) # k8uh489k78xj1wddvph10qil77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k8uh489k78xj1wddvph10qil77|03|net"; nocase; ) # 10c65rwtvlqna1e7x9dtjfbpij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10c65rwtvlqna1e7x9dtjfbpij|03|net"; nocase; ) # 1cybdg1141ocecj0qc8o1qxo7ax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cybdg1141ocecj0qc8o1qxo7ax|03|biz"; nocase; ) # 5vrhdoe5uxxm73att2l5f51v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5vrhdoe5uxxm73att2l5f51v|03|com"; nocase; ) # 1j62yfflzpe51h7jpcz1rix27i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j62yfflzpe51h7jpcz1rix27i|03|com"; nocase; ) # 1xujokl7xzspn9u3akd16aww8k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xujokl7xzspn9u3akd16aww8k|03|com"; nocase; ) # 1xytq0q15znd1hhrzhi2j9kqmg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xytq0q15znd1hhrzhi2j9kqmg|03|org"; nocase; ) # 1vgg8yinnf1t74chaklgrtnz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgg8yinnf1t74chaklgrtnz3|03|com"; nocase; ) # 1c3b3kz1j4tekiyavoz5asuwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c3b3kz1j4tekiyavoz5asuwr|03|net"; nocase; ) # 16u88ow1usaaxi1rf3zpgvqz9t6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16u88ow1usaaxi1rf3zpgvqz9t6|03|net"; nocase; ) # 9n1dq010nl7xfmejgdrrp8gpg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9n1dq010nl7xfmejgdrrp8gpg|03|com"; nocase; ) # 1yzeidu15g3ns5109exji1s7pdox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yzeidu15g3ns5109exji1s7pdox|03|com"; nocase; ) # 8wpmgb1vulg741mve7s0h724uf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8wpmgb1vulg741mve7s0h724uf|03|biz"; nocase; ) # 16ducaxvnsb9ompzm6z6snvrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ducaxvnsb9ompzm6z6snvrv|03|net"; nocase; ) # 1s2eusm13wuajq1nweprb12iumv5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s2eusm13wuajq1nweprb12iumv5|03|com"; nocase; ) # 1xc5rckxllya2is9ocwew7i3a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xc5rckxllya2is9ocwew7i3a|03|biz"; nocase; ) # 1rcemq87qgqxwdix2gleijpkh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rcemq87qgqxwdix2gleijpkh|03|net"; nocase; ) # 85zarr11ji6hm1f6bb1hgg0i9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|85zarr11ji6hm1f6bb1hgg0i9f|03|net"; nocase; ) # 1lm607k1aa8ib8595vmi2uihng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lm607k1aa8ib8595vmi2uihng|03|net"; nocase; ) # 19wbt6e112l8jqcflvox1g1sp95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19wbt6e112l8jqcflvox1g1sp95|03|net"; nocase; ) # 6sdst4efds7vu20ohb1kf7a5m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sdst4efds7vu20ohb1kf7a5m|03|org"; nocase; ) # ynd4ba1h0rhsp11w5klc1144cb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ynd4ba1h0rhsp11w5klc1144cb8|03|net"; nocase; ) # rrwejgrqps951yd9wb81c9f9fu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rrwejgrqps951yd9wb81c9f9fu|03|net"; nocase; ) # 13alu0h1hymwn012q71a1emgnnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13alu0h1hymwn012q71a1emgnnv|03|biz"; nocase; ) # 8mkt8uzsao22er97ejlwbli5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8mkt8uzsao22er97ejlwbli5|03|com"; nocase; ) # 18gdxm1y46xny1a8a3sxj5pv5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18gdxm1y46xny1a8a3sxj5pv5t|03|net"; nocase; ) # v9bmgb1st3ks11wemqhb1wh3ewu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v9bmgb1st3ks11wemqhb1wh3ewu|03|net"; nocase; ) # g2uwdt1oodqgz1k95xq51ui7f7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g2uwdt1oodqgz1k95xq51ui7f7|03|biz"; nocase; ) # kvy6av1ayo8gihuphntkqeur0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kvy6av1ayo8gihuphntkqeur0|03|net"; nocase; ) # 1u5pa27yd7k93o3cug51w0d1lt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u5pa27yd7k93o3cug51w0d1lt|03|org"; nocase; ) # ehvkyq51yals1agzwba1u8su1k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehvkyq51yals1agzwba1u8su1k|03|biz"; nocase; ) # 1sp2mhjxuu9w019hfaqgp2v1go.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sp2mhjxuu9w019hfaqgp2v1go|03|org"; nocase; ) # 41vlkbmx8s3sr8246u2v27a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|41vlkbmx8s3sr8246u2v27a|03|net"; nocase; ) # 15dgv9l1trb58f6xi7hx1o5xrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15dgv9l1trb58f6xi7hx1o5xrf|03|net"; nocase; ) # svmsgfj8n9qs18bixqd1mvvd5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|svmsgfj8n9qs18bixqd1mvvd5m|03|com"; nocase; ) # 1ljfbvnwkeggr1u3h1heh9ki.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ljfbvnwkeggr1u3h1heh9ki|03|biz"; nocase; ) # 13d99y31tn3ah11fg1vep1wye0qu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13d99y31tn3ah11fg1vep1wye0qu|03|net"; nocase; ) # 4efig3l8lbon1dbkr711fz91a4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4efig3l8lbon1dbkr711fz91a4|03|com"; nocase; ) # vdiu9ut9g1nf1ud654pajbd3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vdiu9ut9g1nf1ud654pajbd3d|03|com"; nocase; ) # 14vr53m10nkpih1flycpm1nzd430.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14vr53m10nkpih1flycpm1nzd430|03|net"; nocase; ) # c8ue7tli99rj5p8b8t7oa1cv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c8ue7tli99rj5p8b8t7oa1cv|03|com"; nocase; ) # 1kzx8te1j4tk521bq3pzx14urvpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kzx8te1j4tk521bq3pzx14urvpj|03|biz"; nocase; ) # dae19u18viokpt1i4g15uzjqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dae19u18viokpt1i4g15uzjqj|03|biz"; nocase; ) # 1eayrw1lpcfsz1ky6lpy160sc46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eayrw1lpcfsz1ky6lpy160sc46|03|org"; nocase; ) # 1y4odcydccabu1rbavvx13eu7m6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4odcydccabu1rbavvx13eu7m6|03|net"; nocase; ) # 10hwqc2s5gvg3kqv5wd1wqtym1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10hwqc2s5gvg3kqv5wd1wqtym1|03|com"; nocase; ) # i6oxk111p4y4a9c5qas1tq0zlf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6oxk111p4y4a9c5qas1tq0zlf|03|org"; nocase; ) # 5ez02h1jqp4h6oglvtbigeyph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ez02h1jqp4h6oglvtbigeyph|03|org"; nocase; ) # 179jnq911257jp1hox8ovn8701a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|179jnq911257jp1hox8ovn8701a|03|net"; nocase; ) # 1bq8cnzpfms1p1dzmuit1m8g798.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bq8cnzpfms1p1dzmuit1m8g798|03|biz"; nocase; ) # 1nmfnf2j76d1ucjp08qb7jdkq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nmfnf2j76d1ucjp08qb7jdkq|03|org"; nocase; ) # 1qbk8w3xv5wguwk57gr1x33m1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qbk8w3xv5wguwk57gr1x33m1w|03|com"; nocase; ) # 14nrp8f1d2v12n1jlsc6oxzvz2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14nrp8f1d2v12n1jlsc6oxzvz2o|03|net"; nocase; ) # a5azyt19ik1hm1uczi9qo1zsyq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a5azyt19ik1hm1uczi9qo1zsyq|03|org"; nocase; ) # 9gjen8pk9g7e1xqp7ew1f1oaji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9gjen8pk9g7e1xqp7ew1f1oaji|03|org"; nocase; ) # kaxwnt1kyy60vqqa8yh1vnya6x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kaxwnt1kyy60vqqa8yh1vnya6x|03|com"; nocase; ) # 10eu2xa15akkzk658lcbjibfvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10eu2xa15akkzk658lcbjibfvr|03|com"; nocase; ) # 1uslnln1wu27n71pvjk7je3a4ur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uslnln1wu27n71pvjk7je3a4ur|03|net"; nocase; ) # 17yrzn7x3cuqi15aj4za11ac2ty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17yrzn7x3cuqi15aj4za11ac2ty|03|org"; nocase; ) # 1m9c1a11rghcygvwezne1r3ljiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9c1a11rghcygvwezne1r3ljiu|03|com"; nocase; ) # 13hm52ujm940m1pm4x5z697ik6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13hm52ujm940m1pm4x5z697ik6|03|org"; nocase; ) # 1bpyh51skib7kc5m1351rum6jn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpyh51skib7kc5m1351rum6jn|03|net"; nocase; ) # ezcb5s1ah5kgs1depjyh1e9djsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ezcb5s1ah5kgs1depjyh1e9djsx|03|net"; nocase; ) # 9jhljr1btzziojk116eet0vls.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9jhljr1btzziojk116eet0vls|03|net"; nocase; ) # 1be5yhf3uqx7i1a67q161wuxzhv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1be5yhf3uqx7i1a67q161wuxzhv|03|net"; nocase; ) # 92s2401k02i4u43ljbd1t4uew3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|92s2401k02i4u43ljbd1t4uew3|03|biz"; nocase; ) # 1qltc771odmqsa14btv0r185wclc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qltc771odmqsa14btv0r185wclc|03|net"; nocase; ) # 1w7xth76f33u81n6wlo9ejexv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w7xth76f33u81n6wlo9ejexv1|03|com"; nocase; ) # 1ftm5wdudmw2lexhbg1tpfl0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ftm5wdudmw2lexhbg1tpfl0g|03|biz"; nocase; ) # b5gvlm2rh5mdccl9xg1v87kk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b5gvlm2rh5mdccl9xg1v87kk|03|org"; nocase; ) # bdji9f1fesvygy9quof6t4y5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bdji9f1fesvygy9quof6t4y5y|03|com"; nocase; ) # zhqduy1hmdx5z17iblgq12f798o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zhqduy1hmdx5z17iblgq12f798o|03|com"; nocase; ) # 1gwnd3l1ma83zz93q2i9nu08ba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gwnd3l1ma83zz93q2i9nu08ba|03|org"; nocase; ) # 1476ic41lky87x1lx2nqwpzkcw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1476ic41lky87x1lx2nqwpzkcw9|03|net"; nocase; ) # 1f048o4hcswyz1sl6im0rqxtm9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f048o4hcswyz1sl6im0rqxtm9|03|com"; nocase; ) # 162hgz3ouj4ng58i6k486578w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|162hgz3ouj4ng58i6k486578w|03|net"; nocase; ) # 1i3esrz12hhcfs1rqrqfb1g3g2qt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i3esrz12hhcfs1rqrqfb1g3g2qt|03|net"; nocase; ) # 205h191wizfma109q4d0o6rf5c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|205h191wizfma109q4d0o6rf5c|03|biz"; nocase; ) # 1vq507j1ob0qui1hbxu2f1cvylqf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vq507j1ob0qui1hbxu2f1cvylqf|03|org"; nocase; ) # e9fonk1xqatda4o1acxuocqso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9fonk1xqatda4o1acxuocqso|03|com"; nocase; ) # cjbxme1a8pt921wt7hxc1eg62f3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cjbxme1a8pt921wt7hxc1eg62f3|03|org"; nocase; ) # 11usger1g6fnvr894xcdglvpnz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11usger1g6fnvr894xcdglvpnz|03|biz"; nocase; ) # e38pg912frfe3n3efvz1kj5squ.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e38pg912frfe3n3efvz1kj5squ|03|net"; nocase; ) # 1b5s9fvndxoowhtmhlskubhzv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b5s9fvndxoowhtmhlskubhzv|03|biz"; nocase; ) # f0t4r1m0yvkmh7x5q21f6e4c4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f0t4r1m0yvkmh7x5q21f6e4c4|03|org"; nocase; ) # 1vxgi0zhbbb491jbw0np1wwtnhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vxgi0zhbbb491jbw0np1wwtnhp|03|com"; nocase; ) # 1rgscvj14y5igf1urqyaj11eae5q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rgscvj14y5igf1urqyaj11eae5q|03|org"; nocase; ) # f1wki91gb2ikm14nsn0jgpvlyn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1wki91gb2ikm14nsn0jgpvlyn|03|org"; nocase; ) # 2rulwq1jlggj5zkn2zq1fo1nif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2rulwq1jlggj5zkn2zq1fo1nif|03|net"; nocase; ) # 5d3dx31skfizb1wozpo0k77hgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5d3dx31skfizb1wozpo0k77hgb|03|net"; nocase; ) # 1j0624t1kisp4fpm20fm7eaac9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j0624t1kisp4fpm20fm7eaac9|03|com"; nocase; ) # v8prxit8ngh9hvoxkr1xnukvg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v8prxit8ngh9hvoxkr1xnukvg|03|biz"; nocase; ) # 19ypsniyfxl9qtetk5j2bomqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ypsniyfxl9qtetk5j2bomqb|03|biz"; nocase; ) # oifftn1ba8e8phk3ejs114wt66.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oifftn1ba8e8phk3ejs114wt66|03|org"; nocase; ) # hvr4h1iaelfooyjh0gdv7lbv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hvr4h1iaelfooyjh0gdv7lbv|03|biz"; nocase; ) # ns7kxl1x5j8s1xod9ogwff15i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ns7kxl1x5j8s1xod9ogwff15i|03|net"; nocase; ) # vuhseq1ljidvtmr42r01ppl2kb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vuhseq1ljidvtmr42r01ppl2kb|03|com"; nocase; ) # 1tmrsv57ot10a1v3bloy1rkwtcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tmrsv57ot10a1v3bloy1rkwtcp|03|com"; nocase; ) # rgk9kp1n67gs1swganrmdtee7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rgk9kp1n67gs1swganrmdtee7|03|org"; nocase; ) # 145oz7t82t7bl7lqltenrd121.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|145oz7t82t7bl7lqltenrd121|03|com"; nocase; ) # 16dnnxy1xwnmjpgvkdl41p8ad6b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16dnnxy1xwnmjpgvkdl41p8ad6b|03|net"; nocase; ) # 19qfgxx1dg4q691autx23jmnv0b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19qfgxx1dg4q691autx23jmnv0b|03|org"; nocase; ) # 9b272tc14hni1avpsra1fwcqvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9b272tc14hni1avpsra1fwcqvz|03|com"; nocase; ) # am4yu5k75hpp5fsim1uz46l3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|am4yu5k75hpp5fsim1uz46l3|03|biz"; nocase; ) # d89avx1jm1ghmwbohnm5jj1ja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d89avx1jm1ghmwbohnm5jj1ja|03|net"; nocase; ) # ct6ql01g59lla15f538w1mqkj2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ct6ql01g59lla15f538w1mqkj2|03|org"; nocase; ) # 1ulkqqk1lzz3p8197z67j7zlpoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ulkqqk1lzz3p8197z67j7zlpoe|03|org"; nocase; ) # 13heyyw16eacaf1ipblrr196lhd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13heyyw16eacaf1ipblrr196lhd2|03|biz"; nocase; ) # pa6498lec0kx149wvxi1mn1109.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pa6498lec0kx149wvxi1mn1109|03|com"; nocase; ) # 2h02terql9je1nftcfj98ayby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2h02terql9je1nftcfj98ayby|03|org"; nocase; ) # i3meq4bfkoah1h6olyk1wx29on.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i3meq4bfkoah1h6olyk1wx29on|03|org"; nocase; ) # 1vh89yxvp31qmao5vyljbqvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1vh89yxvp31qmao5vyljbqvc|03|net"; nocase; ) # ynqjy81h2se7240rxq1olw17y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ynqjy81h2se7240rxq1olw17y|03|org"; nocase; ) # w07o851oyiqg8dgp8zt35un4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w07o851oyiqg8dgp8zt35un4s|03|net"; nocase; ) # 15fb5ri20dli81elwhr5iio4ru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15fb5ri20dli81elwhr5iio4ru|03|biz"; nocase; ) # 5szoyu1mai85pkvg3iv1eywlu4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5szoyu1mai85pkvg3iv1eywlu4|03|net"; nocase; ) # 13mbkux1knqby51xe9cld1giusr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13mbkux1knqby51xe9cld1giusr2|03|org"; nocase; ) # 1xhe4b11obkbcb1bsldhk1wxqctr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xhe4b11obkbcb1bsldhk1wxqctr|03|net"; nocase; ) # xirg0n1hc2ge01rqwu0hbidjrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xirg0n1hc2ge01rqwu0hbidjrd|03|com"; nocase; ) # 1fcoobv1yl06cw1ue8nll1y5klj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fcoobv1yl06cw1ue8nll1y5klj7|03|net"; nocase; ) # 11nkvp1wn0xci10dkux11p5wf9q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nkvp1wn0xci10dkux11p5wf9q|03|org"; nocase; ) # 1vksppi1j8ole1nhl9d71i7r9dx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vksppi1j8ole1nhl9d71i7r9dx|03|com"; nocase; ) # 6xfqa91x8m31iwx97sswq1y2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6xfqa91x8m31iwx97sswq1y2i|03|org"; nocase; ) # pc3wweq3hiiw11aq5srdiz8a8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pc3wweq3hiiw11aq5srdiz8a8|03|biz"; nocase; ) # yv55o81m5m6rh1j400dbot6o0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yv55o81m5m6rh1j400dbot6o0a|03|net"; nocase; ) # myzw4i3edapvt4bzgukxzj4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|myzw4i3edapvt4bzgukxzj4q|03|net"; nocase; ) # 93q14r9fb1wak1sbqa7bkcip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|93q14r9fb1wak1sbqa7bkcip|03|com"; nocase; ) # wdii9rw0rpv91f7q3j3147gira.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wdii9rw0rpv91f7q3j3147gira|03|net"; nocase; ) # t2juoldglkmc1exhztd1au1rbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t2juoldglkmc1exhztd1au1rbi|03|org"; nocase; ) # 1nd2urxjk5ajmprmqt1c3n72q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nd2urxjk5ajmprmqt1c3n72q|03|biz"; nocase; ) # 1x5vflz1tdbx6m163y5xt1kxd8ut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x5vflz1tdbx6m163y5xt1kxd8ut|03|net"; nocase; ) # 9msda31f1isfez8hfy21ypfs62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9msda31f1isfez8hfy21ypfs62|03|net"; nocase; ) # 1wfnw5dq3bhah1h6zbzomtzrlh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wfnw5dq3bhah1h6zbzomtzrlh|03|com"; nocase; ) # 7o4fhu1dnqui5dqe1qw1t2mxsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7o4fhu1dnqui5dqe1qw1t2mxsk|03|org"; nocase; ) # 1k04sifvh09htm5smu1w1r7l7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k04sifvh09htm5smu1w1r7l7|03|net"; nocase; ) # 1rcs3c2z79w235hei9qslm25r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rcs3c2z79w235hei9qslm25r|03|com"; nocase; ) # mezos8nc35ka1kj50rn1q4wwcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mezos8nc35ka1kj50rn1q4wwcm|03|net"; nocase; ) # 1x4t4e8cqk4f219yfu8tl3c1gi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x4t4e8cqk4f219yfu8tl3c1gi|03|org"; nocase; ) # qbni5j1hrku4zojrhj15dliid.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qbni5j1hrku4zojrhj15dliid|03|org"; nocase; ) # 1pit89dxfxlum1tu1wqi1ge4b62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pit89dxfxlum1tu1wqi1ge4b62|03|net"; nocase; ) # bfc9es1hv610rdzkprs35d1a0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bfc9es1hv610rdzkprs35d1a0|03|net"; nocase; ) # 13rzcacwi4sf13huvoq4gq4gb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13rzcacwi4sf13huvoq4gq4gb|03|net"; nocase; ) # qf6m0i1qbsjc14251ix1imwhwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qf6m0i1qbsjc14251ix1imwhwx|03|net"; nocase; ) # nti95xzw11xb14rqn5i13el57m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nti95xzw11xb14rqn5i13el57m|03|biz"; nocase; ) # f7u21rmvvpz21llg1vugcjjrp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f7u21rmvvpz21llg1vugcjjrp|03|com"; nocase; ) # qnaoaknbfe0xzz21l51oozmwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qnaoaknbfe0xzz21l51oozmwt|03|com"; nocase; ) # 8quim3l1ps8s19sd7mcxx4zef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8quim3l1ps8s19sd7mcxx4zef|03|com"; nocase; ) # 1f9rokgnhh7ncxpm3dlgfwan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1f9rokgnhh7ncxpm3dlgfwan|03|com"; nocase; ) # 1gbnpt71azdhi31kjbsjvm09b90.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gbnpt71azdhi31kjbsjvm09b90|03|biz"; nocase; ) # 16xij7zdnl0df1eu8pav9dzthc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16xij7zdnl0df1eu8pav9dzthc|03|biz"; nocase; ) # 16qsf86h12cmv1flnpw2hrxm11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16qsf86h12cmv1flnpw2hrxm11|03|com"; nocase; ) # 1gotde8d3b1sh1niequ76yrfs5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gotde8d3b1sh1niequ76yrfs5|03|org"; nocase; ) # jxetb61ckhso4jr6ezidgpiv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxetb61ckhso4jr6ezidgpiv1|03|net"; nocase; ) # 1kf17y2628l58qwbw9x1wfjriq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kf17y2628l58qwbw9x1wfjriq|03|net"; nocase; ) # 1ytymnj1k302j1sq57tz1wqnhkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ytymnj1k302j1sq57tz1wqnhkv|03|org"; nocase; ) # 1jtms8c1v73tb58qvc39w4dkc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jtms8c1v73tb58qvc39w4dkc8|03|net"; nocase; ) # 1yzmu8s1cmzyrs1hbk1621xc6prn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yzmu8s1cmzyrs1hbk1621xc6prn|03|org"; nocase; ) # wlomql1qd1ym1f2vagw17i4b8g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wlomql1qd1ym1f2vagw17i4b8g|03|net"; nocase; ) # wr32o5h8lub1617qhc1jwy9ao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wr32o5h8lub1617qhc1jwy9ao|03|com"; nocase; ) # bj6wjtl86qeh1yp6ui31tb1qwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bj6wjtl86qeh1yp6ui31tb1qwu|03|net"; nocase; ) # vjt0l21ehu22fbnmf441a4v799.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vjt0l21ehu22fbnmf441a4v799|03|com"; nocase; ) # 1jebwmgfl5bfa18ze4w910tn6w2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jebwmgfl5bfa18ze4w910tn6w2|03|com"; nocase; ) # m6q9zdky0rzsa67l9y169g2o5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6q9zdky0rzsa67l9y169g2o5|03|net"; nocase; ) # 1wouvfn4mzmia1m0k40r1a6u4oq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wouvfn4mzmia1m0k40r1a6u4oq|03|biz"; nocase; ) # 1n49ba0ke2rwm925t9e5rufm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n49ba0ke2rwm925t9e5rufm8|03|net"; nocase; ) # 1a8kbqt1cm6qj9hxe48kxkc20d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a8kbqt1cm6qj9hxe48kxkc20d|03|com"; nocase; ) # 1mwjnv6106g0eo1w6otob11xy3zg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mwjnv6106g0eo1w6otob11xy3zg|03|com"; nocase; ) # zgh129kf5e1f7wbn19y918e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|zgh129kf5e1f7wbn19y918e|03|org"; nocase; ) # 59h1uk1p04vygq21g0hhk6j6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|59h1uk1p04vygq21g0hhk6j6|03|com"; nocase; ) # 1u196k2mkugsi1tg3lox1de81t2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u196k2mkugsi1tg3lox1de81t2|03|biz"; nocase; ) # 1jtikbl1kk37pl1wx7loir2m6wm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtikbl1kk37pl1wx7loir2m6wm|03|org"; nocase; ) # bcebjwh6rjfn12g38fq1lq2q2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcebjwh6rjfn12g38fq1lq2q2v|03|biz"; nocase; ) # fbji7n122awhs87qsk1xj26ba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fbji7n122awhs87qsk1xj26ba|03|net"; nocase; ) # 1r25vugqkj3zy1vmhzu5c2axgd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r25vugqkj3zy1vmhzu5c2axgd|03|net"; nocase; ) # 85jvy41axhhzh1ct9lza1e46fxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|85jvy41axhhzh1ct9lza1e46fxg|03|com"; nocase; ) # 1nst4w0xbp3nu1igxf911dwem06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nst4w0xbp3nu1igxf911dwem06|03|net"; nocase; ) # 1qhjkn4qohsvq1a42oq12xf37l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhjkn4qohsvq1a42oq12xf37l|03|com"; nocase; ) # 1cyjxgajrmohe19hj6zrfcyns5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cyjxgajrmohe19hj6zrfcyns5|03|net"; nocase; ) # 11i8rbqf30oeg1o1wgl4y6xg4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11i8rbqf30oeg1o1wgl4y6xg4d|03|com"; nocase; ) # ao9blztno8hnuzrx60ypiaem.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ao9blztno8hnuzrx60ypiaem|03|biz"; nocase; ) # 13dg0x81khwf0x18244591erenvk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13dg0x81khwf0x18244591erenvk|03|org"; nocase; ) # cr40uk7bawrh130z35l19ui2ri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cr40uk7bawrh130z35l19ui2ri|03|net"; nocase; ) # 1u1ad7d1t0b4vbl5mpdz1mehzkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u1ad7d1t0b4vbl5mpdz1mehzkz|03|org"; nocase; ) # phramm1ktsfv41t5m8zw1fs0nda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|phramm1ktsfv41t5m8zw1fs0nda|03|com"; nocase; ) # n5l6ae1tkhuqlg8q4fa2qks9j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5l6ae1tkhuqlg8q4fa2qks9j|03|biz"; nocase; ) # 10eoffi14x7ifwv60j411rok3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10eoffi14x7ifwv60j411rok3v|03|org"; nocase; ) # 1vn4z8n1dpov1f18p7i241gimmc5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vn4z8n1dpov1f18p7i241gimmc5|03|com"; nocase; ) # 1e8kqjhowp8vr1alfexg1rbxt1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e8kqjhowp8vr1alfexg1rbxt1d|03|net"; nocase; ) # 1uvgu181n5wkl4xo8q1m86c159.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvgu181n5wkl4xo8q1m86c159|03|org"; nocase; ) # q4bv0k2ioze2evflhqp3ssxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q4bv0k2ioze2evflhqp3ssxv|03|net"; nocase; ) # 1k32dkemti5m61o53in34e2amo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k32dkemti5m61o53in34e2amo|03|net"; nocase; ) # 1nwlxvp1o1tqkiwhf3oopqre6k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nwlxvp1o1tqkiwhf3oopqre6k|03|biz"; nocase; ) # 1jqoo01ldt7yj3sddqr5og7nc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jqoo01ldt7yj3sddqr5og7nc|03|net"; nocase; ) # ogn0z81p1ojugrogh40132f6et.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ogn0z81p1ojugrogh40132f6et|03|net"; nocase; ) # 7vh5rp1xyh4lj1tkwyqa15emo9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7vh5rp1xyh4lj1tkwyqa15emo9e|03|com"; nocase; ) # 1v9np4g1ihxh371u5i9ru1ke8xuv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v9np4g1ihxh371u5i9ru1ke8xuv|03|biz"; nocase; ) # ki853psf77t92r99no1nurhgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ki853psf77t92r99no1nurhgu|03|net"; nocase; ) # 1py3oxu13zag72ggofm51q9f4oi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1py3oxu13zag72ggofm51q9f4oi|03|org"; nocase; ) # 1iyj6zp1enbt0uchnexk14mvq8c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iyj6zp1enbt0uchnexk14mvq8c|03|net"; nocase; ) # 1gsqzb3q2gfnygvg9tezcgz7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gsqzb3q2gfnygvg9tezcgz7y|03|org"; nocase; ) # su3tkf1bjkczi1hgjbvxiyhl75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|su3tkf1bjkczi1hgjbvxiyhl75|03|com"; nocase; ) # k83t9zexy9lxu1vmv1vt6a5y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k83t9zexy9lxu1vmv1vt6a5y|03|org"; nocase; ) # 13y6f1kh15q2u13rz1lzdbv4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13y6f1kh15q2u13rz1lzdbv4f|03|net"; nocase; ) # t8v8ss9xvie21f3rlvt1lckw6k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8v8ss9xvie21f3rlvt1lckw6k|03|com"; nocase; ) # slar531em7cvixszyfj1s64ne9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|slar531em7cvixszyfj1s64ne9|03|com"; nocase; ) # 1vot8qu1xzbgq3oikcf41euspd0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vot8qu1xzbgq3oikcf41euspd0|03|biz"; nocase; ) # 6p0c26idif8o1n3c9cv1juvp97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6p0c26idif8o1n3c9cv1juvp97|03|net"; nocase; ) # 1cafey36c5gxwf8iun3yzir52.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cafey36c5gxwf8iun3yzir52|03|org"; nocase; ) # w9bng4k5r84do28dfaxmnady.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w9bng4k5r84do28dfaxmnady|03|net"; nocase; ) # fsvtk9dxqc4i1dipz4chpfr91.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fsvtk9dxqc4i1dipz4chpfr91|03|org"; nocase; ) # 14kkt6fmhma0t7ghtns1folfh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14kkt6fmhma0t7ghtns1folfh9|03|net"; nocase; ) # o65eyi5jdvp7onxofu1u6fxoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o65eyi5jdvp7onxofu1u6fxoq|03|biz"; nocase; ) # xy7w8h1u3age0wtl5c51fqy02o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xy7w8h1u3age0wtl5c51fqy02o|03|net"; nocase; ) # xj40ms1xxntjm32t1d4wlhe7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xj40ms1xxntjm32t1d4wlhe7i|03|com"; nocase; ) # t2g6e2javp9j13iv75o1m3ptt7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t2g6e2javp9j13iv75o1m3ptt7|03|org"; nocase; ) # lx5rffnd444716bss2d11054bq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lx5rffnd444716bss2d11054bq|03|org"; nocase; ) # 66cdyqxonch516lha4mnx8fdh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66cdyqxonch516lha4mnx8fdh|03|net"; nocase; ) # l4qd0612pk4fokh1w2lcra73p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4qd0612pk4fokh1w2lcra73p|03|com"; nocase; ) # 1h2eunp1x2b9a21k20jym1x5plpn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h2eunp1x2b9a21k20jym1x5plpn|03|com"; nocase; ) # 19umdme1bjsv9n16nlol5gzvml3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19umdme1bjsv9n16nlol5gzvml3|03|net"; nocase; ) # o8x7qn65p38k168swls19fn50u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o8x7qn65p38k168swls19fn50u|03|com"; nocase; ) # perwcwjo9kjjyy2kbvru4h70.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|perwcwjo9kjjyy2kbvru4h70|03|com"; nocase; ) # 6z0arr1o89odsoe6yiv1moklk3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6z0arr1o89odsoe6yiv1moklk3|03|biz"; nocase; ) # cdrynq1jlwnm1k86dfh1k4pz71.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cdrynq1jlwnm1k86dfh1k4pz71|03|biz"; nocase; ) # s5ea3k1ulv2wz1wriq3kepffa8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s5ea3k1ulv2wz1wriq3kepffa8|03|biz"; nocase; ) # 160oliu1jm3l6m1a9nvbk1mdtqqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|160oliu1jm3l6m1a9nvbk1mdtqqg|03|org"; nocase; ) # kgtig914843jqtvcjbc116h09v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kgtig914843jqtvcjbc116h09v|03|net"; nocase; ) # 1buvn3gf63nj0afuff0uaoeah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1buvn3gf63nj0afuff0uaoeah|03|com"; nocase; ) # 2zc2ekaqpsij14soxjl1izxx14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zc2ekaqpsij14soxjl1izxx14|03|org"; nocase; ) # 4hty2jga9vkhbnuzn51gnhb2c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4hty2jga9vkhbnuzn51gnhb2c|03|org"; nocase; ) # 86ptx71lz8m84qt0ihgdndn7k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86ptx71lz8m84qt0ihgdndn7k|03|com"; nocase; ) # i8wstr31nuew8u1vyk91l65b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i8wstr31nuew8u1vyk91l65b|03|net"; nocase; ) # 11ag5zn1nxa78n1a58evpfuxsmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ag5zn1nxa78n1a58evpfuxsmk|03|com"; nocase; ) # 1cpldwa10bxc491fj73wd1dtlrjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cpldwa10bxc491fj73wd1dtlrjn|03|com"; nocase; ) # 1iyq24fgh3gf8tch9bp1a8hyx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iyq24fgh3gf8tch9bp1a8hyx4|03|net"; nocase; ) # 1y0j1fx13z2azik1fhfl1xa4asv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y0j1fx13z2azik1fhfl1xa4asv|03|org"; nocase; ) # hr8tzg1i210f4bwsady1ogyhtd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hr8tzg1i210f4bwsady1ogyhtd|03|net"; nocase; ) # mkavyy5pv2ov1tzu8xi182vrb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mkavyy5pv2ov1tzu8xi182vrb4|03|net"; nocase; ) # 1pnhlam1x5myut5jn7241gopd6e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnhlam1x5myut5jn7241gopd6e|03|com"; nocase; ) # 1l7pvvgkrh23m8ky7cb1dad9mf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7pvvgkrh23m8ky7cb1dad9mf|03|org"; nocase; ) # 1my48xno47rq1kow9i91jkfj52.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1my48xno47rq1kow9i91jkfj52|03|org"; nocase; ) # 1vpitm4gmsbf8orlibn1hpnc9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vpitm4gmsbf8orlibn1hpnc9m|03|com"; nocase; ) # cejzcyaxb4b6jvphiwy3y1yq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cejzcyaxb4b6jvphiwy3y1yq|03|net"; nocase; ) # 16aah2fswiv311j9kbzl1qfayvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16aah2fswiv311j9kbzl1qfayvc|03|net"; nocase; ) # wullek1lneap91qvqsijhagfl2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wullek1lneap91qvqsijhagfl2|03|net"; nocase; ) # 4dxrqjxe9gnbwv9fsv1rq4jbn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4dxrqjxe9gnbwv9fsv1rq4jbn|03|biz"; nocase; ) # rfik1717yhalmc4cmh21jsls4c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rfik1717yhalmc4cmh21jsls4c|03|org"; nocase; ) # 1rfuwts1q4lcwm1ix8658gta83z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rfuwts1q4lcwm1ix8658gta83z|03|com"; nocase; ) # 1iz210s173fl906u8e9ricc0sy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iz210s173fl906u8e9ricc0sy|03|org"; nocase; ) # 1k8mwtr1n7mqd6qqq1w8tkhvt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k8mwtr1n7mqd6qqq1w8tkhvt|03|com"; nocase; ) # 1986q9esvlfoydx1vqq59yyju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1986q9esvlfoydx1vqq59yyju|03|biz"; nocase; ) # 1wagl78bcyvw0hp121z1rrwjn8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wagl78bcyvw0hp121z1rrwjn8|03|org"; nocase; ) # 68g4a9erki9lo3aoatrui185.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|68g4a9erki9lo3aoatrui185|03|com"; nocase; ) # 1xx3idg4u24ie829o5snohjm3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xx3idg4u24ie829o5snohjm3|03|net"; nocase; ) # 1nbny4seridg7tzchru1lmshuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nbny4seridg7tzchru1lmshuh|03|com"; nocase; ) # 2vfy0e1rx0dqm9pew5x1pp9bew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2vfy0e1rx0dqm9pew5x1pp9bew|03|net"; nocase; ) # 157wt03198p4zajthk021lrck6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|157wt03198p4zajthk021lrck6v|03|com"; nocase; ) # 12osn801pk5piw1d45c8kedmckd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12osn801pk5piw1d45c8kedmckd|03|net"; nocase; ) # j6jzx366q6dgiyrc7m1rhfldx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6jzx366q6dgiyrc7m1rhfldx|03|net"; nocase; ) # cxxjw11y5yirr1u3fljlm5kgby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cxxjw11y5yirr1u3fljlm5kgby|03|com"; nocase; ) # o86ajdag4j4g14c8vkm8cr2k9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o86ajdag4j4g14c8vkm8cr2k9|03|biz"; nocase; ) # 193hg0v1w27u9b13u7uifp0vpwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|193hg0v1w27u9b13u7uifp0vpwg|03|org"; nocase; ) # 1a42syvm2oi541fx0anncsiit3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a42syvm2oi541fx0anncsiit3|03|com"; nocase; ) # kc3jkksl37m1ymxn0tg7uoyo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kc3jkksl37m1ymxn0tg7uoyo|03|biz"; nocase; ) # lhnlijijkyb116z9xiz1wcsdqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhnlijijkyb116z9xiz1wcsdqy|03|org"; nocase; ) # c6ucjlm6njcx1n7xaknrqw2wo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c6ucjlm6njcx1n7xaknrqw2wo|03|biz"; nocase; ) # rqvagbu2wrkv13nh9gt14sp6ok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rqvagbu2wrkv13nh9gt14sp6ok|03|net"; nocase; ) # cluedt1sfk0d0ymfa3c92y6yl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cluedt1sfk0d0ymfa3c92y6yl|03|net"; nocase; ) # 1q2523m1uosy9eecxi95zchfo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q2523m1uosy9eecxi95zchfo|03|biz"; nocase; ) # abeh8au99oni1amj89wtu5t2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abeh8au99oni1amj89wtu5t2f|03|com"; nocase; ) # souzqrbqwea81quwvfvknwgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|souzqrbqwea81quwvfvknwgr|03|org"; nocase; ) # 1hr3wom7atsv1stua9zo41gvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hr3wom7atsv1stua9zo41gvn|03|com"; nocase; ) # 146fmgm5r9uy5y4ixn110vt4qc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146fmgm5r9uy5y4ixn110vt4qc|03|org"; nocase; ) # sm3e7q1htm60n10q2bvo1nxr92p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sm3e7q1htm60n10q2bvo1nxr92p|03|net"; nocase; ) # 11yslhlnycrp910qkabpjsa0tk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11yslhlnycrp910qkabpjsa0tk|03|biz"; nocase; ) # 1qppsny35vsjwhva0ltw50cpx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qppsny35vsjwhva0ltw50cpx|03|net"; nocase; ) # 6tnghazfg9wzvcazew1bg588t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6tnghazfg9wzvcazew1bg588t|03|net"; nocase; ) # 17qr2vwbvyy1nwgzffalky5zf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17qr2vwbvyy1nwgzffalky5zf|03|com"; nocase; ) # ixu33r1bv0rw115sgz4ju1gqsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ixu33r1bv0rw115sgz4ju1gqsc|03|net"; nocase; ) # q54p4r1hscltd1cfj0hz1su2uch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q54p4r1hscltd1cfj0hz1su2uch|03|com"; nocase; ) # nhm00u7n1cke16a3rm41keeo4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nhm00u7n1cke16a3rm41keeo4j|03|biz"; nocase; ) # 1djis0mzlahv1nukyw98lbz1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1djis0mzlahv1nukyw98lbz1y|03|com"; nocase; ) # 10zfvh11k5f1rjt1l29q1kgcn7w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zfvh11k5f1rjt1l29q1kgcn7w|03|biz"; nocase; ) # 1t6c9kd11wrv70kgo6uf1bf5a3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t6c9kd11wrv70kgo6uf1bf5a3g|03|org"; nocase; ) # 466uaqyqrwdi15hkskz1y3it6j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|466uaqyqrwdi15hkskz1y3it6j|03|net"; nocase; ) # 16pgfvjdwyycq1h30uvv1xeyyfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16pgfvjdwyycq1h30uvv1xeyyfu|03|com"; nocase; ) # ddo9ornwda6y167ojx21164rk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ddo9ornwda6y167ojx21164rk2|03|net"; nocase; ) # 12fya5ahr5l36a62trs13xlon9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12fya5ahr5l36a62trs13xlon9|03|biz"; nocase; ) # s98c1q5phmn19u87j8150elpd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s98c1q5phmn19u87j8150elpd|03|org"; nocase; ) # k7lxnk1rv7ymr1606tvqxsp7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k7lxnk1rv7ymr1606tvqxsp7d|03|net"; nocase; ) # 1r0q9ak15r0jw51htp2ox1a5g4qa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r0q9ak15r0jw51htp2ox1a5g4qa|03|biz"; nocase; ) # 82q9jaybktxrle9ldnqd3l1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|82q9jaybktxrle9ldnqd3l1e|03|com"; nocase; ) # 1d0b35q13la8gr187odxz1u8g34v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d0b35q13la8gr187odxz1u8g34v|03|biz"; nocase; ) # 1c1fzy7160rmv91n9lzdbysofhp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c1fzy7160rmv91n9lzdbysofhp|03|net"; nocase; ) # 1q6db3ncyaownqtfebp1boibnw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q6db3ncyaownqtfebp1boibnw|03|net"; nocase; ) # 10prax0aeyap5niwi4125xwwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10prax0aeyap5niwi4125xwwo|03|biz"; nocase; ) # jjbo4yamrql2l9vqot1eff731.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jjbo4yamrql2l9vqot1eff731|03|com"; nocase; ) # ihhfuh4jhldb8jp9adywzjan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ihhfuh4jhldb8jp9adywzjan|03|com"; nocase; ) # 9z9wwryyz0og1nni2731iw1fzy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9z9wwryyz0og1nni2731iw1fzy|03|biz"; nocase; ) # 1qfbp0u9ga7341k25yb2bcdg7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfbp0u9ga7341k25yb2bcdg7i|03|org"; nocase; ) # 16ehk1vtxm79ejwv6b1cho12m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ehk1vtxm79ejwv6b1cho12m|03|net"; nocase; ) # z5anqs587b0awhv7g8us27u4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z5anqs587b0awhv7g8us27u4|03|net"; nocase; ) # s39eq91x0l71u1x6ju4q1kpp6wy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s39eq91x0l71u1x6ju4q1kpp6wy|03|net"; nocase; ) # 1s3vbt11id2umlmw2gc9mv2zp9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s3vbt11id2umlmw2gc9mv2zp9|03|biz"; nocase; ) # 9p8l9nnbvnt2gsmqk11bpz5sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9p8l9nnbvnt2gsmqk11bpz5sq|03|net"; nocase; ) # 1756bjyo0qe9y1qbq2s08gskaq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1756bjyo0qe9y1qbq2s08gskaq|03|org"; nocase; ) # 1m7pr5ng82yt11xqtltgqgnsft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7pr5ng82yt11xqtltgqgnsft|03|org"; nocase; ) # ttc9099ya36ygd9l3cipwxl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ttc9099ya36ygd9l3cipwxl|03|net"; nocase; ) # qg5p491jdx2nxfgq1hb19zh5vh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qg5p491jdx2nxfgq1hb19zh5vh|03|org"; nocase; ) # 1eea1frrdj53f1u612ar1xriuim.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eea1frrdj53f1u612ar1xriuim|03|biz"; nocase; ) # 1xej0vv1aaaeq91t59i541lcxto6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xej0vv1aaaeq91t59i541lcxto6|03|com"; nocase; ) # xowx0zsik3tc18vvmu4yj6jbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xowx0zsik3tc18vvmu4yj6jbe|03|org"; nocase; ) # alo87p1abu5lonfx570m00r5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|alo87p1abu5lonfx570m00r5m|03|net"; nocase; ) # 1llfz2t160wbrd70rjta5oba16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1llfz2t160wbrd70rjta5oba16|03|net"; nocase; ) # 1un1xjdtylqm26s1t6f1g17mbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1un1xjdtylqm26s1t6f1g17mbq|03|net"; nocase; ) # 1a9wl53eeasnhikzcma1cnhc4v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a9wl53eeasnhikzcma1cnhc4v|03|biz"; nocase; ) # 1bh9d32vi5wqb1lh5wml1dpcbuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bh9d32vi5wqb1lh5wml1dpcbuj|03|net"; nocase; ) # 94fld118fy7i41ogw04uizpuep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|94fld118fy7i41ogw04uizpuep|03|com"; nocase; ) # 1hdmp6p1geokkc3uzdgwmv29ur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hdmp6p1geokkc3uzdgwmv29ur|03|org"; nocase; ) # kxosjj35om3917vhsgr139qkp0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kxosjj35om3917vhsgr139qkp0|03|net"; nocase; ) # 14mzzzkwg8yfvd4psd81vdqfnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14mzzzkwg8yfvd4psd81vdqfnt|03|biz"; nocase; ) # 10ubdqe1vptbfvj4w7fi1ebh1od.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ubdqe1vptbfvj4w7fi1ebh1od|03|com"; nocase; ) # 104bimdpqqq9z2medrq1lrbxgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|104bimdpqqq9z2medrq1lrbxgw|03|net"; nocase; ) # 15nql736vv1c3iaf27w1yu6ex9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15nql736vv1c3iaf27w1yu6ex9|03|net"; nocase; ) # 1hyrqf51j5pzieopu714irvji4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hyrqf51j5pzieopu714irvji4|03|biz"; nocase; ) # 1tl44ah1hwso79bk386r1fmt28l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tl44ah1hwso79bk386r1fmt28l|03|org"; nocase; ) # 18iy868gugc4b1xo0pa01escvzp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18iy868gugc4b1xo0pa01escvzp|03|org"; nocase; ) # 1tzrww21vpbox11wmb71zepx24r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tzrww21vpbox11wmb71zepx24r|03|org"; nocase; ) # 7a6l6sxbcr5d1xhcrxgd33cjz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7a6l6sxbcr5d1xhcrxgd33cjz|03|biz"; nocase; ) # 1winpal1b5fkr013fbezy1mib6uc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1winpal1b5fkr013fbezy1mib6uc|03|org"; nocase; ) # 1o1r9711cqh0pd1r0e7u8124eb7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o1r9711cqh0pd1r0e7u8124eb7k|03|net"; nocase; ) # 1sn9qneym2rpg5w3tf91wakbpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sn9qneym2rpg5w3tf91wakbpk|03|biz"; nocase; ) # fiffq62aqxk4akdnwi10029h2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fiffq62aqxk4akdnwi10029h2|03|com"; nocase; ) # eooyc68tiyhi1hrv3rrhcauaz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eooyc68tiyhi1hrv3rrhcauaz|03|net"; nocase; ) # 108tkmj8o5nlw1wxwrkg1b641va.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108tkmj8o5nlw1wxwrkg1b641va|03|biz"; nocase; ) # gskvtdepe9sl4i0kd41cj9ev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gskvtdepe9sl4i0kd41cj9ev|03|com"; nocase; ) # 1eydt5s1wo9f9n14nx7fwkcbhsi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eydt5s1wo9f9n14nx7fwkcbhsi|03|biz"; nocase; ) # 5ruzf6t1p5mjz8mjxw11auwds.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ruzf6t1p5mjz8mjxw11auwds|03|org"; nocase; ) # 1i1um8ogbqjep1sam9smuz9oqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i1um8ogbqjep1sam9smuz9oqq|03|net"; nocase; ) # 1sflnmlqs7qga1s2b6i2oyu21w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sflnmlqs7qga1s2b6i2oyu21w|03|org"; nocase; ) # 7f7or8pfknanewaijhu49eci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7f7or8pfknanewaijhu49eci|03|com"; nocase; ) # 15l7jm51w6mr7713e2431kcud8b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15l7jm51w6mr7713e2431kcud8b|03|biz"; nocase; ) # 1utvvf7rt1uw7szu1dz16dp9pp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1utvvf7rt1uw7szu1dz16dp9pp|03|org"; nocase; ) # 1cf8pukj1ldpifs7q1j188o1y1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cf8pukj1ldpifs7q1j188o1y1|03|com"; nocase; ) # i6metp1vv4ncr1cqfofm1uspu4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i6metp1vv4ncr1cqfofm1uspu4u|03|net"; nocase; ) # 1yxst251pa1wczepqoo81tian3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yxst251pa1wczepqoo81tian3|03|net"; nocase; ) # 1gqcevg1i8kogh1ovuc3j11cywvp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gqcevg1i8kogh1ovuc3j11cywvp|03|com"; nocase; ) # 2067vyr60cgsddi65g1ggjz10.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2067vyr60cgsddi65g1ggjz10|03|com"; nocase; ) # bh0eyr1m8pjg118xjd2kc4m4qp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bh0eyr1m8pjg118xjd2kc4m4qp|03|org"; nocase; ) # j2ittqu4pr2k10tultvsiud5k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j2ittqu4pr2k10tultvsiud5k|03|net"; nocase; ) # 1aubpssxpn84iyhkr6t1opnaho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aubpssxpn84iyhkr6t1opnaho|03|com"; nocase; ) # 1jmjqy31n3y7921lw0q0xr4igwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmjqy31n3y7921lw0q0xr4igwg|03|net"; nocase; ) # w0dtjxwp6lnl2i57kqyi38ph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w0dtjxwp6lnl2i57kqyi38ph|03|org"; nocase; ) # 108hgcs1eetyf41maukfxtfsxq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108hgcs1eetyf41maukfxtfsxq5|03|com"; nocase; ) # 1qzntnhukyc9jn6zuic88sw4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qzntnhukyc9jn6zuic88sw4z|03|com"; nocase; ) # 1xoib2wg3a7gj5ftgnw15xctfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xoib2wg3a7gj5ftgnw15xctfq|03|net"; nocase; ) # 993e1egq5rp71nlb7oln5fz3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|993e1egq5rp71nlb7oln5fz3t|03|org"; nocase; ) # 1iwltpre4yw8w9b674r12ssrcd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iwltpre4yw8w9b674r12ssrcd|03|biz"; nocase; ) # y3hyy3pmr4uu1mu1g1ley5b8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y3hyy3pmr4uu1mu1g1ley5b8g|03|com"; nocase; ) # uvrlte15ltg7x1yawfy91plk6js.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uvrlte15ltg7x1yawfy91plk6js|03|org"; nocase; ) # tcj7d1yvt4nf11ud6e31jxlyzz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tcj7d1yvt4nf11ud6e31jxlyzz|03|com"; nocase; ) # 10y3zbsqz5lmv1widsklhhyfy4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10y3zbsqz5lmv1widsklhhyfy4|03|com"; nocase; ) # t6xjkrjhc6wk1rb5dzr78mgf8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6xjkrjhc6wk1rb5dzr78mgf8|03|biz"; nocase; ) # 48hbu01k3h6q0dua7831uyj2pd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|48hbu01k3h6q0dua7831uyj2pd|03|org"; nocase; ) # 18ay0fc16i5r8jf2wai61l9abr3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ay0fc16i5r8jf2wai61l9abr3|03|net"; nocase; ) # b02tuw1uto1101t2dx7cwqjuzp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b02tuw1uto1101t2dx7cwqjuzp|03|com"; nocase; ) # 7t8scygqx7y71rfm33omst5lb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7t8scygqx7y71rfm33omst5lb|03|com"; nocase; ) # 2o5pbo1kflqlh1s7z5bmnda78f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2o5pbo1kflqlh1s7z5bmnda78f|03|biz"; nocase; ) # 6m0zv8k0231dn74ajt1ef9faq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6m0zv8k0231dn74ajt1ef9faq|03|net"; nocase; ) # 8u8en91oaenb1woa7a41docr7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8u8en91oaenb1woa7a41docr7o|03|com"; nocase; ) # 19sijyxev9did6rze8515d67f4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19sijyxev9did6rze8515d67f4|03|org"; nocase; ) # 1mjpq731h2rf367jmmybdwpm8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mjpq731h2rf367jmmybdwpm8d|03|com"; nocase; ) # k5kknj1iryaze1cgo17o1t8hjwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k5kknj1iryaze1cgo17o1t8hjwt|03|com"; nocase; ) # 1aqv4u81o4nfwo1r3ws4dbl48gd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aqv4u81o4nfwo1r3ws4dbl48gd|03|org"; nocase; ) # y80uc01fehzy21fqqdoh1ro4z5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y80uc01fehzy21fqqdoh1ro4z5u|03|net"; nocase; ) # 1w58ypsslrp0o58bq3a1jv31dr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w58ypsslrp0o58bq3a1jv31dr|03|biz"; nocase; ) # 158li621cdrwzf9fuu4u87bt7s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|158li621cdrwzf9fuu4u87bt7s|03|net"; nocase; ) # 7r90dtnvi0fs11hnbc1mn71ny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7r90dtnvi0fs11hnbc1mn71ny|03|biz"; nocase; ) # ugug0h1fth8yc1ks5s54587yc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ugug0h1fth8yc1ks5s54587yc6|03|org"; nocase; ) # glk328p0d850w6bj0j1rzd143.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glk328p0d850w6bj0j1rzd143|03|com"; nocase; ) # 1cdbhov1iszdy3k084rs1fz1zyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cdbhov1iszdy3k084rs1fz1zyp|03|com"; nocase; ) # dlb9fy3jdxt6socya5a0b6t3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dlb9fy3jdxt6socya5a0b6t3|03|net"; nocase; ) # j378ya1m63hy617345nswnoasz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j378ya1m63hy617345nswnoasz|03|net"; nocase; ) # 1p0y7g482wsgz176n4zpn47971.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p0y7g482wsgz176n4zpn47971|03|org"; nocase; ) # vpzq3b1bkl6vyn11agnano0al.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vpzq3b1bkl6vyn11agnano0al|03|biz"; nocase; ) # 61lk2vcz5mrq1sj1uox1hhqbk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|61lk2vcz5mrq1sj1uox1hhqbk6|03|com"; nocase; ) # ltauwh1gbl12q286limvkcu9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ltauwh1gbl12q286limvkcu9j|03|net"; nocase; ) # 19nnb7f1dwply0154v7sx1x2qmuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19nnb7f1dwply0154v7sx1x2qmuz|03|com"; nocase; ) # 9q4ex01uxcizf15nxuhkujakrf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9q4ex01uxcizf15nxuhkujakrf|03|org"; nocase; ) # uisi3014tu3dynig4an1b9bopg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uisi3014tu3dynig4an1b9bopg|03|net"; nocase; ) # 14jjwhk1x5g8d65uod7814yskd6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14jjwhk1x5g8d65uod7814yskd6|03|biz"; nocase; ) # oy12n88mbcgo1nhvsvj1f16ela.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oy12n88mbcgo1nhvsvj1f16ela|03|net"; nocase; ) # 1mbm08d14y9xcmnrdq9w1aj2vg2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mbm08d14y9xcmnrdq9w1aj2vg2|03|biz"; nocase; ) # 1goss4mirggv4r8nh3910maelq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1goss4mirggv4r8nh3910maelq|03|org"; nocase; ) # poynaz1gi6j4i1dqqo601l9cg34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|poynaz1gi6j4i1dqqo601l9cg34|03|net"; nocase; ) # 1klpy6dpmd9mseadvvb1xi2zwu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1klpy6dpmd9mseadvvb1xi2zwu|03|com"; nocase; ) # 1lez9ywu35gn31ptrtndtf0mmp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lez9ywu35gn31ptrtndtf0mmp|03|biz"; nocase; ) # 14cs0i2fmx3wluzx3nxnqbx5k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14cs0i2fmx3wluzx3nxnqbx5k|03|net"; nocase; ) # 1fza2gh1tsw7b6atgvhp1dfna8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fza2gh1tsw7b6atgvhp1dfna8m|03|net"; nocase; ) # 1m8gpod42lt5v1p3eqjjrdg8uo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m8gpod42lt5v1p3eqjjrdg8uo|03|net"; nocase; ) # j462w14k4s7w1of2pyv1duealy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j462w14k4s7w1of2pyv1duealy|03|net"; nocase; ) # 4q40omlxol7oiasrxh1gt48gg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4q40omlxol7oiasrxh1gt48gg|03|net"; nocase; ) # p6plm613drx6v1qc858l1s8n3xj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p6plm613drx6v1qc858l1s8n3xj|03|biz"; nocase; ) # 1xzgro1xx2s351adlmu51lj9wu6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xzgro1xx2s351adlmu51lj9wu6|03|org"; nocase; ) # 1nruilsyt8qhgc6o9w4lym7e3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nruilsyt8qhgc6o9w4lym7e3|03|com"; nocase; ) # 17timsffljlau1os1r2g1v0t982.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17timsffljlau1os1r2g1v0t982|03|net"; nocase; ) # lfmlggqfvel51t5qxao1wwc6tq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lfmlggqfvel51t5qxao1wwc6tq|03|biz"; nocase; ) # 65x5811hfsg81clgo4jdbt0am.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|65x5811hfsg81clgo4jdbt0am|03|net"; nocase; ) # hh3tg81djapf1dix5rc19k51zx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hh3tg81djapf1dix5rc19k51zx|03|org"; nocase; ) # pikmu23qqt6eh72l0p1o9a39r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pikmu23qqt6eh72l0p1o9a39r|03|biz"; nocase; ) # 10wy236yarefg9tvkzevz4d6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10wy236yarefg9tvkzevz4d6r|03|org"; nocase; ) # tqcw818fp7bvntwjwo1u54u2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tqcw818fp7bvntwjwo1u54u2|03|net"; nocase; ) # 1hrvbhn1a69zcq242a3v85u8m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hrvbhn1a69zcq242a3v85u8m|03|biz"; nocase; ) # 1ie5vq319vwf3v1ic61ru18hbkj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ie5vq319vwf3v1ic61ru18hbkj7|03|net"; nocase; ) # 5p8xfc1vyekin1p7h9y5l6tboi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5p8xfc1vyekin1p7h9y5l6tboi|03|net"; nocase; ) # 1sw0zt31g3saom7ix2rh1gucfk0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sw0zt31g3saom7ix2rh1gucfk0|03|com"; nocase; ) # 1c7oib2h9jqmprvzxser2cseb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c7oib2h9jqmprvzxser2cseb|03|biz"; nocase; ) # i1c0d1be3ppxvim8f5uwvg4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i1c0d1be3ppxvim8f5uwvg4v|03|net"; nocase; ) # 1g5ajf3131dszp1db2e7m9xj0qy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g5ajf3131dszp1db2e7m9xj0qy|03|org"; nocase; ) # 102ix3d1vrl8je1r7a1qc5av37y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|102ix3d1vrl8je1r7a1qc5av37y|03|net"; nocase; ) # 1b2ymejrz3pd911au5v41aayfds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b2ymejrz3pd911au5v41aayfds|03|net"; nocase; ) # qfpct31oabpmbpnzfzvynl9z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qfpct31oabpmbpnzfzvynl9z|03|biz"; nocase; ) # 1qp7w8a1ur7vz9sogsb3t5waum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qp7w8a1ur7vz9sogsb3t5waum|03|net"; nocase; ) # kwofop1wq7yjq136gqot1n4p72x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kwofop1wq7yjq136gqot1n4p72x|03|com"; nocase; ) # 1vcxjz5atblyk1bi2m201t9hcto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vcxjz5atblyk1bi2m201t9hcto|03|org"; nocase; ) # 1fs9sujebh685tf6z6f1kxo4av.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fs9sujebh685tf6z6f1kxo4av|03|org"; nocase; ) # 1qhzac14fj6u1ea8bn8mchwbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qhzac14fj6u1ea8bn8mchwbl|03|net"; nocase; ) # 1m56d9x1omav1o4dxh301bshyru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m56d9x1omav1o4dxh301bshyru|03|net"; nocase; ) # ib0yaa3rfawd1mwdwe2geu9ij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ib0yaa3rfawd1mwdwe2geu9ij|03|com"; nocase; ) # u198kw1thw1jy12kw9yyuvtvs3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u198kw1thw1jy12kw9yyuvtvs3|03|biz"; nocase; ) # 6x1scl1fbgysc9691mt1wtvi1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6x1scl1fbgysc9691mt1wtvi1i|03|org"; nocase; ) # zltpw3bks2oj17h70g6109whp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zltpw3bks2oj17h70g6109whp6|03|com"; nocase; ) # 13zdor418uw6f4njbfx14grd3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13zdor418uw6f4njbfx14grd3x|03|com"; nocase; ) # 27viru8rq0uj6vbla0aek9cp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|27viru8rq0uj6vbla0aek9cp|03|org"; nocase; ) # pwumd714scahan5vw2mjc3zr9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pwumd714scahan5vw2mjc3zr9|03|biz"; nocase; ) # lycn451gxpo6013lvhuv1ok6gq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lycn451gxpo6013lvhuv1ok6gq0|03|net"; nocase; ) # 3hew6p1fpw9511iyacnm8nx5nk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3hew6p1fpw9511iyacnm8nx5nk|03|net"; nocase; ) # 891c851h28dh61b6ekxg1juvx2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|891c851h28dh61b6ekxg1juvx2f|03|net"; nocase; ) # 1ttga3m1usjcsi1ugzhme12w7zou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ttga3m1usjcsi1ugzhme12w7zou|03|com"; nocase; ) # 1uhajdx977t31306thh14xf0q7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uhajdx977t31306thh14xf0q7|03|org"; nocase; ) # rh0k4t1n7wtp221pdd0ob8fgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rh0k4t1n7wtp221pdd0ob8fgi|03|com"; nocase; ) # 1d4rprzq0iupi2z62wm16ex28h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4rprzq0iupi2z62wm16ex28h|03|org"; nocase; ) # imd6w41hjdw3a1sjzv802cj5g0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imd6w41hjdw3a1sjzv802cj5g0|03|net"; nocase; ) # 137pdsd1qhxn5ctv98ljb3ismi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|137pdsd1qhxn5ctv98ljb3ismi|03|org"; nocase; ) # ltt7gd19mlrtwm208fngi1ia3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ltt7gd19mlrtwm208fngi1ia3|03|biz"; nocase; ) # 2yfabf11kcon21q6g0i9sm1jys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2yfabf11kcon21q6g0i9sm1jys|03|net"; nocase; ) # 42y67a1ky2dagsbz5y1drc0so.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42y67a1ky2dagsbz5y1drc0so|03|com"; nocase; ) # 13ke03bczgsvj1jg5vkg6u3zpn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ke03bczgsvj1jg5vkg6u3zpn|03|net"; nocase; ) # 10qucu31i6jtrh1en38fpi2ngau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10qucu31i6jtrh1en38fpi2ngau|03|com"; nocase; ) # tqlixxvkfprw1t1dcixhywsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tqlixxvkfprw1t1dcixhywsz|03|org"; nocase; ) # 1vhqrliczwqjy13m2xhggl84h0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vhqrliczwqjy13m2xhggl84h0|03|net"; nocase; ) # tl4ljfql2m242qzkh1idyoie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tl4ljfql2m242qzkh1idyoie|03|org"; nocase; ) # q78z9b1pgixuz1evtlay1ht5i8e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q78z9b1pgixuz1evtlay1ht5i8e|03|org"; nocase; ) # 1nsb8ok1p5xooc10v7ehzfjqjvo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nsb8ok1p5xooc10v7ehzfjqjvo|03|org"; nocase; ) # fa6yq11ma6dfjx4pluo5ur88p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fa6yq11ma6dfjx4pluo5ur88p|03|org"; nocase; ) # whvcv9dtfiwu1mp1rorzcudxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|whvcv9dtfiwu1mp1rorzcudxv|03|net"; nocase; ) # 1ja7u9n1eu61dc1asw51uo5qgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ja7u9n1eu61dc1asw51uo5qgu|03|biz"; nocase; ) # 1sx13t61k5ryyt1wys5jx56xhew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sx13t61k5ryyt1wys5jx56xhew|03|com"; nocase; ) # 1v11rp911ucr968yuzw47151gi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v11rp911ucr968yuzw47151gi|03|com"; nocase; ) # yvv6ku1rpe5qb1f2qk5p1piykyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yvv6ku1rpe5qb1f2qk5p1piykyc|03|net"; nocase; ) # 1ufq5091awd171pc3p0w17ye18n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ufq5091awd171pc3p0w17ye18n|03|com"; nocase; ) # j6hxm11jgo4qy1iw12pf10cco4v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j6hxm11jgo4qy1iw12pf10cco4v|03|org"; nocase; ) # 1ken0e6p6c8yc9y6k49gvn77m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ken0e6p6c8yc9y6k49gvn77m|03|biz"; nocase; ) # 1xehwpb1sm4gz517aymt0yv9zzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xehwpb1sm4gz517aymt0yv9zzm|03|org"; nocase; ) # 1f8mxio13cdjiw1yt1zvhg3vjsf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f8mxio13cdjiw1yt1zvhg3vjsf|03|biz"; nocase; ) # 1v02a65yjovl41ivjfzb1os8v4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v02a65yjovl41ivjfzb1os8v4u|03|net"; nocase; ) # 12wp9gidhuz341wm2l4rzxzdi1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12wp9gidhuz341wm2l4rzxzdi1|03|net"; nocase; ) # 1wteg051iyjvkf10tjq251jqoc31.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wteg051iyjvkf10tjq251jqoc31|03|com"; nocase; ) # etzesv18l21yl1vbl07zkxby47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|etzesv18l21yl1vbl07zkxby47|03|com"; nocase; ) # 1kwqw381yag39y1diwvqw19yxe2b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kwqw381yag39y1diwvqw19yxe2b|03|org"; nocase; ) # 4jf6ol1fbal9n1m6c5jt1ohf60g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4jf6ol1fbal9n1m6c5jt1ohf60g|03|net"; nocase; ) # 14xex8h1vjm0wv1qy5xel1aacfvj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14xex8h1vjm0wv1qy5xel1aacfvj|03|biz"; nocase; ) # 1diukdd180327e1by6ctai0p86c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1diukdd180327e1by6ctai0p86c|03|org"; nocase; ) # 1ywqsro1xa3zhdrgp8ivdbp4ab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ywqsro1xa3zhdrgp8ivdbp4ab|03|org"; nocase; ) # 104865a1orjgmy1pglmun1megjp9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|104865a1orjgmy1pglmun1megjp9|03|biz"; nocase; ) # 1n1w9051m7xurhzkvgk4jhxs43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1w9051m7xurhzkvgk4jhxs43|03|net"; nocase; ) # 9tuykv1byfyf51aw59z3unvgqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9tuykv1byfyf51aw59z3unvgqc|03|net"; nocase; ) # 71a44s1sfuksj1bbea421rtwbrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|71a44s1sfuksj1bbea421rtwbrn|03|com"; nocase; ) # br0vak8nz9tbaey1vbfeut16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|br0vak8nz9tbaey1vbfeut16|03|net"; nocase; ) # 182m53p1mzd7ib6ykwfa16ovfbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182m53p1mzd7ib6ykwfa16ovfbx|03|com"; nocase; ) # 1paxhz5qbmtefhvhkdc14ssy35.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1paxhz5qbmtefhvhkdc14ssy35|03|biz"; nocase; ) # 1qv7uko4d6h1rknb8ctwngsj1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qv7uko4d6h1rknb8ctwngsj1|03|com"; nocase; ) # oxj8s41x31dtlolozeti0ldmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oxj8s41x31dtlolozeti0ldmz|03|com"; nocase; ) # vbwbte1bpp3h22a2q2k1fepya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vbwbte1bpp3h22a2q2k1fepya|03|net"; nocase; ) # 16z6s57104w5vgv086ji1ci332s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16z6s57104w5vgv086ji1ci332s|03|net"; nocase; ) # 2ooq6wfcbmzd1mpdnmk40ru0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ooq6wfcbmzd1mpdnmk40ru0|03|org"; nocase; ) # 11dhzoddwhrq4ydqnzl1szqogm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11dhzoddwhrq4ydqnzl1szqogm|03|com"; nocase; ) # 1mx07ibfozs1uwdgrq143htix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mx07ibfozs1uwdgrq143htix|03|com"; nocase; ) # 9wfkhi1jmpu98jolj7018qyd12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wfkhi1jmpu98jolj7018qyd12|03|net"; nocase; ) # 15q0p95rgpdexb8dpheg9svsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15q0p95rgpdexb8dpheg9svsy|03|org"; nocase; ) # glba3ncuelib9ctz8t19flxd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glba3ncuelib9ctz8t19flxd2|03|biz"; nocase; ) # 1vopsfmm9tjrwzl072z19nce3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vopsfmm9tjrwzl072z19nce3v|03|net"; nocase; ) # v86vy1amx5nb259iy7tuipbp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v86vy1amx5nb259iy7tuipbp|03|net"; nocase; ) # 3jwue31mjhjyzm3k72j1kt3zlc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3jwue31mjhjyzm3k72j1kt3zlc|03|biz"; nocase; ) # 1s7h8jz6klo3p1tavw4i1h648cq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s7h8jz6klo3p1tavw4i1h648cq|03|org"; nocase; ) # bdwsk55hz8aweo8i0cmcepjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bdwsk55hz8aweo8i0cmcepjd|03|com"; nocase; ) # hm1g4v13rbvxfornig811b8n8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hm1g4v13rbvxfornig811b8n8r|03|net"; nocase; ) # qgidfd8ejuis1unvmhsou18ig.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qgidfd8ejuis1unvmhsou18ig|03|org"; nocase; ) # 1spxgqrv51plz1h8wdbnhuow6u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1spxgqrv51plz1h8wdbnhuow6u|03|net"; nocase; ) # 1uxkvv01rgjdcw1im1izf1gsxn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uxkvv01rgjdcw1im1izf1gsxn2|03|net"; nocase; ) # k38lmv135v1n9tqkod7145sexn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k38lmv135v1n9tqkod7145sexn|03|com"; nocase; ) # 165r4y61ghyrg04yssem1mrfoap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165r4y61ghyrg04yssem1mrfoap|03|com"; nocase; ) # oyyhee1im281w1wp5611tzqsk4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oyyhee1im281w1wp5611tzqsk4|03|com"; nocase; ) # lda315dmkggsc1ar81i54euf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lda315dmkggsc1ar81i54euf|03|org"; nocase; ) # 1mxxswq15rs6ex1u1flf68r36z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mxxswq15rs6ex1u1flf68r36z|03|net"; nocase; ) # iqu3ca18wzfen1bsq14gtf0mjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iqu3ca18wzfen1bsq14gtf0mjz|03|org"; nocase; ) # as91cn1ah7g791syg28grpo3al.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|as91cn1ah7g791syg28grpo3al|03|org"; nocase; ) # 186909hai6mv7oenb1u15yo8ya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|186909hai6mv7oenb1u15yo8ya|03|com"; nocase; ) # oy6vbh1ckch7g51wxx9sfx9sd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oy6vbh1ckch7g51wxx9sfx9sd|03|org"; nocase; ) # 15ncql015s8j9v1kq2ai21k8jddr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15ncql015s8j9v1kq2ai21k8jddr|03|net"; nocase; ) # aqwh6d1cabchg2fsibo11oz2lf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aqwh6d1cabchg2fsibo11oz2lf|03|org"; nocase; ) # 17xcd4t1a24tu614zszjv1ssc1qk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17xcd4t1a24tu614zszjv1ssc1qk|03|com"; nocase; ) # kvd94t5tx9x2u8wech4u9yxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kvd94t5tx9x2u8wech4u9yxe|03|com"; nocase; ) # 1gca3khp5lzep185n9ej1tulm07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gca3khp5lzep185n9ej1tulm07|03|com"; nocase; ) # 1qum6d49wayejlzx7nx1lk34cx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qum6d49wayejlzx7nx1lk34cx|03|net"; nocase; ) # zeqjc91kwq90b1752poh10wpvbf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zeqjc91kwq90b1752poh10wpvbf|03|org"; nocase; ) # agj9k7tvac9m1gbrxga15n8cyr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|agj9k7tvac9m1gbrxga15n8cyr|03|biz"; nocase; ) # 1j9pf1f1se01nrrr4rh5vl36ka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9pf1f1se01nrrr4rh5vl36ka|03|biz"; nocase; ) # vdzso1cwq109pb8cqvvr3fu4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vdzso1cwq109pb8cqvvr3fu4|03|org"; nocase; ) # 1iuv4kg1dbllj1jg3oak16qbfee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iuv4kg1dbllj1jg3oak16qbfee|03|org"; nocase; ) # 1qhuipcdj4to31un8vf72idj3i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhuipcdj4to31un8vf72idj3i|03|net"; nocase; ) # 5g03ki1pisvpr1r9qxvwfb8s5j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5g03ki1pisvpr1r9qxvwfb8s5j|03|biz"; nocase; ) # 1mgwrqi1h42qphhlhp90129xrno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mgwrqi1h42qphhlhp90129xrno|03|org"; nocase; ) # ngkrie1sf4u3319yx3q1107fqbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ngkrie1sf4u3319yx3q1107fqbl|03|org"; nocase; ) # wkaxkfjp2u0f1id5bp8101nlq9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkaxkfjp2u0f1id5bp8101nlq9|03|com"; nocase; ) # 6entf216l7b601k5o2d21apzj2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6entf216l7b601k5o2d21apzj2g|03|net"; nocase; ) # 1c9w9qd2wpg8u1afvkkqozl2f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c9w9qd2wpg8u1afvkkqozl2f2|03|net"; nocase; ) # e1n0ln1ks7i7hpzm1knn3ky7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1n0ln1ks7i7hpzm1knn3ky7a|03|com"; nocase; ) # 1ezbgvl1cr6wmi16381ij1eo3lfn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ezbgvl1cr6wmi16381ij1eo3lfn|03|biz"; nocase; ) # asq8nbcazdsg17utwwl1dlf820.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|asq8nbcazdsg17utwwl1dlf820|03|net"; nocase; ) # n30zwa7x3gfm1u2ar41pglkqe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n30zwa7x3gfm1u2ar41pglkqe|03|com"; nocase; ) # 1b7wem01hynomc16a9zp2192xzxo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b7wem01hynomc16a9zp2192xzxo|03|biz"; nocase; ) # 7zg51cr5wfjz4qce5lqcs0pn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7zg51cr5wfjz4qce5lqcs0pn|03|net"; nocase; ) # 6tiywjqxo4id1ci7qr71pyqt1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6tiywjqxo4id1ci7qr71pyqt1x|03|org"; nocase; ) # redm3jbnc9nc2feauxsckj0z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|redm3jbnc9nc2feauxsckj0z|03|com"; nocase; ) # akr9gf1lamdr91ajqwtsn3ge38.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|akr9gf1lamdr91ajqwtsn3ge38|03|net"; nocase; ) # 1s2tb3is8rizb10u7evwiyf0mn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s2tb3is8rizb10u7evwiyf0mn|03|org"; nocase; ) # nmc0bahe3vevq0qoar1sxyo5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmc0bahe3vevq0qoar1sxyo5q|03|com"; nocase; ) # 15z4crc15py1zlfznce31wyr9wj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15z4crc15py1zlfznce31wyr9wj|03|biz"; nocase; ) # zq8s04f1c6wthgaklr1l29ap7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zq8s04f1c6wthgaklr1l29ap7|03|com"; nocase; ) # 1kjowmtu24l9917dd9fu1quolfu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kjowmtu24l9917dd9fu1quolfu|03|org"; nocase; ) # 1a02hwuzebrn7rkq0we17yyjpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a02hwuzebrn7rkq0we17yyjpt|03|biz"; nocase; ) # 1dxwzjl1r4dp0m1hxqqmr7n3khj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dxwzjl1r4dp0m1hxqqmr7n3khj|03|com"; nocase; ) # 112emssn64h473oqsy2srng9d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|112emssn64h473oqsy2srng9d|03|com"; nocase; ) # sov6aiv5t4rm1trk0b6he1eke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sov6aiv5t4rm1trk0b6he1eke|03|biz"; nocase; ) # cznjv7m4w89nbafw9e67n01b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cznjv7m4w89nbafw9e67n01b|03|net"; nocase; ) # 4h9g0r1xmgijdrlmv3810qc9yf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4h9g0r1xmgijdrlmv3810qc9yf|03|org"; nocase; ) # fpt0hc1hnaw8bqwp7znokwofc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fpt0hc1hnaw8bqwp7znokwofc|03|biz"; nocase; ) # 1lh2pku77p92010w66vf9b5mf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lh2pku77p92010w66vf9b5mf2|03|org"; nocase; ) # jztlve1474lcwjxoqg3371mti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jztlve1474lcwjxoqg3371mti|03|net"; nocase; ) # 19b1i51xgdizm32t18xsq7y1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|19b1i51xgdizm32t18xsq7y1|03|net"; nocase; ) # 1aa2nzbs5lgsh1ly1gsf187hzib.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa2nzbs5lgsh1ly1gsf187hzib|03|org"; nocase; ) # ifh8pd1cgketyt0sxbb92g1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ifh8pd1cgketyt0sxbb92g1x|03|com"; nocase; ) # 17icg2vbdkezqp3lh0bvrjgwb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17icg2vbdkezqp3lh0bvrjgwb|03|net"; nocase; ) # 14wucif1aqwdw51hnnt3913hiunq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14wucif1aqwdw51hnnt3913hiunq|03|net"; nocase; ) # 1ptah978mmkr88aqovu6ut009.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ptah978mmkr88aqovu6ut009|03|net"; nocase; ) # 1oj6dk72zidku15snyt8maipcf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oj6dk72zidku15snyt8maipcf|03|biz"; nocase; ) # n6ubta1nke07a1gc3byb9k19kq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6ubta1nke07a1gc3byb9k19kq|03|org"; nocase; ) # 1cyhxy7vc55gnts848m1axdh1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cyhxy7vc55gnts848m1axdh1k|03|net"; nocase; ) # 17m8o6k1ggl0091hs0jct8mxzur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17m8o6k1ggl0091hs0jct8mxzur|03|org"; nocase; ) # jnucef1iz2e93sduegl1me4ufs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnucef1iz2e93sduegl1me4ufs|03|net"; nocase; ) # ln3j001tkqxduszaciy25wv03.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ln3j001tkqxduszaciy25wv03|03|net"; nocase; ) # 14sq3jdgeekqqe3ph201dx9cj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14sq3jdgeekqqe3ph201dx9cj|03|com"; nocase; ) # l0cejh1t470vlcqjoof166l1h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l0cejh1t470vlcqjoof166l1h|03|net"; nocase; ) # bequxe9hgzxlevnm6y18fhwwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bequxe9hgzxlevnm6y18fhwwo|03|biz"; nocase; ) # 1d5hevz1gkuexo1fx4ikbt3fzok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5hevz1gkuexo1fx4ikbt3fzok|03|org"; nocase; ) # 1pvqeshvkayna17h9kkz1lrffk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pvqeshvkayna17h9kkz1lrffk|03|net"; nocase; ) # 1osyv8gg0xhul1cl86xyq4ctgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osyv8gg0xhul1cl86xyq4ctgx|03|net"; nocase; ) # 1w5s8xa159o98k1iip9g1p6uvyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w5s8xa159o98k1iip9g1p6uvyg|03|biz"; nocase; ) # z6w1u5f41yru0yn52kzii7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|z6w1u5f41yru0yn52kzii7c|03|net"; nocase; ) # 1yv1poftrjj7y13x6j21hydep2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yv1poftrjj7y13x6j21hydep2|03|biz"; nocase; ) # 1w1fbzd13w1vhv1wf3vqoa5cwwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w1fbzd13w1vhv1wf3vqoa5cwwh|03|org"; nocase; ) # 1divcve10hxy51id49901587qka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1divcve10hxy51id49901587qka|03|biz"; nocase; ) # sivjotgve6b0zk2jan1hfrl1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sivjotgve6b0zk2jan1hfrl1y|03|net"; nocase; ) # dyx9y50xly71og4gqt1pmakrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dyx9y50xly71og4gqt1pmakrw|03|net"; nocase; ) # ni02phl7fpbe1df25wc154a3eq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ni02phl7fpbe1df25wc154a3eq|03|net"; nocase; ) # 13k2s413tloupd1up621281t32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13k2s413tloupd1up621281t32|03|net"; nocase; ) # 1pjbn601bvm4ups5cfk818aie42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pjbn601bvm4ups5cfk818aie42|03|net"; nocase; ) # 1708xebk2ge1n18irtm818iwr3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1708xebk2ge1n18irtm818iwr3m|03|net"; nocase; ) # sgvier1073977kbdltqe3wnt7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sgvier1073977kbdltqe3wnt7|03|net"; nocase; ) # 98iquh1aoalma7hari7163qt9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98iquh1aoalma7hari7163qt9k|03|net"; nocase; ) # 1rq3m837g9jkv2mxcng19zy1uo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rq3m837g9jkv2mxcng19zy1uo|03|com"; nocase; ) # 11um2dh1wpc8kg1s1vued1mpx4nl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11um2dh1wpc8kg1s1vued1mpx4nl|03|biz"; nocase; ) # 1wo6wg3p8ueeb19qy0d749ii4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wo6wg3p8ueeb19qy0d749ii4|03|net"; nocase; ) # 129lb9m1gam45z1d6pk8yij3176.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129lb9m1gam45z1d6pk8yij3176|03|org"; nocase; ) # 1lncda91cs1c7ypeajvde2wkmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lncda91cs1c7ypeajvde2wkmo|03|net"; nocase; ) # mtcpil1t9va3aro9jdf2npph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mtcpil1t9va3aro9jdf2npph|03|net"; nocase; ) # m7b70ixnvido1tyxnnl132h2s6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m7b70ixnvido1tyxnnl132h2s6|03|com"; nocase; ) # 1qltmla5kcjim2htnr314jqc80.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qltmla5kcjim2htnr314jqc80|03|com"; nocase; ) # 146n66ok2nbq0btgzl1r0m5b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|146n66ok2nbq0btgzl1r0m5b|03|net"; nocase; ) # xpcaq59f89xz6k7tx51wm8jya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xpcaq59f89xz6k7tx51wm8jya|03|org"; nocase; ) # 1wura16s05omvzqhza55xlxe9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wura16s05omvzqhza55xlxe9|03|com"; nocase; ) # 16wjdwff99pg21nypwucgvadr5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wjdwff99pg21nypwucgvadr5|03|org"; nocase; ) # 1k7hum91we0x11kyxbiyaf7zo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k7hum91we0x11kyxbiyaf7zo|03|net"; nocase; ) # 30oz2tkr913w2rtfcj1qkdozd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30oz2tkr913w2rtfcj1qkdozd|03|org"; nocase; ) # eep8u1sf1laf1j2xz8r17tf9n1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eep8u1sf1laf1j2xz8r17tf9n1|03|biz"; nocase; ) # 17sk6r994v5g11gg6704j3oy5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17sk6r994v5g11gg6704j3oy5n|03|biz"; nocase; ) # 15qd0sq1db9brvgiz11710q1e3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15qd0sq1db9brvgiz11710q1e3i|03|com"; nocase; ) # gai1fs5gjzza1a5mg2tjx4s6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gai1fs5gjzza1a5mg2tjx4s6n|03|org"; nocase; ) # 5nxq1u1ayykpx1e3h3r018d6jdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5nxq1u1ayykpx1e3h3r018d6jdy|03|net"; nocase; ) # mb3v4l1tfe43hkqm1ej1s0lnmg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mb3v4l1tfe43hkqm1ej1s0lnmg|03|net"; nocase; ) # 1ah769a8zfsyf174txgi1ksqpmq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ah769a8zfsyf174txgi1ksqpmq|03|biz"; nocase; ) # 1iee9inc5ngg51q7ut9y5sm6rx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iee9inc5ngg51q7ut9y5sm6rx|03|com"; nocase; ) # 6ymbbi15381hg16i5a7b1ot7h0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ymbbi15381hg16i5a7b1ot7h0y|03|net"; nocase; ) # ajfikevypes21rmh07o14a8xxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajfikevypes21rmh07o14a8xxq|03|biz"; nocase; ) # m90ashotiseh1ccc3xg1oc9y95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m90ashotiseh1ccc3xg1oc9y95|03|net"; nocase; ) # kqsf7g16xouqcyn9rmz1n3svb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kqsf7g16xouqcyn9rmz1n3svb4|03|org"; nocase; ) # 1xfbge1hogguf1tqbj26z1ywk0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xfbge1hogguf1tqbj26z1ywk0|03|com"; nocase; ) # 1oc3l3n20q42l4lp6v0uxu0hi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oc3l3n20q42l4lp6v0uxu0hi|03|org"; nocase; ) # 1limh33hp461a11t0mj08gii5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1limh33hp461a11t0mj08gii5d|03|net"; nocase; ) # 1s3mpd71oicc47120mfpgu5n2u0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3mpd71oicc47120mfpgu5n2u0|03|com"; nocase; ) # 1u1hyz5h811n8al76qm1ecrih8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u1hyz5h811n8al76qm1ecrih8|03|org"; nocase; ) # 1hu7fdf1tlmq9ar7bacoxl95hu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hu7fdf1tlmq9ar7bacoxl95hu|03|net"; nocase; ) # dxysh7p0toh8erduox1tzblk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dxysh7p0toh8erduox1tzblk|03|org"; nocase; ) # h0sy6j1ywpxn11kcp7k1rl591x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0sy6j1ywpxn11kcp7k1rl591x|03|net"; nocase; ) # vgazqg1f7iegd1cdzrzk1ahcs7g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vgazqg1f7iegd1cdzrzk1ahcs7g|03|org"; nocase; ) # 120ne911gmehp81bvrq8v168wwnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|120ne911gmehp81bvrq8v168wwnc|03|net"; nocase; ) # d5eand1lq6v6oi3c2j01eb5b1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d5eand1lq6v6oi3c2j01eb5b1x|03|org"; nocase; ) # d9a8ptwqrxvz78acpj4mw4p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|d9a8ptwqrxvz78acpj4mw4p|03|com"; nocase; ) # aw5xn8i1o3mjhmojig15q5eh0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aw5xn8i1o3mjhmojig15q5eh0|03|net"; nocase; ) # 19xffcc12r184u195j7ru1rece2s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19xffcc12r184u195j7ru1rece2s|03|org"; nocase; ) # 1ty1bi4rmpoaiqogok1kpgmrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ty1bi4rmpoaiqogok1kpgmrl|03|net"; nocase; ) # vcqy0lhjuywy23oyce1qk5as4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vcqy0lhjuywy23oyce1qk5as4|03|biz"; nocase; ) # 1mb8vlf2v1wmo1yzg3n4xkyhbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mb8vlf2v1wmo1yzg3n4xkyhbp|03|org"; nocase; ) # 1f1z1c35wlyt71fli061xfagui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f1z1c35wlyt71fli061xfagui|03|net"; nocase; ) # 1492z27q0mgoqld4eidmsb5no.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1492z27q0mgoqld4eidmsb5no|03|net"; nocase; ) # 1q3c5115ux2bs1ke3cej1o8s4dt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q3c5115ux2bs1ke3cej1o8s4dt|03|net"; nocase; ) # 1qj84mmxwcf3atl3lwg3ee3x5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qj84mmxwcf3atl3lwg3ee3x5|03|org"; nocase; ) # 1668z24o4f95g1wlvdu319rn1ob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1668z24o4f95g1wlvdu319rn1ob|03|biz"; nocase; ) # 14wc44zz5x5byesg1py65eozv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14wc44zz5x5byesg1py65eozv|03|biz"; nocase; ) # d7nctxovfuqb1dgxmd79xhz9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d7nctxovfuqb1dgxmd79xhz9y|03|net"; nocase; ) # jqjxk1fkp0dx1np7c4esvwazg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jqjxk1fkp0dx1np7c4esvwazg|03|biz"; nocase; ) # 1kq06nto8za0t1lwr921b8991f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kq06nto8za0t1lwr921b8991f|03|biz"; nocase; ) # 1bc9z0p1q0slag1dc6or11ex2zrg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000007999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bc9z0p1q0slag1dc6or11ex2zrg|03|com"; nocase; ) # e6yd5ympju4i1mymeg1lppmwu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e6yd5ympju4i1mymeg1lppmwu|03|org"; nocase; ) # yuyznl8unz5nntew1zkh5zzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yuyznl8unz5nntew1zkh5zzk|03|net"; nocase; ) # 1hbu96vqzmecbt78eer19sg6zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbu96vqzmecbt78eer19sg6zy|03|net"; nocase; ) # 1bg6tmifz7go1ors1a7zvtv2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bg6tmifz7go1ors1a7zvtv2z|03|org"; nocase; ) # 17v1yrm16d3tv5y2pk66lak5mz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17v1yrm16d3tv5y2pk66lak5mz|03|org"; nocase; ) # wn6r1d1870ybg4yuq3ylz1yh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wn6r1d1870ybg4yuq3ylz1yh|03|com"; nocase; ) # sxzad92o81f11ugfrilsf2swh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sxzad92o81f11ugfrilsf2swh|03|org"; nocase; ) # gkfn6h1kgshb31abn185z9h0je.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gkfn6h1kgshb31abn185z9h0je|03|net"; nocase; ) # 1lucirr191op6axj0uob1r94z6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lucirr191op6axj0uob1r94z6o|03|net"; nocase; ) # ggzkh615mkwhd1iq6kgj1y235zf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ggzkh615mkwhd1iq6kgj1y235zf|03|com"; nocase; ) # 1ozifldw7fgr71568uaptdqmjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ozifldw7fgr71568uaptdqmjt|03|biz"; nocase; ) # agk4l51s9t3kipd7o9kqcsdg1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|agk4l51s9t3kipd7o9kqcsdg1|03|biz"; nocase; ) # 8aoh8nwcucxj1lc5xd1nqyx9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8aoh8nwcucxj1lc5xd1nqyx9r|03|org"; nocase; ) # 1mhi6oi1lrqjl211kpcstaxgwg2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mhi6oi1lrqjl211kpcstaxgwg2|03|com"; nocase; ) # 1og5oy1ruxycn1fagzap1o3gamr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1og5oy1ruxycn1fagzap1o3gamr|03|org"; nocase; ) # 1242az7tzrf2t17fmb0w1o7h54k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1242az7tzrf2t17fmb0w1o7h54k|03|biz"; nocase; ) # 1l7p0461gtp135i9wapj1lftm8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7p0461gtp135i9wapj1lftm8|03|org"; nocase; ) # 1bu097wuuur8p11n1m2d1botr9t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bu097wuuur8p11n1m2d1botr9t|03|org"; nocase; ) # dpwvp81bbton41y7397b1km6bz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dpwvp81bbton41y7397b1km6bz3|03|org"; nocase; ) # ci1etjb64vhg16985l5m9e5xv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ci1etjb64vhg16985l5m9e5xv|03|org"; nocase; ) # 1cak6kk1jol296opvdgk1tzoyzf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cak6kk1jol296opvdgk1tzoyzf|03|com"; nocase; ) # 1kv36a1hxr9dva6o6dp1c1sgcm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kv36a1hxr9dva6o6dp1c1sgcm|03|org"; nocase; ) # 1ub8xgnq2dvwd13q320lylhhzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ub8xgnq2dvwd13q320lylhhzd|03|com"; nocase; ) # 1x4fr7418sj4jaegx1x2rt62zz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x4fr7418sj4jaegx1x2rt62zz|03|org"; nocase; ) # 50vj5fix9pjdwqe7c8181sdh2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50vj5fix9pjdwqe7c8181sdh2|03|org"; nocase; ) # 16kbwe01e0s8ob1pgrz2j1t8ny8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16kbwe01e0s8ob1pgrz2j1t8ny8o|03|com"; nocase; ) # 1xbica5175ub181s406p51gpg0mr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xbica5175ub181s406p51gpg0mr|03|biz"; nocase; ) # 1einyya1xw8rh5r1449d1waceqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1einyya1xw8rh5r1449d1waceqv|03|com"; nocase; ) # 1mzafck1lmqti012mtnzevh4t1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mzafck1lmqti012mtnzevh4t1d|03|net"; nocase; ) # mhs8r61uckpax7hgh35voet6b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mhs8r61uckpax7hgh35voet6b|03|biz"; nocase; ) # 1r659iq18dzunpuwhfp95nzcst.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r659iq18dzunpuwhfp95nzcst|03|org"; nocase; ) # qyp56rra7amovxg4mnxt3l10.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qyp56rra7amovxg4mnxt3l10|03|org"; nocase; ) # 1809djzo098z7sgovw1potc9z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1809djzo098z7sgovw1potc9z|03|biz"; nocase; ) # 1oyflza17w49ph1sg1v5n1x36vyh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oyflza17w49ph1sg1v5n1x36vyh|03|net"; nocase; ) # 1l4cao91wdy98q1trvvl2j6bh6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4cao91wdy98q1trvvl2j6bh6c|03|biz"; nocase; ) # 1xidw9lmzl4rlos84urm0u4w0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xidw9lmzl4rlos84urm0u4w0|03|net"; nocase; ) # e26z8xti8gefxbl4eagcsgo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e26z8xti8gefxbl4eagcsgo1|03|net"; nocase; ) # p1zej23iqhrz15ttwdt89slp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p1zej23iqhrz15ttwdt89slp5|03|net"; nocase; ) # 4iwm6f1egwqbegxiips4oq2yu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4iwm6f1egwqbegxiips4oq2yu|03|net"; nocase; ) # dsyhl616ularkwyt1ir1gvva6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsyhl616ularkwyt1ir1gvva6l|03|net"; nocase; ) # b1uf0revzg8o1lrxw41jt1trf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1uf0revzg8o1lrxw41jt1trf|03|biz"; nocase; ) # qp2qhwn48yz91y92yitr8awob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qp2qhwn48yz91y92yitr8awob|03|com"; nocase; ) # 1d0xoik1clowpt1x85pfs1ehjal3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d0xoik1clowpt1x85pfs1ehjal3|03|biz"; nocase; ) # 1qdw0yrw95vidw20cty133y1dy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qdw0yrw95vidw20cty133y1dy|03|org"; nocase; ) # 1r65gadskz2ujethmgnitg056.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r65gadskz2ujethmgnitg056|03|com"; nocase; ) # ead7v5157oblvz06syq1pu8jmk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ead7v5157oblvz06syq1pu8jmk|03|net"; nocase; ) # 19777p3cxrwf8m8nz49j12n9z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19777p3cxrwf8m8nz49j12n9z|03|com"; nocase; ) # nf7ey417siwgz193be4p2khs3s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nf7ey417siwgz193be4p2khs3s|03|org"; nocase; ) # xer9bieb7e2h1ccqaz4heua11.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xer9bieb7e2h1ccqaz4heua11|03|biz"; nocase; ) # l22m8bzt3um41f05xaw80ass6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l22m8bzt3um41f05xaw80ass6|03|com"; nocase; ) # ob7cjt11qn6lgn6xgyb1oftf2x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ob7cjt11qn6lgn6xgyb1oftf2x|03|biz"; nocase; ) # k6qqjq1x5y8cy1ltbxr517efk6f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k6qqjq1x5y8cy1ltbxr517efk6f|03|net"; nocase; ) # 4gnlgmqrr8hf6ir2lz1l5fr32.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4gnlgmqrr8hf6ir2lz1l5fr32|03|biz"; nocase; ) # 1y7cxo6hlc7kp4a7wtmzx0u7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y7cxo6hlc7kp4a7wtmzx0u7q|03|net"; nocase; ) # ycyob25umwapvenmps5qthri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ycyob25umwapvenmps5qthri|03|net"; nocase; ) # 1lz59nrjfgx7df16thy10djckb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lz59nrjfgx7df16thy10djckb|03|com"; nocase; ) # 1l8arnb1fevf1zxx31h31ryff1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l8arnb1fevf1zxx31h31ryff1b|03|org"; nocase; ) # 19plkxy13aro5y7a6yi6142l0qa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19plkxy13aro5y7a6yi6142l0qa|03|biz"; nocase; ) # 1q0fi2414opapg1g05nf91m57p9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q0fi2414opapg1g05nf91m57p9t|03|net"; nocase; ) # 13ii628bgozvllbyrsa1g787vp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ii628bgozvllbyrsa1g787vp|03|com"; nocase; ) # 3ydz8r1opiqwn1y0dqocgwx77m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ydz8r1opiqwn1y0dqocgwx77m|03|com"; nocase; ) # 9lf1wb1la4xv1c5ujs12t4djx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9lf1wb1la4xv1c5ujs12t4djx|03|org"; nocase; ) # xsq4bg18zoya549y6up1meujuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsq4bg18zoya549y6up1meujuz|03|net"; nocase; ) # 150am1hbxq763lnlkvu16iexlw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|150am1hbxq763lnlkvu16iexlw|03|biz"; nocase; ) # 9ti3sxw6she10fpmtkkja3d9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9ti3sxw6she10fpmtkkja3d9|03|net"; nocase; ) # 12e1zawvd0mhoyfujt0rjf7w5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12e1zawvd0mhoyfujt0rjf7w5|03|biz"; nocase; ) # zx9ahe61o2141fr6irv1rvbsle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zx9ahe61o2141fr6irv1rvbsle|03|com"; nocase; ) # muw6te12jf8dncf9det10mu3ln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|muw6te12jf8dncf9det10mu3ln|03|org"; nocase; ) # 13ggoth4ymlj3182y75k1s3jwvr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ggoth4ymlj3182y75k1s3jwvr|03|biz"; nocase; ) # 1848udi18w517cplttm01hsa1ak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1848udi18w517cplttm01hsa1ak|03|com"; nocase; ) # 8oy1hq139ck0360lifgscw99j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8oy1hq139ck0360lifgscw99j|03|com"; nocase; ) # 15h1aex1phiwkv8llkuzr1vlnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15h1aex1phiwkv8llkuzr1vlnp|03|net"; nocase; ) # 1ev0cro7wofk1bpgt8e1ft0zkd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ev0cro7wofk1bpgt8e1ft0zkd|03|biz"; nocase; ) # 1fzrtmsy6tlgrpgo2mccoj01l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fzrtmsy6tlgrpgo2mccoj01l|03|com"; nocase; ) # 1xjv1yqs5h6zeshr8qpnlryo5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xjv1yqs5h6zeshr8qpnlryo5|03|net"; nocase; ) # 2u5fad1e56zpmxj8f3rjw4t56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2u5fad1e56zpmxj8f3rjw4t56|03|net"; nocase; ) # 9pw8qhyyxqn218i2x6lbg78h4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pw8qhyyxqn218i2x6lbg78h4|03|com"; nocase; ) # 1dhetku1wwbd5017nkeid1pc8rvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dhetku1wwbd5017nkeid1pc8rvq|03|net"; nocase; ) # ey2m8c1ta6gwa13qkfrp17cxqpm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ey2m8c1ta6gwa13qkfrp17cxqpm|03|com"; nocase; ) # 1k3hjy410neyt01407pkj1x9hgcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k3hjy410neyt01407pkj1x9hgcs|03|net"; nocase; ) # 1nssjnze566tigc8u1fauqjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1nssjnze566tigc8u1fauqjt|03|org"; nocase; ) # 17m66xew4vj73z9wme015avaa1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17m66xew4vj73z9wme015avaa1|03|net"; nocase; ) # f6xtomqf0e2d1avxof2zd140a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6xtomqf0e2d1avxof2zd140a|03|net"; nocase; ) # qb96w61aahbgxozh9p7c47pcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qb96w61aahbgxozh9p7c47pcx|03|com"; nocase; ) # 1ayop9u1wodsly17iddtc17ai7qr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ayop9u1wodsly17iddtc17ai7qr|03|biz"; nocase; ) # fhg2gi16mllrzgssmkkw1bqh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fhg2gi16mllrzgssmkkw1bqh5|03|net"; nocase; ) # 1dfz3741uekt00phpc91nq4yin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dfz3741uekt00phpc91nq4yin|03|com"; nocase; ) # 1pzdpg711f0c1c2xfoxpvr7t5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pzdpg711f0c1c2xfoxpvr7t5j|03|net"; nocase; ) # ksrlzg1gog71z1lkwd2o1x1kz6w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ksrlzg1gog71z1lkwd2o1x1kz6w|03|biz"; nocase; ) # 1s58ify2qg0nvar8npo1alw7lu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s58ify2qg0nvar8npo1alw7lu|03|com"; nocase; ) # 107ugmj1y3jb4o9z9v784tr5qd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107ugmj1y3jb4o9z9v784tr5qd|03|com"; nocase; ) # 156yo3e1406x1f2rqwj33e61r6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156yo3e1406x1f2rqwj33e61r6|03|net"; nocase; ) # drmkmr21qlw21ustqp83dsnbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|drmkmr21qlw21ustqp83dsnbm|03|net"; nocase; ) # 168syzk1u4xa266e3p99c94xxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168syzk1u4xa266e3p99c94xxn|03|com"; nocase; ) # 45xhpp11fzgoe1710gx31s80sy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|45xhpp11fzgoe1710gx31s80sy|03|net"; nocase; ) # wtqwpu11qovci5dg0my1k9gd3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wtqwpu11qovci5dg0my1k9gd3x|03|biz"; nocase; ) # 174insh1vknsw01h1t9ch1kw64b6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|174insh1vknsw01h1t9ch1kw64b6|03|net"; nocase; ) # 1gvudl29xey6qga0ccpomxtc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gvudl29xey6qga0ccpomxtc9|03|net"; nocase; ) # 1owb3t317zl8u9n7iauyl6q2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1owb3t317zl8u9n7iauyl6q2|03|net"; nocase; ) # zifrfpgjpkl510zlpxg1fpfkzb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zifrfpgjpkl510zlpxg1fpfkzb|03|com"; nocase; ) # 7au5wlg4gzwhz8ftcx16y9tfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7au5wlg4gzwhz8ftcx16y9tfq|03|net"; nocase; ) # s4ibf7hxj5xk1scw6w9itwb77.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s4ibf7hxj5xk1scw6w9itwb77|03|org"; nocase; ) # 1sgcl1ea28w3i2i4moq146pqja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sgcl1ea28w3i2i4moq146pqja|03|org"; nocase; ) # ay5a8z6p6wfn1l88ltkoi004f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ay5a8z6p6wfn1l88ltkoi004f|03|org"; nocase; ) # 1akv8v81tbpnmm6n040k17jwxoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1akv8v81tbpnmm6n040k17jwxoo|03|org"; nocase; ) # ep9qrwau6o1jqye3yii3p9yp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ep9qrwau6o1jqye3yii3p9yp|03|net"; nocase; ) # biluppxw5z24de7fu91qhcrqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|biluppxw5z24de7fu91qhcrqu|03|biz"; nocase; ) # 57bj3fvwbc2r1gpaa1kw9ejpr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|57bj3fvwbc2r1gpaa1kw9ejpr|03|org"; nocase; ) # qukhbz11ibxis2jmlwt697y8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qukhbz11ibxis2jmlwt697y8g|03|org"; nocase; ) # zeyecmcxlp38e3x7951qjivey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zeyecmcxlp38e3x7951qjivey|03|com"; nocase; ) # p3aubv1wwdhnc1whcls116ia34e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p3aubv1wwdhnc1whcls116ia34e|03|net"; nocase; ) # i31ti1yn6h9xdoazos88lyet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i31ti1yn6h9xdoazos88lyet|03|net"; nocase; ) # 64q94226ke6l1fbxpok11bk17w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64q94226ke6l1fbxpok11bk17w|03|net"; nocase; ) # 1wx37e11mg01gv189jino11naugr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wx37e11mg01gv189jino11naugr|03|org"; nocase; ) # 1s19duf7165l5ykuaba1lx6tlx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s19duf7165l5ykuaba1lx6tlx|03|net"; nocase; ) # y4u3xo9prbywdk9ozlwt6qao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y4u3xo9prbywdk9ozlwt6qao|03|org"; nocase; ) # 17z61xrf2tskg958s0o1tmathd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17z61xrf2tskg958s0o1tmathd|03|biz"; nocase; ) # ncnaro1wtkpm0125aqie7o34fp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ncnaro1wtkpm0125aqie7o34fp|03|com"; nocase; ) # 1tht8dt1mgd9jy6zsgh916dws34.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tht8dt1mgd9jy6zsgh916dws34|03|biz"; nocase; ) # d0gtnp1e0akw0wo9ngg1tgnh4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d0gtnp1e0akw0wo9ngg1tgnh4o|03|net"; nocase; ) # auy4ktd94hlrb5pop11yilwga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|auy4ktd94hlrb5pop11yilwga|03|net"; nocase; ) # ex6lhxfrfr0uyvw7oz1l8sx53.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ex6lhxfrfr0uyvw7oz1l8sx53|03|org"; nocase; ) # ougetochmist1056pabgj1phu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ougetochmist1056pabgj1phu|03|net"; nocase; ) # ld15xevljqei13bsyl2v0onzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ld15xevljqei13bsyl2v0onzu|03|net"; nocase; ) # 1y6xunq16c2j04157in9t7qbyeq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y6xunq16c2j04157in9t7qbyeq|03|org"; nocase; ) # 1q61752skbl809t343le28d6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q61752skbl809t343le28d6a|03|org"; nocase; ) # 1h2s7df1dya9wjw5ld5uo10skx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2s7df1dya9wjw5ld5uo10skx|03|com"; nocase; ) # n8fus6e0d51o1e3e94j1x92krx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n8fus6e0d51o1e3e94j1x92krx|03|net"; nocase; ) # 1igobqmvpklha1r99jsmi3pkl5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1igobqmvpklha1r99jsmi3pkl5|03|net"; nocase; ) # k6sjfzyl267g1xsamgyuz2sk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k6sjfzyl267g1xsamgyuz2sk7|03|com"; nocase; ) # 157undd1lvg09tq1umiv1dos0dh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|157undd1lvg09tq1umiv1dos0dh|03|com"; nocase; ) # varqbj9h9u011x7mzyyqyp9ei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|varqbj9h9u011x7mzyyqyp9ei|03|biz"; nocase; ) # 1nzk70w2t7u7wqvbysq1wctu9n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzk70w2t7u7wqvbysq1wctu9n|03|net"; nocase; ) # io9e39c857qkeanzfpyoaoz9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|io9e39c857qkeanzfpyoaoz9|03|net"; nocase; ) # cb91pvlqtux91do77mk1qjfy9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cb91pvlqtux91do77mk1qjfy9b|03|com"; nocase; ) # o5fifq12hz1l75m0zw41iduf1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o5fifq12hz1l75m0zw41iduf1d|03|org"; nocase; ) # 1kyavkv1e8mzr3q5ix5v10d96i7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kyavkv1e8mzr3q5ix5v10d96i7|03|biz"; nocase; ) # 1rra0q41xoj58lamy0p31acglv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rra0q41xoj58lamy0p31acglv7|03|net"; nocase; ) # 1i1wys71uirfd01uqr62i1epsy59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i1wys71uirfd01uqr62i1epsy59|03|com"; nocase; ) # jc8fo0ig2sjy841uuz1334gac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jc8fo0ig2sjy841uuz1334gac|03|net"; nocase; ) # 1w4hg7c1930cobn726o1v8rp3y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w4hg7c1930cobn726o1v8rp3y|03|org"; nocase; ) # ozwbw13mg6pu1i1odx217qw14k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ozwbw13mg6pu1i1odx217qw14k|03|net"; nocase; ) # 7y5teqt7q7ec1tsbslg1erb6wn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7y5teqt7q7ec1tsbslg1erb6wn|03|com"; nocase; ) # ujozm18b5xtvanps4b14zhlyu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ujozm18b5xtvanps4b14zhlyu|03|biz"; nocase; ) # e8tlst1gv7q891b2nqcipj8gum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e8tlst1gv7q891b2nqcipj8gum|03|net"; nocase; ) # 13z23i91x19smg1u4rslypxohp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13z23i91x19smg1u4rslypxohp6|03|com"; nocase; ) # 1ug6rzuie62yfq4z1v91pwyxz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ug6rzuie62yfq4z1v91pwyxz8|03|net"; nocase; ) # 19hr80f1beobls1vxkghqd21otf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19hr80f1beobls1vxkghqd21otf|03|org"; nocase; ) # ouwa9fpvzp6j1tbne42ko1ewa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ouwa9fpvzp6j1tbne42ko1ewa|03|net"; nocase; ) # 4u48m01b85ajz189r5sdqxquym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4u48m01b85ajz189r5sdqxquym|03|org"; nocase; ) # 8ej5391h2jy18t3m2nj86cbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8ej5391h2jy18t3m2nj86cbq|03|net"; nocase; ) # 1hmpbch8c56sm2r2jjqxtxzu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1hmpbch8c56sm2r2jjqxtxzu|03|biz"; nocase; ) # 8kh7oyk27ego1s3ctbx1m9or8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8kh7oyk27ego1s3ctbx1m9or8d|03|org"; nocase; ) # 1chlszp1k12wtl4hmnchx9s5uw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1chlszp1k12wtl4hmnchx9s5uw|03|com"; nocase; ) # 1d242mj6qly6j2hpb9fh81rm8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d242mj6qly6j2hpb9fh81rm8|03|biz"; nocase; ) # d7t6r6d5s3yj1dzexs81lt5d02.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d7t6r6d5s3yj1dzexs81lt5d02|03|org"; nocase; ) # 1wwiv7t1ya59s9voclkj5jahgq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwiv7t1ya59s9voclkj5jahgq|03|org"; nocase; ) # 1l778vwelyjq11uepvqcqj0ei3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l778vwelyjq11uepvqcqj0ei3|03|net"; nocase; ) # 1m39cz111yrbmqd0a7ory357pj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m39cz111yrbmqd0a7ory357pj|03|org"; nocase; ) # 1o24040lknlvzdxjusj14iuxus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o24040lknlvzdxjusj14iuxus|03|net"; nocase; ) # 64tq1komq1e1bbnum013929iu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|64tq1komq1e1bbnum013929iu|03|biz"; nocase; ) # rajwbtze2e4niwkq7e1xmyi6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rajwbtze2e4niwkq7e1xmyi6w|03|net"; nocase; ) # 1t669kn13e8g34163ppnv1t25u36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t669kn13e8g34163ppnv1t25u36|03|net"; nocase; ) # 1y0gfhy1ur6jdb9073oe1jz1cw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y0gfhy1ur6jdb9073oe1jz1cw4|03|org"; nocase; ) # 1955uck1bc574byb04nnwhj9a5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1955uck1bc574byb04nnwhj9a5|03|net"; nocase; ) # 6i3vkx1ds43yb1wye0w0b7llbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6i3vkx1ds43yb1wye0w0b7llbd|03|com"; nocase; ) # 8boqb11knfql3bwfqebfwc3id.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8boqb11knfql3bwfqebfwc3id|03|net"; nocase; ) # gbx7r39m50vrb8tzqk1pjwsqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbx7r39m50vrb8tzqk1pjwsqv|03|biz"; nocase; ) # 14vt2cjc687hjvv4xhyrdpsvb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14vt2cjc687hjvv4xhyrdpsvb|03|net"; nocase; ) # tytqw61gvd99fip3181yioiki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tytqw61gvd99fip3181yioiki|03|org"; nocase; ) # 1ehyya31qbcqgx6uc79p1318lrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ehyya31qbcqgx6uc79p1318lrm|03|net"; nocase; ) # 5pfhoo1rgtoc34bre1n1mpmygz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5pfhoo1rgtoc34bre1n1mpmygz|03|biz"; nocase; ) # nbe9oe1gnly0oeyhpsw1yjvxtw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nbe9oe1gnly0oeyhpsw1yjvxtw|03|org"; nocase; ) # 13ddwok1gzim5y13pv3e5d8dr5u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ddwok1gzim5y13pv3e5d8dr5u|03|com"; nocase; ) # 1ds4grf87az4p1omn8cz1ciogtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ds4grf87az4p1omn8cz1ciogtn|03|net"; nocase; ) # 11qss7s1jg7ffg8v42yx1ojtwm6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qss7s1jg7ffg8v42yx1ojtwm6|03|biz"; nocase; ) # 5xd6kw163bebi1chcnjfo4po7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xd6kw163bebi1chcnjfo4po7q|03|net"; nocase; ) # 1obtl311mxpknlwgu5a11glnc4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obtl311mxpknlwgu5a11glnc4n|03|com"; nocase; ) # ppu7qc1vy2zspk4cvie1efde12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ppu7qc1vy2zspk4cvie1efde12|03|net"; nocase; ) # 1jhof6s28fktl5jv4zx13zw04n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhof6s28fktl5jv4zx13zw04n|03|org"; nocase; ) # 264v8w1g25nsg1wh0ed439en64.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|264v8w1g25nsg1wh0ed439en64|03|org"; nocase; ) # 1wis0a2rmulms1058850ke1hcw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wis0a2rmulms1058850ke1hcw|03|com"; nocase; ) # 1ygcfitvavde917h7hr7lv0axf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygcfitvavde917h7hr7lv0axf|03|com"; nocase; ) # 1808cjh16fcmjt1yd18r0vbtrgr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1808cjh16fcmjt1yd18r0vbtrgr|03|biz"; nocase; ) # wb50t11qn7kaegphvmg167w6bf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wb50t11qn7kaegphvmg167w6bf|03|com"; nocase; ) # 11d39s41hw7pbvwkcmlce0hao5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d39s41hw7pbvwkcmlce0hao5|03|biz"; nocase; ) # 1ni0lmp1ukbldlhhxem61reedn4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ni0lmp1ukbldlhhxem61reedn4|03|net"; nocase; ) # l79bms1l4ir61ytpy0k18tpjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l79bms1l4ir61ytpy0k18tpjt|03|net"; nocase; ) # 1t1plsu2xmw91nqsrwx18evk1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1plsu2xmw91nqsrwx18evk1s|03|com"; nocase; ) # 1m76udx4r39j1196sv7o183kydd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m76udx4r39j1196sv7o183kydd|03|net"; nocase; ) # j0710m1i749ipnmhovdcqb3lq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0710m1i749ipnmhovdcqb3lq|03|biz"; nocase; ) # kc33or17huz38x20q1p1vnxsit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kc33or17huz38x20q1p1vnxsit|03|org"; nocase; ) # 151ntli1syz0ilov9mox1ccih7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|151ntli1syz0ilov9mox1ccih7g|03|net"; nocase; ) # klzqrk85n2s0hjng4emca7ic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|klzqrk85n2s0hjng4emca7ic|03|org"; nocase; ) # 1nsvrqt16tvius14ggn6495hpvo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nsvrqt16tvius14ggn6495hpvo|03|biz"; nocase; ) # j6ao5tk9mfgm1jrmmma1fa0xov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j6ao5tk9mfgm1jrmmma1fa0xov|03|org"; nocase; ) # 1b372bk1x6dm1eu7qse71thia0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b372bk1x6dm1eu7qse71thia0m|03|net"; nocase; ) # 1w2i32l1u7ea5g118djjple8j4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w2i32l1u7ea5g118djjple8j4o|03|net"; nocase; ) # 1vo91fdt8dw011oi0jibjl4z2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vo91fdt8dw011oi0jibjl4z2|03|org"; nocase; ) # 1w6btbxgux46w1y435cq18f2eur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6btbxgux46w1y435cq18f2eur|03|net"; nocase; ) # 178o59yalec9k1mbstcr11okugq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178o59yalec9k1mbstcr11okugq|03|net"; nocase; ) # unc6b71v1j2fq128ml391ufp4fb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|unc6b71v1j2fq128ml391ufp4fb|03|biz"; nocase; ) # a9lvod1o4fjzdb278ne1k6pcd9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a9lvod1o4fjzdb278ne1k6pcd9|03|com"; nocase; ) # gkqs3cozis675rka9z13inlzc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gkqs3cozis675rka9z13inlzc|03|biz"; nocase; ) # 138ak351cqjywadablx01wtkhem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|138ak351cqjywadablx01wtkhem|03|net"; nocase; ) # 1sswo0f1trpkmy1cy1ua16hjhis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sswo0f1trpkmy1cy1ua16hjhis|03|net"; nocase; ) # t95ne0g604su1bgz755m01ih4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t95ne0g604su1bgz755m01ih4|03|org"; nocase; ) # 1jjx4101wrkhx8b8tbt1yfdm24.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jjx4101wrkhx8b8tbt1yfdm24|03|org"; nocase; ) # 1m2tn7y13pxkubx01fmk1vv1cjx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2tn7y13pxkubx01fmk1vv1cjx|03|com"; nocase; ) # 17lo8xa1bfwne5r5vngixhyua1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17lo8xa1bfwne5r5vngixhyua1|03|net"; nocase; ) # 12nckabl02y7911972pdiq99hz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12nckabl02y7911972pdiq99hz|03|biz"; nocase; ) # b82gtg5ztbwk174gc0y1fwthou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b82gtg5ztbwk174gc0y1fwthou|03|com"; nocase; ) # vwna0dzy1ftr1jof5cxn8hiux.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vwna0dzy1ftr1jof5cxn8hiux|03|biz"; nocase; ) # 1cfgyv21r563cv1rst9hy1dfyz8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cfgyv21r563cv1rst9hy1dfyz8|03|biz"; nocase; ) # 1yccm5fsh1kgs1lopnlep252iy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yccm5fsh1kgs1lopnlep252iy|03|org"; nocase; ) # 1aab1nm1765ap6ir8ysmyoxcub.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aab1nm1765ap6ir8ysmyoxcub|03|biz"; nocase; ) # 8q35lj448mdv1yc9m7ejcvlza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8q35lj448mdv1yc9m7ejcvlza|03|net"; nocase; ) # 12ldkb1eao32xw8fk7cidtfak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ldkb1eao32xw8fk7cidtfak|03|org"; nocase; ) # 2zywiapkjk9271wvbguzmt8l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2zywiapkjk9271wvbguzmt8l|03|com"; nocase; ) # 1yp2k5g1k0puuy1f9bbr81p77t28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yp2k5g1k0puuy1f9bbr81p77t28|03|com"; nocase; ) # 17i69jkxskpwtpgvbko1u9k0uq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17i69jkxskpwtpgvbko1u9k0uq|03|com"; nocase; ) # 1xwmb4ffp8q1k1e6n0v717eh462.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xwmb4ffp8q1k1e6n0v717eh462|03|net"; nocase; ) # 1b7nn8o7lh62apwibdt4dmkvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b7nn8o7lh62apwibdt4dmkvz|03|com"; nocase; ) # 446n8kubtn5y1s8gsl9pm0scn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|446n8kubtn5y1s8gsl9pm0scn|03|biz"; nocase; ) # 1rcz5vx1y048tx1vxjcxkb4djim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rcz5vx1y048tx1vxjcxkb4djim|03|org"; nocase; ) # 1lw1j8m1ewhzmgi4f08gpfd1ip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lw1j8m1ewhzmgi4f08gpfd1ip|03|org"; nocase; ) # 1l1bhle16pr4eo1iiegp5zkec6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l1bhle16pr4eo1iiegp5zkec6c|03|biz"; nocase; ) # 4hcifqlltglb1q3xwht19t4vo4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4hcifqlltglb1q3xwht19t4vo4|03|com"; nocase; ) # 1g4hcjx1dgnc9uoxu4k7gp3plz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g4hcjx1dgnc9uoxu4k7gp3plz|03|biz"; nocase; ) # shyf8e124lc8jo78imj10ragol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shyf8e124lc8jo78imj10ragol|03|biz"; nocase; ) # xtj3i4311d791goqn17976hf3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtj3i4311d791goqn17976hf3|03|org"; nocase; ) # dwskhh4v8ww19oe0glggpmu3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dwskhh4v8ww19oe0glggpmu3|03|com"; nocase; ) # qd7bluyrzeka1czqj2nwkbiha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qd7bluyrzeka1czqj2nwkbiha|03|com"; nocase; ) # 1yfurkt2yv8t31os7peq178tp4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yfurkt2yv8t31os7peq178tp4i|03|net"; nocase; ) # d75rrlkdylpr162n6cs6ql4ua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d75rrlkdylpr162n6cs6ql4ua|03|org"; nocase; ) # itqxmaah94sa12u7ujv06lgy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itqxmaah94sa12u7ujv06lgy|03|org"; nocase; ) # 1o1lk5x11x9x5kyuiffu1i29n19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o1lk5x11x9x5kyuiffu1i29n19|03|com"; nocase; ) # 7xhoxj1w7wrfgqridkidgs9hu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7xhoxj1w7wrfgqridkidgs9hu|03|org"; nocase; ) # 6rma01t0ezhc1awmj6vdasonn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rma01t0ezhc1awmj6vdasonn|03|com"; nocase; ) # 1hs0e4wycpijs9xiqb49jx5ct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hs0e4wycpijs9xiqb49jx5ct|03|org"; nocase; ) # 1fck093ke9u3zqarv7rz0ly09.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fck093ke9u3zqarv7rz0ly09|03|com"; nocase; ) # h6nys4gdvhwr1t4akgc7z7dr7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h6nys4gdvhwr1t4akgc7z7dr7|03|net"; nocase; ) # zs8po1ozpp82wrc1br71an7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zs8po1ozpp82wrc1br71an7g|03|com"; nocase; ) # 14xugueof99iffosz591khxrf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14xugueof99iffosz591khxrf5|03|net"; nocase; ) # ek1jdjlqms1614s3o3v6k57rg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ek1jdjlqms1614s3o3v6k57rg|03|org"; nocase; ) # 1rviohgy8p4ko1n3rs733szlkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rviohgy8p4ko1n3rs733szlkm|03|com"; nocase; ) # 1qgx65rqg1wgsn9f5kdg0g4om.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qgx65rqg1wgsn9f5kdg0g4om|03|org"; nocase; ) # 1ymulri3hhqxmrh2wob1qgt3ep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ymulri3hhqxmrh2wob1qgt3ep|03|com"; nocase; ) # i5qt6b13ku32lauwtok1u8n89t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5qt6b13ku32lauwtok1u8n89t|03|org"; nocase; ) # xz4d3h1iviqjs1x1z69b3g2t0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xz4d3h1iviqjs1x1z69b3g2t0r|03|net"; nocase; ) # 117s9cwd3wphd7msmaa1hoh8vm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117s9cwd3wphd7msmaa1hoh8vm|03|com"; nocase; ) # 3kdcph795fzsduysm31yb2x7m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3kdcph795fzsduysm31yb2x7m|03|org"; nocase; ) # 1vayivzip1zsiao13991btbhdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vayivzip1zsiao13991btbhdb|03|net"; nocase; ) # 16r4wfw1o9jesm2uq0ms1mzlt8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16r4wfw1o9jesm2uq0ms1mzlt8x|03|net"; nocase; ) # 1fmg0wz54jdl61hlhmp8idvpfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fmg0wz54jdl61hlhmp8idvpfb|03|com"; nocase; ) # lin3j91u61c3ynb01tq1jns5a7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lin3j91u61c3ynb01tq1jns5a7|03|org"; nocase; ) # q8a1d16m0kh6xzblsqthft43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q8a1d16m0kh6xzblsqthft43|03|net"; nocase; ) # 1l8gk2f124stks1gumwfn1fkw8k9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l8gk2f124stks1gumwfn1fkw8k9|03|com"; nocase; ) # 11n4hl71x1zh0313raaywwbcnjy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11n4hl71x1zh0313raaywwbcnjy|03|biz"; nocase; ) # xta5p01cp3v2zvpm2umaext9b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xta5p01cp3v2zvpm2umaext9b|03|net"; nocase; ) # slc2xvg2zlwq1gfira1ld5bit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|slc2xvg2zlwq1gfira1ld5bit|03|net"; nocase; ) # 1k8acfpzwx8txv5azn3rc6ma5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k8acfpzwx8txv5azn3rc6ma5|03|org"; nocase; ) # 10w4lhs1llohfokx8a8217fol7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10w4lhs1llohfokx8a8217fol7c|03|org"; nocase; ) # okaplq134aw4218xatken2ldh7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|okaplq134aw4218xatken2ldh7|03|biz"; nocase; ) # 19sqy1s1g1nb6t1ejmh5dqattrz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19sqy1s1g1nb6t1ejmh5dqattrz|03|org"; nocase; ) # qffuuy7qrfdn1iqp0hc1fx81am.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qffuuy7qrfdn1iqp0hc1fx81am|03|net"; nocase; ) # 1b4mvlx1ym1vb01cxqgqrajel2r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b4mvlx1ym1vb01cxqgqrajel2r|03|com"; nocase; ) # rhn9re19fecsa1b5ysoybf1tb5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rhn9re19fecsa1b5ysoybf1tb5|03|com"; nocase; ) # 1fm7l5q1ihrbrjy66jtr8hfevm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fm7l5q1ihrbrjy66jtr8hfevm|03|net"; nocase; ) # 1d5ky6j1cy9pe7103sa00c7qmtm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5ky6j1cy9pe7103sa00c7qmtm|03|org"; nocase; ) # twf00n15r065f15w5dgsgand1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|twf00n15r065f15w5dgsgand1q|03|net"; nocase; ) # 1di9og2uvgi7q13mp8px1o6ps1h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1di9og2uvgi7q13mp8px1o6ps1h|03|biz"; nocase; ) # 1najwx81fpxz0wgh77yxd88r8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1najwx81fpxz0wgh77yxd88r8h|03|net"; nocase; ) # rkdn51u3v6m2nqr2ol309khp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rkdn51u3v6m2nqr2ol309khp|03|org"; nocase; ) # 1gn91k51lz0mxj1o50uy717yetl5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gn91k51lz0mxj1o50uy717yetl5|03|org"; nocase; ) # 1hs6zk416if5tdaszowknul2p4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hs6zk416if5tdaszowknul2p4|03|org"; nocase; ) # 1zmv071kflag4ze6bsm1amh7em.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1zmv071kflag4ze6bsm1amh7em|03|com"; nocase; ) # 1af47i37o3x9o1oip8cul6vp4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1af47i37o3x9o1oip8cul6vp4b|03|net"; nocase; ) # 1x0gjbd1gagk44llw090c4e7ex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0gjbd1gagk44llw090c4e7ex|03|org"; nocase; ) # vfeab96mm4yr1pmzfsly80op9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vfeab96mm4yr1pmzfsly80op9|03|net"; nocase; ) # 141k2tmfimcndgsqbh3cldkyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|141k2tmfimcndgsqbh3cldkyw|03|com"; nocase; ) # hmy1mo9p7ggqemk41jwyf7vd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hmy1mo9p7ggqemk41jwyf7vd|03|biz"; nocase; ) # 16lrlghslq2551te5zf51b9kkmy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16lrlghslq2551te5zf51b9kkmy|03|biz"; nocase; ) # g599dx1hcpgkn1cyktrml9gwdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g599dx1hcpgkn1cyktrml9gwdg|03|com"; nocase; ) # mi10101649q3ilq6wke1n92ywx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mi10101649q3ilq6wke1n92ywx|03|net"; nocase; ) # 1f7ld0pyq539y9dek8111cmwdv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f7ld0pyq539y9dek8111cmwdv|03|net"; nocase; ) # ufhqag55dpl1sfnbqks4hg01.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ufhqag55dpl1sfnbqks4hg01|03|com"; nocase; ) # 4rj13b1t6ebjxgwy44r1oh1gl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4rj13b1t6ebjxgwy44r1oh1gl9|03|net"; nocase; ) # uwzljyfbz1ey17lep9bhym3af.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uwzljyfbz1ey17lep9bhym3af|03|com"; nocase; ) # 1ok9prf4jaa3v183nni8dlspo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ok9prf4jaa3v183nni8dlspo0|03|net"; nocase; ) # 12kv7tox72dsz117dcvi1v6covq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12kv7tox72dsz117dcvi1v6covq|03|net"; nocase; ) # 1r7vbgo1cl16gr1724v9i1xy603u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r7vbgo1cl16gr1724v9i1xy603u|03|com"; nocase; ) # 16l8l5g1iml3pl1181w4wx3nmet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16l8l5g1iml3pl1181w4wx3nmet|03|biz"; nocase; ) # 8oyob61yvlmij10zb2vemoqz1b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8oyob61yvlmij10zb2vemoqz1b|03|net"; nocase; ) # 1d42xq2dyv4ts1otgggb1kzilwo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d42xq2dyv4ts1otgggb1kzilwo|03|net"; nocase; ) # pvz1mz146me8e19g5sxw7wa2j1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvz1mz146me8e19g5sxw7wa2j1|03|com"; nocase; ) # trh0131x4hpvuv8vcrtpml7sx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|trh0131x4hpvuv8vcrtpml7sx|03|net"; nocase; ) # qn54ptdm3v0cgrcc0xrbt0fi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qn54ptdm3v0cgrcc0xrbt0fi|03|com"; nocase; ) # p2hcas4dee0x1pyqhfgcpa3c8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p2hcas4dee0x1pyqhfgcpa3c8|03|biz"; nocase; ) # 10njbl31727dx319u7tjqme6lvl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10njbl31727dx319u7tjqme6lvl|03|net"; nocase; ) # lftt3i15oj6renz55mb1uf5tr1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lftt3i15oj6renz55mb1uf5tr1|03|org"; nocase; ) # 1ycc0qlc26c8phyqkv8phqwqe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ycc0qlc26c8phyqkv8phqwqe|03|net"; nocase; ) # x765301qw4kpg1sr9y031hk1c7q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x765301qw4kpg1sr9y031hk1c7q|03|org"; nocase; ) # 1ap6jr81tzj0tcyi91t6w2s6tk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ap6jr81tzj0tcyi91t6w2s6tk|03|com"; nocase; ) # 1x8cd8nyp5bztpc8n1c1mxcs8e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8cd8nyp5bztpc8n1c1mxcs8e|03|org"; nocase; ) # 1un0nucvbw5tw192iwk27grsfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1un0nucvbw5tw192iwk27grsfu|03|net"; nocase; ) # qnhthodbmb9e4k6jmjwc4f98.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qnhthodbmb9e4k6jmjwc4f98|03|org"; nocase; ) # ze6lpw8dcfem1v34tps1ef8it3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ze6lpw8dcfem1v34tps1ef8it3|03|com"; nocase; ) # 1hxlsse1ev5ddl12ajlcf1w3lk9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hxlsse1ev5ddl12ajlcf1w3lk9r|03|net"; nocase; ) # ir1iiq80zaat1mnc7fs1w0r5cz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ir1iiq80zaat1mnc7fs1w0r5cz|03|biz"; nocase; ) # 10awllz166o6wak9fokagyg07c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10awllz166o6wak9fokagyg07c|03|biz"; nocase; ) # 1hu6e7jod40wtwt4oblyh9w4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1hu6e7jod40wtwt4oblyh9w4|03|com"; nocase; ) # pphnz01m7rli810txvc21rt2w3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pphnz01m7rli810txvc21rt2w3c|03|net"; nocase; ) # tkzcwz1rjsz98b365hi61pdyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkzcwz1rjsz98b365hi61pdyx|03|com"; nocase; ) # 1atf07h18bkoth1fkdqlofkz2rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1atf07h18bkoth1fkdqlofkz2rd|03|net"; nocase; ) # 1ttpolj26kxmr6csmr21e5d4gb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttpolj26kxmr6csmr21e5d4gb|03|org"; nocase; ) # 1khzj771vnxtgd1cndt21ecgqp9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1khzj771vnxtgd1cndt21ecgqp9|03|net"; nocase; ) # bpuw3412sa3mk8cejrx5xsj8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpuw3412sa3mk8cejrx5xsj8p|03|net"; nocase; ) # 1miaq1f1g3nh1q1ic4vkarka1us.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1miaq1f1g3nh1q1ic4vkarka1us|03|net"; nocase; ) # rl541l1zxqpx1wiixij12xkn68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rl541l1zxqpx1wiixij12xkn68|03|net"; nocase; ) # aw5nx416yb087sr62ql1nkqx8s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aw5nx416yb087sr62ql1nkqx8s|03|biz"; nocase; ) # cnmows1n4xw5e4exxqmk1i96.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cnmows1n4xw5e4exxqmk1i96|03|com"; nocase; ) # 174znt57cv6g41b8khwblszxxa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|174znt57cv6g41b8khwblszxxa|03|biz"; nocase; ) # iof6491hc2q041e3hjfvkb3jdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iof6491hc2q041e3hjfvkb3jdw|03|net"; nocase; ) # ue60a91xkbsk0l8ztcnve9q2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ue60a91xkbsk0l8ztcnve9q2r|03|org"; nocase; ) # i5qfq41lnlvglh2a7as3cli5p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i5qfq41lnlvglh2a7as3cli5p|03|biz"; nocase; ) # o3l6xsnovqx96ntkob10ebj0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3l6xsnovqx96ntkob10ebj0n|03|biz"; nocase; ) # 126nmbp51tgyug8gdk31wk02bd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|126nmbp51tgyug8gdk31wk02bd|03|org"; nocase; ) # 9n07q527pk791fnlf551na7q9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9n07q527pk791fnlf551na7q9i|03|com"; nocase; ) # lgw79ybduz5u1dhg3i81fghrcm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lgw79ybduz5u1dhg3i81fghrcm|03|com"; nocase; ) # 5yj95q2qtdpwnpeqmm9etuo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5yj95q2qtdpwnpeqmm9etuo7|03|net"; nocase; ) # 8a1afj7z77001yagwbg13myl7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8a1afj7z77001yagwbg13myl7i|03|org"; nocase; ) # 7k2drtpmiqoxr6vmluxa29bk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7k2drtpmiqoxr6vmluxa29bk|03|org"; nocase; ) # 6jyctvfqla5l78n051mksdrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6jyctvfqla5l78n051mksdrv|03|net"; nocase; ) # jiihad8rgzk91j66jny1hh1a9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jiihad8rgzk91j66jny1hh1a9e|03|biz"; nocase; ) # 1igzutjdnsj0fg7a8z5idfwsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1igzutjdnsj0fg7a8z5idfwsk|03|org"; nocase; ) # t6fef4o2jv0hhux2ig14py6vx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6fef4o2jv0hhux2ig14py6vx|03|net"; nocase; ) # dktapjik1yix1io3dt98gqavb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dktapjik1yix1io3dt98gqavb|03|net"; nocase; ) # f22tced9bk2v192lcqo1iud0yg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f22tced9bk2v192lcqo1iud0yg|03|org"; nocase; ) # 13566mqugleg41d6h0ry1v3b52f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13566mqugleg41d6h0ry1v3b52f|03|net"; nocase; ) # tiki089ozmml1wa4zom1y6xp57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tiki089ozmml1wa4zom1y6xp57|03|com"; nocase; ) # 1aer66ulq4qdl197zmrw7gvjml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aer66ulq4qdl197zmrw7gvjml|03|com"; nocase; ) # 15ffztx11ub6k1e9qxbxlcd25p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ffztx11ub6k1e9qxbxlcd25p|03|org"; nocase; ) # 1soazjx1grlcm61oqrai22a0htn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1soazjx1grlcm61oqrai22a0htn|03|net"; nocase; ) # zwaiqs171tnyr1klj8ptdywk7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zwaiqs171tnyr1klj8ptdywk7j|03|com"; nocase; ) # 5w2m8k13w8usy1g76z0bhhjcju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5w2m8k13w8usy1g76z0bhhjcju|03|biz"; nocase; ) # mm22hjuapizh10oxahifaxdwb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mm22hjuapizh10oxahifaxdwb|03|com"; nocase; ) # 1fp9k20fuzz1sot87ecxzopxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fp9k20fuzz1sot87ecxzopxr|03|com"; nocase; ) # 1ovnevvsmg21t7q6s0c5vul2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ovnevvsmg21t7q6s0c5vul2h|03|net"; nocase; ) # rcyuxs1ibyt3mivh0041oybmh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rcyuxs1ibyt3mivh0041oybmh5|03|net"; nocase; ) # 1yxav311x4m4po1oh85xiczrmbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxav311x4m4po1oh85xiczrmbq|03|biz"; nocase; ) # 1ftgqrw1v5kl3j1pc4m1y1kq64gm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ftgqrw1v5kl3j1pc4m1y1kq64gm|03|biz"; nocase; ) # 1ulbru61xhbbyl1p4639o1l124vm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ulbru61xhbbyl1p4639o1l124vm|03|com"; nocase; ) # 75780hnk16omy8zax41x7mn1i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|75780hnk16omy8zax41x7mn1i|03|com"; nocase; ) # rvn6i158g4n0gq8h36bj9thz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rvn6i158g4n0gq8h36bj9thz|03|net"; nocase; ) # 1a4x4kcjahrj9zsena462gmby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a4x4kcjahrj9zsena462gmby|03|com"; nocase; ) # 1cooqouebl0eo1qvqr3p1tzhwkq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cooqouebl0eo1qvqr3p1tzhwkq|03|com"; nocase; ) # 9179mmm7xreb14xg9j0xbjjol.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9179mmm7xreb14xg9j0xbjjol|03|net"; nocase; ) # 8irycx1cn4bqnyxudsh1b4b3cb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8irycx1cn4bqnyxudsh1b4b3cb|03|org"; nocase; ) # 140ogny1whk3xc1l0zlwvwkl02p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|140ogny1whk3xc1l0zlwvwkl02p|03|net"; nocase; ) # 4jrqy11ipi30h1o8t33t1oy7mxa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4jrqy11ipi30h1o8t33t1oy7mxa|03|biz"; nocase; ) # tg90ajw6qu271p82q28mgr92f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tg90ajw6qu271p82q28mgr92f|03|com"; nocase; ) # k5frei1l5hi5g13n453k13hoa8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k5frei1l5hi5g13n453k13hoa8s|03|net"; nocase; ) # 10rxkcjs6a0351hzn9k01jbxav1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rxkcjs6a0351hzn9k01jbxav1|03|org"; nocase; ) # 11sfada165bv2l9fhmr4ehcu4h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11sfada165bv2l9fhmr4ehcu4h|03|com"; nocase; ) # wcbdl061mm02fqv1qf1o15rnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wcbdl061mm02fqv1qf1o15rnj|03|net"; nocase; ) # 10blk6r14jnz6aqf9j26lbo42t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10blk6r14jnz6aqf9j26lbo42t|03|org"; nocase; ) # 1d10iaa1wocp4z1d7fvswnvdwc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d10iaa1wocp4z1d7fvswnvdwc2|03|net"; nocase; ) # 1twt7mohzxl2h1ayain71xp8pj5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twt7mohzxl2h1ayain71xp8pj5|03|biz"; nocase; ) # 13fapqcoiz0bb1cacrr5572t3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13fapqcoiz0bb1cacrr5572t3v|03|biz"; nocase; ) # 1w7djtjn4npbozad4r8uj7odi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w7djtjn4npbozad4r8uj7odi|03|org"; nocase; ) # x0vaz1ybnyyjbh5tow1x3zrbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x0vaz1ybnyyjbh5tow1x3zrbi|03|net"; nocase; ) # 1bhcggo1ifvrbdx6ogcr41y8a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bhcggo1ifvrbdx6ogcr41y8a|03|com"; nocase; ) # ly4lzk530wn1f0gcfkb5tmcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ly4lzk530wn1f0gcfkb5tmcm|03|net"; nocase; ) # iomnkd8qtosw10mhr1g16dwf0t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iomnkd8qtosw10mhr1g16dwf0t|03|com"; nocase; ) # 1bf1dx0iyvc5kv0ut3q1gelo5k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bf1dx0iyvc5kv0ut3q1gelo5k|03|net"; nocase; ) # 1x17qcp1wqlpuq1wnh4gk1u85uo3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x17qcp1wqlpuq1wnh4gk1u85uo3|03|biz"; nocase; ) # 70bzdxysxzgvb7q8kf8j5pqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|70bzdxysxzgvb7q8kf8j5pqz|03|net"; nocase; ) # shj61z1fe4iz41nqes4sm2p31v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shj61z1fe4iz41nqes4sm2p31v|03|com"; nocase; ) # pw3cdf1jhw14l73rtix1i37u5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pw3cdf1jhw14l73rtix1i37u5w|03|net"; nocase; ) # 5uiou11y7l47h1cekiz4hialom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5uiou11y7l47h1cekiz4hialom|03|org"; nocase; ) # 1swkytr10vdoi010hm87t1pe7tuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1swkytr10vdoi010hm87t1pe7tuj|03|net"; nocase; ) # 11kc7scvyujjufpq3691xe20qs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11kc7scvyujjufpq3691xe20qs|03|net"; nocase; ) # 1ii1xepidebtl9g4qpy1prf2z6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ii1xepidebtl9g4qpy1prf2z6|03|com"; nocase; ) # 1cjymkdls4ven1f1s2yk1txofa7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjymkdls4ven1f1s2yk1txofa7|03|org"; nocase; ) # mieq0m1phbbndxayetd1v60god.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mieq0m1phbbndxayetd1v60god|03|org"; nocase; ) # 1qdgucu1286ip910wi4ka7saxb9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdgucu1286ip910wi4ka7saxb9|03|com"; nocase; ) # 11ojmgy1p4t3jb1vbp1tst8w18e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ojmgy1p4t3jb1vbp1tst8w18e|03|org"; nocase; ) # 1ut1k3jdax2vu18ja2to1j74t0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ut1k3jdax2vu18ja2to1j74t0d|03|org"; nocase; ) # 1lnphbm8h5oj11s227uu1j6cnl3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lnphbm8h5oj11s227uu1j6cnl3|03|net"; nocase; ) # kue4vf1p0sge7zl6mmr1xo1fd9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kue4vf1p0sge7zl6mmr1xo1fd9|03|biz"; nocase; ) # 3fxb351nds0a21otr7i8zj1iml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3fxb351nds0a21otr7i8zj1iml|03|org"; nocase; ) # 1mnt6gvxg78zp1glumf419bjruf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnt6gvxg78zp1glumf419bjruf|03|biz"; nocase; ) # fe3fy31py0vwhzr04wh8w13tf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fe3fy31py0vwhzr04wh8w13tf|03|org"; nocase; ) # 1148lyjr1mw1112hkoroyklplu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1148lyjr1mw1112hkoroyklplu|03|net"; nocase; ) # w4rtb7umvxud11is01vpv2im0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w4rtb7umvxud11is01vpv2im0|03|com"; nocase; ) # zn9e5sm2fnmf1nfekffdflpfg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn9e5sm2fnmf1nfekffdflpfg|03|biz"; nocase; ) # 4rs3vyx69l4o1gay0kvzgh4oc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rs3vyx69l4o1gay0kvzgh4oc|03|biz"; nocase; ) # 1i6u00i1pixl3gih8gbq18eb1a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i6u00i1pixl3gih8gbq18eb1a|03|org"; nocase; ) # 1a9i8qn1bh6k2g105k0bh15oelsc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a9i8qn1bh6k2g105k0bh15oelsc|03|biz"; nocase; ) # 1lfwykw10ywe3b8zzgfc1onx9n1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lfwykw10ywe3b8zzgfc1onx9n1|03|net"; nocase; ) # twulp419fba6s17nnrof11op19p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|twulp419fba6s17nnrof11op19p|03|net"; nocase; ) # xjq4yjqgs9871ixctix1d2zqgy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xjq4yjqgs9871ixctix1d2zqgy|03|net"; nocase; ) # j9amlu11pc92i57r5iaz19sgz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j9amlu11pc92i57r5iaz19sgz|03|net"; nocase; ) # ewcbi3k9wgx1c81821nvweb7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ewcbi3k9wgx1c81821nvweb7|03|org"; nocase; ) # 1rpxc9q1xn3o2o1vjgrp61xjqtli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rpxc9q1xn3o2o1vjgrp61xjqtli|03|org"; nocase; ) # 3ilrs62wqp6o8av2zu1e3mrbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ilrs62wqp6o8av2zu1e3mrbd|03|org"; nocase; ) # 1vi9p5r1xr1zg4n984w2v17cg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vi9p5r1xr1zg4n984w2v17cg|03|net"; nocase; ) # vizeyv8ing9ucydxvl1o2yndj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vizeyv8ing9ucydxvl1o2yndj|03|org"; nocase; ) # 1xnkwrt1wgzsx239hs5b121bx6c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xnkwrt1wgzsx239hs5b121bx6c|03|org"; nocase; ) # 1jxv4pn9e5dw51np7nzi59520s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jxv4pn9e5dw51np7nzi59520s|03|net"; nocase; ) # 149rh5i1dn8xn21c0d4zffngssf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|149rh5i1dn8xn21c0d4zffngssf|03|com"; nocase; ) # xn80up1szvs7tyf7l48k9zydh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xn80up1szvs7tyf7l48k9zydh|03|net"; nocase; ) # atjbe9e1t7afbd5nexxbs425.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|atjbe9e1t7afbd5nexxbs425|03|biz"; nocase; ) # 1hwnf72vk0v641nfdc321tusa2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwnf72vk0v641nfdc321tusa2d|03|net"; nocase; ) # 6n8ptx1aoj2rwrho63u1qk2qgy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6n8ptx1aoj2rwrho63u1qk2qgy|03|org"; nocase; ) # 1y2lnfl111h3d01be269d1otxs1j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y2lnfl111h3d01be269d1otxs1j|03|biz"; nocase; ) # dqnbjkj59o8bf2g31a1vm2z6p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dqnbjkj59o8bf2g31a1vm2z6p|03|org"; nocase; ) # 14dije61vyue944v4sjn1d6uwml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14dije61vyue944v4sjn1d6uwml|03|net"; nocase; ) # 1bnqnvbim45dxrizpuf18y4yxv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bnqnvbim45dxrizpuf18y4yxv|03|org"; nocase; ) # ejljkp17934d3148wbm111znplp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ejljkp17934d3148wbm111znplp|03|org"; nocase; ) # iplsodxhsesv12zoxgo1vxrl39.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iplsodxhsesv12zoxgo1vxrl39|03|com"; nocase; ) # 1c480rb1jvu9g51prrml4i0rung.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c480rb1jvu9g51prrml4i0rung|03|org"; nocase; ) # 2mz3rnftmr79imyrp213f3hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2mz3rnftmr79imyrp213f3hu|03|com"; nocase; ) # 1wamlp41hjuu9g83am6y1mygvi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wamlp41hjuu9g83am6y1mygvi7|03|net"; nocase; ) # 1ypfvzl1do7aqosjaocf4urcdp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ypfvzl1do7aqosjaocf4urcdp|03|net"; nocase; ) # ov27hea2wp0n4rhzwk134lgy0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ov27hea2wp0n4rhzwk134lgy0|03|net"; nocase; ) # ib8qjpbmlo2j1be0tsdt9o2i7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ib8qjpbmlo2j1be0tsdt9o2i7|03|org"; nocase; ) # r7hnoh1a2nren1558j0u18sm5zd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r7hnoh1a2nren1558j0u18sm5zd|03|org"; nocase; ) # roh0mqninxw5f549bw1oazjuc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|roh0mqninxw5f549bw1oazjuc|03|biz"; nocase; ) # 1375os61jdl44v1oke7x8wk0p6w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1375os61jdl44v1oke7x8wk0p6w|03|com"; nocase; ) # 1ocadvly88x411r4yjw811x6pwo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ocadvly88x411r4yjw811x6pwo|03|com"; nocase; ) # f836d11gcwdp0162vq2s1mxxxv5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f836d11gcwdp0162vq2s1mxxxv5|03|net"; nocase; ) # 1rbefx2hi9h5u94afru1uuhpfd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rbefx2hi9h5u94afru1uuhpfd|03|org"; nocase; ) # 1n624u818webbm1d2v8971varpas.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n624u818webbm1d2v8971varpas|03|org"; nocase; ) # 1qt03utxjev281dcqsem10ah97i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qt03utxjev281dcqsem10ah97i|03|net"; nocase; ) # qgkmd01q4kdf91ivzcgd53rtro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qgkmd01q4kdf91ivzcgd53rtro|03|biz"; nocase; ) # 1fzknlc14z2aaux5ioqsjz1r2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fzknlc14z2aaux5ioqsjz1r2v|03|org"; nocase; ) # 1o4894m12kfzci4h7v1a7z7vhv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o4894m12kfzci4h7v1a7z7vhv|03|org"; nocase; ) # 1grfk9dn2jjtnfgx3691au8tuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1grfk9dn2jjtnfgx3691au8tuz|03|com"; nocase; ) # r82xltvv4xpyqcy804tntw20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r82xltvv4xpyqcy804tntw20|03|org"; nocase; ) # sp7acv5ikagbgcmfsp1ck0ikv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sp7acv5ikagbgcmfsp1ck0ikv|03|net"; nocase; ) # 1fbjtv6teszfy1iv7ozfsin2bn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fbjtv6teszfy1iv7ozfsin2bn|03|net"; nocase; ) # 1gk8di51l59agihy4bp617l2rx1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gk8di51l59agihy4bp617l2rx1|03|com"; nocase; ) # 14e6g6a1c1rj0g1ojd1r1fwwx7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14e6g6a1c1rj0g1ojd1r1fwwx7f|03|net"; nocase; ) # qgo2dt1e6dpei1uwufbm1tdrffx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qgo2dt1e6dpei1uwufbm1tdrffx|03|org"; nocase; ) # 10vf6jn1kwhejw99vhirp9jncu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10vf6jn1kwhejw99vhirp9jncu|03|net"; nocase; ) # gnim6x11t9z3s1czxccl1xh55ew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gnim6x11t9z3s1czxccl1xh55ew|03|com"; nocase; ) # iu3ne019k4yg71acxnkf3fzwo4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iu3ne019k4yg71acxnkf3fzwo4|03|biz"; nocase; ) # s7lpq1o2ccv4nj0hyw1nupcv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s7lpq1o2ccv4nj0hyw1nupcv8|03|com"; nocase; ) # 168wlkk1ew3jqf9yrqtc19ypkrf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|168wlkk1ew3jqf9yrqtc19ypkrf|03|com"; nocase; ) # 6lg6ta1ih02nmp2zer2lz3nxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6lg6ta1ih02nmp2zer2lz3nxq|03|net"; nocase; ) # 1gpbu1y97eeuy34rj51qu56tc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpbu1y97eeuy34rj51qu56tc|03|net"; nocase; ) # 1062l6s7jmfa01n912vv837xzi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1062l6s7jmfa01n912vv837xzi|03|com"; nocase; ) # b9dz7m12hgeezzoedzo1ojvfb3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9dz7m12hgeezzoedzo1ojvfb3|03|biz"; nocase; ) # 1dzpp15h0i72xd96shi8qzze9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dzpp15h0i72xd96shi8qzze9|03|net"; nocase; ) # 5cli2l1n3byanktbmbcf6jxj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5cli2l1n3byanktbmbcf6jxj8|03|com"; nocase; ) # 91mijv1xgw0pj1czfj31tbsvwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|91mijv1xgw0pj1czfj31tbsvwq|03|biz"; nocase; ) # 1ph7toq15favqv1pevprju5n0u9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ph7toq15favqv1pevprju5n0u9|03|com"; nocase; ) # lgqatkpldsck10ebx0r1vyv77o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lgqatkpldsck10ebx0r1vyv77o|03|org"; nocase; ) # f4t35y1khnkrs1bmzz09qxuaxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f4t35y1khnkrs1bmzz09qxuaxx|03|net"; nocase; ) # 1pj3pmuxvy62e1o00my1gpalg6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pj3pmuxvy62e1o00my1gpalg6|03|biz"; nocase; ) # 3kj50c1vg7q4v1mks1ak95tlf7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3kj50c1vg7q4v1mks1ak95tlf7|03|net"; nocase; ) # ndpx6c1uvq8ee1c3272vm55bqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ndpx6c1uvq8ee1c3272vm55bqc|03|net"; nocase; ) # 1kx1ee1fmlje1ogamhm8wm7y4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kx1ee1fmlje1ogamhm8wm7y4|03|com"; nocase; ) # 1lza1rkhmbnde84prl7dyt65c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lza1rkhmbnde84prl7dyt65c|03|biz"; nocase; ) # 15nov9c11gfxj514e0dcc1ap66u3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15nov9c11gfxj514e0dcc1ap66u3|03|com"; nocase; ) # 1faj7wcoavcgd1oz9lip18kajat.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1faj7wcoavcgd1oz9lip18kajat|03|org"; nocase; ) # g0o5w1xu46vy1h39sov10ngnd7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g0o5w1xu46vy1h39sov10ngnd7|03|com"; nocase; ) # g8dq601mwhw3ny3qeda1onp6h4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g8dq601mwhw3ny3qeda1onp6h4|03|net"; nocase; ) # g7i2ul1fhykxmutoi3l1eg0o1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g7i2ul1fhykxmutoi3l1eg0o1y|03|com"; nocase; ) # 11fdm0618m6mrdscrezv1owifpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11fdm0618m6mrdscrezv1owifpx|03|biz"; nocase; ) # eas529mf47ve1jgluhb1p1vu5h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eas529mf47ve1jgluhb1p1vu5h|03|biz"; nocase; ) # 1vc8awi1kztiqkmgw6aide0i3g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vc8awi1kztiqkmgw6aide0i3g|03|net"; nocase; ) # 1oz8kjpzv4zoo1xms42o1lr5h93.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oz8kjpzv4zoo1xms42o1lr5h93|03|biz"; nocase; ) # uebl30522t9v1061myqaq24ye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uebl30522t9v1061myqaq24ye|03|net"; nocase; ) # hhadfnulaybirrp36u1gigtm6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hhadfnulaybirrp36u1gigtm6|03|biz"; nocase; ) # 1pfg2ee1hjn782alti9m10e6b3v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pfg2ee1hjn782alti9m10e6b3v|03|com"; nocase; ) # 15rkmbt5rs0abw24kstgk161s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15rkmbt5rs0abw24kstgk161s|03|org"; nocase; ) # kj9cmdh4y8mv1g389mt1tludgv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kj9cmdh4y8mv1g389mt1tludgv|03|org"; nocase; ) # 1rkr4a01iersepdmvd0m1xrnzux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkr4a01iersepdmvd0m1xrnzux|03|net"; nocase; ) # 9nkpqz1nzi3bn14u2r041dk41t8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9nkpqz1nzi3bn14u2r041dk41t8|03|org"; nocase; ) # 1fpk5bfdyjn8g1wis44u1um9jur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fpk5bfdyjn8g1wis44u1um9jur|03|net"; nocase; ) # tyyi7t1r3pbr1ylbkmbuf30u1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tyyi7t1r3pbr1ylbkmbuf30u1|03|com"; nocase; ) # 1hiwxht1me0cvhmohvmw14qxsv1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hiwxht1me0cvhmohvmw14qxsv1|03|org"; nocase; ) # lqe334177h08d14afwb01gulzu4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lqe334177h08d14afwb01gulzu4|03|biz"; nocase; ) # a20k161668t8qvnlef31cc5axf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a20k161668t8qvnlef31cc5axf|03|net"; nocase; ) # 10hmnt51yy02k51j6rnwjd4wsx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10hmnt51yy02k51j6rnwjd4wsx|03|biz"; nocase; ) # 17van1s1451ktlvfw6q13422e6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17van1s1451ktlvfw6q13422e6|03|com"; nocase; ) # ejnueoomukedrwtl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008489; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ejnueoomukedrwtl|02|eu"; nocase; ) # xptrocsmrcwnquhs.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008490; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xptrocsmrcwnquhs|02|eu"; nocase; ) # xllfwefnxgnhiyef.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008491; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xllfwefnxgnhiyef|02|eu"; nocase; ) # xsebifffvuojbryr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008492; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xsebifffvuojbryr|02|eu"; nocase; ) # ltfjbayhuqxlamqe.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008493; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ltfjbayhuqxlamqe|02|eu"; nocase; ) # fnyglnphriqjmkel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008494; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fnyglnphriqjmkel|02|eu"; nocase; ) # furcwbpycwrlfdyx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008495; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|furcwbpycwrlfdyx|02|eu"; nocase; ) # yloeyfsvniqhudle.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008496; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yloeyfsvniqhudle|02|eu"; nocase; ) # yshakgsnlwrjnvsq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008497; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yshakgsnlwrjnvsq|02|eu"; nocase; ) # siskpvvbosbbrxdk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008498; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|siskpvvbosbbrxdk|02|eu"; nocase; ) # splgbwvsytcdkqxw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008499; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|splgbwvsytcdkqxw|02|eu"; nocase; ) # sekxkxicuwrhvoaw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008500; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|sekxkxicuwrhvoaw|02|eu"; nocase; ) # sonpcouyvqxfyqyi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008501; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|sonpcouyvqxfyqyi|02|eu"; nocase; ) # mpavxplqqwrfeuhp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008502; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mpavxplqqwrfeuhp|02|eu"; nocase; ) # meyauelamauwpsjc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008503; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|meyauelamauwpsjc|02|eu"; nocase; ) # tvjkpdimwhpuebbu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008504; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tvjkpdimwhpuebbu|02|eu"; nocase; ) # a0a64c164a99dab3f634ba94baf203dc38.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0a64c164a99dab3f634ba94baf203dc38|02|cc"; nocase; ) # t22a1e7d2bb04c9278de40f3eb85548391.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t22a1e7d2bb04c9278de40f3eb85548391|02|in"; nocase; ) # b093f33deb2922cec00c58744a0c3b964c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b093f33deb2922cec00c58744a0c3b964c|02|in"; nocase; ) # d63ca3d548ad38cc58de22a2bcadacbc4e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d63ca3d548ad38cc58de22a2bcadacbc4e|02|cn"; nocase; ) # i1ab2f86ab028f13d3f2f2b95549b528af.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i1ab2f86ab028f13d3f2f2b95549b528af|02|to"; nocase; ) # j74a3f79028a28e42aa52da81df09358ad.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j74a3f79028a28e42aa52da81df09358ad|02|in"; nocase; ) # l992b3322ac5bd9e0e285242bfa682f9b7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l992b3322ac5bd9e0e285242bfa682f9b7|02|cn"; nocase; ) # m0ff5262be28a1cba854950263eda8adbc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0ff5262be28a1cba854950263eda8adbc|02|tk"; nocase; ) # r7afab7cdfb92abcced2693d44f36eda6a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r7afab7cdfb92abcced2693d44f36eda6a|02|in"; nocase; ) # bce8b9a2d98fa9ea6de9bf47cd4c2a3bcc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bce8b9a2d98fa9ea6de9bf47cd4c2a3bcc|02|cn"; nocase; ) # c5df99d7bc74e9db4acd575a5470a07441.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c5df99d7bc74e9db4acd575a5470a07441|02|tk"; nocase; ) # he5e109a5e83a9787143cc811cc34dcd0a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|he5e109a5e83a9787143cc811cc34dcd0a|02|in"; nocase; ) # nbb01b78f77ca45e081ffca0f182f4a4e3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nbb01b78f77ca45e081ffca0f182f4a4e3|02|ws"; nocase; ) # rd239479619c13a1a6b279a06706b43324.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rd239479619c13a1a6b279a06706b43324|02|cn"; nocase; ) # de35598368e713741f325ee78a45981a2e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de35598368e713741f325ee78a45981a2e|02|ws"; nocase; ) # q5750ca7265ebcab88dfdade3ae6b2192e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5750ca7265ebcab88dfdade3ae6b2192e|02|tk"; nocase; ) # x1b8c9303833ce4b2fe58afcf71fcb69a0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1b8c9303833ce4b2fe58afcf71fcb69a0|02|cn"; nocase; ) # a0fd99acb0e197c0116da5a6cccb0888b9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0fd99acb0e197c0116da5a6cccb0888b9|02|cc"; nocase; ) # q6f90630657eb0ae30dcbfb5f52245359f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q6f90630657eb0ae30dcbfb5f52245359f|02|cc"; nocase; ) # tbdcba69c0aceaf29fbda921cf24bde4ab.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tbdcba69c0aceaf29fbda921cf24bde4ab|02|in"; nocase; ) # gc3355413818707cfb659caa43b0a560f8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc3355413818707cfb659caa43b0a560f8|02|cc"; nocase; ) # qea03b8c9349094ef362fb34d1feed772b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qea03b8c9349094ef362fb34d1feed772b|02|to"; nocase; ) # t222c56d87ebf3bc596c800d75a09d0a36.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t222c56d87ebf3bc596c800d75a09d0a36|02|cn"; nocase; ) # waa8741c6a82f3203aba524a6b7d9b742b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|waa8741c6a82f3203aba524a6b7d9b742b|02|cc"; nocase; ) # cd30cae40657eca40e1588caee8f1f4e93.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd30cae40657eca40e1588caee8f1f4e93|02|tk"; nocase; ) # e982e14b045e5b4b0702568b3bd6a51e46.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e982e14b045e5b4b0702568b3bd6a51e46|02|cc"; nocase; ) # ge6fe15854f8659afa80a347871fa9cce8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge6fe15854f8659afa80a347871fa9cce8|02|to"; nocase; ) # nbb2ecf7852892d7eb64af1fe147486f18.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nbb2ecf7852892d7eb64af1fe147486f18|02|ws"; nocase; ) # o39070a51574bd7e5d2630acca1efcbee7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o39070a51574bd7e5d2630acca1efcbee7|02|to"; nocase; ) # rf52386fa086feb3742280c1d0370d04b7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf52386fa086feb3742280c1d0370d04b7|02|cn"; nocase; ) # s0a166b07363d0480b693f794eca5b0e15.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0a166b07363d0480b693f794eca5b0e15|02|tk"; nocase; ) # uce54060d775e2b7d579c962e3ea930efd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uce54060d775e2b7d579c962e3ea930efd|02|cc"; nocase; ) # a1c58415d928b016e06ce392acbf68e436.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1c58415d928b016e06ce392acbf68e436|02|tk"; nocase; ) # df39b3018c5cc2849ddebf1d418995dab5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df39b3018c5cc2849ddebf1d418995dab5|02|ws"; nocase; ) # f2746ae7068e39a6a279f60680450b4ce7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2746ae7068e39a6a279f60680450b4ce7|02|in"; nocase; ) # o9cfd08c9e9cba44b3d62e30336513673a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9cfd08c9e9cba44b3d62e30336513673a|02|hk"; nocase; ) # rc4d149c9644499b15f14bbf2339635715.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc4d149c9644499b15f14bbf2339635715|02|so"; nocase; ) # h21ae2252c5aadefbd2f066c585a46458b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h21ae2252c5aadefbd2f066c585a46458b|02|so"; nocase; ) # j1afaf0abd7e995351e37824d444963e47.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1afaf0abd7e995351e37824d444963e47|02|ws"; nocase; ) # ke1f9ed8b6a1c8eab65bfc6834977d8873.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke1f9ed8b6a1c8eab65bfc6834977d8873|02|to"; nocase; ) # o1916added6f728f1168fed79998d88ad7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1916added6f728f1168fed79998d88ad7|02|tk"; nocase; ) # rf71e1288f13da111f279128635aced202.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf71e1288f13da111f279128635aced202|02|ws"; nocase; ) # vf667f8700e332c77afcacf516eb06df32.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vf667f8700e332c77afcacf516eb06df32|02|cn"; nocase; ) # x43ed541dca2880fe656d23bef7ae925dc.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x43ed541dca2880fe656d23bef7ae925dc|02|so"; nocase; ) # m037c8dc9bf65ceb769390b6bc5b4fc7a0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m037c8dc9bf65ceb769390b6bc5b4fc7a0|02|tk"; nocase; ) # cf82f3807c9436e7d387dc7838fe31665d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cf82f3807c9436e7d387dc7838fe31665d|02|tk"; nocase; ) # n7964412ec03ad216203f0ad06f4229533.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7964412ec03ad216203f0ad06f4229533|02|ws"; nocase; ) # p558328d5dc77d7dd8b909cd2440e6946e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p558328d5dc77d7dd8b909cd2440e6946e|02|in"; nocase; ) # b52e836ea4de9889dc6d54ea339ef2d6a3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b52e836ea4de9889dc6d54ea339ef2d6a3|02|so"; nocase; ) # ef8f495345a227f1555f5fa5a2f4ca4f8d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef8f495345a227f1555f5fa5a2f4ca4f8d|02|to"; nocase; ) # gd278de6f7e42ebd08c5d7a2b47ee8c6b3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd278de6f7e42ebd08c5d7a2b47ee8c6b3|02|hk"; nocase; ) # i61dc82ce80ebba15a938b0dfb962135fa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i61dc82ce80ebba15a938b0dfb962135fa|02|tk"; nocase; ) # kcd85bb4a51469d512b1ee4481218e5991.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kcd85bb4a51469d512b1ee4481218e5991|02|cc"; nocase; ) # mf9b5dd6290cea99fce653c935cc6ada2b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf9b5dd6290cea99fce653c935cc6ada2b|02|to"; nocase; ) # qb8b3a4fc6d6a4c25776e1d1cca10c62db.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb8b3a4fc6d6a4c25776e1d1cca10c62db|02|tk"; nocase; ) # sac40795b979d55faf5fe3ea731d76927f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sac40795b979d55faf5fe3ea731d76927f|02|cc"; nocase; ) # a8e64040b94141d7f11cc5a03368b22a9f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8e64040b94141d7f11cc5a03368b22a9f|02|cc"; nocase; ) # e4dcefaa9103171f4375fe0874759ba989.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e4dcefaa9103171f4375fe0874759ba989|02|hk"; nocase; ) # gd699a6a026406a74994243a48aaa08704.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd699a6a026406a74994243a48aaa08704|02|tk"; nocase; ) # mc94e2e9c560b86bfa79af76462a572437.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc94e2e9c560b86bfa79af76462a572437|02|hk"; nocase; ) # nfa0ea378d145eb292eb281762a58742cc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfa0ea378d145eb292eb281762a58742cc|02|cn"; nocase; ) # t7bfe5c73df189ca1855f4c974815bba70.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t7bfe5c73df189ca1855f4c974815bba70|02|in"; nocase; ) # vd0d6cd205eae4ce77ebcbdf7da32ffc6c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd0d6cd205eae4ce77ebcbdf7da32ffc6c|02|cn"; nocase; ) # b22a340831708bd7bb252a083909e0e7d6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b22a340831708bd7bb252a083909e0e7d6|02|in"; nocase; ) # ea764448348b2a4c09409669d47518121a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea764448348b2a4c09409669d47518121a|02|tk"; nocase; ) # o7ac961942f633e373ed8e22efcd009237.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o7ac961942f633e373ed8e22efcd009237|02|cc"; nocase; ) # w0c18e3f144921ce986e16480946a0fd74.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w0c18e3f144921ce986e16480946a0fd74|02|cc"; nocase; ) # f2059df6891f4b7102a7c6723479c5c34e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2059df6891f4b7102a7c6723479c5c34e|02|ws"; nocase; ) # i76117dcc24625eb9481f50b7a642aaaf4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i76117dcc24625eb9481f50b7a642aaaf4|02|hk"; nocase; ) # b16dfef437c1940c8cdb4a27139c80d582.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b16dfef437c1940c8cdb4a27139c80d582|02|so"; nocase; ) # c549bf0ea8893faa3c824f4709f3908c38.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c549bf0ea8893faa3c824f4709f3908c38|02|cc"; nocase; ) # dd2bfa2b7a85a4f20c207ac622af392fd5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd2bfa2b7a85a4f20c207ac622af392fd5|02|ws"; nocase; ) # me54f648c1a431dd8e64dcdd59ca5d4e73.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me54f648c1a431dd8e64dcdd59ca5d4e73|02|to"; nocase; ) # p01f23a7e7b204c8a5cbaeacc8adb87e5f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p01f23a7e7b204c8a5cbaeacc8adb87e5f|02|cn"; nocase; ) # v2df52e7756cca24783c97b1ba424f5011.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2df52e7756cca24783c97b1ba424f5011|02|in"; nocase; ) # z8f69a3c039029bc78627c875a405baf11.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z8f69a3c039029bc78627c875a405baf11|02|so"; nocase; ) # s5805d289105f96ae56d6c5f31e71be217.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s5805d289105f96ae56d6c5f31e71be217|02|to"; nocase; ) # u20349513dabfa0565ed10d4152007c626.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u20349513dabfa0565ed10d4152007c626|02|hk"; nocase; ) # w38c4499864cfeda2cbf69e22adee38bee.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w38c4499864cfeda2cbf69e22adee38bee|02|tk"; nocase; ) # mee12e4a144c32f48968a1480a4abc7f9b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mee12e4a144c32f48968a1480a4abc7f9b|02|tk"; nocase; ) # y6ea113cf1423d608eada490421f739d29.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y6ea113cf1423d608eada490421f739d29|02|to"; nocase; ) # zed111959accc98cf63116da32eb93c7f4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zed111959accc98cf63116da32eb93c7f4|02|in"; nocase; ) # dae815b4432c2a753b08119bf978c204bf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dae815b4432c2a753b08119bf978c204bf|02|so"; nocase; ) # e1a7dde8359e015b55d056e8edd80663b8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1a7dde8359e015b55d056e8edd80663b8|02|cc"; nocase; ) # p141810b1ea492e558152de10b44c21b04.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p141810b1ea492e558152de10b44c21b04|02|in"; nocase; ) # r12d3ba7fcd04ba6e82aa4df945d3be471.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r12d3ba7fcd04ba6e82aa4df945d3be471|02|cn"; nocase; ) # u86a9c8d03ad49cafa1420d47ac177944a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u86a9c8d03ad49cafa1420d47ac177944a|02|cc"; nocase; ) # x1a1ed66f022b2d7e7456b3282381070cb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1a1ed66f022b2d7e7456b3282381070cb|02|in"; nocase; ) # y4b848847d644648e4bab486bdad86efd9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4b848847d644648e4bab486bdad86efd9|02|hk"; nocase; ) # b4697194da006699054e3b0b6502d3ea47.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b4697194da006699054e3b0b6502d3ea47|02|so"; nocase; ) # dff6b55f759110cb56c7e76abebee76995.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dff6b55f759110cb56c7e76abebee76995|02|ws"; nocase; ) # kc825ac1a71dc8b29702f3f975d415ce4a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kc825ac1a71dc8b29702f3f975d415ce4a|02|cc"; nocase; ) # l2d6a1ceca6daeaff4c2c6e2109ddf4914.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l2d6a1ceca6daeaff4c2c6e2109ddf4914|02|ws"; nocase; ) # od5b14c2aece0344678ce9f1c207e44e11.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od5b14c2aece0344678ce9f1c207e44e11|02|hk"; nocase; ) # cc0f1d868f822905061c0b082535ad39d0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc0f1d868f822905061c0b082535ad39d0|02|to"; nocase; ) # g59dbbb036a500cd7a777e14380dcf3190.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g59dbbb036a500cd7a777e14380dcf3190|02|tk"; nocase; ) # m9c7efbdaea1a16eed5f0de8c4fa0b2955.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m9c7efbdaea1a16eed5f0de8c4fa0b2955|02|hk"; nocase; ) # u8095253d2f7f8d3868a42060c8773d854.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8095253d2f7f8d3868a42060c8773d854|02|hk"; nocase; ) # ge239294268d307623c09202b095e79f59.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge239294268d307623c09202b095e79f59|02|cc"; nocase; ) # m6d48d849f0c50a9ac6b28ef203eddc795.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m6d48d849f0c50a9ac6b28ef203eddc795|02|tk"; nocase; ) # x9c162d73bf1f4f6b6bf52369dcc8aa313.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9c162d73bf1f4f6b6bf52369dcc8aa313|02|ws"; nocase; ) # a88e075765a3d245ee464ceb1eb4fe18e0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a88e075765a3d245ee464ceb1eb4fe18e0|02|hk"; nocase; ) # b076be23239ce42fe37957e2e75ec48c42.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b076be23239ce42fe37957e2e75ec48c42|02|cn"; nocase; ) # f91ed8154574177223431c3d6233052ab3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008608; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f91ed8154574177223431c3d6233052ab3|02|ws"; nocase; ) # s6e1b459c770ae5ff54e2be034cc507aa5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008609; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s6e1b459c770ae5ff54e2be034cc507aa5|02|tk"; nocase; ) # v7804e7439ca638e65c8ab173de0b071f7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008610; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7804e7439ca638e65c8ab173de0b071f7|02|ws"; nocase; ) # gdd32532faa54e540636861ce6eb5f5299.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008611; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gdd32532faa54e540636861ce6eb5f5299|02|hk"; nocase; ) # m032acced8dbbbf7f90fb2a025d4c02dca.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008612; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m032acced8dbbbf7f90fb2a025d4c02dca|02|to"; nocase; ) # w7edf473e2366f6aff31485fe35269d013.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008613; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w7edf473e2366f6aff31485fe35269d013|02|hk"; nocase; ) # y52670b3091ab80a07936cc3e362ae3299.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008614; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y52670b3091ab80a07936cc3e362ae3299|02|tk"; nocase; ) # z90800ea2c932d245d78d99585148e3a80.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008615; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z90800ea2c932d245d78d99585148e3a80|02|so"; nocase; ) # a830aa94bd8bcba30f2d9a50042e574b37.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008616; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a830aa94bd8bcba30f2d9a50042e574b37|02|cc"; nocase; ) # g58347bdcae9f1f506d9f208a725278ae7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008617; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g58347bdcae9f1f506d9f208a725278ae7|02|tk"; nocase; ) # id68be80dbbaf9cbd1d752b0df03f630f8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008618; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id68be80dbbaf9cbd1d752b0df03f630f8|02|cc"; nocase; ) # q0ec8be8f1f4aaf6d2a79ed709918ae056.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008619; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q0ec8be8f1f4aaf6d2a79ed709918ae056|02|cc"; nocase; ) # rb33b13d492cd4977b73b5e70afb047587.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008620; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb33b13d492cd4977b73b5e70afb047587|02|ws"; nocase; ) # va0294dd4f6fbcb46add09a8db01662164.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008621; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va0294dd4f6fbcb46add09a8db01662164|02|cn"; nocase; ) # wd87c61b902cbb62f00a76b6d90362da44.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008622; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd87c61b902cbb62f00a76b6d90362da44|02|tk"; nocase; ) # j5e534b09736e198ef6e7a0db94c621f1a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008623; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5e534b09736e198ef6e7a0db94c621f1a|02|in"; nocase; ) # rf49ff5989dcfc5e534cc0df020781a3a8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008624; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf49ff5989dcfc5e534cc0df020781a3a8|02|in"; nocase; ) # w221eb52172609192b92ebb89ba1a23712.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008625; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w221eb52172609192b92ebb89ba1a23712|02|cc"; nocase; ) # d63dc0db4c402a15913f8016df4d95ce35.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008626; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d63dc0db4c402a15913f8016df4d95ce35|02|so"; nocase; ) # j1d851933c2844540e7b570b9fee328712.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008627; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1d851933c2844540e7b570b9fee328712|02|cn"; nocase; ) # z80a81e2df2bc7159af13de17f5f1afd58.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008628; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z80a81e2df2bc7159af13de17f5f1afd58|02|cn"; nocase; ) # be7a1c3ccd5e1060c85b15776aa0597d2f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008629; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be7a1c3ccd5e1060c85b15776aa0597d2f|02|so"; nocase; ) # h3ac81a4b5a7f39b8a37dfc9a857a59ee8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008630; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3ac81a4b5a7f39b8a37dfc9a857a59ee8|02|cn"; nocase; ) # qb8958648e0d551ebab0f48fd4b447cf12.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008631; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb8958648e0d551ebab0f48fd4b447cf12|02|tk"; nocase; ) # v28ca71c57d1bddb3708a938e8b24d299f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008632; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v28ca71c57d1bddb3708a938e8b24d299f|02|in"; nocase; ) # z0a035949264a554271142e50def466875.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008633; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z0a035949264a554271142e50def466875|02|so"; nocase; ) # cfd7309b24d0c1566870c901f89cd521b6.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008634; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cfd7309b24d0c1566870c901f89cd521b6|02|to"; nocase; ) # e20b5cd6465cb3f5534450ead5090880de.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008635; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e20b5cd6465cb3f5534450ead5090880de|02|hk"; nocase; ) # i3953e13328821824326690a08240efb38.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008636; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3953e13328821824326690a08240efb38|02|cc"; nocase; ) # vaf383bfc5bbc32887fe7c5b9055a5cbeb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008637; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vaf383bfc5bbc32887fe7c5b9055a5cbeb|02|cn"; nocase; ) # d7813d14ac55abeb877343f5d710435287.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008638; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d7813d14ac55abeb877343f5d710435287|02|cn"; nocase; ) # v2b1931803a70d91044997858ea839b41f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008639; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2b1931803a70d91044997858ea839b41f|02|so"; nocase; ) # wd602a2572cf4a6bf0d951ec28c9522cbe.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008640; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd602a2572cf4a6bf0d951ec28c9522cbe|02|cc"; nocase; ) # x6fdb8f1e4bb37969b79a26fbd3f204d12.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6fdb8f1e4bb37969b79a26fbd3f204d12|02|ws"; nocase; ) # a0dfdcaa764114bcd90c5d64ca8793128d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0dfdcaa764114bcd90c5d64ca8793128d|02|hk"; nocase; ) # e279ff26ca4757548d98d050b1d8f83366.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e279ff26ca4757548d98d050b1d8f83366|02|cc"; nocase; ) # j0a0ec42a7bbcd856b2bb5a1ef9f317e1a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0a0ec42a7bbcd856b2bb5a1ef9f317e1a|02|cn"; nocase; ) # md6383031257c2ef42bbf5882387f28faa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md6383031257c2ef42bbf5882387f28faa|02|cc"; nocase; ) # t3dfd3c5131b5b21f44d136bd7ec1f1a3b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t3dfd3c5131b5b21f44d136bd7ec1f1a3b|02|so"; nocase; ) # z4ade641d860ceb52cc46d486f4514cfa7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z4ade641d860ceb52cc46d486f4514cfa7|02|cn"; nocase; ) # d369c06baa167366cf643e6f077ee582c2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d369c06baa167366cf643e6f077ee582c2|02|ws"; nocase; ) # g07659093bec61ef5188b0203a45eed5f8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g07659093bec61ef5188b0203a45eed5f8|02|hk"; nocase; ) # xd029d2b6ac84a52b27cbc8895ab20936a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd029d2b6ac84a52b27cbc8895ab20936a|02|cn"; nocase; ) # b62c3d8a6957034352fe1ef207fcbd5ee7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b62c3d8a6957034352fe1ef207fcbd5ee7|02|ws"; nocase; ) # f1b224874276fb3dd72d4e7509c661975e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1b224874276fb3dd72d4e7509c661975e|02|cn"; nocase; ) # g57d5c3845ca668509d6a3e27e94acea0b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g57d5c3845ca668509d6a3e27e94acea0b|02|tk"; nocase; ) # hf50ae8635ea2154db787b43ae5c51e873.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf50ae8635ea2154db787b43ae5c51e873|02|so"; nocase; ) # j22464ac520bcd249b62c72eac365914e2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j22464ac520bcd249b62c72eac365914e2|02|ws"; nocase; ) # k46b348c2a12379d6d39d6ecc15f93fe28.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k46b348c2a12379d6d39d6ecc15f93fe28|02|to"; nocase; ) # a64a60fb4c30753d55cc157e7fdae7da4d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a64a60fb4c30753d55cc157e7fdae7da4d|02|to"; nocase; ) # hd561d5295fecc41e0ddcaa79bab7b6781.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd561d5295fecc41e0ddcaa79bab7b6781|02|ws"; nocase; ) # k76722c8d7229cfb0afa443d7ab71073e5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k76722c8d7229cfb0afa443d7ab71073e5|02|hk"; nocase; ) # lfacb89c8b38e3c04742d91fbe9f57e26a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lfacb89c8b38e3c04742d91fbe9f57e26a|02|cn"; nocase; ) # n24e5ccb706fb4a8cbe4d9023c0ec99d16.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n24e5ccb706fb4a8cbe4d9023c0ec99d16|02|so"; nocase; ) # ofac98eee63f5cabde4e516428ad111847.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ofac98eee63f5cabde4e516428ad111847|02|cc"; nocase; ) # uebc8f3b739ef97bc89c26d6a4e1a9742e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uebc8f3b739ef97bc89c26d6a4e1a9742e|02|tk"; nocase; ) # w24a46fe8e18a7bfe843b956ef84dcc4cd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w24a46fe8e18a7bfe843b956ef84dcc4cd|02|cc"; nocase; ) # x6fc9848d4367b5dfccf3d8d8e557fca81.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6fc9848d4367b5dfccf3d8d8e557fca81|02|ws"; nocase; ) # o2df21aa13561d467e8045e391dbe1e59c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2df21aa13561d467e8045e391dbe1e59c|02|to"; nocase; ) # q5df57b8a91f9e8e38beeca08c5864925c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5df57b8a91f9e8e38beeca08c5864925c|02|hk"; nocase; ) # y3f86d52d76ef76e4cabfc0ee552baa62b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3f86d52d76ef76e4cabfc0ee552baa62b|02|hk"; nocase; ) # l997e0c8280252a1588ab1055188f0cd09.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l997e0c8280252a1588ab1055188f0cd09|02|ws"; nocase; ) # n71ac96a83db162cca7a575db940c44d22.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n71ac96a83db162cca7a575db940c44d22|02|in"; nocase; ) # s1422382f926894400c37f00eb9a8ba58a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008671; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s1422382f926894400c37f00eb9a8ba58a|02|cc"; nocase; ) # y84b8d14f2d3cdbec9bc7e5e7180e84397.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008672; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y84b8d14f2d3cdbec9bc7e5e7180e84397|02|tk"; nocase; ) # ca7c947367b67bcb4ffff74a8eb94331e2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008673; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca7c947367b67bcb4ffff74a8eb94331e2|02|to"; nocase; ) # f25fee3e767315600a8500d8907aa7662d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008674; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f25fee3e767315600a8500d8907aa7662d|02|cn"; nocase; ) # id07870a071b399c2952f9ca59d55a757d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008675; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id07870a071b399c2952f9ca59d55a757d|02|cc"; nocase; ) # j5cfa82e046b96858f3d01bc8e67352be4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008676; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5cfa82e046b96858f3d01bc8e67352be4|02|ws"; nocase; ) # oe87bcd131c62f1e368eec4de77ed8ea67.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008677; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe87bcd131c62f1e368eec4de77ed8ea67|02|tk"; nocase; ) # u562deba190ff46bfeffbd15ee19ad5bf7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008678; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u562deba190ff46bfeffbd15ee19ad5bf7|02|hk"; nocase; ) # d14e8f2dfbffec15869fbf4bcbf07cab85.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008679; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d14e8f2dfbffec15869fbf4bcbf07cab85|02|cn"; nocase; ) # g35412fb9e633d62520b32487ca72cd82c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008680; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g35412fb9e633d62520b32487ca72cd82c|02|cc"; nocase; ) # h3bd889665045c2400f69b6f9dd63e616c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008681; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3bd889665045c2400f69b6f9dd63e616c|02|ws"; nocase; ) # jb1276fdb778f00c54b35375478cdbf0a5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008682; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jb1276fdb778f00c54b35375478cdbf0a5|02|in"; nocase; ) # o1291dadb904fc9e7d9a821a950646e8f7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008683; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1291dadb904fc9e7d9a821a950646e8f7|02|cc"; nocase; ) # rcd3715f6ab26d0be454285ee736e3ffba.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008684; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rcd3715f6ab26d0be454285ee736e3ffba|02|in"; nocase; ) # s9f953ac6d86a2a62cbbad1c4c0add6e56.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008685; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9f953ac6d86a2a62cbbad1c4c0add6e56|02|hk"; nocase; ) # c904ee816e4820ab788959df4a1b8e27e9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008686; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c904ee816e4820ab788959df4a1b8e27e9|02|tk"; nocase; ) # g290a5482aed6643be4d6d37f5b0576759.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008687; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g290a5482aed6643be4d6d37f5b0576759|02|to"; nocase; ) # h415a4765d1d59a51b4c14465f80068f42.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008688; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h415a4765d1d59a51b4c14465f80068f42|02|in"; nocase; ) # k5d45316bdeb8e4abe60d0ea7f8b23d2ff.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008689; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5d45316bdeb8e4abe60d0ea7f8b23d2ff|02|tk"; nocase; ) # fb6c9a3f433d65fe21eb7ae5ef340dc4e9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008690; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb6c9a3f433d65fe21eb7ae5ef340dc4e9|02|cn"; nocase; ) # g3b4f481ed3fd7dade864b040893f2a3e3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008691; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g3b4f481ed3fd7dade864b040893f2a3e3|02|tk"; nocase; ) # ka4b417d6de35cf66a0b68faa787fd0827.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008692; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka4b417d6de35cf66a0b68faa787fd0827|02|to"; nocase; ) # m24b4cb9e896dcfce8f5b97b3b0f916fd8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008693; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m24b4cb9e896dcfce8f5b97b3b0f916fd8|02|hk"; nocase; ) # od24fb9aee85c6b9836702f1d220cb77cf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008694; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od24fb9aee85c6b9836702f1d220cb77cf|02|tk"; nocase; ) # p360d5c81b4d36ac0ce8d92418c4c7ed9c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008695; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p360d5c81b4d36ac0ce8d92418c4c7ed9c|02|so"; nocase; ) # uab4c9697636c717c9b17eaac3cca0e6bd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008696; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uab4c9697636c717c9b17eaac3cca0e6bd|02|hk"; nocase; ) # a8293a64d75a065bfb78f3a3c629af028b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008697; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8293a64d75a065bfb78f3a3c629af028b|02|to"; nocase; ) # c0dfb55440390bb180c873e1007595b0ee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008698; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c0dfb55440390bb180c873e1007595b0ee|02|hk"; nocase; ) # nfa76f5170f2293266959fae93fd239be8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008699; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfa76f5170f2293266959fae93fd239be8|02|so"; nocase; ) # qe09393caa7db8617ce1af814b6a4481ad.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008700; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe09393caa7db8617ce1af814b6a4481ad|02|to"; nocase; ) # s957c41134e544024e3a1df321dd94dab6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008701; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s957c41134e544024e3a1df321dd94dab6|02|hk"; nocase; ) # va8859a9c79ba486979fbf7c933100e537.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008702; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va8859a9c79ba486979fbf7c933100e537|02|so"; nocase; ) # z051b0485dd61c8050fafbf8f6de324833.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008703; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z051b0485dd61c8050fafbf8f6de324833|02|in"; nocase; ) # e0f1337bd837bd7e34e57a51d1a481e3db.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008704; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0f1337bd837bd7e34e57a51d1a481e3db|02|cc"; nocase; ) # jc1980b6751f34473ef201ef65d9acf7ba.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008705; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc1980b6751f34473ef201ef65d9acf7ba|02|cn"; nocase; ) # m04f5792905f34072b0259d59c7c3f38a9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008706; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m04f5792905f34072b0259d59c7c3f38a9|02|cc"; nocase; ) # p6cd8418c3cb549986ef16de15742bdff8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008707; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6cd8418c3cb549986ef16de15742bdff8|02|in"; nocase; ) # v440b93d97fa003f86c9b759b9027e1df8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008708; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v440b93d97fa003f86c9b759b9027e1df8|02|ws"; nocase; ) # a41c0ff7acd3b541db6e090a51f1b58ccc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008709; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a41c0ff7acd3b541db6e090a51f1b58ccc|02|tk"; nocase; ) # dd64aae654f5c6503f77c68113c1f08362.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008710; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd64aae654f5c6503f77c68113c1f08362|02|ws"; nocase; ) # qfc46f0e9c608215ed5d6d57ca959573e7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008711; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qfc46f0e9c608215ed5d6d57ca959573e7|02|tk"; nocase; ) # cec05fc48f68222bd20c56c50377475d79.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008712; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cec05fc48f68222bd20c56c50377475d79|02|to"; nocase; ) # o79faca4dfc6e5a4cbb3e360b769744518.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008713; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o79faca4dfc6e5a4cbb3e360b769744518|02|tk"; nocase; ) # bbd4883264c50ea368d1f8de8ebdba9895.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008714; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bbd4883264c50ea368d1f8de8ebdba9895|02|in"; nocase; ) # d46e9d913e3bccbae26c73a592316169fc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008715; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d46e9d913e3bccbae26c73a592316169fc|02|cn"; nocase; ) # e8e30a0d3b0aaf154e9ceca7b424f47132.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008716; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8e30a0d3b0aaf154e9ceca7b424f47132|02|tk"; nocase; ) # n78ec8221c4abd4d179a82131eec85924f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008717; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n78ec8221c4abd4d179a82131eec85924f|02|so"; nocase; ) # r4276294816d4363a3c3b1af8ebbfc22e3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008718; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4276294816d4363a3c3b1af8ebbfc22e3|02|in"; nocase; ) # z411a71793b7e38bf444e7de46ade1ba5d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008719; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z411a71793b7e38bf444e7de46ade1ba5d|02|in"; nocase; ) # c3980f4227af732c073dd50e29902e9e64.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008720; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3980f4227af732c073dd50e29902e9e64|02|tk"; nocase; ) # daeb2a9a4cfbacf2b714e376afbdfd979d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008721; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|daeb2a9a4cfbacf2b714e376afbdfd979d|02|so"; nocase; ) # k19c103b66af9f79a5827d7ef699f76da6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008722; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k19c103b66af9f79a5827d7ef699f76da6|02|tk"; nocase; ) # m0b5ea1cfa4e333e437c2f494c9deeb16e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008723; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0b5ea1cfa4e333e437c2f494c9deeb16e|02|cc"; nocase; ) # ne6bc644fb499f07d6c24931340f47c6cb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008724; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne6bc644fb499f07d6c24931340f47c6cb|02|ws"; nocase; ) # tb565f7d50ced9c6b9e8723f8258e36c99.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008725; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb565f7d50ced9c6b9e8723f8258e36c99|02|so"; nocase; ) # yd924ecdeb1c19bd3748d0162ac1afeb5c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008726; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yd924ecdeb1c19bd3748d0162ac1afeb5c|02|hk"; nocase; ) # j0903f4fce436d44366b5f0c96edd07467.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008727; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0903f4fce436d44366b5f0c96edd07467|02|so"; nocase; ) # k69c066bf631b2bfeec4362f4d96d71d43.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008728; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k69c066bf631b2bfeec4362f4d96d71d43|02|cc"; nocase; ) # ob5bcd128e332128028aea4a8ce1b17719.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008729; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ob5bcd128e332128028aea4a8ce1b17719|02|hk"; nocase; ) # x0569cae6e3eb01ee56b8e107f710b542b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008730; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0569cae6e3eb01ee56b8e107f710b542b|02|cn"; nocase; ) # c99a5e0368974bdfb49298196f5a7ed26d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008731; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c99a5e0368974bdfb49298196f5a7ed26d|02|to"; nocase; ) # g4a25f38b1ba1b8ba5a706e0fd677a3d77.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008732; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g4a25f38b1ba1b8ba5a706e0fd677a3d77|02|tk"; nocase; ) # q55036297ebe5411a1490e08a031c5a955.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008733; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q55036297ebe5411a1490e08a031c5a955|02|cc"; nocase; ) # w97aceb1422b7faccdf299d58410a2d542.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008734; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w97aceb1422b7faccdf299d58410a2d542|02|tk"; nocase; ) # aac065c247c8c812788c7766072c203fd0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008735; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aac065c247c8c812788c7766072c203fd0|02|to"; nocase; ) # e65832c9ce4b756bde6afa8f620561ade0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008736; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e65832c9ce4b756bde6afa8f620561ade0|02|tk"; nocase; ) # f4370631e8b23dbdb79d27f92279313112.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008737; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f4370631e8b23dbdb79d27f92279313112|02|so"; nocase; ) # ifb6a1d734b2a1c7cfdc3ce24666fa79aa.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008738; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifb6a1d734b2a1c7cfdc3ce24666fa79aa|02|to"; nocase; ) # v36f830f820af6ed71c81524eae0c41996.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008739; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v36f830f820af6ed71c81524eae0c41996|02|so"; nocase; ) # wb306cc0422613f1aa1127682ed340c23b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008740; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb306cc0422613f1aa1127682ed340c23b|02|cc"; nocase; ) # x7edce691fc35f3738c7d86aa8bb2deb09.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008741; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7edce691fc35f3738c7d86aa8bb2deb09|02|ws"; nocase; ) # gc4866990d784f7809a6e77ab754432a72.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008742; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc4866990d784f7809a6e77ab754432a72|02|to"; nocase; ) # h555debf219b5ecbdd724ac220e64a1f29.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008743; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h555debf219b5ecbdd724ac220e64a1f29|02|in"; nocase; ) # i58256cc3d77b4c9a11f4f2424592b4190.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008744; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i58256cc3d77b4c9a11f4f2424592b4190|02|hk"; nocase; ) # nc92af190c015bdceb576ee37f5a97a766.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008745; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc92af190c015bdceb576ee37f5a97a766|02|ws"; nocase; ) # z4a28e5ef4058bea13f74257ea23529565.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008746; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z4a28e5ef4058bea13f74257ea23529565|02|cn"; nocase; ) # f7e85d70918e04bf18a605075d0865091b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008747; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7e85d70918e04bf18a605075d0865091b|02|in"; nocase; ) # md98ce067aae6034bef2a0fac3e76a0da2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008748; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md98ce067aae6034bef2a0fac3e76a0da2|02|to"; nocase; ) # n2f33aa50b474f91ec821b9f9e0af3e1aa.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008749; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2f33aa50b474f91ec821b9f9e0af3e1aa|02|in"; nocase; ) # wde77891f8dd5974691e4e240614718b52.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008750; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wde77891f8dd5974691e4e240614718b52|02|hk"; nocase; ) # eba4f87140df5287f587fead399ecf54e7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008751; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eba4f87140df5287f587fead399ecf54e7|02|hk"; nocase; ) # ked9e0234ebdde0402f1d0372306c0cc0e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008752; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ked9e0234ebdde0402f1d0372306c0cc0e|02|to"; nocase; ) # q8a9ba381bb4be17de7a134218d78fca67.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008753; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8a9ba381bb4be17de7a134218d78fca67|02|cc"; nocase; ) # s21f94b36156744a95820e55251eae3449.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008754; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s21f94b36156744a95820e55251eae3449|02|to"; nocase; ) # 1nk2gla6o6yxmlaneja2k0y.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008755; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|1nk2gla6o6yxmlaneja2k0y|04|ddns|03|net"; nocase; ) # kx1t3bg0ydobkn5b5f1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008756; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|kx1t3bg0ydobkn5b5f1|04|ddns|03|net"; nocase; ) # kno03lq6sx7to2qv7x78mb1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008757; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|kno03lq6sx7to2qv7x78mb1|04|ddns|03|net"; nocase; ) # ofc8alaxg2ivq0q2abyjwfg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008758; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|ofc8alaxg2ivq0q2abyjwfg|04|ddns|03|net"; nocase; ) # nuosfoixxaci.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008759; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|nuosfoixxaci|04|ddns|03|net"; nocase; ) # viriroel.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008760; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|viriroel|04|ddns|03|net"; nocase; ) # loqebaefidexu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008761; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|loqebaefidexu|04|ddns|03|net"; nocase; ) # efqiukavdaog.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008762; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|efqiukavdaog|04|ddns|03|net"; nocase; ) # bikupinereub.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008763; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|bikupinereub|04|ddns|03|net"; nocase; ) # irreiwguo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008764; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|irreiwguo|04|ddns|03|net"; nocase; ) # lexfmvfnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lexfmvfnx|03|biz"; nocase; ) # fhbzjatdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fhbzjatdg|03|com"; nocase; ) # eglagj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|eglagj|03|com"; nocase; ) # wfqvvn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wfqvvn|04|info"; nocase; ) # obdfln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|obdfln|03|org"; nocase; ) # gkezkayfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gkezkayfb|03|com"; nocase; ) # dtmnpi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dtmnpi|03|biz"; nocase; ) # ibypzwcrpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ibypzwcrpc|03|biz"; nocase; ) # qmpyzvgkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qmpyzvgkb|03|org"; nocase; ) # mwlfascwcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mwlfascwcy|03|com"; nocase; ) # ylacsswz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ylacsswz|04|info"; nocase; ) # dubkztkykb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dubkztkykb|03|org"; nocase; ) # qmslgzzuta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qmslgzzuta|03|net"; nocase; ) # usoignp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|usoignp|03|biz"; nocase; ) # kyfafcvai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kyfafcvai|03|com"; nocase; ) # fpnlmis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fpnlmis|03|com"; nocase; ) # nndwjwst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nndwjwst|03|net"; nocase; ) # oagqgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oagqgj|03|com"; nocase; ) # dlvddrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dlvddrn|03|net"; nocase; ) # ifctwnlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ifctwnlx|03|org"; nocase; ) # teaipntpbiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|teaipntpbiw|03|com"; nocase; ) # awofrpebhzd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|awofrpebhzd|04|info"; nocase; ) # xkdletz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xkdletz|03|net"; nocase; ) # zprbtqph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zprbtqph|03|biz"; nocase; ) # zkrorqps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zkrorqps|03|biz"; nocase; ) # ezovkeaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ezovkeaw|03|com"; nocase; ) # yijgioxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yijgioxp|04|info"; nocase; ) # pwirfxmls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pwirfxmls|03|org"; nocase; ) # btwaclrxez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008793; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|btwaclrxez|03|com"; nocase; ) # kdhysvlfyxv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008794; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kdhysvlfyxv|04|info"; nocase; ) # zgxkdck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008795; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zgxkdck|03|com"; nocase; ) # zuthfbireu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008796; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zuthfbireu|03|com"; nocase; ) # ptsvtmluw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008797; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ptsvtmluw|03|net"; nocase; ) # vrayln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008798; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vrayln|03|org"; nocase; ) # hzcebqrbshp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008799; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hzcebqrbshp|03|com"; nocase; ) # papptpjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008800; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|papptpjd|03|org"; nocase; ) # ivywkevlprz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008801; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ivywkevlprz|03|net"; nocase; ) # fozrrkyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008802; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fozrrkyq|04|info"; nocase; ) # xnxuhzk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008803; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xnxuhzk|04|info"; nocase; ) # wtrdiyqoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008804; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wtrdiyqoc|03|biz"; nocase; ) # whpqbnjilcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008805; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|whpqbnjilcn|03|com"; nocase; ) # vtzzljoo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008806; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vtzzljoo|03|biz"; nocase; ) # poezsqed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008807; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|poezsqed|03|com"; nocase; ) # yxncjhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008808; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yxncjhm|03|com"; nocase; ) # gxogdjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008809; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gxogdjb|03|org"; nocase; ) # mepbsmsbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008810; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mepbsmsbc|03|com"; nocase; ) # dbidmwrmao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008811; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dbidmwrmao|03|com"; nocase; ) # ingfcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008812; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ingfcp|03|com"; nocase; ) # jcmjiwywev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008813; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jcmjiwywev|03|com"; nocase; ) # xdnijqzz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008814; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xdnijqzz|04|info"; nocase; ) # qrrigle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008815; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qrrigle|03|org"; nocase; ) # unuwstpgtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008816; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|unuwstpgtm|03|net"; nocase; ) # oyrtta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008817; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oyrtta|03|net"; nocase; ) # samnaaeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008818; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|samnaaeq|03|com"; nocase; ) # dniptl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008819; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dniptl|03|net"; nocase; ) # sbayfugkgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008820; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sbayfugkgy|03|com"; nocase; ) # vkowtd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008821; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vkowtd|03|net"; nocase; ) # sfuuxla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008822; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sfuuxla|03|org"; nocase; ) # knhnkziu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008823; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|knhnkziu|03|com"; nocase; ) # xrwsjgyerjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008824; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xrwsjgyerjt|03|org"; nocase; ) # cqtrhwgziwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008825; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cqtrhwgziwp|04|info"; nocase; ) # myxtvuexfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008826; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|myxtvuexfr|03|com"; nocase; ) # yhqizxrbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008827; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yhqizxrbf|03|com"; nocase; ) # oswhoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008828; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oswhoy|03|biz"; nocase; ) # whkpnbxgkgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008829; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|whkpnbxgkgi|03|com"; nocase; ) # iiiztgply.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008830; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iiiztgply|03|org"; nocase; ) # ucwtve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008831; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ucwtve|04|info"; nocase; ) # wbbpwheymd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008832; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wbbpwheymd|03|org"; nocase; ) # nlaulfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008833; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nlaulfs|03|com"; nocase; ) # ckwgczs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008834; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ckwgczs|04|info"; nocase; ) # euuwsqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008835; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|euuwsqo|03|biz"; nocase; ) # tjchsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008836; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tjchsr|03|net"; nocase; ) # nppjvienyia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008837; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nppjvienyia|03|com"; nocase; ) # jgadgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008838; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jgadgf|03|com"; nocase; ) # oncxyi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008839; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oncxyi|04|info"; nocase; ) # ikwkycmws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008840; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ikwkycmws|04|info"; nocase; ) # bdhpyzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008841; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bdhpyzb|04|info"; nocase; ) # gcpstw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008842; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gcpstw|03|net"; nocase; ) # nejxtlka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008843; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nejxtlka|03|org"; nocase; ) # sxbcucgij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008844; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sxbcucgij|03|com"; nocase; ) # bvkrgsfkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008845; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bvkrgsfkr|03|org"; nocase; ) # nvxxvpuycmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008846; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nvxxvpuycmt|03|org"; nocase; ) # njbtxfmnvy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008847; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|njbtxfmnvy|04|info"; nocase; ) # jvzjbospx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008848; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jvzjbospx|03|biz"; nocase; ) # gksaophud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008849; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gksaophud|03|net"; nocase; ) # dluibxbykhx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008850; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dluibxbykhx|03|com"; nocase; ) # roobuidvuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008851; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|roobuidvuz|03|net"; nocase; ) # kaxjqemim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008852; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kaxjqemim|03|com"; nocase; ) # pjhwdbjsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008853; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pjhwdbjsn|03|net"; nocase; ) # gdjhux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008854; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gdjhux|03|net"; nocase; ) # liffkrjoqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008855; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|liffkrjoqc|03|biz"; nocase; ) # uduonmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008856; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uduonmf|03|org"; nocase; ) # ybdgcaicj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008857; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ybdgcaicj|03|com"; nocase; ) # gjmjfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008858; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gjmjfj|03|com"; nocase; ) # bieoreiiov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008859; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bieoreiiov|03|biz"; nocase; ) # vliwpyiayd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008860; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vliwpyiayd|04|info"; nocase; ) # qouxjiyptc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008861; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qouxjiyptc|03|net"; nocase; ) # rtgacvrtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008862; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rtgacvrtn|03|net"; nocase; ) # zdfrpln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008863; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zdfrpln|03|org"; nocase; ) # ixakakatkda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008864; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ixakakatkda|03|com"; nocase; ) # snmgnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008865; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|snmgnt|03|biz"; nocase; ) # xtnpbxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008866; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xtnpbxa|04|info"; nocase; ) # lzvajtmtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008867; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lzvajtmtg|03|net"; nocase; ) # kihfuysczq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008868; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kihfuysczq|04|info"; nocase; ) # qezlwy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008869; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qezlwy|04|info"; nocase; ) # nhjjstswccl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008870; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nhjjstswccl|03|com"; nocase; ) # mgfide.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008871; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mgfide|03|com"; nocase; ) # phobyv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008872; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|phobyv|04|info"; nocase; ) # tbtsphhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008873; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tbtsphhl|03|com"; nocase; ) # vdlrwwtct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008874; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vdlrwwtct|03|com"; nocase; ) # tdmscxjah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008875; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tdmscxjah|03|com"; nocase; ) # giauozrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008876; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|giauozrx|03|net"; nocase; ) # qwtyxxjkmkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008877; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qwtyxxjkmkg|03|org"; nocase; ) # pxskuguo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008878; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pxskuguo|03|net"; nocase; ) # pctuehah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008879; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pctuehah|03|com"; nocase; ) # tgykpogwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008880; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tgykpogwi|04|info"; nocase; ) # xxtycrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008881; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xxtycrh|03|net"; nocase; ) # bbzfyht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008882; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bbzfyht|03|com"; nocase; ) # kwcxonnym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008883; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kwcxonnym|04|info"; nocase; ) # nrxkdngow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008884; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nrxkdngow|03|biz"; nocase; ) # gwgoavnxxlo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008885; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gwgoavnxxlo|03|org"; nocase; ) # ohdovbre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008886; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ohdovbre|03|net"; nocase; ) # qczlzndy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008887; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qczlzndy|03|com"; nocase; ) # seqksjkxf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008888; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|seqksjkxf|04|info"; nocase; ) # rvkqraqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008889; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rvkqraqu|03|biz"; nocase; ) # vzagvazmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008890; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vzagvazmd|03|org"; nocase; ) # pccoukxdrus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008891; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pccoukxdrus|03|net"; nocase; ) # tlkwkotxbbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008892; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tlkwkotxbbw|03|com"; nocase; ) # begwyrrijby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008893; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|begwyrrijby|03|com"; nocase; ) # jgbivknwx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008894; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jgbivknwx|04|info"; nocase; ) # wnqpfbws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008895; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wnqpfbws|04|info"; nocase; ) # xdcgfmbge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008896; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xdcgfmbge|03|com"; nocase; ) # lqijqqhfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008897; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lqijqqhfy|03|com"; nocase; ) # lgccxqnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008898; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lgccxqnt|03|biz"; nocase; ) # huajurjzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008899; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|huajurjzi|04|info"; nocase; ) # jbhkftwszne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008900; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jbhkftwszne|03|biz"; nocase; ) # itvxdkw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008901; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|itvxdkw|03|org"; nocase; ) # kpoujfv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008902; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kpoujfv|03|com"; nocase; ) # eheiplpnry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008903; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|eheiplpnry|03|net"; nocase; ) # mzigyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008904; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mzigyn|04|info"; nocase; ) # pqjipjnyzlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008905; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pqjipjnyzlu|03|org"; nocase; ) # snuwjle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008906; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|snuwjle|03|org"; nocase; ) # xoquoexkemv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008907; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xoquoexkemv|03|org"; nocase; ) # sdbclgwbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008908; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sdbclgwbx|03|com"; nocase; ) # xjnbre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008909; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xjnbre|03|net"; nocase; ) # eposrzrkayc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008910; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|eposrzrkayc|04|info"; nocase; ) # brkxdtsqdml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008911; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|brkxdtsqdml|03|org"; nocase; ) # ayavesmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008912; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ayavesmv|03|org"; nocase; ) # xsrixmcnrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008913; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xsrixmcnrv|03|net"; nocase; ) # kkakmfkowk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008914; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kkakmfkowk|04|info"; nocase; ) # wbxpgdcv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008915; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wbxpgdcv|03|com"; nocase; ) # qsqzqmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008916; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qsqzqmi|03|org"; nocase; ) # ylueoohawn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008917; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ylueoohawn|04|info"; nocase; ) # vtymrblsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008918; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vtymrblsf|03|net"; nocase; ) # nqcubydoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008919; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nqcubydoe|03|biz"; nocase; ) # ccdkdrpnyqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008920; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ccdkdrpnyqz|03|biz"; nocase; ) # sdzdriowgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008921; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sdzdriowgr|03|com"; nocase; ) # rzervhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008922; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rzervhm|03|com"; nocase; ) # hkzpknw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008923; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hkzpknw|03|biz"; nocase; ) # afkkfaga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008924; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|afkkfaga|03|com"; nocase; ) # kncjigwla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008925; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kncjigwla|03|org"; nocase; ) # xqarheaislw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008926; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xqarheaislw|03|org"; nocase; ) # yojcozu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008927; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yojcozu|04|info"; nocase; ) # nagzkkait.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008928; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nagzkkait|03|com"; nocase; ) # qopiub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008929; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qopiub|03|net"; nocase; ) # ooqucc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008930; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ooqucc|03|com"; nocase; ) # vjcwqrlijv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008931; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vjcwqrlijv|03|org"; nocase; ) # adyracr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008932; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|adyracr|03|com"; nocase; ) # hkzuder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008933; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hkzuder|03|com"; nocase; ) # rsuvjr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008934; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rsuvjr|03|org"; nocase; ) # gdbnyntvj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008935; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gdbnyntvj|04|info"; nocase; ) # xtbkriw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008936; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xtbkriw|03|com"; nocase; ) # klonrjwpo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008937; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|klonrjwpo|03|biz"; nocase; ) # zjowvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008938; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zjowvs|04|info"; nocase; ) # xxpikrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008939; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xxpikrn|03|net"; nocase; ) # lzgdeidp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008940; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lzgdeidp|03|com"; nocase; ) # uhmaxinos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008941; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uhmaxinos|03|biz"; nocase; ) # phgityx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008942; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|phgityx|04|info"; nocase; ) # vfabtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008943; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vfabtf|03|net"; nocase; ) # yqvcmvzfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008944; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yqvcmvzfe|03|com"; nocase; ) # nwkgzwtjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008945; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nwkgzwtjt|03|org"; nocase; ) # uigxgzerqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008946; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uigxgzerqh|03|biz"; nocase; ) # ewlqqmgnxe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008947; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ewlqqmgnxe|04|info"; nocase; ) # xgwlxuvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008948; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xgwlxuvm|04|info"; nocase; ) # fwqhjvroypw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008949; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fwqhjvroypw|03|biz"; nocase; ) # ddambblnbfacmfdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008950; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ddambblnbfacmfdd|03|com"; nocase; ) # daffldcclobbflca.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008951; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|daffldcclobbflca|02|de"; nocase; ) # bofodfbfakkcaaef.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008952; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bofodfbfakkcaaef|02|co"; nocase; ) # ndobmbfokdlbdbeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008953; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ndobmbfokdlbdbeo|03|com"; nocase; ) # mncfcbaklecdkold.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008954; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mncfcbaklecdkold|03|org"; nocase; ) # aooodnlcbabdenca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008955; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aooodnlcbabdenca|03|com"; nocase; ) # mcobakballconmon.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008956; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mcobakballconmon|03|com"; nocase; ) # ofbcdfdckddnffbn.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008957; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ofbcdfdckddnffbn|06|online"; nocase; ) # olaebcbcakkcabaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008958; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|olaebcbcakkcabaa|03|org"; nocase; ) # bdblcbebfmekeafl.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008959; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bdblcbebfmekeafl|06|online"; nocase; ) # ocalbbfeollnalal.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008960; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ocalbbfeollnalal|02|de"; nocase; ) # bdanccdmedkffdaa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008961; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bdanccdmedkffdaa|04|info"; nocase; ) # afedfkfbdalkacmb.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008962; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|afedfkfbdalkacmb|06|online"; nocase; ) # dfbfabaceobbfkbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008963; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dfbfabaceobbfkbl|03|com"; nocase; ) # bkccfdcefadlamdb.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008964; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bkccfdcefadlamdb|06|online"; nocase; ) # abalcdbaaockbcaa.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008965; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|abalcdbaaockbcaa|02|de"; nocase; ) # daobndmamfonbbkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008966; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|daobndmamfonbbkb|03|org"; nocase; ) # efkkkoadcdocfcma.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008967; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|efkkkoadcdocfcma|06|online"; nocase; ) # aofdccadccoecnnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008968; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aofdccadccoecnnc|03|com"; nocase; ) # mzbydf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008969; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mzbydf|03|com"; nocase; ) # daphqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008970; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|daphqy|03|com"; nocase; ) # qcyout.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008971; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qcyout|03|com"; nocase; ) # kiiefa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008972; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kiiefa|03|com"; nocase; ) # afvmmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008973; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|afvmmr|03|com"; nocase; ) # nnypeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008974; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nnypeb|03|com"; nocase; ) # disvqt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008975; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|disvqt|03|com"; nocase; ) # elufni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008976; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|elufni|03|com"; nocase; ) # ijoaog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008977; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ijoaog|03|com"; nocase; ) # hruwoh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008978; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hruwoh|03|com"; nocase; ) # nedfau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008979; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nedfau|03|com"; nocase; ) # iypyyn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008980; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iypyyn|03|com"; nocase; ) # duvweo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008981; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|duvweo|03|com"; nocase; ) # pyxyyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008982; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|pyxyyk|03|com"; nocase; ) # uhxisv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008983; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uhxisv|03|com"; nocase; ) # aqkiwa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008984; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aqkiwa|03|com"; nocase; ) # hmbumd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008985; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hmbumd|03|com"; nocase; ) # zuiiqo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008986; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zuiiqo|03|com"; nocase; ) # kuqomb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008987; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kuqomb|03|com"; nocase; ) # zieijd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008988; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zieijd|03|com"; nocase; ) # rokrpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008989; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rokrpy|03|com"; nocase; ) # hnqvtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008990; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hnqvtl|03|com"; nocase; ) # atiqft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008991; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|atiqft|03|com"; nocase; ) # xiqwys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008992; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xiqwys|03|com"; nocase; ) # gayjpa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008993; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gayjpa|03|com"; nocase; ) # pqcpkacuwsanh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pqcpkacuwsanh|03|com"; nocase; ) # fcgsnwhysrpyj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fcgsnwhysrpyj|02|co|02|uk"; nocase; ) # tvmlylctwsjje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tvmlylctwsjje|03|net"; nocase; ) # vnbnqmeuqcohv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vnbnqmeuqcohv|03|org"; nocase; ) # wsqjqifdsoymj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wsqjqifdsoymj|04|info"; nocase; ) # wjhcvatbbibxp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000008999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wjhcvatbbibxp|03|com"; nocase; ) # aoxgxeehwjdqabi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aoxgxeehwjdqabi|02|co|02|uk"; nocase; ) # tirdrtldyhswjki.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tirdrtldyhswjki|04|info"; nocase; ) # miohjtkobxmdgil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|miohjtkobxmdgil|03|org"; nocase; ) # eeduokumkrelktb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eeduokumkrelktb|03|biz"; nocase; ) # taqxmuwpvdxdmuq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|taqxmuwpvdxdmuq|03|com"; nocase; ) # aylrgulepcwfnye.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aylrgulepcwfnye|02|ru"; nocase; ) # svfduksqpiunaeh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|svfduksqpiunaeh|03|org"; nocase; ) # hjiksijfvgwveav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hjiksijfvgwveav|03|com"; nocase; ) # unjovdphickiehd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|unjovdphickiehd|03|net"; nocase; ) # qirlnngknmyxste.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qirlnngknmyxste|03|biz"; nocase; ) # rxbhxcwbtbxyyky.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rxbhxcwbtbxyyky|02|ru"; nocase; ) # mcjvahhyfutenbb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mcjvahhyfutenbb|02|co|02|uk"; nocase; ) # vegflmamjowyyhv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vegflmamjowyyhv|02|co|02|uk"; nocase; ) # jnxrrtthfxtawyk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jnxrrtthfxtawyk|02|co|02|uk"; nocase; ) # lsiywjhrvjybnwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lsiywjhrvjybnwc|03|com"; nocase; ) # tmivcxmbuwpnmfc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tmivcxmbuwpnmfc|02|co|02|uk"; nocase; ) # vemhddwfrpphfpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vemhddwfrpphfpc|03|biz"; nocase; ) # mlggfwxvbmpwatl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mlggfwxvbmpwatl|03|com"; nocase; ) # mxakbsncfibhnml.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mxakbsncfibhnml|03|biz"; nocase; ) # nluxcnrjobslfoo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nluxcnrjobslfoo|02|ru"; nocase; ) # nwhtvmwtadwvqxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nwhtvmwtadwvqxs|03|biz"; nocase; ) # lpkvibvnstfclqr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lpkvibvnstfclqr|03|com"; nocase; ) # uotujhafjwnlmsq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uotujhafjwnlmsq|03|biz"; nocase; ) # hbmsmgfjkaquysy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hbmsmgfjkaquysy|03|biz"; nocase; ) # oirgmqvclejjnpq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oirgmqvclejjnpq|03|com"; nocase; ) # ogwilikcnjxloii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ogwilikcnjxloii|03|net"; nocase; ) # adpnwfgfavtfpmf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|adpnwfgfavtfpmf|02|ru"; nocase; ) # vhrcrhcqgiqpotm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vhrcrhcqgiqpotm|03|biz"; nocase; ) # rhqusprextigtkt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rhqusprextigtkt|02|co|02|uk"; nocase; ) # joylrblvphiqtov.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|joylrblvphiqtov|04|info"; nocase; ) # khvnrlrhjvfykuc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khvnrlrhjvfykuc|04|info"; nocase; ) # xjqnugxuwulqkxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xjqnugxuwulqkxf|03|com"; nocase; ) # kfakvrfaigwgktj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kfakvrfaigwgktj|02|ru"; nocase; ) # odesmwnfblqjvbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|odesmwnfblqjvbf|03|com"; nocase; ) # vvqndxgnhjrykkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vvqndxgnhjrykkv|03|org"; nocase; ) # jtchsdhkbkqbhhn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jtchsdhkbkqbhhn|02|co|02|uk"; nocase; ) # llgstiroxdqulhh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|llgstiroxdqulhh|03|biz"; nocase; ) # latuafbxyaaiimt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|latuafbxyaaiimt|04|info"; nocase; ) # nrxgbklcvsacbpp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nrxgbklcvsacbpp|02|ru"; nocase; ) # pvcauqwvqplsisw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pvcauqwvqplsisw|03|com"; nocase; ) # qjwlclbremcgaye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qjwlclbremcgaye|03|net"; nocase; ) # rwadyartpsckyii.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rwadyartpsckyii|03|biz"; nocase; ) # sbbwdqlvbfcaedl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sbbwdqlvbfcaedl|02|co|02|uk"; nocase; ) # euodeocckvqkma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|euodeocckvqkma|03|net"; nocase; ) # varadgtpnumklk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|varadgtpnumklk|02|co|02|uk"; nocase; ) # cpkstywhvyagwi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cpkstywhvyagwi|02|co|02|uk"; nocase; ) # regtxwogcogekn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|regtxwogcogekn|03|net"; nocase; ) # nyoqphfjhyutyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nyoqphfjhyutyg|03|biz"; nocase; ) # ccljohagfyvehw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ccljohagfyvehw|03|biz"; nocase; ) # jrpqkqjmcoqdpa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jrpqkqjmcoqdpa|03|com"; nocase; ) # lteqbbnejtugov.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lteqbbnejtugov|02|co|02|uk"; nocase; ) # cojcyeswueerdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cojcyeswueerdo|03|net"; nocase; ) # ettfqnnxvnqqdx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ettfqnnxvnqqdx|02|ru"; nocase; ) # ancegtlnafeobp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ancegtlnafeobp|02|ru"; nocase; ) # ntrtvrjjxfcnyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ntrtvrjjxfcnyb|03|org"; nocase; ) # qbmcchenamtfrp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qbmcchenamtfrp|04|info"; nocase; ) # edheyytsivujbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|edheyytsivujbx|03|com"; nocase; ) # rjwtowrogvsirb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rjwtowrogvsirb|03|net"; nocase; ) # rukufeggwqybsc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rukufeggwqybsc|03|org"; nocase; ) # vkpuxjolfhpveq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vkpuxjolfhpveq|03|net"; nocase; ) # ofemmrlseomnpl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ofemmrlseomnpl|02|co|02|uk"; nocase; ) # sujmfwtxmfdipw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sujmfwtxmfdipw|03|biz"; nocase; ) # gmmdlcgwbaprek.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gmmdlcgwbaprek|04|info"; nocase; ) # lthsucxcipsqou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lthsucxcipsqou|03|org"; nocase; ) # ctacplrolaqppb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ctacplrolaqppb|03|net"; nocase; ) # jmioksmqdcaise.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jmioksmqdcaise|03|com"; nocase; ) # forofwwllbotif.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|forofwwllbotif|04|info"; nocase; ) # tyaxehdemmmrmc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tyaxehdemmmrmc|03|biz"; nocase; ) # vekbvqxfnvyqdj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vekbvqxfnvyqdj|03|org"; nocase; ) # wvafehrpimrxie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wvafehrpimrxie|03|com"; nocase; ) # yxgxuaqmabnosq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yxgxuaqmabnosq|02|ru"; nocase; ) # lwtnnepbcmxvbf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lwtnnepbcmxvbf|03|net"; nocase; ) # mbrjbtdcnblqbq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mbrjbtdcnblqbq|02|ru"; nocase; ) # pkmfnmfocathyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pkmfnmfocathyy|03|net"; nocase; ) # soupqkuhhgjxsj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|soupqkuhhgjxsj|03|org"; nocase; ) # cgnelbesgodguv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cgnelbesgodguv|02|ru"; nocase; ) # wlurcuojmtvgdh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wlurcuojmtvgdh|02|ru"; nocase; ) # yualbnlasedjds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yualbnlasedjds|03|com"; nocase; ) # akbucfyymcxfuf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|akbucfyymcxfuf|03|net"; nocase; ) # jfnaqpvutcrbtc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jfnaqpvutcrbtc|02|co|02|uk"; nocase; ) # jnuuyyxkstffxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jnuuyyxkstffxn|03|com"; nocase; ) # lostpislamyefj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lostpislamyefj|03|biz"; nocase; ) # ekunhgpddckbvq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ekunhgpddckbvq|02|co|02|uk"; nocase; ) # fidrqkvoswbspl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fidrqkvoswbspl|03|net"; nocase; ) # gtahgymtjmrevy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gtahgymtjmrevy|03|biz"; nocase; ) # hjbqhtqpapurwv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hjbqhtqpapurwv|02|ru"; nocase; ) # fksooimvhioytl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fksooimvhioytl|02|ru"; nocase; ) # fqvtqoadqhfkxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fqvtqoadqhfkxk|03|com"; nocase; ) # geqfxgncukacpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|geqfxgncukacpw|03|net"; nocase; ) # icdxveuhnjikcf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|icdxveuhnjikcf|03|biz"; nocase; ) # jgbtjtiiyxvfcq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jgbtjtiiyxvfcq|03|org"; nocase; ) # tuklntxcjlbjqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tuklntxcjlbjqb|03|com"; nocase; ) # ecxuekrfljknte.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ecxuekrfljknte|04|info"; nocase; ) # uvlavexxytpgsu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uvlavexxytpgsu|04|info"; nocase; ) # wtvsuinekbpyht.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wtvsuinekbpyht|02|co|02|uk"; nocase; ) # kvqsxdtrxavqqd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kvqsxdtrxavqqd|04|info"; nocase; ) # wcdndedhppjcjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wcdndedhppjcjs|03|com"; nocase; ) # mfvmwievkhjsqr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mfvmwievkhjsqr|02|ru"; nocase; ) # clgefkdbuclamg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|clgefkdbuclamg|03|biz"; nocase; ) # emedvtxccufytq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|emedvtxccufytq|03|org"; nocase; ) # lptnuvonxiujn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lptnuvonxiujn|02|co|02|uk"; nocase; ) # ytusbnkavokpw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ytusbnkavokpw|04|info"; nocase; ) # mxejulclmarwu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mxejulclmarwu|03|com"; nocase; ) # dryjqghxterui.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dryjqghxterui|02|ru"; nocase; ) # tievyghwikrpy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tievyghwikrpy|04|info"; nocase; ) # vgpcqnopunjnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vgpcqnopunjnx|03|biz"; nocase; ) # nlwbhnibbdnco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nlwbhnibbdnco|03|net"; nocase; ) # cmgdgijcfcssm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cmgdgijcfcssm|03|biz"; nocase; ) # lurvcnmocvkjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lurvcnmocvkjv|03|org"; nocase; ) # nnlfmqvcjamno.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nnlfmqvcjamno|04|info"; nocase; ) # ekwiaqxumbhgy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ekwiaqxumbhgy|02|ru"; nocase; ) # hklxasrjfwjjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hklxasrjfwjjb|03|biz"; nocase; ) # yyglxjurywogb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yyglxjurywogb|02|ru"; nocase; ) # dovlpdibpelts.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dovlpdibpelts|02|ru"; nocase; ) # scyqgqvyrrbio.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|scyqgqvyrrbio|02|co|02|uk"; nocase; ) # uhjxlaqwkopro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uhjxlaqwkopro|03|com"; nocase; ) # nqitegcnphiiw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nqitegcnphiiw|02|co|02|uk"; nocase; ) # qxnxvtlyenhmh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qxnxvtlyenhmh|02|ru"; nocase; ) # jyltimlatpnya.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jyltimlatpnya|02|ru"; nocase; ) # jgrpjrxymryga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jgrpjrxymryga|03|com"; nocase; ) # pabqdepdspiod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pabqdepdspiod|03|com"; nocase; ) # xqncojseeqsfb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xqncojseeqsfb|02|co|02|uk"; nocase; ) # bqytyydqwmucw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bqytyydqwmucw|02|co|02|uk"; nocase; ) # krjsrkqpbndog.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|krjsrkqpbndog|02|ru"; nocase; ) # latortlhruqtg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|latortlhruqtg|02|co|02|uk"; nocase; ) # qsypmvcmcdovx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qsypmvcmcdovx|03|com"; nocase; ) # mlgcrckgufcyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mlgcrckgufcyf|04|info"; nocase; ) # odkvrhseiowvx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|odkvrhseiowvx|02|ru"; nocase; ) # hlkotgxrtrgme.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hlkotgxrtrgme|02|co|02|uk"; nocase; ) # iyfdxbigdagsf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iyfdxbigdagsf|04|info"; nocase; ) # ayaeuwkfplssh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ayaeuwkfplssh|03|biz"; nocase; ) # rbfxwhdehdjjl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rbfxwhdehdjjl|03|com"; nocase; ) # jugnlnjcphtol.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jugnlnjcphtol|04|info"; nocase; ) # qglqcqknfmsik.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qglqcqknfmsik|04|info"; nocase; ) # tooytowimgxcc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tooytowimgxcc|03|biz"; nocase; ) # eletskkcygnac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eletskkcygnac|03|org"; nocase; ) # thjqfufauwljp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|thjqfufauwljp|03|biz"; nocase; ) # qprevpxhskgsc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009137; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qprevpxhskgsc|02|co|02|uk"; nocase; ) # giksrkjvmyttg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009138; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|giksrkjvmyttg|03|biz"; nocase; ) # tkntsibscixre.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009139; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tkntsibscixre|02|ru"; nocase; ) # hmissawtghihe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009140; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hmissawtghihe|03|org"; nocase; ) # lkmjifhfpajnw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009141; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lkmjifhfpajnw|03|net"; nocase; ) # mkkltbpmlaaew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009142; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mkkltbpmlaaew|03|org"; nocase; ) # bjnpxvqctxnlu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009143; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bjnpxvqctxnlu|02|co|02|uk"; nocase; ) # fhrgnbbndqorn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009144; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fhrgnbbndqorn|03|biz"; nocase; ) # ebulumjseujto.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009145; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ebulumjseujto|02|co|02|uk"; nocase; ) # gcsoycwdalruv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009146; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gcsoycwdalruv|03|com"; nocase; ) # hlepawjbakpki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009147; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hlepawjbakpki|03|net"; nocase; ) # kawfohhojesba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009148; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kawfohhojesba|03|org"; nocase; ) # lymiqnywpgwtm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009149; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lymiqnywpgwtm|04|info"; nocase; ) # ybpjrfxnixsbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009150; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ybpjrfxnixsbd|03|com"; nocase; ) # aovdqbltyqhbv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009151; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|aovdqbltyqhbv|03|biz"; nocase; ) # ouocrccmagxnd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009152; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ouocrccmagxnd|02|co|02|uk"; nocase; ) # dpwirysoibqnb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009153; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dpwirysoibqnb|03|com"; nocase; ) # fxepivcxormnl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009154; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fxepivcxormnl|02|co|02|uk"; nocase; ) # glycsnvesbrhd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009155; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|glycsnvesbrhd|04|info"; nocase; ) # tckewnaonildb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009156; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tckewnaonildb|02|ru"; nocase; ) # mwelnjrpgjuad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009157; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mwelnjrpgjuad|03|com"; nocase; ) # powcvjjwwaef.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009158; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|powcvjjwwaef|04|info"; nocase; ) # vpnemimeaqyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009159; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vpnemimeaqyc|04|info"; nocase; ) # yprcmjphnlao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009160; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yprcmjphnlao|03|biz"; nocase; ) # rkapiyfosili.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009161; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rkapiyfosili|03|biz"; nocase; ) # bhktkeldabad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009162; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bhktkeldabad|03|net"; nocase; ) # pmgjcflxovjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009163; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pmgjcflxovjd|03|org"; nocase; ) # dqpviwkapmkj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009164; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dqpviwkapmkj|02|co|02|uk"; nocase; ) # jaucooemkdwj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009165; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jaucooemkdwj|03|biz"; nocase; ) # kpvmggxhiort.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009166; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kpvmggxhiort|02|ru"; nocase; ) # kbpmaxiubrqd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009167; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kbpmaxiubrqd|03|org"; nocase; ) # ljaemhdjaohp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009168; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ljaemhdjaohp|04|info"; nocase; ) # xyndaudghral.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009169; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xyndaudghral|02|ru"; nocase; ) # ysrugsroklal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009170; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ysrugsroklal|04|info"; nocase; ) # smakvtumfdtx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009171; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|smakvtumfdtx|03|org"; nocase; ) # gspbormbdsbu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009172; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gspbormbdsbu|02|co|02|uk"; nocase; ) # wcfsnyfxekfv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009173; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wcfsnyfxekfv|03|net"; nocase; ) # xkpkaosyktey.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009174; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xkpkaosyktey|02|ru"; nocase; ) # pbakbynrmiku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009175; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pbakbynrmiku|03|org"; nocase; ) # awwdrrgbhwlo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009176; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|awwdrrgbhwlo|03|org"; nocase; ) # xpxemqcgokfs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009177; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xpxemqcgokfs|03|net"; nocase; ) # khadtkjcqlqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009178; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|khadtkjcqlqg|03|org"; nocase; ) # omkpkugbsgoc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009179; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|omkpkugbsgoc|02|co|02|uk"; nocase; ) # ngofknhjbbnh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009180; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ngofknhjbbnh|02|co|02|uk"; nocase; ) # hhxcvdralgko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009181; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hhxcvdralgko|03|net"; nocase; ) # jvflwgbqjevu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009182; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jvflwgbqjevu|02|ru"; nocase; ) # wagojbnlalqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009183; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wagojbnlalqo|03|org"; nocase; ) # lwdknvoxwmgl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009184; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lwdknvoxwmgl|02|co|02|uk"; nocase; ) # nykljyeoygvk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009185; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nykljyeoygvk|03|com"; nocase; ) # oolthtorpcxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009186; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oolthtorpcxv|03|net"; nocase; ) # roptbrbmkmrh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009187; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|roptbrbmkmrh|03|org"; nocase; ) # ufobpcywoqej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009188; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ufobpcywoqej|03|com"; nocase; ) # oigokpcxqhyi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009189; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oigokpcxqhyi|02|ru"; nocase; ) # droxhqchuron.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009190; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|droxhqchuron|04|info"; nocase; ) # evmtuawvausa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009191; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|evmtuawvausa|03|net"; nocase; ) # xgxdykgqcxpg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009192; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xgxdykgqcxpg|04|info"; nocase; ) # yvylwcawvoda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009193; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yvylwcawvoda|03|com"; nocase; ) # ykvymtbfhbts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009194; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ykvymtbfhbts|03|net"; nocase; ) # aawhklulbrhm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009195; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aawhklulbrhm|03|biz"; nocase; ) # fxyeyqrbhmna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009196; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fxyeyqrbhmna|03|biz"; nocase; ) # yco2u31v4kp881dm5mrhkwou8q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yco2u31v4kp881dm5mrhkwou8q|03|biz"; nocase; ) # xawyny1onkbkfpixlcdttvzi9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xawyny1onkbkfpixlcdttvzi9|03|net"; nocase; ) # 19asx1bctf7w3189ua2mecr6s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19asx1bctf7w3189ua2mecr6s|03|org"; nocase; ) # 6iv7ceon1e0j1muenju9p2dg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6iv7ceon1e0j1muenju9p2dg1|03|com"; nocase; ) # 1wd90f01xdhhmbhd87di1bghd13.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wd90f01xdhhmbhd87di1bghd13|03|biz"; nocase; ) # aogvat14dacn11hst6rl1n7sq6b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aogvat14dacn11hst6rl1n7sq6b|03|net"; nocase; ) # 1mqf5c3agoamq1pw4frz1iqtg9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqf5c3agoamq1pw4frz1iqtg9e|03|com"; nocase; ) # jodartwy1k0zke09eu17n7o0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jodartwy1k0zke09eu17n7o0c|03|org"; nocase; ) # 45lpcubd1iy21fqidqr17su0k7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|45lpcubd1iy21fqidqr17su0k7|03|com"; nocase; ) # 1wmg8of1ym8fhk15rt75n1xr49hk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wmg8of1ym8fhk15rt75n1xr49hk|03|org"; nocase; ) # r80iz1ek41qg16mx9w2l0re0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r80iz1ek41qg16mx9w2l0re0u|03|org"; nocase; ) # duwra08eez10icu6w81mnkko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|duwra08eez10icu6w81mnkko|03|com"; nocase; ) # 1r8aulx1oqjfggdrtrbg128438z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r8aulx1oqjfggdrtrbg128438z|03|net"; nocase; ) # 1soma21yk009b16cn73t8tu9ue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1soma21yk009b16cn73t8tu9ue|03|org"; nocase; ) # 3thwq94jcr1g4jwik0yb69h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3thwq94jcr1g4jwik0yb69h|03|org"; nocase; ) # 11e202tybsdp41dibrcapcxw0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11e202tybsdp41dibrcapcxw0d|03|net"; nocase; ) # 145et7ahqcfj5onhjkf10zann1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|145et7ahqcfj5onhjkf10zann1|03|com"; nocase; ) # 1o3yfhoiymt9k170vaz2138x97s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3yfhoiymt9k170vaz2138x97s|03|org"; nocase; ) # 1qj72yf14s9kr41b5vqzg53cnc6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qj72yf14s9kr41b5vqzg53cnc6|03|biz"; nocase; ) # 1185760ny0wlvh9j7bv1tri791.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1185760ny0wlvh9j7bv1tri791|03|com"; nocase; ) # 1jxwi1r6bh52k1bw6lfcb57vtu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jxwi1r6bh52k1bw6lfcb57vtu|03|org"; nocase; ) # uig7dxej3sb61qyyan1b50gzo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uig7dxej3sb61qyyan1b50gzo|03|biz"; nocase; ) # 34untzwhjkpx1ekvtgk1pux6f9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|34untzwhjkpx1ekvtgk1pux6f9|03|com"; nocase; ) # zyx9eu1tuu6e9ylarpvseikjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zyx9eu1tuu6e9ylarpvseikjt|03|biz"; nocase; ) # iunkwk105fcs918j6pi61y61jbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iunkwk105fcs918j6pi61y61jbs|03|com"; nocase; ) # p0fjtkorklaododsemd6i9hr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p0fjtkorklaododsemd6i9hr|03|org"; nocase; ) # v4mbza1msr1vawxapj14i349p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v4mbza1msr1vawxapj14i349p|03|org"; nocase; ) # 11fs5581ag26q91e0gh312y5zpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11fs5581ag26q91e0gh312y5zpj|03|com"; nocase; ) # 1y1nvx21rca3zb1e0qqeb1arh3wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y1nvx21rca3zb1e0qqeb1arh3wz|03|com"; nocase; ) # 1xgooli1valqtp1bq395dgfoisb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xgooli1valqtp1bq395dgfoisb|03|net"; nocase; ) # v8fujb1wt6nua1m5ahrd2399k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v8fujb1wt6nua1m5ahrd2399k|03|biz"; nocase; ) # pai4aw6uimfp1b960jd16qz5uc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pai4aw6uimfp1b960jd16qz5uc|03|com"; nocase; ) # 1o5k7qm17i87dwpavzuz510zhv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o5k7qm17i87dwpavzuz510zhv|03|org"; nocase; ) # w9kpq5fw669812qyyu31d8wc7v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w9kpq5fw669812qyyu31d8wc7v|03|biz"; nocase; ) # 1bn32jc17rp2qcqis1vsyvwrz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bn32jc17rp2qcqis1vsyvwrz4|03|net"; nocase; ) # 16hv5pqnfhgci1r9pd1i1nc8cyv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16hv5pqnfhgci1r9pd1i1nc8cyv|03|biz"; nocase; ) # 1nyzrj65pnjxl1dpb2uq1l3ec41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nyzrj65pnjxl1dpb2uq1l3ec41|03|com"; nocase; ) # 1t8f8zxezufripq36z61uw48sj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t8f8zxezufripq36z61uw48sj|03|org"; nocase; ) # 12x33z52293ldkqk28g1208djb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12x33z52293ldkqk28g1208djb|03|biz"; nocase; ) # hagm0oc1jfh31m0e6zq1usecf7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hagm0oc1jfh31m0e6zq1usecf7|03|org"; nocase; ) # vdxzfa5q7tnqjp08fk11znuz1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vdxzfa5q7tnqjp08fk11znuz1|03|net"; nocase; ) # vzdao2qdcc9c1iunzxs1ekegnb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vzdao2qdcc9c1iunzxs1ekegnb|03|net"; nocase; ) # 1sy71kz1f59iv1l9u4jy1celu1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sy71kz1f59iv1l9u4jy1celu1g|03|biz"; nocase; ) # 1jsxbrs18e63161jezn27b8kmab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsxbrs18e63161jezn27b8kmab|03|org"; nocase; ) # 9hlomw1nol7xrw3x3fy1d9886b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9hlomw1nol7xrw3x3fy1d9886b|03|net"; nocase; ) # 13ew5r1psal1yxickqs1hoxmh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ew5r1psal1yxickqs1hoxmh9|03|net"; nocase; ) # 1ta2qsuoi81wrm2avty19s5saa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ta2qsuoi81wrm2avty19s5saa|03|org"; nocase; ) # jyw7tonoi5yd5wwzztf50k2i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jyw7tonoi5yd5wwzztf50k2i|03|biz"; nocase; ) # ew9prkl5mbhnkqhqbqbxwy05.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ew9prkl5mbhnkqhqbqbxwy05|03|biz"; nocase; ) # 1alrss72lpjnzz0d3tu1jdkm3b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alrss72lpjnzz0d3tu1jdkm3b|03|com"; nocase; ) # 1103rdo1e94ni4x0xha8jbnp0l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1103rdo1e94ni4x0xha8jbnp0l|03|org"; nocase; ) # 1hl11731vx9mhif7zyfatvkdnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hl11731vx9mhif7zyfatvkdnj|03|org"; nocase; ) # o52vzjco6kei1kjvdk16ernla.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o52vzjco6kei1kjvdk16ernla|03|net"; nocase; ) # b0f3jhl5lnot1i0ddcna07ns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b0f3jhl5lnot1i0ddcna07ns|03|net"; nocase; ) # 9f3gtv91aaqyjwr3u26qtomi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9f3gtv91aaqyjwr3u26qtomi|03|org"; nocase; ) # xihtrd55v3uzyfnzufxy8av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xihtrd55v3uzyfnzufxy8av|03|com"; nocase; ) # ihkdwm1irppyu12dak71f524pn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ihkdwm1irppyu12dak71f524pn|03|net"; nocase; ) # 3e3ki01qhy8w71gtobo4t9j7cb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3e3ki01qhy8w71gtobo4t9j7cb|03|net"; nocase; ) # 66kqd717oqyajyatkvmc8lalr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66kqd717oqyajyatkvmc8lalr|03|net"; nocase; ) # 5jr5bnxvium71jx34o516i3ov6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5jr5bnxvium71jx34o516i3ov6|03|net"; nocase; ) # 4yp00q1uxp72prv9kqlhqif3r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yp00q1uxp72prv9kqlhqif3r|03|biz"; nocase; ) # 1fnhq6wa6qhfs295fpe1y34gsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fnhq6wa6qhfs295fpe1y34gsz|03|net"; nocase; ) # 11quvd1ffjzkr1gpsr1nzksjbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11quvd1ffjzkr1gpsr1nzksjbl|03|com"; nocase; ) # 1ujgn2h1cbpp3x1qdbc0y1hp5amd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ujgn2h1cbpp3x1qdbc0y1hp5amd|03|org"; nocase; ) # 18251m01lvld1s1tmt8646e3ztt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18251m01lvld1s1tmt8646e3ztt|03|net"; nocase; ) # 1rifi2k1r4qp421nz2ej4lu9cmr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rifi2k1r4qp421nz2ej4lu9cmr|03|biz"; nocase; ) # a0hzn8g0uhj1hjjz1d1eplfgs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a0hzn8g0uhj1hjjz1d1eplfgs|03|net"; nocase; ) # 182knosvvfpapn8w0jjvbskyb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|182knosvvfpapn8w0jjvbskyb|03|com"; nocase; ) # 1wlfi7tpakkdy10ie4rt1bjjyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlfi7tpakkdy10ie4rt1bjjyk|03|com"; nocase; ) # 1f48bi31edgimm1bl032q11qvi2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f48bi31edgimm1bl032q11qvi2e|03|com"; nocase; ) # 18u0rsoi7okbv1he8jutjl4t6d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18u0rsoi7okbv1he8jutjl4t6d|03|net"; nocase; ) # 1ctsy321ainkwazwwdhlbzp1a4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ctsy321ainkwazwwdhlbzp1a4|03|com"; nocase; ) # bo3gmgi8t4ax1unhzamuey1fh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bo3gmgi8t4ax1unhzamuey1fh|03|org"; nocase; ) # paah91dp2k701fvsynuvzev65.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|paah91dp2k701fvsynuvzev65|03|biz"; nocase; ) # 6qzq5osvqsz51dauyocgj7g5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6qzq5osvqsz51dauyocgj7g5s|03|net"; nocase; ) # 1jpatz712erkha1ds1kncwfiblo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jpatz712erkha1ds1kncwfiblo|03|net"; nocase; ) # jigk347yf24u17jfbcmfp57yz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jigk347yf24u17jfbcmfp57yz|03|org"; nocase; ) # qdtgey1sj3o7j1xlmgp41xrfumx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qdtgey1sj3o7j1xlmgp41xrfumx|03|com"; nocase; ) # bgptbnajxw2f156ftx8txtsxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bgptbnajxw2f156ftx8txtsxe|03|org"; nocase; ) # 1f9ur4r1y49x5w1e1ymem18oiwao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f9ur4r1y49x5w1e1ymem18oiwao|03|com"; nocase; ) # f3s27l1vbwn8m1gc6htqr4qrr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f3s27l1vbwn8m1gc6htqr4qrr0|03|net"; nocase; ) # ep1y0bgadnjz1fmmcxa1d627f0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ep1y0bgadnjz1fmmcxa1d627f0|03|com"; nocase; ) # 1opbh1y1c2creo1nbkkbk1oztujb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1opbh1y1c2creo1nbkkbk1oztujb|03|biz"; nocase; ) # 1rd8oke1vfu62v1og6at7yauk76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rd8oke1vfu62v1og6at7yauk76|03|com"; nocase; ) # 1lxgwmz152hdjyhyrc6ohkef8e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lxgwmz152hdjyhyrc6ohkef8e|03|com"; nocase; ) # fit6gp1dqepgqi6op8kiqux1r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fit6gp1dqepgqi6op8kiqux1r|03|net"; nocase; ) # qsqt4g4g55f7gwetin1l6hpk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qsqt4g4g55f7gwetin1l6hpk7|03|org"; nocase; ) # 17j1r7p1onevrcpqlr1xne24jq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17j1r7p1onevrcpqlr1xne24jq|03|biz"; nocase; ) # 1sqkkvub3cqe0xpdvpw1sbcd9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sqkkvub3cqe0xpdvpw1sbcd9o|03|net"; nocase; ) # mq65ud1qmybz25k5v7112e2ybp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mq65ud1qmybz25k5v7112e2ybp|03|org"; nocase; ) # jyoxbo1dl2g1xbkzyo8a0q4r1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jyoxbo1dl2g1xbkzyo8a0q4r1|03|net"; nocase; ) # 1wu81uv1pof3mg14b7dyo1yvvmzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wu81uv1pof3mg14b7dyo1yvvmzj|03|biz"; nocase; ) # 1oetvb51sek36cr19aee8baal5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oetvb51sek36cr19aee8baal5|03|biz"; nocase; ) # 1gkyyjc1xlm0x98ai3tre75vbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gkyyjc1xlm0x98ai3tre75vbr|03|net"; nocase; ) # v8m0oo1koq28o178a44nd8acr9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8m0oo1koq28o178a44nd8acr9|03|org"; nocase; ) # zkxrrb1m5gf1mqhmjz4167h4ne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zkxrrb1m5gf1mqhmjz4167h4ne|03|biz"; nocase; ) # lxsfhutedxx3wfiwepk2jf6v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lxsfhutedxx3wfiwepk2jf6v|03|biz"; nocase; ) # 147h0vx1bbwckjij1364qw3dt8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147h0vx1bbwckjij1364qw3dt8|03|org"; nocase; ) # 1lxy4o110h1ixpjrpmn21bb9tmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxy4o110h1ixpjrpmn21bb9tmm|03|org"; nocase; ) # 18dpja5abcse7eo6cz7ry5czc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18dpja5abcse7eo6cz7ry5czc|03|net"; nocase; ) # q6afxizwew6vk87038jdzzjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q6afxizwew6vk87038jdzzjy|03|com"; nocase; ) # fcsj9x1qumd6wytf4b71aixrps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fcsj9x1qumd6wytf4b71aixrps|03|net"; nocase; ) # kx068o1mufvyw1ax94n52wek7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kx068o1mufvyw1ax94n52wek7c|03|org"; nocase; ) # mfqa4m1vuljvcj7zpj4vxvzyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mfqa4m1vuljvcj7zpj4vxvzyt|03|com"; nocase; ) # sjde8f1bzsgi81hi9dnq16jbj15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sjde8f1bzsgi81hi9dnq16jbj15|03|net"; nocase; ) # 282ede12wkshytinhntq227i7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|282ede12wkshytinhntq227i7|03|biz"; nocase; ) # bejcw01ppkhhr1p9xbshlz6zee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bejcw01ppkhhr1p9xbshlz6zee|03|com"; nocase; ) # pov1nf1hlxk4s154l0vhc740rs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pov1nf1hlxk4s154l0vhc740rs|03|net"; nocase; ) # 4eufbolk9u9a1rt9g6m1wr4h2a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4eufbolk9u9a1rt9g6m1wr4h2a|03|biz"; nocase; ) # glbp071n09ux12hreyh1gr58i2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|glbp071n09ux12hreyh1gr58i2|03|com"; nocase; ) # 8spxjkq2n2mp1s3ex5udx8cum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8spxjkq2n2mp1s3ex5udx8cum|03|net"; nocase; ) # 1qtambqzowlwz1bcieepsp8xlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtambqzowlwz1bcieepsp8xlc|03|net"; nocase; ) # 1jla2ex1s8ilnp5ajhjg1oyf4xm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jla2ex1s8ilnp5ajhjg1oyf4xm|03|biz"; nocase; ) # l531w81jwgq7r7ax5lf1txnmyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l531w81jwgq7r7ax5lf1txnmyd|03|com"; nocase; ) # kqlz327okwtg10ufdgvy6n04u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kqlz327okwtg10ufdgvy6n04u|03|net"; nocase; ) # 1kk8z4q1amm2watv2tox1n6d760.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kk8z4q1amm2watv2tox1n6d760|03|biz"; nocase; ) # 178mbcn1xd7bv11u2t6ai1q3vbgk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|178mbcn1xd7bv11u2t6ai1q3vbgk|03|net"; nocase; ) # l2gnm4113a7wy1so4ha6vnox2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l2gnm4113a7wy1so4ha6vnox2r|03|biz"; nocase; ) # 1wau98s1531o7lyscvqi1hmezpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wau98s1531o7lyscvqi1hmezpp|03|net"; nocase; ) # lak2c1lew8hz1xu2zhymfg6lr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lak2c1lew8hz1xu2zhymfg6lr|03|com"; nocase; ) # djvdmqou10d21ro8xfkxcsek7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|djvdmqou10d21ro8xfkxcsek7|03|org"; nocase; ) # y5lkcz10udc12zrizil142b1t6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y5lkcz10udc12zrizil142b1t6|03|com"; nocase; ) # pd6ro3w1aba7cw0fjf1g55k14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pd6ro3w1aba7cw0fjf1g55k14|03|org"; nocase; ) # tm3tjzwisxda1ubgyj0p1u1c0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tm3tjzwisxda1ubgyj0p1u1c0|03|biz"; nocase; ) # 1629nanx1m19jdtwzcnb4o4eh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1629nanx1m19jdtwzcnb4o4eh|03|org"; nocase; ) # 125evnrvb0ppx17d3ouh1rsfrkb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|125evnrvb0ppx17d3ouh1rsfrkb|03|biz"; nocase; ) # dzyjkb1x5ruf01ef31knhnjajc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dzyjkb1x5ruf01ef31knhnjajc|03|net"; nocase; ) # f8xxcu3unc4p1vywy8612ns6m6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f8xxcu3unc4p1vywy8612ns6m6|03|net"; nocase; ) # 1myckea3juo2i1fnv81vi80byn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1myckea3juo2i1fnv81vi80byn|03|net"; nocase; ) # 1scey09o4nt725fo1qlxq6hn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1scey09o4nt725fo1qlxq6hn|03|com"; nocase; ) # 1ljm45f1w4zo5a12xzatr1bv1fy5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ljm45f1w4zo5a12xzatr1bv1fy5|03|net"; nocase; ) # 1obs1pb1aoxui9h4v6fl1ijxz16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obs1pb1aoxui9h4v6fl1ijxz16|03|net"; nocase; ) # qbsi7qxe8cjz16ift58a59lj9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qbsi7qxe8cjz16ift58a59lj9|03|net"; nocase; ) # 1hsksyw16qjtqaic8fc41pdxgj3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hsksyw16qjtqaic8fc41pdxgj3|03|biz"; nocase; ) # 1ch2ytk4leniw1h5c63tp7nfpj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ch2ytk4leniw1h5c63tp7nfpj|03|net"; nocase; ) # 24lro91x55odh1mvvmklo37u7d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24lro91x55odh1mvvmklo37u7d|03|org"; nocase; ) # 1xckyrd1x42juszax4p71adg0e1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xckyrd1x42juszax4p71adg0e1|03|net"; nocase; ) # eskyl11n7u3pv1histm51xh37jt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eskyl11n7u3pv1histm51xh37jt|03|net"; nocase; ) # yyyt2w1s8katy1xku82a1k78hbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yyyt2w1s8katy1xku82a1k78hbi|03|net"; nocase; ) # 1jh0xy710yitvinsy9yojtofxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jh0xy710yitvinsy9yojtofxd|03|org"; nocase; ) # veqjzkijghs8n3onzt1hbjoly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|veqjzkijghs8n3onzt1hbjoly|03|net"; nocase; ) # 1cixhuqbo6lki189b8rq87tg52.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cixhuqbo6lki189b8rq87tg52|03|net"; nocase; ) # 3qbmwk1y6c5qs1a0alfl1xft872.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3qbmwk1y6c5qs1a0alfl1xft872|03|org"; nocase; ) # 1kunwqy1xqn8qf1oosn4b1nx8mi4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kunwqy1xqn8qf1oosn4b1nx8mi4|03|com"; nocase; ) # appow2reg1fb1q7der1jcto3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|appow2reg1fb1q7der1jcto3f|03|com"; nocase; ) # 119fi4zvl8q97gl101g14s2324.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119fi4zvl8q97gl101g14s2324|03|net"; nocase; ) # 137nq16nub2381w70noc5zve5n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|137nq16nub2381w70noc5zve5n|03|org"; nocase; ) # nr6yyr13g8snh1hz0lsdbo35iw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nr6yyr13g8snh1hz0lsdbo35iw|03|net"; nocase; ) # 4o8229bdefmincuz1pgib133.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4o8229bdefmincuz1pgib133|03|net"; nocase; ) # 2fpyr8hl35c5x49py6mjykjj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2fpyr8hl35c5x49py6mjykjj|03|net"; nocase; ) # kh4twuftcwi1lctzw0kjccfo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kh4twuftcwi1lctzw0kjccfo|03|org"; nocase; ) # 18zfpbm1c673of7jf8so1vnldg5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18zfpbm1c673of7jf8so1vnldg5|03|com"; nocase; ) # 1s07ndmh58t5o2qvx4tzm7hl4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s07ndmh58t5o2qvx4tzm7hl4|03|biz"; nocase; ) # lk5zilek33m56qqy21i0s2tk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lk5zilek33m56qqy21i0s2tk|03|biz"; nocase; ) # 182retlcvycy61g6j4sl193taat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182retlcvycy61g6j4sl193taat|03|com"; nocase; ) # 1f395lf15dyntc1bw7t3x16xm1ad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f395lf15dyntc1bw7t3x16xm1ad|03|biz"; nocase; ) # 8xvbap99knh81rh2hgr1wiowvu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8xvbap99knh81rh2hgr1wiowvu|03|com"; nocase; ) # 31xl7n12dj6ezr8i6614wmr74.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|31xl7n12dj6ezr8i6614wmr74|03|com"; nocase; ) # 17tpbbp1t6tbkrxu073g1nfot4q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tpbbp1t6tbkrxu073g1nfot4q|03|org"; nocase; ) # ju5w781c0ktxduq0rtx10ze5y7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ju5w781c0ktxduq0rtx10ze5y7|03|net"; nocase; ) # bjg9gj1uorvqy555gwk6zqf1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjg9gj1uorvqy555gwk6zqf1z|03|net"; nocase; ) # 11nlq5q7v2joe1iakzpn137zakr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nlq5q7v2joe1iakzpn137zakr|03|net"; nocase; ) # 12kf6blfrmnb1iobee9dsrcpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12kf6blfrmnb1iobee9dsrcpm|03|net"; nocase; ) # 170rneq1fftspz4w99bp13pdq7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|170rneq1fftspz4w99bp13pdq7t|03|org"; nocase; ) # 1l35v0l1bjprlep66oj41moo1tt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l35v0l1bjprlep66oj41moo1tt|03|biz"; nocase; ) # 3f456gqpzk45uocmr81onmazo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3f456gqpzk45uocmr81onmazo|03|net"; nocase; ) # 1bxsuiumfkw4yuxw8kmkh8w9u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bxsuiumfkw4yuxw8kmkh8w9u|03|net"; nocase; ) # 122vf6z87k9cbkay3cq5o7pk3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|122vf6z87k9cbkay3cq5o7pk3|03|com"; nocase; ) # 1lt23ah43c54a149tptl1elx103.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lt23ah43c54a149tptl1elx103|03|biz"; nocase; ) # inrusqlvq0i9y2jfi717ry7ul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|inrusqlvq0i9y2jfi717ry7ul|03|com"; nocase; ) # 5u44f1g6bz8sylilbo1ggkpej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5u44f1g6bz8sylilbo1ggkpej|03|org"; nocase; ) # 1rpd0zo1us9s361915zgz10jjunt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rpd0zo1us9s361915zgz10jjunt|03|com"; nocase; ) # cc2kntxexxi513nrkwjp8mwcv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cc2kntxexxi513nrkwjp8mwcv|03|net"; nocase; ) # p4b1nu1ynwdypk1w6ue1yfib2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4b1nu1ynwdypk1w6ue1yfib2z|03|org"; nocase; ) # 1tu4cq910w6obcuzuwhb1648dqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tu4cq910w6obcuzuwhb1648dqw|03|biz"; nocase; ) # 15dn3emakxeqn1sk9emw1mzcdn6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15dn3emakxeqn1sk9emw1mzcdn6|03|com"; nocase; ) # 1h66qnjsdxx1w1u0qcy0ae7sxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h66qnjsdxx1w1u0qcy0ae7sxe|03|net"; nocase; ) # 1m5u0euyw5xtj11iwmv61w7y6pw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m5u0euyw5xtj11iwmv61w7y6pw|03|net"; nocase; ) # 1soi5ue19wb8pfmsnvs41kvo5s6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1soi5ue19wb8pfmsnvs41kvo5s6|03|com"; nocase; ) # 1cjx5ma38i2g1bb9l712tlqmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cjx5ma38i2g1bb9l712tlqmy|03|org"; nocase; ) # up3wt11cqb6l2p8j631vhtja8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|up3wt11cqb6l2p8j631vhtja8|03|net"; nocase; ) # 1egg4i1ycqq2c1f51ckp16c2vrt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1egg4i1ycqq2c1f51ckp16c2vrt|03|com"; nocase; ) # 1yvo2el3h71ousiiglhrv09e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1yvo2el3h71ousiiglhrv09e|03|net"; nocase; ) # 1l4hb4b1ybopv11lg20oy3e950p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4hb4b1ybopv11lg20oy3e950p|03|com"; nocase; ) # 1ffpmgz11gpt5715qvem9dx9wus.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ffpmgz11gpt5715qvem9dx9wus|03|org"; nocase; ) # 72nkxruvc8nc26ch7xais90x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|72nkxruvc8nc26ch7xais90x|03|com"; nocase; ) # 135lr9duz1tergryqof6s7zgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|135lr9duz1tergryqof6s7zgc|03|com"; nocase; ) # 43c9aq1l4x2m3rcouf5lq781m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|43c9aq1l4x2m3rcouf5lq781m|03|org"; nocase; ) # lsalw0irh2fv1uo1z5t1f93qy4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lsalw0irh2fv1uo1z5t1f93qy4|03|net"; nocase; ) # z5gskpowifc3gyg7m41vcsdmi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z5gskpowifc3gyg7m41vcsdmi|03|com"; nocase; ) # 159wxqw7xq6um1ewnrvt153qz12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|159wxqw7xq6um1ewnrvt153qz12|03|net"; nocase; ) # c6a7aq375jjb1nfwsn0vb3kos.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c6a7aq375jjb1nfwsn0vb3kos|03|net"; nocase; ) # 1h79no3z18od0uglp5s15taf4v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h79no3z18od0uglp5s15taf4v|03|org"; nocase; ) # 1758el91gt7s6w1hjiafn1qbm68l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1758el91gt7s6w1hjiafn1qbm68l|03|net"; nocase; ) # 1x8jcom15e3bkpln8lg9vmou4z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8jcom15e3bkpln8lg9vmou4z|03|org"; nocase; ) # 1lnx8m015g1r4i2ucllpq6prk0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnx8m015g1r4i2ucllpq6prk0|03|org"; nocase; ) # 1q0z5ptcosacz62hn8t4rxlp9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q0z5ptcosacz62hn8t4rxlp9|03|net"; nocase; ) # opa02mzkkrl79lh6v886v4cn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|opa02mzkkrl79lh6v886v4cn|03|com"; nocase; ) # 22ae9f1dlm8vu1miyvi4emo9rn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|22ae9f1dlm8vu1miyvi4emo9rn|03|net"; nocase; ) # 1vbcq6o460mzc1vr0r5y1laj3mg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vbcq6o460mzc1vr0r5y1laj3mg|03|org"; nocase; ) # 1sarz1fs2n0ph16jtpzucnmfst.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sarz1fs2n0ph16jtpzucnmfst|03|biz"; nocase; ) # 180tws81rlc28cugkr9vgcnibe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|180tws81rlc28cugkr9vgcnibe|03|net"; nocase; ) # cn9c0yexep7h1drw6z31jhw5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cn9c0yexep7h1drw6z31jhw5f|03|org"; nocase; ) # 16n8ucz1yia3awllh5f97ic0my.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16n8ucz1yia3awllh5f97ic0my|03|com"; nocase; ) # tva5hj152ox9w1uenob6us043e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tva5hj152ox9w1uenob6us043e|03|com"; nocase; ) # g52xdn1nj8gzikic3x838kare.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g52xdn1nj8gzikic3x838kare|03|org"; nocase; ) # 1cjpoyw14glc4k384sd56r88z0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cjpoyw14glc4k384sd56r88z0|03|org"; nocase; ) # 1sxavex1nu2n1u1llyjka1eorvjz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sxavex1nu2n1u1llyjka1eorvjz|03|com"; nocase; ) # f19wfq13fy7vt4l1s5o1ymetrr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f19wfq13fy7vt4l1s5o1ymetrr|03|biz"; nocase; ) # gr4wdg72sqfmvosyxgen0e2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gr4wdg72sqfmvosyxgen0e2m|03|org"; nocase; ) # 1nkd2c4vwanyvzz9z3i1qp5d4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nkd2c4vwanyvzz9z3i1qp5d4p|03|net"; nocase; ) # f7ekd09r1sj6169w65c3l56vt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f7ekd09r1sj6169w65c3l56vt|03|net"; nocase; ) # 1tten51zsq2uhsxljsmsaz8r7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tten51zsq2uhsxljsmsaz8r7|03|org"; nocase; ) # lltk9i1duo9o0rrhxv8nprn4h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lltk9i1duo9o0rrhxv8nprn4h|03|com"; nocase; ) # in2x3x69rar5txxuk117mvvra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|in2x3x69rar5txxuk117mvvra|03|org"; nocase; ) # 1lv6t5iwoezh4152axxh16yw6eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv6t5iwoezh4152axxh16yw6eb|03|net"; nocase; ) # 1mxr51rb6ieb9gdwcrs1svqj2l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mxr51rb6ieb9gdwcrs1svqj2l|03|org"; nocase; ) # 1s842qu17gq5owsn73q46bp7x5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s842qu17gq5owsn73q46bp7x5|03|net"; nocase; ) # 1eo3vqelhr8ua1qi34n514qrwce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eo3vqelhr8ua1qi34n514qrwce|03|net"; nocase; ) # 1gcncjq1i9seh01nd6cqf4uk6hw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gcncjq1i9seh01nd6cqf4uk6hw|03|net"; nocase; ) # 1n5ayg5yr4rddndnq6sni7xs5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n5ayg5yr4rddndnq6sni7xs5|03|org"; nocase; ) # zegeqq17703gvqeg7qcqb3ifn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zegeqq17703gvqeg7qcqb3ifn|03|net"; nocase; ) # cr97dd1h93w671eb0vzo1edtnjd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cr97dd1h93w671eb0vzo1edtnjd|03|net"; nocase; ) # yu351a1bprbgj15e22oxwmqdx3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yu351a1bprbgj15e22oxwmqdx3|03|org"; nocase; ) # 2b5yxu18olq9216nr81g1sceqq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2b5yxu18olq9216nr81g1sceqq4|03|net"; nocase; ) # 1hlg71fleesp31mwgi3t1pols93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hlg71fleesp31mwgi3t1pols93|03|com"; nocase; ) # c3t1yi18ccknz19eml201eihhmy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c3t1yi18ccknz19eml201eihhmy|03|biz"; nocase; ) # 8kqxnims0t9h1r2wg9ifc70u3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8kqxnims0t9h1r2wg9ifc70u3|03|org"; nocase; ) # 1yfr7itogq0dt1p3r1z247gazo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yfr7itogq0dt1p3r1z247gazo|03|org"; nocase; ) # ubtzkoa9d6h256ndwmfx53fs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ubtzkoa9d6h256ndwmfx53fs|03|net"; nocase; ) # 1rdcx11u9tt9g1rkm4m2g7ws67.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdcx11u9tt9g1rkm4m2g7ws67|03|biz"; nocase; ) # pw61gnjrhvmqpbi0w8hnbphk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pw61gnjrhvmqpbi0w8hnbphk|03|org"; nocase; ) # efpvbulnpwee1fsk6bqlw6ugu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|efpvbulnpwee1fsk6bqlw6ugu|03|net"; nocase; ) # r4grog1umgoe1dge6m419ufqiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4grog1umgoe1dge6m419ufqiu|03|com"; nocase; ) # 1v8713vxj3tz91vqj3ud1bi0f71.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8713vxj3tz91vqj3ud1bi0f71|03|org"; nocase; ) # 1bqyfwd19x47zl1nn6a7ybxo47t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bqyfwd19x47zl1nn6a7ybxo47t|03|com"; nocase; ) # mzuzfxtitjxts29iwl1i3ki3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mzuzfxtitjxts29iwl1i3ki3k|03|net"; nocase; ) # fo65bp38ut361a1q2zm136uxt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fo65bp38ut361a1q2zm136uxt4|03|com"; nocase; ) # 10m1ktbsxmbxqu4iqtv3fkc3q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10m1ktbsxmbxqu4iqtv3fkc3q|03|com"; nocase; ) # 1k2zbk81e5vk0614dvhl110ikx7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k2zbk81e5vk0614dvhl110ikx7c|03|net"; nocase; ) # v7wcyt113gsdh1m0xf2z326h9c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v7wcyt113gsdh1m0xf2z326h9c|03|org"; nocase; ) # 39563518wnu1v1tnlwvnmgxzf7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39563518wnu1v1tnlwvnmgxzf7|03|biz"; nocase; ) # uw1ujhkkgnw17sjhh21x4otnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uw1ujhkkgnw17sjhh21x4otnm|03|net"; nocase; ) # d3dh22pnz2yu1raxjzs5fe797.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d3dh22pnz2yu1raxjzs5fe797|03|net"; nocase; ) # z90jnunan41szeobqw13s9svs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z90jnunan41szeobqw13s9svs|03|biz"; nocase; ) # 1gfiabob6m60d15zcwvakwalno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gfiabob6m60d15zcwvakwalno|03|org"; nocase; ) # 1n9i12y4pcpz955nnhxzevk5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1n9i12y4pcpz955nnhxzevk5|03|net"; nocase; ) # 19fvyxosv8t77l93w8zrq2luv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19fvyxosv8t77l93w8zrq2luv|03|com"; nocase; ) # 1ygw093g5n0ahlkbl6196cbdc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ygw093g5n0ahlkbl6196cbdc|03|org"; nocase; ) # y2klfk5eh47e1xlzisxm3wak7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2klfk5eh47e1xlzisxm3wak7|03|biz"; nocase; ) # 1ns3axq426c9l10xfky1btjzb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ns3axq426c9l10xfky1btjzb1|03|net"; nocase; ) # 1dtt5uy1l0xweor4q9yp1641swh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtt5uy1l0xweor4q9yp1641swh|03|biz"; nocase; ) # 1ldbjfuolx6plsv7xpv1hvxvji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ldbjfuolx6plsv7xpv1hvxvji|03|org"; nocase; ) # 10e8w7q2f7v0l13ybmx117r1y9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10e8w7q2f7v0l13ybmx117r1y9y|03|com"; nocase; ) # kitubl182ddjn1v1ka0c1ctuava.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kitubl182ddjn1v1ka0c1ctuava|03|net"; nocase; ) # 1icip9o1p7ju9l1ez0mip40lhdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1icip9o1p7ju9l1ez0mip40lhdh|03|biz"; nocase; ) # pmexo9cjsbdlycg75y52vsy6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pmexo9cjsbdlycg75y52vsy6|03|com"; nocase; ) # hfhhe6nhaah51i7dgq7ipdzzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hfhhe6nhaah51i7dgq7ipdzzz|03|net"; nocase; ) # 1xik3rj16et1rg112z98q1siengp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xik3rj16et1rg112z98q1siengp|03|com"; nocase; ) # 1xnb7fa1ouzotz1whn5xy12kz6i2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xnb7fa1ouzotz1whn5xy12kz6i2|03|biz"; nocase; ) # kj3qbz1nmb8m81lunfeq11dgqiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kj3qbz1nmb8m81lunfeq11dgqiv|03|net"; nocase; ) # du09d611g06ezp63x81tgymwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|du09d611g06ezp63x81tgymwq|03|com"; nocase; ) # jgcx161pwn0xt4dxo8e1bq6gbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jgcx161pwn0xt4dxo8e1bq6gbg|03|com"; nocase; ) # 1qmguw4qucbct1g6m6s1izxcw4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qmguw4qucbct1g6m6s1izxcw4|03|com"; nocase; ) # a2sug11cb2lb213lke6t5klhti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a2sug11cb2lb213lke6t5klhti|03|net"; nocase; ) # u7prqo16khs9oe5e1mnbp6qcg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u7prqo16khs9oe5e1mnbp6qcg|03|org"; nocase; ) # 1ku6h3g1qy0delywg7elndjsh6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ku6h3g1qy0delywg7elndjsh6|03|org"; nocase; ) # 12jf56roo7w021pln2hvynnth5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12jf56roo7w021pln2hvynnth5|03|com"; nocase; ) # chfc6e1hfy9qahsu7yj198y5dn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chfc6e1hfy9qahsu7yj198y5dn|03|org"; nocase; ) # 31gq9939hdc1ko4kr71n5s9s6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|31gq9939hdc1ko4kr71n5s9s6|03|net"; nocase; ) # 1jgz8kb1w3wzrlvc87cz1ss3poa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jgz8kb1w3wzrlvc87cz1ss3poa|03|org"; nocase; ) # b3v2prfe26zhli690o1ycieqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3v2prfe26zhli690o1ycieqr|03|net"; nocase; ) # 18a635911t5cxacywry41bz9992.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18a635911t5cxacywry41bz9992|03|com"; nocase; ) # fs7c77y3d2sf1n9w73r13ui3n2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fs7c77y3d2sf1n9w73r13ui3n2|03|biz"; nocase; ) # 1wq23txfn89s21t9893t1qickly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wq23txfn89s21t9893t1qickly|03|org"; nocase; ) # vit9nj14tjd6c10u1zfa1abkiyf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vit9nj14tjd6c10u1zfa1abkiyf|03|biz"; nocase; ) # 1q00intakq895bst7ufef1zll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q00intakq895bst7ufef1zll|03|com"; nocase; ) # 83pdei1yzs44916r8qdd1svsub6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|83pdei1yzs44916r8qdd1svsub6|03|org"; nocase; ) # 17y6lhtxu2tbe3kiajr1bf25hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17y6lhtxu2tbe3kiajr1bf25hk|03|net"; nocase; ) # 11cem2u14gm5l4y2timn1px0lp2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11cem2u14gm5l4y2timn1px0lp2|03|biz"; nocase; ) # 1fex7lu1cs9s67k5jb7r1z05km6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fex7lu1cs9s67k5jb7r1z05km6|03|net"; nocase; ) # mmnm6evuwnq4b9zpel1g48ha9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mmnm6evuwnq4b9zpel1g48ha9|03|org"; nocase; ) # 7g07o27emvqwk9m4z0kd38ok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7g07o27emvqwk9m4z0kd38ok|03|com"; nocase; ) # 1d62u1v1o65r1a1o4tfd5mcqpq8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d62u1v1o65r1a1o4tfd5mcqpq8|03|biz"; nocase; ) # 1kz9h2q8b0jyh1wnbj2mfdm5zu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kz9h2q8b0jyh1wnbj2mfdm5zu|03|net"; nocase; ) # 162uu47q9qrq95memsmkfcnqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|162uu47q9qrq95memsmkfcnqj|03|net"; nocase; ) # 1ao1g4w18awcxn1pkgp6q1yfngur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ao1g4w18awcxn1pkgp6q1yfngur|03|net"; nocase; ) # 19p0ovfxx0aqo16akl2q1us2ehs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19p0ovfxx0aqo16akl2q1us2ehs|03|net"; nocase; ) # 149yfh4rm3for1b7jj7517tmxpt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|149yfh4rm3for1b7jj7517tmxpt|03|com"; nocase; ) # r6egt5l72ua0306vmvc0xbbj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r6egt5l72ua0306vmvc0xbbj|03|net"; nocase; ) # ceanv61pmlqol33nopjou9o9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ceanv61pmlqol33nopjou9o9a|03|org"; nocase; ) # 3mfqlr1p1k2zvio7utk10dgq06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3mfqlr1p1k2zvio7utk10dgq06|03|net"; nocase; ) # 1mglmd3r8hsf9a7doyz1elolf0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mglmd3r8hsf9a7doyz1elolf0|03|org"; nocase; ) # 1ggksnf12tz1lf17roxwc1j2gn0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ggksnf12tz1lf17roxwc1j2gn0e|03|com"; nocase; ) # 10atp4aqp8wrz1mit891q27f9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10atp4aqp8wrz1mit891q27f9h|03|net"; nocase; ) # mnqhcvou44gbjr1xso1h1bb1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mnqhcvou44gbjr1xso1h1bb1s|03|biz"; nocase; ) # 1hw9uxpj3xwck1ay58zp14wh1hx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hw9uxpj3xwck1ay58zp14wh1hx|03|com"; nocase; ) # h13goz1xtdfsa1f5qeoo19y9zoh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h13goz1xtdfsa1f5qeoo19y9zoh|03|org"; nocase; ) # 2532yu1hub6fv85nxud1gjfg6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2532yu1hub6fv85nxud1gjfg6x|03|org"; nocase; ) # 6a8omcpehis61fcwc8et2t0hu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6a8omcpehis61fcwc8et2t0hu|03|biz"; nocase; ) # ky4g351u8irnvxh3ahv3opb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ky4g351u8irnvxh3ahv3opb9|03|net"; nocase; ) # 1442u751mvrjuzuciote14mmhio.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1442u751mvrjuzuciote14mmhio|03|biz"; nocase; ) # 10l5czn1gb17hit7hesu91g999.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10l5czn1gb17hit7hesu91g999|03|biz"; nocase; ) # 1e65gp31l8p31e11pd9pllj3ov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e65gp31l8p31e11pd9pllj3ov|03|com"; nocase; ) # 1b6pkr0ya1t1f1p1s1rgwgmfj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b6pkr0ya1t1f1p1s1rgwgmfj8|03|com"; nocase; ) # 1mpzyq5nllszkcg3kk71xxpevm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpzyq5nllszkcg3kk71xxpevm|03|com"; nocase; ) # f0vr4319m3tui1jm59i41clc690.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f0vr4319m3tui1jm59i41clc690|03|net"; nocase; ) # 6kp8ywrqtfcqd8yg56sx8xq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|6kp8ywrqtfcqd8yg56sx8xq|03|net"; nocase; ) # oh6lj6a8d3es10hj5qp1pum6b4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oh6lj6a8d3es10hj5qp1pum6b4|03|org"; nocase; ) # 175y0l81svh901q0pbdbozh8hs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|175y0l81svh901q0pbdbozh8hs|03|net"; nocase; ) # ntyz6h1bihal71owpqxe7gjlv6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ntyz6h1bihal71owpqxe7gjlv6|03|biz"; nocase; ) # s7bpa3b92qyexpe04a1u4c23e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s7bpa3b92qyexpe04a1u4c23e|03|com"; nocase; ) # fpkizj571s3w5dff85gy2vw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|fpkizj571s3w5dff85gy2vw|03|net"; nocase; ) # 19b79ofwjaqis1nl9e8gbmtyk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19b79ofwjaqis1nl9e8gbmtyk5|03|com"; nocase; ) # 98tlabobm2xo18bane11ufjpyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98tlabobm2xo18bane11ufjpyv|03|org"; nocase; ) # h7fvhj1a6wopp1v6gcrcyjmdxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h7fvhj1a6wopp1v6gcrcyjmdxx|03|net"; nocase; ) # 6a9fyi20gwnbge9okq1yngyh9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6a9fyi20gwnbge9okq1yngyh9|03|org"; nocase; ) # 1n6p6f1qvl1qa1bqrzyw5rtnfg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n6p6f1qvl1qa1bqrzyw5rtnfg|03|net"; nocase; ) # pskm4r1krv7y219mr7y9qricg1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pskm4r1krv7y219mr7y9qricg1|03|net"; nocase; ) # 1ag4obz1v4gejay2w960ckntp3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ag4obz1v4gejay2w960ckntp3|03|net"; nocase; ) # axzra4g4580h1hbgo5wda9yme.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|axzra4g4580h1hbgo5wda9yme|03|biz"; nocase; ) # x8y10n8ud6801jkvv4f2b4kwc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x8y10n8ud6801jkvv4f2b4kwc|03|net"; nocase; ) # 8c59x51ynlevtme3c9617kcb05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8c59x51ynlevtme3c9617kcb05|03|org"; nocase; ) # 13v57q81bw63l01c9t0tr54wc2j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13v57q81bw63l01c9t0tr54wc2j|03|biz"; nocase; ) # mqzkqr196q0fvtbftmq1uoxkn4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mqzkqr196q0fvtbftmq1uoxkn4|03|biz"; nocase; ) # j6y0f6w19gnugbobk5ikcnph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j6y0f6w19gnugbobk5ikcnph|03|org"; nocase; ) # 2bn0nti8abpfrcp9wyfwbb5x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2bn0nti8abpfrcp9wyfwbb5x|03|org"; nocase; ) # 1xllvq91kiqnorhpoa93142u2yh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xllvq91kiqnorhpoa93142u2yh|03|net"; nocase; ) # 1fhit8s1h7i15x1tm00zyeh62uj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fhit8s1h7i15x1tm00zyeh62uj|03|org"; nocase; ) # 1yu7zqi161idsu1jwstc71k9kpq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yu7zqi161idsu1jwstc71k9kpq8|03|org"; nocase; ) # thd5tz10dewdvkxwz0l1mssoro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|thd5tz10dewdvkxwz0l1mssoro|03|com"; nocase; ) # 1t0reiccylz4r1dgehb8168y4v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t0reiccylz4r1dgehb8168y4v0|03|net"; nocase; ) # movubx1p80egpgka4sh1awrbm1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|movubx1p80egpgka4sh1awrbm1|03|org"; nocase; ) # 1lkhf2j19x4eui15a1eippdq0ws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lkhf2j19x4eui15a1eippdq0ws|03|com"; nocase; ) # 1nv2s3j1gdtdtb1inzceu15fvjw3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nv2s3j1gdtdtb1inzceu15fvjw3|03|com"; nocase; ) # 1xi3vzw1ffhrzym51fr41ia658q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xi3vzw1ffhrzym51fr41ia658q|03|com"; nocase; ) # 1oql3ep414pqpmx33mk1hvs3jz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oql3ep414pqpmx33mk1hvs3jz|03|net"; nocase; ) # 18t8ty91y6s7le1o6q9npxab5ns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18t8ty91y6s7le1o6q9npxab5ns|03|net"; nocase; ) # fb35cv1inc0ho12nlvb32ok2lr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fb35cv1inc0ho12nlvb32ok2lr|03|com"; nocase; ) # 1tsgl61t58s2154kwqf9lql2e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tsgl61t58s2154kwqf9lql2e|03|biz"; nocase; ) # gktmnd17cfakulvd3sg1as5vjf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gktmnd17cfakulvd3sg1as5vjf|03|net"; nocase; ) # umhrrx1711d2n5q0rkm1koj4us.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|umhrrx1711d2n5q0rkm1koj4us|03|com"; nocase; ) # 89a34d1p602wghp5ipb1fpygbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89a34d1p602wghp5ipb1fpygbc|03|net"; nocase; ) # 13ogg4d1u01dsm1voal182as7gg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ogg4d1u01dsm1voal182as7gg|03|net"; nocase; ) # q8w0sjnxetlz12dteuc1kdtqs6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8w0sjnxetlz12dteuc1kdtqs6|03|org"; nocase; ) # 1lfuzqd12c561wwo22b1wub91w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfuzqd12c561wwo22b1wub91w|03|net"; nocase; ) # 1dxlv11165pz0j3e1bldxydw56.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dxlv11165pz0j3e1bldxydw56|03|biz"; nocase; ) # 1wds2v518m2n1w9ahn0mgurg0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wds2v518m2n1w9ahn0mgurg0e|03|com"; nocase; ) # vhnrijssfa8pn9nlyzzkf76q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vhnrijssfa8pn9nlyzzkf76q|03|com"; nocase; ) # 1h8rlfe1539hlm1yuge7ykayvow.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h8rlfe1539hlm1yuge7ykayvow|03|org"; nocase; ) # pq8pisax8egiptatsl41bhpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pq8pisax8egiptatsl41bhpl|03|com"; nocase; ) # 1xuc9yk1mhxmur1spwafh19gxdpe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xuc9yk1mhxmur1spwafh19gxdpe|03|com"; nocase; ) # n3frl81qsutho1mh018pycsd7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3frl81qsutho1mh018pycsd7a|03|com"; nocase; ) # 15apuz8hnt5m5139jhdnejqosh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15apuz8hnt5m5139jhdnejqosh|03|net"; nocase; ) # 2ahveup766q2itd5rpo0mkeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ahveup766q2itd5rpo0mkeo|03|com"; nocase; ) # 1jhoicm1f2fw27x3g27d8zfxhv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhoicm1f2fw27x3g27d8zfxhv|03|org"; nocase; ) # 1v3jrjaqzl5ah1rivcoi5aovf0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v3jrjaqzl5ah1rivcoi5aovf0|03|com"; nocase; ) # 1wppl8c1c9lw6k1a8uxu1ko4u0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wppl8c1c9lw6k1a8uxu1ko4u0n|03|org"; nocase; ) # 14qjqs71i9pzvefxturj1jwgde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14qjqs71i9pzvefxturj1jwgde|03|com"; nocase; ) # rpjmo9yks0x69l1uloavjuhj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rpjmo9yks0x69l1uloavjuhj|03|net"; nocase; ) # 8rfn5e1qtkijb1w16is616lu9ad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8rfn5e1qtkijb1w16is616lu9ad|03|org"; nocase; ) # 1fqiwbp1qhcnw38nd25mourepx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fqiwbp1qhcnw38nd25mourepx|03|net"; nocase; ) # ldy9m0gjrd1gubpjcepn49h5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ldy9m0gjrd1gubpjcepn49h5|03|net"; nocase; ) # 1gi8p58pq5lbn1dalj6y101vony.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gi8p58pq5lbn1dalj6y101vony|03|net"; nocase; ) # 1fk6005ej1th71x65rbx1vz6iga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fk6005ej1th71x65rbx1vz6iga|03|com"; nocase; ) # ckec5p1xntmm5cjsyrxc9yjek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ckec5p1xntmm5cjsyrxc9yjek|03|org"; nocase; ) # 17ia10xj099e81jjldi311tfaif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ia10xj099e81jjldi311tfaif|03|com"; nocase; ) # 1pipmj0pis5dbvr63sf6tmrnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pipmj0pis5dbvr63sf6tmrnp|03|net"; nocase; ) # 1xdlf45ezbxwi1fnf0oyx3c7ey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xdlf45ezbxwi1fnf0oyx3c7ey|03|org"; nocase; ) # 8ki1n91l5ha8ulemrpxa71upl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ki1n91l5ha8ulemrpxa71upl|03|net"; nocase; ) # 1evh79f1n6o0k5flkubw1bbrwn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evh79f1n6o0k5flkubw1bbrwn|03|net"; nocase; ) # 2ot48l1213fcl1v48s7u1nw9o16.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2ot48l1213fcl1v48s7u1nw9o16|03|org"; nocase; ) # 15ez5y49pjcfl150m1fmgfa60g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ez5y49pjcfl150m1fmgfa60g|03|biz"; nocase; ) # 16xyjxj7vc6cszcwq0kjdbgxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16xyjxj7vc6cszcwq0kjdbgxp|03|net"; nocase; ) # upcsi41ccas7d1kirejjv0bnt6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|upcsi41ccas7d1kirejjv0bnt6|03|com"; nocase; ) # 1sxtuu61c6q27wu9z24a11jnxh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sxtuu61c6q27wu9z24a11jnxh|03|net"; nocase; ) # kds9kq1esm61r13tm011lwhi1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kds9kq1esm61r13tm011lwhi1s|03|net"; nocase; ) # 16nunk12x8jh4rpv941vxt87l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16nunk12x8jh4rpv941vxt87l|03|org"; nocase; ) # fypd1bl1ad8y142grql6lacar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fypd1bl1ad8y142grql6lacar|03|net"; nocase; ) # 1lxz5bssbgta31nbmgsw120hllz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxz5bssbgta31nbmgsw120hllz|03|org"; nocase; ) # 1cin37xj06s6cuj27744fw56.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1cin37xj06s6cuj27744fw56|03|com"; nocase; ) # 19m9lvwg38cuydjv8g71vln1me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19m9lvwg38cuydjv8g71vln1me|03|net"; nocase; ) # 10zmkbu1vdnkg39e9ube3zqitl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10zmkbu1vdnkg39e9ube3zqitl|03|org"; nocase; ) # 1kfzw1l1nhfmlj2eoqmzt8x266.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfzw1l1nhfmlj2eoqmzt8x266|03|com"; nocase; ) # gt7g7a1v8w0g2ddcxe61bh5axs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gt7g7a1v8w0g2ddcxe61bh5axs|03|net"; nocase; ) # h3ga4u964s8her5fl4dgiay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|h3ga4u964s8her5fl4dgiay|03|net"; nocase; ) # knvn988ka71yqmp2hsrjltai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|knvn988ka71yqmp2hsrjltai|03|com"; nocase; ) # b0fi2r1uyszkv1wptymhrnf60a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0fi2r1uyszkv1wptymhrnf60a|03|biz"; nocase; ) # 1wwjme5rxy0fu1ecof711jh3ba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwjme5rxy0fu1ecof711jh3ba|03|biz"; nocase; ) # 1kn0uh115r34rn1jh5zgbyb8jj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kn0uh115r34rn1jh5zgbyb8jj0|03|com"; nocase; ) # mo3uxh1qyn1c313br318gu5dln.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mo3uxh1qyn1c313br318gu5dln|03|biz"; nocase; ) # r5hmlo1ljkt6q1dikpcy1ll2ncd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r5hmlo1ljkt6q1dikpcy1ll2ncd|03|org"; nocase; ) # j9e4cqyv5fom1pao83a13apase.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9e4cqyv5fom1pao83a13apase|03|net"; nocase; ) # f8stx611ovw8k11li8yq2ummnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f8stx611ovw8k11li8yq2ummnb|03|biz"; nocase; ) # 16pgwqcopk76p15o5swg7ydea5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16pgwqcopk76p15o5swg7ydea5|03|com"; nocase; ) # 12ke9oxdhph4x159p7sfb58fn6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12ke9oxdhph4x159p7sfb58fn6|03|net"; nocase; ) # 10b74r11h7jzwzckzzz81b9tydx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10b74r11h7jzwzckzzz81b9tydx|03|org"; nocase; ) # nd791d94t2841qk90vg14i6z9s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nd791d94t2841qk90vg14i6z9s|03|biz"; nocase; ) # xg2e1t1s046statr7gb1qr1kf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xg2e1t1s046statr7gb1qr1kf8|03|net"; nocase; ) # 5kp1c71qjhmyu15dwo8sila6u9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5kp1c71qjhmyu15dwo8sila6u9|03|org"; nocase; ) # d9ecfv1yypm3x1cd9s831nrytdq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d9ecfv1yypm3x1cd9s831nrytdq|03|biz"; nocase; ) # pq2uq5152lp5w1d1oeolrwgqqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pq2uq5152lp5w1d1oeolrwgqqb|03|net"; nocase; ) # i3ohax16wdhak1u2c6zh1wz6o1w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i3ohax16wdhak1u2c6zh1wz6o1w|03|biz"; nocase; ) # 1kt3a21ls55y9g38v1qp4pej6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kt3a21ls55y9g38v1qp4pej6|03|biz"; nocase; ) # 1oybxxmmi39rb17vd01g7c8ah0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oybxxmmi39rb17vd01g7c8ah0|03|com"; nocase; ) # 1a3s3fllqo0801lj5jml11q4y8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a3s3fllqo0801lj5jml11q4y8d|03|biz"; nocase; ) # 1iauuys19n5ciahup89h1ge7fgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iauuys19n5ciahup89h1ge7fgp|03|org"; nocase; ) # 9rsayvi6jifp1i3ph6p5rg5hg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9rsayvi6jifp1i3ph6p5rg5hg|03|net"; nocase; ) # iacsfq1oytjt41sd2knb1vutkx2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iacsfq1oytjt41sd2knb1vutkx2|03|biz"; nocase; ) # 1pjw0wg1e1wq8u1jt6f5g1sixfl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pjw0wg1e1wq8u1jt6f5g1sixfl0|03|org"; nocase; ) # 1tqyile16m6c1y1ixe5jb18vmsxt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tqyile16m6c1y1ixe5jb18vmsxt|03|biz"; nocase; ) # 1bj0ygj1a3oyews2vsb261vbm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bj0ygj1a3oyews2vsb261vbm4|03|com"; nocase; ) # nj2ceh1km48lyrifjnh1prw95s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nj2ceh1km48lyrifjnh1prw95s|03|biz"; nocase; ) # 1pmrfli1d3wz5qudn6b2t6c46r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pmrfli1d3wz5qudn6b2t6c46r|03|net"; nocase; ) # 28bm507y2z6yxyax7b18kgcms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|28bm507y2z6yxyax7b18kgcms|03|net"; nocase; ) # 1at5afx1vvvmfdnpfbge1k1a079.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1at5afx1vvvmfdnpfbge1k1a079|03|biz"; nocase; ) # bkdfdb1hyzp12uswphu11pwy77.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bkdfdb1hyzp12uswphu11pwy77|03|org"; nocase; ) # fagtpn6w1lcgjuhfaw16kso0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fagtpn6w1lcgjuhfaw16kso0f|03|net"; nocase; ) # jj0l1s3mxsm31wt2bmy1j90v11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jj0l1s3mxsm31wt2bmy1j90v11|03|net"; nocase; ) # 8lfxo115441pc1jythnt1exwnvf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8lfxo115441pc1jythnt1exwnvf|03|org"; nocase; ) # ujnc8pwbassv1x7pbfhvto7l7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ujnc8pwbassv1x7pbfhvto7l7|03|net"; nocase; ) # 1we36my1kyqsm6p05rn2pc7oz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1we36my1kyqsm6p05rn2pc7oz|03|biz"; nocase; ) # 4e73c41ti98ipp97nft1jh7p1a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4e73c41ti98ipp97nft1jh7p1a|03|org"; nocase; ) # 3i8nxdhppo6f6svqxb1jsxiq1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3i8nxdhppo6f6svqxb1jsxiq1|03|com"; nocase; ) # 7ad00y1v6miqlpmpg6jxfwm8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ad00y1v6miqlpmpg6jxfwm8v|03|net"; nocase; ) # 16ias7ut1dwil1qt76751xfx254.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ias7ut1dwil1qt76751xfx254|03|net"; nocase; ) # 1qvtmul1x5r045blmk22uwgrvx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qvtmul1x5r045blmk22uwgrvx|03|com"; nocase; ) # jad1an1nc36h3migecg1l1gl8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jad1an1nc36h3migecg1l1gl8d|03|org"; nocase; ) # 167semo94b5ya17ki80g1w0tdwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|167semo94b5ya17ki80g1w0tdwe|03|com"; nocase; ) # h248az7tb88f1cqslcew03ibd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h248az7tb88f1cqslcew03ibd|03|biz"; nocase; ) # w35j45u3tum9kl7bocw5m2yv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w35j45u3tum9kl7bocw5m2yv|03|biz"; nocase; ) # 1mxpr6c5m1jb61urhk5f1vrl727.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mxpr6c5m1jb61urhk5f1vrl727|03|com"; nocase; ) # q3sajf176j9zv7o08it1voso1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q3sajf176j9zv7o08it1voso1g|03|com"; nocase; ) # 2upp081y9ipqh1vf15y71nbgum5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2upp081y9ipqh1vf15y71nbgum5|03|com"; nocase; ) # cwyfk81xg10e171nu6e732jad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cwyfk81xg10e171nu6e732jad|03|org"; nocase; ) # 1hxcbloowp2i01xy4e0f12eo8y1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hxcbloowp2i01xy4e0f12eo8y1|03|net"; nocase; ) # shm2tt1dm19681uuzej31h35gf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|shm2tt1dm19681uuzej31h35gf2|03|org"; nocase; ) # 1fieof417dmj4xpy9irymrslhn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fieof417dmj4xpy9irymrslhn|03|org"; nocase; ) # 1o97qwn1rm8a9b5sa5de5xwja4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o97qwn1rm8a9b5sa5de5xwja4|03|com"; nocase; ) # toc85k1gu1hcu4o5n7pryul19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|toc85k1gu1hcu4o5n7pryul19|03|com"; nocase; ) # p49hf71a7hne5wmbem0112hs0b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p49hf71a7hne5wmbem0112hs0b|03|org"; nocase; ) # ygnl465yeyol1rzsozfhi61k7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ygnl465yeyol1rzsozfhi61k7|03|net"; nocase; ) # dl2eq4g8kptf1u0qroa16rweb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dl2eq4g8kptf1u0qroa16rweb2|03|net"; nocase; ) # 1be7qru6z9dozozqcw61xz2040.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1be7qru6z9dozozqcw61xz2040|03|com"; nocase; ) # kmcrpcgggk4m1l1avc9cg8dqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmcrpcgggk4m1l1avc9cg8dqj|03|org"; nocase; ) # 1jg8yu3do9304ypeao21f05k4k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jg8yu3do9304ypeao21f05k4k|03|org"; nocase; ) # iuwkva18azz0y1evezl21qw2pw2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iuwkva18azz0y1evezl21qw2pw2|03|biz"; nocase; ) # 1e3fyrp1741ovta8jvysj3rplp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e3fyrp1741ovta8jvysj3rplp|03|com"; nocase; ) # 1dnfdp6mqkd9z131jw43nv78ta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dnfdp6mqkd9z131jw43nv78ta|03|net"; nocase; ) # dquvdsrs63m812cvhmp1wmhhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dquvdsrs63m812cvhmp1wmhhy|03|com"; nocase; ) # 1garay22oim5h1n3x4vxkfvh0p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1garay22oim5h1n3x4vxkfvh0p|03|com"; nocase; ) # rpejhzdrpms612zyzoz1kzuqmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rpejhzdrpms612zyzoz1kzuqmd|03|net"; nocase; ) # muxbd410gs4d210f9k61szyi6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|muxbd410gs4d210f9k61szyi6i|03|com"; nocase; ) # wjmj6o9vpafg1uyjaoz1r41xoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wjmj6o9vpafg1uyjaoz1r41xoa|03|com"; nocase; ) # 1364tyc1ni2dyt138y2rf95025t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1364tyc1ni2dyt138y2rf95025t|03|org"; nocase; ) # 2cbdvs1xulw6gcq80821t15mpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cbdvs1xulw6gcq80821t15mpi|03|net"; nocase; ) # 1our7b64hk6c111ny0d1ibsvd3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1our7b64hk6c111ny0d1ibsvd3|03|org"; nocase; ) # 12sfpox19g1a6e1x6p6ly1xwqsxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12sfpox19g1a6e1x6p6ly1xwqsxe|03|com"; nocase; ) # o1dfjyxyjaxvrstke8fv5dv8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o1dfjyxyjaxvrstke8fv5dv8|03|net"; nocase; ) # 1a2dr9n1wi2kfy1u2storm5qzli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a2dr9n1wi2kfy1u2storm5qzli|03|org"; nocase; ) # 1gjo8e94ysgvx1cp73ij1nrmt1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gjo8e94ysgvx1cp73ij1nrmt1w|03|com"; nocase; ) # 1c904d4y7q82a1jasxh94gg467.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c904d4y7q82a1jasxh94gg467|03|org"; nocase; ) # 1xy4rzu1mzc0k19yaiem1b0ibz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xy4rzu1mzc0k19yaiem1b0ibz4|03|net"; nocase; ) # 10pznh72vav8rgy4iy912fxcgk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10pznh72vav8rgy4iy912fxcgk|03|org"; nocase; ) # 35dxxii5wprc18pp3141aua6l3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|35dxxii5wprc18pp3141aua6l3|03|com"; nocase; ) # 8djdx91doe4y11opwmvn1rxd1vl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8djdx91doe4y11opwmvn1rxd1vl|03|net"; nocase; ) # 15us3lk1ssjme0o5fw3darh55c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15us3lk1ssjme0o5fw3darh55c|03|biz"; nocase; ) # hnx1w31a7ddgzg7s3o1v0igl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hnx1w31a7ddgzg7s3o1v0igl8|03|com"; nocase; ) # 128skq613phnvttjt5xd10wjidz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|128skq613phnvttjt5xd10wjidz|03|org"; nocase; ) # 4n4uu71d822f61gp8yd0vh6ztx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4n4uu71d822f61gp8yd0vh6ztx|03|biz"; nocase; ) # 1ixf14m1ljgnrslzzet3nqr2xl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixf14m1ljgnrslzzet3nqr2xl|03|net"; nocase; ) # trjk5bg5kgheriyf21yobgiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|trjk5bg5kgheriyf21yobgiw|03|net"; nocase; ) # 1wmnh84nh09kcnzi1h3eim11m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wmnh84nh09kcnzi1h3eim11m|03|biz"; nocase; ) # 15rkqphda3jroj760mb1kzt7jk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15rkqphda3jroj760mb1kzt7jk|03|net"; nocase; ) # 1cfdauz1ntf8s2185i2v91arcqzc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cfdauz1ntf8s2185i2v91arcqzc|03|net"; nocase; ) # 1dlgy8qm62hh31anwhre5qijou.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlgy8qm62hh31anwhre5qijou|03|biz"; nocase; ) # 1dtobav1iyiznj1b0gm623lidit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtobav1iyiznj1b0gm623lidit|03|org"; nocase; ) # 1t8ao3911mh989x14jxv1saltr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t8ao3911mh989x14jxv1saltr8|03|com"; nocase; ) # 157k5vvxpty5v5eoj3z3wzks4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|157k5vvxpty5v5eoj3z3wzks4|03|org"; nocase; ) # u88vj71gmj05lbz0fo81lmmkmv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u88vj71gmj05lbz0fo81lmmkmv|03|biz"; nocase; ) # 1kqqwvsiyav8mu442avw4crwz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kqqwvsiyav8mu442avw4crwz|03|com"; nocase; ) # 19mu4d4e9t0kjf0luxck8n885.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19mu4d4e9t0kjf0luxck8n885|03|org"; nocase; ) # 14gayyp14051g9wsay2249zfbm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14gayyp14051g9wsay2249zfbm|03|org"; nocase; ) # fa8ua41pkdqnp1i22fg1ezqfae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fa8ua41pkdqnp1i22fg1ezqfae|03|biz"; nocase; ) # 4cvim712munhj7y7pv2v222lb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4cvim712munhj7y7pv2v222lb|03|net"; nocase; ) # 1gge59b1brvgbbi7ri36gro8qb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gge59b1brvgbbi7ri36gro8qb|03|net"; nocase; ) # 1yekdyw1xedwl31tt6k7pgig86o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yekdyw1xedwl31tt6k7pgig86o|03|net"; nocase; ) # 17aqwjc10vgdi6m1yn4y1ziys.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17aqwjc10vgdi6m1yn4y1ziys|03|biz"; nocase; ) # 5k3ybpl0twfb1daozc8icwkua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5k3ybpl0twfb1daozc8icwkua|03|org"; nocase; ) # wsn4grnn14ocp0diry3h2ryy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wsn4grnn14ocp0diry3h2ryy|03|com"; nocase; ) # cruxy5jo9eu31ava9cpp0wka4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cruxy5jo9eu31ava9cpp0wka4|03|biz"; nocase; ) # lvxw2v1dvhlsi1l1vk11sb659v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lvxw2v1dvhlsi1l1vk11sb659v|03|net"; nocase; ) # 1o2p2du1fvl4smuhafts115zpas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2p2du1fvl4smuhafts115zpas|03|net"; nocase; ) # 5tbb5n12hrxqe4kc05s1x3hlzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5tbb5n12hrxqe4kc05s1x3hlzw|03|com"; nocase; ) # clme6w1cb5tbi19svabc1fyah84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|clme6w1cb5tbi19svabc1fyah84|03|net"; nocase; ) # bvks5p1wr9rmjhy01387tdtjh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bvks5p1wr9rmjhy01387tdtjh|03|biz"; nocase; ) # 2v462j1qspv4aybqq6e1cwbv2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2v462j1qspv4aybqq6e1cwbv2x|03|net"; nocase; ) # r7rdy21a4d3ixlt8hef18ax7af.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r7rdy21a4d3ixlt8hef18ax7af|03|com"; nocase; ) # odehi3pcp76j86vssj16hw6ih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|odehi3pcp76j86vssj16hw6ih|03|net"; nocase; ) # 1x9hrzd17uz952kq1u1koxe32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x9hrzd17uz952kq1u1koxe32|03|com"; nocase; ) # 1ygdk3w8tw7ehvdjg3a1gvqy8u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygdk3w8tw7ehvdjg3a1gvqy8u|03|com"; nocase; ) # m7nx1atycqvncgo8ss1uhm9ek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m7nx1atycqvncgo8ss1uhm9ek|03|net"; nocase; ) # 1ljp380y7qt2f4hxip61ky6zz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ljp380y7qt2f4hxip61ky6zz5|03|com"; nocase; ) # 1ae3xwn2dh1sxskswzc13ebxqx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ae3xwn2dh1sxskswzc13ebxqx|03|org"; nocase; ) # r5sc2h194owjo19bfhz91ypp81z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r5sc2h194owjo19bfhz91ypp81z|03|com"; nocase; ) # 1lf48f1obe2ol1e9ij0z1fwst0t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lf48f1obe2ol1e9ij0z1fwst0t|03|org"; nocase; ) # kc0i43i662bk8p3c3n14rdbdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kc0i43i662bk8p3c3n14rdbdt|03|org"; nocase; ) # 8oygjb13npynegc6fzx1bcqtjz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8oygjb13npynegc6fzx1bcqtjz|03|com"; nocase; ) # 1aj2ce315d6zvd1q0x8ci1984laz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aj2ce315d6zvd1q0x8ci1984laz|03|biz"; nocase; ) # bep2031w3terw148lmi619ls82c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bep2031w3terw148lmi619ls82c|03|net"; nocase; ) # foe7a9k4an9w1qai0b11ymuix2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|foe7a9k4an9w1qai0b11ymuix2|03|org"; nocase; ) # 1ki0sm3110hokkyqplrn7kip5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ki0sm3110hokkyqplrn7kip5g|03|net"; nocase; ) # 149y01nero9p0c8ver81covhsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|149y01nero9p0c8ver81covhsy|03|org"; nocase; ) # 86200uaeumzgn3lu60ve61q5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|86200uaeumzgn3lu60ve61q5|03|net"; nocase; ) # mc0ptvs1572x1ft8uc81dxcvo4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mc0ptvs1572x1ft8uc81dxcvo4|03|com"; nocase; ) # 4zbjva1g6wumq16d5sb31obftr5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4zbjva1g6wumq16d5sb31obftr5|03|com"; nocase; ) # yr98fa378awc1sn8l5k1rhk85p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yr98fa378awc1sn8l5k1rhk85p|03|org"; nocase; ) # j2j96fyrdwx41h1hruv11pji8j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2j96fyrdwx41h1hruv11pji8j|03|biz"; nocase; ) # 91djrq7gfesfl9x2f312hxc28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91djrq7gfesfl9x2f312hxc28|03|net"; nocase; ) # 1oiyzbt11c0ydyeeom021x096zu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oiyzbt11c0ydyeeom021x096zu|03|org"; nocase; ) # 1jglyucwxeo1a1a7rwnnm04cxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jglyucwxeo1a1a7rwnnm04cxp|03|net"; nocase; ) # f7g221dmm6n21mn88zp1lgxh4z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7g221dmm6n21mn88zp1lgxh4z|03|net"; nocase; ) # 19hpr0o16tu6961hlpjomn5vkcz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19hpr0o16tu6961hlpjomn5vkcz|03|net"; nocase; ) # 3o8jfobd4ya6jdsk4xtls6c1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3o8jfobd4ya6jdsk4xtls6c1|03|net"; nocase; ) # 103htai5p5eu16uu8wpn5etn3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|103htai5p5eu16uu8wpn5etn3|03|org"; nocase; ) # 1fryvhf1oz10tnkf9c1tl5knk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fryvhf1oz10tnkf9c1tl5knk4|03|net"; nocase; ) # bml4yl1vlua8gb9qynzhaig7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bml4yl1vlua8gb9qynzhaig7c|03|org"; nocase; ) # 1cnqn6y194j6jg14ltq9x11pbcb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cnqn6y194j6jg14ltq9x11pbcb7|03|net"; nocase; ) # h7z4a9w27o1xaf5e2r1267xlq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h7z4a9w27o1xaf5e2r1267xlq|03|com"; nocase; ) # 1do2hib1u4rcpsbyf1dhtyo6ne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1do2hib1u4rcpsbyf1dhtyo6ne|03|com"; nocase; ) # 174yth81er1ojl10ppf9l30cbzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|174yth81er1ojl10ppf9l30cbzo|03|net"; nocase; ) # 1m5gy3o1tp90rmq3z86t1x5cu5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m5gy3o1tp90rmq3z86t1x5cu5r|03|net"; nocase; ) # 17dngf41mtgrh05jcjmh1f7y2a6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17dngf41mtgrh05jcjmh1f7y2a6|03|org"; nocase; ) # 1wkikd8146hmgo1goe64z128o3jf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wkikd8146hmgo1goe64z128o3jf|03|net"; nocase; ) # x02vmx2iw0c71a76b4b1rvhdfp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x02vmx2iw0c71a76b4b1rvhdfp|03|biz"; nocase; ) # 171fbby11pj147v5qiej3gnmvq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|171fbby11pj147v5qiej3gnmvq|03|biz"; nocase; ) # qjbox42wpojr19ugkppdrwh6f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qjbox42wpojr19ugkppdrwh6f|03|org"; nocase; ) # 8cjbdg1esyb0z1audyn91dmfi8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8cjbdg1esyb0z1audyn91dmfi8|03|org"; nocase; ) # 1ctruwd1ulad6g1wrzntp1b1vk7a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ctruwd1ulad6g1wrzntp1b1vk7a|03|org"; nocase; ) # 1ue9k0nnoqqeeuoip1r1au0ete.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ue9k0nnoqqeeuoip1r1au0ete|03|net"; nocase; ) # 1phxf1prrk6os174o50x50v6nc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1phxf1prrk6os174o50x50v6nc|03|net"; nocase; ) # 12eds3zjkip9aiur27kxhnufj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12eds3zjkip9aiur27kxhnufj|03|net"; nocase; ) # 17x6qog128wgfz17h9bbzw8kx16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17x6qog128wgfz17h9bbzw8kx16|03|net"; nocase; ) # elxuc611wkj2011i1ixa135n6au.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|elxuc611wkj2011i1ixa135n6au|03|biz"; nocase; ) # 16ngdjntnsyk310g8i8yhmzmhp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16ngdjntnsyk310g8i8yhmzmhp|03|net"; nocase; ) # n8hvy1uciw5j2pr0eb1b9mj0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n8hvy1uciw5j2pr0eb1b9mj0w|03|net"; nocase; ) # la53b1e4wd2h1tk1r51v6eikd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|la53b1e4wd2h1tk1r51v6eikd|03|biz"; nocase; ) # 2wxqxf13c7g71l5gug41yot61s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2wxqxf13c7g71l5gug41yot61s|03|org"; nocase; ) # 15x0m6x1c3fuom1ubvr7811kil6r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15x0m6x1c3fuom1ubvr7811kil6r|03|com"; nocase; ) # 247kpb1ao45iu1ayyaq41ucgo1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|247kpb1ao45iu1ayyaq41ucgo1b|03|org"; nocase; ) # 1raw41xoc6k9kg40i5wn8qjnz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1raw41xoc6k9kg40i5wn8qjnz|03|org"; nocase; ) # j01siv10ficmao5zucm1pbfwvt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j01siv10ficmao5zucm1pbfwvt|03|org"; nocase; ) # 1cv51br1jy2t7ecgvy3urjk75q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cv51br1jy2t7ecgvy3urjk75q|03|net"; nocase; ) # 1woqozn18mr1dp1wzus6v15o6sk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1woqozn18mr1dp1wzus6v15o6sk6|03|org"; nocase; ) # znq2eeniir7v1it4kjn1ut4qgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znq2eeniir7v1it4kjn1ut4qgc|03|com"; nocase; ) # 1azf8j6husxi2zd2jp1wsrne2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1azf8j6husxi2zd2jp1wsrne2|03|net"; nocase; ) # xx2kib1fmxn3y1pop1cuuacvkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xx2kib1fmxn3y1pop1cuuacvkd|03|org"; nocase; ) # 15e5dwz1ezkh829jxzcxnq9f0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15e5dwz1ezkh829jxzcxnq9f0m|03|com"; nocase; ) # pl43oa1t331va1ry73bcxamf44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pl43oa1t331va1ry73bcxamf44|03|com"; nocase; ) # shhsk1oabjm21bobfezvn0pv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|shhsk1oabjm21bobfezvn0pv3|03|net"; nocase; ) # 1gdmimv2b5hrn1pdh84ox4z2aw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gdmimv2b5hrn1pdh84ox4z2aw|03|org"; nocase; ) # 1fbvwzpcp08jh1evbpe4125pldh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbvwzpcp08jh1evbpe4125pldh|03|net"; nocase; ) # 12yatop1pnpj88hlnfurh0y3p4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12yatop1pnpj88hlnfurh0y3p4|03|com"; nocase; ) # ib0u25sfambt1uj3tsyugtnp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ib0u25sfambt1uj3tsyugtnp|03|biz"; nocase; ) # 13xv5tc14jqrv21ad9mrowwixmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13xv5tc14jqrv21ad9mrowwixmr|03|net"; nocase; ) # 1sed3afospi3jmwnclo1k8ti7u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sed3afospi3jmwnclo1k8ti7u|03|biz"; nocase; ) # 1trrdo61wirk2g1ptjtwuh40ax1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1trrdo61wirk2g1ptjtwuh40ax1|03|com"; nocase; ) # 9fug9rcdbdgj4e7twk1u7pr8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9fug9rcdbdgj4e7twk1u7pr8i|03|net"; nocase; ) # 1i4wnr41w7dygj1qpcmcc1pbab4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i4wnr41w7dygj1qpcmcc1pbab4e|03|net"; nocase; ) # 1eoxxhn1kicrz415l7sgc1pu6nmm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eoxxhn1kicrz415l7sgc1pu6nmm|03|net"; nocase; ) # 1w177oa121xki4hreo8p1twdmyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w177oa121xki4hreo8p1twdmyt|03|com"; nocase; ) # 1onmx1r9jva9j1f30yf112e3v85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1onmx1r9jva9j1f30yf112e3v85|03|org"; nocase; ) # d6n5vy12k2f1a1l4tux9gs1tuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d6n5vy12k2f1a1l4tux9gs1tuy|03|com"; nocase; ) # 12o20d029gylfu6toqy1vudwk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12o20d029gylfu6toqy1vudwk2|03|net"; nocase; ) # ufamqgae6cqy14e7gm711j1lud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ufamqgae6cqy14e7gm711j1lud|03|com"; nocase; ) # pl9ghf1aorjgz1ofl7xw1a4llh5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pl9ghf1aorjgz1ofl7xw1a4llh5|03|org"; nocase; ) # fhaxc52w00hh1wun7bv56hlf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fhaxc52w00hh1wun7bv56hlf|03|net"; nocase; ) # fubxgk1e9nw497e9n1x1x6cbl2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fubxgk1e9nw497e9n1x1x6cbl2|03|com"; nocase; ) # 1wimu7s1t7uo6e9uh8gjax8g5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wimu7s1t7uo6e9uh8gjax8g5z|03|net"; nocase; ) # 13y1kbwel2lhe10akgkjdjfox0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13y1kbwel2lhe10akgkjdjfox0|03|org"; nocase; ) # 1t7nd2z1jb854h1c9iauya9yotv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t7nd2z1jb854h1c9iauya9yotv|03|org"; nocase; ) # if2yt21ihzp07fqk3xn1uwga9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|if2yt21ihzp07fqk3xn1uwga9h|03|net"; nocase; ) # 1k4ffvth1smp5n6j2201nondf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4ffvth1smp5n6j2201nondf4|03|com"; nocase; ) # odep8dc40tfj1xte6o25xvkx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|odep8dc40tfj1xte6o25xvkx9|03|biz"; nocase; ) # 1wxus201p7bgrclt935qtobo11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wxus201p7bgrclt935qtobo11|03|com"; nocase; ) # 1yu0quhnhnwupppvn8v3fjbtt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yu0quhnhnwupppvn8v3fjbtt|03|org"; nocase; ) # hjy13x1qvkmg3a4rphw1f87cai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hjy13x1qvkmg3a4rphw1f87cai|03|net"; nocase; ) # uechb81b31agw19p972suli2gc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uechb81b31agw19p972suli2gc|03|net"; nocase; ) # 1th3jmot99d6x14o923q4p533w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1th3jmot99d6x14o923q4p533w|03|com"; nocase; ) # 6dkq3z1trb0z11pfijs880vlbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6dkq3z1trb0z11pfijs880vlbm|03|com"; nocase; ) # 1cwuz1i1m2cc50vmldcp13yzapb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cwuz1i1m2cc50vmldcp13yzapb|03|org"; nocase; ) # 1awe115bipa171km54of17ywdcj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awe115bipa171km54of17ywdcj|03|com"; nocase; ) # 1s9phf1p6v92atsrbhi1rjtqvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s9phf1p6v92atsrbhi1rjtqvw|03|net"; nocase; ) # 1o7zt1uaz4ill1t5ui7wflkq2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7zt1uaz4ill1t5ui7wflkq2y|03|com"; nocase; ) # 1nyml45upqjx52wqggp1aqemvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nyml45upqjx52wqggp1aqemvo|03|net"; nocase; ) # 16ibyz11jyf3c15owf5q10gz85i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ibyz11jyf3c15owf5q10gz85i|03|org"; nocase; ) # gtodypugkfnw1uwmk1i11elgdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gtodypugkfnw1uwmk1i11elgdd|03|com"; nocase; ) # hxqsc7bztxnqal00cs744yuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hxqsc7bztxnqal00cs744yuw|03|org"; nocase; ) # 1rndw8vgjqa86ck140h1peskbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rndw8vgjqa86ck140h1peskbe|03|org"; nocase; ) # 1p42fzl1g8ks8k1fvdv7dctb457.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p42fzl1g8ks8k1fvdv7dctb457|03|biz"; nocase; ) # 1uhmpi9r38dbn1fs58ntn7ao9x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uhmpi9r38dbn1fs58ntn7ao9x|03|biz"; nocase; ) # 1ffjod81stvloymanmy31uyubty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ffjod81stvloymanmy31uyubty|03|com"; nocase; ) # 1lyqhcx1qn243fcdppi9qvt1k1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lyqhcx1qn243fcdppi9qvt1k1|03|biz"; nocase; ) # six36su16zc61ug1kfducls7v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|six36su16zc61ug1kfducls7v|03|net"; nocase; ) # 1t324inywlp40yusqhk1lxlkep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t324inywlp40yusqhk1lxlkep|03|com"; nocase; ) # 2mgs7z18yov0ply19ax1t3y2li.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2mgs7z18yov0ply19ax1t3y2li|03|biz"; nocase; ) # qexwq2150iue17d1n8e17m9euy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qexwq2150iue17d1n8e17m9euy|03|net"; nocase; ) # 1muqu9va98c9w1y19tw41hqbt6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1muqu9va98c9w1y19tw41hqbt6v|03|com"; nocase; ) # 1synr37p7sa68bo26g91csqqj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1synr37p7sa68bo26g91csqqj7|03|com"; nocase; ) # zekfsczv1vc9pt2snf1daxtcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zekfsczv1vc9pt2snf1daxtcm|03|net"; nocase; ) # jb775e13iu13u17cqjeb1yc61hs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jb775e13iu13u17cqjeb1yc61hs|03|com"; nocase; ) # 1a0djoinb4vvfegrbtl8mkuf2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a0djoinb4vvfegrbtl8mkuf2|03|biz"; nocase; ) # 1siy50w1tglf284fc481ljrb67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1siy50w1tglf284fc481ljrb67|03|org"; nocase; ) # 1g8v4101jv9cjjdihfny1sodtyp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g8v4101jv9cjjdihfny1sodtyp|03|net"; nocase; ) # 1s93cwqnioor99s3sje1jfnh7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s93cwqnioor99s3sje1jfnh7z|03|net"; nocase; ) # 11rdwh3evexz211s81l1w023bi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11rdwh3evexz211s81l1w023bi|03|org"; nocase; ) # soxxb25ncd23tipjaj12im02b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|soxxb25ncd23tipjaj12im02b|03|org"; nocase; ) # 1ouzl9ld8807q1uwbjrr1q4iryv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ouzl9ld8807q1uwbjrr1q4iryv|03|biz"; nocase; ) # og8l6auynuddquuiy8q5v182.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|og8l6auynuddquuiy8q5v182|03|org"; nocase; ) # qb13xa3qas999f5piq1oxbi74.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qb13xa3qas999f5piq1oxbi74|03|com"; nocase; ) # 1inb18jlua2m21o3mij51uabpab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1inb18jlua2m21o3mij51uabpab|03|net"; nocase; ) # la5e629k9p0p14ft2uiq0ld7m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|la5e629k9p0p14ft2uiq0ld7m|03|biz"; nocase; ) # 15iziwt1esnw36qktc16o4jv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15iziwt1esnw36qktc16o4jv5|03|org"; nocase; ) # 1da1vstsft14kxthlys5cf2x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1da1vstsft14kxthlys5cf2x|03|org"; nocase; ) # 9egjp2smnyjw42pzbm1qydpp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9egjp2smnyjw42pzbm1qydpp|03|org"; nocase; ) # dm02fb9c6zde2zsj1e1fg1mc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dm02fb9c6zde2zsj1e1fg1mc4|03|net"; nocase; ) # 1xkfe4s1jtnpcje60ayvh8lhza.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xkfe4s1jtnpcje60ayvh8lhza|03|biz"; nocase; ) # 14xr4a21gd4y321sr99mqiozela.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14xr4a21gd4y321sr99mqiozela|03|biz"; nocase; ) # fl0xye7nmwp61p8cy5z1qy2y42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fl0xye7nmwp61p8cy5z1qy2y42|03|com"; nocase; ) # 1prcwuw1inxcxrejcddlusowya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1prcwuw1inxcxrejcddlusowya|03|com"; nocase; ) # 1guj7hs1mbmdb2msck011jbqzev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1guj7hs1mbmdb2msck011jbqzev|03|biz"; nocase; ) # 16cub1v98iqvo11vcj3c1dbr7br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16cub1v98iqvo11vcj3c1dbr7br|03|com"; nocase; ) # 1o9yd16a5vtmij6npi71rwmdtw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o9yd16a5vtmij6npi71rwmdtw|03|net"; nocase; ) # 1v09nyc1qs6zji1cw3xdry8s1gy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v09nyc1qs6zji1cw3xdry8s1gy|03|org"; nocase; ) # zx2z72ri23e1rkw3xegyunxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zx2z72ri23e1rkw3xegyunxv|03|biz"; nocase; ) # 1lrb51jkgdjoi15gr7871bmxenf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lrb51jkgdjoi15gr7871bmxenf|03|com"; nocase; ) # 1bnn4561iywy7r1xybi221mjbru5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bnn4561iywy7r1xybi221mjbru5|03|net"; nocase; ) # up77n31qmojf815p1kh816y0k8f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|up77n31qmojf815p1kh816y0k8f|03|org"; nocase; ) # tx1owm1twr4vx4olt0o1garv72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tx1owm1twr4vx4olt0o1garv72|03|net"; nocase; ) # s6qrd51fkzz0w1ltbkdj9m60m1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6qrd51fkzz0w1ltbkdj9m60m1|03|com"; nocase; ) # 1bvujit1cpsn741v1tihp1ofo5md.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bvujit1cpsn741v1tihp1ofo5md|03|org"; nocase; ) # gtapfzc6wbmuhs4j47fubce1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gtapfzc6wbmuhs4j47fubce1|03|com"; nocase; ) # 257ohe1tqldayowde2u1y6vhb1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|257ohe1tqldayowde2u1y6vhb1|03|biz"; nocase; ) # 1w8rysv8y5f6l1tdowl81dv4189.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w8rysv8y5f6l1tdowl81dv4189|03|com"; nocase; ) # 1mtb4lm1g0g2lu6rmf945hb7fg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mtb4lm1g0g2lu6rmf945hb7fg|03|net"; nocase; ) # 16w3z1pwu2c7t11845ds18umx4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16w3z1pwu2c7t11845ds18umx4x|03|org"; nocase; ) # cswqdt8lolbi1x9bhh71qgmhbx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cswqdt8lolbi1x9bhh71qgmhbx|03|biz"; nocase; ) # 13dffscx6wbj4q5eoadptldtk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13dffscx6wbj4q5eoadptldtk|03|org"; nocase; ) # 1mp2zkys22awx1qt6x8p64op60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mp2zkys22awx1qt6x8p64op60|03|net"; nocase; ) # s23ru41ns9ddo1nobyuf4ztyab.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s23ru41ns9ddo1nobyuf4ztyab|03|biz"; nocase; ) # 1qbqdoy11l3kkb1vvyzcq1o0kibl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qbqdoy11l3kkb1vvyzcq1o0kibl|03|net"; nocase; ) # 1nun6d1y5v8rd1sw0rko1n48vym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nun6d1y5v8rd1sw0rko1n48vym|03|org"; nocase; ) # j7l9jwiq6gxvmog25blodaod.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j7l9jwiq6gxvmog25blodaod|03|org"; nocase; ) # 1texrmv14clhuubyxcn91qd32vs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1texrmv14clhuubyxcn91qd32vs|03|com"; nocase; ) # cmu6pedjow621u6suuv1e93u1c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cmu6pedjow621u6suuv1e93u1c|03|org"; nocase; ) # 19cz9a516oar7r7e3d7dhulcss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19cz9a516oar7r7e3d7dhulcss|03|net"; nocase; ) # 77h7qk1n39hcw19n9vfx16vwmr0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|77h7qk1n39hcw19n9vfx16vwmr0|03|org"; nocase; ) # 3awhtfzmzqus1nfscuc1w7brmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3awhtfzmzqus1nfscuc1w7brmi|03|org"; nocase; ) # 1tu1gan10yeqmk1sy491l1315ddm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tu1gan10yeqmk1sy491l1315ddm|03|com"; nocase; ) # gqak2j1kpkjp2yukxonxqe0rf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqak2j1kpkjp2yukxonxqe0rf|03|net"; nocase; ) # em4ibh7j4udkte25e4yg3hpt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|em4ibh7j4udkte25e4yg3hpt|03|net"; nocase; ) # 1cce8ov1jooqhd11kij3017tjln8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cce8ov1jooqhd11kij3017tjln8|03|net"; nocase; ) # 1827kb619i5d8yex6p33dlwaqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1827kb619i5d8yex6p33dlwaqc|03|biz"; nocase; ) # uas1gi171eqlui998yf12ntpbz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uas1gi171eqlui998yf12ntpbz|03|com"; nocase; ) # 14l4kgdcier4bqe1em3evtka4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14l4kgdcier4bqe1em3evtka4|03|net"; nocase; ) # 5o5hpp1eyzuxcbpuwdhxrntzb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5o5hpp1eyzuxcbpuwdhxrntzb|03|biz"; nocase; ) # 13vmewa2mf1ec1xb4ecbmzs4rv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13vmewa2mf1ec1xb4ecbmzs4rv|03|biz"; nocase; ) # axxg5x63wvx11ekyy58q3qqr7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|axxg5x63wvx11ekyy58q3qqr7|03|com"; nocase; ) # p7yloz1tvtedhdgce4hlmpy5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p7yloz1tvtedhdgce4hlmpy5l|03|net"; nocase; ) # 1oibjpg5w62iy136faes1gf04qv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oibjpg5w62iy136faes1gf04qv|03|net"; nocase; ) # 2sbh9517h18fcjhjefy11tbw4t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2sbh9517h18fcjhjefy11tbw4t|03|biz"; nocase; ) # 1dqc2le1ousc7hiwdj5i115o9mm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqc2le1ousc7hiwdj5i115o9mm|03|net"; nocase; ) # 6wz06c1u12qudy14uxk7vx0da.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6wz06c1u12qudy14uxk7vx0da|03|net"; nocase; ) # lx9ugq9886ef1fe0i7l1cn2rto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lx9ugq9886ef1fe0i7l1cn2rto|03|com"; nocase; ) # 1ti3hl11w0nut611si67n19s9otq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ti3hl11w0nut611si67n19s9otq|03|org"; nocase; ) # 1517by61hk26tll08qxp2hwusv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1517by61hk26tll08qxp2hwusv|03|net"; nocase; ) # yao881r42qjc1djbkfc1jw9rto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yao881r42qjc1djbkfc1jw9rto|03|org"; nocase; ) # 1i9q8061070g3h18qw0wa1g4psg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i9q8061070g3h18qw0wa1g4psg5|03|org"; nocase; ) # 14fcoq31w358ajk0w90m1e7izbn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14fcoq31w358ajk0w90m1e7izbn|03|biz"; nocase; ) # re1v08t0n4kr1ob7pnqoql85e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|re1v08t0n4kr1ob7pnqoql85e|03|org"; nocase; ) # f4dnq16s68adi3ptbm1ljwzsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4dnq16s68adi3ptbm1ljwzsv|03|net"; nocase; ) # z46jaa15dwi4q1dw0nnu11fqdi8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z46jaa15dwi4q1dw0nnu11fqdi8|03|net"; nocase; ) # 17gx01f1qb3lvi1isk8mmjq9y1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17gx01f1qb3lvi1isk8mmjq9y1d|03|com"; nocase; ) # t6p00d1aj1bu56t3hqm142jnm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t6p00d1aj1bu56t3hqm142jnm8|03|net"; nocase; ) # kx2ta3qafa031jb828kqkb1cd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kx2ta3qafa031jb828kqkb1cd|03|org"; nocase; ) # 1jpje4v43yuifbazn7caytboh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jpje4v43yuifbazn7caytboh|03|net"; nocase; ) # o1jicd1e1iv2xholtvei3l1rt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1jicd1e1iv2xholtvei3l1rt|03|net"; nocase; ) # mgcgs01lag7ffct0y8jrh1k2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mgcgs01lag7ffct0y8jrh1k2c|03|com"; nocase; ) # nnj02zd6415b5g9osubbuxvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nnj02zd6415b5g9osubbuxvc|03|com"; nocase; ) # ovp3t41v8e52bdp903cggjujw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovp3t41v8e52bdp903cggjujw|03|net"; nocase; ) # 1sx85pj1iu8lvd1r524ajoz7d1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sx85pj1iu8lvd1r524ajoz7d1y|03|net"; nocase; ) # 1b2huc6az1d781gujfi6k0hos0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b2huc6az1d781gujfi6k0hos0|03|biz"; nocase; ) # a5icyr12z75pt1j5wicusym9ny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a5icyr12z75pt1j5wicusym9ny|03|com"; nocase; ) # xvva1k1wzkl3u1dg8b92wcr8aw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xvva1k1wzkl3u1dg8b92wcr8aw|03|net"; nocase; ) # 1aif93f1y4yc1a1rnkeb6kmmpv8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aif93f1y4yc1a1rnkeb6kmmpv8|03|org"; nocase; ) # kbu8e31jx92v41kqvdb4cftg6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbu8e31jx92v41kqvdb4cftg6p|03|net"; nocase; ) # i3e9lq18e5bkndf576ntrx52m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i3e9lq18e5bkndf576ntrx52m|03|net"; nocase; ) # mlm3ab1g5t320gmw2gyfp4x5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mlm3ab1g5t320gmw2gyfp4x5|03|com"; nocase; ) # 1k7iugr1bip53o1vtoyttahhm5f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k7iugr1bip53o1vtoyttahhm5f|03|biz"; nocase; ) # 1abqf5qpkska9dfqvimq7vym2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1abqf5qpkska9dfqvimq7vym2|03|net"; nocase; ) # cy6onuowleuf10gfylx4pvu2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cy6onuowleuf10gfylx4pvu2e|03|net"; nocase; ) # lwx9mzc89a9ghq1xp1pmhoa0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lwx9mzc89a9ghq1xp1pmhoa0|03|biz"; nocase; ) # 5o6bpd1b6bi9a1tc4e791ub19zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5o6bpd1b6bi9a1tc4e791ub19zy|03|net"; nocase; ) # 11w4b2wnfko45111a9mg6nh7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11w4b2wnfko45111a9mg6nh7v|03|com"; nocase; ) # bugm22x8ekxx1yhmdbsb0zsml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bugm22x8ekxx1yhmdbsb0zsml|03|com"; nocase; ) # il4m3r1teq1hbfxn67bgnqty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|il4m3r1teq1hbfxn67bgnqty|03|net"; nocase; ) # kyjfw1mzah7qwwytee1rkls4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kyjfw1mzah7qwwytee1rkls4q|03|net"; nocase; ) # wtxlbc12qj5891wh18gc1q5vuio.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wtxlbc12qj5891wh18gc1q5vuio|03|net"; nocase; ) # 98oj62w46pnyqqofrh151ccga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98oj62w46pnyqqofrh151ccga|03|org"; nocase; ) # qiq3rhzpu6ge19serz9huq74d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qiq3rhzpu6ge19serz9huq74d|03|com"; nocase; ) # 16a3otwoxfis519b8keg1iz9vlz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16a3otwoxfis519b8keg1iz9vlz|03|org"; nocase; ) # 1a4m26u19ittp51ebbjk81tn17gh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a4m26u19ittp51ebbjk81tn17gh|03|com"; nocase; ) # 1uvghpj8whbnc19fkz5gk4jgk0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvghpj8whbnc19fkz5gk4jgk0|03|org"; nocase; ) # 1gj1a651jsfzz4n4hykz553g8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gj1a651jsfzz4n4hykz553g8o|03|com"; nocase; ) # e69w9va6rbfr1tuwjxadd43bz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e69w9va6rbfr1tuwjxadd43bz|03|org"; nocase; ) # 177aaoyoph7r1ii4jtw65t7wy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|177aaoyoph7r1ii4jtw65t7wy|03|org"; nocase; ) # d4cl841fpxq4mk73vb81ikjzej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d4cl841fpxq4mk73vb81ikjzej|03|org"; nocase; ) # 6s7x5et0cgkcemsfsj1smsmi4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6s7x5et0cgkcemsfsj1smsmi4|03|net"; nocase; ) # sfm9g0v0w2tc1g3iaj1l2q8g3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfm9g0v0w2tc1g3iaj1l2q8g3|03|org"; nocase; ) # 13hna111m6ps381a9fou83taw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13hna111m6ps381a9fou83taw5|03|org"; nocase; ) # 19646kd1kmu48fegd9w5aqp6rq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19646kd1kmu48fegd9w5aqp6rq|03|net"; nocase; ) # 1um4lvn9ojv3oxkopd5c53h5g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1um4lvn9ojv3oxkopd5c53h5g|03|com"; nocase; ) # hhesmhlhshvo1oou9854522yp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hhesmhlhshvo1oou9854522yp|03|org"; nocase; ) # 4lwfmgva2hvpx0qmp18tpdvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4lwfmgva2hvpx0qmp18tpdvm|03|net"; nocase; ) # 12b3y3p15iapmb5f67d8hq9ffy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12b3y3p15iapmb5f67d8hq9ffy|03|net"; nocase; ) # 1uerh0iybvnoa1xtwg8i170ap44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uerh0iybvnoa1xtwg8i170ap44|03|com"; nocase; ) # dst4skf8enaw1a0eza25bk52y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dst4skf8enaw1a0eza25bk52y|03|net"; nocase; ) # 1ep6ule116qnnm1c1tt8ip0q035.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ep6ule116qnnm1c1tt8ip0q035|03|biz"; nocase; ) # 1ghj0cc1mtfxm81ds0pke1gsc8uc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ghj0cc1mtfxm81ds0pke1gsc8uc|03|net"; nocase; ) # m6raqn136ejrj5nlotchtdm90.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6raqn136ejrj5nlotchtdm90|03|org"; nocase; ) # 1xmh174uy15slyueb881wt75zr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmh174uy15slyueb881wt75zr|03|org"; nocase; ) # 101vph91nref1lxucq9tk3t0i3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|101vph91nref1lxucq9tk3t0i3|03|biz"; nocase; ) # lewtji1jna5ye1f8gmt4137ctgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lewtji1jna5ye1f8gmt4137ctgy|03|com"; nocase; ) # n2fb1b1lyibr412wctls1l3gc0j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n2fb1b1lyibr412wctls1l3gc0j|03|biz"; nocase; ) # b441w51szbm7417y3v0k1avy4ew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b441w51szbm7417y3v0k1avy4ew|03|net"; nocase; ) # jmknlcflpdpj1nimlty7kiv64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmknlcflpdpj1nimlty7kiv64|03|net"; nocase; ) # 1dnb7msiazq8ypbzwb812u0xsk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dnb7msiazq8ypbzwb812u0xsk|03|com"; nocase; ) # og3hpbnvd8h721ge68stmtx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|og3hpbnvd8h721ge68stmtx4|03|net"; nocase; ) # suhlem1wkoy331cscw9y13o959f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|suhlem1wkoy331cscw9y13o959f|03|net"; nocase; ) # jmdcdc1n29q1s1m2yghl17nzokc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jmdcdc1n29q1s1m2yghl17nzokc|03|net"; nocase; ) # o1u1qjg4dtt21ndt0ds1ksejmo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o1u1qjg4dtt21ndt0ds1ksejmo|03|com"; nocase; ) # 94a17p9tu0wt1divhujo1ytdo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94a17p9tu0wt1divhujo1ytdo|03|biz"; nocase; ) # ditw1o1yf733udlkuex1m5d0mc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ditw1o1yf733udlkuex1m5d0mc|03|com"; nocase; ) # 1157s2t14x0y0z1lsqr621ruzco2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1157s2t14x0y0z1lsqr621ruzco2|03|net"; nocase; ) # 26s670awpo001fczk9rd4mjkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|26s670awpo001fczk9rd4mjkl|03|com"; nocase; ) # 4dfyvtxzk7591doizn51ofnnoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4dfyvtxzk7591doizn51ofnnoj|03|net"; nocase; ) # 1ks4jrt1i4pnye7d24lx1gds2eo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ks4jrt1i4pnye7d24lx1gds2eo|03|biz"; nocase; ) # t1kbjrk3r7z3ojxv55i4abkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t1kbjrk3r7z3ojxv55i4abkp|03|org"; nocase; ) # 2pulqwqr4srekvthsls8a8t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|2pulqwqr4srekvthsls8a8t|03|biz"; nocase; ) # 6guf6y1nh2efm8qlowk1xv3mse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6guf6y1nh2efm8qlowk1xv3mse|03|com"; nocase; ) # 1jidd4jo7a0d9tyqh1ipirnpe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jidd4jo7a0d9tyqh1ipirnpe|03|net"; nocase; ) # 8sztze7kcx8m1mibllv647xss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sztze7kcx8m1mibllv647xss|03|com"; nocase; ) # 1wi0qmm17y1hpp93oyghdljtqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wi0qmm17y1hpp93oyghdljtqn|03|biz"; nocase; ) # pd2jsjh9eclejtw8rnfb9ud2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pd2jsjh9eclejtw8rnfb9ud2|03|com"; nocase; ) # 17wlldhbo1bk4s6rwnn4z9edb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17wlldhbo1bk4s6rwnn4z9edb|03|net"; nocase; ) # 15y4s3xgrij1s18wfvjv1lm7j5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15y4s3xgrij1s18wfvjv1lm7j5t|03|net"; nocase; ) # mgo28qu933e71hpxq6h1tm23ph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mgo28qu933e71hpxq6h1tm23ph|03|net"; nocase; ) # 1fr24krkiauw91tjjp8q16kc5y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fr24krkiauw91tjjp8q16kc5y|03|biz"; nocase; ) # t8d48f16azgx71uecmayapicta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8d48f16azgx71uecmayapicta|03|com"; nocase; ) # kmluxg1ieaw8d3hn8fo1wu81vk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kmluxg1ieaw8d3hn8fo1wu81vk|03|net"; nocase; ) # 2rsxhe1i0bia312t1ts81lku9d5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2rsxhe1i0bia312t1ts81lku9d5|03|org"; nocase; ) # sjenyjvswbf2hpkuz5h00mgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sjenyjvswbf2hpkuz5h00mgo|03|net"; nocase; ) # 8jkbtp101h17y1cgspe8143hcqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8jkbtp101h17y1cgspe8143hcqb|03|net"; nocase; ) # tox0jbm33f5t51ucxuacjkg5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tox0jbm33f5t51ucxuacjkg5|03|net"; nocase; ) # uljzjkhdwgku25v8oe147vrox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uljzjkhdwgku25v8oe147vrox|03|com"; nocase; ) # jmxwksmo1fiy1r3yz2e574ih3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmxwksmo1fiy1r3yz2e574ih3|03|net"; nocase; ) # 4q8uhrnl77041e19nsl1j0smlr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4q8uhrnl77041e19nsl1j0smlr|03|biz"; nocase; ) # sqyei0quem37pi1l211zjwem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sqyei0quem37pi1l211zjwem|03|net"; nocase; ) # 1e031hbq9uguy16mitq71s0jl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e031hbq9uguy16mitq71s0jl6|03|org"; nocase; ) # 7dckvu24hya2850ca4fn8gfy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7dckvu24hya2850ca4fn8gfy|03|biz"; nocase; ) # 10fw3761sacq0y9ls4vx1pgcry7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10fw3761sacq0y9ls4vx1pgcry7|03|net"; nocase; ) # kany4q1vjd58717cnt8617pbxto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kany4q1vjd58717cnt8617pbxto|03|com"; nocase; ) # 1ebje2s1i3olmqrzr02xephswm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ebje2s1i3olmqrzr02xephswm|03|net"; nocase; ) # 15yr3znlrrapf3ntki94do1gq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15yr3znlrrapf3ntki94do1gq|03|org"; nocase; ) # 7lvdx14n21mj1vhq1iem1g7ux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7lvdx14n21mj1vhq1iem1g7ux|03|com"; nocase; ) # 19s7yzu6cts26fv3zjw1dtli0x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19s7yzu6cts26fv3zjw1dtli0x|03|net"; nocase; ) # fua9wl14jliyuw2mee11ppsdf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fua9wl14jliyuw2mee11ppsdf|03|biz"; nocase; ) # 112c6926m2y3t1c48y27y80yuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112c6926m2y3t1c48y27y80yuv|03|net"; nocase; ) # 123k3j916hwkchrbxhjs1ej6kko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|123k3j916hwkchrbxhjs1ej6kko|03|com"; nocase; ) # 1pt14fp15nykf17ahnqr12b4x59.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pt14fp15nykf17ahnqr12b4x59|03|net"; nocase; ) # mxci8v1ia8f7q12dlll8mec1vn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mxci8v1ia8f7q12dlll8mec1vn|03|net"; nocase; ) # 148wc1p42jm5ncrza9teddyb6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|148wc1p42jm5ncrza9teddyb6|03|biz"; nocase; ) # lf6hatym73pyazo3saxwz1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|lf6hatym73pyazo3saxwz1z|03|net"; nocase; ) # tew5qq1a44zesh00e471vjobjk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tew5qq1a44zesh00e471vjobjk|03|biz"; nocase; ) # 1ddgn0l5jd3vv1euzdru14h8t50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ddgn0l5jd3vv1euzdru14h8t50|03|net"; nocase; ) # 17y1k916b3uzt1gl6rfa19e93bu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17y1k916b3uzt1gl6rfa19e93bu|03|biz"; nocase; ) # ppf3yfcn9evm1bc1mjy1n04s2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ppf3yfcn9evm1bc1mjy1n04s2r|03|net"; nocase; ) # wy2nca1e17m4pvsq5orbvgly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wy2nca1e17m4pvsq5orbvgly|03|org"; nocase; ) # 1nimr6rjkoswo1jvvihtpd3yyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nimr6rjkoswo1jvvihtpd3yyy|03|net"; nocase; ) # 10l3k0072z1m015rjxcy1i61103.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10l3k0072z1m015rjxcy1i61103|03|com"; nocase; ) # cyvh170m8g1rj6bb31peldzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cyvh170m8g1rj6bb31peldzn|03|com"; nocase; ) # 1gs6vai1anwmrr1ngibem1nocaw1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gs6vai1anwmrr1ngibem1nocaw1|03|net"; nocase; ) # 1l4lk41m262kgqwrltz14b2fuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l4lk41m262kgqwrltz14b2fuv|03|net"; nocase; ) # 1usw98prt41dn1aj719s9q8z1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1usw98prt41dn1aj719s9q8z1|03|org"; nocase; ) # 21yvl5dcv2e5113i50w11fot07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21yvl5dcv2e5113i50w11fot07|03|com"; nocase; ) # 1lv6bawmlx6wy10qtmcmjr5l6m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lv6bawmlx6wy10qtmcmjr5l6m|03|biz"; nocase; ) # 12g8u3u16bieuv1qacq591bzbt1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12g8u3u16bieuv1qacq591bzbt1d|03|com"; nocase; ) # 1zi6qh1hlqlfo9vo68y12ap0b2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1zi6qh1hlqlfo9vo68y12ap0b2|03|biz"; nocase; ) # 1w9uhlx1vargkj153akbi1nqk5o1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w9uhlx1vargkj153akbi1nqk5o1|03|net"; nocase; ) # 15u0suk4tlt4410kas4xmno2ng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15u0suk4tlt4410kas4xmno2ng|03|org"; nocase; ) # cwedrb1jd1krgdebskhmlf65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cwedrb1jd1krgdebskhmlf65|03|net"; nocase; ) # 8obdeu8hv5gxu0i23q1yjgtbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8obdeu8hv5gxu0i23q1yjgtbc|03|net"; nocase; ) # amati1u4yyynmptuhtegklsg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000009999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|amati1u4yyynmptuhtegklsg|03|biz"; nocase; ) # rb43akbqgk4zs81gax1k3kdgb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rb43akbqgk4zs81gax1k3kdgb|03|biz"; nocase; ) # q9q7cbodeypo1ko1svm82x5v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q9q7cbodeypo1ko1svm82x5v|03|org"; nocase; ) # 19of3nm15pi6ak1izw9xl1gjn4s2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19of3nm15pi6ak1izw9xl1gjn4s2|03|biz"; nocase; ) # i7r9veo8xg4e9b4pjz6speep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i7r9veo8xg4e9b4pjz6speep|03|com"; nocase; ) # 1ci16r0kdxlfb1s7bga8w7342v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ci16r0kdxlfb1s7bga8w7342v|03|com"; nocase; ) # 4aygzrp3x6ig1dxta6f1ovobx8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4aygzrp3x6ig1dxta6f1ovobx8|03|com"; nocase; ) # jz5hdyobd681t2yfnyilcokt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jz5hdyobd681t2yfnyilcokt|03|biz"; nocase; ) # 1pxrs5c55lmgp1j4rrrhq8xunf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pxrs5c55lmgp1j4rrrhq8xunf|03|org"; nocase; ) # alfrv21pi6cmg6d7knu1jfcgg9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|alfrv21pi6cmg6d7knu1jfcgg9|03|org"; nocase; ) # u7swrr1vvohbhw34n5s1dg8k7b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u7swrr1vvohbhw34n5s1dg8k7b|03|net"; nocase; ) # l12yk2ax1om3z7bdn1x3t9p3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l12yk2ax1om3z7bdn1x3t9p3|03|net"; nocase; ) # 1mbna4jmax8ts12alsdn13a5jnx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mbna4jmax8ts12alsdn13a5jnx|03|org"; nocase; ) # 1ca3kh213r2nky1gajs3vkmdtmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ca3kh213r2nky1gajs3vkmdtmn|03|com"; nocase; ) # 1tp5b3oitodxwl6219kfbd88c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tp5b3oitodxwl6219kfbd88c|03|net"; nocase; ) # 1r12nxy1p5h4qneh5ej0k6zey8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r12nxy1p5h4qneh5ej0k6zey8|03|net"; nocase; ) # lj2jxz1apokgt4krd31d5rbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lj2jxz1apokgt4krd31d5rbk|03|com"; nocase; ) # 1a4jv3poea7bu192u9ok1juabn8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a4jv3poea7bu192u9ok1juabn8|03|net"; nocase; ) # 12asu9n13u9tz3w1pxrw1wvgscg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12asu9n13u9tz3w1pxrw1wvgscg|03|net"; nocase; ) # 7w1tz0183tmy31asdyon1t8wofn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7w1tz0183tmy31asdyon1t8wofn|03|biz"; nocase; ) # zsy5oy1wc2qwg1qhxw2djlhwhn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zsy5oy1wc2qwg1qhxw2djlhwhn|03|org"; nocase; ) # 1qgvyas1ab3vo31yol15c1i48z96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qgvyas1ab3vo31yol15c1i48z96|03|org"; nocase; ) # 1s8rbdzyewbf4xo5b311ntfgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s8rbdzyewbf4xo5b311ntfgj|03|net"; nocase; ) # 13aolxtljgkiq1y2ek6h12v1hqp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13aolxtljgkiq1y2ek6h12v1hqp|03|org"; nocase; ) # kqbeel1v8dkf067231b189rfaj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kqbeel1v8dkf067231b189rfaj|03|org"; nocase; ) # orpoqb860mha18dlv4r3t73wx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|orpoqb860mha18dlv4r3t73wx|03|net"; nocase; ) # szibawsoh5nttqeipu150prkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|szibawsoh5nttqeipu150prkz|03|org"; nocase; ) # 1xesp3l1tbwkpi1fr27o8ciuis8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xesp3l1tbwkpi1fr27o8ciuis8|03|net"; nocase; ) # 1h6xr4k1ulqsw2e7ix5lt0r7ws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h6xr4k1ulqsw2e7ix5lt0r7ws|03|com"; nocase; ) # 1isy089r16arv1j5l2w81q87fhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1isy089r16arv1j5l2w81q87fhw|03|net"; nocase; ) # 1wkjwu8ih9dp75n1091ijtk9r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wkjwu8ih9dp75n1091ijtk9r|03|biz"; nocase; ) # 1b0mrbn52wmccv2418x1vc2oqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b0mrbn52wmccv2418x1vc2oqd|03|net"; nocase; ) # za02kx1630my2yo7hb8hiyrht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|za02kx1630my2yo7hb8hiyrht|03|org"; nocase; ) # n2rosek5n5fpe1rcoq2n5btw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n2rosek5n5fpe1rcoq2n5btw|03|org"; nocase; ) # 1s0g6b814uv2g91hn3euhlk0nl2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s0g6b814uv2g91hn3euhlk0nl2|03|net"; nocase; ) # 1tzoogx1xyqlx72lga1hcomvb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzoogx1xyqlx72lga1hcomvb1|03|com"; nocase; ) # a6zoep1gfqapvxdcdxg1co87uk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a6zoep1gfqapvxdcdxg1co87uk|03|com"; nocase; ) # 1mrepg4669os5rn80oq5h9r83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mrepg4669os5rn80oq5h9r83|03|net"; nocase; ) # vbltx78emdxbaka1o12nngme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vbltx78emdxbaka1o12nngme|03|com"; nocase; ) # 50g0jxnqorrw7d23km1oevaiy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50g0jxnqorrw7d23km1oevaiy|03|org"; nocase; ) # 2mdns2a6u7en1uy4hhz1ew6yik.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2mdns2a6u7en1uy4hhz1ew6yik|03|biz"; nocase; ) # 1f7ox2avislw636sspp18o3odf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f7ox2avislw636sspp18o3odf|03|net"; nocase; ) # 18ogpaf1ji1whb1kllg1g1itcz0f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18ogpaf1ji1whb1kllg1g1itcz0f|03|com"; nocase; ) # 18kvpeourq8rflpe36o1m004e1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18kvpeourq8rflpe36o1m004e1|03|net"; nocase; ) # 135mkojfnsl0j1xijyycswb8d9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135mkojfnsl0j1xijyycswb8d9|03|org"; nocase; ) # 1qb1v921s1satuppx7g76slunj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qb1v921s1satuppx7g76slunj|03|org"; nocase; ) # wzjief1hv648q3r4djy2jz7va.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wzjief1hv648q3r4djy2jz7va|03|org"; nocase; ) # 15ts4edyu602k8g0dcadf4dut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15ts4edyu602k8g0dcadf4dut|03|org"; nocase; ) # 1szs4ul1ea1vxq17umsen1m2cgcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1szs4ul1ea1vxq17umsen1m2cgcu|03|com"; nocase; ) # y227h21emlpij5c5yjl64h69.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y227h21emlpij5c5yjl64h69|03|com"; nocase; ) # 1golhno1eh8w621j0w2b43yemqs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1golhno1eh8w621j0w2b43yemqs|03|biz"; nocase; ) # 1nl88t0yifgralmelt85wwced.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nl88t0yifgralmelt85wwced|03|biz"; nocase; ) # 7d3nyf1kua8awbcjxw1bh2xek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7d3nyf1kua8awbcjxw1bh2xek|03|net"; nocase; ) # yanr3o1bj3gbh9gb17g1a88c5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yanr3o1bj3gbh9gb17g1a88c5y|03|com"; nocase; ) # uu82jn1k0tj11ftxyq4iklmdx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uu82jn1k0tj11ftxyq4iklmdx|03|biz"; nocase; ) # 1l9dqd6fn300y168mu6ji453kq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l9dqd6fn300y168mu6ji453kq|03|com"; nocase; ) # 1yvqes518ssn771vw0y6y1qqgeup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yvqes518ssn771vw0y6y1qqgeup|03|com"; nocase; ) # xrp4qf1ckdnqs3pbp1j14ip60p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xrp4qf1ckdnqs3pbp1j14ip60p|03|biz"; nocase; ) # 1gjmflo1mceb5u1tjrh3315qa54t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gjmflo1mceb5u1tjrh3315qa54t|03|org"; nocase; ) # xsmlxh72hxog1jabwzs11lhcm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsmlxh72hxog1jabwzs11lhcm4|03|com"; nocase; ) # i81x6okapj910yci191xquoak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i81x6okapj910yci191xquoak|03|net"; nocase; ) # 13ei46f1h6avld153p4y7kq4t5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ei46f1h6avld153p4y7kq4t5|03|org"; nocase; ) # 1vx05iz916fwp10hr52kubvey3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vx05iz916fwp10hr52kubvey3|03|net"; nocase; ) # 1pk0c1g2u00y3mi5fjh1f1g8b3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pk0c1g2u00y3mi5fjh1f1g8b3|03|org"; nocase; ) # 1l6iezy7hcvb4bcoaqlmvk7za.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l6iezy7hcvb4bcoaqlmvk7za|03|net"; nocase; ) # 14wbgjd101t3jdjnbqac1ww9ep9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wbgjd101t3jdjnbqac1ww9ep9|03|com"; nocase; ) # gkxdop1ivlnoiv3j05muluw0j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gkxdop1ivlnoiv3j05muluw0j|03|net"; nocase; ) # kvluys1m4wfs41adkz8l1c23or5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kvluys1m4wfs41adkz8l1c23or5|03|com"; nocase; ) # 18adqkbwl9c0hkh0xtq1x53big.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18adqkbwl9c0hkh0xtq1x53big|03|net"; nocase; ) # bfxwt915qkjia1gif5zi1qa8krr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bfxwt915qkjia1gif5zi1qa8krr|03|net"; nocase; ) # 1unvvky1059i3z15rylx518seqvm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1unvvky1059i3z15rylx518seqvm|03|biz"; nocase; ) # 516v8mik1zmg3c1dso1tqupey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|516v8mik1zmg3c1dso1tqupey|03|org"; nocase; ) # 1ehry5n1jfu8kx1sd4q1mtz4y46.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ehry5n1jfu8kx1sd4q1mtz4y46|03|com"; nocase; ) # 1uejeqt1pcanvf1qupgxovocdl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uejeqt1pcanvf1qupgxovocdl9|03|net"; nocase; ) # xljgbo1psl5du10mq8p13ojb63.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xljgbo1psl5du10mq8p13ojb63|03|biz"; nocase; ) # bvv3z3158gupa166a7lwaie1uo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bvv3z3158gupa166a7lwaie1uo|03|com"; nocase; ) # hle89rqpvq3bbu107bwyi88f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hle89rqpvq3bbu107bwyi88f|03|org"; nocase; ) # 11ukb5o1w2zszuz10410snz2eh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ukb5o1w2zszuz10410snz2eh|03|org"; nocase; ) # y2qixj18g067b1w4bozm1wo9ocy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y2qixj18g067b1w4bozm1wo9ocy|03|org"; nocase; ) # 1q0qxqgriieod3xtg9j1d8apsi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q0qxqgriieod3xtg9j1d8apsi|03|biz"; nocase; ) # 41phc1v2kzizz5il3q1s2af2t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|41phc1v2kzizz5il3q1s2af2t|03|biz"; nocase; ) # qv27s91a53ohd1cbnom11fq9ph3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qv27s91a53ohd1cbnom11fq9ph3|03|net"; nocase; ) # u93hne8mp5s11dxi0a41a5s2qd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u93hne8mp5s11dxi0a41a5s2qd|03|com"; nocase; ) # 1d3oqv2ihy5k81wv3nwq1hmg6qh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d3oqv2ihy5k81wv3nwq1hmg6qh|03|biz"; nocase; ) # irklj31c2xkpk1d8s8wggehj07.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|irklj31c2xkpk1d8s8wggehj07|03|org"; nocase; ) # 76uk9z1krwgp61d6gp3pnqaj17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|76uk9z1krwgp61d6gp3pnqaj17|03|org"; nocase; ) # 79904b1bhs50n1832dkaz2sbme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79904b1bhs50n1832dkaz2sbme|03|org"; nocase; ) # gj3hadhzdtgefikzgg1des57.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gj3hadhzdtgefikzgg1des57|03|net"; nocase; ) # 1l47ubb1k4nxovox9xtd3dgmit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l47ubb1k4nxovox9xtd3dgmit|03|net"; nocase; ) # 1r2dbecbkkj1niev8m3qmyamp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r2dbecbkkj1niev8m3qmyamp|03|biz"; nocase; ) # 12s9wwz1xtd886fbf4c61famevx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12s9wwz1xtd886fbf4c61famevx|03|net"; nocase; ) # dxsysgezxg898fvfjerznhkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dxsysgezxg898fvfjerznhkn|03|com"; nocase; ) # 1luaomj1wx4mkskzg9ig1neu15o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1luaomj1wx4mkskzg9ig1neu15o|03|org"; nocase; ) # 1dt66f12ksazm1x1daixl1fz2d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dt66f12ksazm1x1daixl1fz2d|03|com"; nocase; ) # 16zprfybscfkv1lazi721k4aguv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16zprfybscfkv1lazi721k4aguv|03|net"; nocase; ) # 1pz5413cm78s91o7vjtitahtf9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pz5413cm78s91o7vjtitahtf9|03|biz"; nocase; ) # l57rdn1c7mi45lkp73ge8o66f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l57rdn1c7mi45lkp73ge8o66f|03|net"; nocase; ) # 1k919p354cm3qybah4e1ttzjc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k919p354cm3qybah4e1ttzjc5|03|net"; nocase; ) # 98h6p9ts5sveugj8yo183edh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98h6p9ts5sveugj8yo183edh6|03|biz"; nocase; ) # 1hddji81xe40tsmd8m631efc6tt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hddji81xe40tsmd8m631efc6tt|03|net"; nocase; ) # ce3ckb68m6asl26fyxt9xmqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ce3ckb68m6asl26fyxt9xmqj|03|org"; nocase; ) # 1fwa7uku33k8nvvhvodcybft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fwa7uku33k8nvvhvodcybft|03|com"; nocase; ) # 13fxqb010fvzv3uyx3tnb7tgl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13fxqb010fvzv3uyx3tnb7tgl8|03|com"; nocase; ) # z1x616mr9a5l15hb2h6ufxbc8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z1x616mr9a5l15hb2h6ufxbc8|03|com"; nocase; ) # thux1xjby0klz07dwq1phtqwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thux1xjby0klz07dwq1phtqwi|03|net"; nocase; ) # wx84bs5blzy42ef0ye15x43u9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wx84bs5blzy42ef0ye15x43u9|03|net"; nocase; ) # 1h74ufb1o6arxy1a20md2w5md5g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h74ufb1o6arxy1a20md2w5md5g|03|com"; nocase; ) # e9gpnxwvkizj11v7so91otv52n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e9gpnxwvkizj11v7so91otv52n|03|com"; nocase; ) # y6pxcxz464iz1mokwhw9yxrjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y6pxcxz464iz1mokwhw9yxrjs|03|org"; nocase; ) # 1qcayfifvls4tsfrxqn1y0eslc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qcayfifvls4tsfrxqn1y0eslc|03|biz"; nocase; ) # 1w2fac6tcmr3e7hly28rkg885.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w2fac6tcmr3e7hly28rkg885|03|net"; nocase; ) # nsyzyxro8auhecj06e9yk3gd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nsyzyxro8auhecj06e9yk3gd|03|com"; nocase; ) # 1y8o9arq4xl4k8z5lln19uozo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y8o9arq4xl4k8z5lln19uozo8|03|net"; nocase; ) # 1e9qh37mk1r8314my3rh1s48z2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e9qh37mk1r8314my3rh1s48z2p|03|org"; nocase; ) # 1qgwxq01n73vimbhfoa711slrjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qgwxq01n73vimbhfoa711slrjz|03|org"; nocase; ) # 120ul9co8klcb1y3t3lx1gahrv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|120ul9co8klcb1y3t3lx1gahrv1|03|net"; nocase; ) # rnik4h1luxuhxfonjjt1onnifj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rnik4h1luxuhxfonjjt1onnifj|03|org"; nocase; ) # 1nmay2kvmngdqzsrz2r1go0d4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nmay2kvmngdqzsrz2r1go0d4j|03|com"; nocase; ) # 1jydbfb19yaxil156m86k1out1fa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jydbfb19yaxil156m86k1out1fa|03|org"; nocase; ) # pq2yyo1j05r3d5tft0mtv7vh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pq2yyo1j05r3d5tft0mtv7vh9|03|biz"; nocase; ) # 1kd48rxip8smsjrupicg7tfta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kd48rxip8smsjrupicg7tfta|03|net"; nocase; ) # 1435d594fk7nrx76uf2121dj4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1435d594fk7nrx76uf2121dj4t|03|net"; nocase; ) # ye8k3lf1mmfn17py4d5crc4zr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ye8k3lf1mmfn17py4d5crc4zr|03|com"; nocase; ) # 1qy00iek5g6gs3rm60y1uplw3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qy00iek5g6gs3rm60y1uplw3d|03|com"; nocase; ) # 6cefzbz9w4y2u62ohbz7edry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6cefzbz9w4y2u62ohbz7edry|03|net"; nocase; ) # 1q9oiwk1dmvat6g9y62l14mdj1h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q9oiwk1dmvat6g9y62l14mdj1h|03|net"; nocase; ) # 11on3w41gnunp318w3k72ualmx0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11on3w41gnunp318w3k72ualmx0|03|org"; nocase; ) # 6l1s7kbk1wzs1oo6svo1ib6m6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6l1s7kbk1wzs1oo6svo1ib6m6s|03|com"; nocase; ) # cfwelh1esa31l0183f4li5jn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cfwelh1esa31l0183f4li5jn|03|com"; nocase; ) # 1pct1r1l2wtuswpa5f51ikbz0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pct1r1l2wtuswpa5f51ikbz0b|03|net"; nocase; ) # 1f5jz7yh1fgv41bb72eh1pfbd4x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f5jz7yh1fgv41bb72eh1pfbd4x|03|biz"; nocase; ) # 13p8yg11u8vsfxeowx221ohqgjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13p8yg11u8vsfxeowx221ohqgjc|03|net"; nocase; ) # 11x1g0k1jtyv8dqdjvsy9ddbnd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11x1g0k1jtyv8dqdjvsy9ddbnd|03|org"; nocase; ) # 6xkre91573ef413tr4o51virhtt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6xkre91573ef413tr4o51virhtt|03|biz"; nocase; ) # 8mckpb4eduk51f97obcxihisk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8mckpb4eduk51f97obcxihisk|03|biz"; nocase; ) # kywhm7mtbz9a2ulrnq1a9vh80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kywhm7mtbz9a2ulrnq1a9vh80|03|net"; nocase; ) # lz3vyb1ri4ud81f2t8qz1a1ratt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lz3vyb1ri4ud81f2t8qz1a1ratt|03|org"; nocase; ) # fcbcfnnuy6t1mkv5x5sitwxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fcbcfnnuy6t1mkv5x5sitwxa|03|com"; nocase; ) # 15kwtgyzqi0nz9daaj4ogh10l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15kwtgyzqi0nz9daaj4ogh10l|03|com"; nocase; ) # 6vorf0gvc4jy1lu274ftnehmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6vorf0gvc4jy1lu274ftnehmv|03|org"; nocase; ) # wiby4s3yxllfv6r1lz1cbkdo1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wiby4s3yxllfv6r1lz1cbkdo1|03|biz"; nocase; ) # 1iutfmw1njoqqk1c06cp1s45loj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iutfmw1njoqqk1c06cp1s45loj|03|net"; nocase; ) # zvi2dr14wum46ppnq9bufauio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zvi2dr14wum46ppnq9bufauio|03|org"; nocase; ) # 1gvnkkcoyd16e1ba6gww1x09zym.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gvnkkcoyd16e1ba6gww1x09zym|03|com"; nocase; ) # 86j4azur07tngi3q0vnthasc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|86j4azur07tngi3q0vnthasc|03|net"; nocase; ) # 1pjphay1lgkts5zynoyoqfzbzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pjphay1lgkts5zynoyoqfzbzj|03|biz"; nocase; ) # mda7f9p3cngsmmhde131mubf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mda7f9p3cngsmmhde131mubf|03|net"; nocase; ) # 5nk64n136f80kbwhsno100mh6q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5nk64n136f80kbwhsno100mh6q|03|com"; nocase; ) # 7d008nrjuzcd19n26h3r6iv1z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7d008nrjuzcd19n26h3r6iv1z|03|org"; nocase; ) # 18ykz8p1y8y77zg9m1xv682qaj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ykz8p1y8y77zg9m1xv682qaj|03|net"; nocase; ) # 13k9hrw1688ao414eh2upinvqix.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13k9hrw1688ao414eh2upinvqix|03|biz"; nocase; ) # hr5vkppszifvkdgph817tb17d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hr5vkppszifvkdgph817tb17d|03|org"; nocase; ) # 16z35ix1p4wyb3cogrpd1k9pnmh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16z35ix1p4wyb3cogrpd1k9pnmh|03|biz"; nocase; ) # 15eibbftebzktp6qgdyx2199l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15eibbftebzktp6qgdyx2199l|03|org"; nocase; ) # icj0nb1rtsaja1iaxxk31orx1mu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|icj0nb1rtsaja1iaxxk31orx1mu|03|net"; nocase; ) # 105hzpz1vfisu4jpy10spm4kq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|105hzpz1vfisu4jpy10spm4kq|03|net"; nocase; ) # va3anfm3i5035938i4eiiryh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|va3anfm3i5035938i4eiiryh|03|net"; nocase; ) # 1fm60obaqq07t9jw6ta1hf0c9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fm60obaqq07t9jw6ta1hf0c9a|03|net"; nocase; ) # 147q37g1t9ng64v3f9wfkrg1ry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147q37g1t9ng64v3f9wfkrg1ry|03|com"; nocase; ) # 11x02cnqrndci1vgklq1joc9h8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11x02cnqrndci1vgklq1joc9h8|03|net"; nocase; ) # rentwr76qfz11nz3cwp79p69w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rentwr76qfz11nz3cwp79p69w|03|org"; nocase; ) # avyqyf73jk41s9cvl3zx13ju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|avyqyf73jk41s9cvl3zx13ju|03|net"; nocase; ) # x1fy68qn97ci1ymsadl1oaofbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1fy68qn97ci1ymsadl1oaofbd|03|org"; nocase; ) # o13ggy19cx3qu1oxadm48ihu0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o13ggy19cx3qu1oxadm48ihu0y|03|net"; nocase; ) # 1hyczbuls7gmr45uq0y1girbee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hyczbuls7gmr45uq0y1girbee|03|biz"; nocase; ) # s9ij9m1vg9smp1v2egt41h7rcc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s9ij9m1vg9smp1v2egt41h7rcc5|03|net"; nocase; ) # 9g8mpz7b8pdz1xo5d9dp8s097.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9g8mpz7b8pdz1xo5d9dp8s097|03|net"; nocase; ) # 1j45vhj1oga5851c89mv7822z7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j45vhj1oga5851c89mv7822z7|03|org"; nocase; ) # 1809t0dzoonhs2bt5zj9rcmjy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1809t0dzoonhs2bt5zj9rcmjy|03|net"; nocase; ) # t03jc61fvrgx51r0yn1b1q3c8e3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t03jc61fvrgx51r0yn1b1q3c8e3|03|biz"; nocase; ) # 7ly27510oicor1uprlhje2uw74.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ly27510oicor1uprlhje2uw74|03|org"; nocase; ) # 1revdkhtu27h2vc33cz1wabn5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1revdkhtu27h2vc33cz1wabn5y|03|com"; nocase; ) # 1rcxidj1rpouncvtp4oe17ryqh7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rcxidj1rpouncvtp4oe17ryqh7|03|net"; nocase; ) # w21b8ziffjbk23qd2s14mrgd9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w21b8ziffjbk23qd2s14mrgd9|03|org"; nocase; ) # 9pyfi2e7rco6fu1twx1lz17em.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pyfi2e7rco6fu1twx1lz17em|03|net"; nocase; ) # y2ic5o6ynsjo64o2mh1smure1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2ic5o6ynsjo64o2mh1smure1|03|biz"; nocase; ) # 1s5pu22v8zkjkerxnk0fa975w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s5pu22v8zkjkerxnk0fa975w|03|org"; nocase; ) # ip6fj4sb3l0r1crap961q38o8k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ip6fj4sb3l0r1crap961q38o8k|03|org"; nocase; ) # zkwuo914rhnqf1etlzug1j8idxv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zkwuo914rhnqf1etlzug1j8idxv|03|org"; nocase; ) # 1wkxq8b1vn3rgo1bu67kl1sox7l1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wkxq8b1vn3rgo1bu67kl1sox7l1|03|com"; nocase; ) # s6xm4316ecjpt1jsvyp1rrni2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6xm4316ecjpt1jsvyp1rrni2z|03|org"; nocase; ) # 1f3v8ezkos5v61pgsj76pt1aac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3v8ezkos5v61pgsj76pt1aac|03|com"; nocase; ) # 1xeoczr15q13pp3gzlusa89zwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xeoczr15q13pp3gzlusa89zwk|03|com"; nocase; ) # u7nrvn1ru71qq1jz0mqcymgld1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u7nrvn1ru71qq1jz0mqcymgld1|03|biz"; nocase; ) # q5yxzf1z9zsrgm30o51plij6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q5yxzf1z9zsrgm30o51plij6z|03|net"; nocase; ) # 1fyaimkgww4idy36g6g15i8hba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fyaimkgww4idy36g6g15i8hba|03|com"; nocase; ) # 3fvsyf17c52dv1m3dgbv1gafsje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3fvsyf17c52dv1m3dgbv1gafsje|03|net"; nocase; ) # mrgrqk1rme90s3x0esh197mbt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mrgrqk1rme90s3x0esh197mbt8|03|net"; nocase; ) # 1uks2vn166oa1i9o2yd570itfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uks2vn166oa1i9o2yd570itfa|03|biz"; nocase; ) # ntavlg12h122fdkr8l8lp5mmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ntavlg12h122fdkr8l8lp5mmf|03|net"; nocase; ) # o92b0xbku104gktues1j36bje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o92b0xbku104gktues1j36bje|03|org"; nocase; ) # 1b8wwvt1uyuxre1lr2c8g4wchbk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b8wwvt1uyuxre1lr2c8g4wchbk|03|biz"; nocase; ) # jlimf81p55dkf14nxdrav48qte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jlimf81p55dkf14nxdrav48qte|03|com"; nocase; ) # 8hvo4t1e2h5cg7vd94f3y33m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8hvo4t1e2h5cg7vd94f3y33m|03|net"; nocase; ) # 1e43uj21op4d2xbs2wkl154snwb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e43uj21op4d2xbs2wkl154snwb|03|org"; nocase; ) # j3kl6k10gnga28n6zv1f0eszz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j3kl6k10gnga28n6zv1f0eszz|03|biz"; nocase; ) # iy1zd2j330s21bc3cp9ifc4nl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iy1zd2j330s21bc3cp9ifc4nl|03|org"; nocase; ) # 1y36a7k1s868o5awanj91kp9yf2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y36a7k1s868o5awanj91kp9yf2|03|com"; nocase; ) # 18myhkad8kina1knxzryvq9jqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18myhkad8kina1knxzryvq9jqa|03|org"; nocase; ) # 1fft35tyty18bqatvqx1pdixdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fft35tyty18bqatvqx1pdixdw|03|net"; nocase; ) # 17eil5h6rnexo13jj4tf1ym6g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17eil5h6rnexo13jj4tf1ym6g|03|net"; nocase; ) # 1gvm6rp2so29fl3vgip16qd3bp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gvm6rp2so29fl3vgip16qd3bp|03|org"; nocase; ) # 7yvpauvsn1cm1ve6r23eu5t7n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7yvpauvsn1cm1ve6r23eu5t7n|03|biz"; nocase; ) # wncpqcwpqcvt1n3om8x12weqht.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wncpqcwpqcvt1n3om8x12weqht|03|biz"; nocase; ) # 1n7bt7ziu3br2onz6hh37e9oy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n7bt7ziu3br2onz6hh37e9oy|03|net"; nocase; ) # 1ixfkn11pir2vvsquuctx0d0og.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixfkn11pir2vvsquuctx0d0og|03|biz"; nocase; ) # 11yawcq1xq4a2k155jbbp1fopqco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11yawcq1xq4a2k155jbbp1fopqco|03|net"; nocase; ) # jkqe0c1lxnfzu1lk7hf1rhzais.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jkqe0c1lxnfzu1lk7hf1rhzais|03|com"; nocase; ) # 12bs17t14m9xdn9abdi1pyp5y3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12bs17t14m9xdn9abdi1pyp5y3|03|biz"; nocase; ) # 17g68ys1g3i2hd1ur0hhy3lp55z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17g68ys1g3i2hd1ur0hhy3lp55z|03|org"; nocase; ) # 1lniy7qwcg5wv1pblgk01y7jopn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lniy7qwcg5wv1pblgk01y7jopn|03|net"; nocase; ) # aur1tl124iy7qv5vhzo113kh7f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aur1tl124iy7qv5vhzo113kh7f|03|org"; nocase; ) # ls4wjc1m2fpmjw2tte41pwigzr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ls4wjc1m2fpmjw2tte41pwigzr|03|com"; nocase; ) # pr455j13c6dki1prkhsm9zz7t6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pr455j13c6dki1prkhsm9zz7t6|03|biz"; nocase; ) # ih9t5le6ksc44hu03d1exqkwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ih9t5le6ksc44hu03d1exqkwh|03|org"; nocase; ) # 1coj1f1164ov0u7y7lzoj1o5tp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1coj1f1164ov0u7y7lzoj1o5tp|03|net"; nocase; ) # 1s59xt3us73icf7ji1m15uza5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s59xt3us73icf7ji1m15uza5t|03|com"; nocase; ) # pfyezkptof31i7x4q2p03vpf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pfyezkptof31i7x4q2p03vpf|03|org"; nocase; ) # rkkdm91obmhez1lqptrorktubs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rkkdm91obmhez1lqptrorktubs|03|org"; nocase; ) # z9uct810icnov1fkj5lc1gbd2jx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z9uct810icnov1fkj5lc1gbd2jx|03|com"; nocase; ) # re9hvl1asnqkc4i96de6bt6o5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|re9hvl1asnqkc4i96de6bt6o5|03|net"; nocase; ) # uiccdxkhigav1kpsu0r1k76kl1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uiccdxkhigav1kpsu0r1k76kl1|03|org"; nocase; ) # 1hkjgnp11nlwg6143lgpv1o2re8a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hkjgnp11nlwg6143lgpv1o2re8a|03|biz"; nocase; ) # ewml1dy5kuwx1tb2vcr1j5ycsr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ewml1dy5kuwx1tb2vcr1j5ycsr|03|org"; nocase; ) # eva69o1w61b703hqyhw1yqb5qb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eva69o1w61b703hqyhw1yqb5qb|03|com"; nocase; ) # 2dn61n1biv3fq1mgelq21e0l23g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2dn61n1biv3fq1mgelq21e0l23g|03|org"; nocase; ) # yfutj31tj0p9tyyq9ongvohqx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yfutj31tj0p9tyyq9ongvohqx|03|org"; nocase; ) # jopze31w9o6bvzwvefafxobi0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jopze31w9o6bvzwvefafxobi0|03|org"; nocase; ) # 1aelnhq1dui5s5xmme1415i80tq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aelnhq1dui5s5xmme1415i80tq|03|net"; nocase; ) # 1s3hwlz1nvt0bt1g62laixnvv2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3hwlz1nvt0bt1g62laixnvv2s|03|com"; nocase; ) # 31z1m14piv1y88mpgxem4vt0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|31z1m14piv1y88mpgxem4vt0|03|org"; nocase; ) # 4doxtw73opz0zxqi561stsv8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4doxtw73opz0zxqi561stsv8f|03|net"; nocase; ) # 1bn938z6zmpxf17ren4m1vixz9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bn938z6zmpxf17ren4m1vixz9p|03|net"; nocase; ) # 1dy3cfo184dyth1isq17nvr48l8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dy3cfo184dyth1isq17nvr48l8|03|com"; nocase; ) # rp3uyxiff2601qvscjr1jmak85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rp3uyxiff2601qvscjr1jmak85|03|org"; nocase; ) # 1uvusoox7pziz1xtkzu51ygrbj4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uvusoox7pziz1xtkzu51ygrbj4|03|com"; nocase; ) # 1i65s2b1k0s4by1xju3lq1ey3c5x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i65s2b1k0s4by1xju3lq1ey3c5x|03|net"; nocase; ) # 2btm961cyx30k17binrg1s69t20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2btm961cyx30k17binrg1s69t20|03|com"; nocase; ) # dec2j91wuexv81h0511e1dxj9tr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dec2j91wuexv81h0511e1dxj9tr|03|net"; nocase; ) # mj4xswobqshp75r80ydehd8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mj4xswobqshp75r80ydehd8z|03|com"; nocase; ) # 142giy1hv4hqbecs21epauifa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|142giy1hv4hqbecs21epauifa|03|net"; nocase; ) # cqh35c11zofiy1ol5evb1dctz35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cqh35c11zofiy1ol5evb1dctz35|03|net"; nocase; ) # 6xtp4682qciu976zzr1nahpps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6xtp4682qciu976zzr1nahpps|03|biz"; nocase; ) # h0d4i46d8sc5l8v1r11mismcr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0d4i46d8sc5l8v1r11mismcr|03|com"; nocase; ) # 16t139j5dei7v1dgz5yv9xmhra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16t139j5dei7v1dgz5yv9xmhra|03|net"; nocase; ) # k7kq2g19jt2u6pot73218z8tgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k7kq2g19jt2u6pot73218z8tgb|03|com"; nocase; ) # 1elvtwdu5j0kv1bq688b1f5w0sn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elvtwdu5j0kv1bq688b1f5w0sn|03|org"; nocase; ) # 16gywyrbldsfo11hpiyz8uftz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16gywyrbldsfo11hpiyz8uftz4|03|net"; nocase; ) # 1hmeg5zxbf2r317zmgrk29fcmw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hmeg5zxbf2r317zmgrk29fcmw|03|net"; nocase; ) # f48s5qiiokd07d96qz1tdrwv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f48s5qiiokd07d96qz1tdrwv1|03|net"; nocase; ) # 8zh7slsagt6oucrmgnkdf6u6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8zh7slsagt6oucrmgnkdf6u6|03|org"; nocase; ) # 9tw9gt1u2a0j9g7dbri1it17xj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9tw9gt1u2a0j9g7dbri1it17xj|03|com"; nocase; ) # 11hurtz1l22kl7jc85f71erzlam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hurtz1l22kl7jc85f71erzlam|03|biz"; nocase; ) # zza3a218gbvmo6v02as1fekqtg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zza3a218gbvmo6v02as1fekqtg|03|org"; nocase; ) # 76xnfsqub2b3qrjfn1txjf6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|76xnfsqub2b3qrjfn1txjf6s|03|net"; nocase; ) # 146eufigyhit22li0as1j7mbef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146eufigyhit22li0as1j7mbef|03|org"; nocase; ) # exszbo7af11bqee78d1w0j54c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exszbo7af11bqee78d1w0j54c|03|net"; nocase; ) # jb8xi41tz17zvg8ld1a494lpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jb8xi41tz17zvg8ld1a494lpo|03|com"; nocase; ) # 1hoxx68drziyp1o9yd8x1duy8gs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hoxx68drziyp1o9yd8x1duy8gs|03|org"; nocase; ) # noy9fkw99jhae8jsgx86do9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|noy9fkw99jhae8jsgx86do9|03|com"; nocase; ) # k3eqzmc30nd21y012501wuqwt8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3eqzmc30nd21y012501wuqwt8|03|biz"; nocase; ) # wqsjqjcdpfez1theemo1gsvw58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wqsjqjcdpfez1theemo1gsvw58|03|net"; nocase; ) # 1etk1qm1dwmronnguyt719qjboy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1etk1qm1dwmronnguyt719qjboy|03|net"; nocase; ) # 1fh1fjcwu37kkf1a7h3134yby2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fh1fjcwu37kkf1a7h3134yby2|03|com"; nocase; ) # dza1gb1bof8t842esej1veev6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dza1gb1bof8t842esej1veev6o|03|net"; nocase; ) # nercfn1adsjphqzmkp019goj2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nercfn1adsjphqzmkp019goj2h|03|com"; nocase; ) # zli30m1s0ltc7fgyndiy9oulh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zli30m1s0ltc7fgyndiy9oulh|03|net"; nocase; ) # 1y3jko71n4c0f58b05i18dcpux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y3jko71n4c0f58b05i18dcpux|03|org"; nocase; ) # 18ojrpf1kyo3d4fw95m128rh87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ojrpf1kyo3d4fw95m128rh87|03|org"; nocase; ) # hpyql61oxgj4c2hmjl01x2mjzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hpyql61oxgj4c2hmjl01x2mjzo|03|net"; nocase; ) # 1nggiwrs01v1d1s86yp3z9247d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nggiwrs01v1d1s86yp3z9247d|03|com"; nocase; ) # 1onpjg01j17nii1g7fqc412efqgs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1onpjg01j17nii1g7fqc412efqgs|03|org"; nocase; ) # q30we111s96gwc3utmyql1bh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q30we111s96gwc3utmyql1bh9|03|net"; nocase; ) # 1xcwrswlv7y041ouyxla7izm8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xcwrswlv7y041ouyxla7izm8g|03|org"; nocase; ) # 1fy4wacmliviv1378wv6tebzo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fy4wacmliviv1378wv6tebzo7|03|net"; nocase; ) # 4g7g9r1c1yxr91r2ieukcm5ms0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4g7g9r1c1yxr91r2ieukcm5ms0|03|org"; nocase; ) # 1q859tmkv4uzt1ro7jg5jb8zkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q859tmkv4uzt1ro7jg5jb8zkt|03|com"; nocase; ) # c14w7n1xw3yec3d9e74z1c9jh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c14w7n1xw3yec3d9e74z1c9jh|03|org"; nocase; ) # zh2vcg1k9asl8wcdz4i13yelpj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zh2vcg1k9asl8wcdz4i13yelpj|03|net"; nocase; ) # 4gebcvefxrnqbhjkopg9el2l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4gebcvefxrnqbhjkopg9el2l|03|org"; nocase; ) # 1g9imvk1mixqub1pmbfwd10rqnxz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g9imvk1mixqub1pmbfwd10rqnxz|03|com"; nocase; ) # v5oo0z1adudxd1dp5y781jzwb9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v5oo0z1adudxd1dp5y781jzwb9i|03|net"; nocase; ) # h9j8btqjlldit5pdze1kqgnya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h9j8btqjlldit5pdze1kqgnya|03|org"; nocase; ) # zrtr17s6q6kb1co6qomkhs59r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zrtr17s6q6kb1co6qomkhs59r|03|com"; nocase; ) # 17g35rx1909qjgk40sd71oznl8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17g35rx1909qjgk40sd71oznl8x|03|biz"; nocase; ) # 1mf2v0z1ejb8gt1oztbgf1cszt3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mf2v0z1ejb8gt1oztbgf1cszt3z|03|net"; nocase; ) # 13pxnxi1hhchw3cqh5bg1naf4zo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13pxnxi1hhchw3cqh5bg1naf4zo|03|com"; nocase; ) # nnjbbm1bai4jzdngrggu2werr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nnjbbm1bai4jzdngrggu2werr|03|org"; nocase; ) # 1yi4iikmvgpdz15t4e4a7hp29b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yi4iikmvgpdz15t4e4a7hp29b|03|net"; nocase; ) # 4lrx6f1dw0w8gjcvvletrz8v5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4lrx6f1dw0w8gjcvvletrz8v5|03|biz"; nocase; ) # ve3f7bnda3808lx64ic5q5ep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ve3f7bnda3808lx64ic5q5ep|03|net"; nocase; ) # wv9buguznlmj1xi1mx1atyki1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wv9buguznlmj1xi1mx1atyki1|03|com"; nocase; ) # 164ia2y139ayo8vn6d0muhz58h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|164ia2y139ayo8vn6d0muhz58h|03|org"; nocase; ) # iczvvy6zlohi1py16p3fncbaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iczvvy6zlohi1py16p3fncbaa|03|net"; nocase; ) # 19nxk62y0q69f1yn4gia7uqyti.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19nxk62y0q69f1yn4gia7uqyti|03|biz"; nocase; ) # ocsfjt10jluaswv8y9au651on.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ocsfjt10jluaswv8y9au651on|03|org"; nocase; ) # mdobm61s9y1dq14ups2z1qpz7b5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mdobm61s9y1dq14ups2z1qpz7b5|03|net"; nocase; ) # 108s03c1i4bz9z1w1y8h71wjut5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|108s03c1i4bz9z1w1y8h71wjut5f|03|com"; nocase; ) # 11xiqqw1auu4ymh1s1fc1x7d96n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11xiqqw1auu4ymh1s1fc1x7d96n|03|net"; nocase; ) # 1k42rbfr1pj917a9o78mz8apv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k42rbfr1pj917a9o78mz8apv|03|biz"; nocase; ) # 5h3pmyjnc9m21nopuxx11xsl1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5h3pmyjnc9m21nopuxx11xsl1y|03|net"; nocase; ) # g89ndz162akgl1os0hev12yx9i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g89ndz162akgl1os0hev12yx9i|03|org"; nocase; ) # 1bmexijmprtdbzurdzyxl18g8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bmexijmprtdbzurdzyxl18g8|03|net"; nocase; ) # qdvrf57bbokm34djgnawhc6h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qdvrf57bbokm34djgnawhc6h|03|biz"; nocase; ) # 38kxetoqofex99ypc18slv2d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|38kxetoqofex99ypc18slv2d|03|org"; nocase; ) # 1b3ab5e1rzagix1p3a5xt2q3dkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3ab5e1rzagix1p3a5xt2q3dkk|03|net"; nocase; ) # 1x6ess4129s3cj1gs6c85vrxg6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x6ess4129s3cj1gs6c85vrxg6p|03|com"; nocase; ) # flc0x2lrq671mmcghmj6lz3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|flc0x2lrq671mmcghmj6lz3y|03|com"; nocase; ) # 1wp40x911pf2nhp7p89w5izw10.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wp40x911pf2nhp7p89w5izw10|03|org"; nocase; ) # jbgcur1e7xiugpsz0m11m3uthm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jbgcur1e7xiugpsz0m11m3uthm|03|net"; nocase; ) # kr0yxd1cunmt91g4opr0ewwlml.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kr0yxd1cunmt91g4opr0ewwlml|03|biz"; nocase; ) # phm5ah1jaqzhswljhxnn2i8x3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|phm5ah1jaqzhswljhxnn2i8x3|03|com"; nocase; ) # k8m9yt1649lpr1epeilkc9z967.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k8m9yt1649lpr1epeilkc9z967|03|org"; nocase; ) # 184q82o2waxdt1c6lw676zrez1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184q82o2waxdt1c6lw676zrez1|03|org"; nocase; ) # spit81qj7ajippnjlgui7jn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|spit81qj7ajippnjlgui7jn|03|net"; nocase; ) # 1g0ix3n6ygfcu1m2ca0p7ziebm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g0ix3n6ygfcu1m2ca0p7ziebm|03|org"; nocase; ) # pjamtk1sshp2213qnpls5knyjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pjamtk1sshp2213qnpls5knyjl|03|net"; nocase; ) # 92sp864kf8zf1v9za4kpcwftf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92sp864kf8zf1v9za4kpcwftf|03|net"; nocase; ) # 1xl3imqdccqsr1bni6p5mdgepd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xl3imqdccqsr1bni6p5mdgepd|03|biz"; nocase; ) # r60bqi12xt7hp1bpn3bw1izcmjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r60bqi12xt7hp1bpn3bw1izcmjq|03|net"; nocase; ) # 117qkuv3ylfda1sqx16l1fu2x9o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|117qkuv3ylfda1sqx16l1fu2x9o|03|com"; nocase; ) # w58qoh12ongwq17oap89bsb9zw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w58qoh12ongwq17oap89bsb9zw|03|net"; nocase; ) # 1f15k6h12hb83ygt9n8yvhrea7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f15k6h12hb83ygt9n8yvhrea7|03|net"; nocase; ) # 1iumh281kfny0zo8p5yzvk2pzv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iumh281kfny0zo8p5yzvk2pzv|03|biz"; nocase; ) # 1yz7f0ds7dwop4w4xvltjd373.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yz7f0ds7dwop4w4xvltjd373|03|org"; nocase; ) # 451plm10lw2031f321fw1ij2jyy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|451plm10lw2031f321fw1ij2jyy|03|org"; nocase; ) # p7427kdpr1of1rzlxu61u8efno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7427kdpr1of1rzlxu61u8efno|03|com"; nocase; ) # 1ad9hk1124vm3s1axldr41n6om5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ad9hk1124vm3s1axldr41n6om5f|03|org"; nocase; ) # 15nvafz1dcukzq1pxx7b7j5f8gd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15nvafz1dcukzq1pxx7b7j5f8gd|03|com"; nocase; ) # 1rad1slj3zufy1sbusjp1z0izth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rad1slj3zufy1sbusjp1z0izth|03|org"; nocase; ) # 93pzxs1y29rzm4e4hgyh6ahh7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93pzxs1y29rzm4e4hgyh6ahh7|03|biz"; nocase; ) # vmm4xdlaln6s1g3ujhwthqqnr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vmm4xdlaln6s1g3ujhwthqqnr|03|biz"; nocase; ) # 16a5az11u4qwdcg3o19t1tlr4yu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16a5az11u4qwdcg3o19t1tlr4yu|03|net"; nocase; ) # t99l6d1i7574r1tli5lt1smcsvt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t99l6d1i7574r1tli5lt1smcsvt|03|net"; nocase; ) # o2edpf1pclv0nnwrb0uokhlf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o2edpf1pclv0nnwrb0uokhlf|03|com"; nocase; ) # 1khlsfi1aflqj1vxp6he17ygmr2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1khlsfi1aflqj1vxp6he17ygmr2|03|biz"; nocase; ) # 41aw4q103kmfy2p4bzy1vlzq9g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|41aw4q103kmfy2p4bzy1vlzq9g|03|net"; nocase; ) # kazg2swqcgrd7t5b3d16tve3r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kazg2swqcgrd7t5b3d16tve3r|03|org"; nocase; ) # 1e82d4fd3fi7cn3c8541y8f7gz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e82d4fd3fi7cn3c8541y8f7gz|03|net"; nocase; ) # 1h3l60bnb0sp94ywqh0117er9h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h3l60bnb0sp94ywqh0117er9h|03|org"; nocase; ) # 1p27gh41da8fqbkbqadj1ixu8cr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p27gh41da8fqbkbqadj1ixu8cr|03|net"; nocase; ) # 1yn8ja3199vv5hcxpdnjy2e1qc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yn8ja3199vv5hcxpdnjy2e1qc|03|com"; nocase; ) # k0883k11iyking5ndry894xq7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k0883k11iyking5ndry894xq7|03|org"; nocase; ) # i5umj61xtq1t019bswjqf4qb5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5umj61xtq1t019bswjqf4qb5i|03|org"; nocase; ) # b8qdsnon3cvkm8p8ua19d5ihp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b8qdsnon3cvkm8p8ua19d5ihp|03|org"; nocase; ) # na0ig9fvfmrj1n12tsz9o605c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|na0ig9fvfmrj1n12tsz9o605c|03|net"; nocase; ) # 1hxxop510402bhkq61a01ff3g17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hxxop510402bhkq61a01ff3g17|03|org"; nocase; ) # 18xo2lbndm8ei8pu42ba5ltv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18xo2lbndm8ei8pu42ba5ltv7|03|net"; nocase; ) # 1rhzh2ukqzaojbelqba175l1w8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rhzh2ukqzaojbelqba175l1w8|03|biz"; nocase; ) # fg3nq61nbk6itvm78k710es5em.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fg3nq61nbk6itvm78k710es5em|03|org"; nocase; ) # fj1m1q13a3fiozfmr7r4ka3u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fj1m1q13a3fiozfmr7r4ka3u|03|biz"; nocase; ) # 59hbb31gm4fqp1yf2i3s10zq61j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|59hbb31gm4fqp1yf2i3s10zq61j|03|org"; nocase; ) # 8rqdub1eq41uzmkwckix9m6z3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8rqdub1eq41uzmkwckix9m6z3|03|net"; nocase; ) # jxqbpq54wznwcla2lvgi7747.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jxqbpq54wznwcla2lvgi7747|03|net"; nocase; ) # 1ozor8uu5syw811v7az84k410.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ozor8uu5syw811v7az84k410|03|net"; nocase; ) # 165y0bufk5z0kz40t27gpl0x4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|165y0bufk5z0kz40t27gpl0x4|03|biz"; nocase; ) # yjny641dho68v193zznndcm666.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yjny641dho68v193zznndcm666|03|com"; nocase; ) # 15m8eaq1j76850qkncghetat5v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15m8eaq1j76850qkncghetat5v|03|biz"; nocase; ) # pnh5581qydo4say1l6h8hav8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pnh5581qydo4say1l6h8hav8k|03|biz"; nocase; ) # lz22uf1su061g95cs4vzzkklk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lz22uf1su061g95cs4vzzkklk|03|net"; nocase; ) # 6fjdhh1owmoc43o8vqsnluljb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6fjdhh1owmoc43o8vqsnluljb|03|net"; nocase; ) # ygg03x8wus241sm33uy3rnijo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ygg03x8wus241sm33uy3rnijo|03|com"; nocase; ) # 1b7il3ss601r1ci3u5j1ayvt3x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b7il3ss601r1ci3u5j1ayvt3x|03|net"; nocase; ) # 1jqnjk1k2w6i718yx58o12clqdm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jqnjk1k2w6i718yx58o12clqdm|03|biz"; nocase; ) # uls7dj1gqw90tmrcqur6i2472.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uls7dj1gqw90tmrcqur6i2472|03|org"; nocase; ) # 4n2ewz12w35yv1691xii1f0c0sz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4n2ewz12w35yv1691xii1f0c0sz|03|net"; nocase; ) # 1eglaeb1sjjgyynf3zr810gct2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eglaeb1sjjgyynf3zr810gct2w|03|org"; nocase; ) # u18ttsdg2uup13q6xax1vx005l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u18ttsdg2uup13q6xax1vx005l|03|com"; nocase; ) # 1965qsk188ah9r8o3sizyn5w3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1965qsk188ah9r8o3sizyn5w3c|03|net"; nocase; ) # 6o4hbj1bb0dkp1osxs0t4b1a5m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6o4hbj1bb0dkp1osxs0t4b1a5m|03|biz"; nocase; ) # 1jidmbual5wkaebv2qy1xfn3x6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jidmbual5wkaebv2qy1xfn3x6|03|com"; nocase; ) # u43ndm1iog8au1dvdwb10kap8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u43ndm1iog8au1dvdwb10kap8|03|org"; nocase; ) # 1qfgm025hpg8yyj4ldqfz2bsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfgm025hpg8yyj4ldqfz2bsv|03|net"; nocase; ) # 1lgp4kcyy4fyxez56g81pif974.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lgp4kcyy4fyxez56g81pif974|03|com"; nocase; ) # 1y7tzvdz2es8a19qgeiojqdra4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y7tzvdz2es8a19qgeiojqdra4|03|com"; nocase; ) # pqw6xsca2smq16hewz6dibh0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pqw6xsca2smq16hewz6dibh0g|03|biz"; nocase; ) # m3sybc16rir9og46bnq1ighyhj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m3sybc16rir9og46bnq1ighyhj|03|net"; nocase; ) # cs4snjfwfnnpluqqog10znf1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs4snjfwfnnpluqqog10znf1f|03|net"; nocase; ) # jnwqvs13g1dm21psigtnkelr4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnwqvs13g1dm21psigtnkelr4t|03|org"; nocase; ) # 1ipaiphbxiwx3102vq6vl924nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ipaiphbxiwx3102vq6vl924nf|03|com"; nocase; ) # 1u86bwb1lxv5e31p0tcbm1b5bpop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u86bwb1lxv5e31p0tcbm1b5bpop|03|net"; nocase; ) # 1jir2tlqn5jcz1hlbt1n1mypif8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jir2tlqn5jcz1hlbt1n1mypif8|03|org"; nocase; ) # 1xe7rq4xlqz6m1ok0rosv4715k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xe7rq4xlqz6m1ok0rosv4715k|03|biz"; nocase; ) # 3sn3djceem2o1gboep8yh5rm7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3sn3djceem2o1gboep8yh5rm7|03|net"; nocase; ) # n3b4k913rlkg3xrh6hcsu96ko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n3b4k913rlkg3xrh6hcsu96ko|03|net"; nocase; ) # 9m8ie81yg7daiw53oeu1ebo3su.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9m8ie81yg7daiw53oeu1ebo3su|03|biz"; nocase; ) # 1vrsy5t4zgc2j14j9i3k1h0c84u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vrsy5t4zgc2j14j9i3k1h0c84u|03|com"; nocase; ) # kum8ob1qercdz12h8nr01wca2ut.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kum8ob1qercdz12h8nr01wca2ut|03|biz"; nocase; ) # 1j4l6451ri45xtftyt04xte9xn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j4l6451ri45xtftyt04xte9xn|03|net"; nocase; ) # hlfj44c7sdovekc77t1g6paso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hlfj44c7sdovekc77t1g6paso|03|net"; nocase; ) # qo29vo1tvtx1l1leagi41ukrbzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qo29vo1tvtx1l1leagi41ukrbzj|03|biz"; nocase; ) # 1uuhqil1strhlqrsq00s1cckkhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uuhqil1strhlqrsq00s1cckkhn|03|net"; nocase; ) # perpjfgcqngn1dbungx53nnhk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|perpjfgcqngn1dbungx53nnhk|03|org"; nocase; ) # 5g69y51al3bjs1r3j0an1ilvgov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5g69y51al3bjs1r3j0an1ilvgov|03|com"; nocase; ) # 1vzmeef12y5l9h190ox5cgzreyb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vzmeef12y5l9h190ox5cgzreyb|03|biz"; nocase; ) # 1jltsoi1qqsf94eifmqv69v4ap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jltsoi1qqsf94eifmqv69v4ap|03|com"; nocase; ) # am495pns7xvxr2ki5614wk0yt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|am495pns7xvxr2ki5614wk0yt|03|org"; nocase; ) # pcdwrm1epvqlo1eibd5h108sb1w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pcdwrm1epvqlo1eibd5h108sb1w|03|org"; nocase; ) # 14h3htb953k15cldzqx1iokd6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14h3htb953k15cldzqx1iokd6i|03|net"; nocase; ) # 1a8f8nnwleq8t18hzx03x05qfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a8f8nnwleq8t18hzx03x05qfa|03|org"; nocase; ) # 1sxu1yn18itothxna5r31l3oopl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sxu1yn18itothxna5r31l3oopl|03|net"; nocase; ) # 1mmzg5gt8y1r6c4mndcxg8yq4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mmzg5gt8y1r6c4mndcxg8yq4|03|com"; nocase; ) # aroud81kuhtst1jacxtiy83osh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aroud81kuhtst1jacxtiy83osh|03|biz"; nocase; ) # 31rzsqx6ks9pu9dznl1v5cmlc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|31rzsqx6ks9pu9dznl1v5cmlc|03|com"; nocase; ) # 1etthid1fnldnt1qm75ls16pb3ho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1etthid1fnldnt1qm75ls16pb3ho|03|net"; nocase; ) # 1db1tu01hgnr151uwhhlu1w8r6no.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1db1tu01hgnr151uwhhlu1w8r6no|03|net"; nocase; ) # tfzbqu1iibhm114rg8ph1391i3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tfzbqu1iibhm114rg8ph1391i3g|03|org"; nocase; ) # 1dlq9ks7g2gt7lgzhnv1vgurpl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlq9ks7g2gt7lgzhnv1vgurpl|03|org"; nocase; ) # 1ybl60s1ullxa9sqnkkh1f73i27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybl60s1ullxa9sqnkkh1f73i27|03|net"; nocase; ) # 12racqjy2weoohua87esit8ht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12racqjy2weoohua87esit8ht|03|org"; nocase; ) # s81ubv39pnjd1pqg6rj1rz9dl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s81ubv39pnjd1pqg6rj1rz9dl4|03|com"; nocase; ) # 12ptxg0uc097238y817l0bves.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ptxg0uc097238y817l0bves|03|net"; nocase; ) # 1qnl0h54arcz117p1epd1l97f9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qnl0h54arcz117p1epd1l97f9e|03|com"; nocase; ) # 1h30xdj1gx6a6sqbx3qb1a015zt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h30xdj1gx6a6sqbx3qb1a015zt|03|org"; nocase; ) # 1rzedlxt0ol7r1v16ormng8ai.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rzedlxt0ol7r1v16ormng8ai|03|biz"; nocase; ) # 1v8r9ar1jjh74ix01d4mxk4tt7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v8r9ar1jjh74ix01d4mxk4tt7|03|biz"; nocase; ) # 1pd1tcl5nf29fnnlsclicmb9n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pd1tcl5nf29fnnlsclicmb9n|03|com"; nocase; ) # 1g23f801vpk41w15e6phf8nhxa2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g23f801vpk41w15e6phf8nhxa2|03|org"; nocase; ) # 1agmxz01letcvxak537msa1em6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1agmxz01letcvxak537msa1em6|03|com"; nocase; ) # 1l11aep1506gp79vfwwoddewjw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l11aep1506gp79vfwwoddewjw|03|biz"; nocase; ) # 1ic362r7hqxkj1wdk9jssa7r8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ic362r7hqxkj1wdk9jssa7r8z|03|org"; nocase; ) # 13ywyhg1eza1dz3jyf8pl57ozy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ywyhg1eza1dz3jyf8pl57ozy|03|org"; nocase; ) # 1ay8vjcdalnnu1mj22r01otzo92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ay8vjcdalnnu1mj22r01otzo92|03|net"; nocase; ) # 1chcwfu1tfqbxav1zzuhwu90zz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1chcwfu1tfqbxav1zzuhwu90zz|03|biz"; nocase; ) # 1oxb41tpq5qzn1ki6cwge12ins.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oxb41tpq5qzn1ki6cwge12ins|03|net"; nocase; ) # zt7yztn76po1tag9dy1sqabce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zt7yztn76po1tag9dy1sqabce|03|org"; nocase; ) # 1p15rgd77g6fe16st1utm4r4am.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p15rgd77g6fe16st1utm4r4am|03|com"; nocase; ) # 18i6q3mhpdcmt18mszp1kg1jb9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18i6q3mhpdcmt18mszp1kg1jb9|03|biz"; nocase; ) # 9c0nb91azc2tzru73fj6z7avk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9c0nb91azc2tzru73fj6z7avk|03|net"; nocase; ) # 1fo39h72uyljon4c2tr288tzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fo39h72uyljon4c2tr288tzo|03|net"; nocase; ) # 11u9b1r1hb1o4d1foqzfgwx9ncc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11u9b1r1hb1o4d1foqzfgwx9ncc|03|net"; nocase; ) # 1gm7lcj9im938yrcozbacsdtm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gm7lcj9im938yrcozbacsdtm|03|com"; nocase; ) # 1uoeh1t1srfvexkboolx1ubokaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uoeh1t1srfvexkboolx1ubokaw|03|net"; nocase; ) # 13mk17t1r1nz4gpvpd1jq6nv3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13mk17t1r1nz4gpvpd1jq6nv3y|03|com"; nocase; ) # 1337bf41ndow161hoajrsl9h7gr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1337bf41ndow161hoajrsl9h7gr|03|biz"; nocase; ) # 1fvojva1kzsdsp16kyrgk1rfhny0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fvojva1kzsdsp16kyrgk1rfhny0|03|net"; nocase; ) # 7tzwpjo9uhw21r6mvny1t9pj5h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7tzwpjo9uhw21r6mvny1t9pj5h|03|org"; nocase; ) # iainwfwo0kwhjtan67mgd4el.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iainwfwo0kwhjtan67mgd4el|03|org"; nocase; ) # 1hrbe4v16gid83w43atlrwfd5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hrbe4v16gid83w43atlrwfd5z|03|com"; nocase; ) # wf8r8vfnouwp1fewz1wjpe68q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wf8r8vfnouwp1fewz1wjpe68q|03|biz"; nocase; ) # zce02i5zb2wf3gc44g14ag17y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zce02i5zb2wf3gc44g14ag17y|03|net"; nocase; ) # 1r9dmmubcipeu33mwb9nz8hds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r9dmmubcipeu33mwb9nz8hds|03|com"; nocase; ) # ydbceo8pzvo41nhopyy2ssq4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ydbceo8pzvo41nhopyy2ssq4a|03|net"; nocase; ) # ss3q1f1jcox1e2nt44d4pxase.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ss3q1f1jcox1e2nt44d4pxase|03|org"; nocase; ) # trlzuz15yhtle1m0boqjwg0p6n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|trlzuz15yhtle1m0boqjwg0p6n|03|biz"; nocase; ) # ub8n381cm1pmvn489knqoavwx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ub8n381cm1pmvn489knqoavwx|03|org"; nocase; ) # 5ltkni85e473je8cq61b1ziji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ltkni85e473je8cq61b1ziji|03|com"; nocase; ) # toex9ac8jitv1wrzz9z8s6s0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|toex9ac8jitv1wrzz9z8s6s0g|03|biz"; nocase; ) # 1nufgqb1j6v37r4tnhmfam05hq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nufgqb1j6v37r4tnhmfam05hq|03|org"; nocase; ) # 1cwed0v1a43lha1318xoankoom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cwed0v1a43lha1318xoankoom|03|org"; nocase; ) # 34ohja17b2yay1y7o2lq1bdcibe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|34ohja17b2yay1y7o2lq1bdcibe|03|net"; nocase; ) # 1r00j1eh3015ijnvsi516v40ks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r00j1eh3015ijnvsi516v40ks|03|com"; nocase; ) # 37plk512ujffa1xau9uq11wpvzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|37plk512ujffa1xau9uq11wpvzj|03|biz"; nocase; ) # etqijx1p16vlkyaxkz11sgol1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|etqijx1p16vlkyaxkz11sgol1o|03|net"; nocase; ) # x5wp19vwh82pz29ljg1hvm96q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5wp19vwh82pz29ljg1hvm96q|03|org"; nocase; ) # kpx9l11o42n9eea0nweva0kk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kpx9l11o42n9eea0nweva0kk5|03|com"; nocase; ) # 5yrmas11bevpp1klc2i81xgqowy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5yrmas11bevpp1klc2i81xgqowy|03|biz"; nocase; ) # 1c43hs7gflpez18fje8fdgpg82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c43hs7gflpez18fje8fdgpg82|03|org"; nocase; ) # boo7nl7t1w8gs69hvl1ebqbdb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|boo7nl7t1w8gs69hvl1ebqbdb|03|org"; nocase; ) # 1fycjd418ptwgzhvo858go169v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fycjd418ptwgzhvo858go169v|03|org"; nocase; ) # 1b13gjizlebf11kgofyy150o9ei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b13gjizlebf11kgofyy150o9ei|03|com"; nocase; ) # 16tfwoh1wwcnywl9q42av4psug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16tfwoh1wwcnywl9q42av4psug|03|com"; nocase; ) # 4qgjpq1pq8erktbhfxv25q5eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4qgjpq1pq8erktbhfxv25q5eb|03|net"; nocase; ) # 4q6af79ne8lbg98hce1i2dfn3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4q6af79ne8lbg98hce1i2dfn3|03|com"; nocase; ) # 65vfe010dazvl1iuw1tr10cqrvz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|65vfe010dazvl1iuw1tr10cqrvz|03|biz"; nocase; ) # 32q3jz1wr1ruo1ilw1nel5r7bj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|32q3jz1wr1ruo1ilw1nel5r7bj|03|biz"; nocase; ) # b4rk5g1mtxzjb1f9azqi1b26dpy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b4rk5g1mtxzjb1f9azqi1b26dpy|03|net"; nocase; ) # 1433mxk1y3f8yi1oaycz8w6hffb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1433mxk1y3f8yi1oaycz8w6hffb|03|biz"; nocase; ) # eg50tqejb57h1y3ba2miia2ns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eg50tqejb57h1y3ba2miia2ns|03|com"; nocase; ) # 1frr5co187bfr31sb2ifp22igw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1frr5co187bfr31sb2ifp22igw6|03|net"; nocase; ) # 7y3d7x57nnvr15t2yuy1wgkfm1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7y3d7x57nnvr15t2yuy1wgkfm1|03|net"; nocase; ) # oxsw4cp6q60yj7to11767dnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oxsw4cp6q60yj7to11767dnj|03|net"; nocase; ) # 1x0t26w1xpehv5d2lfo31y7rfsw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x0t26w1xpehv5d2lfo31y7rfsw|03|com"; nocase; ) # 17e88a558ge7o1vjrb8nk78yj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e88a558ge7o1vjrb8nk78yj7|03|com"; nocase; ) # 1vnuzfywft8lgasrci51spo1hd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vnuzfywft8lgasrci51spo1hd|03|org"; nocase; ) # 19uwnv1itt5pe1pcog0k1rq98rw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19uwnv1itt5pe1pcog0k1rq98rw|03|net"; nocase; ) # 7u13dya5nham1pqdc802ho8ui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7u13dya5nham1pqdc802ho8ui|03|biz"; nocase; ) # 1ab2rrc1ubg627obzyaand59wf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ab2rrc1ubg627obzyaand59wf|03|com"; nocase; ) # 1qyqnxucnrg1dqom6wz17oeffl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qyqnxucnrg1dqom6wz17oeffl|03|net"; nocase; ) # 5vfcriaw22mutodyy81p93ps1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5vfcriaw22mutodyy81p93ps1|03|net"; nocase; ) # brcve11cakz9dn012w91mvuwb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|brcve11cakz9dn012w91mvuwb3|03|net"; nocase; ) # cd9qk1f31hr6lu15zvvk1fqu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cd9qk1f31hr6lu15zvvk1fqu|03|org"; nocase; ) # oy9kemzrlxp11ijdxb9126gak1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oy9kemzrlxp11ijdxb9126gak1|03|com"; nocase; ) # 1emigwqqhhf7l16xvmgh1q1bfbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1emigwqqhhf7l16xvmgh1q1bfbu|03|net"; nocase; ) # f0a9sxw43tr01o6g0cvw92jck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f0a9sxw43tr01o6g0cvw92jck|03|net"; nocase; ) # jv9hrz1fs0b8q1bo0qji5t4nhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jv9hrz1fs0b8q1bo0qji5t4nhl|03|net"; nocase; ) # qidwgbmxxnfkm996n59jf4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qidwgbmxxnfkm996n59jf4h|03|net"; nocase; ) # rwrpl3i7sqhi1tz78qk9jky95.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rwrpl3i7sqhi1tz78qk9jky95|03|biz"; nocase; ) # 1ra5w3hej9lsc1v99e7j2epw68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ra5w3hej9lsc1v99e7j2epw68|03|org"; nocase; ) # 1h4roli16yk2sl1xl0uunehor3u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h4roli16yk2sl1xl0uunehor3u|03|net"; nocase; ) # 1pb63fo1h5i76mya6og11ba7vof.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pb63fo1h5i76mya6og11ba7vof|03|net"; nocase; ) # 1k6c3mf6fhv3l1w4oo7a1h9gds8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k6c3mf6fhv3l1w4oo7a1h9gds8|03|org"; nocase; ) # 1k11fdax7kda8qxpk061w5h9v2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k11fdax7kda8qxpk061w5h9v2|03|biz"; nocase; ) # hm865bbk6rpi9nr1st188v210.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hm865bbk6rpi9nr1st188v210|03|net"; nocase; ) # 1u1xgkop471g110e42p0432mwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u1xgkop471g110e42p0432mwc|03|com"; nocase; ) # zby5guzcd6ue62515uvd44e4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zby5guzcd6ue62515uvd44e4|03|org"; nocase; ) # 1d6tbqk1yv7btc1o1h69m1soq1d8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d6tbqk1yv7btc1o1h69m1soq1d8|03|biz"; nocase; ) # 1beyps6lg6dyplbj50ps6l9pr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1beyps6lg6dyplbj50ps6l9pr|03|net"; nocase; ) # mrnoxz19z0zxdbkhpiv445rr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mrnoxz19z0zxdbkhpiv445rr|03|org"; nocase; ) # 3h6mbj1j33cs71c3l7zu1tvl3sw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3h6mbj1j33cs71c3l7zu1tvl3sw|03|biz"; nocase; ) # nwh7f11534pwarh2g2d1n3zojw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nwh7f11534pwarh2g2d1n3zojw|03|org"; nocase; ) # 1m9v97acdyu9nt2bfz7iwwd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1m9v97acdyu9nt2bfz7iwwd1|03|net"; nocase; ) # 1wtgbe8zwsbedtivb5w1yl04tn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wtgbe8zwsbedtivb5w1yl04tn|03|org"; nocase; ) # rftjg31sbaw2g7svdswyei17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rftjg31sbaw2g7svdswyei17|03|net"; nocase; ) # 2quq6rpm7174tag6rm18g606s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2quq6rpm7174tag6rm18g606s|03|net"; nocase; ) # lk92nt1a6qg9lewxn143ia8g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lk92nt1a6qg9lewxn143ia8g|03|net"; nocase; ) # m00n109odzznzl3nic7mfd59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m00n109odzznzl3nic7mfd59|03|com"; nocase; ) # pjh8321s5ajhk11vpren1v51gwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pjh8321s5ajhk11vpren1v51gwx|03|com"; nocase; ) # k1bdbl160b7sd1abz6d31yu7ry5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k1bdbl160b7sd1abz6d31yu7ry5|03|net"; nocase; ) # 167jdq4b2mbve1isc7muxwo72a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|167jdq4b2mbve1isc7muxwo72a|03|net"; nocase; ) # 12koc89l8k0nw9gd16g1hu382q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12koc89l8k0nw9gd16g1hu382q|03|com"; nocase; ) # 13e65hj1n611e714t1mqv1j3ee0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13e65hj1n611e714t1mqv1j3ee0a|03|org"; nocase; ) # xiqhyq1m23mwv1vtkkc01w8i7th.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xiqhyq1m23mwv1vtkkc01w8i7th|03|net"; nocase; ) # 1flsfzxe0nus71iww9dy1ytv1l0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1flsfzxe0nus71iww9dy1ytv1l0|03|net"; nocase; ) # hod6m37b635k1waevr1i2ye1x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hod6m37b635k1waevr1i2ye1x|03|biz"; nocase; ) # 1q1ty433u71i61l7756semy49w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q1ty433u71i61l7756semy49w|03|net"; nocase; ) # fw9dqq1csh4b92h47ee1l24kf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fw9dqq1csh4b92h47ee1l24kf|03|com"; nocase; ) # 11hc3z715fed4n1bjsnbonuj1fi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hc3z715fed4n1bjsnbonuj1fi|03|net"; nocase; ) # 9jcpze13cpk9d7tclup169q3xz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9jcpze13cpk9d7tclup169q3xz|03|org"; nocase; ) # xqq8v2r9cs9j1go6lnjve9jny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xqq8v2r9cs9j1go6lnjve9jny|03|net"; nocase; ) # xt63ijj03ptv1u52f6dob0mdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xt63ijj03ptv1u52f6dob0mdh|03|biz"; nocase; ) # 1x9vx87td9fanczgt7s171sqba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x9vx87td9fanczgt7s171sqba|03|net"; nocase; ) # m19661wm48649bhrfwd3qxcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m19661wm48649bhrfwd3qxcm|03|net"; nocase; ) # cpe2p1sgbh9d1m3y6511zbm4q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cpe2p1sgbh9d1m3y6511zbm4q|03|org"; nocase; ) # 1fpsz2v182aqap17idr3kuttsyq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fpsz2v182aqap17idr3kuttsyq|03|net"; nocase; ) # 4yo4y1iwinpo1xfbrgfi5zp1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yo4y1iwinpo1xfbrgfi5zp1l|03|com"; nocase; ) # q4wjkoitkinz1nmkn6hv66hm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q4wjkoitkinz1nmkn6hv66hm6|03|net"; nocase; ) # 1ftdkfp1rqasrs19hj3yy1y72qk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ftdkfp1rqasrs19hj3yy1y72qk5|03|org"; nocase; ) # lylwgd1amol7yz1ybqb7djqax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lylwgd1amol7yz1ybqb7djqax|03|biz"; nocase; ) # ekj1z7rws0y21k2fquy6dh5ye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ekj1z7rws0y21k2fquy6dh5ye|03|com"; nocase; ) # hutkyqgq2xvjevfhc21gkxt9g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hutkyqgq2xvjevfhc21gkxt9g|03|net"; nocase; ) # 886sqj1xz78qbzmctooqbmldt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|886sqj1xz78qbzmctooqbmldt|03|biz"; nocase; ) # 5wz6gqnjpe6c2y08xr14s7e4b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5wz6gqnjpe6c2y08xr14s7e4b|03|com"; nocase; ) # 1od9dsup30egzf0wmgc1ypalne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1od9dsup30egzf0wmgc1ypalne|03|biz"; nocase; ) # 7c1t2q1xa2p5b1a8j8cirkt8t4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7c1t2q1xa2p5b1a8j8cirkt8t4|03|com"; nocase; ) # qy3wjv1jgao171wcj4ahxym18q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qy3wjv1jgao171wcj4ahxym18q|03|net"; nocase; ) # l9496q13u6icq1l3z93a10t06of.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l9496q13u6icq1l3z93a10t06of|03|com"; nocase; ) # 13gf44mf6p9lzv5sibqg2rd0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13gf44mf6p9lzv5sibqg2rd0m|03|net"; nocase; ) # 1uiu8gnhpgxs33fv6gf1jdvzwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uiu8gnhpgxs33fv6gf1jdvzwq|03|com"; nocase; ) # 3viad4fwjh5z118owwdvdobiu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3viad4fwjh5z118owwdvdobiu|03|org"; nocase; ) # 1iql2k4tp63nsh5y8v1knqoru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iql2k4tp63nsh5y8v1knqoru|03|biz"; nocase; ) # 18o4trj2xiefj1vzt9mcc8n90g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18o4trj2xiefj1vzt9mcc8n90g|03|com"; nocase; ) # tb1bg41ac4sap7bhn6gxf9hfg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tb1bg41ac4sap7bhn6gxf9hfg|03|biz"; nocase; ) # 1yshx0v1iglhk517fkr1n1gpnbet.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yshx0v1iglhk517fkr1n1gpnbet|03|org"; nocase; ) # 1m9vxxfsmvzae13lhozi1purfd8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9vxxfsmvzae13lhozi1purfd8|03|net"; nocase; ) # ouj8y3e85tf81pyig8q8mgyq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ouj8y3e85tf81pyig8q8mgyq8|03|com"; nocase; ) # 1rjqakl10q0yjc9esit71vjirh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rjqakl10q0yjc9esit71vjirh0|03|org"; nocase; ) # 170823gtmodee5u5cwdegv3w5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|170823gtmodee5u5cwdegv3w5|03|net"; nocase; ) # ku0egp1fg3fot118moyseiszm3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ku0egp1fg3fot118moyseiszm3|03|com"; nocase; ) # 1rtqqju9vuh21ex06cw40beda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rtqqju9vuh21ex06cw40beda|03|com"; nocase; ) # 14botrq1hwiuv9r9n8h11vqrjb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14botrq1hwiuv9r9n8h11vqrjb9|03|net"; nocase; ) # xdvy9ydniedr16htk8g1veg4e0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xdvy9ydniedr16htk8g1veg4e0|03|org"; nocase; ) # 8fc1e8u5ofuu6tam1unec01v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8fc1e8u5ofuu6tam1unec01v|03|net"; nocase; ) # 179ykpuhooajgri62tk1umqbwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|179ykpuhooajgri62tk1umqbwr|03|net"; nocase; ) # 1eno6jc18t4cxm1k81bgck1761.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eno6jc18t4cxm1k81bgck1761|03|org"; nocase; ) # 1u2w0xwjlp81x8df8iitl2c5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1u2w0xwjlp81x8df8iitl2c5|03|com"; nocase; ) # gmqtcma6tnbibzb4bcabqd9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gmqtcma6tnbibzb4bcabqd9j|03|net"; nocase; ) # w7olrau0t6u03wjtew12s4rlj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w7olrau0t6u03wjtew12s4rlj|03|com"; nocase; ) # 1gsa1no1w8448g1351s4r13loq9j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gsa1no1w8448g1351s4r13loq9j|03|com"; nocase; ) # 12iqxpz1gjhsh0djyoklavy11c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12iqxpz1gjhsh0djyoklavy11c|03|net"; nocase; ) # 7w8yqf12br4s71ajpt6l7w1cwz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7w8yqf12br4s71ajpt6l7w1cwz|03|biz"; nocase; ) # 1en1ny0172jtb7s7q75h1i7tz6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1en1ny0172jtb7s7q75h1i7tz6o|03|net"; nocase; ) # 5ue7ndg05dpmri3zcq1grgtdj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ue7ndg05dpmri3zcq1grgtdj|03|com"; nocase; ) # yuadea1y7gw8j176oeod4um8td.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yuadea1y7gw8j176oeod4um8td|03|com"; nocase; ) # i6pdk31xeg96fb0aa5ffvlwqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i6pdk31xeg96fb0aa5ffvlwqo|03|net"; nocase; ) # 1x4ika6xqvkkpprip2igjt82t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x4ika6xqvkkpprip2igjt82t|03|com"; nocase; ) # kl7jzk5ilmsc17kjqej18b6kd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kl7jzk5ilmsc17kjqej18b6kd|03|net"; nocase; ) # 1p9c5455348w0oap5wgaaddlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p9c5455348w0oap5wgaaddlu|03|org"; nocase; ) # 14q5hq9pscc258i5rzsuk1ef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14q5hq9pscc258i5rzsuk1ef|03|com"; nocase; ) # 1szha3dqqzoycihc4nkzh1r8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1szha3dqqzoycihc4nkzh1r8h|03|net"; nocase; ) # 1qtegxzoxk4tejjkqib1bu38og.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtegxzoxk4tejjkqib1bu38og|03|net"; nocase; ) # rpytcu18d478seyvb9q1nb36f4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rpytcu18d478seyvb9q1nb36f4|03|com"; nocase; ) # vfxs6519d8isp1ne5ib01a7edft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vfxs6519d8isp1ne5ib01a7edft|03|com"; nocase; ) # 1edkfxc80c6i1z7nf8bl36tvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1edkfxc80c6i1z7nf8bl36tvw|03|org"; nocase; ) # bjcq8u1j091y7768hze168hoaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bjcq8u1j091y7768hze168hoaf|03|org"; nocase; ) # 1kvtpyrezzglam94c9qb0wz8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kvtpyrezzglam94c9qb0wz8h|03|net"; nocase; ) # nl9sni1yy9iytjs19arm6iqec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nl9sni1yy9iytjs19arm6iqec|03|com"; nocase; ) # q275o51bcrpqpa53t81y3qzdk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q275o51bcrpqpa53t81y3qzdk|03|biz"; nocase; ) # n914ykaopagu1cr5h5f19jhkqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n914ykaopagu1cr5h5f19jhkqn|03|org"; nocase; ) # 143vhfwru205fht3pu0tlgsqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|143vhfwru205fht3pu0tlgsqw|03|biz"; nocase; ) # 17yn4p01pxuyuksrfipw1aehs82.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17yn4p01pxuyuksrfipw1aehs82|03|com"; nocase; ) # 135ddpnxsuueozwkyh71xupf8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135ddpnxsuueozwkyh71xupf8z|03|org"; nocase; ) # 1qy8lllklbtgisja0hg1ejn7xy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qy8lllklbtgisja0hg1ejn7xy|03|com"; nocase; ) # 15bel821pv879y1824h4fyxfkpv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15bel821pv879y1824h4fyxfkpv|03|net"; nocase; ) # 18hmkxt1dddefi1kmn0gw1sa9fhc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18hmkxt1dddefi1kmn0gw1sa9fhc|03|net"; nocase; ) # zljoumndsive19qwoed1u3k4zm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zljoumndsive19qwoed1u3k4zm|03|net"; nocase; ) # zc1iigsby6ibpx3yb4z59oqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zc1iigsby6ibpx3yb4z59oqg|03|net"; nocase; ) # s947za1qy2p73v5abtt18gctbn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s947za1qy2p73v5abtt18gctbn|03|net"; nocase; ) # vd9y9b142afr1rphgml1lazy0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vd9y9b142afr1rphgml1lazy0z|03|org"; nocase; ) # 1g1nlu0i98cr71b6ip4i1xbak43.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g1nlu0i98cr71b6ip4i1xbak43|03|org"; nocase; ) # 1snhm7l4z7060outqzv1fnc6jq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1snhm7l4z7060outqzv1fnc6jq|03|com"; nocase; ) # 1el74uc132efbuk9nm1bsuizbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1el74uc132efbuk9nm1bsuizbi|03|net"; nocase; ) # evqt0jtoog7zm2m9o0ni0ckp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|evqt0jtoog7zm2m9o0ni0ckp|03|biz"; nocase; ) # 1a4fn4m10rjwe180hwhhdrdt6d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a4fn4m10rjwe180hwhhdrdt6d|03|net"; nocase; ) # 15eskr52hevqz6prvdcgban5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15eskr52hevqz6prvdcgban5l|03|net"; nocase; ) # 1r0ulb7lshlpv1mjmgvs1a9d8dg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r0ulb7lshlpv1mjmgvs1a9d8dg|03|org"; nocase; ) # o0qfk51amgbbzxsro1k1g3ul9k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o0qfk51amgbbzxsro1k1g3ul9k|03|com"; nocase; ) # 1v29pt910pmn8536xonqpwm2u9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v29pt910pmn8536xonqpwm2u9|03|biz"; nocase; ) # n4mp2uuhn1wd17dwegy15kbnt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4mp2uuhn1wd17dwegy15kbnt2|03|net"; nocase; ) # 6ojogd1drg97t3veup1kzp6i7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ojogd1drg97t3veup1kzp6i7|03|com"; nocase; ) # 1fsmge16i35cdu4atx81h8q4hh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fsmge16i35cdu4atx81h8q4hh|03|net"; nocase; ) # 1kd98wbp2cwo1e6a5dx1yyfcul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kd98wbp2cwo1e6a5dx1yyfcul|03|com"; nocase; ) # 1v5o0hftl4nv41we3sa41iy1cw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v5o0hftl4nv41we3sa41iy1cw2|03|net"; nocase; ) # 2p0kwo1q6005p1qdpcu91pkyu9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2p0kwo1q6005p1qdpcu91pkyu9v|03|org"; nocase; ) # 1xcm8gk1k8zpgwjhq8z61ch5xun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xcm8gk1k8zpgwjhq8z61ch5xun|03|com"; nocase; ) # 1y6pgjs10xzgbihd8wu21p9zajf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y6pgjs10xzgbihd8wu21p9zajf|03|net"; nocase; ) # 1uniy881rwpf96yguk168b5hzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uniy881rwpf96yguk168b5hzm|03|org"; nocase; ) # 1nr284grfip0o89a2as8bci2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nr284grfip0o89a2as8bci2e|03|net"; nocase; ) # 6m17hw1gy6gn81mhsyry4om3e1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6m17hw1gy6gn81mhsyry4om3e1|03|com"; nocase; ) # 1ise10v700vyc1qc4h25i3pg07.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ise10v700vyc1qc4h25i3pg07|03|net"; nocase; ) # 1t7lnw0q93m4m1mu5prdphdxbc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t7lnw0q93m4m1mu5prdphdxbc|03|biz"; nocase; ) # 1agl84k1i7tprh1xcb8zt111mhe1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1agl84k1i7tprh1xcb8zt111mhe1|03|com"; nocase; ) # 1a53xbgjw3ys588dscx1s0qfqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a53xbgjw3ys588dscx1s0qfqr|03|net"; nocase; ) # 1khmqzi1qq1m0v1dv61501dkniwe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1khmqzi1qq1m0v1dv61501dkniwe|03|biz"; nocase; ) # 1fbf3e51rt18x6v3kgg816skvr4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbf3e51rt18x6v3kgg816skvr4|03|org"; nocase; ) # 16bhtyrrp9bryv3egv412512hj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16bhtyrrp9bryv3egv412512hj|03|com"; nocase; ) # 8r26lp201h2qgjn29o782prb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8r26lp201h2qgjn29o782prb|03|org"; nocase; ) # i9irc210hpv9i1ggr0u2165k00n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i9irc210hpv9i1ggr0u2165k00n|03|net"; nocase; ) # 1vgakh21tecxra1n46gfi1bbeeye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vgakh21tecxra1n46gfi1bbeeye|03|org"; nocase; ) # s6d9rk2lqylc1t8doc11q01noz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6d9rk2lqylc1t8doc11q01noz|03|com"; nocase; ) # 1i3njx91dsyvqhvujfjptg4dri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i3njx91dsyvqhvujfjptg4dri|03|net"; nocase; ) # 1vz1ehv1ljrn9xmovw1v1bofsmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vz1ehv1ljrn9xmovw1v1bofsmp|03|com"; nocase; ) # gg5zlo8e7kzjysnroi4rs5p7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gg5zlo8e7kzjysnroi4rs5p7|03|net"; nocase; ) # p1i5871gonhdec417k610mb4cz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p1i5871gonhdec417k610mb4cz|03|net"; nocase; ) # h3msac197dotw1elxzxl19jw0f8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h3msac197dotw1elxzxl19jw0f8|03|net"; nocase; ) # 10p8z7d9acvxsl5qx7pm1e4j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10p8z7d9acvxsl5qx7pm1e4j6|03|net"; nocase; ) # 10navxz16yjlzqdhzb6f1bvroy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10navxz16yjlzqdhzb6f1bvroy|03|org"; nocase; ) # ac4ch51qyo7l437lhyt1nppg6u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ac4ch51qyo7l437lhyt1nppg6u|03|net"; nocase; ) # 1lz78961c6gq0l1232lzl1n4e21c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lz78961c6gq0l1232lzl1n4e21c|03|com"; nocase; ) # nqyx24wcnvuvkaroczxh0kv9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nqyx24wcnvuvkaroczxh0kv9|03|net"; nocase; ) # 14ssi5fu5wn18jq9ray1k517fi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ssi5fu5wn18jq9ray1k517fi|03|biz"; nocase; ) # 11d73g1y6bja71y54vrrwtjksg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d73g1y6bja71y54vrrwtjksg|03|net"; nocase; ) # sv8ucb17ttplv1w3s8xv44yrw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sv8ucb17ttplv1w3s8xv44yrw5|03|org"; nocase; ) # dlk3wh16171pf18ifzl755hpz7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dlk3wh16171pf18ifzl755hpz7|03|net"; nocase; ) # xwt43oq8vut91flb22o1rtj01e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwt43oq8vut91flb22o1rtj01e|03|net"; nocase; ) # 18ko3yj2dm7yw6hstz24w3zjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18ko3yj2dm7yw6hstz24w3zjv|03|com"; nocase; ) # kzqraohebx1t1pwic4p2vd2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kzqraohebx1t1pwic4p2vd2l|03|com"; nocase; ) # qdxey6gbnqp31wc75eh1bvgczt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qdxey6gbnqp31wc75eh1bvgczt|03|com"; nocase; ) # 1jlrtle7lalxc5mg7h61wsyjp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jlrtle7lalxc5mg7h61wsyjp7|03|net"; nocase; ) # 7i0gv3c5eko2k8riv16oasy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|7i0gv3c5eko2k8riv16oasy|03|org"; nocase; ) # 1ucr4dyljoq88cbwdb16s3uw4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ucr4dyljoq88cbwdb16s3uw4|03|net"; nocase; ) # em75gm2p084w19hskf6km67ys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|em75gm2p084w19hskf6km67ys|03|org"; nocase; ) # y5yu5614src0xaf3nv4u4e74.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y5yu5614src0xaf3nv4u4e74|03|biz"; nocase; ) # cg9kqi1q59945bghjbuwsqzxk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cg9kqi1q59945bghjbuwsqzxk|03|org"; nocase; ) # sytm8pd387r61r8uptj1ycwadp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sytm8pd387r61r8uptj1ycwadp|03|net"; nocase; ) # 1cw8pmn1bpf8toh07vubaoxeqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cw8pmn1bpf8toh07vubaoxeqk|03|net"; nocase; ) # 1k99o6btkt4kduhr4w71tjhadv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k99o6btkt4kduhr4w71tjhadv|03|net"; nocase; ) # 15qb39x8mo1gr1rdy9iwta8e2r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15qb39x8mo1gr1rdy9iwta8e2r|03|com"; nocase; ) # 1694pdl1oxg06n1dxop591esjsew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1694pdl1oxg06n1dxop591esjsew|03|org"; nocase; ) # 1sb5pr4167buu915ssrealgmmrl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sb5pr4167buu915ssrealgmmrl|03|com"; nocase; ) # 1jhd6c8m1sm9r12pv6v01xnmc3e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jhd6c8m1sm9r12pv6v01xnmc3e|03|biz"; nocase; ) # 1qhnfa2ruqmbn1l0bcwd1d3f9o9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qhnfa2ruqmbn1l0bcwd1d3f9o9|03|biz"; nocase; ) # cxrf7tih7t3oaiutq8qwfrkh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cxrf7tih7t3oaiutq8qwfrkh|03|net"; nocase; ) # gf37bq1ubsyym63fndylcvowx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gf37bq1ubsyym63fndylcvowx|03|com"; nocase; ) # 13zr8le1tgwq42me71v81c2s6kv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13zr8le1tgwq42me71v81c2s6kv|03|org"; nocase; ) # 1j4z33dp3st6d6g38f73ktidw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j4z33dp3st6d6g38f73ktidw|03|net"; nocase; ) # 17cdfchqspa6enew33wyeadop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17cdfchqspa6enew33wyeadop|03|biz"; nocase; ) # 14z03yi1d55bfjcfg7mv12pgfro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14z03yi1d55bfjcfg7mv12pgfro|03|com"; nocase; ) # cs93vh17fzl62ibbw908ye7hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs93vh17fzl62ibbw908ye7hr|03|net"; nocase; ) # 1c2zbhgdnv4f81nk6fuighzxx5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c2zbhgdnv4f81nk6fuighzxx5|03|com"; nocase; ) # 1yug1b31wsqw71x0yrpi1oe9ckq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yug1b31wsqw71x0yrpi1oe9ckq|03|org"; nocase; ) # rfi6hp18nxzrj1mwfqo41t3qu4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rfi6hp18nxzrj1mwfqo41t3qu4g|03|net"; nocase; ) # 1cvs0ho104hquk1gwvrj91yl0qva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cvs0ho104hquk1gwvrj91yl0qva|03|com"; nocase; ) # tt5cnvabtloj1bhk8rbjea9ei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tt5cnvabtloj1bhk8rbjea9ei|03|org"; nocase; ) # i22vpftspeytskgsx8quf1ow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i22vpftspeytskgsx8quf1ow|03|net"; nocase; ) # 1mlbym1i5ger61dcoynqev3rj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mlbym1i5ger61dcoynqev3rj7|03|net"; nocase; ) # 1xyz10ctu1pcs1b9cp7w1c0wbuh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xyz10ctu1pcs1b9cp7w1c0wbuh|03|org"; nocase; ) # 2ug3jv9md2vp1on1fvb1d4h5gy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ug3jv9md2vp1on1fvb1d4h5gy|03|net"; nocase; ) # ci77lz1gt8hm713pz0b8zbv2ej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ci77lz1gt8hm713pz0b8zbv2ej|03|net"; nocase; ) # 1dq3junlwgxwj123rbdzwt4tq6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dq3junlwgxwj123rbdzwt4tq6|03|biz"; nocase; ) # 1d1fqa6lfmzn91vht37116mt0p5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d1fqa6lfmzn91vht37116mt0p5|03|org"; nocase; ) # c3xbsemuostj1pbubdt1sm0dwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c3xbsemuostj1pbubdt1sm0dwt|03|com"; nocase; ) # kjdcn6196x2k4af5pt51070dgc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kjdcn6196x2k4af5pt51070dgc|03|org"; nocase; ) # mxi0aok6kjwa1flfw4nyvnmdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mxi0aok6kjwa1flfw4nyvnmdy|03|net"; nocase; ) # 1iim4qw1pc20qceq1vnoptar25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iim4qw1pc20qceq1vnoptar25|03|org"; nocase; ) # 1jbq00f614myh7hsw4c1rqjs5d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbq00f614myh7hsw4c1rqjs5d|03|org"; nocase; ) # 1onck8m1aoqsgas06s591av4r5v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1onck8m1aoqsgas06s591av4r5v|03|com"; nocase; ) # 1ie1mwt1s751j5qd0vz0nszj3p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ie1mwt1s751j5qd0vz0nszj3p|03|org"; nocase; ) # 11amx191d7mmqa19xl08ly4zdnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11amx191d7mmqa19xl08ly4zdnn|03|com"; nocase; ) # 6epuia1ohbexg1uj47w42zlchq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6epuia1ohbexg1uj47w42zlchq|03|com"; nocase; ) # 17qkix0tjx8lhtcgd231fs2m90.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17qkix0tjx8lhtcgd231fs2m90|03|net"; nocase; ) # 1ah40ll1q8rtfnmyftg91p46bga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ah40ll1q8rtfnmyftg91p46bga|03|com"; nocase; ) # 1elrweq1h1gi081dndpjwmciljj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elrweq1h1gi081dndpjwmciljj|03|net"; nocase; ) # d2nzvz1am7ouy1y3wrpwfvi442.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d2nzvz1am7ouy1y3wrpwfvi442|03|net"; nocase; ) # 16pbch31wb8jhchxs208rxg15k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16pbch31wb8jhchxs208rxg15k|03|com"; nocase; ) # 1t6f2i69kuiot131nmv41u2eqqr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t6f2i69kuiot131nmv41u2eqqr|03|org"; nocase; ) # 1vy35asu7an6w1s7xne913mzd6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vy35asu7an6w1s7xne913mzd6l|03|net"; nocase; ) # 8wmohs17u20vv1bbr5t21hudic1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8wmohs17u20vv1bbr5t21hudic1|03|biz"; nocase; ) # 1k6tqmb1l2y5jxdejk2isk8s5p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k6tqmb1l2y5jxdejk2isk8s5p|03|com"; nocase; ) # wpc87nl81sgp5rvsvagd2uf3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wpc87nl81sgp5rvsvagd2uf3|03|com"; nocase; ) # hnd2f414dgais1hrztp39nf5hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnd2f414dgais1hrztp39nf5hd|03|com"; nocase; ) # k6i1e2tqetyy17oawwi13rjpnu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k6i1e2tqetyy17oawwi13rjpnu|03|com"; nocase; ) # xmx5u494yck713ikdx92k75ew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xmx5u494yck713ikdx92k75ew|03|net"; nocase; ) # 1wol7o0114jmhwdrsqarbuvfrb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wol7o0114jmhwdrsqarbuvfrb|03|org"; nocase; ) # mtbfcnsfql1l13l2b1aime3bj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mtbfcnsfql1l13l2b1aime3bj|03|org"; nocase; ) # icxkdcr1pc3hhokd5m1if5eda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icxkdcr1pc3hhokd5m1if5eda|03|net"; nocase; ) # 1x2wzoq1imlyprym3jhu10jd3vf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x2wzoq1imlyprym3jhu10jd3vf|03|org"; nocase; ) # 1juqyauiitlma1apdu8q17titwa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1juqyauiitlma1apdu8q17titwa|03|com"; nocase; ) # 1cithfv1bs24os1rg6gau1xi019w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cithfv1bs24os1rg6gau1xi019w|03|org"; nocase; ) # 1r2szdw16kw2dauu64zp11bpiiz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r2szdw16kw2dauu64zp11bpiiz|03|net"; nocase; ) # xs5txpkjnw1c1jtowoov4wcto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xs5txpkjnw1c1jtowoov4wcto|03|biz"; nocase; ) # wxcro91m0iyqb17dltmd197on8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wxcro91m0iyqb17dltmd197on8s|03|com"; nocase; ) # 1gp74anp1x7c2ftcxin1s2tpro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gp74anp1x7c2ftcxin1s2tpro|03|biz"; nocase; ) # 1s1z6l11e5ygn31a12dy81gqmar3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s1z6l11e5ygn31a12dy81gqmar3|03|org"; nocase; ) # 12c2apfcih25g1rjmmsxxv974o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12c2apfcih25g1rjmmsxxv974o|03|org"; nocase; ) # 10zv2wmiurt4uxr50zps1758f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10zv2wmiurt4uxr50zps1758f|03|biz"; nocase; ) # j14lbz18lup1325qkd1hij8eh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j14lbz18lup1325qkd1hij8eh|03|net"; nocase; ) # 1sa5h6e21ucwmkac9nrzi8q0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sa5h6e21ucwmkac9nrzi8q0h|03|biz"; nocase; ) # 76hz2130k5ah15w25bg4ib88q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|76hz2130k5ah15w25bg4ib88q|03|biz"; nocase; ) # 1yt4nrj7gbupa1sfyu1n1oypx45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yt4nrj7gbupa1sfyu1n1oypx45|03|com"; nocase; ) # 1kwlxgt1s1vll2tzq4d7g6is7z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kwlxgt1s1vll2tzq4d7g6is7z|03|biz"; nocase; ) # 58mq9g1tfuaxt1bo4e6nvjgns5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|58mq9g1tfuaxt1bo4e6nvjgns5|03|com"; nocase; ) # 8mlfubs244e51jsisdb1vx7esc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8mlfubs244e51jsisdb1vx7esc|03|net"; nocase; ) # 1w4bsqk3jqckeat72v31c3qpsx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w4bsqk3jqckeat72v31c3qpsx|03|biz"; nocase; ) # 2qd6p4g9lbyn6u63eh1djzqdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qd6p4g9lbyn6u63eh1djzqdk|03|net"; nocase; ) # lvjy7bq9nfkvx6ca1k7e6pkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lvjy7bq9nfkvx6ca1k7e6pkh|03|org"; nocase; ) # 1ry2h551m39fhzic23771l1dz46.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ry2h551m39fhzic23771l1dz46|03|com"; nocase; ) # 1tfhufbnuyuew1ft0fr11xk95js.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tfhufbnuyuew1ft0fr11xk95js|03|biz"; nocase; ) # 5pjgi41j0hfik13uzyns1pln6m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5pjgi41j0hfik13uzyns1pln6m|03|net"; nocase; ) # sc0kmkr0jy891p5d00ts6j8mm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sc0kmkr0jy891p5d00ts6j8mm|03|org"; nocase; ) # 45u1901jnxuzi2xdmda184xmkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|45u1901jnxuzi2xdmda184xmkf|03|org"; nocase; ) # 1ctkg9m15hj0pg7muii61vculve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ctkg9m15hj0pg7muii61vculve|03|net"; nocase; ) # ccqt0v16ju5ot5qv9r0tbmdtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccqt0v16ju5ot5qv9r0tbmdtb|03|net"; nocase; ) # qyqvn51o6886h1nprvon6eis5m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qyqvn51o6886h1nprvon6eis5m|03|biz"; nocase; ) # bjxjdcfgzi1xkn3o401piubgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjxjdcfgzi1xkn3o401piubgu|03|net"; nocase; ) # 1vvsm601nry3v1gwieihildx9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vvsm601nry3v1gwieihildx9d|03|org"; nocase; ) # kzxpyi1n06549adloeib6sc77.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kzxpyi1n06549adloeib6sc77|03|com"; nocase; ) # 84ugoj1r38dmw1epivvqudc8iw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|84ugoj1r38dmw1epivvqudc8iw|03|org"; nocase; ) # j8a7dvd6ujz14pke21vq6dxd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j8a7dvd6ujz14pke21vq6dxd|03|biz"; nocase; ) # 7zizxx1rvb7bd5d02k6ckp79t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7zizxx1rvb7bd5d02k6ckp79t|03|com"; nocase; ) # 1dsbkps1501o7ghglymmbsdljl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dsbkps1501o7ghglymmbsdljl|03|biz"; nocase; ) # 5nmq4i1cfdaggptt25i2y4f3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5nmq4i1cfdaggptt25i2y4f3|03|org"; nocase; ) # 1wzq7t73ygz9dgtzz2z1vrw8y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wzq7t73ygz9dgtzz2z1vrw8y|03|net"; nocase; ) # 1jodi9mzu395p2vfmpj1i4t2rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jodi9mzu395p2vfmpj1i4t2rd|03|net"; nocase; ) # 11t59rp1vams9ubeygxm12o2c28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11t59rp1vams9ubeygxm12o2c28|03|com"; nocase; ) # x2beaf5v3rkcqm8d4bkpez6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x2beaf5v3rkcqm8d4bkpez6e|03|net"; nocase; ) # 1np6ha01it5zofsr6tpe2xtlna.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1np6ha01it5zofsr6tpe2xtlna|03|net"; nocase; ) # 1oletcu20d1zyznh65r1g0dw96.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oletcu20d1zyznh65r1g0dw96|03|com"; nocase; ) # 1shvxl01xpujwj188cw4i16mfxgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1shvxl01xpujwj188cw4i16mfxgz|03|org"; nocase; ) # ggq6bxxocvcdijvab4fstwz0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ggq6bxxocvcdijvab4fstwz0|03|com"; nocase; ) # 13awn8r16vyt8sdbcnbs1361wct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13awn8r16vyt8sdbcnbs1361wct|03|org"; nocase; ) # 15ltoo1b6vwj9wbb0rw1ht6by8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ltoo1b6vwj9wbb0rw1ht6by8|03|com"; nocase; ) # 1h2597mr8os3jad9u2g1dsav6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2597mr8os3jad9u2g1dsav6o|03|org"; nocase; ) # hyvc251oea6cchdpnd8tc9eik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hyvc251oea6cchdpnd8tc9eik|03|com"; nocase; ) # 1a8oddz130r76j1ytivyj42unj6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a8oddz130r76j1ytivyj42unj6|03|com"; nocase; ) # uxf9tt1ql3ystkepjypm1u6go.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uxf9tt1ql3ystkepjypm1u6go|03|org"; nocase; ) # 1nzpjksbutlj31rsj8tz1uon0z3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nzpjksbutlj31rsj8tz1uon0z3|03|biz"; nocase; ) # 1lh997k1revbq11huv8nf1qkri4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lh997k1revbq11huv8nf1qkri4t|03|net"; nocase; ) # 9efxo593yzsd1yso0nmub3b6v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9efxo593yzsd1yso0nmub3b6v|03|net"; nocase; ) # 1v3dzgp17thn45cdgcjv6egaag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v3dzgp17thn45cdgcjv6egaag|03|org"; nocase; ) # 197j1dj1qke0gg19512p6173yhra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|197j1dj1qke0gg19512p6173yhra|03|org"; nocase; ) # z2x8ah11etlrvco8ddy1bf08cn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z2x8ah11etlrvco8ddy1bf08cn|03|org"; nocase; ) # 10qzouobzm9sfgk1l71reag0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10qzouobzm9sfgk1l71reag0o|03|net"; nocase; ) # 87kkte1hot1lx8656nrdema06.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|87kkte1hot1lx8656nrdema06|03|biz"; nocase; ) # 1r0c5nh1keyikszaz9osz29bgl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r0c5nh1keyikszaz9osz29bgl|03|biz"; nocase; ) # 27iuua14ujihe18z3u1a8bprii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|27iuua14ujihe18z3u1a8bprii|03|org"; nocase; ) # qlt63ogc77apmivydpu9uuyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qlt63ogc77apmivydpu9uuyp|03|com"; nocase; ) # 1xvsdyr1bb0cworfm44u1siyw5y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvsdyr1bb0cworfm44u1siyw5y|03|net"; nocase; ) # 1lgpnjxbxly64myy2b1u8o9pz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lgpnjxbxly64myy2b1u8o9pz|03|com"; nocase; ) # 760vn0133p2f5c8jkjwc0x54i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|760vn0133p2f5c8jkjwc0x54i|03|biz"; nocase; ) # 1tdvqzt1emce7d1howyo318sggzn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tdvqzt1emce7d1howyo318sggzn|03|net"; nocase; ) # d4774md7evd1q0kkcw1fg0n4m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d4774md7evd1q0kkcw1fg0n4m|03|com"; nocase; ) # 18auyjoo360zeo5ixi81npz5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18auyjoo360zeo5ixi81npz5|03|org"; nocase; ) # 1gfpqdu8kse7t1ishu0a1xpmke4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gfpqdu8kse7t1ishu0a1xpmke4|03|net"; nocase; ) # 1fdqb10lomjl71lz0od1uvydmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fdqb10lomjl71lz0od1uvydmr|03|org"; nocase; ) # z88swx2e6x8ljmqcya8vhrmd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z88swx2e6x8ljmqcya8vhrmd|03|com"; nocase; ) # 8vytug1ql89s618zjbh87na9oy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8vytug1ql89s618zjbh87na9oy|03|com"; nocase; ) # 19yluvi4zj8ex1su68x11ssame8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19yluvi4zj8ex1su68x11ssame8|03|org"; nocase; ) # a473pluhzeiihaey4fd5ffh1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a473pluhzeiihaey4fd5ffh1|03|biz"; nocase; ) # 19n7a7a1u9m6sc18q8bb8l0b04e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19n7a7a1u9m6sc18q8bb8l0b04e|03|com"; nocase; ) # 1vrcim7nwjjad15rlxx018im54e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vrcim7nwjjad15rlxx018im54e|03|biz"; nocase; ) # lhdt8o17vude5ebldlv1vuh43f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhdt8o17vude5ebldlv1vuh43f|03|net"; nocase; ) # 19elnttmfd26619p9ucuut9ot1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19elnttmfd26619p9ucuut9ot1|03|org"; nocase; ) # 1wr0jvy1sujl5k8ekj36ueqws7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wr0jvy1sujl5k8ekj36ueqws7|03|net"; nocase; ) # 1qrygbpembdei1665037wgg2u5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qrygbpembdei1665037wgg2u5|03|net"; nocase; ) # 10dox87emprdu10b1oo5adwxom.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10dox87emprdu10b1oo5adwxom|03|biz"; nocase; ) # 7l08dl1onwz6p12uf2dn15tzp25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7l08dl1onwz6p12uf2dn15tzp25|03|net"; nocase; ) # 1gilzi3s7jivi8iu9bzylvzot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gilzi3s7jivi8iu9bzylvzot|03|com"; nocase; ) # 17rzkuqa8ro1s1q0cqjl1vytosq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rzkuqa8ro1s1q0cqjl1vytosq|03|net"; nocase; ) # 7c749o1w0oaynmkjooe1lelmer.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7c749o1w0oaynmkjooe1lelmer|03|biz"; nocase; ) # 1rqvd93ajsp1e1wn58ey3g4fc2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqvd93ajsp1e1wn58ey3g4fc2|03|biz"; nocase; ) # 2ec5ng1e1u4nb1so3x1018y6kjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2ec5ng1e1u4nb1so3x1018y6kjx|03|net"; nocase; ) # 1ov77uh1r2xl0gxzaqcihx4d2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ov77uh1r2xl0gxzaqcihx4d2n|03|net"; nocase; ) # 6ztyhu10yyszfmpb1a9uubq7m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ztyhu10yyszfmpb1a9uubq7m|03|biz"; nocase; ) # 4w0kfy19gui1asvohful3xyqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4w0kfy19gui1asvohful3xyqh|03|org"; nocase; ) # 1id1hkx1kd8e7x1o515two2ujbt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1id1hkx1kd8e7x1o515two2ujbt|03|net"; nocase; ) # 12v4fcy1ekp6qwefl1neaiozg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12v4fcy1ekp6qwefl1neaiozg|03|org"; nocase; ) # zri2jp19rvqvy4m6h70okvssl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zri2jp19rvqvy4m6h70okvssl|03|com"; nocase; ) # 3xolrh12m42d31ubn8ov1i1tc9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3xolrh12m42d31ubn8ov1i1tc9p|03|com"; nocase; ) # 18t1fyow7gn6967mzk477e0zm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18t1fyow7gn6967mzk477e0zm|03|net"; nocase; ) # 1qfyjp7fu8t40au6no8iy6zii.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfyjp7fu8t40au6no8iy6zii|03|biz"; nocase; ) # 1cgyw5ml35jvddpsil65x9x8f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cgyw5ml35jvddpsil65x9x8f|03|com"; nocase; ) # q74i2micjf1vsbar85obvghh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q74i2micjf1vsbar85obvghh|03|org"; nocase; ) # jqtpwg1ds93dn1isppty5pvotg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqtpwg1ds93dn1isppty5pvotg|03|net"; nocase; ) # voilgq1ss08oaudqqit178gjbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|voilgq1ss08oaudqqit178gjbe|03|org"; nocase; ) # 8ujr841ugp7snivt2u9mbaid1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ujr841ugp7snivt2u9mbaid1|03|net"; nocase; ) # aq5o1ti13ybv1q90bae1v9e3x6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aq5o1ti13ybv1q90bae1v9e3x6|03|org"; nocase; ) # 1lnxhe6xj1jqzaa8c071m45oro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnxhe6xj1jqzaa8c071m45oro|03|net"; nocase; ) # 6b8uh81iuawu7ptuznh13n1yp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6b8uh81iuawu7ptuznh13n1yp4|03|net"; nocase; ) # 1xuk79e14ntdlo1mv3u08yy5yh3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xuk79e14ntdlo1mv3u08yy5yh3|03|com"; nocase; ) # 10g2blg16yd8wa147pg1odd2bh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10g2blg16yd8wa147pg1odd2bh|03|biz"; nocase; ) # 1tfn8y41uxpuaa1jy3oielr7uvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tfn8y41uxpuaa1jy3oielr7uvw|03|net"; nocase; ) # 4ng20o670cfwchpyzmzww231.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ng20o670cfwchpyzmzww231|03|com"; nocase; ) # wl3wi41sulsor1uqzsl1ht6of.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wl3wi41sulsor1uqzsl1ht6of|03|biz"; nocase; ) # 1cz5iiaxhuf8e1xmxi9oh0kzz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cz5iiaxhuf8e1xmxi9oh0kzz0|03|org"; nocase; ) # 1mdpe4q8zavpv1occtsyry87ve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mdpe4q8zavpv1occtsyry87ve|03|net"; nocase; ) # a67i6o1jn59c211nsmq27heakv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a67i6o1jn59c211nsmq27heakv|03|org"; nocase; ) # 1flrogn1hc1cfx1un5iln1vhl3c9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1flrogn1hc1cfx1un5iln1vhl3c9|03|biz"; nocase; ) # iqur7zjczke218a66rh5qc95y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iqur7zjczke218a66rh5qc95y|03|com"; nocase; ) # 1725t0a168r879ywmxdq1vsu5oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1725t0a168r879ywmxdq1vsu5oh|03|biz"; nocase; ) # 1kwnvfq30omzu1olhme41ocaiki.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kwnvfq30omzu1olhme41ocaiki|03|biz"; nocase; ) # 1nbbirr18vbx1v1d7k3bddqblyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nbbirr18vbx1v1d7k3bddqblyu|03|net"; nocase; ) # iqak7z1yxpicc19t1yu21tsing0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iqak7z1yxpicc19t1yu21tsing0|03|org"; nocase; ) # 1ra8zn31ki1042vboymz31unko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ra8zn31ki1042vboymz31unko|03|biz"; nocase; ) # 112adi21n6piw3rhisrme1vt1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112adi21n6piw3rhisrme1vt1k|03|net"; nocase; ) # 1j2eydd1kjm6smhmfyd91vunkwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j2eydd1kjm6smhmfyd91vunkwi|03|com"; nocase; ) # 1hq4ptx2tfume106ewgigqzx9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hq4ptx2tfume106ewgigqzx9c|03|net"; nocase; ) # 2ee8copr6vh71l6pbi210b4cso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ee8copr6vh71l6pbi210b4cso|03|com"; nocase; ) # qxy9551mlyf0r1tit4i147gj5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qxy9551mlyf0r1tit4i147gj5f|03|com"; nocase; ) # 1hmcyvs1u2ihyabmbqz0ehbl91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hmcyvs1u2ihyabmbqz0ehbl91|03|net"; nocase; ) # 9ndp9clvfxckp84qk88frsl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9ndp9clvfxckp84qk88frsl8|03|com"; nocase; ) # 1odwofs1j1vs5pz8205xky074z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odwofs1j1vs5pz8205xky074z|03|com"; nocase; ) # p4uc9aljmglb1lz3fp715dyi7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4uc9aljmglb1lz3fp715dyi7j|03|com"; nocase; ) # vjdj1fxv9ros198yqs8ovu0iu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vjdj1fxv9ros198yqs8ovu0iu|03|net"; nocase; ) # 1wtbsow87ecdx1tm19z09oc9ax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wtbsow87ecdx1tm19z09oc9ax|03|biz"; nocase; ) # 13utc5qq76iudd6w32irv8zj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13utc5qq76iudd6w32irv8zj|03|com"; nocase; ) # azutva180ywiy1jkabsn1e5i4em.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|azutva180ywiy1jkabsn1e5i4em|03|org"; nocase; ) # wweq5y1o80qbv1dso89h76zz23.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wweq5y1o80qbv1dso89h76zz23|03|biz"; nocase; ) # s3gcf91pinlmh1lihsfo18kq82u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s3gcf91pinlmh1lihsfo18kq82u|03|com"; nocase; ) # svsfkr1yaik0w1beoti91882dwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|svsfkr1yaik0w1beoti91882dwt|03|com"; nocase; ) # cf85bl1ld4b7vb9obb61qxit9s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cf85bl1ld4b7vb9obb61qxit9s|03|org"; nocase; ) # 124y0xn1chjmdswj82w5bzkpb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|124y0xn1chjmdswj82w5bzkpb2|03|net"; nocase; ) # io6g3z1943ub6633yhp1gbj9az.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io6g3z1943ub6633yhp1gbj9az|03|net"; nocase; ) # 1mhzrsb1o8syev1tyflarhlhfwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mhzrsb1o8syev1tyflarhlhfwr|03|org"; nocase; ) # 1qhp4fi6qvwr354qx8317e1ffn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhp4fi6qvwr354qx8317e1ffn|03|org"; nocase; ) # 9288p71qhhvd4gyxc81qmqzy3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9288p71qhhvd4gyxc81qmqzy3|03|biz"; nocase; ) # dc602d14y2pmt9jms2zogzmmv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dc602d14y2pmt9jms2zogzmmv|03|biz"; nocase; ) # r9dcfoqsmf3w14ngo7s1hh7u64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r9dcfoqsmf3w14ngo7s1hh7u64|03|net"; nocase; ) # 1s4vmhdhqukzsqfxyqv1hq5zl4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s4vmhdhqukzsqfxyqv1hq5zl4|03|net"; nocase; ) # m7x0ua1ho5ek5dqppur4f6gjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m7x0ua1ho5ek5dqppur4f6gjl|03|net"; nocase; ) # 2bvituqsiiimj95nezx2f7wp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2bvituqsiiimj95nezx2f7wp|03|net"; nocase; ) # 1ob7nd3ch43rv9z83oc1nvueen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ob7nd3ch43rv9z83oc1nvueen|03|com"; nocase; ) # 1i1gu54zk8m761um9tavrz3nlq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i1gu54zk8m761um9tavrz3nlq|03|com"; nocase; ) # cjxnwl1hs32y852n01o1kfc1wx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cjxnwl1hs32y852n01o1kfc1wx|03|org"; nocase; ) # 184kapl1s34w4o1r5pmt01o2y188.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|184kapl1s34w4o1r5pmt01o2y188|03|net"; nocase; ) # srkocx1yuz6e94fuuh6158maih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|srkocx1yuz6e94fuuh6158maih|03|com"; nocase; ) # 1fx5od71oyynwj1r2uiw51wrs7c4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fx5od71oyynwj1r2uiw51wrs7c4|03|com"; nocase; ) # rwfr3p593tkps9b22317yg8me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rwfr3p593tkps9b22317yg8me|03|net"; nocase; ) # irrto1mqh4huo342pdnb0eji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|irrto1mqh4huo342pdnb0eji|03|org"; nocase; ) # 1cahb431dfgamd1s78gf94bp4yn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cahb431dfgamd1s78gf94bp4yn|03|org"; nocase; ) # dn4u3xhz56gx1gw2t8jnpid0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dn4u3xhz56gx1gw2t8jnpid0l|03|net"; nocase; ) # 1b0b48k27f6lilnq3l10xzk1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b0b48k27f6lilnq3l10xzk1m|03|net"; nocase; ) # 17u2ysh166yjyz2juwgn5ynnxk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17u2ysh166yjyz2juwgn5ynnxk|03|biz"; nocase; ) # 10j2q5s6mdymqiq4hyjwqrg4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10j2q5s6mdymqiq4hyjwqrg4x|03|net"; nocase; ) # yjunn01qgp8b04p2r9zmfok9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjunn01qgp8b04p2r9zmfok9r|03|com"; nocase; ) # 170rize5sgkybmob7np9ahm1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|170rize5sgkybmob7np9ahm1s|03|com"; nocase; ) # 1imv61w14fepsti1k3ad1e9ddb2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1imv61w14fepsti1k3ad1e9ddb2|03|com"; nocase; ) # zdo06s1ufi7wfru5ttz17b2oni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zdo06s1ufi7wfru5ttz17b2oni|03|net"; nocase; ) # 5p3fpflbx38i1i9tbwc16xfwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5p3fpflbx38i1i9tbwc16xfwe|03|com"; nocase; ) # hk0msilz88bc15g0xu71uu2ni0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hk0msilz88bc15g0xu71uu2ni0|03|net"; nocase; ) # 4cl0pbdvjcrq6cdug07pzzjk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4cl0pbdvjcrq6cdug07pzzjk|03|org"; nocase; ) # 1xnb1vt5qczy5jvydun1eps4k9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnb1vt5qczy5jvydun1eps4k9|03|com"; nocase; ) # 1nhrjwwwdij7pwlo7r4h8g5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1nhrjwwwdij7pwlo7r4h8g5r|03|biz"; nocase; ) # nlvgkl2re4vn1mjhj1pxd9r2o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nlvgkl2re4vn1mjhj1pxd9r2o|03|com"; nocase; ) # 9kuqub1o3u4je1w5edn516ts3t8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9kuqub1o3u4je1w5edn516ts3t8|03|com"; nocase; ) # 1cb6m1rrr65epotps1g11mf4bd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cb6m1rrr65epotps1g11mf4bd|03|org"; nocase; ) # 15426tq1uf2uuy1yaup791sqinwg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15426tq1uf2uuy1yaup791sqinwg|03|com"; nocase; ) # 1itcwq32yhwx2qc6kek1vh8qjv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1itcwq32yhwx2qc6kek1vh8qjv|03|biz"; nocase; ) # 70z8c91c51898txvxik1wx4n1s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|70z8c91c51898txvxik1wx4n1s|03|org"; nocase; ) # 1rtmggs17do20uy0gxpq1dg3hlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rtmggs17do20uy0gxpq1dg3hlq|03|org"; nocase; ) # 1uga2zg5l0lfh1bk6kr4drrtj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uga2zg5l0lfh1bk6kr4drrtj0|03|com"; nocase; ) # o3coa31gdp42yve9novioc81y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3coa31gdp42yve9novioc81y|03|net"; nocase; ) # 3vkokyf6vhi8f1in9b1xgmixv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3vkokyf6vhi8f1in9b1xgmixv|03|net"; nocase; ) # 7sb5n2a3us79wgjy3yuvhvlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7sb5n2a3us79wgjy3yuvhvlt|03|org"; nocase; ) # 10kxvwt2uf911fvq0uzw5ophe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10kxvwt2uf911fvq0uzw5ophe|03|com"; nocase; ) # 1nzg6eetj8o3wcqkyfng6pfzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nzg6eetj8o3wcqkyfng6pfzm|03|org"; nocase; ) # 1omzc5x18jkp0lsk45se3amefs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1omzc5x18jkp0lsk45se3amefs|03|net"; nocase; ) # 1bnicr81icafex1g8y7sf120d5yb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bnicr81icafex1g8y7sf120d5yb|03|net"; nocase; ) # bj9b96o4jqazw01sdjp3qsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|bj9b96o4jqazw01sdjp3qsa|03|net"; nocase; ) # 4vyjxx1ev37lp8sr93bwk8ysj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vyjxx1ev37lp8sr93bwk8ysj|03|biz"; nocase; ) # 1lgf9ejgz7zd0n5uly1dng9zz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lgf9ejgz7zd0n5uly1dng9zz|03|biz"; nocase; ) # 1wgdyvz86x6oiwz9115z37242.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wgdyvz86x6oiwz9115z37242|03|com"; nocase; ) # 15y7mw6lrbrbu1glj6x1jam84f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15y7mw6lrbrbu1glj6x1jam84f|03|org"; nocase; ) # sa7mdwtqtq3m2igvmp1bx8w1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sa7mdwtqtq3m2igvmp1bx8w1s|03|net"; nocase; ) # rpavgi5ll1a0mfrtxp1l8sejm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rpavgi5ll1a0mfrtxp1l8sejm|03|net"; nocase; ) # d32a0vjv270j111cj8dmfasd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d32a0vjv270j111cj8dmfasd2|03|biz"; nocase; ) # watwrn18ktvld9s5goi1kb11ia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|watwrn18ktvld9s5goi1kb11ia|03|com"; nocase; ) # wkiahf1gui5se1ucfsmc126ufqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wkiahf1gui5se1ucfsmc126ufqi|03|net"; nocase; ) # 13islpq15ks2xw15qyetjoskkeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13islpq15ks2xw15qyetjoskkeq|03|net"; nocase; ) # lrnnuf1gb2xp6qzp5en1ap86li.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lrnnuf1gb2xp6qzp5en1ap86li|03|com"; nocase; ) # 124bsgr18eulap1weoxrkkbaia9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124bsgr18eulap1weoxrkkbaia9|03|com"; nocase; ) # 1v4q3c71f0ajlebrksa81542hut.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4q3c71f0ajlebrksa81542hut|03|biz"; nocase; ) # 5iwwbdlubnss1qz1b2411jwcw0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5iwwbdlubnss1qz1b2411jwcw0|03|net"; nocase; ) # 17loq0s187yuphigsvbu7awoeb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17loq0s187yuphigsvbu7awoeb|03|net"; nocase; ) # wfrx3d1fnfrif1qg9v6d16yr5j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wfrx3d1fnfrif1qg9v6d16yr5j|03|biz"; nocase; ) # 1jwcaxd12rmvosknf4kjo0v9c2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jwcaxd12rmvosknf4kjo0v9c2|03|org"; nocase; ) # cau2y6bp6dcfqj76cl12zo9sy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cau2y6bp6dcfqj76cl12zo9sy|03|net"; nocase; ) # i5ztr416td4qg18hgq3ezoqsfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5ztr416td4qg18hgq3ezoqsfo|03|com"; nocase; ) # 3covk31ibo8tixeq453au0ab4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3covk31ibo8tixeq453au0ab4|03|org"; nocase; ) # 135cgyfehqgikis6uac1qvle8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135cgyfehqgikis6uac1qvle8u|03|net"; nocase; ) # 1kyq3q716uq06qiadzosphzl1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kyq3q716uq06qiadzosphzl1s|03|biz"; nocase; ) # yj2pfgnr5uui1cfxixd1dkfvv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yj2pfgnr5uui1cfxixd1dkfvv1|03|net"; nocase; ) # 1r378gx1qn58gm151tdilvw2w37.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r378gx1qn58gm151tdilvw2w37|03|biz"; nocase; ) # 1e8s77i13fmrgc2lzim31g0axhs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e8s77i13fmrgc2lzim31g0axhs|03|net"; nocase; ) # hpqtab1txq88s1wfl2s91s45761.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hpqtab1txq88s1wfl2s91s45761|03|com"; nocase; ) # if0bf4ytcaqmn6rmlnig3o6g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|if0bf4ytcaqmn6rmlnig3o6g|03|biz"; nocase; ) # 1ancyy14lpigxy34bxufom4j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ancyy14lpigxy34bxufom4j6|03|net"; nocase; ) # 1t32j7w3zhcj81tgdory1df1ud4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t32j7w3zhcj81tgdory1df1ud4|03|com"; nocase; ) # oaz3zf1yilsf51ik83yfre2qa0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oaz3zf1yilsf51ik83yfre2qa0|03|net"; nocase; ) # 18iy1hhq5kv60wk9teqzjzjlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18iy1hhq5kv60wk9teqzjzjlh|03|org"; nocase; ) # 1xlgoawpuyldj1blulyaymgum9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xlgoawpuyldj1blulyaymgum9|03|net"; nocase; ) # 1uyamny61vn8y1uelrim1m4pp7w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uyamny61vn8y1uelrim1m4pp7w|03|biz"; nocase; ) # tdtvtj1fs3ax4rewtv31sst2lp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdtvtj1fs3ax4rewtv31sst2lp|03|com"; nocase; ) # 185f1kth0byyy7gno8xscksiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|185f1kth0byyy7gno8xscksiz|03|org"; nocase; ) # 1vfmfcz1jwddrdxv6pss29aehw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vfmfcz1jwddrdxv6pss29aehw|03|net"; nocase; ) # v1s67t1hmp9us15ijgkfnvpm47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1s67t1hmp9us15ijgkfnvpm47|03|com"; nocase; ) # 1b4d0v91a7jrbqkjxykxdt6nvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4d0v91a7jrbqkjxykxdt6nvs|03|org"; nocase; ) # 11io1n0jjjxit19nt2qzlkmlvq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11io1n0jjjxit19nt2qzlkmlvq|03|com"; nocase; ) # 1th4rhu1pzp46j1gqf3n115mjjix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1th4rhu1pzp46j1gqf3n115mjjix|03|com"; nocase; ) # 1r001061lrjuka1c7om7v1bgc0rn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r001061lrjuka1c7om7v1bgc0rn|03|org"; nocase; ) # tcfkx91afal0i14gxtvvek8s4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tcfkx91afal0i14gxtvvek8s4z|03|com"; nocase; ) # htoa8o8b0uwz1swm3qst1g1f7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|htoa8o8b0uwz1swm3qst1g1f7|03|org"; nocase; ) # icxls91ht82a3alc7pe14yzlj6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|icxls91ht82a3alc7pe14yzlj6|03|biz"; nocase; ) # sggc5k2gztlmn4q8mr155h3ax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sggc5k2gztlmn4q8mr155h3ax|03|com"; nocase; ) # 1rtlwv1qle5m7som53ksj5t91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rtlwv1qle5m7som53ksj5t91|03|net"; nocase; ) # 1exp6ym4blb618a285k105g1v7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1exp6ym4blb618a285k105g1v7|03|net"; nocase; ) # 1wq4szh1hd1meb1wbnpjw17f42j7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wq4szh1hd1meb1wbnpjw17f42j7|03|biz"; nocase; ) # 5nyoi21q8137xelmu415vr7y1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5nyoi21q8137xelmu415vr7y1|03|com"; nocase; ) # 12o11ko1t3v1fm1kk86n3dxa6rn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12o11ko1t3v1fm1kk86n3dxa6rn|03|net"; nocase; ) # 15y764l1sopbvggvm6wy1m16eky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15y764l1sopbvggvm6wy1m16eky|03|org"; nocase; ) # 1a1sq21htt3n2wmy7yfomrdkx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a1sq21htt3n2wmy7yfomrdkx|03|biz"; nocase; ) # 12nneqeme1q4ockyudjiyhr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|12nneqeme1q4ockyudjiyhr2|03|org"; nocase; ) # om1old1dv8gl41jmwxs11f0vc7e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|om1old1dv8gl41jmwxs11f0vc7e|03|com"; nocase; ) # ehpj8b1eh62671u92tj71agk7ou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ehpj8b1eh62671u92tj71agk7ou|03|net"; nocase; ) # g53ub31ljhnye1ir53dw1fhuc7z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g53ub31ljhnye1ir53dw1fhuc7z|03|com"; nocase; ) # 45aetj16yufi7ldj73xl8r5y8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|45aetj16yufi7ldj73xl8r5y8|03|com"; nocase; ) # 19p1l6p132r5v35ogwexrsty88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19p1l6p132r5v35ogwexrsty88|03|net"; nocase; ) # z4fxdj1wmo2vdwztg3l1lr8kfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z4fxdj1wmo2vdwztg3l1lr8kfy|03|org"; nocase; ) # g905vz11asca1k3f3vu1vvslp3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g905vz11asca1k3f3vu1vvslp3|03|net"; nocase; ) # mrgk7u122rptl1eado5frs0tpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mrgk7u122rptl1eado5frs0tpq|03|org"; nocase; ) # 3f1zhh106cwko10j0xmavumjdh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3f1zhh106cwko10j0xmavumjdh|03|net"; nocase; ) # 1tl2bvm9kh8b6vbnx1484ez4b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tl2bvm9kh8b6vbnx1484ez4b|03|org"; nocase; ) # 1er07kt58pf2d656xi21vl5e1u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1er07kt58pf2d656xi21vl5e1u|03|biz"; nocase; ) # mt4irv17z3lsfhaorxm18qyvwc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mt4irv17z3lsfhaorxm18qyvwc|03|net"; nocase; ) # 15tlvkpwglyixtls8hk8bqsxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15tlvkpwglyixtls8hk8bqsxx|03|net"; nocase; ) # 12pr4ahk8ckpr8fr4011wcl0yi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12pr4ahk8ckpr8fr4011wcl0yi|03|com"; nocase; ) # 1aek151e2x7thtjkneo1qhdq4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aek151e2x7thtjkneo1qhdq4n|03|org"; nocase; ) # 1dq69qxnu01g81qq5p6c1dwn00x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dq69qxnu01g81qq5p6c1dwn00x|03|biz"; nocase; ) # ph92dn17zxat01xpai80miwpvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ph92dn17zxat01xpai80miwpvr|03|com"; nocase; ) # 1n13jesewi8puxdr8c3dxsc2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n13jesewi8puxdr8c3dxsc2l|03|net"; nocase; ) # 1ews9ngfxac3uxnfm591ms2leg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ews9ngfxac3uxnfm591ms2leg|03|biz"; nocase; ) # s1zvmwzwk1bm1krc7z61br5pau.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s1zvmwzwk1bm1krc7z61br5pau|03|org"; nocase; ) # pshxa0f7m6f59gp5bpanrkvt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pshxa0f7m6f59gp5bpanrkvt|03|net"; nocase; ) # 13b34f1n4zfhf6xqffw13rjdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13b34f1n4zfhf6xqffw13rjdk|03|net"; nocase; ) # e0c9mefng7wo1w4rpb1hy9yor.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e0c9mefng7wo1w4rpb1hy9yor|03|org"; nocase; ) # o6x8o41fvi5u8mfyz0v1j09d5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o6x8o41fvi5u8mfyz0v1j09d5f|03|com"; nocase; ) # l08gfv8hfltd10i3efak3ps06.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l08gfv8hfltd10i3efak3ps06|03|biz"; nocase; ) # 1x8cbksjsoqoa4n89bj4ucuf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x8cbksjsoqoa4n89bj4ucuf6|03|com"; nocase; ) # 1ajture12adlr916jahhz4yihf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ajture12adlr916jahhz4yihf4|03|net"; nocase; ) # 1isew8x1blgoj21qb9zq91cthu9n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1isew8x1blgoj21qb9zq91cthu9n|03|net"; nocase; ) # ih48dd1614ka61x6r9gn1uw174b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ih48dd1614ka61x6r9gn1uw174b|03|com"; nocase; ) # w8kg4ghxnld132vogcfkauiw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w8kg4ghxnld132vogcfkauiw|03|biz"; nocase; ) # 1ca23iuzl3fnfbnz2tr1g1rsra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ca23iuzl3fnfbnz2tr1g1rsra|03|com"; nocase; ) # 1fuc1i4fdj2leqyi5a1n9efmi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fuc1i4fdj2leqyi5a1n9efmi|03|com"; nocase; ) # jmlix018k2m3d7unhzv11knpk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jmlix018k2m3d7unhzv11knpk7|03|org"; nocase; ) # 1ncxyav1ypxkcgrzk6m8bie3er.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ncxyav1ypxkcgrzk6m8bie3er|03|org"; nocase; ) # x7r4h01hksn641q6pml415efmgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x7r4h01hksn641q6pml415efmgj|03|com"; nocase; ) # rdnaui121t9jkexd1g01pzuotd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rdnaui121t9jkexd1g01pzuotd|03|org"; nocase; ) # 1kizbbf10aqhj21mfl2x91wbhzia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kizbbf10aqhj21mfl2x91wbhzia|03|net"; nocase; ) # 14crug0if93tdjzcve1234mfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14crug0if93tdjzcve1234mfy|03|net"; nocase; ) # 3cjyj81j78j8nhm6rrh1rzw12b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3cjyj81j78j8nhm6rrh1rzw12b|03|biz"; nocase; ) # 1gpp1adxrkswsyvfeljfc538z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpp1adxrkswsyvfeljfc538z|03|org"; nocase; ) # wl9zyrjrcxt4alsme1l8ov03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wl9zyrjrcxt4alsme1l8ov03|03|com"; nocase; ) # 16kiwa2qeuqpk3eq7h7icdv6x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16kiwa2qeuqpk3eq7h7icdv6x|03|net"; nocase; ) # 1gi6szq1jw1w551gcol55zb3wcr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gi6szq1jw1w551gcol55zb3wcr|03|com"; nocase; ) # 16y7ohu1to8qiz105guoywebgfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16y7ohu1to8qiz105guoywebgfs|03|org"; nocase; ) # tv3znd1ja2q0dyuk5wv491m2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tv3znd1ja2q0dyuk5wv491m2n|03|org"; nocase; ) # 1s7yj09ta464x1ujp9nciximz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s7yj09ta464x1ujp9nciximz3|03|org"; nocase; ) # qinjyf1qynppr9e9a321y3ezez.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qinjyf1qynppr9e9a321y3ezez|03|biz"; nocase; ) # bfcvgnlvu16e13rvmup1hia4ps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bfcvgnlvu16e13rvmup1hia4ps|03|biz"; nocase; ) # 1989x4p1mrpis1u9wn47135atfj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1989x4p1mrpis1u9wn47135atfj|03|org"; nocase; ) # b2te1xb4xmo01u249zd10u76hs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b2te1xb4xmo01u249zd10u76hs|03|net"; nocase; ) # 42q36u126ay8ij2bcwcityjn0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42q36u126ay8ij2bcwcityjn0|03|org"; nocase; ) # 9y6oqa1m6qm7v9mmdrp10hswym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9y6oqa1m6qm7v9mmdrp10hswym|03|net"; nocase; ) # 8no7y210opauq12rg38m1iv46nv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8no7y210opauq12rg38m1iv46nv|03|biz"; nocase; ) # 1wfe26cqc4mwgi1iobed1ppoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wfe26cqc4mwgi1iobed1ppoq|03|org"; nocase; ) # 19xu7ca317u3v1r6zfsh1qn2t4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xu7ca317u3v1r6zfsh1qn2t4u|03|net"; nocase; ) # fq4hv52vqzu11w1mxle55fhci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fq4hv52vqzu11w1mxle55fhci|03|com"; nocase; ) # melo2b193ja3a10gdzsz1ov9al3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|melo2b193ja3a10gdzsz1ov9al3|03|net"; nocase; ) # 1qqzgcoocxipg169sgpu1sjslvy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qqzgcoocxipg169sgpu1sjslvy|03|biz"; nocase; ) # 1er55g1yg5a4t2tg2xrcbjrjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1er55g1yg5a4t2tg2xrcbjrjd|03|org"; nocase; ) # 1tnnyzv1inqrqk1n7pv4m1ugth7a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tnnyzv1inqrqk1n7pv4m1ugth7a|03|net"; nocase; ) # 6wiefi17itm5g1i76sq016l489e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6wiefi17itm5g1i76sq016l489e|03|com"; nocase; ) # 1fcakz61gk4kjq15l46jv1m3rqiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fcakz61gk4kjq15l46jv1m3rqiz|03|com"; nocase; ) # 1471f8p182sdrd9j0krk1qnx9sl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1471f8p182sdrd9j0krk1qnx9sl|03|org"; nocase; ) # 1iqylmx1qjkl26a4s3lukj5a47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iqylmx1qjkl26a4s3lukj5a47|03|org"; nocase; ) # hmqtngcsx58p16vv91s1pg73io.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hmqtngcsx58p16vv91s1pg73io|03|org"; nocase; ) # glggci8cobb8osc1241qpzaek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glggci8cobb8osc1241qpzaek|03|net"; nocase; ) # 1ln1caiie2odl1vib2r7y5k5it.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ln1caiie2odl1vib2r7y5k5it|03|net"; nocase; ) # 1qim7fucwh99c1653fthm776o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qim7fucwh99c1653fthm776o|03|biz"; nocase; ) # 1r64kh5xb5a9q1slwn8afur5l5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000010999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r64kh5xb5a9q1slwn8afur5l5|03|org"; nocase; ) # 1nfhjk3179s0cfbuzicxw0gp7b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nfhjk3179s0cfbuzicxw0gp7b|03|net"; nocase; ) # f2eypl1qsm3viipzqxe1x3fak6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f2eypl1qsm3viipzqxe1x3fak6|03|org"; nocase; ) # 1ij7dkvo3puke147vlnu1cyshf7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ij7dkvo3puke147vlnu1cyshf7|03|net"; nocase; ) # 11vb1fl9gj64i1hofid41hgv5ym.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11vb1fl9gj64i1hofid41hgv5ym|03|biz"; nocase; ) # 6rmozg1qrbfrk1qqcqya1a18cm4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6rmozg1qrbfrk1qqcqya1a18cm4|03|biz"; nocase; ) # 7mxsvc1fkvy0rfhk0l6y20shd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7mxsvc1fkvy0rfhk0l6y20shd|03|org"; nocase; ) # 59jxb1eposkg1lccavc1csmmmv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59jxb1eposkg1lccavc1csmmmv|03|biz"; nocase; ) # 755nghcb16o1u7kr0jnndyuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|755nghcb16o1u7kr0jnndyuv|03|net"; nocase; ) # di3p6c1d4rfm1c77x8o1pjocl9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|di3p6c1d4rfm1c77x8o1pjocl9|03|com"; nocase; ) # 1c6lwbz1y01ca6c8564gfe4xxx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c6lwbz1y01ca6c8564gfe4xxx|03|org"; nocase; ) # i03hstsbt2581lyfpey3d7vwk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i03hstsbt2581lyfpey3d7vwk|03|net"; nocase; ) # hfvgrljec0slvzfml3id98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|hfvgrljec0slvzfml3id98|03|com"; nocase; ) # 18t3dhb19vxdkq1rx479j9exvop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18t3dhb19vxdkq1rx479j9exvop|03|org"; nocase; ) # 1exstmmng81qv1i55eyol9mhry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1exstmmng81qv1i55eyol9mhry|03|com"; nocase; ) # 10t1k8ok9krnlf23lmzivst5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10t1k8ok9krnlf23lmzivst5j|03|com"; nocase; ) # 1jxmqrxxb6zg011gy5fidjv5ex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jxmqrxxb6zg011gy5fidjv5ex|03|biz"; nocase; ) # 1f9a0hfngd1ob1lyxwjpc6uygb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f9a0hfngd1ob1lyxwjpc6uygb|03|com"; nocase; ) # 1c2oqguabdiz4fa75iotq7pfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c2oqguabdiz4fa75iotq7pfh|03|net"; nocase; ) # 1n7ete1b4jqst8hz4az1dr258w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n7ete1b4jqst8hz4az1dr258w|03|com"; nocase; ) # ndc1a3f1qbiwkk7zouho3ilg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ndc1a3f1qbiwkk7zouho3ilg|03|biz"; nocase; ) # xs649rfmk5px98j8ewg19nnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xs649rfmk5px98j8ewg19nnx|03|net"; nocase; ) # 1m2x696u7ifzkkinq3p4pwm1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m2x696u7ifzkkinq3p4pwm1m|03|biz"; nocase; ) # 9mt1r39vjn4cuae7nf8dz42k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9mt1r39vjn4cuae7nf8dz42k|03|net"; nocase; ) # ul1smvujhqkmj1vtkz1bk558c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ul1smvujhqkmj1vtkz1bk558c|03|net"; nocase; ) # 9d69md1yv6sde1k9penrsstd5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9d69md1yv6sde1k9penrsstd5r|03|net"; nocase; ) # 54nbqbuppkzjoaqjsp9q8gdv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|54nbqbuppkzjoaqjsp9q8gdv|03|biz"; nocase; ) # hmxtij11qc5h9zd0g6w1aoj5iy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hmxtij11qc5h9zd0g6w1aoj5iy|03|net"; nocase; ) # 18csbzr8t522jhksuwv1bvf9nh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18csbzr8t522jhksuwv1bvf9nh|03|com"; nocase; ) # 1n8f61w17idze3rrg0nhjwd0a0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n8f61w17idze3rrg0nhjwd0a0|03|biz"; nocase; ) # 103wrdo1yfpcn0m9ydzj1pz4d2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|103wrdo1yfpcn0m9ydzj1pz4d2l|03|net"; nocase; ) # ejejk0bh7exp137yag4php6tf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ejejk0bh7exp137yag4php6tf|03|org"; nocase; ) # 11j8os91s45nlp6925oi1na95ei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11j8os91s45nlp6925oi1na95ei|03|com"; nocase; ) # xf19xcq3du57ua68cbbvevv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xf19xcq3du57ua68cbbvevv|03|org"; nocase; ) # 27oimu1etnovxao431ltocqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|27oimu1etnovxao431ltocqi|03|net"; nocase; ) # y6o0y6p8c9hz1xfpuqr1xtuir0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6o0y6p8c9hz1xfpuqr1xtuir0|03|com"; nocase; ) # 16a5t2zmims311eyl8tw1eo1hzt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16a5t2zmims311eyl8tw1eo1hzt|03|net"; nocase; ) # kr6lf01gbvtszx2c20o1ds9l2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kr6lf01gbvtszx2c20o1ds9l2f|03|net"; nocase; ) # 1o5r1fi1ni90jp1mtcgoxntabr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o5r1fi1ni90jp1mtcgoxntabr|03|net"; nocase; ) # 147m4a2ahy5491kkl8xfmjaui2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147m4a2ahy5491kkl8xfmjaui2|03|com"; nocase; ) # 8ld023mucvs12avpmy1v0cz3h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ld023mucvs12avpmy1v0cz3h|03|org"; nocase; ) # bkt61c1inw0npqwdxoqmw2ryk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bkt61c1inw0npqwdxoqmw2ryk|03|net"; nocase; ) # bv224y1762nox179791i1esnx5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bv224y1762nox179791i1esnx5s|03|net"; nocase; ) # u80afd1xqueb18drlsla5xi02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u80afd1xqueb18drlsla5xi02|03|net"; nocase; ) # 2mjytrg6buw12jjk088r6a9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2mjytrg6buw12jjk088r6a9b|03|com"; nocase; ) # pfasebn14539o9hurf13pyd3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pfasebn14539o9hurf13pyd3k|03|net"; nocase; ) # r2pq3611a0y2lux28ht1bdnzlt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r2pq3611a0y2lux28ht1bdnzlt|03|net"; nocase; ) # 12tsedw11qloig7x6c151udmb0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12tsedw11qloig7x6c151udmb0s|03|net"; nocase; ) # 146228n1ygd45exrogaa14ouo4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|146228n1ygd45exrogaa14ouo4n|03|com"; nocase; ) # 1umbyo4i19e291hcjgq8n4rw4b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1umbyo4i19e291hcjgq8n4rw4b|03|com"; nocase; ) # 1auu1dbagkim21qcru921k09yfq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1auu1dbagkim21qcru921k09yfq|03|org"; nocase; ) # 13nz512fvt8j615el35m6nk79x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13nz512fvt8j615el35m6nk79x|03|biz"; nocase; ) # 15h39asde6s4m1cil0nn1r8f4tf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15h39asde6s4m1cil0nn1r8f4tf|03|biz"; nocase; ) # 1gqxy8i1hpj9ju1fvgb6810bcg68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gqxy8i1hpj9ju1fvgb6810bcg68|03|org"; nocase; ) # 1wt6pt91arby5q5yn70j1uoeygo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wt6pt91arby5q5yn70j1uoeygo|03|com"; nocase; ) # 1fnh0mk9o2tqi1p6mq641wnw0kk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fnh0mk9o2tqi1p6mq641wnw0kk|03|biz"; nocase; ) # 1ce88r225hwk1ntng5t5dxp07.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ce88r225hwk1ntng5t5dxp07|03|net"; nocase; ) # mt7a9k13mibyw4s3kvzim9fxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mt7a9k13mibyw4s3kvzim9fxq|03|com"; nocase; ) # 1rd61014edb091tqdskkja117n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rd61014edb091tqdskkja117n|03|net"; nocase; ) # 1y2dm894by7jz1b9m8dz13snbjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y2dm894by7jz1b9m8dz13snbjs|03|org"; nocase; ) # 1t204mr19s1tzk1mjq3vv1vvyt3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t204mr19s1tzk1mjq3vv1vvyt3i|03|com"; nocase; ) # 1isz6c111450fp1roqxuz4kqo2g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1isz6c111450fp1roqxuz4kqo2g|03|com"; nocase; ) # asam7uky19lmikbyss1kujmh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|asam7uky19lmikbyss1kujmh6|03|biz"; nocase; ) # t9usr015uu1thvo2lpf9hwmyw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t9usr015uu1thvo2lpf9hwmyw|03|biz"; nocase; ) # 42cje2k7a44unhx32mxj3obv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|42cje2k7a44unhx32mxj3obv|03|org"; nocase; ) # 16ku8s81lw7j5b1b9tgnmqcoioj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ku8s81lw7j5b1b9tgnmqcoioj|03|com"; nocase; ) # cwz8ebt4hq5s17q9b45srdljf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cwz8ebt4hq5s17q9b45srdljf|03|net"; nocase; ) # 1r46nbs3fkqub1orcy4r1rjgq7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r46nbs3fkqub1orcy4r1rjgq7h|03|org"; nocase; ) # t17elb1h2gf5o19ivxb4vrwykb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t17elb1h2gf5o19ivxb4vrwykb|03|com"; nocase; ) # a5x0yh1atvrjj7iksm1wxofrz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a5x0yh1atvrjj7iksm1wxofrz|03|com"; nocase; ) # qme21kf5l0nh1t1r4dyw4vjd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qme21kf5l0nh1t1r4dyw4vjd0|03|org"; nocase; ) # z2lcmx1ktchxbizb5kvyv7ls8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z2lcmx1ktchxbizb5kvyv7ls8|03|com"; nocase; ) # btdqbmf8p7yao8zit117w0rex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|btdqbmf8p7yao8zit117w0rex|03|biz"; nocase; ) # cvin4ewxs23h16rwrv31c03mad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cvin4ewxs23h16rwrv31c03mad|03|biz"; nocase; ) # tadsnyvd0nbb1pouopt6ageyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tadsnyvd0nbb1pouopt6ageyv|03|com"; nocase; ) # 1b5lfia1spuci8bnwzyg1r1j4lv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b5lfia1spuci8bnwzyg1r1j4lv|03|net"; nocase; ) # 1gclfaim4aervtuy9pjeovblo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gclfaim4aervtuy9pjeovblo|03|com"; nocase; ) # g6qk9uuedg9s9sj2nawvam37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g6qk9uuedg9s9sj2nawvam37|03|net"; nocase; ) # pholy41v6ezgt718sg51i6j6n7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pholy41v6ezgt718sg51i6j6n7|03|com"; nocase; ) # 1b29hme1aqdgmqguy69kfo01q3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b29hme1aqdgmqguy69kfo01q3|03|net"; nocase; ) # 56vx0m1bo78vph76me4ycyvdu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|56vx0m1bo78vph76me4ycyvdu|03|biz"; nocase; ) # 79w6eo1l3vqt83fhgt51nacbcr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79w6eo1l3vqt83fhgt51nacbcr|03|net"; nocase; ) # 2q813qap5cbwgub1tfew8d6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2q813qap5cbwgub1tfew8d6j|03|com"; nocase; ) # 1qz6xe91v6rxi5zau3l3zsfw2z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qz6xe91v6rxi5zau3l3zsfw2z|03|biz"; nocase; ) # yfcum8fp9ow418k30df1wrfroz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yfcum8fp9ow418k30df1wrfroz|03|org"; nocase; ) # ddrxydz6bieu13v68iwbj1zj1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ddrxydz6bieu13v68iwbj1zj1|03|com"; nocase; ) # 1hmb4ejkwbphqvyrnxv4kqmja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hmb4ejkwbphqvyrnxv4kqmja|03|net"; nocase; ) # tr38whcmaz7dalz1vm3wltq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tr38whcmaz7dalz1vm3wltq1|03|net"; nocase; ) # 1xhcn0ahem5gb1owrzf71mfs2l2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xhcn0ahem5gb1owrzf71mfs2l2|03|org"; nocase; ) # 2mgrdzjw14rb17go0ihkibo46.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2mgrdzjw14rb17go0ihkibo46|03|com"; nocase; ) # 17pyuj6131qj4cjs5i551vazi1c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17pyuj6131qj4cjs5i551vazi1c|03|net"; nocase; ) # oh3k45sfnr9jxrc5yb181it0o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oh3k45sfnr9jxrc5yb181it0o|03|org"; nocase; ) # epj4ph1pz1vvc17vvyx71503xho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|epj4ph1pz1vvc17vvyx71503xho|03|net"; nocase; ) # 2vkjptnnv1h8ypqton13o3kzo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2vkjptnnv1h8ypqton13o3kzo|03|biz"; nocase; ) # x7nom7tjxkxrh3s6o91emvfkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7nom7tjxkxrh3s6o91emvfkm|03|com"; nocase; ) # xuz3y61dgbal2mawz15x9bg3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xuz3y61dgbal2mawz15x9bg3a|03|net"; nocase; ) # ex4gv2w6ja391gl433v1kco9d6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ex4gv2w6ja391gl433v1kco9d6|03|net"; nocase; ) # 1w6lr01qpleabqw2dwiskjor8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w6lr01qpleabqw2dwiskjor8|03|com"; nocase; ) # 1wca4pw3thg0w9o54zyp2uqa1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wca4pw3thg0w9o54zyp2uqa1|03|com"; nocase; ) # rcj92q8gsu0r1hxxvzgpgpuu5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rcj92q8gsu0r1hxxvzgpgpuu5|03|org"; nocase; ) # j2swd3ow29rb1ngjd4r1lielmw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2swd3ow29rb1ngjd4r1lielmw|03|net"; nocase; ) # x3htzjfrs5a0zgepsefa2hv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x3htzjfrs5a0zgepsefa2hv8|03|com"; nocase; ) # 18mrvqh1fc5w0yunefnj1aca6d1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18mrvqh1fc5w0yunefnj1aca6d1|03|net"; nocase; ) # xbzjqr8s8capb28jwdd9sjwx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xbzjqr8s8capb28jwdd9sjwx|03|biz"; nocase; ) # 1oeb74b2eud7blvg3wigl3pwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oeb74b2eud7blvg3wigl3pwo|03|org"; nocase; ) # x1fw1z1j30t312ykfpj5gsmym.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1fw1z1j30t312ykfpj5gsmym|03|com"; nocase; ) # 1sgp9894vt806573vd94q960h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sgp9894vt806573vd94q960h|03|biz"; nocase; ) # 1ugqrc6chp6qkd7456fpgd5vy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ugqrc6chp6qkd7456fpgd5vy|03|net"; nocase; ) # l7bn6d1gtsxyvkdkpnu8x9s37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l7bn6d1gtsxyvkdkpnu8x9s37|03|net"; nocase; ) # xqr8xfpq8vkx2buke114uqvce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xqr8xfpq8vkx2buke114uqvce|03|org"; nocase; ) # 18vhwy152qfi1t9jcv3cz7n93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18vhwy152qfi1t9jcv3cz7n93|03|com"; nocase; ) # c7s5ujhd6bg21wky32gr2g2p4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c7s5ujhd6bg21wky32gr2g2p4|03|biz"; nocase; ) # 1j4wn0e1m8nt5g17l2gb816phko8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j4wn0e1m8nt5g17l2gb816phko8|03|com"; nocase; ) # i2evp77jxb911piqko11jpgj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i2evp77jxb911piqko11jpgj|03|org"; nocase; ) # 1hssky5hjbn181ywkfb3ft456d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hssky5hjbn181ywkfb3ft456d|03|net"; nocase; ) # 1wh9rhdu5unai96foqn7bhn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wh9rhdu5unai96foqn7bhn2|03|net"; nocase; ) # a1sjiu1wi319kgbd705abvcx2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a1sjiu1wi319kgbd705abvcx2|03|biz"; nocase; ) # 6di7341kvl35s1huwupvl9t5bs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6di7341kvl35s1huwupvl9t5bs|03|org"; nocase; ) # 1d84r0pbj3zku1u3ku3g5f2scm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d84r0pbj3zku1u3ku3g5f2scm|03|net"; nocase; ) # 71j66t1hihftqbdkes6cm3fef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|71j66t1hihftqbdkes6cm3fef|03|com"; nocase; ) # bcst081bi13c1pkw06f1czm23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bcst081bi13c1pkw06f1czm23|03|net"; nocase; ) # 19yuvi31lr7ih7j0ocjl1c1e7tz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19yuvi31lr7ih7j0ocjl1c1e7tz|03|com"; nocase; ) # nt808713livg6qngcghnxgig4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nt808713livg6qngcghnxgig4|03|com"; nocase; ) # h988kc5tofw55x2iivfsa106.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h988kc5tofw55x2iivfsa106|03|org"; nocase; ) # 3bp4g17ciqax18bhgwl8kfs86.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3bp4g17ciqax18bhgwl8kfs86|03|net"; nocase; ) # un38oank2ewqc62zsx1dj822s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|un38oank2ewqc62zsx1dj822s|03|net"; nocase; ) # 13g9f3ekg2ha11pqa8nb1ccnaeu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13g9f3ekg2ha11pqa8nb1ccnaeu|03|net"; nocase; ) # eqxwidtypyuu1n0v5d6tjwtdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqxwidtypyuu1n0v5d6tjwtdu|03|net"; nocase; ) # 4mt835108q3et1fs61141qv02oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4mt835108q3et1fs61141qv02oh|03|biz"; nocase; ) # er01o1v8lodwd6z15h1tvznx5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|er01o1v8lodwd6z15h1tvznx5|03|biz"; nocase; ) # 1d8jdf016o3y75a2dfsx1s0x599.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d8jdf016o3y75a2dfsx1s0x599|03|com"; nocase; ) # xohesz1l6adq5o8gncgjihejt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xohesz1l6adq5o8gncgjihejt|03|biz"; nocase; ) # 1jfyr6l1592ugk5dd5fx3m3g9l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jfyr6l1592ugk5dd5fx3m3g9l|03|org"; nocase; ) # 5rbx2h1p4pir2t1y94813i35kx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5rbx2h1p4pir2t1y94813i35kx|03|org"; nocase; ) # 1408kwmgg4n8j120j1vn1n03qjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1408kwmgg4n8j120j1vn1n03qjc|03|com"; nocase; ) # vq5twdxxno9swc5oby1ipwomt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vq5twdxxno9swc5oby1ipwomt|03|com"; nocase; ) # j843n413qhg478x5h7iliqz4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j843n413qhg478x5h7iliqz4j|03|org"; nocase; ) # 12m3biu13pg5571xc6emh1hjr6if.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12m3biu13pg5571xc6emh1hjr6if|03|biz"; nocase; ) # opmj8c1xezpnwtblzin1siv2io.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|opmj8c1xezpnwtblzin1siv2io|03|net"; nocase; ) # 1srpzu71ne3rg01i1fooh17gv5b1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1srpzu71ne3rg01i1fooh17gv5b1|03|com"; nocase; ) # q7fyem1ammrdz1xoloob1iomh18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q7fyem1ammrdz1xoloob1iomh18|03|com"; nocase; ) # 1oaxnkojpa49p2oh2gbn0cy8t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oaxnkojpa49p2oh2gbn0cy8t|03|org"; nocase; ) # 5jv2h3hty0rg3qalps1aj6qd4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5jv2h3hty0rg3qalps1aj6qd4|03|org"; nocase; ) # 1w7whhcr1h3eq1fib3041ob9c8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w7whhcr1h3eq1fib3041ob9c8q|03|com"; nocase; ) # 2fhbjq1252qah1v3b9l2c0pn5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2fhbjq1252qah1v3b9l2c0pn5|03|org"; nocase; ) # 16083zpmmnjc1o1hesp1blk1fp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16083zpmmnjc1o1hesp1blk1fp|03|com"; nocase; ) # vjk5f1wkdqz99ky2y01bdt6n4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vjk5f1wkdqz99ky2y01bdt6n4|03|biz"; nocase; ) # 1a0383214tpi37hquc2p1b59b5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a0383214tpi37hquc2p1b59b5q|03|net"; nocase; ) # 1x0r6iu1atcjpfgg12rbyh12y1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0r6iu1atcjpfgg12rbyh12y1|03|net"; nocase; ) # t86cui1gy12ua5f1x1v17c6q9a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t86cui1gy12ua5f1x1v17c6q9a|03|biz"; nocase; ) # 1r5cbvgqlgtxbcn9cos1lr00hs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r5cbvgqlgtxbcn9cos1lr00hs|03|net"; nocase; ) # qejaaj1dy7kqb28p5ho14znc4y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qejaaj1dy7kqb28p5ho14znc4y|03|org"; nocase; ) # kbwkwa17x1vs42a60sn15uslrw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbwkwa17x1vs42a60sn15uslrw|03|biz"; nocase; ) # msseosvwvr19122ekrxgb4atl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|msseosvwvr19122ekrxgb4atl|03|com"; nocase; ) # 1i7m11pbwzy2q1lbhds51ehbgue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i7m11pbwzy2q1lbhds51ehbgue|03|net"; nocase; ) # z7czc6147a9ny19x84e3mihnu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7czc6147a9ny19x84e3mihnu4|03|com"; nocase; ) # 1dyk4fpoettqp11kdccvdvjmai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dyk4fpoettqp11kdccvdvjmai|03|net"; nocase; ) # ff8b742g8beqic2a0vxsg9za.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ff8b742g8beqic2a0vxsg9za|03|org"; nocase; ) # 334m0igwbfqd18mg9b2anvbty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|334m0igwbfqd18mg9b2anvbty|03|org"; nocase; ) # 3yf9rjpibxk812bunfw15azhu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3yf9rjpibxk812bunfw15azhu7|03|net"; nocase; ) # 76r6ilerzec1184xtx0mprjiw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|76r6ilerzec1184xtx0mprjiw|03|biz"; nocase; ) # ec6mn7mnwaly1wipniq13ubzbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ec6mn7mnwaly1wipniq13ubzbv|03|com"; nocase; ) # 1tyeggs35lt1n1awrpah1be1m8x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tyeggs35lt1n1awrpah1be1m8x|03|com"; nocase; ) # 8q4cwll5es6up6lg3vsf259i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8q4cwll5es6up6lg3vsf259i|03|org"; nocase; ) # r56g4o1a7hffc3tg3kt1jilqxb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r56g4o1a7hffc3tg3kt1jilqxb|03|net"; nocase; ) # 410yoe1hgtdph1q1r2tj1t2h6px.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|410yoe1hgtdph1q1r2tj1t2h6px|03|biz"; nocase; ) # xc4bl71bvyusigovvx66xl4q4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xc4bl71bvyusigovvx66xl4q4|03|com"; nocase; ) # guxi7d1wcyklg1lpd9kkst00ac.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|guxi7d1wcyklg1lpd9kkst00ac|03|biz"; nocase; ) # tsomj0bg05wunzvkj41ymq566.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tsomj0bg05wunzvkj41ymq566|03|com"; nocase; ) # o6weg31wn39j4zgk7defklmay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o6weg31wn39j4zgk7defklmay|03|net"; nocase; ) # djd15h4itrr2vzpaa3xukgq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|djd15h4itrr2vzpaa3xukgq4|03|net"; nocase; ) # 6zh4sk1huyhjmf8s6v21fbz868.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6zh4sk1huyhjmf8s6v21fbz868|03|com"; nocase; ) # rwvys71cfl4kn13aeq0h1q0xszf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rwvys71cfl4kn13aeq0h1q0xszf|03|biz"; nocase; ) # 1tslplu10bwi991odvjzfr040i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tslplu10bwi991odvjzfr040i3|03|com"; nocase; ) # 1bqee7s1nj5egvpg8n69q46jm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bqee7s1nj5egvpg8n69q46jm6|03|net"; nocase; ) # yzerhl1wz9fnn1o9h4qg1fsq5yy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yzerhl1wz9fnn1o9h4qg1fsq5yy|03|org"; nocase; ) # 1yg215nzvuaus11eee9j171bfe1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yg215nzvuaus11eee9j171bfe1|03|org"; nocase; ) # gqex7xi07ajgmnj5qj18xls0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqex7xi07ajgmnj5qj18xls0v|03|net"; nocase; ) # 1sjo3r11v4pn5zfzpova1tm71ck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sjo3r11v4pn5zfzpova1tm71ck|03|com"; nocase; ) # 1uzbynh1e34f7eqysczsfnj8gq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uzbynh1e34f7eqysczsfnj8gq|03|net"; nocase; ) # vza3zj1hmc29rm7100e7wdgsy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vza3zj1hmc29rm7100e7wdgsy|03|biz"; nocase; ) # 6co675132437aegg9ur11paiyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6co675132437aegg9ur11paiyq|03|com"; nocase; ) # 1b0z3ie1fr4o9q6wxojd1pjapli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b0z3ie1fr4o9q6wxojd1pjapli|03|net"; nocase; ) # 16vfl551019venp9ieg8hpipa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16vfl551019venp9ieg8hpipa|03|net"; nocase; ) # 1csrv8o8i6b5m1alkggdtxgiso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1csrv8o8i6b5m1alkggdtxgiso|03|org"; nocase; ) # aewbjrq7l3e712suujy18lcsil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aewbjrq7l3e712suujy18lcsil|03|biz"; nocase; ) # 1dkmt1s1axkn7q19whmq79wth36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dkmt1s1axkn7q19whmq79wth36|03|org"; nocase; ) # 1lxd5ks1kd93dnluei05y1mztm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lxd5ks1kd93dnluei05y1mztm|03|net"; nocase; ) # 1ncddeqio02vl1b2cbsbhae7ym.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ncddeqio02vl1b2cbsbhae7ym|03|com"; nocase; ) # 1l149921vtoobo10ee61cxec0o2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l149921vtoobo10ee61cxec0o2|03|net"; nocase; ) # 177kl9o1r82ygr1i3bmwulm3x32.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|177kl9o1r82ygr1i3bmwulm3x32|03|biz"; nocase; ) # 1x446mtp58860p8okec1ao3aiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x446mtp58860p8okec1ao3aiv|03|com"; nocase; ) # 17i7uch1ydy75fokf6pj1m2prp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17i7uch1ydy75fokf6pj1m2prp4|03|net"; nocase; ) # 1sbw1r314aqd557o2iycay1v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1sbw1r314aqd557o2iycay1v|03|org"; nocase; ) # ile28wudv943b35bke1o76b1c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ile28wudv943b35bke1o76b1c|03|org"; nocase; ) # 1f4s5my1vurp4g1hvnfzctb5wdg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f4s5my1vurp4g1hvnfzctb5wdg|03|net"; nocase; ) # jcmywgjyb8gshryk3ti8um2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jcmywgjyb8gshryk3ti8um2s|03|com"; nocase; ) # n68een6mwfhp1hdd0d26crjdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n68een6mwfhp1hdd0d26crjdf|03|com"; nocase; ) # 1meo1tnmp0z29coo5pul7qvp2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1meo1tnmp0z29coo5pul7qvp2|03|biz"; nocase; ) # p38luo11vj4y71nwfuvqyu79vv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p38luo11vj4y71nwfuvqyu79vv|03|net"; nocase; ) # 54cpln1k99tu89ngpyusoakm4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|54cpln1k99tu89ngpyusoakm4|03|biz"; nocase; ) # 115eub512wnvp1h6yxhd1lgbylg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|115eub512wnvp1h6yxhd1lgbylg|03|net"; nocase; ) # gsb1px1f8l3991572xazz7r9bj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gsb1px1f8l3991572xazz7r9bj|03|biz"; nocase; ) # hxf17r10mychhbeqy0v4heck5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hxf17r10mychhbeqy0v4heck5|03|com"; nocase; ) # 1n0b55o1qybul9t69aaniu2mtt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n0b55o1qybul9t69aaniu2mtt|03|org"; nocase; ) # flocakbjpzu81doyjis85vtrh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|flocakbjpzu81doyjis85vtrh|03|com"; nocase; ) # b86zzr1deyo2q17dnr5s18b8z2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b86zzr1deyo2q17dnr5s18b8z2r|03|biz"; nocase; ) # rl2squ1ywp0zf2ksmedxukoj5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rl2squ1ywp0zf2ksmedxukoj5|03|com"; nocase; ) # e5noh518l58pk1bks1ey23j4c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5noh518l58pk1bks1ey23j4c|03|biz"; nocase; ) # 1xgg2a3cfbt6jmdzocbnl65c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1xgg2a3cfbt6jmdzocbnl65c|03|net"; nocase; ) # 14y5n5m14ctze8drk5rsuc6lmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14y5n5m14ctze8drk5rsuc6lmz|03|com"; nocase; ) # 21za8o1kykf0uqh65ke7fi437.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21za8o1kykf0uqh65ke7fi437|03|net"; nocase; ) # 1uff7sy1dfv8dso9i5cv1n0rkjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uff7sy1dfv8dso9i5cv1n0rkjn|03|org"; nocase; ) # 6ztpjk1p8zttmyky9to8mp4bh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ztpjk1p8zttmyky9to8mp4bh|03|com"; nocase; ) # hijcjkkj8dgpmjh0tzdm0tok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hijcjkkj8dgpmjh0tzdm0tok|03|net"; nocase; ) # 5o76jwilnpcf1ijw0dt10mqy51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5o76jwilnpcf1ijw0dt10mqy51|03|org"; nocase; ) # c1xbx21jcma1t1r7md7q1rudndv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c1xbx21jcma1t1r7md7q1rudndv|03|com"; nocase; ) # 1ymqk5m1fmzp9rkdyyda1hkyc4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ymqk5m1fmzp9rkdyyda1hkyc4h|03|net"; nocase; ) # 1y4nh1517zokyo7srqb4s9xqqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y4nh1517zokyo7srqb4s9xqqf|03|com"; nocase; ) # 1ogksc128emeyq8xxar1351zfl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ogksc128emeyq8xxar1351zfl|03|org"; nocase; ) # 1ef6vj8mmrikeffatds1rm7u7s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ef6vj8mmrikeffatds1rm7u7s|03|net"; nocase; ) # 1cwuueg15w0r3v1lmgp3wugvkqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cwuueg15w0r3v1lmgp3wugvkqk|03|org"; nocase; ) # 1aoec7j1tk4xxkwscxyjxyg4ol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aoec7j1tk4xxkwscxyjxyg4ol|03|com"; nocase; ) # 809zyh50vyavygobyo1lvqrjl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|809zyh50vyavygobyo1lvqrjl|03|biz"; nocase; ) # 1b070u6y2hu9i1f2hby0965otc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b070u6y2hu9i1f2hby0965otc|03|net"; nocase; ) # fgnp1tm8biuiqitlo41a0y624.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgnp1tm8biuiqitlo41a0y624|03|com"; nocase; ) # 1871wl41gaek62fnipr71qfgam6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1871wl41gaek62fnipr71qfgam6|03|net"; nocase; ) # 1t5eg471bfqllg1yj8pp312kr3b1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t5eg471bfqllg1yj8pp312kr3b1|03|org"; nocase; ) # ls5lnh171tx761cjt8wratp2s9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ls5lnh171tx761cjt8wratp2s9|03|net"; nocase; ) # 1xec1nslu9rz5gc2s391py68hv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xec1nslu9rz5gc2s391py68hv|03|org"; nocase; ) # 1ea0pjwt48msei3jsqy7jfwtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ea0pjwt48msei3jsqy7jfwtl|03|net"; nocase; ) # 16w3rl33ayvd2v8gotquagn7x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16w3rl33ayvd2v8gotquagn7x|03|com"; nocase; ) # s7dvc8oqlux61sudjw61bkm1l6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s7dvc8oqlux61sudjw61bkm1l6|03|net"; nocase; ) # 7wh8fj1jpoh8u13a7xkm1sdvtz1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7wh8fj1jpoh8u13a7xkm1sdvtz1|03|org"; nocase; ) # 13i0yjr1iltqg12ymuvi1ounwk9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13i0yjr1iltqg12ymuvi1ounwk9|03|biz"; nocase; ) # yni7ik8qcnshcidvl11uyhft0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yni7ik8qcnshcidvl11uyhft0|03|org"; nocase; ) # 17zk5n12lfhm1ae3yyy1wyzes7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zk5n12lfhm1ae3yyy1wyzes7|03|com"; nocase; ) # njbrs1lbb6o3ol3pwqpwe4r0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|njbrs1lbb6o3ol3pwqpwe4r0|03|org"; nocase; ) # 1bnts1drdkdezj6sbk2baupkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bnts1drdkdezj6sbk2baupkc|03|com"; nocase; ) # 1kzubhu15ykejez0fvbz1ejevee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzubhu15ykejez0fvbz1ejevee|03|com"; nocase; ) # 980u7x1pb0ub51ao4akc1rsk4d6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|980u7x1pb0ub51ao4akc1rsk4d6|03|org"; nocase; ) # e5fwabihtdty1gr56t1svuasl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5fwabihtdty1gr56t1svuasl|03|biz"; nocase; ) # 13vj23ag3m13b1xktqqb14xqdci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13vj23ag3m13b1xktqqb14xqdci|03|com"; nocase; ) # abl40zh6f9uj1rduikpkd86qk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abl40zh6f9uj1rduikpkd86qk|03|net"; nocase; ) # ycm5kd16gxubo173zaeh7dg2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ycm5kd16gxubo173zaeh7dg2m|03|org"; nocase; ) # 14pjgoojepwjr17yambr763bma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14pjgoojepwjr17yambr763bma|03|net"; nocase; ) # azw3x97b4u3w9nn4hd19vt2ja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|azw3x97b4u3w9nn4hd19vt2ja|03|org"; nocase; ) # wpcn3qmq0xrm1hoop7ras26dc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wpcn3qmq0xrm1hoop7ras26dc|03|net"; nocase; ) # 1vhkagq1ebi3jr1a9ohg31en33ho.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vhkagq1ebi3jr1a9ohg31en33ho|03|biz"; nocase; ) # q95qzp1xtk1p6x4qewfggb349.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q95qzp1xtk1p6x4qewfggb349|03|com"; nocase; ) # 5fmh2a1qypc7v2v8m0m1awdys7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fmh2a1qypc7v2v8m0m1awdys7|03|org"; nocase; ) # 1cj6kbyhtlkv7b8dax5o0n0hh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cj6kbyhtlkv7b8dax5o0n0hh|03|net"; nocase; ) # 1ededaa1camkl61vddr1014ctkda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ededaa1camkl61vddr1014ctkda|03|net"; nocase; ) # x4zk971lt121r1c79c3a1mu9m8b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x4zk971lt121r1c79c3a1mu9m8b|03|org"; nocase; ) # n36yholbna9y1p63ef91rrsqdz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n36yholbna9y1p63ef91rrsqdz|03|biz"; nocase; ) # 17l1hdi1fex1f4zagqz11tzmybi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17l1hdi1fex1f4zagqz11tzmybi|03|org"; nocase; ) # 1xf35hk1wpmesz1d0112jd2l1ou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xf35hk1wpmesz1d0112jd2l1ou|03|net"; nocase; ) # rls5px7u33f01oq7f1t2bxtf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rls5px7u33f01oq7f1t2bxtf8|03|net"; nocase; ) # 8ulzxycvh7ed16c8iji1j1dia5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ulzxycvh7ed16c8iji1j1dia5|03|org"; nocase; ) # oh593q5d2bkp11zz4p7iqlsap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oh593q5d2bkp11zz4p7iqlsap|03|org"; nocase; ) # qvsaikl0qabx1a6fxs1cr3vx3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qvsaikl0qabx1a6fxs1cr3vx3|03|net"; nocase; ) # 1uqdb7m1jdaadjc0tqi219sency.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uqdb7m1jdaadjc0tqi219sency|03|org"; nocase; ) # 15ax6ns1v6tne511fc2ym8291i5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ax6ns1v6tne511fc2ym8291i5|03|net"; nocase; ) # 199m0rr1lrnmy694bt961k8ivcg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|199m0rr1lrnmy694bt961k8ivcg|03|net"; nocase; ) # 1fbl7z753wjao3hwje8vo5p49.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fbl7z753wjao3hwje8vo5p49|03|biz"; nocase; ) # worx6a149ml2ksznl5h9k877k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|worx6a149ml2ksznl5h9k877k|03|org"; nocase; ) # vls3z41tfaqf9v1k03v1rlk5vr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vls3z41tfaqf9v1k03v1rlk5vr|03|biz"; nocase; ) # 1prsa99bfesv062y0ev1b0d0d0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1prsa99bfesv062y0ev1b0d0d0|03|org"; nocase; ) # 13480qs3jdg4kyp02wjrqygoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13480qs3jdg4kyp02wjrqygoz|03|net"; nocase; ) # yrjh631go08mh1x4m5bki05bgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yrjh631go08mh1x4m5bki05bgc|03|com"; nocase; ) # 3s9twve2j42m1jwrfegkxulji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3s9twve2j42m1jwrfegkxulji|03|biz"; nocase; ) # k7levqg2n6i1m0wl34xq74ig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k7levqg2n6i1m0wl34xq74ig|03|net"; nocase; ) # 1rhjm823s33g84oriuprsnpzw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rhjm823s33g84oriuprsnpzw|03|org"; nocase; ) # tfs4q61w2ffjmcwdwfec12qrx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tfs4q61w2ffjmcwdwfec12qrx|03|com"; nocase; ) # bkh8kt12inf931qrus5b1x2hxo3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bkh8kt12inf931qrus5b1x2hxo3|03|net"; nocase; ) # sem1xp154s6qgu5j328fevt5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sem1xp154s6qgu5j328fevt5o|03|net"; nocase; ) # z48ptd1t82o4buic0l61a953yb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z48ptd1t82o4buic0l61a953yb|03|biz"; nocase; ) # 1xlntqy16kp3y21pxmxp41k2gtcn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xlntqy16kp3y21pxmxp41k2gtcn|03|org"; nocase; ) # zco3u61nh65pl16indo21y7racg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zco3u61nh65pl16indo21y7racg|03|net"; nocase; ) # 1bxonmh1alx60z1ee5jz014p71b4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bxonmh1alx60z1ee5jz014p71b4|03|org"; nocase; ) # ic9sujuw878510va9t51aa29jt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ic9sujuw878510va9t51aa29jt|03|net"; nocase; ) # f437xg5t2m84lyld1z1ekkcso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f437xg5t2m84lyld1z1ekkcso|03|org"; nocase; ) # 1nw8f531yt8yyqxh89vj1761hr1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nw8f531yt8yyqxh89vj1761hr1|03|biz"; nocase; ) # 1edlj2y1k0bcmmx9fwifroqe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1edlj2y1k0bcmmx9fwifroqe|03|net"; nocase; ) # x5zm4tqyjsee1u5551ofm8mvk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5zm4tqyjsee1u5551ofm8mvk|03|biz"; nocase; ) # 19grs751mbj1op1i1ccqj13qhx7d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19grs751mbj1op1i1ccqj13qhx7d|03|com"; nocase; ) # uvjo3t1e4b25iy24xh79h4i3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvjo3t1e4b25iy24xh79h4i3x|03|com"; nocase; ) # 1o08jd01c2muviimcd5o1bluvpj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o08jd01c2muviimcd5o1bluvpj|03|org"; nocase; ) # j5ehppscjfd3ze1hm2jkf4m3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j5ehppscjfd3ze1hm2jkf4m3|03|com"; nocase; ) # zbr3ethqpven1vnhy2m1gnnm0o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zbr3ethqpven1vnhy2m1gnnm0o|03|biz"; nocase; ) # lshr8k1vkc77z18wh63u1bv9qh6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lshr8k1vkc77z18wh63u1bv9qh6|03|com"; nocase; ) # rwwby4o6hueaqtlb9q14j99ul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rwwby4o6hueaqtlb9q14j99ul|03|net"; nocase; ) # 11l636gzt71n0p3jvmsvkj8ti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11l636gzt71n0p3jvmsvkj8ti|03|com"; nocase; ) # 1jgxir515c4we1lcjl1i1pvuqx4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jgxir515c4we1lcjl1i1pvuqx4|03|biz"; nocase; ) # 1brxg5wjr805p1jyip0tcln7h5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1brxg5wjr805p1jyip0tcln7h5|03|net"; nocase; ) # qrlhm5148mx6l1citkbswb1rg3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qrlhm5148mx6l1citkbswb1rg3|03|biz"; nocase; ) # 70yy8b1b74n9a14q7r811jz8zrw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|70yy8b1b74n9a14q7r811jz8zrw|03|org"; nocase; ) # lngsbxdsm6k2m37p6kd6abwu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lngsbxdsm6k2m37p6kd6abwu|03|com"; nocase; ) # pdpdvg1sucbty1fzhreib975b6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pdpdvg1sucbty1fzhreib975b6|03|org"; nocase; ) # wxn6wnxfip59134k5e11tu50n7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wxn6wnxfip59134k5e11tu50n7|03|com"; nocase; ) # 9wq7x27xhnrz1axj5181v67nqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wq7x27xhnrz1axj5181v67nqy|03|net"; nocase; ) # 1tgv0c01wzgn1kcm8ztf15cfc2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tgv0c01wzgn1kcm8ztf15cfc2f|03|com"; nocase; ) # 1cy4fj86oc0ns16s9ayi1dpb1hz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cy4fj86oc0ns16s9ayi1dpb1hz|03|biz"; nocase; ) # k5zuhm1wiju3210me9wa1ibg24c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k5zuhm1wiju3210me9wa1ibg24c|03|org"; nocase; ) # 1t15wimmrtlwl1qfebztmbuggv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t15wimmrtlwl1qfebztmbuggv|03|com"; nocase; ) # 1v5z9xahixjtajb0k9e1mb3111.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5z9xahixjtajb0k9e1mb3111|03|net"; nocase; ) # vm3ek016y24mv1nmg6e81tqoa0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vm3ek016y24mv1nmg6e81tqoa0a|03|net"; nocase; ) # k8ubk91pjipttqfmxuaydua6n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k8ubk91pjipttqfmxuaydua6n|03|biz"; nocase; ) # 11biaxy18fp5vv1gm75l41bug9kt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11biaxy18fp5vv1gm75l41bug9kt|03|org"; nocase; ) # bxdv0z5aciwc1ry823o2u9af4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bxdv0z5aciwc1ry823o2u9af4|03|com"; nocase; ) # dtos9cosltv17a2oza1gfp3p1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dtos9cosltv17a2oza1gfp3p1|03|org"; nocase; ) # fyowlm1qqywjt16ldfuk1jmadna.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fyowlm1qqywjt16ldfuk1jmadna|03|net"; nocase; ) # 1wmxnkb1nycfg91aejyvh1jfgbbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wmxnkb1nycfg91aejyvh1jfgbbe|03|net"; nocase; ) # 124oenu2t7aksb8ztoh1w8fftx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|124oenu2t7aksb8ztoh1w8fftx|03|net"; nocase; ) # 1hlpyzc1240v3i3js1tviv05m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hlpyzc1240v3i3js1tviv05m|03|net"; nocase; ) # 1ufl9to1d5wsusoy5nsm1a7xmwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ufl9to1d5wsusoy5nsm1a7xmwu|03|net"; nocase; ) # xflbp01tkfpfxe8qpc7c0pc8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xflbp01tkfpfxe8qpc7c0pc8z|03|org"; nocase; ) # 75bguwhc0omb1epqq4g13afxzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|75bguwhc0omb1epqq4g13afxzu|03|com"; nocase; ) # trcvlf16g3w63j4eq5h6ygu2b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|trcvlf16g3w63j4eq5h6ygu2b|03|org"; nocase; ) # fsesk1dv1wgk1lw226zlma3i4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fsesk1dv1wgk1lw226zlma3i4|03|org"; nocase; ) # 1dcey7yt103no15ybrmm1dxe3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dcey7yt103no15ybrmm1dxe3|03|com"; nocase; ) # 3qgr5q1dc2wau6er39b1p6in0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3qgr5q1dc2wau6er39b1p6in0e|03|com"; nocase; ) # 10hk0xy1e7yc7v1tby8981fw7u8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10hk0xy1e7yc7v1tby8981fw7u8|03|net"; nocase; ) # 90sb0wr0fy874vzmj2u9unvt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|90sb0wr0fy874vzmj2u9unvt|03|org"; nocase; ) # 1un2q8jiqoq3nv0zvnypmv6g5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1un2q8jiqoq3nv0zvnypmv6g5|03|com"; nocase; ) # 17hjxu21f3kq4b1ehfspte75u9b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17hjxu21f3kq4b1ehfspte75u9b|03|net"; nocase; ) # meo1mjqdxyyl1q2i3uzzjxlxa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|meo1mjqdxyyl1q2i3uzzjxlxa|03|org"; nocase; ) # 1bnade81np49jm1xld9fsy0vzwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bnade81np49jm1xld9fsy0vzwi|03|com"; nocase; ) # 1o5vg4f1bxd1ij13ca9sp6pcoy2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o5vg4f1bxd1ij13ca9sp6pcoy2|03|com"; nocase; ) # zxcnwl1rc1aphn6gijpyje8zn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zxcnwl1rc1aphn6gijpyje8zn|03|net"; nocase; ) # 1jp3v9i1asdttsulzfxd2v2p4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jp3v9i1asdttsulzfxd2v2p4k|03|com"; nocase; ) # 182bc57av42y41fwx0a91tbhgk3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182bc57av42y41fwx0a91tbhgk3|03|net"; nocase; ) # 1aevd29o80rbf162wv06xee805.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aevd29o80rbf162wv06xee805|03|net"; nocase; ) # 1fdl9qbqqa4901vinhzj1ybeu2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fdl9qbqqa4901vinhzj1ybeu2h|03|com"; nocase; ) # 1af7znnkvfxike3jkc517qgyn9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1af7znnkvfxike3jkc517qgyn9|03|biz"; nocase; ) # w4k1w915e2f4078z15q1uoufth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w4k1w915e2f4078z15q1uoufth|03|net"; nocase; ) # 1437ngr1lpdzvvvo4ni81yr69ly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1437ngr1lpdzvvvo4ni81yr69ly|03|org"; nocase; ) # lr467l62p5t315qhd7p2z1if7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lr467l62p5t315qhd7p2z1if7|03|net"; nocase; ) # 4clkuyi17fj4cmuqw99kr14y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4clkuyi17fj4cmuqw99kr14y|03|com"; nocase; ) # 2594hgkdigl1lwdnni10wrlqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2594hgkdigl1lwdnni10wrlqq|03|biz"; nocase; ) # 174zgyh8i8of3xcjjjmbmbxj0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|174zgyh8i8of3xcjjjmbmbxj0|03|net"; nocase; ) # 1kvnq6hfdqqy8x54fkpp16ijf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kvnq6hfdqqy8x54fkpp16ijf|03|org"; nocase; ) # 5w2xzzvtkchht8k73j1d1exh1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5w2xzzvtkchht8k73j1d1exh1|03|org"; nocase; ) # chulmf1q31i3qe9f9df852tj4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|chulmf1q31i3qe9f9df852tj4|03|com"; nocase; ) # nr4t7kkbilr31a3i5gb10klm7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nr4t7kkbilr31a3i5gb10klm7c|03|org"; nocase; ) # 15dw80w1qtu3ii3ir7kuqrks9h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15dw80w1qtu3ii3ir7kuqrks9h|03|org"; nocase; ) # 1fhh9vc1wstl68c2fpzq1p8jfsk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fhh9vc1wstl68c2fpzq1p8jfsk|03|net"; nocase; ) # xq66r1bavxl48bbg7n1sgb54a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xq66r1bavxl48bbg7n1sgb54a|03|org"; nocase; ) # 13m5jcp1ssy6x91me5k9qrbqq4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13m5jcp1ssy6x91me5k9qrbqq4q|03|biz"; nocase; ) # 3cv6w7af3s3pznmttivx4fkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3cv6w7af3s3pznmttivx4fkf|03|com"; nocase; ) # 19i1g9bzwpn804o11ao1qfl86v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19i1g9bzwpn804o11ao1qfl86v|03|org"; nocase; ) # 9w4igl1ba5oyjeluteajr1y4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9w4igl1ba5oyjeluteajr1y4g|03|net"; nocase; ) # 1p3yl731mqy8vm1jj8w0ycu319q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3yl731mqy8vm1jj8w0ycu319q|03|net"; nocase; ) # 1pwfp8bjr0yfs1f7axuh17j6qfz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pwfp8bjr0yfs1f7axuh17j6qfz|03|net"; nocase; ) # 8hr00f4hop7w1ahnxkd14oa67i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8hr00f4hop7w1ahnxkd14oa67i|03|com"; nocase; ) # zq1sl3nreaeg18vabeygrg1fu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zq1sl3nreaeg18vabeygrg1fu|03|net"; nocase; ) # 1pf4uvomidfce1snfv23rf2il3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pf4uvomidfce1snfv23rf2il3|03|org"; nocase; ) # 14o4im21p6zosk1wt8wrox3bwjg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14o4im21p6zosk1wt8wrox3bwjg|03|net"; nocase; ) # 16kbozh1wz9wsi133udjfmnp0v8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16kbozh1wz9wsi133udjfmnp0v8|03|org"; nocase; ) # 1kcw3w9z0yfjyb2pi7m1e52330.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kcw3w9z0yfjyb2pi7m1e52330|03|net"; nocase; ) # 96vz5g1emvty4m1xbe4922sp9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|96vz5g1emvty4m1xbe4922sp9|03|biz"; nocase; ) # 1djxgk81hv7wgh14skigt13k3gdj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1djxgk81hv7wgh14skigt13k3gdj|03|com"; nocase; ) # 197kfl511m5n05h8dfdn1ycdoqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|197kfl511m5n05h8dfdn1ycdoqx|03|com"; nocase; ) # wejxjgmw9iv11k5gaibk6zmx7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wejxjgmw9iv11k5gaibk6zmx7|03|org"; nocase; ) # ssu13o6ri0hwnokmzi1b58756.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssu13o6ri0hwnokmzi1b58756|03|com"; nocase; ) # fulzrsgxswld11o8rlk1a7mwzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fulzrsgxswld11o8rlk1a7mwzu|03|org"; nocase; ) # 9hl6yk1gtrso21vngfzi1g1rv1g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9hl6yk1gtrso21vngfzi1g1rv1g|03|org"; nocase; ) # 1h8pidr1ph7ei6193ndjc17gqbdq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h8pidr1ph7ei6193ndjc17gqbdq|03|net"; nocase; ) # zzgrycyvo4hf17k8fc6155rri6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zzgrycyvo4hf17k8fc6155rri6|03|net"; nocase; ) # romxn41tpmd7l1blbcf61j31pue.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|romxn41tpmd7l1blbcf61j31pue|03|biz"; nocase; ) # 1v487c0hpbadcylr52r14p2xic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v487c0hpbadcylr52r14p2xic|03|biz"; nocase; ) # sd88lq1cvudwv1hp3m6j72i453.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sd88lq1cvudwv1hp3m6j72i453|03|com"; nocase; ) # 6u7lia1lu8kozs4at70rtfdu2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6u7lia1lu8kozs4at70rtfdu2|03|org"; nocase; ) # 1srklrl1arjqcg1x2o0gw1p0i4jv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1srklrl1arjqcg1x2o0gw1p0i4jv|03|biz"; nocase; ) # e73pisgmpig31munfm42go9wl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e73pisgmpig31munfm42go9wl|03|net"; nocase; ) # 5zhy47r7jikeap20nm1vxqr65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5zhy47r7jikeap20nm1vxqr65|03|org"; nocase; ) # o62hmbvt594n1py7xlu1pnj5c6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o62hmbvt594n1py7xlu1pnj5c6|03|net"; nocase; ) # tmmmzze2duplehzowgd31pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tmmmzze2duplehzowgd31pm|03|net"; nocase; ) # mql2pbyod1yd1ylrkqv1h8bh3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mql2pbyod1yd1ylrkqv1h8bh3p|03|net"; nocase; ) # m6k5p6ewmvnrefejzz4505ix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m6k5p6ewmvnrefejzz4505ix|03|net"; nocase; ) # 1i5eh9sr9z02j145xoq6hebj6k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i5eh9sr9z02j145xoq6hebj6k|03|net"; nocase; ) # 1h5bsxw14msbsgieiqw31n3l75t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5bsxw14msbsgieiqw31n3l75t|03|net"; nocase; ) # 4dx9l21gtgkccfcgidqz4ln8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4dx9l21gtgkccfcgidqz4ln8s|03|net"; nocase; ) # ys7t5158yq5p1i5sq3w89mgm8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ys7t5158yq5p1i5sq3w89mgm8|03|com"; nocase; ) # 1frkjl0npth4j1yglo85gigcxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1frkjl0npth4j1yglo85gigcxw|03|net"; nocase; ) # qnswbcfd99g2t9cqts1agu2o7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qnswbcfd99g2t9cqts1agu2o7|03|org"; nocase; ) # ecuysnouwvpnlemy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011385; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ecuysnouwvpnlemy|02|eu"; nocase; ) # rpihyiikjfmdxyqx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011386; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rpihyiikjfmdxyqx|02|eu"; nocase; ) # rwbdkjichtnfqrlx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011387; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rwbdkjichtnfqrlx|02|eu"; nocase; ) # lftrelyxynihobor.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011388; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lftrelyxynihobor|02|eu"; nocase; ) # lblfmnlyffmbgfle.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011389; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lblfmnlyffmbgfle|02|eu"; nocase; ) # liebxblqdtndyksq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011390; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|liebxblqdtndyksq|02|eu"; nocase; ) # fqjprdcavbvfwtik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011391; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fqjprdcavbvfwtik|02|eu"; nocase; ) # ydxrojrkaeluqxrp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011392; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ydxrojrkaeluqxrp|02|eu"; nocase; ) # mihaapyysiqdlcad.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011393; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mihaapyysiqdlcad|02|eu"; nocase; ) # gqmotepildyfjlpj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011394; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gqmotepildyfjlpj|02|eu"; nocase; ) # givcwiowklgsfgji.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011395; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|givcwiowklgsfgji|02|eu"; nocase; ) # aujqvisfwokbylcp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011396; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|aujqvisfwokbylcp|02|eu"; nocase; ) # acpmhjswhdydrewc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011397; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|acpmhjswhdydrewc|02|eu"; nocase; ) # aqbeexfgdgoudpyo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011398; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|aqbeexfgdgoudpyo|02|eu"; nocase; ) # axtmclfxnhpwvugo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011399; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|axtmclfxnhpwvugo|02|eu"; nocase; ) # tsybjnvtsokyteji.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011400; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tsybjnvtsokyteji|02|eu"; nocase; ) # trbxkfuadygovrkt.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011401; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|trbxkfuadygovrkt|02|eu"; nocase; ) # d0f3b989778f0220c9475485c61fb55709.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0f3b989778f0220c9475485c61fb55709|02|in"; nocase; ) # e7e80cbe4e82597a43f9eec41ef654f8cc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e7e80cbe4e82597a43f9eec41ef654f8cc|02|hk"; nocase; ) # h928e2cf54b514a4312b6c789e1bdd67f6.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h928e2cf54b514a4312b6c789e1bdd67f6|02|so"; nocase; ) # jee1dde927ef558c7f2bcd5fba2906547a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jee1dde927ef558c7f2bcd5fba2906547a|02|ws"; nocase; ) # n638523e76d0b12b66a4723b50e8e9cb95.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n638523e76d0b12b66a4723b50e8e9cb95|02|cn"; nocase; ) # z8c367b88b3614f35ae2c5d119e9bd9ac7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z8c367b88b3614f35ae2c5d119e9bd9ac7|02|ws"; nocase; ) # c083e937c8b43d8bd35ead4b5fff930a4a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c083e937c8b43d8bd35ead4b5fff930a4a|02|hk"; nocase; ) # ed67650bc0dc62f781cb83b197a8f1fbbb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ed67650bc0dc62f781cb83b197a8f1fbbb|02|tk"; nocase; ) # h5836481bb55b343e316453ab92aef8d89.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h5836481bb55b343e316453ab92aef8d89|02|ws"; nocase; ) # o85df90641040086d9d54553f426500c8d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o85df90641040086d9d54553f426500c8d|02|cc"; nocase; ) # p14a598eedd074ce735dd4f5b0212b7411.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p14a598eedd074ce735dd4f5b0212b7411|02|ws"; nocase; ) # a47888ec9c7a0b7594ea20301138305dcb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a47888ec9c7a0b7594ea20301138305dcb|02|hk"; nocase; ) # ddb33d6ac21d90aad913fa2048de27858c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ddb33d6ac21d90aad913fa2048de27858c|02|so"; nocase; ) # f327ba5d36d2d28da395facbe54dae5bed.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f327ba5d36d2d28da395facbe54dae5bed|02|ws"; nocase; ) # k08b3a4bf419bc072904c31f285b16da17.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k08b3a4bf419bc072904c31f285b16da17|02|tk"; nocase; ) # l8039b13011b9c14d9545dff5e75ae648b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8039b13011b9c14d9545dff5e75ae648b|02|so"; nocase; ) # m07c2ea8ac64d4b0035dbc0716dc2134a4.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m07c2ea8ac64d4b0035dbc0716dc2134a4|02|cc"; nocase; ) # q1aca3c8350883d505e0199fcececccb06.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1aca3c8350883d505e0199fcececccb06|02|hk"; nocase; ) # sabc014e2c712395dfaba2681dbfd9ac62.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sabc014e2c712395dfaba2681dbfd9ac62|02|tk"; nocase; ) # t51744fa62a17d7462d2b0f00a01c2abab.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t51744fa62a17d7462d2b0f00a01c2abab|02|so"; nocase; ) # u7e8419067ac5b1a4b43a1a84a79cd1b1e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u7e8419067ac5b1a4b43a1a84a79cd1b1e|02|cc"; nocase; ) # bd5880b742684d572ccf0995b8079d760b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd5880b742684d572ccf0995b8079d760b|02|so"; nocase; ) # c6786c0754c50b90fd74c44fad2192c589.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6786c0754c50b90fd74c44fad2192c589|02|cc"; nocase; ) # f18e01f433810d967eac4b713f90d5cc94.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f18e01f433810d967eac4b713f90d5cc94|02|in"; nocase; ) # kae34fe78b04a4133cb3866f6baa23e0f0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kae34fe78b04a4133cb3866f6baa23e0f0|02|cc"; nocase; ) # o2185057a66c3df62dd127ae8b12dca49f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2185057a66c3df62dd127ae8b12dca49f|02|hk"; nocase; ) # y3a162b63c993f580ef2a3ca32d8f5dd3a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3a162b63c993f580ef2a3ca32d8f5dd3a|02|tk"; nocase; ) # e87a67ffc2f3acfca7233404cf636c73e8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e87a67ffc2f3acfca7233404cf636c73e8|02|hk"; nocase; ) # i2e6276c58e3cc08553f366907792e37a6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2e6276c58e3cc08553f366907792e37a6|02|cc"; nocase; ) # kfabd75c8bec942c0c7d8595fd8773cd0e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kfabd75c8bec942c0c7d8595fd8773cd0e|02|to"; nocase; ) # la810565b93d88c6d2760436bbe73f10cc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la810565b93d88c6d2760436bbe73f10cc|02|in"; nocase; ) # nb0203b891e5a6237aa2090a40b316290a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb0203b891e5a6237aa2090a40b316290a|02|cn"; nocase; ) # o824372c67ff0ad42620076bfabf9f8d45.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o824372c67ff0ad42620076bfabf9f8d45|02|tk"; nocase; ) # sf4d1dc2623d31b045457a4a801c27bfd7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sf4d1dc2623d31b045457a4a801c27bfd7|02|to"; nocase; ) # x782566bc8a32302964daab0dc32a1c1be.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x782566bc8a32302964daab0dc32a1c1be|02|so"; nocase; ) # d63ee438d3c79c4d8023e58076e5ea3f13.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d63ee438d3c79c4d8023e58076e5ea3f13|02|cn"; nocase; ) # k42ffbe4a5e1b1023b542d8f0060991509.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k42ffbe4a5e1b1023b542d8f0060991509|02|hk"; nocase; ) # la17f553c9af94b746dcaf58fc31e6f89c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la17f553c9af94b746dcaf58fc31e6f89c|02|cn"; nocase; ) # n2fec6bd69c41235e2dd145b8c45db7047.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2fec6bd69c41235e2dd145b8c45db7047|02|so"; nocase; ) # bff04ca739b10be52fbdd300a903fe8fbf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bff04ca739b10be52fbdd300a903fe8fbf|02|cn"; nocase; ) # fe6f361d65d61485b3aa709aca0f277a47.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe6f361d65d61485b3aa709aca0f277a47|02|ws"; nocase; ) # i1e21879262726b035f1ae2455ddb142c2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i1e21879262726b035f1ae2455ddb142c2|02|hk"; nocase; ) # keed495a61ca2b6a8d169bf82bd326dcf0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|keed495a61ca2b6a8d169bf82bd326dcf0|02|tk"; nocase; ) # v1d7131cd4871a58618a72e13c7e4cf831.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1d7131cd4871a58618a72e13c7e4cf831|02|ws"; nocase; ) # y529acf606733c422ea48c4038b7beeaa2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y529acf606733c422ea48c4038b7beeaa2|02|hk"; nocase; ) # h2c9b41c4b93eb43eb4d0caed2842718f4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2c9b41c4b93eb43eb4d0caed2842718f4|02|cn"; nocase; ) # s659204d6c41090a4c271e25d0f1738b65.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s659204d6c41090a4c271e25d0f1738b65|02|cc"; nocase; ) # e50583e956291c6e3c4e26047b667090b9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e50583e956291c6e3c4e26047b667090b9|02|hk"; nocase; ) # nd6ea85dada2837fc832795f37d5413e95.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd6ea85dada2837fc832795f37d5413e95|02|cn"; nocase; ) # ac5965e6439b6af1d2d63489a33c180b90.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ac5965e6439b6af1d2d63489a33c180b90|02|to"; nocase; ) # ea22ac5f9965e43f236a260be169304dc2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea22ac5f9965e43f236a260be169304dc2|02|tk"; nocase; ) # f0b772fa2aa4c26b92a9ffc6b58c6c7709.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0b772fa2aa4c26b92a9ffc6b58c6c7709|02|so"; nocase; ) # jc9a76886c877444e640075dc794e27df1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc9a76886c877444e640075dc794e27df1|02|in"; nocase; ) # z4cc3dcfc64cd7aea4e6ff7ccad3542c67.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z4cc3dcfc64cd7aea4e6ff7ccad3542c67|02|in"; nocase; ) # bee49757096e583c417f1d5bca418d05b2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bee49757096e583c417f1d5bca418d05b2|02|cn"; nocase; ) # f7932fa2d08cf725664025f7e84cca6856.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7932fa2d08cf725664025f7e84cca6856|02|ws"; nocase; ) # k37e49918f01cb6dacf73f0be3db3a1ec2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k37e49918f01cb6dacf73f0be3db3a1ec2|02|tk"; nocase; ) # ue7e6cbf07630212b7c7727b69d3316471.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue7e6cbf07630212b7c7727b69d3316471|02|cc"; nocase; ) # y4a1e1d6c28227544f26c3e4c4019e31ff.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4a1e1d6c28227544f26c3e4c4019e31ff|02|hk"; nocase; ) # z62a89a7c36e9e210a60ac61a1e72f9c0b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z62a89a7c36e9e210a60ac61a1e72f9c0b|02|cn"; nocase; ) # d7768426f1bfa2f4241dc49b11e227e2e5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d7768426f1bfa2f4241dc49b11e227e2e5|02|ws"; nocase; ) # jc2e90b52a4c677dd14f484a7af746a8f9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc2e90b52a4c677dd14f484a7af746a8f9|02|so"; nocase; ) # la95c6d6b1d4124e88de7a6d2d90204a80.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la95c6d6b1d4124e88de7a6d2d90204a80|02|ws"; nocase; ) # v70554209761e2489483412c920397331e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v70554209761e2489483412c920397331e|02|in"; nocase; ) # fc9a4b2ee75c4bff6d47ab5a32f56fdb37.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fc9a4b2ee75c4bff6d47ab5a32f56fdb37|02|cn"; nocase; ) # h16018d9875b9a82a363d1eb367899e7ce.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h16018d9875b9a82a363d1eb367899e7ce|02|so"; nocase; ) # kb3598a4dd0bf8bf312f62ecd3f2f02c9d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kb3598a4dd0bf8bf312f62ecd3f2f02c9d|02|to"; nocase; ) # r24179c0ede0626b888e3c571bde9bd6bc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r24179c0ede0626b888e3c571bde9bd6bc|02|ws"; nocase; ) # s04672196dd2db9ced2b40b4c6cd656b40.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s04672196dd2db9ced2b40b4c6cd656b40|02|to"; nocase; ) # x79474925b2ab1fd40c913ce3a51615367.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x79474925b2ab1fd40c913ce3a51615367|02|so"; nocase; ) # r3d4d4fa164b00110d9106a74abd7280e6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3d4d4fa164b00110d9106a74abd7280e6|02|in"; nocase; ) # t268485c7ffd2465c6430ae8bc0bf24c08.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t268485c7ffd2465c6430ae8bc0bf24c08|02|cn"; nocase; ) # z13fb08fe40fa03fb9407528439274ee51.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z13fb08fe40fa03fb9407528439274ee51|02|in"; nocase; ) # ab282773504b176f541f53bf38685a3459.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab282773504b176f541f53bf38685a3459|02|hk"; nocase; ) # dda470df1cf45887078d1d8eb06e6854b2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dda470df1cf45887078d1d8eb06e6854b2|02|so"; nocase; ) # p96ea2fa613bc803e75596a999d621b43e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p96ea2fa613bc803e75596a999d621b43e|02|in"; nocase; ) # qbb030b2ab65422599e44ff56806742dee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qbb030b2ab65422599e44ff56806742dee|02|hk"; nocase; ) # rdeb12382671106f9f39d1eaaa7f419e26.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rdeb12382671106f9f39d1eaaa7f419e26|02|cn"; nocase; ) # ybb488d51a244113eb2340cf087e75147e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybb488d51a244113eb2340cf087e75147e|02|hk"; nocase; ) # f69ae88ee2320d5c8602b250b03304d533.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f69ae88ee2320d5c8602b250b03304d533|02|in"; nocase; ) # xc2594af68bfc97c3217ba80ce0644797d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xc2594af68bfc97c3217ba80ce0644797d|02|cn"; nocase; ) # g0af00cf33364870713f4bb7e7eb743d89.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g0af00cf33364870713f4bb7e7eb743d89|02|tk"; nocase; ) # h3bcf4f4e2e65da11af9f1960353b969ff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3bcf4f4e2e65da11af9f1960353b969ff|02|so"; nocase; ) # j0b08b8f4943a36953004a7601fa63b640.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0b08b8f4943a36953004a7601fa63b640|02|ws"; nocase; ) # m771ebe3c6842c8822b9851ebd34d22764.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m771ebe3c6842c8822b9851ebd34d22764|02|hk"; nocase; ) # o19343ad3670b8db6c6c00477b73c6f97e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o19343ad3670b8db6c6c00477b73c6f97e|02|tk"; nocase; ) # v01bbb2dae478e3ec7492b3b74c063af65.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v01bbb2dae478e3ec7492b3b74c063af65|02|cn"; nocase; ) # b1ff1c9c740e7b3b8259176f805e6e76d1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1ff1c9c740e7b3b8259176f805e6e76d1|02|in"; nocase; ) # cac2a1fe35d0ec1cf42e256a84f0112e41.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cac2a1fe35d0ec1cf42e256a84f0112e41|02|hk"; nocase; ) # d2539b8d16f5802c47db59e73d059e6d31.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d2539b8d16f5802c47db59e73d059e6d31|02|cn"; nocase; ) # g05337d805771156027983a7b663cc8846.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g05337d805771156027983a7b663cc8846|02|cc"; nocase; ) # l8426c33fec3177d4c0c640aad608ab02a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8426c33fec3177d4c0c640aad608ab02a|02|cn"; nocase; ) # pf40f701526bdf1363918a38c63692ca29.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf40f701526bdf1363918a38c63692ca29|02|ws"; nocase; ) # r4871f44b7ef9ebaeb0e05c9fcab27bb49.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4871f44b7ef9ebaeb0e05c9fcab27bb49|02|in"; nocase; ) # vaedba32f5bdaca3b83d6f22877cf73853.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vaedba32f5bdaca3b83d6f22877cf73853|02|so"; nocase; ) # a5079b18149282dee18a16f5d94d63b2d3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a5079b18149282dee18a16f5d94d63b2d3|02|hk"; nocase; ) # f4353a34ad4488b756e24b2e4c61c0b47d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f4353a34ad4488b756e24b2e4c61c0b47d|02|ws"; nocase; ) # j2ff1fc485a79a948e49dc873f2d5f9113.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2ff1fc485a79a948e49dc873f2d5f9113|02|cn"; nocase; ) # l7b7d65bc922ccedf37eef5a791b654455.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7b7d65bc922ccedf37eef5a791b654455|02|so"; nocase; ) # ob1736ca7816be57954e4a3c04d1fd6983.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ob1736ca7816be57954e4a3c04d1fd6983|02|to"; nocase; ) # tbe798ac79c38defe10d688303039fdd0e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tbe798ac79c38defe10d688303039fdd0e|02|so"; nocase; ) # f00ec609c0324f490eb4a49e9017400d22.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f00ec609c0324f490eb4a49e9017400d22|02|in"; nocase; ) # j82674a06c170a78e4d8ccda879da43266.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j82674a06c170a78e4d8ccda879da43266|02|so"; nocase; ) # p7664f5539e3203cc8c3504dc2f4ec7817.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7664f5539e3203cc8c3504dc2f4ec7817|02|cn"; nocase; ) # rce86c64baa8bad188542ae832fa8d0566.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rce86c64baa8bad188542ae832fa8d0566|02|so"; nocase; ) # s06efdbb7fb4046486864c27acc0aca660.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s06efdbb7fb4046486864c27acc0aca660|02|cc"; nocase; ) # w56a842b18fcd303f9ccc972fd17f066f1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w56a842b18fcd303f9ccc972fd17f066f1|02|hk"; nocase; ) # f21e00e523a20c5e8620fcfb63edae0da3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f21e00e523a20c5e8620fcfb63edae0da3|02|cn"; nocase; ) # hd40093c54c3da15d2fc78fddf3c101eaf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd40093c54c3da15d2fc78fddf3c101eaf|02|so"; nocase; ) # o706ac77d0b902f0de39aaec308e79cb2e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o706ac77d0b902f0de39aaec308e79cb2e|02|tk"; nocase; ) # r9b0f2eea042f0b25196fc47855af6cf86.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9b0f2eea042f0b25196fc47855af6cf86|02|ws"; nocase; ) # vf229303567703d1741eb48f4da6f72bf5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vf229303567703d1741eb48f4da6f72bf5|02|cn"; nocase; ) # zf61e79445494493805c877b72e5ee9b1c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zf61e79445494493805c877b72e5ee9b1c|02|ws"; nocase; ) # cd1230445345e135a08d657f40a7756f5d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd1230445345e135a08d657f40a7756f5d|02|hk"; nocase; ) # dae7ed9a77bd0de80af963def1680155d8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dae7ed9a77bd0de80af963def1680155d8|02|cn"; nocase; ) # h04590afcd9a72597a3ccf38dba55f7cc4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h04590afcd9a72597a3ccf38dba55f7cc4|02|ws"; nocase; ) # q835ec86b94623d606f4b80b8fe5300280.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q835ec86b94623d606f4b80b8fe5300280|02|to"; nocase; ) # sbf471b42835369b220d269b6c5f140227.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sbf471b42835369b220d269b6c5f140227|02|hk"; nocase; ) # zed7a2ef5b1bf5e4a83fd6088398ac9b89.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zed7a2ef5b1bf5e4a83fd6088398ac9b89|02|in"; nocase; ) # e7b74d7f0c47c4340ed7abf605ee328cdb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e7b74d7f0c47c4340ed7abf605ee328cdb|02|cc"; nocase; ) # kd330a21ccc2edfea1eb6ffcc1543b9375.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd330a21ccc2edfea1eb6ffcc1543b9375|02|tk"; nocase; ) # m8c7911c347221884d3a624bb8d5a76744.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8c7911c347221884d3a624bb8d5a76744|02|cc"; nocase; ) # w6d4573f603d5be38b70d59481c0323896.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w6d4573f603d5be38b70d59481c0323896|02|to"; nocase; ) # j2df9115d404e5fc2e2e24af2c6ec90bd4.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2df9115d404e5fc2e2e24af2c6ec90bd4|02|so"; nocase; ) # vc6c89453c5e0d1682f0836d6c09d55865.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vc6c89453c5e0d1682f0836d6c09d55865|02|in"; nocase; ) # b0f2bc770d492a9d26581bd8180e5034f8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0f2bc770d492a9d26581bd8180e5034f8|02|ws"; nocase; ) # d2c5303f73b704c577e1ce5287e52a2f05.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d2c5303f73b704c577e1ce5287e52a2f05|02|in"; nocase; ) # t0365be152d96d7a12d8605d7613e35ed6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t0365be152d96d7a12d8605d7613e35ed6|02|in"; nocase; ) # h93dce08484ede9961c7d20916b4aca1b5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h93dce08484ede9961c7d20916b4aca1b5|02|ws"; nocase; ) # mf881e92dd39b33c0d5850f7de05593bec.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf881e92dd39b33c0d5850f7de05593bec|02|tk"; nocase; ) # q8533cf658d832d1563225c68240ec3282.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8533cf658d832d1563225c68240ec3282|02|to"; nocase; ) # k5b650cbebd4f15444aa66bb92c41362ff.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5b650cbebd4f15444aa66bb92c41362ff|02|tk"; nocase; ) # m615a1dd5cd331fb5a8375bfe4097e1037.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m615a1dd5cd331fb5a8375bfe4097e1037|02|cc"; nocase; ) # o6d203051bbaf1cc63b247033ae33e539c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o6d203051bbaf1cc63b247033ae33e539c|02|to"; nocase; ) # p74af015b01ac52415d0f9bbb139e714fb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p74af015b01ac52415d0f9bbb139e714fb|02|in"; nocase; ) # q4d5c04b1969a557580ccc09eed9eea0af.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4d5c04b1969a557580ccc09eed9eea0af|02|hk"; nocase; ) # uafd67ecbfb714ad5cacdf6572b4e500f2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uafd67ecbfb714ad5cacdf6572b4e500f2|02|cc"; nocase; ) # v9cbf366488326021801a114eb728d3908.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9cbf366488326021801a114eb728d3908|02|ws"; nocase; ) # g532109b298cfe66d18033d1953e8187c2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g532109b298cfe66d18033d1953e8187c2|02|hk"; nocase; ) # h8e08dd7c60dfb112c4c7192e5b51ea757.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h8e08dd7c60dfb112c4c7192e5b51ea757|02|so"; nocase; ) # m35a2e35a035fcb9f69fa94d77b22945c7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m35a2e35a035fcb9f69fa94d77b22945c7|02|hk"; nocase; ) # nd24f18efb2caa491aa6ad50d212bf6214.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd24f18efb2caa491aa6ad50d212bf6214|02|cn"; nocase; ) # s5115337215defbc08372f5317cf566b5d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s5115337215defbc08372f5317cf566b5d|02|to"; nocase; ) # u25787fb8ae2f26853596dae326f1c395f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u25787fb8ae2f26853596dae326f1c395f|02|hk"; nocase; ) # x82568245de77e6aea17ca5ffd6ea6dbc1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x82568245de77e6aea17ca5ffd6ea6dbc1|02|so"; nocase; ) # zf97e21c9c595cb60ad2f15ede4e933616.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zf97e21c9c595cb60ad2f15ede4e933616|02|ws"; nocase; ) # o056abc365a192c184e6fc41426d26563d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o056abc365a192c184e6fc41426d26563d|02|cc"; nocase; ) # tbb0e46deb0c451766f69cab6201b4c9b1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tbb0e46deb0c451766f69cab6201b4c9b1|02|cn"; nocase; ) # cbaa72c4e78926da0bf4188803bbd446fd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cbaa72c4e78926da0bf4188803bbd446fd|02|tk"; nocase; ) # d1bf5d9392dbbc0ae58e9cbffa7640921c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d1bf5d9392dbbc0ae58e9cbffa7640921c|02|so"; nocase; ) # g005c5e1574a35a6415ddd2a4eed6a5408.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g005c5e1574a35a6415ddd2a4eed6a5408|02|to"; nocase; ) # l925e26856924ba619313a4b7ac9c634cf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l925e26856924ba619313a4b7ac9c634cf|02|so"; nocase; ) # n598cb22f9feba7e81afbca6ba888e1969.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n598cb22f9feba7e81afbca6ba888e1969|02|ws"; nocase; ) # vd63cb059d235548b938d030274079e71d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd63cb059d235548b938d030274079e71d|02|ws"; nocase; ) # e548c34055bdfc7a4e1a02cf77f14291d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e548c34055bdfc7a4e1a02cf77f14291d2|02|to"; nocase; ) # l7ee2e7e219d97146f1a62ef59d4e8eb3c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7ee2e7e219d97146f1a62ef59d4e8eb3c|02|ws"; nocase; ) # q99b6de6ba9185d986634130ef56f587d2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q99b6de6ba9185d986634130ef56f587d2|02|tk"; nocase; ) # r19caac1635e2bed235b538dbec9f728a9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r19caac1635e2bed235b538dbec9f728a9|02|so"; nocase; ) # sb239eb2998006c79244784a9f0171e0bf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb239eb2998006c79244784a9f0171e0bf|02|cc"; nocase; ) # tce84760b5fd2914481fa3279cba13d009.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tce84760b5fd2914481fa3279cba13d009|02|ws"; nocase; ) # w0c914be5849d564c247a1967f5f024f73.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w0c914be5849d564c247a1967f5f024f73|02|hk"; nocase; ) # z56f0df08553c5591a12dbcbb16aaa71d5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z56f0df08553c5591a12dbcbb16aaa71d5|02|so"; nocase; ) # d756ad6df8fa803ac8eb314571817fe882.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d756ad6df8fa803ac8eb314571817fe882|02|in"; nocase; ) # mba15bdb95e50f032679b905dd17a77aba.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mba15bdb95e50f032679b905dd17a77aba|02|hk"; nocase; ) # r4d422a0e9bf5830038b3f655ca654a655.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4d422a0e9bf5830038b3f655ca654a655|02|ws"; nocase; ) # sd3aa1de982cdd43bc860aa3d86fe2dc21.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sd3aa1de982cdd43bc860aa3d86fe2dc21|02|to"; nocase; ) # vb558c9b4ef18b43eee1946837212e1889.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vb558c9b4ef18b43eee1946837212e1889|02|cn"; nocase; ) # x6fd0c68dbcfc743d857b1ad9f0fcbf406.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6fd0c68dbcfc743d857b1ad9f0fcbf406|02|so"; nocase; ) # za0df16340d27d08e043ee4b3212217a27.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za0df16340d27d08e043ee4b3212217a27|02|ws"; nocase; ) # defbcd053b25884c342d97e6662e4672d8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|defbcd053b25884c342d97e6662e4672d8|02|cn"; nocase; ) # ife3ab2f90a3d112f6fb8c735285eb671e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ife3ab2f90a3d112f6fb8c735285eb671e|02|to"; nocase; ) # r6f63da7cfc71d3d2f5b2052de3d911e1d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r6f63da7cfc71d3d2f5b2052de3d911e1d|02|in"; nocase; ) # ze4d184e3033956f61ee4fe528960a9786.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ze4d184e3033956f61ee4fe528960a9786|02|in"; nocase; ) # f9ff8dfa76acbed0a011aa478a17927913.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9ff8dfa76acbed0a011aa478a17927913|02|ws"; nocase; ) # me5f1f7e340c53bbc23b44427d3e9bde38.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me5f1f7e340c53bbc23b44427d3e9bde38|02|cc"; nocase; ) # n43b7904eba301d76c243b9206eca5dec0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n43b7904eba301d76c243b9206eca5dec0|02|ws"; nocase; ) # r368bd669732bb01127e1152e0e69e449f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r368bd669732bb01127e1152e0e69e449f|02|cn"; nocase; ) # t314bb735b579029086a72d6667a485f8f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t314bb735b579029086a72d6667a485f8f|02|so"; nocase; ) # a3a262bd2b6617c8ef1115621a23177b52.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a3a262bd2b6617c8ef1115621a23177b52|02|tk"; nocase; ) # idf48e9cc1658b6b5ee1826e8914b227a3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|idf48e9cc1658b6b5ee1826e8914b227a3|02|tk"; nocase; ) # ob0f93d71e56582183565364a4cfb5c846.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ob0f93d71e56582183565364a4cfb5c846|02|hk"; nocase; ) # qedd4df6dae2950ba5b9e33a87d939a05a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qedd4df6dae2950ba5b9e33a87d939a05a|02|tk"; nocase; ) # t82559dea98e6c25cc600f350d654fbb9d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t82559dea98e6c25cc600f350d654fbb9d|02|ws"; nocase; ) # vd86386347a53c783f8a14f60a36d4020f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd86386347a53c783f8a14f60a36d4020f|02|in"; nocase; ) # w03824ed005efd9c8eff3390dac33d6cbe.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w03824ed005efd9c8eff3390dac33d6cbe|02|hk"; nocase; ) # x538642cc4356a6c39d15bea354b22d3d9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x538642cc4356a6c39d15bea354b22d3d9|02|cn"; nocase; ) # b96afb08d32256a18215f819c6f3cde13c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b96afb08d32256a18215f819c6f3cde13c|02|ws"; nocase; ) # g88a6fd6af81e0421430ab9ef3a26c571e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g88a6fd6af81e0421430ab9ef3a26c571e|02|tk"; nocase; ) # p7e22bb4957b53266040b6a894e0cd061e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7e22bb4957b53266040b6a894e0cd061e|02|so"; nocase; ) # s230094d68e37b736780247786001aec23.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s230094d68e37b736780247786001aec23|02|to"; nocase; ) # wb9c439305d3ea0911a89e5b1dfd8a19df.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb9c439305d3ea0911a89e5b1dfd8a19df|02|tk"; nocase; ) # x9a717c9bdbdc800dd1e12cc86e31a6498.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9a717c9bdbdc800dd1e12cc86e31a6498|02|so"; nocase; ) # z5691eda1824675be2c52d8e9f4bc10b0d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z5691eda1824675be2c52d8e9f4bc10b0d|02|ws"; nocase; ) # c1324f3bd43e2bc8ef0f4cbd62d37db9aa.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c1324f3bd43e2bc8ef0f4cbd62d37db9aa|02|hk"; nocase; ) # i199d5e9f14bb47e0e33eef519fb6fd32f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i199d5e9f14bb47e0e33eef519fb6fd32f|02|to"; nocase; ) # me758e4c2c3fdfb0f8d90b989d3f0b1ff6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me758e4c2c3fdfb0f8d90b989d3f0b1ff6|02|tk"; nocase; ) # p4da57a8b49c18addab53e6be05bf3b6c9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p4da57a8b49c18addab53e6be05bf3b6c9|02|ws"; nocase; ) # ub81d604c020a023f5e3618a0b309e5d99.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub81d604c020a023f5e3618a0b309e5d99|02|tk"; nocase; ) # vb646d8fc303da5e533280420c3755d125.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vb646d8fc303da5e533280420c3755d125|02|so"; nocase; ) # y3b0e3fb80c94b63fe9ee611aaae8333fa.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3b0e3fb80c94b63fe9ee611aaae8333fa|02|to"; nocase; ) # a33d2731ec582d9f7bd55a63c74bd71313.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a33d2731ec582d9f7bd55a63c74bd71313|02|hk"; nocase; ) # b05d7c244f1bcfab931328bdbfe4951bd1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b05d7c244f1bcfab931328bdbfe4951bd1|02|cn"; nocase; ) # dac80339bd523cfc8f7fdfc9521ace188f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dac80339bd523cfc8f7fdfc9521ace188f|02|so"; nocase; ) # f78fe321e5e64ff489960da70599f9d1a4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f78fe321e5e64ff489960da70599f9d1a4|02|ws"; nocase; ) # t557411b4e721ca7151a9d45194e62b005.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t557411b4e721ca7151a9d45194e62b005|02|in"; nocase; ) # vfe6fcd831c8158cfc90f3503f96b08ce2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vfe6fcd831c8158cfc90f3503f96b08ce2|02|cn"; nocase; ) # wa1e3ef87a4fe4db1d4fee6e8fdab2f2ba.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011608; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa1e3ef87a4fe4db1d4fee6e8fdab2f2ba|02|tk"; nocase; ) # y69d00f9a8c895a395a5926c35ad691940.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011609; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y69d00f9a8c895a395a5926c35ad691940|02|cc"; nocase; ) # e0a8cda4862c8fc3e27b4c8d0d98a09c10.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011610; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0a8cda4862c8fc3e27b4c8d0d98a09c10|02|tk"; nocase; ) # h6523e776bcd3c8fbabb32a96e53657e1a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011611; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h6523e776bcd3c8fbabb32a96e53657e1a|02|ws"; nocase; ) # k5daca0c6764f6348b010013cea234a9da.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011612; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5daca0c6764f6348b010013cea234a9da|02|hk"; nocase; ) # la4fa451d0cc9f92b39cd25dc067925bf6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011613; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la4fa451d0cc9f92b39cd25dc067925bf6|02|cn"; nocase; ) # rec63e2837d945f5b10a0d091810e528d4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011614; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rec63e2837d945f5b10a0d091810e528d4|02|in"; nocase; ) # d9692fb853b70cf0bf201b34be355165ae.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011615; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d9692fb853b70cf0bf201b34be355165ae|02|so"; nocase; ) # f733eea965e52b0b83a127aa953bdc750f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011616; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f733eea965e52b0b83a127aa953bdc750f|02|ws"; nocase; ) # gcdcef88fbc0ac05cce490bfafccf23b7e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011617; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gcdcef88fbc0ac05cce490bfafccf23b7e|02|to"; nocase; ) # xa573cb4afd91391bdc2e5ff6891ab887c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011618; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa573cb4afd91391bdc2e5ff6891ab887c|02|in"; nocase; ) # fd632059092d3bc12ce983e710fd90bf16.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011619; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fd632059092d3bc12ce983e710fd90bf16|02|in"; nocase; ) # ib79cb6ddb9f2b4a92282d2303d88e6e22.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011620; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib79cb6ddb9f2b4a92282d2303d88e6e22|02|tk"; nocase; ) # oe2801b0f5fbd662279a38d9f475617978.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011621; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe2801b0f5fbd662279a38d9f475617978|02|hk"; nocase; ) # p738d1095e014ecf879853fc61654f8ab1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011622; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p738d1095e014ecf879853fc61654f8ab1|02|cn"; nocase; ) # r9d4423c661dfe5c35891e2a11d06ae34e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011623; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9d4423c661dfe5c35891e2a11d06ae34e|02|so"; nocase; ) # w1bec8ded655ea9483a58f6d8e257ee2c9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011624; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1bec8ded655ea9483a58f6d8e257ee2c9|02|hk"; nocase; ) # x0d25897a1d5160e518b97559a4fedcb30.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011625; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0d25897a1d5160e518b97559a4fedcb30|02|cn"; nocase; ) # y4a650fd909ea095915d23cd59ccb5956d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011626; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4a650fd909ea095915d23cd59ccb5956d|02|tk"; nocase; ) # e627e0a238d5c6cb271267900d75f92f88.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011627; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e627e0a238d5c6cb271267900d75f92f88|02|hk"; nocase; ) # pa5829bff3ac59d5d5fad1a59623b6f201.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011628; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pa5829bff3ac59d5d5fad1a59623b6f201|02|so"; nocase; ) # s3d124a41dd48727d4ea3d7c94b756727f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011629; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s3d124a41dd48727d4ea3d7c94b756727f|02|to"; nocase; ) # c22d202557225d97b80d5a29fb9d413dbc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011630; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c22d202557225d97b80d5a29fb9d413dbc|02|hk"; nocase; ) # fb3331a0fbfafb8516ff40e0af16636aaa.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011631; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb3331a0fbfafb8516ff40e0af16636aaa|02|so"; nocase; ) # hc68ce86bcc79da6bb24ab479dc492c260.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011632; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc68ce86bcc79da6bb24ab479dc492c260|02|ws"; nocase; ) # k3c4b32e664bce6bcd7a3af438187cf2b1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011633; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k3c4b32e664bce6bcd7a3af438187cf2b1|02|hk"; nocase; ) # lcf3e41651f6e873d84eac7f597838ec3e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011634; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lcf3e41651f6e873d84eac7f597838ec3e|02|cn"; nocase; ) # p989edad7848eefa80c22cd17298c2a786.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011635; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p989edad7848eefa80c22cd17298c2a786|02|ws"; nocase; ) # xc6f9ea8fea1db78dd0d2600a6fc66b82d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011636; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xc6f9ea8fea1db78dd0d2600a6fc66b82d|02|ws"; nocase; ) # id53ee6e13f526f3d14f79b7182da36c99.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011637; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id53ee6e13f526f3d14f79b7182da36c99|02|hk"; nocase; ) # l27696c7b586bfe2570fffb189b6c0dd4f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011638; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l27696c7b586bfe2570fffb189b6c0dd4f|02|so"; nocase; ) # q7fda14db01da65d432c25f0356e8a6aa6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011639; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q7fda14db01da65d432c25f0356e8a6aa6|02|hk"; nocase; ) # z1d7ee8ef6f4d1583132d06916c17bb91d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011640; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z1d7ee8ef6f4d1583132d06916c17bb91d|02|cn"; nocase; ) # b5ed05515aadc4f096a25295a2f6d3bf06.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5ed05515aadc4f096a25295a2f6d3bf06|02|so"; nocase; ) # cf288050480b044cfa0cc25b17155ea771.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cf288050480b044cfa0cc25b17155ea771|02|cc"; nocase; ) # g67b8ea1311c7613a06204d66a2a4a6ea2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g67b8ea1311c7613a06204d66a2a4a6ea2|02|hk"; nocase; ) # h876dd21aad0a72d64f8a2e8dbf06e25b5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h876dd21aad0a72d64f8a2e8dbf06e25b5|02|cn"; nocase; ) # ldc0cc164f5f6dfa72f6eedce51ae4fb6d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ldc0cc164f5f6dfa72f6eedce51ae4fb6d|02|ws"; nocase; ) # pe36e9d9a7a9418a0548e5f930f339ebc2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe36e9d9a7a9418a0548e5f930f339ebc2|02|cn"; nocase; ) # sb0a2e210e600c4d6da787de618a092b79.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb0a2e210e600c4d6da787de618a092b79|02|cc"; nocase; ) # y9229350179d9540fd1a7c1d5d9e66a848.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9229350179d9540fd1a7c1d5d9e66a848|02|tk"; nocase; ) # d90034fdc2ab83f80be4fdc2fc0c6e82c6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d90034fdc2ab83f80be4fdc2fc0c6e82c6|02|in"; nocase; ) # m8221541a0aee98030acb3ce456495abee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8221541a0aee98030acb3ce456495abee|02|hk"; nocase; ) # u11964d5397d693bdb2a80bef6c99b4a9a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u11964d5397d693bdb2a80bef6c99b4a9a|02|hk"; nocase; ) # v1f800e5f48981f24e50b4170ff98316df.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1f800e5f48981f24e50b4170ff98316df|02|cn"; nocase; ) # z6f952b48606937546115644adbe628fdc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6f952b48606937546115644adbe628fdc|02|ws"; nocase; ) # d2c88380670988d0d8ca0039d82479bb8a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d2c88380670988d0d8ca0039d82479bb8a|02|cn"; nocase; ) # gcb9887b10dc9e84546af8c91b864db24c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gcb9887b10dc9e84546af8c91b864db24c|02|cc"; nocase; ) # j9a5672d3182aa4f3e80fc37f74d37f314.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9a5672d3182aa4f3e80fc37f74d37f314|02|in"; nocase; ) # l6cfcd7edd898173559d98d54f9a1537fa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6cfcd7edd898173559d98d54f9a1537fa|02|cn"; nocase; ) # s9c54f54a8b2c2c0b2a2f678177ef0ab17.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9c54f54a8b2c2c0b2a2f678177ef0ab17|02|hk"; nocase; ) # u215a4323dac5537cc9296efc4e7de2110.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u215a4323dac5537cc9296efc4e7de2110|02|tk"; nocase; ) # bba60b9a579dcfe847483dbecddd70e997.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bba60b9a579dcfe847483dbecddd70e997|02|cn"; nocase; ) # k4d73b3acb9e5a6cefc35a08b0aa9dc66d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k4d73b3acb9e5a6cefc35a08b0aa9dc66d|02|tk"; nocase; ) # e1ff82d34e2cf7255cba850c276382a2e9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1ff82d34e2cf7255cba850c276382a2e9|02|to"; nocase; ) # k4010672a31f345096c4a0cd48e9a4ee70.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k4010672a31f345096c4a0cd48e9a4ee70|02|cc"; nocase; ) # peeacd9c63c50ca4c081954b8fb35e3709.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|peeacd9c63c50ca4c081954b8fb35e3709|02|cn"; nocase; ) # q0c7866778f3c3255a1ee4f9ea81de665e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q0c7866778f3c3255a1ee4f9ea81de665e|02|tk"; nocase; ) # vd3c64841506a6e17141be383e9d52b801.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd3c64841506a6e17141be383e9d52b801|02|in"; nocase; ) # x28f0c8fb38dd980806a4b9c86a4eac14e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x28f0c8fb38dd980806a4b9c86a4eac14e|02|cn"; nocase; ) # y54866c18f6f9198d27a25ab741c489bf7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y54866c18f6f9198d27a25ab741c489bf7|02|tk"; nocase; ) # h704cd9aeb3b6e648101ebe9ea53bf986c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h704cd9aeb3b6e648101ebe9ea53bf986c|02|so"; nocase; ) # i5604edf64635f47ffec01d71d9718002b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5604edf64635f47ffec01d71d9718002b|02|cc"; nocase; ) # idk2o4mt7vajkji.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011671; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|idk2o4mt7vajkji|04|ddns|03|net"; nocase; ) # m452gdmx5lkfe2s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011672; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|m452gdmx5lkfe2s|04|ddns|03|net"; nocase; ) # k852ylqj36uh12k4mp7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011673; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|k852ylqj36uh12k4mp7|04|ddns|03|net"; nocase; ) # 3vih16q6i43jgjqpwb7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011674; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|3vih16q6i43jgjqpwb7|04|ddns|03|net"; nocase; ) # k4qxyfan78wn3rghajgf58a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011675; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|k4qxyfan78wn3rghajgf58a|04|ddns|03|net"; nocase; ) # a4slkbeb7rw6oh5x5vu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011676; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|a4slkbeb7rw6oh5x5vu|04|ddns|03|net"; nocase; ) # kiucakpigio.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011677; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|kiucakpigio|04|ddns|03|net"; nocase; ) # rcjbcve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rcjbcve|04|info"; nocase; ) # dhzozgzlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dhzozgzlq|03|org"; nocase; ) # ujxuxvosmuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ujxuxvosmuq|03|net"; nocase; ) # fbkibt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fbkibt|03|com"; nocase; ) # zwonymvb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zwonymvb|04|info"; nocase; ) # djfqfnjzkdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|djfqfnjzkdm|03|com"; nocase; ) # whbcakwg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|whbcakwg|04|info"; nocase; ) # gqlpfyahlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gqlpfyahlq|03|org"; nocase; ) # mrobqpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mrobqpk|03|biz"; nocase; ) # ybkkzxar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ybkkzxar|03|com"; nocase; ) # zpqiqpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zpqiqpu|03|biz"; nocase; ) # ggroelpd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ggroelpd|03|biz"; nocase; ) # vdirfyom.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vdirfyom|03|biz"; nocase; ) # rqixbdih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rqixbdih|03|com"; nocase; ) # vfjxabavltk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vfjxabavltk|03|net"; nocase; ) # ymsxnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ymsxnh|03|biz"; nocase; ) # dyfwtbu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dyfwtbu|03|com"; nocase; ) # cezsbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cezsbl|03|com"; nocase; ) # tcifoj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tcifoj|03|biz"; nocase; ) # tikikj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tikikj|03|org"; nocase; ) # dtkmeamfxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dtkmeamfxw|04|info"; nocase; ) # vuqursmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vuqursmk|03|org"; nocase; ) # xdocqiis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xdocqiis|03|com"; nocase; ) # mhfyqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mhfyqg|03|biz"; nocase; ) # yhorqrfjcmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yhorqrfjcmu|03|org"; nocase; ) # cvmnjbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cvmnjbn|03|com"; nocase; ) # ltpquz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ltpquz|03|net"; nocase; ) # javumvoypml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|javumvoypml|03|org"; nocase; ) # sfrrewtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|sfrrewtm|03|net"; nocase; ) # szfnajqfzq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|szfnajqfzq|04|info"; nocase; ) # fosyugds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fosyugds|03|com"; nocase; ) # wwnswv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wwnswv|04|info"; nocase; ) # iicvnwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|iicvnwi|04|info"; nocase; ) # utuwzui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|utuwzui|03|net"; nocase; ) # hmkxcunmkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hmkxcunmkm|03|org"; nocase; ) # njyooyxjup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|njyooyxjup|03|net"; nocase; ) # ycqgngmvq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ycqgngmvq|04|info"; nocase; ) # ijqzfcuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ijqzfcuh|03|net"; nocase; ) # xrovws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xrovws|04|info"; nocase; ) # pljvvjyfkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pljvvjyfkr|03|org"; nocase; ) # vxtovkaru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vxtovkaru|03|net"; nocase; ) # kocqpvid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kocqpvid|03|com"; nocase; ) # dqagnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dqagnn|03|biz"; nocase; ) # qaklfuchd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qaklfuchd|03|com"; nocase; ) # ucidyinsolr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ucidyinsolr|03|org"; nocase; ) # dhdugbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dhdugbg|03|com"; nocase; ) # twoegwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|twoegwi|04|info"; nocase; ) # uijhjgjki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uijhjgjki|03|org"; nocase; ) # yoafxrwzhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yoafxrwzhz|03|com"; nocase; ) # gqvnevglh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gqvnevglh|03|org"; nocase; ) # tvdcqnuziaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tvdcqnuziaa|03|com"; nocase; ) # frgnthyd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|frgnthyd|04|info"; nocase; ) # qhbfpsur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qhbfpsur|03|net"; nocase; ) # ahgvmqzq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ahgvmqzq|04|info"; nocase; ) # uxhakyh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uxhakyh|04|info"; nocase; ) # lrxpmkgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lrxpmkgj|03|com"; nocase; ) # pefjxbbfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pefjxbbfm|03|com"; nocase; ) # rrgthjehtep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rrgthjehtep|03|com"; nocase; ) # ceqqavs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ceqqavs|04|info"; nocase; ) # wzpomzzub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wzpomzzub|03|net"; nocase; ) # lrksymcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lrksymcq|03|com"; nocase; ) # eoklzor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eoklzor|03|biz"; nocase; ) # awtteoeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|awtteoeb|03|com"; nocase; ) # vhhdepq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vhhdepq|03|biz"; nocase; ) # wvbvxzo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wvbvxzo|04|info"; nocase; ) # xwmtssucvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xwmtssucvv|04|info"; nocase; ) # sfyebtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sfyebtz|03|net"; nocase; ) # uqcrfrkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uqcrfrkr|03|org"; nocase; ) # trsdjdjvjtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|trsdjdjvjtz|03|net"; nocase; ) # dzaijn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dzaijn|03|org"; nocase; ) # anmapu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|anmapu|03|biz"; nocase; ) # llezufa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|llezufa|03|com"; nocase; ) # pdzhmwze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pdzhmwze|04|info"; nocase; ) # rhneicj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rhneicj|03|com"; nocase; ) # zntpwcnnig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zntpwcnnig|03|com"; nocase; ) # meawksq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|meawksq|03|net"; nocase; ) # gzqsvjcuoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gzqsvjcuoq|03|biz"; nocase; ) # locwxbhsyuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|locwxbhsyuo|03|net"; nocase; ) # fworlyzdzw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fworlyzdzw|04|info"; nocase; ) # ofeougng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ofeougng|03|biz"; nocase; ) # fxggcyce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fxggcyce|03|com"; nocase; ) # xcwuldd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xcwuldd|03|com"; nocase; ) # muhxej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|muhxej|03|com"; nocase; ) # jgawkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jgawkb|03|org"; nocase; ) # fsjrkcolvhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fsjrkcolvhp|03|com"; nocase; ) # sksszec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sksszec|03|com"; nocase; ) # rablhjkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rablhjkh|03|org"; nocase; ) # prverf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|prverf|03|net"; nocase; ) # chrxdfrbrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|chrxdfrbrl|03|net"; nocase; ) # xgeevjqnnoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xgeevjqnnoe|03|biz"; nocase; ) # ebrpwuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ebrpwuh|03|net"; nocase; ) # sggdehgrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sggdehgrq|03|net"; nocase; ) # hnfamgri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hnfamgri|03|net"; nocase; ) # tkukixhmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tkukixhmu|03|org"; nocase; ) # pqseees.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pqseees|03|com"; nocase; ) # auoxpqrajs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|auoxpqrajs|03|org"; nocase; ) # ijqlzdobzyy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ijqlzdobzyy|04|info"; nocase; ) # mggntsq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mggntsq|03|net"; nocase; ) # pcmxcmofb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pcmxcmofb|03|com"; nocase; ) # clantmpm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|clantmpm|03|biz"; nocase; ) # aqhhysjrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aqhhysjrn|03|net"; nocase; ) # mntpfkqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mntpfkqa|03|biz"; nocase; ) # kqlwybru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kqlwybru|03|net"; nocase; ) # eeftwswu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eeftwswu|04|info"; nocase; ) # oqjtgul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oqjtgul|03|net"; nocase; ) # ssfnimtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ssfnimtg|03|net"; nocase; ) # chphbwhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|chphbwhi|03|com"; nocase; ) # odyaglvbbnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|odyaglvbbnl|03|biz"; nocase; ) # szxwfrqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|szxwfrqt|03|biz"; nocase; ) # bsasennl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bsasennl|03|biz"; nocase; ) # xovvmoekk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xovvmoekk|03|org"; nocase; ) # pbamqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pbamqw|03|biz"; nocase; ) # kmxkkiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kmxkkiy|03|com"; nocase; ) # jvjbskdgrvl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jvjbskdgrvl|04|info"; nocase; ) # nfdwumrwep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nfdwumrwep|03|com"; nocase; ) # ehbwimq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011793; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ehbwimq|03|org"; nocase; ) # tyetonwlry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011794; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tyetonwlry|03|net"; nocase; ) # flncci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011795; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|flncci|03|com"; nocase; ) # tplqfavhhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011796; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tplqfavhhd|03|com"; nocase; ) # jxvvzkgqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011797; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jxvvzkgqb|03|biz"; nocase; ) # urewreb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011798; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|urewreb|03|com"; nocase; ) # bldhdl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011799; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bldhdl|03|com"; nocase; ) # beuummleh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011800; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|beuummleh|03|com"; nocase; ) # aryhjvmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011801; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aryhjvmi|03|org"; nocase; ) # qgnvqgcqhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011802; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qgnvqgcqhl|03|com"; nocase; ) # vtfbizyao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011803; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vtfbizyao|03|com"; nocase; ) # wjjgkukaad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011804; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wjjgkukaad|03|com"; nocase; ) # qjytrufne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011805; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qjytrufne|03|biz"; nocase; ) # okecvvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011806; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|okecvvx|04|info"; nocase; ) # kogyqfxm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011807; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kogyqfxm|04|info"; nocase; ) # mehhgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011808; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mehhgt|03|com"; nocase; ) # bpzcmrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011809; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bpzcmrk|03|net"; nocase; ) # vdaaoicets.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011810; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vdaaoicets|03|net"; nocase; ) # uuxxekta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011811; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uuxxekta|03|net"; nocase; ) # zsreste.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011812; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zsreste|03|net"; nocase; ) # dxhwaprim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011813; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dxhwaprim|03|com"; nocase; ) # nsdoeumv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011814; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nsdoeumv|03|org"; nocase; ) # fyxxljfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011815; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fyxxljfe|03|com"; nocase; ) # vkcaxgw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011816; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vkcaxgw|03|com"; nocase; ) # wjkqib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011817; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wjkqib|03|com"; nocase; ) # lpuaryr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011818; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lpuaryr|04|info"; nocase; ) # qqcesoxpva.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011819; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qqcesoxpva|04|info"; nocase; ) # zeasgwu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011820; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zeasgwu|04|info"; nocase; ) # oyihdytgetg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011821; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oyihdytgetg|03|net"; nocase; ) # tweyuxpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011822; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tweyuxpn|03|biz"; nocase; ) # xayvgsorv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011823; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xayvgsorv|03|net"; nocase; ) # kiopdhutumw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011824; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kiopdhutumw|03|org"; nocase; ) # eefcnlo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011825; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eefcnlo|03|org"; nocase; ) # yjmicmstu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011826; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yjmicmstu|03|net"; nocase; ) # uujyag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011827; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uujyag|03|com"; nocase; ) # mebhus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011828; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mebhus|03|net"; nocase; ) # abuuhbkgout.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011829; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|abuuhbkgout|03|net"; nocase; ) # upssac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011830; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|upssac|03|com"; nocase; ) # jsyegj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011831; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jsyegj|03|com"; nocase; ) # xsvzlbbqfkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011832; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xsvzlbbqfkv|03|org"; nocase; ) # aitzsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011833; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aitzsw|03|net"; nocase; ) # lwyzebuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011834; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lwyzebuo|03|net"; nocase; ) # qvactffrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011835; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qvactffrq|03|net"; nocase; ) # maxcgxflu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011836; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|maxcgxflu|03|org"; nocase; ) # hpxokdfwqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011837; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hpxokdfwqb|03|biz"; nocase; ) # qkpxdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011838; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qkpxdp|03|com"; nocase; ) # ajmlxebiyg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011839; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ajmlxebiyg|04|info"; nocase; ) # ogqzfrmzaat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011840; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ogqzfrmzaat|03|com"; nocase; ) # txnnccho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011841; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|txnnccho|03|com"; nocase; ) # bjpoiryl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011842; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bjpoiryl|04|info"; nocase; ) # qmzvudetlye.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011843; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qmzvudetlye|04|info"; nocase; ) # gnnnemlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011844; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gnnnemlj|03|org"; nocase; ) # pcfisvwgjbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011845; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pcfisvwgjbo|03|com"; nocase; ) # tyeugzajkjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011846; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tyeugzajkjw|03|org"; nocase; ) # rjqhpifhcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011847; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rjqhpifhcn|03|com"; nocase; ) # sagspyaollu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011848; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|sagspyaollu|03|org"; nocase; ) # frvrasx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011849; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|frvrasx|03|net"; nocase; ) # raertp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011850; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|raertp|03|net"; nocase; ) # rnlqdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011851; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rnlqdt|03|com"; nocase; ) # tbxwqjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011852; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tbxwqjf|03|org"; nocase; ) # fbgpju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011853; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fbgpju|03|org"; nocase; ) # skzaixxq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011854; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|skzaixxq|04|info"; nocase; ) # kccrzie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011855; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kccrzie|03|com"; nocase; ) # mfndjgcalk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011856; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mfndjgcalk|03|org"; nocase; ) # lvxqdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011857; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lvxqdy|03|com"; nocase; ) # vhwyaxic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011858; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vhwyaxic|03|com"; nocase; ) # cvyzhcduj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011859; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cvyzhcduj|03|net"; nocase; ) # byctdjyhwvp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011860; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|byctdjyhwvp|04|info"; nocase; ) # rkyxznncze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011861; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rkyxznncze|04|info"; nocase; ) # lvuifrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011862; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lvuifrz|03|net"; nocase; ) # tjggppba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011863; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tjggppba|03|com"; nocase; ) # hgphjfeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011864; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hgphjfeo|03|com"; nocase; ) # gnhmez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011865; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gnhmez|03|com"; nocase; ) # vtadpqgea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011866; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vtadpqgea|03|com"; nocase; ) # oadunovratd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011867; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oadunovratd|03|net"; nocase; ) # dzlmymkczlb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011868; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dzlmymkczlb|03|org"; nocase; ) # owzfwgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011869; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|owzfwgv|03|com"; nocase; ) # pbsfzkdxsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011870; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pbsfzkdxsw|03|net"; nocase; ) # eapxdem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011871; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eapxdem|03|com"; nocase; ) # tlcmmxgngrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011872; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tlcmmxgngrq|03|net"; nocase; ) # hnbtqxhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011873; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hnbtqxhr|03|com"; nocase; ) # hdtwwzilbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011874; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hdtwwzilbw|03|com"; nocase; ) # dckcnccdlkemcccm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011875; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dckcnccdlkemcccm|03|com"; nocase; ) # fnbdkbmkacmalmmd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011876; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fnbdkbmkacmalmmd|04|info"; nocase; ) # dacfkldcbaldbbmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011877; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dacfkldcbaldbbmn|03|com"; nocase; ) # bnbkobcccknfkkoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011878; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bnbkobcccknfkkoc|03|com"; nocase; ) # cladffcellcnddfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011879; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cladffcellcnddfo|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # dbdbmdfbcfaamkdc.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011880; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbdbmdfbcfaamkdc|06|online"; nocase; ) # cdaakbfbmcddmeca.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011881; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdaakbfbmcddmeca|02|co"; nocase; ) # cenabnffmmnalbof.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011882; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cenabnffmmnalbof|06|online"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # aaafcbfkkclfofnb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011883; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aaafcbfkkclfofnb|02|co|02|uk"; nocase; ) # ocmcfabmdocomokd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011884; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ocmcfabmdocomokd|02|co|02|uk"; nocase; ) # dmdecbamcfafdnfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011885; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dmdecbamcfafdnfa|03|com"; nocase; ) # bbmfffdamdldbfca.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011886; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bbmfffdamdldbfca|06|online"; nocase; ) # fdmdbbeonccdeadn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011887; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdmdbbeonccdeadn|02|eu"; nocase; ) # mcalcakaoamlfdam.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011888; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mcalcakaoamlfdam|04|info"; nocase; ) # eeddmfnfcolebnoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011889; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|eeddmfnfcolebnoo|03|com"; nocase; ) # qihagb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011890; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qihagb|03|com"; nocase; ) # tcykfi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011891; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tcykfi|03|com"; nocase; ) # euylzi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011892; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|euylzi|03|com"; nocase; ) # oecuaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011893; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oecuaa|03|com"; nocase; ) # qggipu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011894; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qggipu|03|com"; nocase; ) # ayeyub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011895; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ayeyub|03|com"; nocase; ) # xbauuf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011896; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xbauuf|03|com"; nocase; ) # kgenbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011897; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kgenbi|03|com"; nocase; ) # oegivv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011898; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oegivv|03|com"; nocase; ) # mdsufj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011899; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mdsufj|03|com"; nocase; ) # xeuqqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011900; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xeuqqb|03|com"; nocase; ) # tcwuys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011901; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tcwuys|03|com"; nocase; ) # jurstr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011902; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|jurstr|03|com"; nocase; ) # fqulyl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011903; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fqulyl|03|com"; nocase; ) # lugebg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011904; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|lugebg|03|com"; nocase; ) # gdyruu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011905; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gdyruu|03|com"; nocase; ) # roziky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011906; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|roziky|03|com"; nocase; ) # maeiuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011907; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|maeiuy|03|com"; nocase; ) # bwwpsf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011908; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bwwpsf|03|com"; nocase; ) # ggvdygpltggqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ggvdygpltggqh|03|com"; nocase; ) # uacvkukgxhabe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uacvkukgxhabe|02|ru"; nocase; ) # xwgtcrnptdpeh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xwgtcrnptdpeh|03|net"; nocase; ) # jekaxcxmjjaug.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jekaxcxmjjaug|02|ru"; nocase; ) # dvkluweemihnx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dvkluweemihnx|04|info"; nocase; ) # erqaahdexjcvi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|erqaahdexjcvi|03|biz"; nocase; ) # phejdmkmfrebion.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|phejdmkmfrebion|03|net"; nocase; ) # dlfngeardhnjrpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dlfngeardhnjrpv|03|biz"; nocase; ) # tsiqmeervbioioi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tsiqmeervbioioi|02|co|02|uk"; nocase; ) # ubsmmtrpksfcpsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ubsmmtrpksfcpsa|03|com"; nocase; ) # eygrjjrqvaajjdj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eygrjjrqvaajjdj|02|ru"; nocase; ) # jalknvpryrxjxvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jalknvpryrxjxvo|03|net"; nocase; ) # qacqlsfhmcudblo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qacqlsfhmcudblo|03|net"; nocase; ) # srgcmlcxfvkxfyf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|srgcmlcxfvkxfyf|02|co|02|uk"; nocase; ) # gvhgpdrddltgoan.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gvhgpdrddltgoan|04|info"; nocase; ) # hercpmmutshlmiq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hercpmmutshlmiq|03|net"; nocase; ) # yjkgldxqradsmda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yjkgldxqradsmda|03|biz"; nocase; ) # aruclmsiihqxmmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aruclmsiihqxmmt|03|org"; nocase; ) # bbormvuhktsnfkx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bbormvuhktsnfkx|04|info"; nocase; ) # cqpdhniuivmagyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cqpdhniuivmagyx|03|com"; nocase; ) # dyayhwdmydafesj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dyayhwdmydafesj|03|biz"; nocase; ) # wstvbmkfbyyrluw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wstvbmkfbyyrluw|02|ru"; nocase; ) # psqasscdbejpbyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|psqasscdbejpbyf|03|net"; nocase; ) # sncsswbigjnhasg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sncsswbigjnhasg|03|org"; nocase; ) # qaneqmpexanhnfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qaneqmpexanhnfu|03|biz"; nocase; ) # rixaqcdcmrkunne.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rixaqcdcmrkunne|03|org"; nocase; ) # stwkvyfuyhmimci.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|stwkvyfuyhmimci|03|biz"; nocase; ) # dyvlltcnghblmqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dyvlltcnghblmqd|03|biz"; nocase; ) # hueqgeymdefxjqp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hueqgeymdefxjqp|02|ru"; nocase; ) # fugnvxowjyfjwhp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fugnvxowjyfjwhp|02|ru"; nocase; ) # xkyaurehwrnbfsj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xkyaurehwrnbfsj|04|info"; nocase; ) # yoixufbxlmeiyve.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yoixufbxlmeiyve|03|biz"; nocase; ) # gkntfdgylswbmxu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gkntfdgylswbmxu|03|org"; nocase; ) # xjwoimrdkmeqmdv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xjwoimrdkmeqmdv|03|org"; nocase; ) # kgvyandxipbnjpi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kgvyandxipbnjpi|02|co|02|uk"; nocase; ) # rulcmfvxorbxuuv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rulcmfvxorbxuuv|04|info"; nocase; ) # icohmghkgipvydb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|icohmghkgipvydb|03|biz"; nocase; ) # jrpqnxujagkrqwf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jrpqnxujagkrqwf|02|ru"; nocase; ) # lvupcjsqbofkrfr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lvupcjsqbofkrfr|03|org"; nocase; ) # maspdygouwtxrnb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|maspdygouwtxrnb|04|info"; nocase; ) # uvhpbddwufnvqaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uvhpbddwufnvqaf|03|org"; nocase; ) # oprjoynqyrbimld.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oprjoynqyrbimld|02|ru"; nocase; ) # rxuiewiywdcwumr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rxuiewiywdcwumr|04|info"; nocase; ) # tyslimvjstkxlvr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tyslimvjstkxlvr|03|net"; nocase; ) # rjljtvduokpqwrj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rjljtvduokpqwrj|03|org"; nocase; ) # fjihlnisrgbaney.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fjihlnisrgbaney|02|co|02|uk"; nocase; ) # snjjufxmlbvnnkl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|snjjufxmlbvnnkl|04|info"; nocase; ) # gwoslwkrnjkxriv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gwoslwkrnjkxriv|03|com"; nocase; ) # ufnuvxudeuliyrh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ufnuvxudeuliyrh|02|ru"; nocase; ) # khkamrdbqcrolgg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khkamrdbqcrolgg|02|co|02|uk"; nocase; ) # oamortupiyxbnca.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oamortupiyxbnca|03|org"; nocase; ) # cenqbobdyykwwlh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cenqbobdyykwwlh|02|co|02|uk"; nocase; ) # sqspmddwqcwkwax.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sqspmddwqcwkwax|04|info"; nocase; ) # tgtynxhshfaxonj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tgtynxhshfaxonj|03|com"; nocase; ) # xyvnsayhycgkoxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xyvnsayhycgkoxg|04|info"; nocase; ) # njmmckjyfoodtyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|njmmckjyfoodtyv|03|net"; nocase; ) # jfcalylufmcmsps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jfcalylufmcmsps|03|com"; nocase; ) # kswlsqytjpwekjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kswlsqytjpwekjw|03|net"; nocase; ) # vmkiiqdaagaorch.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vmkiiqdaagaorch|02|co|02|uk"; nocase; ) # ursncolvkslcmqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ursncolvkslcmqk|03|biz"; nocase; ) # itvnagqtdeplkej.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|itvnagqtdeplkej|02|ru"; nocase; ) # ucyahagtaisrlqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ucyahagtaisrlqf|03|com"; nocase; ) # ywylygpwcbunkb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ywylygpwcbunkb|03|biz"; nocase; ) # mbiyienskukiif.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mbiyienskukiif|02|ru"; nocase; ) # qqnybwmwmghcmm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qqnybwmwmghcmm|03|com"; nocase; ) # yhmijjfsjwkbnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yhmijjfsjwkbnh|03|com"; nocase; ) # yavobhfgreprms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yavobhfgreprms|03|net"; nocase; ) # tjqwpmcnkgkmkk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tjqwpmcnkgkmkk|02|ru"; nocase; ) # nwhtsgsuwexjmu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nwhtsgsuwexjmu|04|info"; nocase; ) # kltyorspkwethi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kltyorspkwethi|02|ru"; nocase; ) # qpsbnshvjrdets.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qpsbnshvjrdets|03|biz"; nocase; ) # qtnrucjlosxihn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qtnrucjlosxihn|03|org"; nocase; ) # exovxwpnboluhu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|exovxwpnboluhu|02|co|02|uk"; nocase; ) # aoccixebbxfgdc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aoccixebbxfgdc|03|org"; nocase; ) # ydvhumcjtqkcem.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ydvhumcjtqkcem|02|co|02|uk"; nocase; ) # cxhvhqbrhimjdd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cxhvhqbrhimjdd|03|net"; nocase; ) # flrvlohtoftmrv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|flrvlohtoftmrv|03|biz"; nocase; ) # ditnhmsxdcxjnr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ditnhmsxdcxjnr|04|info"; nocase; ) # qkopehyamgqvwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qkopehyamgqvwp|03|com"; nocase; ) # hxynarbdlsoego.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hxynarbdlsoego|02|ru"; nocase; ) # fyrpkhcprhxnmp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fyrpkhcprhxnmp|02|co|02|uk"; nocase; ) # hecscwpwaycvkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hecscwpwaycvkr|03|com"; nocase; ) # irwgdrtejrtala.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|irwgdrtejrtala|03|net"; nocase; ) # kcrdehocjqgmpc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kcrdehocjqgmpc|02|ru"; nocase; ) # blpkdcwamdadpj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|blpkdcwamdadpj|04|info"; nocase; ) # onkmatmfumbhyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|onkmatmfumbhyk|03|com"; nocase; ) # gusdyehxrxvtqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gusdyehxrxvtqd|03|net"; nocase; ) # dnlxnspqcmkiey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dnlxnspqcmkiey|03|com"; nocase; ) # erjtbidrnbxdey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|erjtbidrnbxdey|03|biz"; nocase; ) # rvkvkaslhvsqex.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rvkvkaslhvsqex|02|ru"; nocase; ) # jbnsjsrwfnjsaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000011999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jbnsjsrwfnjsaw|03|com"; nocase; ) # sehsggxyfrqqpb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sehsggxyfrqqpb|04|info"; nocase; ) # jplqpeqpqdbobj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jplqpeqpqdbobj|03|biz"; nocase; ) # lqjpgtewellfre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lqjpgtewellfre|03|org"; nocase; ) # qanoohjksdwuad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qanoohjksdwuad|03|biz"; nocase; ) # dlucwkguhvgwij.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dlucwkguhvgwij|02|co|02|uk"; nocase; ) # wwxfpdhtbompew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wwxfpdhtbompew|03|biz"; nocase; ) # ygdyovekhytswt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ygdyovekhytswt|04|info"; nocase; ) # nskslfgjrimwda.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nskslfgjrimwda|02|co|02|uk"; nocase; ) # fasjkqabjvmhrx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fasjkqabjvmhrx|04|info"; nocase; ) # jpxjdvigrmdcdm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jpxjdvigrmdcdm|02|ru"; nocase; ) # kiuldeatedlmqj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kiuldeatedlmqj|02|ru"; nocase; ) # rsvbvanuwxxbta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rsvbvanuwxxbta|03|com"; nocase; ) # puvwpwmvaaykrk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|puvwpwmvaaykrk|02|ru"; nocase; ) # tqeckiiirpgqop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tqeckiiirpgqop|03|org"; nocase; ) # ueynravhvsbigc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ueynravhvsbigc|02|co|02|uk"; nocase; ) # acbkgfswiuxxiy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|acbkgfswiuxxiy|02|co|02|uk"; nocase; ) # bxlsxpyfhfumus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bxlsxpyfhfumus|03|net"; nocase; ) # dyjroytgoxolsm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dyjroytgoxolsm|02|ru"; nocase; ) # acfobdxxkghdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|acfobdxxkghdu|03|net"; nocase; ) # pnxekollvxcoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pnxekollvxcoy|03|biz"; nocase; ) # qviakeyjkpycy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qviakeyjkpycy|03|org"; nocase; ) # uxfgqxbrgvmaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxfgqxbrgvmaa|03|com"; nocase; ) # gkktvbgadraxq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gkktvbgadraxq|04|info"; nocase; ) # tolycvsjpeaia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tolycvsjpeaia|03|com"; nocase; ) # kfqlkscapeadu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kfqlkscapeadu|02|ru"; nocase; ) # rogytiwafcffp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rogytiwafcffp|03|org"; nocase; ) # gcbcajwropved.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gcbcajwropved|03|com"; nocase; ) # jummfxdkaqefq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jummfxdkaqefq|02|ru"; nocase; ) # fbhdshbokwmsa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fbhdshbokwmsa|04|info"; nocase; ) # gjryswomyojgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gjryswomyojgh|03|net"; nocase; ) # wbgucehmcjffj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wbgucehmcjffj|03|org"; nocase; ) # khvpicyxihkma.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|khvpicyxihkma|02|co|02|uk"; nocase; ) # nevgywikvkaml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nevgywikvkaml|03|org"; nocase; ) # omgcymvikcwal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|omgcymvikcwal|04|info"; nocase; ) # tsjlyeisuxryb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tsjlyeisuxryb|03|net"; nocase; ) # avxjtygoucxgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|avxjtygoucxgr|03|com"; nocase; ) # xxtxpofrwspux.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xxtxpofrwspux|03|biz"; nocase; ) # cvxoftpdglqbj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cvxoftpdglqbj|04|info"; nocase; ) # fodkoencgfvib.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fodkoencgfvib|03|biz"; nocase; ) # btsjlqprnxdwg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|btsjlqprnxdwg|02|ru"; nocase; ) # owtfiunadipcg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|owtfiunadipcg|03|org"; nocase; ) # pkotmmhulvbqh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pkotmmhulvbqh|02|co|02|uk"; nocase; ) # rwiuijqphyxer.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rwiuijqphyxer|02|ru"; nocase; ) # yjlbxhxwlqykf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yjlbxhxwlqykf|02|co|02|uk"; nocase; ) # oqqjwlfencqif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oqqjwlfencqif|03|net"; nocase; ) # ghbjxvaipqlvt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ghbjxvaipqlvt|03|biz"; nocase; ) # dsgujatftslkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dsgujatftslkl|03|org"; nocase; ) # mbrlldnvorjij.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mbrlldnvorjij|04|info"; nocase; ) # sbdaipyyiyhda.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sbdaipyyiyhda|02|ru"; nocase; ) # lveqpdwmlxcpc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lveqpdwmlxcpc|03|net"; nocase; ) # rnqvpyjxqppbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rnqvpyjxqppbl|03|com"; nocase; ) # uephrjhldcand.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uephrjhldcand|02|ru"; nocase; ) # stdwglbupydic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|stdwglbupydic|03|com"; nocase; ) # meocwvkmaoxek.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|meocwvkmaoxek|02|co|02|uk"; nocase; ) # paqvxxebytsyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|paqvxxebytsyk|03|org"; nocase; ) # ajjjhlltnowde.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ajjjhlltnowde|03|org"; nocase; ) # oggjyatwvksbc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oggjyatwvksbc|02|co|02|uk"; nocase; ) # xyussvdnftnnu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xyussvdnftnnu|02|ru"; nocase; ) # xpxgjtwfuswhb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xpxgjtwfuswhb|03|org"; nocase; ) # cncwyyhqelxnf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cncwyyhqelxnf|03|net"; nocase; ) # dbwjjqbwiudhw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dbwjjqbwiudhw|03|biz"; nocase; ) # yipmtgdrxhfkw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yipmtgdrxhfkw|02|ru"; nocase; ) # dgtdjlndhagqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dgtdjlndhagqw|03|com"; nocase; ) # foxcohmamiwfu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|foxcohmamiwfu|04|info"; nocase; ) # mdkirwtomwdqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mdkirwtomwdqd|03|net"; nocase; ) # cccvhhyierlta.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cccvhhyierlta|04|info"; nocase; ) # etgphmhgrbgqe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|etgphmhgrbgqe|02|ru"; nocase; ) # fhbcrebmvklkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fhbcrebmvklkf|03|org"; nocase; ) # rbmbsefqofulb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rbmbsefqofulb|03|net"; nocase; ) # kfarnejrsaadr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kfarnejrsaadr|02|ru"; nocase; ) # ljbutuhuujyxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ljbutuhuujyxw|04|info"; nocase; ) # uhdmasydthay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uhdmasydthay|03|org"; nocase; ) # ywiurlvbfnvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ywiurlvbfnvv|03|net"; nocase; ) # pafkivvxpttt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pafkivvxpttt|03|com"; nocase; ) # egykcesfgvlx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|egykcesfgvlx|03|net"; nocase; ) # gljnttgmonpg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gljnttgmonpg|02|ru"; nocase; ) # tpksaosvbapq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tpksaosvbapq|03|org"; nocase; ) # lepxxgmbabla.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lepxxgmbabla|03|net"; nocase; ) # myjsgoldqxsi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|myjsgoldqxsi|03|biz"; nocase; ) # nokdxjvrdpdo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nokdxjvrdpdo|02|ru"; nocase; ) # ayacxuqobejq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ayacxuqobejq|04|info"; nocase; ) # cifevnplqptw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cifevnplqptw|02|ru"; nocase; ) # jhlutwdsjrbh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jhlutwdsjrbh|03|net"; nocase; ) # oqckepatkxiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oqckepatkxiu|03|net"; nocase; ) # cudpkkmdwkif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cudpkkmdwkif|03|biz"; nocase; ) # qvmnvyuulhut.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qvmnvyuulhut|02|ru"; nocase; ) # aisfxncdwdkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aisfxncdwdkr|03|com"; nocase; ) # fkfjccyawjcr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fkfjccyawjcr|02|ru"; nocase; ) # nfuekrgvxlad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nfuekrgvxlad|03|net"; nocase; ) # tchriwiiaxvi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tchriwiiaxvi|02|co|02|uk"; nocase; ) # amchqwsokkxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|amchqwsokkxm|03|net"; nocase; ) # fpcemwnosajq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fpcemwnosajq|04|info"; nocase; ) # tknrvgfvmpsf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tknrvgfvmpsf|03|com"; nocase; ) # wcdlguiiohew.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wcdlguiiohew|04|info"; nocase; ) # aldkdrqpvuht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aldkdrqpvuht|03|org"; nocase; ) # icpacbobpceh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|icpacbobpceh|03|biz"; nocase; ) # xjuenfvlaatu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xjuenfvlaatu|02|co|02|uk"; nocase; ) # klucagwyswym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|klucagwyswym|04|info"; nocase; ) # xnpdtbjiclcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xnpdtbjiclcb|03|com"; nocase; ) # pafeopqpcooi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pafeopqpcooi|04|info"; nocase; ) # oqfoqqtxurwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oqfoqqtxurwi|03|com"; nocase; ) # peadulemeawo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|peadulemeawo|03|net"; nocase; ) # mibnptyudjpd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mibnptyudjpd|02|co|02|uk"; nocase; ) # dtfsuuarunco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dtfsuuarunco|03|net"; nocase; ) # imlbffwkegep.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|imlbffwkegep|04|info"; nocase; ) # mcqjwxtipmam.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mcqjwxtipmam|02|ru"; nocase; ) # seqcymlpbits.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|seqcymlpbits|02|co|02|uk"; nocase; ) # neiswghjleuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|neiswghjleuv|03|net"; nocase; ) # cmhrwhxykjit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cmhrwhxykjit|03|org"; nocase; ) # pnnuuyggbpfc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pnnuuyggbpfc|02|co|02|uk"; nocase; ) # vwsbbrhtmmfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vwsbbrhtmmfa|03|biz"; nocase; ) # vhgkpbdghpyu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vhgkpbdghpyu|02|co|02|uk"; nocase; ) # jlhncvpbxwto.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jlhncvpbxwto|04|info"; nocase; ) # dotcbxserbdt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dotcbxserbdt|02|co|02|uk"; nocase; ) # eixvbvhxqqlo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eixvbvhxqqlo|03|net"; nocase; ) # 1r15ca1jbbe2j1l3adwg158hg5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r15ca1jbbe2j1l3adwg158hg5b|03|com"; nocase; ) # 13g47nc6ij7z64fuvjqfp7fiy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13g47nc6ij7z64fuvjqfp7fiy|03|net"; nocase; ) # 1cw0i6syj1a5um5msihywnzjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cw0i6syj1a5um5msihywnzjl|03|org"; nocase; ) # wdw8k51fu6sag1alfc541cywcqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wdw8k51fu6sag1alfc541cywcqn|03|biz"; nocase; ) # x3yn071u6qvf618aq94a3y4mv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3yn071u6qvf618aq94a3y4mv1|03|com"; nocase; ) # 1lnlrbc5ttd4b5bnx0j1mwr7pu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnlrbc5ttd4b5bnx0j1mwr7pu|03|org"; nocase; ) # 1kqmiaplbfiz5v357mdaudna5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kqmiaplbfiz5v357mdaudna5|03|net"; nocase; ) # l4mjccke1aco18uokqs2ybawr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4mjccke1aco18uokqs2ybawr|03|biz"; nocase; ) # 11xa5zlvchc49cvp7je9e0w3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|11xa5zlvchc49cvp7je9e0w3|03|net"; nocase; ) # 1oli18k32mc711936jcd1nlud9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oli18k32mc711936jcd1nlud9t|03|net"; nocase; ) # 1npmou59qkxgq1wng0ae1jn5alt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1npmou59qkxgq1wng0ae1jn5alt|03|com"; nocase; ) # 176oetxda1v67e9jqs0ka4otl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|176oetxda1v67e9jqs0ka4otl|03|net"; nocase; ) # 74jz8y1dqn9z8l8u17q1g3ymbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|74jz8y1dqn9z8l8u17q1g3ymbr|03|net"; nocase; ) # 1ccdx191gcrfru1gnrfis1ckuzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ccdx191gcrfru1gnrfis1ckuzo|03|net"; nocase; ) # 16uc1ug58qkmy1ay6qf91hei4xg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16uc1ug58qkmy1ay6qf91hei4xg|03|net"; nocase; ) # w4jfd41yj0yb11ajdz6mildp8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w4jfd41yj0yb11ajdz6mildp8z|03|com"; nocase; ) # i2179z1nfe5iy1vab320zpodxn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i2179z1nfe5iy1vab320zpodxn|03|org"; nocase; ) # j9qrmd1pivv691mxlx1wwjimxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9qrmd1pivv691mxlx1wwjimxs|03|net"; nocase; ) # 140901u13haigp1mn7h3rzpwi16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|140901u13haigp1mn7h3rzpwi16|03|net"; nocase; ) # qhfh0h12hh0blvzrhp8quntpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qhfh0h12hh0blvzrhp8quntpa|03|org"; nocase; ) # 36ou4d7oo22d1j4yzq21yzqexa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|36ou4d7oo22d1j4yzq21yzqexa|03|com"; nocase; ) # tib5s8tvzn8zfekni1qlw45v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tib5s8tvzn8zfekni1qlw45v|03|biz"; nocase; ) # j6nn59mhx8ulvbzwaszipxz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|j6nn59mhx8ulvbzwaszipxz|03|net"; nocase; ) # 1fszq8zr8j7gszl4gfd106syzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fszq8zr8j7gszl4gfd106syzz|03|net"; nocase; ) # 1pljkene6pcii17odpp7pm36q9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pljkene6pcii17odpp7pm36q9|03|com"; nocase; ) # cxbx4z1v8r5ts19z5h5mwpjdg1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cxbx4z1v8r5ts19z5h5mwpjdg1|03|biz"; nocase; ) # 4ghf124p9sqvq439rx1jhzuj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ghf124p9sqvq439rx1jhzuj3|03|net"; nocase; ) # 1hfwxx81as98nb11jdqlox5ahts.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hfwxx81as98nb11jdqlox5ahts|03|com"; nocase; ) # 1yv86o41wjmck01e3i1rcyfukc5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yv86o41wjmck01e3i1rcyfukc5|03|biz"; nocase; ) # fhld93ggm5snmmao531n1yb4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fhld93ggm5snmmao531n1yb4f|03|net"; nocase; ) # f0pmhu5zya3510l70cj12gv80u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f0pmhu5zya3510l70cj12gv80u|03|org"; nocase; ) # tckd1k1pry8hr1k092u41gldpsh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tckd1k1pry8hr1k092u41gldpsh|03|org"; nocase; ) # 11qxd9nvav6679pc0tt1tmmnx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11qxd9nvav6679pc0tt1tmmnx0|03|net"; nocase; ) # iorz3c1rqbxtf9y31bsa73wwd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iorz3c1rqbxtf9y31bsa73wwd|03|com"; nocase; ) # vrzp2j1racexb1ih4jcc241heo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vrzp2j1racexb1ih4jcc241heo|03|com"; nocase; ) # g1nulryswih01vmbamm1sjxmm8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g1nulryswih01vmbamm1sjxmm8|03|biz"; nocase; ) # 1dbrbrkla4xdfk298qe1rkufur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dbrbrkla4xdfk298qe1rkufur|03|org"; nocase; ) # 1wbf5xsz9zlmz1qnveug1mx5dc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wbf5xsz9zlmz1qnveug1mx5dc8|03|net"; nocase; ) # 41k00u1dzrpge10ekcjubq0e1s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|41k00u1dzrpge10ekcjubq0e1s|03|org"; nocase; ) # 11hifgqt49fnel5p60i18ce6k9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11hifgqt49fnel5p60i18ce6k9|03|com"; nocase; ) # 1jw68n8933pea8r0o3l1j8roja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jw68n8933pea8r0o3l1j8roja|03|biz"; nocase; ) # gljunu1jxnzulleo0s81t6s5zt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gljunu1jxnzulleo0s81t6s5zt|03|com"; nocase; ) # 11vjd2c1h8wot1okp72xv2wseu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11vjd2c1h8wot1okp72xv2wseu|03|biz"; nocase; ) # 11feohp3kzmh17gy59t1bnnfm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11feohp3kzmh17gy59t1bnnfm2|03|com"; nocase; ) # fcdlk11fshndp46kaujovnqn7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fcdlk11fshndp46kaujovnqn7|03|com"; nocase; ) # 15jxkvu1tishzxu3l62zf99ohd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15jxkvu1tishzxu3l62zf99ohd|03|biz"; nocase; ) # 14l78zf1obcqcx6yg8ss3o21qf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14l78zf1obcqcx6yg8ss3o21qf|03|com"; nocase; ) # 87iwvm1enftci6hjfc812hw3fl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|87iwvm1enftci6hjfc812hw3fl|03|net"; nocase; ) # 13cb968n8kwr21t46fps19lmunz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13cb968n8kwr21t46fps19lmunz|03|biz"; nocase; ) # 39qk6v1bclijuuwphysocda6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|39qk6v1bclijuuwphysocda6|03|org"; nocase; ) # 1xvgac51i7hiy9l7k6x418qs6m6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvgac51i7hiy9l7k6x418qs6m6|03|com"; nocase; ) # 1s4u54u17eiu38avbarmevmrot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s4u54u17eiu38avbarmevmrot|03|com"; nocase; ) # 1yl5z51mt1xr61l2tuts1jf7upk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yl5z51mt1xr61l2tuts1jf7upk|03|biz"; nocase; ) # fe1f1i1itaknmxqyfxdn06lgw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fe1f1i1itaknmxqyfxdn06lgw|03|org"; nocase; ) # y099h1thpon51elwbdcjohim8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y099h1thpon51elwbdcjohim8|03|com"; nocase; ) # rz0x8e1x5ceaasbws6y5iwo0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rz0x8e1x5ceaasbws6y5iwo0p|03|net"; nocase; ) # 1owcm2nln6qcqr4o4xiisvvfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1owcm2nln6qcqr4o4xiisvvfn|03|net"; nocase; ) # 1f3rerptku8el1f682rq1084okf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3rerptku8el1f682rq1084okf|03|biz"; nocase; ) # 12193v11v5nijicn4mgp12dkiq6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12193v11v5nijicn4mgp12dkiq6|03|com"; nocase; ) # vi7q8cx8m0ojgiey6m1d1bph4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vi7q8cx8m0ojgiey6m1d1bph4|03|net"; nocase; ) # sj9pw0qjl7sm1cmnftgsm04lc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sj9pw0qjl7sm1cmnftgsm04lc|03|org"; nocase; ) # 2wwr51drvbo61qaa03uwjxski.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2wwr51drvbo61qaa03uwjxski|03|biz"; nocase; ) # 1x1k8kq1mrr2ml1894v0wmeddrl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1k8kq1mrr2ml1894v0wmeddrl|03|com"; nocase; ) # 1y177rzhsqe4szyfu2e15q74a5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y177rzhsqe4szyfu2e15q74a5|03|net"; nocase; ) # jxmn9qbwtchms3pmgz1jblyl0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxmn9qbwtchms3pmgz1jblyl0|03|net"; nocase; ) # x1vvi51z104vw1cifzjs1rktbb0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x1vvi51z104vw1cifzjs1rktbb0|03|org"; nocase; ) # 1n2z5l92fprri1cgnmlcz2q5fh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n2z5l92fprri1cgnmlcz2q5fh|03|net"; nocase; ) # uuiji1lm0n1z7zci231fsw007.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uuiji1lm0n1z7zci231fsw007|03|net"; nocase; ) # 1sromjxqvkwnz1sa7uich0aumy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sromjxqvkwnz1sa7uich0aumy|03|org"; nocase; ) # 8w33towfqkmmf283qu6jo5ft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8w33towfqkmmf283qu6jo5ft|03|net"; nocase; ) # wod06i10b8f0q1b4i9gze3eteh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wod06i10b8f0q1b4i9gze3eteh|03|biz"; nocase; ) # 21m9kq1gq5yfzx0z3x63fb9m3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21m9kq1gq5yfzx0z3x63fb9m3|03|net"; nocase; ) # m9qcyp1u7cdr0pmyg507r6ki8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m9qcyp1u7cdr0pmyg507r6ki8|03|net"; nocase; ) # 1e24guw10aakj81rxkv7x15lariz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e24guw10aakj81rxkv7x15lariz|03|com"; nocase; ) # 1np66tnhb6uwbsg76ia1b6ui95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1np66tnhb6uwbsg76ia1b6ui95|03|net"; nocase; ) # 53in0qu68mfx1jn4olxvs9vex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|53in0qu68mfx1jn4olxvs9vex|03|org"; nocase; ) # 1naoy9f1tz710h15ybq37157bn6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1naoy9f1tz710h15ybq37157bn6i|03|net"; nocase; ) # aasbj3yuf1qpe0xmft9o8mv4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aasbj3yuf1qpe0xmft9o8mv4|03|com"; nocase; ) # 1pxdfgc167uo53w0fllv13r928w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pxdfgc167uo53w0fllv13r928w|03|net"; nocase; ) # bot7m11rpj9prx97e8m2t96rn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bot7m11rpj9prx97e8m2t96rn|03|biz"; nocase; ) # r20sxselqzvt1o2836jt2v0x1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r20sxselqzvt1o2836jt2v0x1|03|net"; nocase; ) # 16z9k9612s0u0v1v0gytr1kxupax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16z9k9612s0u0v1v0gytr1kxupax|03|net"; nocase; ) # y0w07l11qursxydlo2c1n2cyen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y0w07l11qursxydlo2c1n2cyen|03|com"; nocase; ) # 7w802412cnxtbn002cs1r6wbn8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7w802412cnxtbn002cs1r6wbn8|03|org"; nocase; ) # 1im0u8t11m0x0z1kehqclv55e96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1im0u8t11m0x0z1kehqclv55e96|03|org"; nocase; ) # 1gdbgb11clnfex1iz07e21vrfdtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gdbgb11clnfex1iz07e21vrfdtf|03|net"; nocase; ) # lyc895ntp4no17fs6nsl2t7ld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lyc895ntp4no17fs6nsl2t7ld|03|net"; nocase; ) # rsfse51l3zxmz13o8e711r6zqxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rsfse51l3zxmz13o8e711r6zqxq|03|com"; nocase; ) # dewscviw3sfn1g2v95u7msti4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dewscviw3sfn1g2v95u7msti4|03|org"; nocase; ) # 1ma3j4c1dkjwvy1hwgtn81eua11h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ma3j4c1dkjwvy1hwgtn81eua11h|03|net"; nocase; ) # 1p1prg11f4c7hs157mxbb709zss.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p1prg11f4c7hs157mxbb709zss|03|biz"; nocase; ) # ztdst81swrvwj1jybobu13gont9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ztdst81swrvwj1jybobu13gont9|03|com"; nocase; ) # 1uu47qqkdhnijw72zx21y4uh7s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uu47qqkdhnijw72zx21y4uh7s|03|net"; nocase; ) # yd1ervbttzcb1ricekgk8rdo9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yd1ervbttzcb1ricekgk8rdo9|03|org"; nocase; ) # ztnmc5bg9m3p1hvszhlc5yaxy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ztnmc5bg9m3p1hvszhlc5yaxy|03|net"; nocase; ) # 1jq3k7t42bulz1v3xgzhebrfas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jq3k7t42bulz1v3xgzhebrfas|03|net"; nocase; ) # p0e99t1jbogl01ib1lnfq62l24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0e99t1jbogl01ib1lnfq62l24|03|com"; nocase; ) # n6ipx6zxarzz1p091g41j6j5vp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6ipx6zxarzz1p091g41j6j5vp|03|org"; nocase; ) # af5qgi1wnw37oxi2qsknk5hzz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|af5qgi1wnw37oxi2qsknk5hzz|03|org"; nocase; ) # 14ljc471yuhm3i1db7crc1pxkp4j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14ljc471yuhm3i1db7crc1pxkp4j|03|net"; nocase; ) # nr8py713fnghe1ypumu4q7v82v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nr8py713fnghe1ypumu4q7v82v|03|biz"; nocase; ) # 1eibd4s1cxcgl11yrmp6a39f4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eibd4s1cxcgl11yrmp6a39f4q|03|biz"; nocase; ) # 10zhaqj120xlrv5krcrq1mzd7gz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zhaqj120xlrv5krcrq1mzd7gz|03|com"; nocase; ) # 1vjkvyyana9uy12xmrkjqreqhy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vjkvyyana9uy12xmrkjqreqhy|03|org"; nocase; ) # zfm8q91f4uioi18wld3g1uon9nk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zfm8q91f4uioi18wld3g1uon9nk|03|org"; nocase; ) # 193p947579kp4anhpd81ky9eni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193p947579kp4anhpd81ky9eni|03|org"; nocase; ) # 27g9467yp9z31tse61u766vhb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27g9467yp9z31tse61u766vhb|03|net"; nocase; ) # j96gtwtchp601u4n9bn14uq9c9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j96gtwtchp601u4n9bn14uq9c9|03|net"; nocase; ) # 1cjafpgijz9vr1ckjj0u1u1jqy6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjafpgijz9vr1ckjj0u1u1jqy6|03|net"; nocase; ) # 16uj7kn1v3va3b1860oji1rj85sa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16uj7kn1v3va3b1860oji1rj85sa|03|org"; nocase; ) # 2v9sr21mx8xtstdwx73bcqlix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2v9sr21mx8xtstdwx73bcqlix|03|com"; nocase; ) # bdc59r1kxzcbeswkefv1vp1rhg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bdc59r1kxzcbeswkefv1vp1rhg|03|net"; nocase; ) # y5zsqkb0ensnnyjl1716jvvww.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y5zsqkb0ensnnyjl1716jvvww|03|org"; nocase; ) # znherc19a4wm1mvrhgv1ixa3d4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znherc19a4wm1mvrhgv1ixa3d4|03|com"; nocase; ) # 1hz5mt618l9qajtt9enyaxsi2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hz5mt618l9qajtt9enyaxsi2|03|net"; nocase; ) # 4r79wgzvcp8k14g6vdt1pyq0bg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4r79wgzvcp8k14g6vdt1pyq0bg|03|com"; nocase; ) # 1fxuiys15ixp1w1pd0y8ny1gwbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fxuiys15ixp1w1pd0y8ny1gwbr|03|net"; nocase; ) # 1naaji2ikofo6w014kg15fd9qa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1naaji2ikofo6w014kg15fd9qa|03|org"; nocase; ) # 1emrer0ei0at61ior3xk1g1bhmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1emrer0ei0at61ior3xk1g1bhmr|03|com"; nocase; ) # 1tahqjt1865h4ufmjze12nob4j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tahqjt1865h4ufmjze12nob4j|03|net"; nocase; ) # 9dibcq4fodv81o6n9yt1jo32vo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9dibcq4fodv81o6n9yt1jo32vo|03|biz"; nocase; ) # comh6j1opxfhk1qjuhz7wsgbo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|comh6j1opxfhk1qjuhz7wsgbo4|03|net"; nocase; ) # 1jtuyf91qhlcaz1k0v3x02p79ht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtuyf91qhlcaz1k0v3x02p79ht|03|com"; nocase; ) # 2b669d1cofa88unjugh1n671t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2b669d1cofa88unjugh1n671t|03|biz"; nocase; ) # 1p4pvic1o136za1wpb51m1s8q0ik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p4pvic1o136za1wpb51m1s8q0ik|03|com"; nocase; ) # bcugl38snruzhrp2rr1sxfb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bcugl38snruzhrp2rr1sxfb8|03|net"; nocase; ) # 1xw764evgw9i71d7bp9goc5qm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xw764evgw9i71d7bp9goc5qm|03|org"; nocase; ) # 1sto4ep1mqfemhu5zlgmrghquz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sto4ep1mqfemhu5zlgmrghquz|03|com"; nocase; ) # 4cnfn31ottamgsoajc8mkfbrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4cnfn31ottamgsoajc8mkfbrw|03|net"; nocase; ) # 137rnxoh6m2a91rwlj8a1i8dzjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137rnxoh6m2a91rwlj8a1i8dzjf|03|org"; nocase; ) # 1grb6khr9nk111jw11791dfcssx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grb6khr9nk111jw11791dfcssx|03|com"; nocase; ) # b4raavv975s2193jlxh1up46eo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4raavv975s2193jlxh1up46eo|03|net"; nocase; ) # 1v4qnqh1oksjip1yz3p5rsfvym3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4qnqh1oksjip1yz3p5rsfvym3|03|biz"; nocase; ) # 1h0lht518ffewr1c0xxz118dhswg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h0lht518ffewr1c0xxz118dhswg|03|org"; nocase; ) # 1j6dgepv6lln5x18vwc4d52ff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j6dgepv6lln5x18vwc4d52ff|03|net"; nocase; ) # 17az0h51r1r3pn16dgrge7w9u8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17az0h51r1r3pn16dgrge7w9u8v|03|com"; nocase; ) # 1em5a6816y4thbigymr2jrm5ru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1em5a6816y4thbigymr2jrm5ru|03|net"; nocase; ) # 1d4374q159govphzdoj3wo59uw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4374q159govphzdoj3wo59uw|03|com"; nocase; ) # 1mbkq3x1qznuw01tc2rkdrus7e2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mbkq3x1qznuw01tc2rkdrus7e2|03|net"; nocase; ) # 1obis9d16w84l0ut0l2q1404qgy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obis9d16w84l0ut0l2q1404qgy|03|biz"; nocase; ) # fmazkc1vyoiopwb7lof1aybbn3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fmazkc1vyoiopwb7lof1aybbn3|03|com"; nocase; ) # ixcaby1xf589xug3okmph83vl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ixcaby1xf589xug3okmph83vl|03|com"; nocase; ) # 3wo31zwk7z1q16c3ka0143po6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3wo31zwk7z1q16c3ka0143po6s|03|com"; nocase; ) # v2is6pcp82q51x2zkq2vlf16p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v2is6pcp82q51x2zkq2vlf16p|03|net"; nocase; ) # 1gh7ekn1xjr5g31su8zpslf1rxf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gh7ekn1xjr5g31su8zpslf1rxf|03|biz"; nocase; ) # 1p82pn41eeewqw1ed39lc7t86rp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p82pn41eeewqw1ed39lc7t86rp|03|net"; nocase; ) # siqkzn1np2nx81pex8ziubt30e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|siqkzn1np2nx81pex8ziubt30e|03|biz"; nocase; ) # 1x2jg9u1at0akg1eamijg1gvemdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x2jg9u1at0akg1eamijg1gvemdi|03|com"; nocase; ) # 1dguah1qlmfzg1cqog3c1yfu4aw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dguah1qlmfzg1cqog3c1yfu4aw|03|net"; nocase; ) # ubmkiafxixut11we8591hp2voa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubmkiafxixut11we8591hp2voa|03|biz"; nocase; ) # 1nzjbrv1y954s11hgr8s1ts2534.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nzjbrv1y954s11hgr8s1ts2534|03|net"; nocase; ) # g683ew18pjvfw1up77ln1348haw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g683ew18pjvfw1up77ln1348haw|03|org"; nocase; ) # qejlf716obujdb60l551iyj4vz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qejlf716obujdb60l551iyj4vz|03|biz"; nocase; ) # 1fk9yx2136ctvj58taytn05ss8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fk9yx2136ctvj58taytn05ss8|03|com"; nocase; ) # qc7lspdz3801j7c5dwe4rmur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qc7lspdz3801j7c5dwe4rmur|03|net"; nocase; ) # 1fptpd111y6ki11g37eyi1rgzlxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fptpd111y6ki11g37eyi1rgzlxw|03|net"; nocase; ) # elomzx1eheki3198unmf1swh2f0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|elomzx1eheki3198unmf1swh2f0|03|biz"; nocase; ) # 5e7xle1q8rr8wkyq9xuqgol25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5e7xle1q8rr8wkyq9xuqgol25|03|com"; nocase; ) # icq8h911sv6qfhj7b9vl1zwjk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icq8h911sv6qfhj7b9vl1zwjk|03|biz"; nocase; ) # 8yi53i1b1tnh456sa6venq65v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8yi53i1b1tnh456sa6venq65v|03|biz"; nocase; ) # 1hmupb9xlnw8rz4fs84xasagz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hmupb9xlnw8rz4fs84xasagz|03|org"; nocase; ) # zei3y9yrfojywqx1lu7shpgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zei3y9yrfojywqx1lu7shpgb|03|org"; nocase; ) # 7o9nsft27e8tcjy9inox6k48.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7o9nsft27e8tcjy9inox6k48|03|biz"; nocase; ) # mpm5vq5j929n1gj3hyd1sq5fpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mpm5vq5j929n1gj3hyd1sq5fpv|03|biz"; nocase; ) # c29l237sbpzh1d8vohar4a6h1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c29l237sbpzh1d8vohar4a6h1|03|org"; nocase; ) # 13pitmhz5w5wa15iwz1t1nzg9pd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13pitmhz5w5wa15iwz1t1nzg9pd|03|com"; nocase; ) # 1qq29261h3vs421jhhlshj1jf66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qq29261h3vs421jhhlshj1jf66|03|net"; nocase; ) # 1jzk8f0nkpju4gqzq4g1uwfq3u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jzk8f0nkpju4gqzq4g1uwfq3u|03|biz"; nocase; ) # 13b86hj199ci2c1egqiih1dw5p2j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13b86hj199ci2c1egqiih1dw5p2j|03|net"; nocase; ) # 12nfwd7hbr4gr6ftiab11h2a9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12nfwd7hbr4gr6ftiab11h2a9p|03|net"; nocase; ) # acqlx11h2jkjj11grj0x1yssckd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|acqlx11h2jkjj11grj0x1yssckd|03|com"; nocase; ) # 1kwz7cs1ay02n1slgxff17xouwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kwz7cs1ay02n1slgxff17xouwe|03|net"; nocase; ) # kwg1ymq1qirv1op4uts1ece2uw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kwg1ymq1qirv1op4uts1ece2uw|03|com"; nocase; ) # 18yzg5xcmydm81xf6nj610fg712.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18yzg5xcmydm81xf6nj610fg712|03|net"; nocase; ) # gxmbx61gcnzy1f9rqfg199i4nk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gxmbx61gcnzy1f9rqfg199i4nk|03|net"; nocase; ) # g24fdwa476sr11txzraadh2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g24fdwa476sr11txzraadh2r|03|org"; nocase; ) # 193urmsqecwbdw9csdo1dswgwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193urmsqecwbdw9csdo1dswgwq|03|biz"; nocase; ) # 1f0tbua1g2g7z1jlz7wfnghgng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f0tbua1g2g7z1jlz7wfnghgng|03|org"; nocase; ) # 1crxs7w1lbk3f0gzovljk2xtm7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1crxs7w1lbk3f0gzovljk2xtm7|03|net"; nocase; ) # 1nui3c7evqk5f1f8z9f210i4oqe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nui3c7evqk5f1f8z9f210i4oqe|03|net"; nocase; ) # 1evsjkf11sejj4i314jb1hd4ieu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1evsjkf11sejj4i314jb1hd4ieu|03|org"; nocase; ) # lmrcb21nczopb1khyb6l1ddki45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lmrcb21nczopb1khyb6l1ddki45|03|net"; nocase; ) # jrleft1dbt2c37i4gtj1xlcpuv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jrleft1dbt2c37i4gtj1xlcpuv|03|com"; nocase; ) # a5sik11j9em6jl2fuv1c2o176.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a5sik11j9em6jl2fuv1c2o176|03|net"; nocase; ) # 1v0gcjw3nbyub1ghdq6v1o7b2to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v0gcjw3nbyub1ghdq6v1o7b2to|03|com"; nocase; ) # eoitrv3skev31bp2zkv1wl2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eoitrv3skev31bp2zkv1wl2t|03|org"; nocase; ) # 19quhqe3xls8i1908poe1qr2mo3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19quhqe3xls8i1908poe1qr2mo3|03|com"; nocase; ) # 9kwoev1k4erg7ji18zg3k713p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9kwoev1k4erg7ji18zg3k713p|03|net"; nocase; ) # k0m0va163w8wn60ojx61ux67mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k0m0va163w8wn60ojx61ux67mt|03|com"; nocase; ) # 13i2usp1oghyl73z2e51oa2nqd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13i2usp1oghyl73z2e51oa2nqd|03|org"; nocase; ) # d1ijsgkice8khrym8diwz9z6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d1ijsgkice8khrym8diwz9z6|03|net"; nocase; ) # o5n759wxdq8jfi68oe1pm7ryp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o5n759wxdq8jfi68oe1pm7ryp|03|net"; nocase; ) # 1htxlug1a98hvl1hk32qt1leqb2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1htxlug1a98hvl1hk32qt1leqb2s|03|com"; nocase; ) # 1f0rr5obo56knizzqhza1qej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1f0rr5obo56knizzqhza1qej|03|org"; nocase; ) # nfar421agdiji14wjtgm190i3o4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nfar421agdiji14wjtgm190i3o4|03|biz"; nocase; ) # e1uaox7q7kpfadi9p018038zq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1uaox7q7kpfadi9p018038zq|03|net"; nocase; ) # 13tdb31pl9n641apcf23hken5k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13tdb31pl9n641apcf23hken5k|03|biz"; nocase; ) # 1ls9hjb1cxmi431esu2cgmka3bs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ls9hjb1cxmi431esu2cgmka3bs|03|com"; nocase; ) # 1qr2noi1022i8xl2npi51tk0pqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qr2noi1022i8xl2npi51tk0pqw|03|com"; nocase; ) # 14w1jdfjqto7b1vwinal1uo55ju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14w1jdfjqto7b1vwinal1uo55ju|03|org"; nocase; ) # qhc0nfj3a3r816zhi4112x0qcg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qhc0nfj3a3r816zhi4112x0qcg|03|biz"; nocase; ) # 58u3hhcblonz1p49y661r3mihx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|58u3hhcblonz1p49y661r3mihx|03|org"; nocase; ) # mgv4yi1eoan8u1to53871gg9ema.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mgv4yi1eoan8u1to53871gg9ema|03|com"; nocase; ) # sxyll7iqase8fz7lp1d8y93o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sxyll7iqase8fz7lp1d8y93o|03|biz"; nocase; ) # 137k37p1w7vrvkna3p6upq9og8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|137k37p1w7vrvkna3p6upq9og8|03|com"; nocase; ) # yqqwz415g84lw5erahr1ma1ld6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yqqwz415g84lw5erahr1ma1ld6|03|net"; nocase; ) # 1ry0aut5wm1mk18qaad6tprez0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ry0aut5wm1mk18qaad6tprez0|03|org"; nocase; ) # 1jn5m2q9knhgt7jex1c0ajsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1jn5m2q9knhgt7jex1c0ajsn|03|net"; nocase; ) # gid0ok1mb62jpb513xt3jr6bj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gid0ok1mb62jpb513xt3jr6bj|03|net"; nocase; ) # wg145m1xb9av1tj7zic1kcy8n0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wg145m1xb9av1tj7zic1kcy8n0|03|com"; nocase; ) # 1bm3tog1l2iopq1ipitnj1mgawrt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bm3tog1l2iopq1ipitnj1mgawrt|03|biz"; nocase; ) # 2obnpl1sxrhq82netf2h4sqdy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2obnpl1sxrhq82netf2h4sqdy|03|biz"; nocase; ) # kz61cu1fz1ub31stec0n1crld1h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kz61cu1fz1ub31stec0n1crld1h|03|net"; nocase; ) # 1mzlxggr2sxz0y77vhw1vfd3pl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mzlxggr2sxz0y77vhw1vfd3pl|03|org"; nocase; ) # 14ixag717arj11uwisgv19fud9a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ixag717arj11uwisgv19fud9a|03|com"; nocase; ) # 1u5xe8avzbbg10ndg5u1w1jcer.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u5xe8avzbbg10ndg5u1w1jcer|03|biz"; nocase; ) # s2d4ed1pbbdw5dk15iw110cgtz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s2d4ed1pbbdw5dk15iw110cgtz|03|com"; nocase; ) # 1c1e46q17fnjs143t2dr5aj1fw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c1e46q17fnjs143t2dr5aj1fw|03|com"; nocase; ) # y1nkpv1tbri4j7hvcf9rey1el.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y1nkpv1tbri4j7hvcf9rey1el|03|net"; nocase; ) # 1ko0tkusxfbaa157hid17ym9l3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ko0tkusxfbaa157hid17ym9l3|03|com"; nocase; ) # h0nwgbrc1u1m1wbgdw81os8fyf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0nwgbrc1u1m1wbgdw81os8fyf|03|org"; nocase; ) # n4absz12g9750t9ujr01ep2dqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4absz12g9750t9ujr01ep2dqz|03|biz"; nocase; ) # 1kksdnv14jcrnw11oifim1dgparh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kksdnv14jcrnw11oifim1dgparh|03|org"; nocase; ) # 1l9tlp0h88l4v2cemwm1v5u32n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l9tlp0h88l4v2cemwm1v5u32n|03|org"; nocase; ) # 11xub3x2zk9w3xzl9bi1xa7ihj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11xub3x2zk9w3xzl9bi1xa7ihj|03|net"; nocase; ) # 1buu6mh1a1t2f812kx63b164ybrq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1buu6mh1a1t2f812kx63b164ybrq|03|org"; nocase; ) # 1qin88epf5rgiswxzri1rrhnf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qin88epf5rgiswxzri1rrhnf4|03|net"; nocase; ) # jhu59i1nkkbglubg0qxummsh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jhu59i1nkkbglubg0qxummsh4|03|org"; nocase; ) # 17n14qb1g4vclq1c7w5tp16hhilc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17n14qb1g4vclq1c7w5tp16hhilc|03|biz"; nocase; ) # 15sac47wyft7asmj1mrptke3m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15sac47wyft7asmj1mrptke3m|03|biz"; nocase; ) # ejr8aj1mlrax51uwjsigcyt6ab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ejr8aj1mlrax51uwjsigcyt6ab|03|com"; nocase; ) # biml0sbkfzkvfqskio269qxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|biml0sbkfzkvfqskio269qxj|03|com"; nocase; ) # t3jdaqko5nf3snakgz13emvbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t3jdaqko5nf3snakgz13emvbq|03|net"; nocase; ) # 1uim1pfzpa3h617tqnbycbgaxu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uim1pfzpa3h617tqnbycbgaxu|03|biz"; nocase; ) # ym97571eeihme11lmtut1dmaus4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ym97571eeihme11lmtut1dmaus4|03|org"; nocase; ) # 1bngd5nof06ii10ifq931949rq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bngd5nof06ii10ifq931949rq5|03|com"; nocase; ) # 15e8rmyx5ntp1ypqug21aj7ixn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15e8rmyx5ntp1ypqug21aj7ixn|03|net"; nocase; ) # 4e7orx1tv5xta5vurkr1meyl9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4e7orx1tv5xta5vurkr1meyl9|03|com"; nocase; ) # 3uzsnk12dr2hzho52vcih4bul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3uzsnk12dr2hzho52vcih4bul|03|com"; nocase; ) # 10jw4dc662pkwkdmq3x1jf7kja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10jw4dc662pkwkdmq3x1jf7kja|03|net"; nocase; ) # kbcfvh4tthkhom6zf8m8vdqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kbcfvh4tthkhom6zf8m8vdqw|03|org"; nocase; ) # efbo6d10kgq6pwmes4umhrxbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|efbo6d10kgq6pwmes4umhrxbt|03|org"; nocase; ) # w98675jb94vwho4z6xm69pf1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w98675jb94vwho4z6xm69pf1|03|net"; nocase; ) # 12kuhm81ko98a1vq19b11sl4qrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12kuhm81ko98a1vq19b11sl4qrv|03|org"; nocase; ) # 589tsv1nncdn11vlq5vv1ltl49f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|589tsv1nncdn11vlq5vv1ltl49f|03|net"; nocase; ) # 1xdfs8nohbk7tt038k1fejysk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xdfs8nohbk7tt038k1fejysk|03|biz"; nocase; ) # 1aoz6f8spww0g1b294qcj5xyd4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aoz6f8spww0g1b294qcj5xyd4|03|com"; nocase; ) # 1p9ioxhvoaot7xr1da11l8n1y2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p9ioxhvoaot7xr1da11l8n1y2|03|org"; nocase; ) # dx1sjf1nda4ldn41tqritx7l5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dx1sjf1nda4ldn41tqritx7l5|03|net"; nocase; ) # 19izofckb799p4367dxxo2pf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19izofckb799p4367dxxo2pf8|03|net"; nocase; ) # 1s7tn3svd1vkgszn287vmcl2q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s7tn3svd1vkgszn287vmcl2q|03|org"; nocase; ) # 1euepsg1sdpz121l7ddmx16xen5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1euepsg1sdpz121l7ddmx16xen5t|03|com"; nocase; ) # dyq0531fo4axf1fwb1lrvob7es.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dyq0531fo4axf1fwb1lrvob7es|03|biz"; nocase; ) # b9zdlyp106nr2cxte211mses0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b9zdlyp106nr2cxte211mses0|03|net"; nocase; ) # kzg9jo160j26z1ib084c1mdkk8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kzg9jo160j26z1ib084c1mdkk8d|03|com"; nocase; ) # nyj08p1q102671g384hw119bcro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nyj08p1q102671g384hw119bcro|03|biz"; nocase; ) # 1vtvt0j1av83361t69gqcg6vs2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vtvt0j1av83361t69gqcg6vs2n|03|net"; nocase; ) # av5kw491pkut1hcpdoshx0voc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|av5kw491pkut1hcpdoshx0voc|03|org"; nocase; ) # klupg915d9gf51hk5arr60cqey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|klupg915d9gf51hk5arr60cqey|03|net"; nocase; ) # 58f9t613k005i1jq8eso55aupt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|58f9t613k005i1jq8eso55aupt|03|net"; nocase; ) # zsjama1jb0m0zxfjgru1f9iytl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zsjama1jb0m0zxfjgru1f9iytl|03|org"; nocase; ) # 1tyh7dlwtjnz51ohf5mn1j58cup.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tyh7dlwtjnz51ohf5mn1j58cup|03|biz"; nocase; ) # nxzipt9mdt131bbxues1aqvbcf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nxzipt9mdt131bbxues1aqvbcf|03|org"; nocase; ) # wfod4n1dghaixfst6yn19n5d4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wfod4n1dghaixfst6yn19n5d4w|03|net"; nocase; ) # p67mcrgk0y2z1gkrez5mfwjsf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p67mcrgk0y2z1gkrez5mfwjsf|03|org"; nocase; ) # 1aa4ed015zh3vp1ljhllmzc90qg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa4ed015zh3vp1ljhllmzc90qg|03|net"; nocase; ) # ehjoowid2mxk17mxmjb1v0nbvg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehjoowid2mxk17mxmjb1v0nbvg|03|com"; nocase; ) # fomrsrgx1yi6qsyvoc1u3io4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fomrsrgx1yi6qsyvoc1u3io4n|03|net"; nocase; ) # 1iwkmhkife3j3fwnz8b1n8jbaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iwkmhkife3j3fwnz8b1n8jbaj|03|com"; nocase; ) # ahjhyj2u56ntig5ae616h6k5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ahjhyj2u56ntig5ae616h6k5l|03|net"; nocase; ) # 1yr80ifb491kd1azjecumw20bd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yr80ifb491kd1azjecumw20bd|03|biz"; nocase; ) # vevvpz1v9xggsel1b3u1fge1ui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vevvpz1v9xggsel1b3u1fge1ui|03|net"; nocase; ) # 3lp15un92b6l834gsi1ezrv6t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3lp15un92b6l834gsi1ezrv6t|03|com"; nocase; ) # 6z8ovn14qi1bz1o5mt4v1r7s9oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6z8ovn14qi1bz1o5mt4v1r7s9oh|03|biz"; nocase; ) # niwzjgimgmr914k7eixxnh2nv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|niwzjgimgmr914k7eixxnh2nv|03|com"; nocase; ) # 15hntv61xt7rqsqwwvfs1pmi1oj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15hntv61xt7rqsqwwvfs1pmi1oj|03|net"; nocase; ) # mack2x7ty8ngdabvyb1r7cp8o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mack2x7ty8ngdabvyb1r7cp8o|03|biz"; nocase; ) # 1nw2mhy42h3451wnhl3a1anarpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nw2mhy42h3451wnhl3a1anarpb|03|net"; nocase; ) # yuyd48n8ec7p1kpv0r1a4lxq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yuyd48n8ec7p1kpv0r1a4lxq8|03|com"; nocase; ) # 11odvzt1reh5fbuv0yku1nsibhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11odvzt1reh5fbuv0yku1nsibhe|03|com"; nocase; ) # 19dpmjek0eev4tfhyq2wepnxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19dpmjek0eev4tfhyq2wepnxh|03|biz"; nocase; ) # p0p6b0800wo712px1dhkn127p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p0p6b0800wo712px1dhkn127p|03|net"; nocase; ) # 1g9jgw9dtvfsrueglat112wggq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9jgw9dtvfsrueglat112wggq|03|biz"; nocase; ) # 1p507f41f51rniqfddbk1r0ruwf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p507f41f51rniqfddbk1r0ruwf|03|biz"; nocase; ) # vzjj21edr3v6cr21boqbwqeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vzjj21edr3v6cr21boqbwqeq|03|com"; nocase; ) # hcztd0ubfod01bd386vcl59el.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hcztd0ubfod01bd386vcl59el|03|net"; nocase; ) # 11263fg1mlfxqyqt9abs1p6w3ch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11263fg1mlfxqyqt9abs1p6w3ch|03|net"; nocase; ) # nguf76nmf1d52hhbik1dgxrl1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nguf76nmf1d52hhbik1dgxrl1|03|org"; nocase; ) # 1riw9j01xrff3utqk8w11kv7ed5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1riw9j01xrff3utqk8w11kv7ed5|03|net"; nocase; ) # 10nydct1m4wot2145987mglgv1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10nydct1m4wot2145987mglgv1n|03|net"; nocase; ) # q9tnt0182k91jze545y1lptowv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q9tnt0182k91jze545y1lptowv|03|biz"; nocase; ) # 11igdza1bmtbkcj34pw4exnn6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11igdza1bmtbkcj34pw4exnn6m|03|org"; nocase; ) # lffhfy1sx5yaefne06g15dct36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lffhfy1sx5yaefne06g15dct36|03|org"; nocase; ) # 2a1lrn1f39s0kh3b9871tidyyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2a1lrn1f39s0kh3b9871tidyyk|03|com"; nocase; ) # 1o4dp2lfr6yi1tujjym10tkev0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o4dp2lfr6yi1tujjym10tkev0|03|org"; nocase; ) # n9lrsv14jpl8g165qa6qx64v68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n9lrsv14jpl8g165qa6qx64v68|03|net"; nocase; ) # 13jw6o41mjtrx9ofqdyk1shnw4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13jw6o41mjtrx9ofqdyk1shnw4p|03|biz"; nocase; ) # 10khyjwfhel9y71pfn6wykwyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10khyjwfhel9y71pfn6wykwyd|03|org"; nocase; ) # 12befbb14wqbmw1fqo2gr1ytnsfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12befbb14wqbmw1fqo2gr1ytnsfe|03|net"; nocase; ) # 1wx4elryhunzj6fr3751bsedv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wx4elryhunzj6fr3751bsedv8|03|com"; nocase; ) # xrk78oahzduifesr4w13cqgoh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrk78oahzduifesr4w13cqgoh|03|biz"; nocase; ) # 15t5hho89l0hiwa8r1f1geimtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15t5hho89l0hiwa8r1f1geimtf|03|net"; nocase; ) # 19h6j2j18nzjsg1tsk3x6vyjuq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19h6j2j18nzjsg1tsk3x6vyjuq2|03|net"; nocase; ) # 1r9sviz1cssoik1e821ua12nq185.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r9sviz1cssoik1e821ua12nq185|03|biz"; nocase; ) # e014j3jrom3jram5uyfy39oi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e014j3jrom3jram5uyfy39oi|03|net"; nocase; ) # 16biz7p1q5ttbi5p7pbp1ppp7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16biz7p1q5ttbi5p7pbp1ppp7w|03|com"; nocase; ) # f32qh91bgeyz15osiac1oz08zf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f32qh91bgeyz15osiac1oz08zf|03|org"; nocase; ) # hv8ika1xp1pxy4hv11p5hlixv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hv8ika1xp1pxy4hv11p5hlixv|03|net"; nocase; ) # s7c9yy17ktcf51q100elosakvm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s7c9yy17ktcf51q100elosakvm|03|org"; nocase; ) # 1i9ncvz10q9hku971y64z09c6i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i9ncvz10q9hku971y64z09c6i|03|biz"; nocase; ) # fiwhq1dg94t3k4helv11h8tnd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fiwhq1dg94t3k4helv11h8tnd|03|org"; nocase; ) # 5pup0r9zh848ukv081798ebu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5pup0r9zh848ukv081798ebu|03|com"; nocase; ) # fxbbw71ph0vsew8mh5o1q7pi8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxbbw71ph0vsew8mh5o1q7pi8z|03|com"; nocase; ) # smwkt7oodi8c1n0if1z1fmcj6y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|smwkt7oodi8c1n0if1z1fmcj6y|03|net"; nocase; ) # de5ndx1b9yn0i17d3vck177radp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|de5ndx1b9yn0i17d3vck177radp|03|biz"; nocase; ) # 1y3ohzfyj1z0v7j8m9vs8nenl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y3ohzfyj1z0v7j8m9vs8nenl|03|net"; nocase; ) # kb9rh91yx6mfb1ged2huwoji2q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kb9rh91yx6mfb1ged2huwoji2q|03|com"; nocase; ) # 1uw7f9513vtctv17pl7xflt68k5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uw7f9513vtctv17pl7xflt68k5|03|biz"; nocase; ) # 14op0z61gxpyk43ep8ouw6ki8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14op0z61gxpyk43ep8ouw6ki8|03|net"; nocase; ) # 4wresd1qtjitg12s8tycqtphke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4wresd1qtjitg12s8tycqtphke|03|net"; nocase; ) # lnyvvl1gr3tt46nhu3l15k8l70.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lnyvvl1gr3tt46nhu3l15k8l70|03|biz"; nocase; ) # m5p2bf1d8usbv1r5a3yf76pft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5p2bf1d8usbv1r5a3yf76pft|03|com"; nocase; ) # ikfm0cvgw5em114x39z1osoxjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikfm0cvgw5em114x39z1osoxjg|03|org"; nocase; ) # j10kkosnetw1156mkyy1odtf45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j10kkosnetw1156mkyy1odtf45|03|net"; nocase; ) # qqbquhaiiykrtg24sbku310c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qqbquhaiiykrtg24sbku310c|03|com"; nocase; ) # 3txm7c13c14gz1s4hwmy14p2rg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3txm7c13c14gz1s4hwmy14p2rg8|03|org"; nocase; ) # rjdqvw3w7rs11j1mbis1n7gtpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rjdqvw3w7rs11j1mbis1n7gtpo|03|com"; nocase; ) # w9ojdx2x82xmjt5vgm1q8kfu6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9ojdx2x82xmjt5vgm1q8kfu6|03|org"; nocase; ) # yqi7hb1y83o951xf15sf1qvyx0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yqi7hb1y83o951xf15sf1qvyx0o|03|com"; nocase; ) # 1kjfsgf19hj0mmjcgz3lanuk88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kjfsgf19hj0mmjcgz3lanuk88|03|org"; nocase; ) # 1cai67wrfzlx21fuuhwq1n4q96h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cai67wrfzlx21fuuhwq1n4q96h|03|org"; nocase; ) # 1nqydw0191uneas3aakt1mz8xqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nqydw0191uneas3aakt1mz8xqj|03|net"; nocase; ) # bbggl61t364k81477wv61czytmk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bbggl61t364k81477wv61czytmk|03|biz"; nocase; ) # se7lxw1ipz7rj1pvcb241n61dgh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|se7lxw1ipz7rj1pvcb241n61dgh|03|biz"; nocase; ) # 43z1n615uow3tien78axxyl5e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|43z1n615uow3tien78axxyl5e|03|org"; nocase; ) # 15ab35p53jspdhnz6ujuudpkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15ab35p53jspdhnz6ujuudpkf|03|org"; nocase; ) # 13fly8h1qz1rj81u2crw1l1chiy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13fly8h1qz1rj81u2crw1l1chiy|03|net"; nocase; ) # 21acha1isqzhs1uwyr4n96sa48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21acha1isqzhs1uwyr4n96sa48|03|com"; nocase; ) # 1uc79331px8w7bs7o3yd5b25lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uc79331px8w7bs7o3yd5b25lr|03|net"; nocase; ) # 1g4nr11ceacjd1ycafy8kjw50y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g4nr11ceacjd1ycafy8kjw50y|03|org"; nocase; ) # 1n8dlk3n5ty2u19ftjgk1mr9eaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n8dlk3n5ty2u19ftjgk1mr9eaw|03|net"; nocase; ) # 192w5g2tmuzj0hn25jr1n743a8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|192w5g2tmuzj0hn25jr1n743a8|03|org"; nocase; ) # 1yks3bo1da7lcmtva3q1vvdwph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yks3bo1da7lcmtva3q1vvdwph|03|net"; nocase; ) # ppcigcly9orfb1fup148eexo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ppcigcly9orfb1fup148eexo|03|com"; nocase; ) # 1boh0nm1hh3ayp17tpvma1kpgcqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1boh0nm1hh3ayp17tpvma1kpgcqc|03|org"; nocase; ) # 1dtd5s219jy3fdqs95xmmsm4hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dtd5s219jy3fdqs95xmmsm4hu|03|com"; nocase; ) # 1nl0do4gqzkq2235et9cz92me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nl0do4gqzkq2235et9cz92me|03|net"; nocase; ) # qhf5iamljkwchuttko59tude.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qhf5iamljkwchuttko59tude|03|org"; nocase; ) # 1wzlrpfs7r8jj1d8nes1hok4nk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wzlrpfs7r8jj1d8nes1hok4nk|03|com"; nocase; ) # 1fno3qrbiviag15b3kzo5prj7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fno3qrbiviag15b3kzo5prj7j|03|org"; nocase; ) # 109j1cr11z4nzkv8boy1ij7h4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|109j1cr11z4nzkv8boy1ij7h4q|03|net"; nocase; ) # j0wug31l6b7427kdtfchkb2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j0wug31l6b7427kdtfchkb2n|03|net"; nocase; ) # y6pizhccgnthrpeovxuvxw8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y6pizhccgnthrpeovxuvxw8m|03|net"; nocase; ) # 423w9y1d47n87hf56vo1q9t9hg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|423w9y1d47n87hf56vo1q9t9hg|03|org"; nocase; ) # bbvf191oh9ex3yzp5ln1g582at.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bbvf191oh9ex3yzp5ln1g582at|03|net"; nocase; ) # ja6nkri6rope5pxt3w1ye7ln5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ja6nkri6rope5pxt3w1ye7ln5|03|biz"; nocase; ) # 192m5j218eu6e68kbszqjfio7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|192m5j218eu6e68kbszqjfio7c|03|net"; nocase; ) # 1cwloepn4k11q1r50nckk3a60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cwloepn4k11q1r50nckk3a60|03|net"; nocase; ) # 1c2306v1lv2cvydxz0wov3fhlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c2306v1lv2cvydxz0wov3fhlw|03|org"; nocase; ) # 4n3vdv1injfu36d55mv7ms640.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4n3vdv1injfu36d55mv7ms640|03|net"; nocase; ) # htgj38jwvut8165towc1pssasd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|htgj38jwvut8165towc1pssasd|03|com"; nocase; ) # uxfa0z5gkllv1us7e1ydqv4ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uxfa0z5gkllv1us7e1ydqv4ip|03|net"; nocase; ) # 1tr2g79x07gqe77f00ykw8c17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tr2g79x07gqe77f00ykw8c17|03|org"; nocase; ) # 1r13fik1qpd3ip1luxfet12r9b8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r13fik1qpd3ip1luxfet12r9b8c|03|com"; nocase; ) # 1i63mw5737kul13k6xt0rmugju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i63mw5737kul13k6xt0rmugju|03|net"; nocase; ) # cipx1halp7c5lldsef14dmvro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cipx1halp7c5lldsef14dmvro|03|org"; nocase; ) # 1q0y7crmy2m81ibt1ey9b67k2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q0y7crmy2m81ibt1ey9b67k2|03|com"; nocase; ) # 157j6yz1bpk7nvf7hf946vk9qc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157j6yz1bpk7nvf7hf946vk9qc|03|biz"; nocase; ) # 18tbc7m2jzp3o15olqfu1qncp3r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tbc7m2jzp3o15olqfu1qncp3r|03|org"; nocase; ) # 1i8mp8y8z4pe51e33fmz1apg0ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i8mp8y8z4pe51e33fmz1apg0ap|03|net"; nocase; ) # 5qgx9z1pjbbd314rdsy51p6jsbk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5qgx9z1pjbbd314rdsy51p6jsbk|03|org"; nocase; ) # 1he8jrbwwjz80o22xmlsoz1cv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1he8jrbwwjz80o22xmlsoz1cv|03|biz"; nocase; ) # 1v5egh3iqqau94rvfdq1ganzzh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5egh3iqqau94rvfdq1ganzzh|03|org"; nocase; ) # y6zn90pkqjllghzfhnxb6tor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y6zn90pkqjllghzfhnxb6tor|03|com"; nocase; ) # 1x8q7iv1mc8jfs3hctpw15585ok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x8q7iv1mc8jfs3hctpw15585ok|03|biz"; nocase; ) # 8fpb90dbeda91q0s2pvzteqmo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8fpb90dbeda91q0s2pvzteqmo|03|com"; nocase; ) # 1pnhapp2jpgd1jqdcf9flf2qx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pnhapp2jpgd1jqdcf9flf2qx|03|biz"; nocase; ) # 10nfh3wfjs07kow9czo1nms8hz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10nfh3wfjs07kow9czo1nms8hz|03|net"; nocase; ) # 1nke4c09d57xirpjyg61d09zl4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nke4c09d57xirpjyg61d09zl4|03|biz"; nocase; ) # 1bjr2wd8r0aj8fabmk11brilgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjr2wd8r0aj8fabmk11brilgb|03|com"; nocase; ) # 1qc690ruo69z7l43qcv1iiiwaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qc690ruo69z7l43qcv1iiiwaa|03|net"; nocase; ) # tely441sn4mfm1fcxjq611uvrb6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tely441sn4mfm1fcxjq611uvrb6|03|org"; nocase; ) # 14691lcatgqu3pbo73p9oh1hn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14691lcatgqu3pbo73p9oh1hn|03|net"; nocase; ) # 1rdx98e11filnz1kyl6fs1g5eb61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rdx98e11filnz1kyl6fs1g5eb61|03|org"; nocase; ) # qbysss174re0f1kwwhbkfr1zbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qbysss174re0f1kwwhbkfr1zbv|03|net"; nocase; ) # 1v7870ioizd2t5npwp5f571xp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v7870ioizd2t5npwp5f571xp|03|biz"; nocase; ) # 1ownsmd1oiohhqfz4uix7o0fx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ownsmd1oiohhqfz4uix7o0fx|03|biz"; nocase; ) # 5fcwma1v5x1lsd95otneehliv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fcwma1v5x1lsd95otneehliv|03|org"; nocase; ) # arps7dt03jo71fyk3jt1bmhcpl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|arps7dt03jo71fyk3jt1bmhcpl|03|net"; nocase; ) # 128r3qzrs2j1s15tgfkapduiv5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|128r3qzrs2j1s15tgfkapduiv5|03|biz"; nocase; ) # usdktk13xhsts1sqwgwqv9cc68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|usdktk13xhsts1sqwgwqv9cc68|03|net"; nocase; ) # 10k3scuv3r60tnmtgnu11f5elf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10k3scuv3r60tnmtgnu11f5elf|03|org"; nocase; ) # fk9k6z7nj6wzpagpqs1sc34hz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fk9k6z7nj6wzpagpqs1sc34hz|03|net"; nocase; ) # 6awxmu1dolswjf04e6ksxsjb2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6awxmu1dolswjf04e6ksxsjb2|03|biz"; nocase; ) # 4jwjeivxv9xxmg66bw1snjn3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4jwjeivxv9xxmg66bw1snjn3y|03|com"; nocase; ) # 114r2wkgrpiri1dllgno1gw3rit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|114r2wkgrpiri1dllgno1gw3rit|03|net"; nocase; ) # vjlnlt1qhwva51nisdwe1lg5ft4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vjlnlt1qhwva51nisdwe1lg5ft4|03|org"; nocase; ) # bgd6jc1hq287dja8qlo1alyi59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bgd6jc1hq287dja8qlo1alyi59|03|com"; nocase; ) # 1a6ny8divac7y1vwomiahy79dc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6ny8divac7y1vwomiahy79dc|03|net"; nocase; ) # 10ll71akp8d3414yts2s1v3qeqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ll71akp8d3414yts2s1v3qeqc|03|org"; nocase; ) # 1h9v9a913f8ot2kxoq561vyysln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h9v9a913f8ot2kxoq561vyysln|03|com"; nocase; ) # 1e2ahu71xys68319puo1ze44zm4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e2ahu71xys68319puo1ze44zm4|03|net"; nocase; ) # 1m635chlbwuaz66recp6vrvfi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m635chlbwuaz66recp6vrvfi|03|net"; nocase; ) # 9mvna71q8ojaldaxdi1827kp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9mvna71q8ojaldaxdi1827kp0|03|org"; nocase; ) # 1j65ecro2msz61e3jiz4bk0yp1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j65ecro2msz61e3jiz4bk0yp1|03|org"; nocase; ) # 1hldqhc15rfbcckm1hrj196e15t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hldqhc15rfbcckm1hrj196e15t|03|net"; nocase; ) # 1huba9c1h2qsisw4f2yhtdcrah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1huba9c1h2qsisw4f2yhtdcrah|03|org"; nocase; ) # 1b09qol1mg1f7w1dx4ck111jjtd9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b09qol1mg1f7w1dx4ck111jjtd9|03|com"; nocase; ) # 1tvjpdb1bico8l196civs1dk5a92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tvjpdb1bico8l196civs1dk5a92|03|org"; nocase; ) # 5rnzh6lku4389rd3tz9wxway.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5rnzh6lku4389rd3tz9wxway|03|net"; nocase; ) # 1nsq2i613tllc0uk687ohz8fx1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nsq2i613tllc0uk687ohz8fx1|03|com"; nocase; ) # ed92i6zkx1po1l157021kvk9ax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ed92i6zkx1po1l157021kvk9ax|03|net"; nocase; ) # vcbrde6g7svgrope11ypaqbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vcbrde6g7svgrope11ypaqbv|03|net"; nocase; ) # ybhjuy1vmyjnq1s287on12lwsnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ybhjuy1vmyjnq1s287on12lwsnh|03|org"; nocase; ) # bpjp0q39wpkr1g1o66hbnj095.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpjp0q39wpkr1g1o66hbnj095|03|net"; nocase; ) # xvscyx82290uf86q4j10tf6sd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvscyx82290uf86q4j10tf6sd|03|com"; nocase; ) # 1hs7bsk1gybpnh19bnwh310u31x5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hs7bsk1gybpnh19bnwh310u31x5|03|biz"; nocase; ) # 9qve6d1v5maidcje7km1q3oabd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9qve6d1v5maidcje7km1q3oabd|03|com"; nocase; ) # 1vbns3263apudt1url327l7t4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vbns3263apudt1url327l7t4|03|com"; nocase; ) # 18kbn8pggrv6f1pmajrnax1di7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18kbn8pggrv6f1pmajrnax1di7|03|net"; nocase; ) # gsp1hpbhdds9y0sbcx1i5d7ra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gsp1hpbhdds9y0sbcx1i5d7ra|03|net"; nocase; ) # 3z57me16xy8gs2mqcocksj1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3z57me16xy8gs2mqcocksj1e|03|com"; nocase; ) # khrb42four7ss0tu7zw9ermc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|khrb42four7ss0tu7zw9ermc|03|org"; nocase; ) # 1rn99rt1ifszk3sedvgwmh1qq6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rn99rt1ifszk3sedvgwmh1qq6|03|net"; nocase; ) # 4tsmig1yk2wo8p1k9jv1ommv7o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4tsmig1yk2wo8p1k9jv1ommv7o|03|biz"; nocase; ) # er8928pr0zhiveemndui1hao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|er8928pr0zhiveemndui1hao|03|org"; nocase; ) # 1h9wzm71s8kyoe1n05ay91d58zsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h9wzm71s8kyoe1n05ay91d58zsl|03|org"; nocase; ) # 1dg6gfvmotx6birlo0whj7rhb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dg6gfvmotx6birlo0whj7rhb|03|net"; nocase; ) # 188d5ezsn7lwn1gyt24814f0uvo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|188d5ezsn7lwn1gyt24814f0uvo|03|biz"; nocase; ) # 14tfv0n1ysk6nx1ufxrkw1liqcml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14tfv0n1ysk6nx1ufxrkw1liqcml|03|org"; nocase; ) # w2j1w31orsk4d1khuzlvrld92w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w2j1w31orsk4d1khuzlvrld92w|03|net"; nocase; ) # 1ioypdw1x350hj4fwl8y1tmjk32.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ioypdw1x350hj4fwl8y1tmjk32|03|biz"; nocase; ) # 13h1jdo1y60u44pyp34tqu112u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13h1jdo1y60u44pyp34tqu112u|03|org"; nocase; ) # uvdud1bfa1ei16ma4zrff7o4h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvdud1bfa1ei16ma4zrff7o4h|03|com"; nocase; ) # 10po294155jxqr19evs4n19wtac2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10po294155jxqr19evs4n19wtac2|03|org"; nocase; ) # 46z4k11didjuq12w5g2we7rzr2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|46z4k11didjuq12w5g2we7rzr2|03|com"; nocase; ) # 1qh2d4h1ydwpz9129u3rn1gjmzmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qh2d4h1ydwpz9129u3rn1gjmzmj|03|org"; nocase; ) # 1rarr1o1x18hoq1e1houng1aqv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rarr1o1x18hoq1e1houng1aqv3|03|org"; nocase; ) # j4losuluk7nb1t4f6q8dwu7lg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j4losuluk7nb1t4f6q8dwu7lg|03|org"; nocase; ) # ruusbg1byq1sywlxcab1s2b2ov.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ruusbg1byq1sywlxcab1s2b2ov|03|net"; nocase; ) # 1bjrpne1fi7uh91vzv97j11d27ft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bjrpne1fi7uh91vzv97j11d27ft|03|org"; nocase; ) # 1hyds6c1lh8jlh1tvnj551sioo4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hyds6c1lh8jlh1tvnj551sioo4j|03|com"; nocase; ) # 1do4s4qleos47btnwt3uiqqfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1do4s4qleos47btnwt3uiqqfh|03|org"; nocase; ) # cvr2tk1oy7krm3o6lcwwvl8lm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cvr2tk1oy7krm3o6lcwwvl8lm|03|net"; nocase; ) # 1mbdtj6sqpm3j1a2gcdt1sr7el8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mbdtj6sqpm3j1a2gcdt1sr7el8|03|net"; nocase; ) # 1a01tr01tvelm81ynnnri1ne41dv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a01tr01tvelm81ynnnri1ne41dv|03|org"; nocase; ) # 74lwztv3vbcxlunim11mau3wm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74lwztv3vbcxlunim11mau3wm|03|net"; nocase; ) # 11u6hp1r438v3upucbqb4kkub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11u6hp1r438v3upucbqb4kkub|03|org"; nocase; ) # 195ose61f5xh5514ie9wx18vgm67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|195ose61f5xh5514ie9wx18vgm67|03|com"; nocase; ) # 1gx2gws1a5w52dfbmvr3ycuprd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gx2gws1a5w52dfbmvr3ycuprd|03|com"; nocase; ) # gquhq21ia73dxhqw1qgi14h4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gquhq21ia73dxhqw1qgi14h4b|03|net"; nocase; ) # 12sukp6xbiydp85ku591v9rdnc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12sukp6xbiydp85ku591v9rdnc|03|org"; nocase; ) # 1jodj2r1qwd6aj19qhoc1yobwej.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jodj2r1qwd6aj19qhoc1yobwej|03|biz"; nocase; ) # qi3q6p17jamdyqxyce7q2rg8n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qi3q6p17jamdyqxyce7q2rg8n|03|com"; nocase; ) # 8zgwqdjxbtbuhx99xn1mqgm11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8zgwqdjxbtbuhx99xn1mqgm11|03|net"; nocase; ) # 1gl8arm1czsw2i1y28ir41u25as2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gl8arm1czsw2i1y28ir41u25as2|03|com"; nocase; ) # 1ho2dw6d7bk3ua5a2a110qm66z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ho2dw6d7bk3ua5a2a110qm66z|03|net"; nocase; ) # 1wtzyo82lz31wudgqmlojevs5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wtzyo82lz31wudgqmlojevs5|03|com"; nocase; ) # 117tc931c7vj0atafauc1i3afpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|117tc931c7vj0atafauc1i3afpq|03|biz"; nocase; ) # h2efhs6ggkeidc4xm6179t9oz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h2efhs6ggkeidc4xm6179t9oz|03|org"; nocase; ) # 1e8bdak1akl3201534c13121ic5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e8bdak1akl3201534c13121ic5t|03|com"; nocase; ) # ode2ljly72stqc28yu15ra8rv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ode2ljly72stqc28yu15ra8rv|03|net"; nocase; ) # pu2dse12dxyky18jzyxy1gvy9sc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pu2dse12dxyky18jzyxy1gvy9sc|03|biz"; nocase; ) # byogtbnfhh08801qxoyzifv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|byogtbnfhh08801qxoyzifv2|03|net"; nocase; ) # 1jh9n0v1nzi3pxdbh0cq1gz2qr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jh9n0v1nzi3pxdbh0cq1gz2qr0|03|net"; nocase; ) # o46ul914bpji11tptirwpxc4nr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o46ul914bpji11tptirwpxc4nr|03|org"; nocase; ) # e4pwt8f9jkh97edkz8agt6f4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e4pwt8f9jkh97edkz8agt6f4|03|biz"; nocase; ) # kqpi5youg0nd1b0z8cy1v8rrz0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kqpi5youg0nd1b0z8cy1v8rrz0|03|net"; nocase; ) # 15ts2j4dq59jouhsruf1rubpui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ts2j4dq59jouhsruf1rubpui|03|biz"; nocase; ) # 3pa49017yai3vbuva30l598cj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3pa49017yai3vbuva30l598cj|03|com"; nocase; ) # reydbxze1vnu1f4flie7lis22.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|reydbxze1vnu1f4flie7lis22|03|biz"; nocase; ) # 1x45py61aorppd1j2puh5ijvz8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x45py61aorppd1j2puh5ijvz8v|03|com"; nocase; ) # 9h9h7043ko351qy1evty2jm6q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9h9h7043ko351qy1evty2jm6q|03|org"; nocase; ) # 1nzbpb9mwfgbe1l85op214d43i7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nzbpb9mwfgbe1l85op214d43i7|03|org"; nocase; ) # 1672gk312qxyy23kkcx1kyh7mc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1672gk312qxyy23kkcx1kyh7mc|03|com"; nocase; ) # 1k5z43e1bmut0n16b3twa17buffl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k5z43e1bmut0n16b3twa17buffl|03|biz"; nocase; ) # vip8qu4a82812vkuge18td7lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vip8qu4a82812vkuge18td7lg|03|net"; nocase; ) # 1xjrg2xkrrxcz1hf92p32t7y55.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xjrg2xkrrxcz1hf92p32t7y55|03|com"; nocase; ) # 1gz2y9k10pok8g1gf9deuur3l6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gz2y9k10pok8g1gf9deuur3l6u|03|org"; nocase; ) # 6vlxge15x056kknejzq1n5d8m9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6vlxge15x056kknejzq1n5d8m9|03|org"; nocase; ) # 3axmqv1gzp24hg8p5mc1fl1bgk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3axmqv1gzp24hg8p5mc1fl1bgk|03|biz"; nocase; ) # nqcfjj5yofy91osodcm23fp2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nqcfjj5yofy91osodcm23fp2x|03|net"; nocase; ) # 1qfhcqzw164ogh1v54fzpwky9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfhcqzw164ogh1v54fzpwky9|03|com"; nocase; ) # 1hy8t06mzmkzs1qdn62ro8qky2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hy8t06mzmkzs1qdn62ro8qky2|03|net"; nocase; ) # 3qaqds147nc0914slnf116hiza6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3qaqds147nc0914slnf116hiza6|03|org"; nocase; ) # 1s076rn09sde1h7ni03107ztdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s076rn09sde1h7ni03107ztdb|03|net"; nocase; ) # 1fltbsf1q900k7geh4kn1oq84y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fltbsf1q900k7geh4kn1oq84y|03|org"; nocase; ) # 1yv602t3rb2cr19akeflqb6eue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yv602t3rb2cr19akeflqb6eue|03|net"; nocase; ) # h1jume1cz4regjegrqx1rxika3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h1jume1cz4regjegrqx1rxika3|03|biz"; nocase; ) # 8rvcxt1u2weyq1b6zlayhkdbyz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8rvcxt1u2weyq1b6zlayhkdbyz|03|net"; nocase; ) # 11nla65r9fpkdphl5751432z6b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11nla65r9fpkdphl5751432z6b|03|biz"; nocase; ) # 1cuyihqs6t06hbr2ajx10xixd5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cuyihqs6t06hbr2ajx10xixd5|03|com"; nocase; ) # 1aa2gsfhmnpube59kn1t04mnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aa2gsfhmnpube59kn1t04mnj|03|net"; nocase; ) # wsflc9lavlul1ocqqfvwkq8hh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wsflc9lavlul1ocqqfvwkq8hh|03|biz"; nocase; ) # 1vw8fc73t509z17zxlwl49yfuu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vw8fc73t509z17zxlwl49yfuu|03|org"; nocase; ) # 1qu7rfsc4tq3cojnzlp1igsso4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qu7rfsc4tq3cojnzlp1igsso4|03|com"; nocase; ) # mxaiy91p35vsr3n5a4z1qfg8ex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mxaiy91p35vsr3n5a4z1qfg8ex|03|org"; nocase; ) # 1k6s6bgikbpwa3caknx1g31mhf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k6s6bgikbpwa3caknx1g31mhf|03|net"; nocase; ) # dpwlzm1718xgmqcla6l1ckkvro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpwlzm1718xgmqcla6l1ckkvro|03|org"; nocase; ) # 1vu93mwpyxxq41uwix1zi6ulhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vu93mwpyxxq41uwix1zi6ulhs|03|com"; nocase; ) # 18qsd9lpqn2ml19jxrw417lzkgn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18qsd9lpqn2ml19jxrw417lzkgn|03|org"; nocase; ) # 1m38fmjbvb8qf1ia5utlfxw8av.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m38fmjbvb8qf1ia5utlfxw8av|03|biz"; nocase; ) # 1mrrrnz15zcj681n8hrd7w6mqjy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mrrrnz15zcj681n8hrd7w6mqjy|03|biz"; nocase; ) # lp9xu7g58lgq1tu23g81y80hz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lp9xu7g58lgq1tu23g81y80hz3|03|com"; nocase; ) # ou8i75141po4o94z8chr6jn7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ou8i75141po4o94z8chr6jn7t|03|net"; nocase; ) # 1fmat8g3o1zqu2siyzw1qyoygd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fmat8g3o1zqu2siyzw1qyoygd|03|org"; nocase; ) # 14hk8zu1es9jg313blbho1f9x4l6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14hk8zu1es9jg313blbho1f9x4l6|03|org"; nocase; ) # 1yk0e9zmdc2r4xsbkfuj1kf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1yk0e9zmdc2r4xsbkfuj1kf|03|net"; nocase; ) # 1vmkbuv18sfzh64kg4j75jksm5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vmkbuv18sfzh64kg4j75jksm5|03|org"; nocase; ) # 1siwt5zrqmgmd82rllr1wqsabd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1siwt5zrqmgmd82rllr1wqsabd|03|org"; nocase; ) # 1jhmwxs5xiez5f1dcrd1nskkmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhmwxs5xiez5f1dcrd1nskkmx|03|org"; nocase; ) # 1qwcnmynx467swfk69p147afhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qwcnmynx467swfk69p147afhk|03|net"; nocase; ) # 1tis4tz18rs76d1x6yd9sqhydva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tis4tz18rs76d1x6yd9sqhydva|03|com"; nocase; ) # 1kkopeo9zhvf14t5phb1xfdsv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkopeo9zhvf14t5phb1xfdsv4|03|org"; nocase; ) # 18llbdbfp8zgh1rd57p112m8jt5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18llbdbfp8zgh1rd57p112m8jt5|03|com"; nocase; ) # 1guint09a4nfj71hnrg1de4fk3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1guint09a4nfj71hnrg1de4fk3|03|org"; nocase; ) # 181dync78iv21ubv21omrlsoa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|181dync78iv21ubv21omrlsoa|03|org"; nocase; ) # 1mejapsgb3f21nbaumhgvgo39.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mejapsgb3f21nbaumhgvgo39|03|com"; nocase; ) # 1hghntlb2gnx5boa7kkmpo97f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hghntlb2gnx5boa7kkmpo97f|03|biz"; nocase; ) # obzlhbq7kja8jxog8j4p6vjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|obzlhbq7kja8jxog8j4p6vjw|03|org"; nocase; ) # m83hg71iq24z11rzut4418yzg22.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m83hg71iq24z11rzut4418yzg22|03|net"; nocase; ) # 1gltzbu8cjh1os5zgxu1qpumcc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gltzbu8cjh1os5zgxu1qpumcc|03|biz"; nocase; ) # 17m3a1e1a302n01l84s5o9hbo1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17m3a1e1a302n01l84s5o9hbo1e|03|com"; nocase; ) # 11l70aw1mngrpt1x69w67d4n2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11l70aw1mngrpt1x69w67d4n2k|03|org"; nocase; ) # 1t93ie919xthg215c15n2fqthri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t93ie919xthg215c15n2fqthri|03|com"; nocase; ) # v4lyk310jkqkk1w2x2ppqvs49v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4lyk310jkqkk1w2x2ppqvs49v|03|org"; nocase; ) # 1jg0imj9svmn71lrbien1bdis7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jg0imj9svmn71lrbien1bdis7m|03|net"; nocase; ) # yoq865edqxqegie16r11b5qms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yoq865edqxqegie16r11b5qms|03|net"; nocase; ) # c2nbez1ppbc931vzf0mj15wo8hm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c2nbez1ppbc931vzf0mj15wo8hm|03|com"; nocase; ) # 1a7233u1tmcq97igtanaimcufu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a7233u1tmcq97igtanaimcufu|03|org"; nocase; ) # wehp6l1hf35z6ppjstf91zt4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wehp6l1hf35z6ppjstf91zt4j|03|org"; nocase; ) # 1545y7m1ktiyyo1ddyfnd12mrh05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1545y7m1ktiyyo1ddyfnd12mrh05|03|org"; nocase; ) # 1ef9i0i1iv1zbmheb6131dcwchu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ef9i0i1iv1zbmheb6131dcwchu|03|biz"; nocase; ) # 9j2c0eax7ac7lx5j0475c08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9j2c0eax7ac7lx5j0475c08|03|net"; nocase; ) # oiyox6ckrig9tnvbzs1f89nq7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oiyox6ckrig9tnvbzs1f89nq7|03|com"; nocase; ) # 1lfcl2q13latgrpc75y212e8l9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lfcl2q13latgrpc75y212e8l9r|03|net"; nocase; ) # 4f1oo6a76tmh8s5h6c19jl6f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4f1oo6a76tmh8s5h6c19jl6f2|03|net"; nocase; ) # nccngb1rlly0f1y3xgqp16ydkx6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nccngb1rlly0f1y3xgqp16ydkx6|03|org"; nocase; ) # bbat7egi4wm26f7pbv2t0w6m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bbat7egi4wm26f7pbv2t0w6m|03|com"; nocase; ) # t0cupf16tqhhr1qy9hka19111t5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t0cupf16tqhhr1qy9hka19111t5|03|org"; nocase; ) # 1p7tscu12q5qhom6q2cw1mgg0w2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p7tscu12q5qhom6q2cw1mgg0w2|03|biz"; nocase; ) # tyc9e61cinidiu8nuil19hudb8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tyc9e61cinidiu8nuil19hudb8|03|com"; nocase; ) # 1ivee9p1q6m9qw1mrutmn5y1no.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivee9p1q6m9qw1mrutmn5y1no|03|org"; nocase; ) # ap80myg71efjtkjywhz8oxft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ap80myg71efjtkjywhz8oxft|03|com"; nocase; ) # 1ks0apw1jf6979163gmy91oj0q8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ks0apw1jf6979163gmy91oj0q8o|03|org"; nocase; ) # 40j6d1wq0u9u1j5m66jpz0ujy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|40j6d1wq0u9u1j5m66jpz0ujy|03|net"; nocase; ) # 53wdpimvuz7yfsip0jtix31.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|53wdpimvuz7yfsip0jtix31|03|com"; nocase; ) # ytimh6zfqpf6ma8gzgbhcvg7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ytimh6zfqpf6ma8gzgbhcvg7|03|biz"; nocase; ) # trxquhmr5guqrgjyj3645l1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|trxquhmr5guqrgjyj3645l1g|03|biz"; nocase; ) # b23t5mwutjfanx92nhttg1kc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b23t5mwutjfanx92nhttg1kc|03|net"; nocase; ) # lj2b1k8y3bxgm9jqzg114pvn5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lj2b1k8y3bxgm9jqzg114pvn5|03|net"; nocase; ) # j6onx0sfs5da1htjq461tfvtid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j6onx0sfs5da1htjq461tfvtid|03|net"; nocase; ) # 1ymdone1cgfo5u10xtao717x67yl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ymdone1cgfo5u10xtao717x67yl|03|org"; nocase; ) # 6jynru1jt3eqy1qupr26ezetq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6jynru1jt3eqy1qupr26ezetq7|03|biz"; nocase; ) # 1cyhsb7d3kfzyb9rj6qfrn3bv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cyhsb7d3kfzyb9rj6qfrn3bv|03|net"; nocase; ) # dh8dxi1etazn2jdk7x8awjj19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dh8dxi1etazn2jdk7x8awjj19|03|org"; nocase; ) # tcjusq1jsdihllv4mq9javptb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tcjusq1jsdihllv4mq9javptb|03|com"; nocase; ) # 14h0eg12wibqr14sv9l2wv4lgf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14h0eg12wibqr14sv9l2wv4lgf|03|biz"; nocase; ) # 1nxhh551d5tqsz13gey1ztcsowc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nxhh551d5tqsz13gey1ztcsowc|03|com"; nocase; ) # 46fp337y95nl168qz4ddn90m3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|46fp337y95nl168qz4ddn90m3|03|org"; nocase; ) # 8sn6zh1oqg5solmn6bxr2hfh7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sn6zh1oqg5solmn6bxr2hfh7|03|biz"; nocase; ) # 1r8w0m81jb05zljobhakev7x35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8w0m81jb05zljobhakev7x35|03|org"; nocase; ) # yrguy31ppl8l7172o3xqmr6or6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yrguy31ppl8l7172o3xqmr6or6|03|net"; nocase; ) # 1kuckas1jrqikn1exdpak3le4yy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kuckas1jrqikn1exdpak3le4yy|03|net"; nocase; ) # 4jux3xycjbdiwvi8y4hj6qkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4jux3xycjbdiwvi8y4hj6qkl|03|com"; nocase; ) # 43xhj4x5duhr1kw9drd1aq65ov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|43xhj4x5duhr1kw9drd1aq65ov|03|com"; nocase; ) # 11t3l721vuo18i1w5sek45c0t3j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11t3l721vuo18i1w5sek45c0t3j|03|biz"; nocase; ) # 3o0slq18n4mn118q3wnrftkguz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3o0slq18n4mn118q3wnrftkguz|03|net"; nocase; ) # o462rzdqrgs97dplt71pv9q06.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o462rzdqrgs97dplt71pv9q06|03|org"; nocase; ) # msgwhgge7ufql3sb911ccys5o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|msgwhgge7ufql3sb911ccys5o|03|com"; nocase; ) # j874z1n6xqg01uupnub1odjb9h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j874z1n6xqg01uupnub1odjb9h|03|biz"; nocase; ) # 8qcmr1n01uo19cuey61j5w4u8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8qcmr1n01uo19cuey61j5w4u8|03|com"; nocase; ) # 1l2mz7z12en0x7wfu831mwqzrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l2mz7z12en0x7wfu831mwqzrv|03|com"; nocase; ) # 3a62xmzrbfh012m7a0o3xmg1z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3a62xmzrbfh012m7a0o3xmg1z|03|org"; nocase; ) # hhoxw71r0kvek1jj1fq21rgfs7e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hhoxw71r0kvek1jj1fq21rgfs7e|03|biz"; nocase; ) # 162n2ts1bycxurhoke5uddc4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|162n2ts1bycxurhoke5uddc4p|03|net"; nocase; ) # 1l8gdylya5efyok4hnkt1f949.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l8gdylya5efyok4hnkt1f949|03|com"; nocase; ) # 7i7viw1wg3xex1p01m1b13ymbjj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7i7viw1wg3xex1p01m1b13ymbjj|03|net"; nocase; ) # 1yzxzrwzpi8s11nz7pqtkdocqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yzxzrwzpi8s11nz7pqtkdocqf|03|net"; nocase; ) # svgxwh1p0r7u2p2odx9143s24h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|svgxwh1p0r7u2p2odx9143s24h|03|net"; nocase; ) # 1fjc0yt1t8l8rb15dyrz516uhuo1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fjc0yt1t8l8rb15dyrz516uhuo1|03|biz"; nocase; ) # 1i6t1ctkqi5u6x22k9f1ilhqnd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i6t1ctkqi5u6x22k9f1ilhqnd|03|net"; nocase; ) # nu51k7oroor51kemted73f5to.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nu51k7oroor51kemted73f5to|03|org"; nocase; ) # qjsdam189mgrj6tiru71yk7awa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qjsdam189mgrj6tiru71yk7awa|03|net"; nocase; ) # 187gqy610yfb151n2ezyhf0mhd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|187gqy610yfb151n2ezyhf0mhd|03|net"; nocase; ) # 1e2ii8d18p18ki1xqhumc16aji64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e2ii8d18p18ki1xqhumc16aji64|03|com"; nocase; ) # 1eskhox1vv5l3p1bz118517kfjz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eskhox1vv5l3p1bz118517kfjz|03|com"; nocase; ) # 1uhtcc5c4am761w1yqks19f88ms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uhtcc5c4am761w1yqks19f88ms|03|org"; nocase; ) # 10wg0zm1rsp3pp15orq8a9lk9ru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wg0zm1rsp3pp15orq8a9lk9ru|03|org"; nocase; ) # 13qddpc1ecve5618i7gaq1bqf0n5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13qddpc1ecve5618i7gaq1bqf0n5|03|net"; nocase; ) # 5c3qopbamb35cg2udgvlgv7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5c3qopbamb35cg2udgvlgv7w|03|net"; nocase; ) # fwsmkg1ggav3x1r9v0lx4fnr0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fwsmkg1ggav3x1r9v0lx4fnr0p|03|net"; nocase; ) # 118y22v1d7qpew1vk0aqf163vx22.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|118y22v1d7qpew1vk0aqf163vx22|03|biz"; nocase; ) # 19ogl3q8467kt1o94t01ivtgp9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ogl3q8467kt1o94t01ivtgp9|03|org"; nocase; ) # tw8w0643vfqm31402aubyn5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tw8w0643vfqm31402aubyn5|03|net"; nocase; ) # tmngcvhrwb881s7ya0v1i1sjlj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tmngcvhrwb881s7ya0v1i1sjlj|03|biz"; nocase; ) # 10t3y3u1yrxiwu1bmehda8vfezb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10t3y3u1yrxiwu1bmehda8vfezb|03|org"; nocase; ) # 1vtow88fsb5go588dkn116x4v6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vtow88fsb5go588dkn116x4v6|03|net"; nocase; ) # 1n078ziogmzmseuhbv36s4bmv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n078ziogmzmseuhbv36s4bmv|03|com"; nocase; ) # 1mw9e1o157kclt1a53mij1a4vqjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mw9e1o157kclt1a53mij1a4vqjv|03|org"; nocase; ) # 1jfgdwi1dwinn97pkyjy1k0i330.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfgdwi1dwinn97pkyjy1k0i330|03|biz"; nocase; ) # 64mf7fpzzog1m1v1l10b6ghc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|64mf7fpzzog1m1v1l10b6ghc|03|com"; nocase; ) # cs6ra41jeredlw5o0isxhnzv1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs6ra41jeredlw5o0isxhnzv1|03|biz"; nocase; ) # 1spnjky119xi8n1je1clt6tygld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1spnjky119xi8n1je1clt6tygld|03|net"; nocase; ) # lovrww1eh4lxymh1eohmhbdyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lovrww1eh4lxymh1eohmhbdyr|03|net"; nocase; ) # 1f6hnt8iu2teh10mumrj1owoo7d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6hnt8iu2teh10mumrj1owoo7d|03|org"; nocase; ) # 1ilc5fat3a9swrktb901uflyvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ilc5fat3a9swrktb901uflyvw|03|org"; nocase; ) # 1yk9hlj837u0jyxmeop1bnc4y3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yk9hlj837u0jyxmeop1bnc4y3|03|com"; nocase; ) # 1qzg8vd18xzb49d0naew13emk5n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qzg8vd18xzb49d0naew13emk5n|03|org"; nocase; ) # 19w9wn7pa6azt1yi2y711c48mes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19w9wn7pa6azt1yi2y711c48mes|03|net"; nocase; ) # 6qgwy7c1g7qo1hs0ihy15v4vyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6qgwy7c1g7qo1hs0ihy15v4vyv|03|org"; nocase; ) # fkneyi1is5qpb1s0v437l0aq4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fkneyi1is5qpb1s0v437l0aq4g|03|net"; nocase; ) # io4awr1ppjd11fqsrcs1j338o8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io4awr1ppjd11fqsrcs1j338o8|03|com"; nocase; ) # 264znp6ukcnuv58mh1c0qf2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|264znp6ukcnuv58mh1c0qf2l|03|biz"; nocase; ) # ci8z3c1gleyla8zpl5p1lv0mk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ci8z3c1gleyla8zpl5p1lv0mk6|03|org"; nocase; ) # iy000216f9tt6m3ixjs728brk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iy000216f9tt6m3ixjs728brk|03|org"; nocase; ) # od5isi1o7g3nl17gh94k1ak8asm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|od5isi1o7g3nl17gh94k1ak8asm|03|net"; nocase; ) # 2lm7c2i2veep1wv6apogufkz2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2lm7c2i2veep1wv6apogufkz2|03|biz"; nocase; ) # f4wn0auarse5186ojw6y3hi32.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4wn0auarse5186ojw6y3hi32|03|biz"; nocase; ) # 14u7zvy12s8cgv1xwa0x543frdz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14u7zvy12s8cgv1xwa0x543frdz|03|org"; nocase; ) # 1v0h9xztl46oi1qczjwzkc9n5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v0h9xztl46oi1qczjwzkc9n5z|03|net"; nocase; ) # qo87zn1tnm0and81t401t7iuyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qo87zn1tnm0and81t401t7iuyh|03|com"; nocase; ) # 1j67b4fbob98715djo8pmgi5u6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j67b4fbob98715djo8pmgi5u6|03|net"; nocase; ) # 1j42xtsa0iac41li8piw1bqc53q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j42xtsa0iac41li8piw1bqc53q|03|com"; nocase; ) # qhpfxwmsiuri1jv19fo1lpprug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qhpfxwmsiuri1jv19fo1lpprug|03|net"; nocase; ) # s958mgzqtrz31gr283u19ittwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s958mgzqtrz31gr283u19ittwq|03|com"; nocase; ) # 1uk85ik1mvxzbxglab1bqapbpe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uk85ik1mvxzbxglab1bqapbpe|03|net"; nocase; ) # coqy7zm8y1t610baleo1dqi8y9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|coqy7zm8y1t610baleo1dqi8y9|03|com"; nocase; ) # ds33bt18xccsi1ug3atw13nbd3t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ds33bt18xccsi1ug3atw13nbd3t|03|net"; nocase; ) # 1nvotdmo9tk1wzd0d8yke4g3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nvotdmo9tk1wzd0d8yke4g3s|03|com"; nocase; ) # 1abwgtt1sf97t4g42k971jtnkq7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1abwgtt1sf97t4g42k971jtnkq7|03|org"; nocase; ) # 1t2s2rf1s4umjf8fl5ttuzlj34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t2s2rf1s4umjf8fl5ttuzlj34|03|com"; nocase; ) # 8ubnjns477531nr6la9nnk78t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ubnjns477531nr6la9nnk78t|03|com"; nocase; ) # kfoo8x1ve45o21xrqcjp105an53.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kfoo8x1ve45o21xrqcjp105an53|03|com"; nocase; ) # 1u3urw41f2671kzbvlo11kcfbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u3urw41f2671kzbvlo11kcfbl|03|net"; nocase; ) # 7hjct5rms80y1eczgqr1mmo1wh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7hjct5rms80y1eczgqr1mmo1wh|03|net"; nocase; ) # 1svkinh16ul5uk1md6f8y164b8yh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1svkinh16ul5uk1md6f8y164b8yh|03|com"; nocase; ) # rsgk741ej0quj1keux5h1o9wb6y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rsgk741ej0quj1keux5h1o9wb6y|03|com"; nocase; ) # 6cpeax9oe7pis4mdiss9t2tg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6cpeax9oe7pis4mdiss9t2tg|03|org"; nocase; ) # 1ip6m2t18fkzt71sjeicj1th1ii3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ip6m2t18fkzt71sjeicj1th1ii3|03|org"; nocase; ) # 5md3711jipc471evaish1bb6x4a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5md3711jipc471evaish1bb6x4a|03|biz"; nocase; ) # 1q6p5sp1m578gx1yvnvtm1ear48s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q6p5sp1m578gx1yvnvtm1ear48s|03|biz"; nocase; ) # 10ieqkl1ykyj0r7yis4n1hqbwrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ieqkl1ykyj0r7yis4n1hqbwrj|03|net"; nocase; ) # t1897ep3pguik2hkmk1l39nyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t1897ep3pguik2hkmk1l39nyc|03|com"; nocase; ) # 10ryv3j19oskpxgd3ce1lbqtvh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ryv3j19oskpxgd3ce1lbqtvh|03|com"; nocase; ) # 16y1p9g1dia2ls1e5asxq19n2aqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16y1p9g1dia2ls1e5asxq19n2aqj|03|org"; nocase; ) # 2n1j04180paqeo2tq181g69q0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2n1j04180paqeo2tq181g69q0|03|org"; nocase; ) # 15k9klp10apw7r12mr8sf1q82idd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15k9klp10apw7r12mr8sf1q82idd|03|biz"; nocase; ) # 2wzo7514h0c7id3eh6h0rm7q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2wzo7514h0c7id3eh6h0rm7q|03|biz"; nocase; ) # 137hu1ueqqbbkmuvau1hnmb29.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|137hu1ueqqbbkmuvau1hnmb29|03|org"; nocase; ) # 138ogn1c657lehri8ic1j3to5s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|138ogn1c657lehri8ic1j3to5s|03|org"; nocase; ) # p7gmcb1ef1sfy1hhpzynv268pc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7gmcb1ef1sfy1hhpzynv268pc|03|org"; nocase; ) # wi6aru14a7n134ajartk8ocss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wi6aru14a7n134ajartk8ocss|03|org"; nocase; ) # 97tp7j11qyuqnqvhcra1sdc4na.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|97tp7j11qyuqnqvhcra1sdc4na|03|org"; nocase; ) # 55rqcz1v3rmmlz3b02p1b0s1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|55rqcz1v3rmmlz3b02p1b0s1f|03|org"; nocase; ) # ty6jvjgy2dtpw0uudn55s10t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ty6jvjgy2dtpw0uudn55s10t|03|org"; nocase; ) # xvz3wen9s5enn7b7nq1omzsqb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvz3wen9s5enn7b7nq1omzsqb|03|org"; nocase; ) # 5lxrvel0sb2emxuxjbz116yu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5lxrvel0sb2emxuxjbz116yu|03|org"; nocase; ) # x5vfu06jnvg2sjgx1x1kbzbmt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5vfu06jnvg2sjgx1x1kbzbmt|03|biz"; nocase; ) # 66pg8zmjqo991jr86s512mbd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66pg8zmjqo991jr86s512mbd4|03|net"; nocase; ) # 1kejc5s1n3e0ko1my0zez1vwxfq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kejc5s1n3e0ko1my0zez1vwxfq0|03|biz"; nocase; ) # u6s3h1oth4n01k41i3v469bds.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u6s3h1oth4n01k41i3v469bds|03|org"; nocase; ) # 1o17c0o1dc33f2192570811zhhj0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o17c0o1dc33f2192570811zhhj0|03|net"; nocase; ) # 1qi42j8bcp97w1crp1xr1qodi2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qi42j8bcp97w1crp1xr1qodi2s|03|net"; nocase; ) # 1fri53w1sh3tcp18tdahk1sujryk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fri53w1sh3tcp18tdahk1sujryk|03|org"; nocase; ) # 1mpicom13wxn4p8q6jgl1kie5ql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mpicom13wxn4p8q6jgl1kie5ql|03|com"; nocase; ) # 1q4c0m0gqgg91brunyho6nkbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q4c0m0gqgg91brunyho6nkbc|03|com"; nocase; ) # w7jaa6106ovnlm7h7ek1qvbo53.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w7jaa6106ovnlm7h7ek1qvbo53|03|com"; nocase; ) # zgapdx11d4qq3euh6o9w7b77b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zgapdx11d4qq3euh6o9w7b77b|03|org"; nocase; ) # 1vkot6q1smbmfkc5py8f116fb2k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vkot6q1smbmfkc5py8f116fb2k|03|biz"; nocase; ) # 10o3flud964wp1b8q7q3o431ix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10o3flud964wp1b8q7q3o431ix|03|com"; nocase; ) # 1lhskckhguee91ww98jojibc28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lhskckhguee91ww98jojibc28|03|net"; nocase; ) # 1gp66eyfh6mg08y9j52pjlwlb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gp66eyfh6mg08y9j52pjlwlb|03|net"; nocase; ) # hyyzo8197s3zw1dr115jqhuvbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hyyzo8197s3zw1dr115jqhuvbq|03|org"; nocase; ) # lazrxvf3dd671d3nm17690i9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lazrxvf3dd671d3nm17690i9g|03|com"; nocase; ) # 1wihunlzjwf381smh0t1o8axoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wihunlzjwf381smh0t1o8axoy|03|net"; nocase; ) # ht1yuymchjqu1ezch1b1uh1jjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ht1yuymchjqu1ezch1b1uh1jjt|03|biz"; nocase; ) # 79ljl7wri6rda5w55v40fhse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|79ljl7wri6rda5w55v40fhse|03|com"; nocase; ) # 19alqspoexoh7e9q596i7ih81.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19alqspoexoh7e9q596i7ih81|03|biz"; nocase; ) # l6giaa17qqkci1rt2sf61vney7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l6giaa17qqkci1rt2sf61vney7b|03|com"; nocase; ) # 1pju79ado8jqe10ov4k518lb026.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pju79ado8jqe10ov4k518lb026|03|net"; nocase; ) # 13invft1qi6uhv1dgvwbr9h63i5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13invft1qi6uhv1dgvwbr9h63i5|03|biz"; nocase; ) # thjxy51lk63txrz8or2rj14p9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thjxy51lk63txrz8or2rj14p9|03|com"; nocase; ) # i6yv6x1ecblpvipolkj1jp00j7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6yv6x1ecblpvipolkj1jp00j7|03|biz"; nocase; ) # 16rbwtl1sthyhvvexyes1gj1013.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16rbwtl1sthyhvvexyes1gj1013|03|org"; nocase; ) # 1qktkbjaepzey1wt577hvjgph2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qktkbjaepzey1wt577hvjgph2|03|com"; nocase; ) # 171molkltq8s1n1vm14nrwho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|171molkltq8s1n1vm14nrwho|03|com"; nocase; ) # np5kvnwhyc4twcfb7sltla42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|np5kvnwhyc4twcfb7sltla42|03|com"; nocase; ) # 17uq0za19gf6skxrjxfq1845b6w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uq0za19gf6skxrjxfq1845b6w|03|org"; nocase; ) # 2yl47j1419iptdf12ntr11ze5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2yl47j1419iptdf12ntr11ze5|03|biz"; nocase; ) # lxmitldi6xi81dehci6pkretj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lxmitldi6xi81dehci6pkretj|03|net"; nocase; ) # 1017awc1n1bvbrpzoq7q1anmf2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1017awc1n1bvbrpzoq7q1anmf2m|03|net"; nocase; ) # 1h2laqaqzb2k91rb02fb1h61u13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h2laqaqzb2k91rb02fb1h61u13|03|net"; nocase; ) # xv27r31p4avwan0q0wx1jno90f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xv27r31p4avwan0q0wx1jno90f|03|com"; nocase; ) # 6mflgy1r76r731w3s3to11kyext.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6mflgy1r76r731w3s3to11kyext|03|com"; nocase; ) # 3v87ob3gvjkc1kz2tpe48z0aa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3v87ob3gvjkc1kz2tpe48z0aa|03|org"; nocase; ) # 10vmxqhpxvm5kd52uaw40p4b5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10vmxqhpxvm5kd52uaw40p4b5|03|com"; nocase; ) # w1kcmf12u1o1t1fhaottlypprc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w1kcmf12u1o1t1fhaottlypprc|03|net"; nocase; ) # 14yjgqw1eoudos4sp0wnw49x3q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14yjgqw1eoudos4sp0wnw49x3q|03|biz"; nocase; ) # 1825o5rh4oj901ahy6qx19yzlbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1825o5rh4oj901ahy6qx19yzlbw|03|com"; nocase; ) # g4rkth1lw9ca01qwa7r717xgw89.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g4rkth1lw9ca01qwa7r717xgw89|03|biz"; nocase; ) # oh1bg513rp1vvwre7yemvro6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oh1bg513rp1vvwre7yemvro6j|03|org"; nocase; ) # zhccgn1431c8p9ubpxg14c0izz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhccgn1431c8p9ubpxg14c0izz|03|net"; nocase; ) # tdm9tm134ebc8kqx7e71ws79pp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdm9tm134ebc8kqx7e71ws79pp|03|biz"; nocase; ) # 1tk27s51ybl15kw7tbo71is6tb3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tk27s51ybl15kw7tbo71is6tb3|03|biz"; nocase; ) # cfoe0j983zm2wcjnlmivy53.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|cfoe0j983zm2wcjnlmivy53|03|org"; nocase; ) # ozqbtc14ab6mxqi5zgmjsmpf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ozqbtc14ab6mxqi5zgmjsmpf4|03|com"; nocase; ) # 12cuwcj1on39ps1ozblpg1llnitq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12cuwcj1on39ps1ozblpg1llnitq|03|net"; nocase; ) # 12qurtg1jiiitt1qw19g711na1sd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12qurtg1jiiitt1qw19g711na1sd|03|biz"; nocase; ) # 11q0hbj19eczaoj152m315eo18w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11q0hbj19eczaoj152m315eo18w|03|org"; nocase; ) # txvn2b5k58bhvml024rm3cbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|txvn2b5k58bhvml024rm3cbt|03|org"; nocase; ) # 1wjypsx5yr0tmocgv5q66z316.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wjypsx5yr0tmocgv5q66z316|03|org"; nocase; ) # 99vxgbk4rovc1bhfeuezjrife.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|99vxgbk4rovc1bhfeuezjrife|03|net"; nocase; ) # yp7760xpvdoq1k421va1afrbmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yp7760xpvdoq1k421va1afrbmu|03|org"; nocase; ) # zm7yf713tzf001of0s221f3bom9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zm7yf713tzf001of0s221f3bom9|03|com"; nocase; ) # nrxfkh1d0dxjdp9uxighyrdfs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nrxfkh1d0dxjdp9uxighyrdfs|03|biz"; nocase; ) # 1kbkttn1ki4p7i2a9j4w1tqkwf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kbkttn1ki4p7i2a9j4w1tqkwf4|03|net"; nocase; ) # 1x4kt1435epbl162c79ndg4ocp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x4kt1435epbl162c79ndg4ocp|03|org"; nocase; ) # 1ipasjp139q3hj1fs89791emoyt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ipasjp139q3hj1fs89791emoyt6|03|net"; nocase; ) # 1vksx8y1ugel8r1rticxy10qwfpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vksx8y1ugel8r1rticxy10qwfpy|03|com"; nocase; ) # hsi571h124p2k2rfb18yyp21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hsi571h124p2k2rfb18yyp21|03|biz"; nocase; ) # 1lyepoeqp6hit1lc3ba71h6tr9o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lyepoeqp6hit1lc3ba71h6tr9o|03|org"; nocase; ) # yj4zsy190k1rcyl5dwn1yx47ww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yj4zsy190k1rcyl5dwn1yx47ww|03|com"; nocase; ) # 13vygau1lhow15hvcix12ka8w3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13vygau1lhow15hvcix12ka8w3|03|biz"; nocase; ) # 8x5qyo1xo2kqd1acj5xz1w9n11p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8x5qyo1xo2kqd1acj5xz1w9n11p|03|net"; nocase; ) # wzkt9nghs239hs60hsqqq0jl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wzkt9nghs239hs60hsqqq0jl|03|com"; nocase; ) # 1v2k842zne8jk1tvvtm715wr5u4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v2k842zne8jk1tvvtm715wr5u4|03|biz"; nocase; ) # 1sddda0o5yjc51xn6lko13zf9pw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sddda0o5yjc51xn6lko13zf9pw|03|com"; nocase; ) # 1vfyn5yiv9o1wfoff7uzj0f3z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vfyn5yiv9o1wfoff7uzj0f3z|03|org"; nocase; ) # 13lovs81abr7681e5ice3kv97to.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13lovs81abr7681e5ice3kv97to|03|net"; nocase; ) # shljsn367grsg869tzibdz4x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|shljsn367grsg869tzibdz4x|03|com"; nocase; ) # 1m3jdpv1m7govz1wntx801d5244y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m3jdpv1m7govz1wntx801d5244y|03|biz"; nocase; ) # 1qj3kgk1t75lgl1en75ke1yw5tdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qj3kgk1t75lgl1en75ke1yw5tdu|03|com"; nocase; ) # 1ryf1rv16dzp6r1eouljn1h61h47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ryf1rv16dzp6r1eouljn1h61h47|03|org"; nocase; ) # z4r0io1vpgu95w1oapb1apa0oa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z4r0io1vpgu95w1oapb1apa0oa|03|net"; nocase; ) # 1w7i8421t6zbwl1ls6k04162lv4b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w7i8421t6zbwl1ls6k04162lv4b|03|com"; nocase; ) # 1dcw10n1rh8yez1u1pbk82qbnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dcw10n1rh8yez1u1pbk82qbnl|03|biz"; nocase; ) # 2frwtt1j2owlgwhqg65ck8mog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2frwtt1j2owlgwhqg65ck8mog|03|org"; nocase; ) # u6ilf6ilf1hj13nx6ku15ymbxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u6ilf6ilf1hj13nx6ku15ymbxk|03|net"; nocase; ) # 1xxyoa0hs3lqksfrh6qdywzqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xxyoa0hs3lqksfrh6qdywzqn|03|org"; nocase; ) # u81awewm39gtukml9w1alsa6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u81awewm39gtukml9w1alsa6n|03|org"; nocase; ) # dts58f1itg6wihqa85mbt2bgq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dts58f1itg6wihqa85mbt2bgq|03|org"; nocase; ) # 1r8bbbs1ru2hzviraq4gww3ik7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8bbbs1ru2hzviraq4gww3ik7|03|biz"; nocase; ) # lju66u44xjb62t470f1bejqp6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lju66u44xjb62t470f1bejqp6|03|biz"; nocase; ) # vx8va41bt5tjg1uzg1crwb9g65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vx8va41bt5tjg1uzg1crwb9g65|03|net"; nocase; ) # 13dotll17x75yp18uafsp2xw0eg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13dotll17x75yp18uafsp2xw0eg|03|com"; nocase; ) # 1b05cvh12fppyc12glr3ym5kx76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b05cvh12fppyc12glr3ym5kx76|03|org"; nocase; ) # bynsr4e1j4epggkj441gnzmko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bynsr4e1j4epggkj441gnzmko|03|biz"; nocase; ) # 1yw39cn9p12uw15uik6ef8x9ev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yw39cn9p12uw15uik6ef8x9ev|03|com"; nocase; ) # 1wnnrpnadhsggpt1z521xqe49g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wnnrpnadhsggpt1z521xqe49g|03|org"; nocase; ) # mdl6bde7gb3tbuywam1v51jcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mdl6bde7gb3tbuywam1v51jcx|03|org"; nocase; ) # etelk19oqq4n9mvrliep311z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|etelk19oqq4n9mvrliep311z|03|net"; nocase; ) # 1alh0ev1f3mz4v19ixhnamr45nq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1alh0ev1f3mz4v19ixhnamr45nq|03|net"; nocase; ) # 1tyfyxsix79w75w35dc128amcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tyfyxsix79w75w35dc128amcc|03|com"; nocase; ) # x4glq4di20r3gazu8f1fukrp8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x4glq4di20r3gazu8f1fukrp8|03|org"; nocase; ) # 6s5hdd1klggyin0ximl17bk6ca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6s5hdd1klggyin0ximl17bk6ca|03|biz"; nocase; ) # 17whcm61bld17l122psnmacpgbu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17whcm61bld17l122psnmacpgbu|03|org"; nocase; ) # mv9dpu1wcx45r6qxnevt9sa9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mv9dpu1wcx45r6qxnevt9sa9r|03|com"; nocase; ) # naey1zjbcw0q1lk3qmir17yw3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|naey1zjbcw0q1lk3qmir17yw3|03|org"; nocase; ) # nznxxxc2fr1ckksmpg1hwryk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nznxxxc2fr1ckksmpg1hwryk9|03|net"; nocase; ) # w8nyx7a40xugjmwqo41jetxzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8nyx7a40xugjmwqo41jetxzw|03|com"; nocase; ) # 1wcjtu2ctmnwyn5ypqg1w0iz0z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wcjtu2ctmnwyn5ypqg1w0iz0z|03|biz"; nocase; ) # rhsicq8nnmd1cawijr1d8u6j7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhsicq8nnmd1cawijr1d8u6j7|03|net"; nocase; ) # ln05zpyxti3jozx6zi4mdf6y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ln05zpyxti3jozx6zi4mdf6y|03|org"; nocase; ) # 1nyjnab1fb6t6d20e5xq4zxi0z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nyjnab1fb6t6d20e5xq4zxi0z|03|net"; nocase; ) # 1epxfoud7yo11tv7nz61pak7mp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1epxfoud7yo11tv7nz61pak7mp|03|net"; nocase; ) # gs2ptm7krrjg1sirwlmb87j5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gs2ptm7krrjg1sirwlmb87j5d|03|net"; nocase; ) # ee6qb41k9ouod1bs8a931xa6m6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ee6qb41k9ouod1bs8a931xa6m6s|03|net"; nocase; ) # 1m0avl3od9llysm013t1m3x851.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m0avl3od9llysm013t1m3x851|03|com"; nocase; ) # 5zxi9lvcgsvwes3gyk14slhbn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5zxi9lvcgsvwes3gyk14slhbn|03|org"; nocase; ) # web6i7oc8zk2gggz6fex263z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|web6i7oc8zk2gggz6fex263z|03|com"; nocase; ) # 1ubmkn11bycpy7b6gu8eo1sq0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ubmkn11bycpy7b6gu8eo1sq0r|03|net"; nocase; ) # q30wjtwvog3q182q0bl1r70df7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q30wjtwvog3q182q0bl1r70df7|03|org"; nocase; ) # 12ehqbjig0kg0mjt9412dd2qa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ehqbjig0kg0mjt9412dd2qa|03|net"; nocase; ) # 16x7znbgo9kl31z00qohj8uhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16x7znbgo9kl31z00qohj8uhc|03|org"; nocase; ) # 12yp1qji2bddakqm9mx1j0mkj2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12yp1qji2bddakqm9mx1j0mkj2|03|org"; nocase; ) # 1ylr0jr1lagx4h1jhd51k1poh28p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ylr0jr1lagx4h1jhd51k1poh28p|03|org"; nocase; ) # 14do8yz19i3q2b5f81npxztnct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14do8yz19i3q2b5f81npxztnct|03|com"; nocase; ) # 1lfld4g14fpcrg9w2ig5hlwh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lfld4g14fpcrg9w2ig5hlwh9|03|com"; nocase; ) # 17ztqjo60uoey1vbqft6154q4kw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ztqjo60uoey1vbqft6154q4kw|03|net"; nocase; ) # 3tvse8f3gekp1x7xglg1cwov5q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3tvse8f3gekp1x7xglg1cwov5q|03|org"; nocase; ) # 1srh2zr1q5ets61vg1jt21sum9qe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1srh2zr1q5ets61vg1jt21sum9qe|03|org"; nocase; ) # 15ttwhjwi87isyiydfm1xh65rn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ttwhjwi87isyiydfm1xh65rn|03|org"; nocase; ) # xmplfc1rgir2t13fy901ekdw8x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xmplfc1rgir2t13fy901ekdw8x|03|com"; nocase; ) # 1yumh6qntrx591f9ybwh1pgpsim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yumh6qntrx591f9ybwh1pgpsim|03|com"; nocase; ) # 2cwxungz8t3t8r7xawxr6dt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|2cwxungz8t3t8r7xawxr6dt|03|biz"; nocase; ) # 107gma4ptz84z12lyuzkdivxs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107gma4ptz84z12lyuzkdivxs2|03|net"; nocase; ) # 8u5x2areqilxcqq0u41dulkmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8u5x2areqilxcqq0u41dulkmk|03|org"; nocase; ) # 1gy6akago04ldf5mj5q17c862f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gy6akago04ldf5mj5q17c862f|03|biz"; nocase; ) # kt6599brsrpoe15h8x19iyueg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kt6599brsrpoe15h8x19iyueg|03|org"; nocase; ) # 12u92dfw9s2j1c1sgd3118u7dv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12u92dfw9s2j1c1sgd3118u7dv|03|biz"; nocase; ) # jdcmjew74rvpfh78kiym3p7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jdcmjew74rvpfh78kiym3p7l|03|net"; nocase; ) # wu2h7i1ic9lvdjnkz72pggqei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wu2h7i1ic9lvdjnkz72pggqei|03|biz"; nocase; ) # zvawt21voeppq1y2dah1ille4t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zvawt21voeppq1y2dah1ille4t|03|biz"; nocase; ) # 1d3nsqh8vr997146ep1apc2842.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d3nsqh8vr997146ep1apc2842|03|org"; nocase; ) # nvp5251hw5vgb10p7rbt178mb0b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nvp5251hw5vgb10p7rbt178mb0b|03|com"; nocase; ) # 139kdef7le7gg1ld1o02ndizct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|139kdef7le7gg1ld1o02ndizct|03|net"; nocase; ) # fv9os834icc7vhc3hg6sd56p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fv9os834icc7vhc3hg6sd56p|03|com"; nocase; ) # uea6sd98u4d2cv691n14k36mq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uea6sd98u4d2cv691n14k36mq|03|com"; nocase; ) # 1733j9m1ow2pel1klowld1w373yl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1733j9m1ow2pel1klowld1w373yl|03|biz"; nocase; ) # 1mtm5kk1i3a4d4w87cwvb0gkcz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mtm5kk1i3a4d4w87cwvb0gkcz|03|org"; nocase; ) # n6qs6z1wcnogl1ipaopwh6221y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6qs6z1wcnogl1ipaopwh6221y|03|biz"; nocase; ) # oy8xym2d0ycp1v1tbbog7ej7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oy8xym2d0ycp1v1tbbog7ej7d|03|net"; nocase; ) # g0e13hbenqlouzmb7e1fgheyx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g0e13hbenqlouzmb7e1fgheyx|03|org"; nocase; ) # pqp4y83g0sb011cghm61pyw62m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pqp4y83g0sb011cghm61pyw62m|03|com"; nocase; ) # 1u4xxnq1beb5m01r4ab6uimnw2q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u4xxnq1beb5m01r4ab6uimnw2q|03|com"; nocase; ) # 1t4x14ozzk5j31p7yogy1oq7eyw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4x14ozzk5j31p7yogy1oq7eyw|03|net"; nocase; ) # 1skdbbe11tf23o1gd7xbl15jto7q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1skdbbe11tf23o1gd7xbl15jto7q|03|org"; nocase; ) # 1u5ndofu3wx3619ozasrkt6ojj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u5ndofu3wx3619ozasrkt6ojj|03|net"; nocase; ) # fuykbg12kc2b1h2lx00uwie56.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fuykbg12kc2b1h2lx00uwie56|03|com"; nocase; ) # 1jm6bsi1rialxl19cziisdfyf5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jm6bsi1rialxl19cziisdfyf5e|03|net"; nocase; ) # 1lhzyjg5jkk081gsz2v6rdpspu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lhzyjg5jkk081gsz2v6rdpspu|03|com"; nocase; ) # v0v37gwc5wzxcwhf1uoel6kd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v0v37gwc5wzxcwhf1uoel6kd|03|org"; nocase; ) # 1on9o5t11utvomtnk48u14qldb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1on9o5t11utvomtnk48u14qldb3|03|net"; nocase; ) # 10vj5zm1mkh3vlohitri1kyil9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10vj5zm1mkh3vlohitri1kyil9h|03|net"; nocase; ) # bubkpsk4r7o6w4lgffcyd75h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bubkpsk4r7o6w4lgffcyd75h|03|com"; nocase; ) # f5t63mnavehdwkx0svzoq2eq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5t63mnavehdwkx0svzoq2eq|03|net"; nocase; ) # 1dtwm2m1hy56311ntc8tm1v612pn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dtwm2m1hy56311ntc8tm1v612pn|03|org"; nocase; ) # 1ef7jb41wbl4ll1e4k0hpg8jrnj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ef7jb41wbl4ll1e4k0hpg8jrnj|03|com"; nocase; ) # 1sv24b7fsbfa21htfwv85797cq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sv24b7fsbfa21htfwv85797cq|03|com"; nocase; ) # roxu8ssbomrh4qyrlc1ul53f7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|roxu8ssbomrh4qyrlc1ul53f7|03|org"; nocase; ) # 15c9ddisjxw0g9x2vbm1965tzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15c9ddisjxw0g9x2vbm1965tzy|03|net"; nocase; ) # 9t5x6b6ss85f1evim0zyyg3os.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9t5x6b6ss85f1evim0zyyg3os|03|net"; nocase; ) # jthal11rtsvfo19sl8e4yiy2k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jthal11rtsvfo19sl8e4yiy2k|03|net"; nocase; ) # on025s14t6k101ro5mtg6ge5ce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|on025s14t6k101ro5mtg6ge5ce|03|biz"; nocase; ) # yhdgpm13tx63fn8ytxzwnrf1x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yhdgpm13tx63fn8ytxzwnrf1x|03|net"; nocase; ) # h66wd14j3ddw1spju6l1v9npyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h66wd14j3ddw1spju6l1v9npyj|03|com"; nocase; ) # 1kw0fgr1oq5nxm13kpvzyfqpuwe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kw0fgr1oq5nxm13kpvzyfqpuwe|03|biz"; nocase; ) # jxmdal1gybmfb1kjfobsghq3ou.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jxmdal1gybmfb1kjfobsghq3ou|03|biz"; nocase; ) # w05z1h1bbm9dm1byyu23woc0rv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w05z1h1bbm9dm1byyu23woc0rv|03|com"; nocase; ) # 8ra74m1tpcdru1s74yrdpszlt3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ra74m1tpcdru1s74yrdpszlt3|03|com"; nocase; ) # 1dvr4z31fhfnn01knua11b1q5jj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dvr4z31fhfnn01knua11b1q5jj|03|net"; nocase; ) # f3gf9nlfoh81yrjgjj1yrtwsg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3gf9nlfoh81yrjgjj1yrtwsg|03|org"; nocase; ) # 168cvym1rq8ggu1kr3r7n10pdz6e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|168cvym1rq8ggu1kr3r7n10pdz6e|03|com"; nocase; ) # s4b5aqobr987hq53q6iu0ny5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s4b5aqobr987hq53q6iu0ny5|03|org"; nocase; ) # 2hypym1aa0qnt1now5tpt31pa9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2hypym1aa0qnt1now5tpt31pa9|03|net"; nocase; ) # pwtfhzwnuv9geu5c8zn1gexa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pwtfhzwnuv9geu5c8zn1gexa|03|net"; nocase; ) # 12ygt858a7giseulzmejetwv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ygt858a7giseulzmejetwv3|03|org"; nocase; ) # qy1gaksxe0241txrmxyzevhn7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qy1gaksxe0241txrmxyzevhn7|03|org"; nocase; ) # 4c71f81uh1dmhb9sima1bopnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4c71f81uh1dmhb9sima1bopnq|03|net"; nocase; ) # 16ezp0prhic9c1oybti8h2azzk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16ezp0prhic9c1oybti8h2azzk|03|com"; nocase; ) # pcsp431qcj2ygkfzuh214nnhqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pcsp431qcj2ygkfzuh214nnhqz|03|org"; nocase; ) # 1qv3u66v6s8001gwmw6r1q7x2h3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv3u66v6s8001gwmw6r1q7x2h3|03|com"; nocase; ) # 10v9ddqlmxkg1q0vs5h1huxa82.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10v9ddqlmxkg1q0vs5h1huxa82|03|net"; nocase; ) # 1wuuiwz13wwxul16yrnet1smi3pa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wuuiwz13wwxul16yrnet1smi3pa|03|com"; nocase; ) # 1adr14645xb8c9p50gb1mbjbzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1adr14645xb8c9p50gb1mbjbzz|03|net"; nocase; ) # 9whbgc1nriu6c6hgxnv1mqimo1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9whbgc1nriu6c6hgxnv1mqimo1|03|org"; nocase; ) # 13flg0snkm34m15wsi4mz4jsan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13flg0snkm34m15wsi4mz4jsan|03|net"; nocase; ) # k6qg2pjs4ri2mfudat8b3ga9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k6qg2pjs4ri2mfudat8b3ga9|03|biz"; nocase; ) # 16cly2rhij7glo505m9gejs8j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16cly2rhij7glo505m9gejs8j|03|net"; nocase; ) # 1eyb9m210mj1jp1ybccn012ei2y4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eyb9m210mj1jp1ybccn012ei2y4|03|org"; nocase; ) # ob7irw9hxjy6uh66pv1lx6h3e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ob7irw9hxjy6uh66pv1lx6h3e|03|com"; nocase; ) # ezl9bcl6wjyt1th7m8ycxklxd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ezl9bcl6wjyt1th7m8ycxklxd|03|net"; nocase; ) # f5i26wgs5osg9iuo2k1spocta.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f5i26wgs5osg9iuo2k1spocta|03|org"; nocase; ) # 1vne2xl1v6wvl311ixul813h60f4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vne2xl1v6wvl311ixul813h60f4|03|net"; nocase; ) # qv8mdd1a8l57j1ccdjv310eausp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qv8mdd1a8l57j1ccdjv310eausp|03|org"; nocase; ) # 1gliqs5fm0pddfqf5jrv72m6u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gliqs5fm0pddfqf5jrv72m6u|03|net"; nocase; ) # 1akihru8i62mv1ur833v1cbfl8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1akihru8i62mv1ur833v1cbfl8r|03|com"; nocase; ) # 4do72zqotqpq6lokv2hkqm2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4do72zqotqpq6lokv2hkqm2|03|org"; nocase; ) # 1394ox214f2a6j25ydris501oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1394ox214f2a6j25ydris501oh|03|biz"; nocase; ) # llx42s1tq42oa1goyxp31s84l4y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|llx42s1tq42oa1goyxp31s84l4y|03|net"; nocase; ) # vj8i4e1ihanl4zwahp91443gpd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vj8i4e1ihanl4zwahp91443gpd|03|com"; nocase; ) # 1vnaj7e1tjuz7y140raaqongza3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vnaj7e1tjuz7y140raaqongza3|03|net"; nocase; ) # 1avaqgp15d7m7erpcrk4433zbp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1avaqgp15d7m7erpcrk4433zbp|03|biz"; nocase; ) # 1f2jgm05dofne1p5s8cb1vfdpv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f2jgm05dofne1p5s8cb1vfdpv|03|org"; nocase; ) # llfaqk1lbgkaq1wv30hp1rxdo3k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|llfaqk1lbgkaq1wv30hp1rxdo3k|03|org"; nocase; ) # 1sqtkp1cnvcma1mxsy5fa4qkbk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sqtkp1cnvcma1mxsy5fa4qkbk|03|net"; nocase; ) # n7dgcs7f4y7x62rj6f159t2h3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7dgcs7f4y7x62rj6f159t2h3|03|com"; nocase; ) # 17wph7q2v5xt33r2lam36wupc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17wph7q2v5xt33r2lam36wupc|03|org"; nocase; ) # j4r50v5403r5yywj6w1k81i08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j4r50v5403r5yywj6w1k81i08|03|net"; nocase; ) # fahe3i19ezx1bxzzkf51g2lg1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fahe3i19ezx1bxzzkf51g2lg1g|03|com"; nocase; ) # b7gbrs168t6kx8vhdn0qerpbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b7gbrs168t6kx8vhdn0qerpbm|03|net"; nocase; ) # 18spaip1va554l4fp8ciqqm0to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18spaip1va554l4fp8ciqqm0to|03|com"; nocase; ) # cqmsaqlwh7av1839t1vfg34xh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cqmsaqlwh7av1839t1vfg34xh|03|org"; nocase; ) # 1ngdtos371yprr9lopckujr2z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ngdtos371yprr9lopckujr2z|03|biz"; nocase; ) # cl1un5lzobyhevqk0teya1b8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cl1un5lzobyhevqk0teya1b8|03|net"; nocase; ) # 4se2qz1ukz1bq1spzcqc10fvwza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4se2qz1ukz1bq1spzcqc10fvwza|03|org"; nocase; ) # 18bfyzjhtxzu77885y91rszq5h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18bfyzjhtxzu77885y91rszq5h|03|com"; nocase; ) # twp3z6qn9csxzetdsmvu5n5d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|twp3z6qn9csxzetdsmvu5n5d|03|org"; nocase; ) # 1cipdk51a9yo0ttr71xv10ayhzr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cipdk51a9yo0ttr71xv10ayhzr|03|net"; nocase; ) # 1d55sow110h30mjyqxown0xk17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d55sow110h30mjyqxown0xk17|03|com"; nocase; ) # ojinu2p5eeb7wpc8kq1wzitm6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ojinu2p5eeb7wpc8kq1wzitm6|03|org"; nocase; ) # 1kojf60fde6zd1u09zyk1dpd4db.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kojf60fde6zd1u09zyk1dpd4db|03|org"; nocase; ) # mqmtv8rkxrnqeanfxpgh2h3f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mqmtv8rkxrnqeanfxpgh2h3f|03|org"; nocase; ) # 4fgf5k1v3742i1ms70m5l2pa6f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000012999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4fgf5k1v3742i1ms70m5l2pa6f|03|org"; nocase; ) # 180lvlfp6jlt175ibtdbyoajg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|180lvlfp6jlt175ibtdbyoajg|03|biz"; nocase; ) # 1xmnyrf1ss0tw41t49j55lxegsk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xmnyrf1ss0tw41t49j55lxegsk|03|com"; nocase; ) # rcl3srd4j36wzkujou1by53vz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rcl3srd4j36wzkujou1by53vz|03|net"; nocase; ) # 1y983y81fdf5ix1757jn41i2zguj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y983y81fdf5ix1757jn41i2zguj|03|net"; nocase; ) # sbrobhw626x31f0bbaoq3m7xx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbrobhw626x31f0bbaoq3m7xx|03|biz"; nocase; ) # 1d9stxbhbcs7xrluvsmcphvys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d9stxbhbcs7xrluvsmcphvys|03|net"; nocase; ) # 2qj1qu1gj5l7jd14qjlw390so.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qj1qu1gj5l7jd14qjlw390so|03|com"; nocase; ) # 1g4xo41au5m75nl1lck1mrofka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g4xo41au5m75nl1lck1mrofka|03|org"; nocase; ) # 1t25n4ucz84gyuw0cxs1bxc83z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t25n4ucz84gyuw0cxs1bxc83z|03|net"; nocase; ) # 1fi20nh1k32rys104eyb1919l9m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fi20nh1k32rys104eyb1919l9m|03|org"; nocase; ) # 1tgazlkg5k5nipzdkn1f8mrl8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tgazlkg5k5nipzdkn1f8mrl8|03|biz"; nocase; ) # 1tg1snaqfuxpkp8pr3872bko3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tg1snaqfuxpkp8pr3872bko3|03|net"; nocase; ) # 1r30k3v1atv7jab5nyhy1jrvsga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r30k3v1atv7jab5nyhy1jrvsga|03|net"; nocase; ) # 1qmbll11hwpurr1ezo36t1gzsmqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qmbll11hwpurr1ezo36t1gzsmqy|03|com"; nocase; ) # 1gdrely9dd5dp167xr69s6om6j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gdrely9dd5dp167xr69s6om6j|03|net"; nocase; ) # 18v8du1uxjwbtk1d5fwver3oa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18v8du1uxjwbtk1d5fwver3oa|03|net"; nocase; ) # tj4wdm1wpjfa61s3dhkz1tt90s5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tj4wdm1wpjfa61s3dhkz1tt90s5|03|org"; nocase; ) # 15w1dey1tr5mtk15d4uojwbkoex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15w1dey1tr5mtk15d4uojwbkoex|03|org"; nocase; ) # 1f40y8ksyk0qhv4ylqv71lgk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1f40y8ksyk0qhv4ylqv71lgk|03|biz"; nocase; ) # 1uq0bfq1ko707y18iyadrwdyc7e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uq0bfq1ko707y18iyadrwdyc7e|03|org"; nocase; ) # uu538pi4tx1qoxebks4igkfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uu538pi4tx1qoxebks4igkfu|03|net"; nocase; ) # nbye5f1tfalpx1q5zqluz6y88h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nbye5f1tfalpx1q5zqluz6y88h|03|com"; nocase; ) # 1ls18551845j3r17ww9sk1ulo612.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ls18551845j3r17ww9sk1ulo612|03|org"; nocase; ) # evi3q1en68h912r22t619qg3pv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|evi3q1en68h912r22t619qg3pv|03|com"; nocase; ) # 1bxogpm1qxr4lk1rdfm1evk6nw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bxogpm1qxr4lk1rdfm1evk6nw3|03|biz"; nocase; ) # 14f4l5816di9f7xnowkn97cvif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14f4l5816di9f7xnowkn97cvif|03|net"; nocase; ) # 1lb5rza1fj4k2316g55h1g0xiu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lb5rza1fj4k2316g55h1g0xiu|03|org"; nocase; ) # spk4od13h26yl12gqobrjk0sfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|spk4od13h26yl12gqobrjk0sfx|03|com"; nocase; ) # 88xt7x6cq54q1b6o2wf9ak02q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88xt7x6cq54q1b6o2wf9ak02q|03|net"; nocase; ) # 1is5p7a108o7wd1v7sooj14oovjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1is5p7a108o7wd1v7sooj14oovjw|03|org"; nocase; ) # 1l1p6e0ce6k9nd8c4u416c79uz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l1p6e0ce6k9nd8c4u416c79uz|03|com"; nocase; ) # py76wg73fb08174egph127x4hr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|py76wg73fb08174egph127x4hr|03|com"; nocase; ) # 1cgv5wztnj541vkt5kb1ucs9bc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cgv5wztnj541vkt5kb1ucs9bc|03|net"; nocase; ) # msqtjjrvudym1f5dbrd1mbdazf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|msqtjjrvudym1f5dbrd1mbdazf|03|biz"; nocase; ) # ksd7fl1lvqdqbzbt0bo94uvcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ksd7fl1lvqdqbzbt0bo94uvcb|03|com"; nocase; ) # 10ce1g2185bjtvfn4pri4j64uv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ce1g2185bjtvfn4pri4j64uv|03|org"; nocase; ) # 7t27t21qbkjb5bklc3yhu4z48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7t27t21qbkjb5bklc3yhu4z48|03|com"; nocase; ) # 1swl2ypl8kgi51iit9igg5kl1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1swl2ypl8kgi51iit9igg5kl1|03|org"; nocase; ) # hwg9b91dxxokz1wnpbdal3xnlh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hwg9b91dxxokz1wnpbdal3xnlh|03|com"; nocase; ) # 1c448mlqx8xkt1xg10zb54s8uz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c448mlqx8xkt1xg10zb54s8uz|03|biz"; nocase; ) # 1hcrhel1xy7cozo0hftsrw4u0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hcrhel1xy7cozo0hftsrw4u0h|03|net"; nocase; ) # 18q0v7lcp2mzfc32na7qq6uje.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18q0v7lcp2mzfc32na7qq6uje|03|com"; nocase; ) # 1hhyfcqtlkf3bstd5u9zjpmda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hhyfcqtlkf3bstd5u9zjpmda|03|net"; nocase; ) # 13uhv0l1xakuhj1s7c442nyqyls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13uhv0l1xakuhj1s7c442nyqyls|03|com"; nocase; ) # ms0ncpk9z24d1rk7s7tiw6v2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ms0ncpk9z24d1rk7s7tiw6v2t|03|com"; nocase; ) # 1poiimeddk49js8g4nsxal9ke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1poiimeddk49js8g4nsxal9ke|03|org"; nocase; ) # qh1s38v45b3o1904ykrd60zwg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qh1s38v45b3o1904ykrd60zwg|03|biz"; nocase; ) # v1sa9v13zwlqm9bexar1bp0erh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1sa9v13zwlqm9bexar1bp0erh|03|com"; nocase; ) # fmkwhan2yflznfcnqu1yedfef.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fmkwhan2yflznfcnqu1yedfef|03|net"; nocase; ) # 17lkl74gh2fe91n9a0bo1qlcf5p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17lkl74gh2fe91n9a0bo1qlcf5p|03|biz"; nocase; ) # 10n6e5bg14qjw1u9c5ih1q3kxs3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10n6e5bg14qjw1u9c5ih1q3kxs3|03|org"; nocase; ) # 1hdhpb688lmgbctev3zfz9xf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1hdhpb688lmgbctev3zfz9xf|03|net"; nocase; ) # eh7n2r12zab5enoa83fd3jwb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eh7n2r12zab5enoa83fd3jwb9|03|net"; nocase; ) # 12qoh5j1mtc6k41olihqn3mnifc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12qoh5j1mtc6k41olihqn3mnifc|03|org"; nocase; ) # dosqcr4vjm301femmu179f8fe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dosqcr4vjm301femmu179f8fe|03|com"; nocase; ) # oo2333btxbg5ygyawx1n4tvgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oo2333btxbg5ygyawx1n4tvgj|03|net"; nocase; ) # 1d4f5wk9id0w91odffol10b6ugu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4f5wk9id0w91odffol10b6ugu|03|org"; nocase; ) # 5by4o91ygwsub1hmpubzvrni8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5by4o91ygwsub1hmpubzvrni8i|03|net"; nocase; ) # idh2e62r45b3fsjyy3azlxmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|idh2e62r45b3fsjyy3azlxmd|03|net"; nocase; ) # exocd5m0f5c41k9ka8d10rhtrp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exocd5m0f5c41k9ka8d10rhtrp|03|biz"; nocase; ) # 1nbkzyb1z0zousa5jtgyn45n7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nbkzyb1z0zousa5jtgyn45n7|03|net"; nocase; ) # 7cdngr1mwnw88u9fhsb1xsw5lx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7cdngr1mwnw88u9fhsb1xsw5lx|03|net"; nocase; ) # wtlk3y19rwcwt1mlekaq19cp4wq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wtlk3y19rwcwt1mlekaq19cp4wq|03|com"; nocase; ) # tq9evo1rcell5ruvsggmkrlgh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tq9evo1rcell5ruvsggmkrlgh|03|biz"; nocase; ) # 1qjau061ys5ikg4d29c11gyryg1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qjau061ys5ikg4d29c11gyryg1|03|org"; nocase; ) # ttogw3msvrul1bmhr8k2w4x6f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ttogw3msvrul1bmhr8k2w4x6f|03|com"; nocase; ) # 2bo2khpeu0y01hu5vv5fmuspt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2bo2khpeu0y01hu5vv5fmuspt|03|net"; nocase; ) # z4nqjg8rav34evffs51uf9ffk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4nqjg8rav34evffs51uf9ffk|03|org"; nocase; ) # 1f5dl8y1vrmv5g1lh81601edvceg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f5dl8y1vrmv5g1lh81601edvceg|03|net"; nocase; ) # f9yfzmssxhzcn3duw04aubll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f9yfzmssxhzcn3duw04aubll|03|net"; nocase; ) # 12jtswz179akxvo53bqw1u7f6xw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12jtswz179akxvo53bqw1u7f6xw|03|net"; nocase; ) # m2dkj1ofdj8waznhoyvhu2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|m2dkj1ofdj8waznhoyvhu2c|03|com"; nocase; ) # 65kqzs1hvxxmr1jbrvbpgwmiq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|65kqzs1hvxxmr1jbrvbpgwmiq4|03|net"; nocase; ) # 1nxdxgx1wdie1ksbdses15jfjfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nxdxgx1wdie1ksbdses15jfjfe|03|biz"; nocase; ) # 1h5ch5t9xwp4qcneu01id7006.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h5ch5t9xwp4qcneu01id7006|03|org"; nocase; ) # 1mcibkdvf1pxehxt06xici078.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mcibkdvf1pxehxt06xici078|03|org"; nocase; ) # 13zbyoo1hncbmr1hq3xuqhvs72o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13zbyoo1hncbmr1hq3xuqhvs72o|03|net"; nocase; ) # 1y89vnk152d44u144d1zb1u1oou2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y89vnk152d44u144d1zb1u1oou2|03|org"; nocase; ) # 1k23123m8axrj1k6z24b10snasf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k23123m8axrj1k6z24b10snasf|03|net"; nocase; ) # xzvbkd1xgd2t718uz9ze1r8wj6e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xzvbkd1xgd2t718uz9ze1r8wj6e|03|com"; nocase; ) # 1k1twx611pn21u15erctb185fwf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k1twx611pn21u15erctb185fwf4|03|net"; nocase; ) # jjn3nf1wmneas1g7z8ncds6mbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jjn3nf1wmneas1g7z8ncds6mbl|03|org"; nocase; ) # 1wdrw5p655g38wt2g7q1p6n6j5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wdrw5p655g38wt2g7q1p6n6j5|03|biz"; nocase; ) # 1qi4yyl5pkcz91mmakco1pf0ubp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qi4yyl5pkcz91mmakco1pf0ubp|03|net"; nocase; ) # 1ntheqjbhjs4c15tdmu2m7v2r2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ntheqjbhjs4c15tdmu2m7v2r2|03|net"; nocase; ) # 19tubnr78h7bldzzw6xsurznr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19tubnr78h7bldzzw6xsurznr|03|net"; nocase; ) # ian2v21gm48ho5jawjv1ju0k8c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ian2v21gm48ho5jawjv1ju0k8c|03|net"; nocase; ) # 118y81c5etm538g5j50pyh5q3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|118y81c5etm538g5j50pyh5q3|03|com"; nocase; ) # 6yhhko1wa5yd71ca5rnm3x31n7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6yhhko1wa5yd71ca5rnm3x31n7|03|com"; nocase; ) # 1relial1ar76ydms9gj1adh81f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1relial1ar76ydms9gj1adh81f|03|net"; nocase; ) # 1z10m671hsd82r1kzpa8sbaofx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1z10m671hsd82r1kzpa8sbaofx2|03|org"; nocase; ) # 7ocac1w2bnrt1unqzvi1reotok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ocac1w2bnrt1unqzvi1reotok|03|com"; nocase; ) # 8a1s091eu27hc1wn1cda93hhkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8a1s091eu27hc1wn1cda93hhkr|03|org"; nocase; ) # 1414rgvtng0wf1ug1vg11cn0o32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1414rgvtng0wf1ug1vg11cn0o32|03|com"; nocase; ) # 4vnspsnkiyw81sfg33w1i7ithu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4vnspsnkiyw81sfg33w1i7ithu|03|net"; nocase; ) # jtxbpa1mmecosiurot6gn96g6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtxbpa1mmecosiurot6gn96g6|03|com"; nocase; ) # 1wor3op118lmbx1n0k6x712r3dot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wor3op118lmbx1n0k6x712r3dot|03|net"; nocase; ) # ewsjvh1h8wl0u1l11o4jmioegc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ewsjvh1h8wl0u1l11o4jmioegc|03|org"; nocase; ) # vdp46x1hrzwmupzsf6u1tc8n0c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vdp46x1hrzwmupzsf6u1tc8n0c|03|biz"; nocase; ) # 1kkucyk1o2bcanjco0xbxe2s16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkucyk1o2bcanjco0xbxe2s16|03|net"; nocase; ) # 9szwu1tghbl81shx1h61vf10xa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9szwu1tghbl81shx1h61vf10xa|03|org"; nocase; ) # lol55n13zi4yg1pr1nlhdvmkep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lol55n13zi4yg1pr1nlhdvmkep|03|net"; nocase; ) # imh3yy1lsni7r1n1v6v37oj231.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imh3yy1lsni7r1n1v6v37oj231|03|biz"; nocase; ) # 8hzo4ksdyih910pkg2m11o57yr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8hzo4ksdyih910pkg2m11o57yr|03|com"; nocase; ) # 1dcsixa5rmih41h8fgb0nxuaax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dcsixa5rmih41h8fgb0nxuaax|03|biz"; nocase; ) # 11p8nentwpkkm176gcfyp08w19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11p8nentwpkkm176gcfyp08w19|03|org"; nocase; ) # 1gghurvq6o0l514txafladv7gn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gghurvq6o0l514txafladv7gn|03|com"; nocase; ) # 12pkob36wmsc9zv6sn674my7o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12pkob36wmsc9zv6sn674my7o|03|net"; nocase; ) # bt6mdp1lilk0v1jyj0pn1idy4ll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bt6mdp1lilk0v1jyj0pn1idy4ll|03|net"; nocase; ) # 1hiljeh8bp3el1jyr8x6k01ek1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hiljeh8bp3el1jyr8x6k01ek1|03|org"; nocase; ) # 80j38iuejrpwqv1ff9xktgr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|80j38iuejrpwqv1ff9xktgr|03|biz"; nocase; ) # k5xkx8yawbz5uz4zhxtt45dd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k5xkx8yawbz5uz4zhxtt45dd|03|org"; nocase; ) # 1hkrx9fncy6hb1f5cpj91s7nbi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hkrx9fncy6hb1f5cpj91s7nbi7|03|net"; nocase; ) # w7bcvuwx4q341v24k961jqaugn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w7bcvuwx4q341v24k961jqaugn|03|org"; nocase; ) # rkagva1euy9nnsvdtog12gcwf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rkagva1euy9nnsvdtog12gcwf5|03|net"; nocase; ) # 4gv1jn74w4jb1h7i6w6jpavjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4gv1jn74w4jb1h7i6w6jpavjs|03|org"; nocase; ) # f34lsl1uunk701gp7b4s1rd3dbc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f34lsl1uunk701gp7b4s1rd3dbc|03|biz"; nocase; ) # 1kz0qyv24koi1rixebp1e3v90o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kz0qyv24koi1rixebp1e3v90o|03|biz"; nocase; ) # q6qu5al37pon6lim231xppg47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6qu5al37pon6lim231xppg47|03|com"; nocase; ) # 1sojewi123owmp18nmpj41144urw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sojewi123owmp18nmpj41144urw|03|biz"; nocase; ) # 40fsf9v81b8dayp5ww1xox3w8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|40fsf9v81b8dayp5ww1xox3w8|03|net"; nocase; ) # 1cuh1hzfvigqnb6g0qb1sdhyte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cuh1hzfvigqnb6g0qb1sdhyte|03|org"; nocase; ) # 19et4dg1mdrg2w18bpa6s1uklptn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19et4dg1mdrg2w18bpa6s1uklptn|03|org"; nocase; ) # az8wsk1y9vzty1fpjkslxlv933.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|az8wsk1y9vzty1fpjkslxlv933|03|net"; nocase; ) # trhn9uldx78c14jljcp515q1c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|trhn9uldx78c14jljcp515q1c|03|com"; nocase; ) # 12dvxwpapobmsn0skcp1u66o2t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12dvxwpapobmsn0skcp1u66o2t|03|biz"; nocase; ) # 53x57y1pltuix6b4m69we9ox8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|53x57y1pltuix6b4m69we9ox8|03|net"; nocase; ) # vhzqiu16q77gg1rq7b3a1f1y2g1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vhzqiu16q77gg1rq7b3a1f1y2g1|03|org"; nocase; ) # 99k2euxs7v0g1wowr54bzd9l2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|99k2euxs7v0g1wowr54bzd9l2|03|com"; nocase; ) # 108uqfvvvod0z1hzeh36xripac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|108uqfvvvod0z1hzeh36xripac|03|net"; nocase; ) # 1b8fou812oqisg1mozcyih7rmi8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b8fou812oqisg1mozcyih7rmi8|03|com"; nocase; ) # 1d48db81aq4ruf1a24lty2n0awe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d48db81aq4ruf1a24lty2n0awe|03|net"; nocase; ) # 153gd1b1q6i5j1kq8ua2j01tgr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|153gd1b1q6i5j1kq8ua2j01tgr|03|net"; nocase; ) # 1ysu0sy1vawbe017u2cs11ovnq1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ysu0sy1vawbe017u2cs11ovnq1w|03|net"; nocase; ) # 1afyxu9118nsjauu8l1zzx9rwh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1afyxu9118nsjauu8l1zzx9rwh|03|biz"; nocase; ) # rky0h0podmuz1kxxi7ww4phll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rky0h0podmuz1kxxi7ww4phll|03|com"; nocase; ) # 139slgykztq181yz9azogj2tth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|139slgykztq181yz9azogj2tth|03|net"; nocase; ) # 1ycfvus7dkawt1erytafhhx3o2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ycfvus7dkawt1erytafhhx3o2|03|org"; nocase; ) # cm5ija1i7faod59mqki1jya4pf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cm5ija1i7faod59mqki1jya4pf|03|net"; nocase; ) # 18km5qhsgbbe8p7pemijm1g52.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18km5qhsgbbe8p7pemijm1g52|03|com"; nocase; ) # arsywswoqlxdbev26q513mvx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|arsywswoqlxdbev26q513mvx|03|biz"; nocase; ) # 1sekg9z18e9egq251id41c1lp15.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sekg9z18e9egq251id41c1lp15|03|org"; nocase; ) # uxp1uk17z47rb1j9j7rv9yzkf1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uxp1uk17z47rb1j9j7rv9yzkf1|03|com"; nocase; ) # 1kpkpbcxc8bqqgjvt2546aje1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kpkpbcxc8bqqgjvt2546aje1|03|org"; nocase; ) # 1dduy191vg2j6p1u190dhvetir3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dduy191vg2j6p1u190dhvetir3|03|net"; nocase; ) # 1vqb00b88j9sg1me06nnq11w1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vqb00b88j9sg1me06nnq11w1b|03|org"; nocase; ) # 1btctzmiun0vb15jdnh1vbxux8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btctzmiun0vb15jdnh1vbxux8|03|org"; nocase; ) # 31503e1co8554wuiumn149ujj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|31503e1co8554wuiumn149ujj6|03|org"; nocase; ) # 8nv90j1ap6b88ui4rm1mm5u7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8nv90j1ap6b88ui4rm1mm5u7h|03|com"; nocase; ) # 1kght76sb61o7138bm1s3da90l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kght76sb61o7138bm1s3da90l|03|net"; nocase; ) # 1rc70641j8gviw1hjf78l13t1iy2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rc70641j8gviw1hjf78l13t1iy2|03|org"; nocase; ) # hyufreivxoph1j35gq11s8yz3w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hyufreivxoph1j35gq11s8yz3w|03|com"; nocase; ) # ijdban1ktytv5zr5091sglc20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ijdban1ktytv5zr5091sglc20|03|net"; nocase; ) # 1h826e21s8hph61ukuf161cn6g2k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h826e21s8hph61ukuf161cn6g2k|03|com"; nocase; ) # f4pz2fqz7n3l14pppow34qaht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4pz2fqz7n3l14pppow34qaht|03|org"; nocase; ) # 1vxq18g1m9t1bja3f5zv1lzm0lz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vxq18g1m9t1bja3f5zv1lzm0lz|03|com"; nocase; ) # 124z0xo1pfnv981nd4idawdlr51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124z0xo1pfnv981nd4idawdlr51|03|org"; nocase; ) # 1bfz6ubnh3saogcec5e9mhjkd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bfz6ubnh3saogcec5e9mhjkd|03|biz"; nocase; ) # 158vn5o158owbsi2ga2d1rw0k6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|158vn5o158owbsi2ga2d1rw0k6u|03|com"; nocase; ) # m8vvty4k6ippvi90ru11ivdgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m8vvty4k6ippvi90ru11ivdgw|03|net"; nocase; ) # 18i9ri4qnzphx1lz2wl4b2n8lo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18i9ri4qnzphx1lz2wl4b2n8lo|03|biz"; nocase; ) # 1c2j7epw7nm6s5hu0wc1p1q93p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c2j7epw7nm6s5hu0wc1p1q93p|03|net"; nocase; ) # auszm01g7zn3m1q24p2rld5h5f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|auszm01g7zn3m1q24p2rld5h5f|03|biz"; nocase; ) # xyqfjiig4j0u340ebs16azoy0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xyqfjiig4j0u340ebs16azoy0|03|com"; nocase; ) # 3t949gt0kw8l1yrzgmofj1wcl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3t949gt0kw8l1yrzgmofj1wcl|03|org"; nocase; ) # cyq1s371luq81t4hbx2wbtkjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cyq1s371luq81t4hbx2wbtkjn|03|com"; nocase; ) # 1u9sdc3gm22c1iovbvbm4lzp7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9sdc3gm22c1iovbvbm4lzp7|03|com"; nocase; ) # kbuziz1in5usm12ossocg9o61y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbuziz1in5usm12ossocg9o61y|03|net"; nocase; ) # y1nyt6gb1qadriuyix7b2lui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y1nyt6gb1qadriuyix7b2lui|03|com"; nocase; ) # ep49xx11jup7x1oc9hq59udvg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ep49xx11jup7x1oc9hq59udvg|03|biz"; nocase; ) # 12s5y08vw0gxiwquxc7g5ogpn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12s5y08vw0gxiwquxc7g5ogpn|03|com"; nocase; ) # 4mo18y1hqidqzrtcbg8147k1m7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4mo18y1hqidqzrtcbg8147k1m7|03|net"; nocase; ) # xbzvxe1qgw5rcp63o7ljteugc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xbzvxe1qgw5rcp63o7ljteugc|03|net"; nocase; ) # i9yo4znf2cqz1xzpq4jl20oyy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i9yo4znf2cqz1xzpq4jl20oyy|03|org"; nocase; ) # 395st11tnzpqu108nhtb1lz9nkh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|395st11tnzpqu108nhtb1lz9nkh|03|biz"; nocase; ) # mgdrjqu5rc34pz9zny1r4u2by.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mgdrjqu5rc34pz9zny1r4u2by|03|org"; nocase; ) # 1lzaidpis3bw9g5l8vrxg09yz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lzaidpis3bw9g5l8vrxg09yz|03|com"; nocase; ) # 574mf86fodzu14lx6i0v2jjhh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|574mf86fodzu14lx6i0v2jjhh|03|org"; nocase; ) # l5dqazwfc9dfd9iso0efgga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|l5dqazwfc9dfd9iso0efgga|03|org"; nocase; ) # 1ktx98njl54p1o8hwitxxe1ei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ktx98njl54p1o8hwitxxe1ei|03|biz"; nocase; ) # 7uidhf1tq5fg912qfzeskn50ke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7uidhf1tq5fg912qfzeskn50ke|03|com"; nocase; ) # fnvgrp1uvr2u4yx7enb15yxpk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fnvgrp1uvr2u4yx7enb15yxpk7|03|org"; nocase; ) # 3jr3kz1217ghn1vwy8kzceosqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3jr3kz1217ghn1vwy8kzceosqq|03|net"; nocase; ) # efi72l1je6l1imf58cz1uefdwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|efi72l1je6l1imf58cz1uefdwp|03|com"; nocase; ) # wep7fhfmd1p3y7vo9qjqffyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wep7fhfmd1p3y7vo9qjqffyu|03|net"; nocase; ) # mp46pl1yh6fmxvc1pd819bcv3z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mp46pl1yh6fmxvc1pd819bcv3z|03|com"; nocase; ) # 1hmcrapp3mu472h58uzfarz5c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hmcrapp3mu472h58uzfarz5c|03|com"; nocase; ) # irtqg61gccdfj5ujze8icquyf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irtqg61gccdfj5ujze8icquyf|03|biz"; nocase; ) # cmq04uwn7d3uj77qql1uyagle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cmq04uwn7d3uj77qql1uyagle|03|net"; nocase; ) # 15nqm96113lxcz1huhu5r1itlusc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15nqm96113lxcz1huhu5r1itlusc|03|net"; nocase; ) # 1bm58hqmpfka011snafr1nfqapf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bm58hqmpfka011snafr1nfqapf|03|org"; nocase; ) # 1ffe5scwmdz0f1acg33k9g1hu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ffe5scwmdz0f1acg33k9g1hu|03|biz"; nocase; ) # 1dnuskp1m928it8fywzo1jl32zo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dnuskp1m928it8fywzo1jl32zo|03|net"; nocase; ) # 15jv4ik7qfanh12lbe8h1tlwnj9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15jv4ik7qfanh12lbe8h1tlwnj9|03|org"; nocase; ) # ramfk71jlzaxm1jpp994u1bn0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ramfk71jlzaxm1jpp994u1bn0i|03|net"; nocase; ) # 11ma7xtn15hq6xlxmn16h2y8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11ma7xtn15hq6xlxmn16h2y8m|03|net"; nocase; ) # v4lxizbl5yqz15z6f0pn6zfpx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v4lxizbl5yqz15z6f0pn6zfpx|03|net"; nocase; ) # 1799i1p17pcvdci6b2v9rn2hgh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1799i1p17pcvdci6b2v9rn2hgh|03|biz"; nocase; ) # 13ct9ck1696i68a5i97f1ukqags.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ct9ck1696i68a5i97f1ukqags|03|org"; nocase; ) # 9jbbqn1sfaeht15tzd0panemp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9jbbqn1sfaeht15tzd0panemp3|03|com"; nocase; ) # 16kkbur1f3gdwqe6o3m0v7jg13.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16kkbur1f3gdwqe6o3m0v7jg13|03|com"; nocase; ) # 1xk9dub1png5jn19bhkwzohpa38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xk9dub1png5jn19bhkwzohpa38|03|com"; nocase; ) # 1bg0zbn11195vlfxfndvzshrkq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bg0zbn11195vlfxfndvzshrkq|03|com"; nocase; ) # 13ujc4p1jr68x11cgle0k1cca75r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13ujc4p1jr68x11cgle0k1cca75r|03|com"; nocase; ) # 19vim3q1g1kk5kw27r3d1ntgcnu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19vim3q1g1kk5kw27r3d1ntgcnu|03|net"; nocase; ) # w1btimptqeom1nn8qa410t245e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w1btimptqeom1nn8qa410t245e|03|com"; nocase; ) # 165727n1uccgcw1rbt2k1nzdu0i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165727n1uccgcw1rbt2k1nzdu0i|03|biz"; nocase; ) # dui2pa1ko2lhl1vgxn2k1nu7qut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dui2pa1ko2lhl1vgxn2k1nu7qut|03|com"; nocase; ) # 1n0jbndsnj06y8p4qmj1l06cc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n0jbndsnj06y8p4qmj1l06cc9|03|net"; nocase; ) # 1hihnqk1mpcpju14src4l1hxy0uv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hihnqk1mpcpju14src4l1hxy0uv|03|com"; nocase; ) # u1zvmd1hnox0fkqczog1thn9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u1zvmd1hnox0fkqczog1thn9g|03|org"; nocase; ) # 1orjwbqtsdfyqd0dplmi5xpey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1orjwbqtsdfyqd0dplmi5xpey|03|net"; nocase; ) # 1kir9pr12f2og0ol0i7h5fl798.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kir9pr12f2og0ol0i7h5fl798|03|net"; nocase; ) # 1mnzheo57g23kn68wxs1cj0jzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnzheo57g23kn68wxs1cj0jzu|03|com"; nocase; ) # gunhvf5el0mlp0n05jvoz8f5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gunhvf5el0mlp0n05jvoz8f5|03|org"; nocase; ) # 1ri5ary103o8hhk36wj1rhpd5b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ri5ary103o8hhk36wj1rhpd5b|03|net"; nocase; ) # ksh40m1smlweoss7mrn1ttlf8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ksh40m1smlweoss7mrn1ttlf8h|03|org"; nocase; ) # k3u74014pu0t81f8m3m61ov0suk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k3u74014pu0t81f8m3m61ov0suk|03|net"; nocase; ) # yosfdq1j5skcdnft49qe1nxzd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yosfdq1j5skcdnft49qe1nxzd|03|net"; nocase; ) # 10c7ehefnx9nk83iypn9hojec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10c7ehefnx9nk83iypn9hojec|03|com"; nocase; ) # 84hodz1ohpllz16gz0uw1p694u1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|84hodz1ohpllz16gz0uw1p694u1|03|net"; nocase; ) # enh427j34bfy1ta9jxa1wpecu1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|enh427j34bfy1ta9jxa1wpecu1|03|biz"; nocase; ) # 8n1cpa4d0kldnw9wh01urj84l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8n1cpa4d0kldnw9wh01urj84l|03|net"; nocase; ) # 1e6tmwu48hcmswbty9d17mzxcj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e6tmwu48hcmswbty9d17mzxcj|03|net"; nocase; ) # 1re558u1sv9p2k1ndak3e8hqco1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1re558u1sv9p2k1ndak3e8hqco1|03|org"; nocase; ) # dzmtsq16sy5gua4nfolq78lbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzmtsq16sy5gua4nfolq78lbd|03|com"; nocase; ) # 9unrtamsaec7qvlfjx1w6ue33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9unrtamsaec7qvlfjx1w6ue33|03|org"; nocase; ) # 1akuplo1jb57gzges13c5ni8vc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1akuplo1jb57gzges13c5ni8vc|03|com"; nocase; ) # 1o6jmmlpfqi9012mf63uad675g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o6jmmlpfqi9012mf63uad675g|03|net"; nocase; ) # ait54o1xxdnxcejekg51v46og2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ait54o1xxdnxcejekg51v46og2|03|net"; nocase; ) # q3qn471szkxneh3n7j8dwot0f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q3qn471szkxneh3n7j8dwot0f|03|com"; nocase; ) # u6gpkfsi5tpe1kyo2zzr8r3uk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u6gpkfsi5tpe1kyo2zzr8r3uk|03|biz"; nocase; ) # kxemou13vqrirdarjx01ashy35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kxemou13vqrirdarjx01ashy35|03|net"; nocase; ) # 1sp5q8h1umzculkx4o431dzwpfj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sp5q8h1umzculkx4o431dzwpfj|03|org"; nocase; ) # 1iahpd913jvi5673ghnu1bj85hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iahpd913jvi5673ghnu1bj85hd|03|com"; nocase; ) # 1yiimo81abewvokii6pd1kovz94.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yiimo81abewvokii6pd1kovz94|03|org"; nocase; ) # v1t9bl6xcpvn17bhyw71si98xk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1t9bl6xcpvn17bhyw71si98xk|03|com"; nocase; ) # dgem5o1xcnxyj1phl9z69sek5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dgem5o1xcnxyj1phl9z69sek5f|03|com"; nocase; ) # 1qhnzlo4x8qenicz3t0g0e7aj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qhnzlo4x8qenicz3t0g0e7aj|03|net"; nocase; ) # uoa0nswoem7tgjsoyt1r6fnsm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uoa0nswoem7tgjsoyt1r6fnsm|03|biz"; nocase; ) # 1s8ktkhf9f20c1439jput2uwme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s8ktkhf9f20c1439jput2uwme|03|org"; nocase; ) # ih46sr1nkvie3wy7tlw1jrji10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ih46sr1nkvie3wy7tlw1jrji10|03|net"; nocase; ) # pfrurf3ldxec1jnoyy3smyw4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pfrurf3ldxec1jnoyy3smyw4e|03|net"; nocase; ) # 1uftscs1ntgt781rwgqdg1oa7y4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uftscs1ntgt781rwgqdg1oa7y4c|03|com"; nocase; ) # kojm7wnw5lefkpz9951fhhtb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kojm7wnw5lefkpz9951fhhtb2|03|net"; nocase; ) # rawa03wg0aewpneo7130gjpr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rawa03wg0aewpneo7130gjpr|03|com"; nocase; ) # 1tb8lu711ez6wv3zmtrf6utdsd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tb8lu711ez6wv3zmtrf6utdsd|03|biz"; nocase; ) # 1ge29xt1qq9ovkay21r91gviq4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ge29xt1qq9ovkay21r91gviq4x|03|net"; nocase; ) # kfd5z51ca75ostsekialv5rch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kfd5z51ca75ostsekialv5rch|03|com"; nocase; ) # 9i2s9fj2imlr1bf692ecfg9le.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9i2s9fj2imlr1bf692ecfg9le|03|biz"; nocase; ) # 15u061g1o0l5l617y5pk31qvrnbx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15u061g1o0l5l617y5pk31qvrnbx|03|net"; nocase; ) # 10omos01g35c9b18uzt2g1e385g2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10omos01g35c9b18uzt2g1e385g2|03|org"; nocase; ) # fubu3eqqfvlw10q39d01qpklew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fubu3eqqfvlw10q39d01qpklew|03|biz"; nocase; ) # 13hxno9142wkon1cw1pul1d4or2a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13hxno9142wkon1cw1pul1d4or2a|03|net"; nocase; ) # 1yv6au9ji8mex1dkcr391vjgxf8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yv6au9ji8mex1dkcr391vjgxf8|03|com"; nocase; ) # 8198hm1go1d6r1d7hctirmdswa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8198hm1go1d6r1d7hctirmdswa|03|org"; nocase; ) # 15knrzn18s0fd9egrmen2xymt0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15knrzn18s0fd9egrmen2xymt0|03|net"; nocase; ) # nrm8deacm5xf1dc27xoucw1t6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nrm8deacm5xf1dc27xoucw1t6|03|org"; nocase; ) # 1yufoav19h88y61kn86aonxrumd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yufoav19h88y61kn86aonxrumd|03|com"; nocase; ) # 178w3uj16pyic2p3fgap1c6ve1l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178w3uj16pyic2p3fgap1c6ve1l|03|org"; nocase; ) # x7eyt31yiursyg073je1yg8461.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x7eyt31yiursyg073je1yg8461|03|net"; nocase; ) # 17c9pqk1ros8711ejn2dbmbs5lb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17c9pqk1ros8711ejn2dbmbs5lb|03|com"; nocase; ) # hb5cnkx6p5sr8i20a6lt2jnr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hb5cnkx6p5sr8i20a6lt2jnr|03|org"; nocase; ) # dmx5yz1lm66au1fuo7f8nqv386.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dmx5yz1lm66au1fuo7f8nqv386|03|org"; nocase; ) # 1dx22xy1jee4qi7qvo912j02zw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dx22xy1jee4qi7qvo912j02zw|03|com"; nocase; ) # 1plp5011ae9ppftghimoj8azm6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1plp5011ae9ppftghimoj8azm6|03|com"; nocase; ) # b6jhc612gczsmpyvxk11rl3927.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b6jhc612gczsmpyvxk11rl3927|03|com"; nocase; ) # 17526zm15yi5mx3h0dtp0joob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17526zm15yi5mx3h0dtp0joob|03|org"; nocase; ) # nwcpzuvydzdk1bpadcs1lywh9k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nwcpzuvydzdk1bpadcs1lywh9k|03|biz"; nocase; ) # umd2hz1edwvjim24snnvu0297.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|umd2hz1edwvjim24snnvu0297|03|com"; nocase; ) # u072aeibgqxanthe1nmyxvqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u072aeibgqxanthe1nmyxvqk|03|biz"; nocase; ) # 1nt94s817j3o0b1cnmso9croqlb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nt94s817j3o0b1cnmso9croqlb|03|net"; nocase; ) # 1mnn1medmvup11rvby6gowzfr9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnn1medmvup11rvby6gowzfr9|03|biz"; nocase; ) # ta6jwutopeix19xgilzz9o6qw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ta6jwutopeix19xgilzz9o6qw|03|org"; nocase; ) # fbnpvb10ovc8i9z8pdmrh4flt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fbnpvb10ovc8i9z8pdmrh4flt|03|com"; nocase; ) # 1tgv1e4l5imms1kseuh81c73sai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tgv1e4l5imms1kseuh81c73sai|03|net"; nocase; ) # ly8z1vptirwh2w5vjr9cpnqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ly8z1vptirwh2w5vjr9cpnqx|03|biz"; nocase; ) # 1nadhke3sx3fn1sv1iri1335wms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nadhke3sx3fn1sv1iri1335wms|03|com"; nocase; ) # a8fxqa776nvjs1vl1p1crzbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a8fxqa776nvjs1vl1p1crzbr|03|net"; nocase; ) # 1jqfwiy11n0afmksm06h11vj1ej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jqfwiy11n0afmksm06h11vj1ej|03|org"; nocase; ) # uv3u4afkicigymj3ydkwl31z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uv3u4afkicigymj3ydkwl31z|03|org"; nocase; ) # xqg2ggoqp0u319gr0j219xidrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xqg2ggoqp0u319gr0j219xidrj|03|net"; nocase; ) # oepr2c142q1rj16k159k1bvzcme.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oepr2c142q1rj16k159k1bvzcme|03|net"; nocase; ) # 1dqai54fqnvl119h0vegsckrkg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dqai54fqnvl119h0vegsckrkg|03|biz"; nocase; ) # bix5k51n8sclkt0aahjnibm0t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bix5k51n8sclkt0aahjnibm0t|03|net"; nocase; ) # bd61y911eoycz16guo4q1qwrd4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bd61y911eoycz16guo4q1qwrd4u|03|net"; nocase; ) # 2sp4wh16ho5t21j3zzjb1jcmefh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2sp4wh16ho5t21j3zzjb1jcmefh|03|biz"; nocase; ) # nhqn2wh3bybf1hrgjj71ql2qrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nhqn2wh3bybf1hrgjj71ql2qrb|03|com"; nocase; ) # 1hil5cd1is729g1np5d2xo0eeal.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hil5cd1is729g1np5d2xo0eeal|03|org"; nocase; ) # 8ynd0x1okov6y5i50wd6n8gm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ynd0x1okov6y5i50wd6n8gm5|03|net"; nocase; ) # 77id9yzncarlgk8sbz6e8o0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|77id9yzncarlgk8sbz6e8o0|03|org"; nocase; ) # 1ihd4y41aelyz314p236rm3mxen.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ihd4y41aelyz314p236rm3mxen|03|org"; nocase; ) # 1qy6y0o40l1pbsf2vy21jvhfxo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qy6y0o40l1pbsf2vy21jvhfxo|03|biz"; nocase; ) # hsn6kguncn5a1m55cnsf5a90r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hsn6kguncn5a1m55cnsf5a90r|03|net"; nocase; ) # 2ni0xk17j9zw037t4mw54jjj2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ni0xk17j9zw037t4mw54jjj2|03|com"; nocase; ) # y3mm9i1yjogchi0vbnq71mos9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y3mm9i1yjogchi0vbnq71mos9|03|biz"; nocase; ) # s2zeny1khxqte1edhmd1gmlt6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s2zeny1khxqte1edhmd1gmlt6z|03|net"; nocase; ) # 8ifacgwsnbnd6hf3bz1l0s4vw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ifacgwsnbnd6hf3bz1l0s4vw|03|biz"; nocase; ) # 1cqwyhjyfjmvt1qqd3t8gaykur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqwyhjyfjmvt1qqd3t8gaykur|03|org"; nocase; ) # olizfqzd9p2glbgj5719k5r86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|olizfqzd9p2glbgj5719k5r86|03|com"; nocase; ) # k7wul5ji0zu0hpv66eze8jdo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k7wul5ji0zu0hpv66eze8jdo|03|biz"; nocase; ) # 1scyr5z820uhxgw0i0r1fpujej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1scyr5z820uhxgw0i0r1fpujej|03|org"; nocase; ) # 1096jnbr3ge0y19rtmk0ku3rmq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1096jnbr3ge0y19rtmk0ku3rmq|03|com"; nocase; ) # 1xqv5vx17i7lju1cy9pd31u5ot7b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xqv5vx17i7lju1cy9pd31u5ot7b|03|org"; nocase; ) # wpe5p31e865bo1bchqvq11w4yxa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wpe5p31e865bo1bchqvq11w4yxa|03|org"; nocase; ) # u4xq5p103aef82kihg8p9fd13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u4xq5p103aef82kihg8p9fd13|03|net"; nocase; ) # 1rouzsd19tu0lxrinbhp9hx7iq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rouzsd19tu0lxrinbhp9hx7iq|03|biz"; nocase; ) # 1przcug15212cn1enwsei1bb0q43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1przcug15212cn1enwsei1bb0q43|03|net"; nocase; ) # 1xdc9lx2cd84t1mc25nwd57awy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xdc9lx2cd84t1mc25nwd57awy|03|org"; nocase; ) # rrz4xhuqkr4q4hcjbe105j9g5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rrz4xhuqkr4q4hcjbe105j9g5|03|net"; nocase; ) # 1xb5rb1e9li0uakk05ruchmdy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xb5rb1e9li0uakk05ruchmdy|03|biz"; nocase; ) # 1czjizgmg8mgm1qr91iwyf1an6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1czjizgmg8mgm1qr91iwyf1an6|03|net"; nocase; ) # zy0ym7yiccjm1vdf3xdnc2grh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zy0ym7yiccjm1vdf3xdnc2grh|03|biz"; nocase; ) # ki34h11b5d7b09t6va9sjj5h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ki34h11b5d7b09t6va9sjj5h|03|biz"; nocase; ) # 6azcs71c3q0dm14t5dd2wxm85u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6azcs71c3q0dm14t5dd2wxm85u|03|org"; nocase; ) # 1okb2d1tg8gpnjyuq0e11a0wvj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1okb2d1tg8gpnjyuq0e11a0wvj|03|com"; nocase; ) # 1dspvlsku63lcr37rfnyyurp7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dspvlsku63lcr37rfnyyurp7|03|biz"; nocase; ) # 17vdhbj1aqutm41dkgk7y1dv818k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17vdhbj1aqutm41dkgk7y1dv818k|03|com"; nocase; ) # 1ywmeyv1di13ep1dh8ptecwoo2o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ywmeyv1di13ep1dh8ptecwoo2o|03|com"; nocase; ) # ma6qpi1j3q7paj3rp621gsxybp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ma6qpi1j3q7paj3rp621gsxybp|03|org"; nocase; ) # h0d538102hexjwyu9z3riicje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0d538102hexjwyu9z3riicje|03|net"; nocase; ) # 1nghp7p1k5x3321ku3pfp59v3fz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nghp7p1k5x3321ku3pfp59v3fz|03|net"; nocase; ) # jmcl731iv763ntrb0r5fow4uc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmcl731iv763ntrb0r5fow4uc|03|com"; nocase; ) # 19x0yx3q1qxhl17cudvm10mzz50.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19x0yx3q1qxhl17cudvm10mzz50|03|org"; nocase; ) # sdrqh91qv07dzezxlbm1a4mk86.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sdrqh91qv07dzezxlbm1a4mk86|03|biz"; nocase; ) # pz6satw0ikfu6c4ma1hj3bea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pz6satw0ikfu6c4ma1hj3bea|03|com"; nocase; ) # oroduh7l5040owfzu9xn0tg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oroduh7l5040owfzu9xn0tg9|03|net"; nocase; ) # iecbk7q2sp92197mxm01om8v8e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iecbk7q2sp92197mxm01om8v8e|03|org"; nocase; ) # gts7j02orous5pwq0wha4wx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gts7j02orous5pwq0wha4wx|03|com"; nocase; ) # 110u9wzfxegxs15u6fea19b2km2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|110u9wzfxegxs15u6fea19b2km2|03|net"; nocase; ) # 4nhgq048npri16ri08b1sm1an2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4nhgq048npri16ri08b1sm1an2|03|net"; nocase; ) # wgtowfjf5oku11226l21j8izwc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wgtowfjf5oku11226l21j8izwc|03|net"; nocase; ) # 66eksjwgnxrl101trzgjdczwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66eksjwgnxrl101trzgjdczwq|03|biz"; nocase; ) # 1fyzoeu1kppn531js1c5n149k2rj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fyzoeu1kppn531js1c5n149k2rj|03|org"; nocase; ) # 1hu2zyt1rnhw7816io8ai19v5avx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hu2zyt1rnhw7816io8ai19v5avx|03|org"; nocase; ) # 1n77wqc1t2kjw3gy7h7x1spm54h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n77wqc1t2kjw3gy7h7x1spm54h|03|net"; nocase; ) # 18nqm1f6xts9gz8kcp1lfin7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18nqm1f6xts9gz8kcp1lfin7h|03|org"; nocase; ) # 1yj9rlfj2owci1jifemsshdrhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yj9rlfj2owci1jifemsshdrhy|03|com"; nocase; ) # 17etabnv11l4xx4ek61ijewcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17etabnv11l4xx4ek61ijewcg|03|com"; nocase; ) # dplsi5103h8wdj3dbam1ujyicl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dplsi5103h8wdj3dbam1ujyicl|03|net"; nocase; ) # bq0u5817jxutto0bkl513qi0ng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bq0u5817jxutto0bkl513qi0ng|03|org"; nocase; ) # 7p9u5q16r3e03ybn5331xawiuq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7p9u5q16r3e03ybn5331xawiuq|03|com"; nocase; ) # u5frue5uj4fxiekq31d06gmg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u5frue5uj4fxiekq31d06gmg|03|net"; nocase; ) # qncngk1c3o2s8z81j1wyxaj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qncngk1c3o2s8z81j1wyxaj|03|org"; nocase; ) # 4hmj1wixsjrw1jpktkxdlfot5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4hmj1wixsjrw1jpktkxdlfot5|03|net"; nocase; ) # 1vdycc3f1iet3rdtxxy18afbeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vdycc3f1iet3rdtxxy18afbeq|03|com"; nocase; ) # 1nq9vcr1px0ynm15hm27nlnwa0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nq9vcr1px0ynm15hm27nlnwa0x|03|com"; nocase; ) # 1akligo1ea6ixg11kgpg7dlxkdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1akligo1ea6ixg11kgpg7dlxkdb|03|net"; nocase; ) # 7tdm5b3846ho33139i1qz3108.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7tdm5b3846ho33139i1qz3108|03|net"; nocase; ) # d7qqe6tlzcz61v6sndu1mt84i9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d7qqe6tlzcz61v6sndu1mt84i9|03|biz"; nocase; ) # e75aezfrlirm1r3bpv41kyf3ju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e75aezfrlirm1r3bpv41kyf3ju|03|net"; nocase; ) # gi3kmo1oyfdl11uvty3y1tb78mo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gi3kmo1oyfdl11uvty3y1tb78mo|03|com"; nocase; ) # 6hatflcg7sqj1vvt8vywemp3q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6hatflcg7sqj1vvt8vywemp3q|03|net"; nocase; ) # pj4dz19mhczg54metthorgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|pj4dz19mhczg54metthorgc|03|com"; nocase; ) # 1glqs741htik0wwow22vbrvbk8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1glqs741htik0wwow22vbrvbk8|03|biz"; nocase; ) # 17q2cx1a566nazwo6ey252uga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17q2cx1a566nazwo6ey252uga|03|com"; nocase; ) # 1x82hx6k4vfw03a2in41eec1yt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x82hx6k4vfw03a2in41eec1yt|03|net"; nocase; ) # qqhqbj1ye7e4u1yo0k9lt6utsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qqhqbj1ye7e4u1yo0k9lt6utsa|03|com"; nocase; ) # 1e38rj28oech1wmf8n713lwjtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e38rj28oech1wmf8n713lwjtn|03|net"; nocase; ) # 15dczv11nw7t8g6s1ee07dxb36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15dczv11nw7t8g6s1ee07dxb36|03|com"; nocase; ) # 1qktq80jy94651507p7cg9i6m8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qktq80jy94651507p7cg9i6m8|03|biz"; nocase; ) # 1fklycq1swq91110mefsi59jepd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fklycq1swq91110mefsi59jepd|03|com"; nocase; ) # 2p3rupdwmbgp1xpy6851ci36il.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2p3rupdwmbgp1xpy6851ci36il|03|net"; nocase; ) # 7vxxl21pavv4o763yl1q1js5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7vxxl21pavv4o763yl1q1js5e|03|net"; nocase; ) # 18k7ny517ezwtu1c2cgng13lkvee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18k7ny517ezwtu1c2cgng13lkvee|03|org"; nocase; ) # 18pv0gbxr2t071iuucqh1ni68vl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18pv0gbxr2t071iuucqh1ni68vl|03|com"; nocase; ) # i3ucbjaca9z9138fra1194a9bz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i3ucbjaca9z9138fra1194a9bz|03|com"; nocase; ) # 1rijfrn1kbzt861ne43btuxxrtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rijfrn1kbzt861ne43btuxxrtl|03|net"; nocase; ) # 1j4k0bf7omhn47kylb612nod4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j4k0bf7omhn47kylb612nod4b|03|net"; nocase; ) # 3hedxl15k9ap719si3wrduto8x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3hedxl15k9ap719si3wrduto8x|03|com"; nocase; ) # 1drmbtqb5ctxf1l2j4uybg1f9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1drmbtqb5ctxf1l2j4uybg1f9h|03|net"; nocase; ) # 1fihleg1g2zapqdty3pij357ak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fihleg1g2zapqdty3pij357ak|03|org"; nocase; ) # k7c50m15ix1o8135rtlurqxg8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k7c50m15ix1o8135rtlurqxg8c|03|com"; nocase; ) # 1pfzdt126pd1f3pybw1jn3yxz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pfzdt126pd1f3pybw1jn3yxz|03|net"; nocase; ) # 1fxztlh4uiwwckcqyic17krrrz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fxztlh4uiwwckcqyic17krrrz|03|org"; nocase; ) # zn90fq1mbmbd4f5nbdp317s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|zn90fq1mbmbd4f5nbdp317s|03|com"; nocase; ) # vah49l1zsh1kzqnvu08x4y2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vah49l1zsh1kzqnvu08x4y2t|03|net"; nocase; ) # 1u53enz1dxelomcsjelntwniit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u53enz1dxelomcsjelntwniit|03|com"; nocase; ) # u91xm41brie5kl6v59a1wyo6z5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u91xm41brie5kl6v59a1wyo6z5|03|net"; nocase; ) # 1pkf0j178rko11ojrq3f1jhq7ap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkf0j178rko11ojrq3f1jhq7ap|03|org"; nocase; ) # 1ftvw2pwnzipw1vnhawz1by1c0y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ftvw2pwnzipw1vnhawz1by1c0y|03|biz"; nocase; ) # k6q1l0d3fvhcjiluvedzhiaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k6q1l0d3fvhcjiluvedzhiaz|03|com"; nocase; ) # 1wnfm93uvga2j1m0vycbkohk3u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wnfm93uvga2j1m0vycbkohk3u|03|com"; nocase; ) # g6auacv9bcpc1nkjqfn10hck9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6auacv9bcpc1nkjqfn10hck9r|03|net"; nocase; ) # qva2tvt1nqbd18c30e61ua5t2e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qva2tvt1nqbd18c30e61ua5t2e|03|biz"; nocase; ) # xh5xxq3kxopu14a4fc0cyyq7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xh5xxq3kxopu14a4fc0cyyq7h|03|com"; nocase; ) # y8b2th1lva57o992m8zmi74jr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y8b2th1lva57o992m8zmi74jr|03|net"; nocase; ) # 12k2h15iu4jb81sfu9iz11oea0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12k2h15iu4jb81sfu9iz11oea0x|03|org"; nocase; ) # iccgqlgstsmayemunvmb62bo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iccgqlgstsmayemunvmb62bo|03|net"; nocase; ) # t9rhzxevpgu4k0ucmnx1uoab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t9rhzxevpgu4k0ucmnx1uoab|03|com"; nocase; ) # 262mr1pdjdrr1x21k7c1uyxv9z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|262mr1pdjdrr1x21k7c1uyxv9z|03|com"; nocase; ) # a6uju81gv12apnu4lsu8niah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a6uju81gv12apnu4lsu8niah|03|org"; nocase; ) # 7zl5cx16sfa38yivn2y1qnyd0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7zl5cx16sfa38yivn2y1qnyd0m|03|com"; nocase; ) # 1sfv1ab1lunxy61rdvqiu1dgo69y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sfv1ab1lunxy61rdvqiu1dgo69y|03|biz"; nocase; ) # 17g3jlx1dxrabpdr9skj1pd4vx1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17g3jlx1dxrabpdr9skj1pd4vx1|03|org"; nocase; ) # 33i3qz1u3rz0fb45png1mam7f5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|33i3qz1u3rz0fb45png1mam7f5|03|net"; nocase; ) # y573br1w996jk15jwf2oudm7oz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y573br1w996jk15jwf2oudm7oz|03|net"; nocase; ) # 193yro31mgy9km1re75rw1bfzisr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|193yro31mgy9km1re75rw1bfzisr|03|net"; nocase; ) # 10ttu6y1x2ppg21hgwi95did4pw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ttu6y1x2ppg21hgwi95did4pw|03|org"; nocase; ) # 1g6zuqt7bkeow1qldeygudmuma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g6zuqt7bkeow1qldeygudmuma|03|net"; nocase; ) # jjxhzkx5kyiheln4a0668nnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jjxhzkx5kyiheln4a0668nnq|03|net"; nocase; ) # 1xrgfulwcjlmt1f36t77f4hy7j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xrgfulwcjlmt1f36t77f4hy7j|03|net"; nocase; ) # zwkahc1t79cwx12sxt2h1qlsq4p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zwkahc1t79cwx12sxt2h1qlsq4p|03|com"; nocase; ) # 18dyblj1ytrdj355d0vt1ekfp05.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18dyblj1ytrdj355d0vt1ekfp05|03|com"; nocase; ) # tirvo4q6c41m1klc5n41fp7t3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tirvo4q6c41m1klc5n41fp7t3p|03|net"; nocase; ) # 1um1etb1jhqiid14szwbuze4a6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1um1etb1jhqiid14szwbuze4a6l|03|net"; nocase; ) # zjkcw3107ccitxq4bg8lmatq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjkcw3107ccitxq4bg8lmatq8|03|com"; nocase; ) # guxum0174tk6dnb78pjnma89d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|guxum0174tk6dnb78pjnma89d|03|org"; nocase; ) # 1wrrc0nt2zi7sl2acv61ad4tc5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wrrc0nt2zi7sl2acv61ad4tc5|03|org"; nocase; ) # 14eujvo1qhgro3cl8d1t8j0nnf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14eujvo1qhgro3cl8d1t8j0nnf|03|biz"; nocase; ) # bcp3tz5q0xzdo4zgfmi6ispw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bcp3tz5q0xzdo4zgfmi6ispw|03|org"; nocase; ) # 1htbgry1tl39or1c85z09pxdzhs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1htbgry1tl39or1c85z09pxdzhs|03|org"; nocase; ) # 1ahcibses8ypd1w1masa172fghk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ahcibses8ypd1w1masa172fghk|03|biz"; nocase; ) # 1ne8kxve0wn3c3yf9eu1baoo6h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ne8kxve0wn3c3yf9eu1baoo6h|03|biz"; nocase; ) # seybr0lvvmfd14u8inesw5d46.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|seybr0lvvmfd14u8inesw5d46|03|com"; nocase; ) # 1dknrq944r4bc1gg6yi91eybjzt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dknrq944r4bc1gg6yi91eybjzt|03|org"; nocase; ) # r6fxj6enn219vzt5l304003.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|r6fxj6enn219vzt5l304003|03|org"; nocase; ) # 1bb5pjp19iruff1x9lntt1t39zdh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bb5pjp19iruff1x9lntt1t39zdh|03|org"; nocase; ) # 1u71o3vfw9maa16kt777dkpbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u71o3vfw9maa16kt777dkpbe|03|net"; nocase; ) # jsr6dsj4zhzy19jgoayq3g4mj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jsr6dsj4zhzy19jgoayq3g4mj|03|org"; nocase; ) # 8jeeeq17hj4wq10ehzz132swpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8jeeeq17hj4wq10ehzz132swpa|03|biz"; nocase; ) # s05v514ss7wgbgpuyy138gjo6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s05v514ss7wgbgpuyy138gjo6|03|com"; nocase; ) # zeqspicpstehz7ovd8183q9t6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zeqspicpstehz7ovd8183q9t6|03|org"; nocase; ) # 1e1x15f13s0opp15jrxtv97qhrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e1x15f13s0opp15jrxtv97qhrd|03|com"; nocase; ) # qmh6asodsb0a17vdkrnzt68km.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmh6asodsb0a17vdkrnzt68km|03|biz"; nocase; ) # 1yo3vsb1v9et571rarw9i6qyplx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yo3vsb1v9et571rarw9i6qyplx|03|org"; nocase; ) # 19efbe11ue52ys10bdq0579ga8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19efbe11ue52ys10bdq0579ga8c|03|com"; nocase; ) # u70edo1v90xh61xo0hf01qcy4mb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u70edo1v90xh61xo0hf01qcy4mb|03|com"; nocase; ) # 1uwo3l712ubphjm3v9xumfh2vd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwo3l712ubphjm3v9xumfh2vd|03|net"; nocase; ) # 168a63mlsfveqfdj2h0r7ynr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|168a63mlsfveqfdj2h0r7ynr|03|net"; nocase; ) # 1phh4wu6mxeih1p0cu8vz5n4mw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1phh4wu6mxeih1p0cu8vz5n4mw|03|org"; nocase; ) # qv2qsieoxstn1wagoigmmuxon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qv2qsieoxstn1wagoigmmuxon|03|net"; nocase; ) # noz6vn1hwb50316x6a0p1ukdahs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|noz6vn1hwb50316x6a0p1ukdahs|03|biz"; nocase; ) # 1ar818d6zeuw81fzy39o1hlceoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ar818d6zeuw81fzy39o1hlceoe|03|org"; nocase; ) # cx665bmzo83qvqns2c1y4gvcs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cx665bmzo83qvqns2c1y4gvcs|03|biz"; nocase; ) # lbo4y71qf577ts42x6h262zml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lbo4y71qf577ts42x6h262zml|03|net"; nocase; ) # 1cgd4xquf7nqo16uis2a1a3k88g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cgd4xquf7nqo16uis2a1a3k88g|03|com"; nocase; ) # 13y1hgp1tu9zyb1i721o07o9grh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13y1hgp1tu9zyb1i721o07o9grh|03|net"; nocase; ) # 32o9qii8c6v825z7ed1b9g9h1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32o9qii8c6v825z7ed1b9g9h1|03|org"; nocase; ) # 1g8sj7z6pkw4lxywtae1ios0s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g8sj7z6pkw4lxywtae1ios0s|03|biz"; nocase; ) # lgy9dt1fes10e1ta1gtd1f7kvca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lgy9dt1fes10e1ta1gtd1f7kvca|03|biz"; nocase; ) # 1hgpvnr16rz0141o3qqi81iw5tsh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hgpvnr16rz0141o3qqi81iw5tsh|03|org"; nocase; ) # 1q0hblvydoon4xc982ctbqrc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q0hblvydoon4xc982ctbqrc1|03|net"; nocase; ) # ol9j0g1sadsng12k1k7zizwf0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ol9j0g1sadsng12k1k7zizwf0r|03|com"; nocase; ) # 8c9d6u10amc2yfsuso3ivlw7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8c9d6u10amc2yfsuso3ivlw7s|03|com"; nocase; ) # 1rocnt41019mcp1wkitwsejbr0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rocnt41019mcp1wkitwsejbr0l|03|net"; nocase; ) # kc0btcxnlso15ffai716mx8ip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kc0btcxnlso15ffai716mx8ip|03|org"; nocase; ) # x3j2y3120f86zt4axzm31qdym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x3j2y3120f86zt4axzm31qdym|03|net"; nocase; ) # hazg821rybiq71bbmsmz1fe6tv4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hazg821rybiq71bbmsmz1fe6tv4|03|biz"; nocase; ) # 1l5kram19sg7k11wq4fkukcs71a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5kram19sg7k11wq4fkukcs71a|03|org"; nocase; ) # mje7fn1ehs7h210iltgr14z92t7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mje7fn1ehs7h210iltgr14z92t7|03|com"; nocase; ) # 16rqpbaugina01biur6r1svhpn9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16rqpbaugina01biur6r1svhpn9|03|com"; nocase; ) # 1v82d9z1wfngph1y6z7t2exbghc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v82d9z1wfngph1y6z7t2exbghc|03|net"; nocase; ) # 13kqjbc1k94tf21nxsxae3jg5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13kqjbc1k94tf21nxsxae3jg5j|03|com"; nocase; ) # 183oad61t6elib1m12iss17n4745.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|183oad61t6elib1m12iss17n4745|03|com"; nocase; ) # iddmkrm4bjz61lwci1g3lhg53.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iddmkrm4bjz61lwci1g3lhg53|03|org"; nocase; ) # fj5m6nkkmlzvw9qibh1oubugz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fj5m6nkkmlzvw9qibh1oubugz|03|net"; nocase; ) # 1golbb91j2dsax1o522n11pncpjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1golbb91j2dsax1o522n11pncpjf|03|org"; nocase; ) # 1a5dgas1lfaq4f1dv7vq398rxyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a5dgas1lfaq4f1dv7vq398rxyy|03|net"; nocase; ) # 1e3hbbc1ulojexbzx05l15jyo1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3hbbc1ulojexbzx05l15jyo1m|03|biz"; nocase; ) # fljnme18ylro71i920pe1rqr6qf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fljnme18ylro71i920pe1rqr6qf|03|com"; nocase; ) # 15918he1yzcnxnv4j8jh1vpb7ma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15918he1yzcnxnv4j8jh1vpb7ma|03|net"; nocase; ) # 1vgp6yfym78ib1uewcce1gx3qfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vgp6yfym78ib1uewcce1gx3qfx|03|net"; nocase; ) # m2q6lp59yrai1756yuj1swbboy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m2q6lp59yrai1756yuj1swbboy|03|org"; nocase; ) # 1djl9o82y7d1v12lsvn6diz9x5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1djl9o82y7d1v12lsvn6diz9x5|03|org"; nocase; ) # st4ehpvrhkkf1wmp5ci2ihggu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|st4ehpvrhkkf1wmp5ci2ihggu|03|com"; nocase; ) # i7xfyz1yzadje1wyl4sd1i8iz9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i7xfyz1yzadje1wyl4sd1i8iz9p|03|net"; nocase; ) # qdh5acm79uq7cnmsmcm889gm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qdh5acm79uq7cnmsmcm889gm|03|com"; nocase; ) # 1d0kzmi16y18zmvksfi16tz4zp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0kzmi16y18zmvksfi16tz4zp|03|net"; nocase; ) # 1czjzll10jtsgz1kxakp0q69oc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1czjzll10jtsgz1kxakp0q69oc5|03|net"; nocase; ) # 1n60z5c1eh4ubd711y3k1v2hqip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n60z5c1eh4ubd711y3k1v2hqip|03|net"; nocase; ) # 1d4w8y43qhezb12n65ivz8jex6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4w8y43qhezb12n65ivz8jex6|03|biz"; nocase; ) # 294ntpjkhthc1u1h17m1apdsgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|294ntpjkhthc1u1h17m1apdsgj|03|net"; nocase; ) # 5jinujd4favo15qaou61mmtrhy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5jinujd4favo15qaou61mmtrhy|03|org"; nocase; ) # q530ucc18x2n1xu4atu1x7mgtq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q530ucc18x2n1xu4atu1x7mgtq|03|biz"; nocase; ) # gyzwcu63elwp15mtnja1n5qrt5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gyzwcu63elwp15mtnja1n5qrt5|03|org"; nocase; ) # 15lums01ne98vk1rpyq1wv312vt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15lums01ne98vk1rpyq1wv312vt|03|com"; nocase; ) # 1yui48s1xbfvdcrjwr531a4r00z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yui48s1xbfvdcrjwr531a4r00z|03|com"; nocase; ) # 18v687e1o6ifxi1qcbp10hd13r3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18v687e1o6ifxi1qcbp10hd13r3|03|biz"; nocase; ) # 13l00hh1u518684ccrdp1cjtwf1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13l00hh1u518684ccrdp1cjtwf1|03|biz"; nocase; ) # 8p1n4y1mdyiqc1kvp1621qw0isd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8p1n4y1mdyiqc1kvp1621qw0isd|03|biz"; nocase; ) # 15rzek3evxmtpg17gjv19bobb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15rzek3evxmtpg17gjv19bobb0|03|com"; nocase; ) # havrxgmvxha31uc3npo1eth71q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|havrxgmvxha31uc3npo1eth71q|03|net"; nocase; ) # 1vf3gaz18f892s1cqenzw1423abn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vf3gaz18f892s1cqenzw1423abn|03|com"; nocase; ) # 8r079cbzvnrx1lrt84w195tjvp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8r079cbzvnrx1lrt84w195tjvp|03|org"; nocase; ) # 15eomubcm1ji1u87eghkpt3ks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15eomubcm1ji1u87eghkpt3ks|03|biz"; nocase; ) # 1jtd3j61gokab1qysz3m3fzzhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jtd3j61gokab1qysz3m3fzzhn|03|net"; nocase; ) # 1rlo4e7vq2k411rqani91roron6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rlo4e7vq2k411rqani91roron6|03|org"; nocase; ) # 1nybvx73tmsrawrxk3h04uie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1nybvx73tmsrawrxk3h04uie|03|com"; nocase; ) # 32iw3k1al9057jjx0091tzvc48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|32iw3k1al9057jjx0091tzvc48|03|net"; nocase; ) # 1cpyw02d7fvrlhgcpxs2sm5tf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cpyw02d7fvrlhgcpxs2sm5tf|03|com"; nocase; ) # dcbxgb17bjfd31dqj7rnba9u6g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dcbxgb17bjfd31dqj7rnba9u6g|03|net"; nocase; ) # bdg4aa1eh38msfamkqu1x556r7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bdg4aa1eh38msfamkqu1x556r7|03|net"; nocase; ) # 15m523h1lfwona1pa6u7y1tytvwb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15m523h1lfwona1pa6u7y1tytvwb|03|net"; nocase; ) # ht3lpx1kbwmdrr7kc8b13tfpa2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ht3lpx1kbwmdrr7kc8b13tfpa2|03|com"; nocase; ) # 3lyu5hnunh2r13tpuev1n6himh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3lyu5hnunh2r13tpuev1n6himh|03|biz"; nocase; ) # k00f83k9mrd51xwqjk5wfoo4s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k00f83k9mrd51xwqjk5wfoo4s|03|org"; nocase; ) # 13edqrycfkj1ult2gyf3vz0hy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13edqrycfkj1ult2gyf3vz0hy|03|org"; nocase; ) # ebhzgehha2l9co9f5vbud8mc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ebhzgehha2l9co9f5vbud8mc|03|net"; nocase; ) # 1mnqn8fopnd5zjvbyee1jfm8ks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnqn8fopnd5zjvbyee1jfm8ks|03|org"; nocase; ) # 1qajeo116j4lx5ky5lqcvg5kgj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qajeo116j4lx5ky5lqcvg5kgj|03|biz"; nocase; ) # u6habo18z3fyxskp2pafdnvtv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u6habo18z3fyxskp2pafdnvtv|03|org"; nocase; ) # 1owt4hvkryw271almdw31iunlmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1owt4hvkryw271almdw31iunlmp|03|org"; nocase; ) # 31pmsv1ppgkgolccqhl1xu82oy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|31pmsv1ppgkgolccqhl1xu82oy|03|net"; nocase; ) # 18k825r15q6diz1czgsf42cdc0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k825r15q6diz1czgsf42cdc0s|03|net"; nocase; ) # 1y9cwa11vkfeee1h3vvot1m9k8sl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y9cwa11vkfeee1h3vvot1m9k8sl|03|net"; nocase; ) # 1l6b6xr1hoei9s1u4io0t1xmmfqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l6b6xr1hoei9s1u4io0t1xmmfqk|03|org"; nocase; ) # tkzgzu1xqbyvcnq5ki4ecs5hk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkzgzu1xqbyvcnq5ki4ecs5hk|03|com"; nocase; ) # 1rxh73irgv9ho5ve0wkpqsw6s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rxh73irgv9ho5ve0wkpqsw6s|03|biz"; nocase; ) # s2szba178ahdrpuu7jjy7bvsf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s2szba178ahdrpuu7jjy7bvsf|03|com"; nocase; ) # ty2kp2nm27fpauf1gj1qumiqt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ty2kp2nm27fpauf1gj1qumiqt|03|net"; nocase; ) # 5lp1kdpk5kv51t1zlvsvzcblb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5lp1kdpk5kv51t1zlvsvzcblb|03|net"; nocase; ) # usu3u61i61q0ghkad4bgpvsdw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|usu3u61i61q0ghkad4bgpvsdw|03|org"; nocase; ) # p4n7sj161hw0s1358d3c1a0vczk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p4n7sj161hw0s1358d3c1a0vczk|03|biz"; nocase; ) # 1bpnf0t9hjms415389k01a6uyvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bpnf0t9hjms415389k01a6uyvw|03|net"; nocase; ) # 1f9i56h4v5rfo1jxdy9aw0q5ej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f9i56h4v5rfo1jxdy9aw0q5ej|03|org"; nocase; ) # 19u2ydh110x9xa1yo8klk1og3tm1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19u2ydh110x9xa1yo8klk1og3tm1|03|org"; nocase; ) # 7g27gn1mla8yx1lg6vcbltrosb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7g27gn1mla8yx1lg6vcbltrosb|03|com"; nocase; ) # 1z8a7816kb9lkt7yn631mt63iq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1z8a7816kb9lkt7yn631mt63iq|03|org"; nocase; ) # ymcf5d1t3re52zof03412g0vle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ymcf5d1t3re52zof03412g0vle|03|net"; nocase; ) # 5xu62j1a934jvhtw18z1z0ocn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xu62j1a934jvhtw18z1z0ocn8|03|com"; nocase; ) # 1n16n7ixilzxw1g9opvd1t96i74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n16n7ixilzxw1g9opvd1t96i74|03|net"; nocase; ) # 1dz9x4648heipz41c74b7jr59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dz9x4648heipz41c74b7jr59|03|org"; nocase; ) # 135tqs9wc7qkl15vl24y44b15c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135tqs9wc7qkl15vl24y44b15c|03|org"; nocase; ) # 1kkoaaw19etdr21c9le48vyvjd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kkoaaw19etdr21c9le48vyvjd4|03|net"; nocase; ) # 3iuembcp19kc3jogv753pwlr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3iuembcp19kc3jogv753pwlr|03|com"; nocase; ) # h1nhji15v1ztn12tzjgqcb3sd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1nhji15v1ztn12tzjgqcb3sd|03|org"; nocase; ) # 1n0uryx1y4vjsq1mlfwbt15lsp60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n0uryx1y4vjsq1mlfwbt15lsp60|03|net"; nocase; ) # 1skq0a89mxtftytq5ci1se3ffl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1skq0a89mxtftytq5ci1se3ffl|03|com"; nocase; ) # 1itjwyh6k4s2y1lefcuv1qg8slw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1itjwyh6k4s2y1lefcuv1qg8slw|03|org"; nocase; ) # ykskuz1fanywx1zjrfgjnpi5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ykskuz1fanywx1zjrfgjnpi5b|03|biz"; nocase; ) # 13i4tdb1shccdc1jhnlcfucg086.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13i4tdb1shccdc1jhnlcfucg086|03|net"; nocase; ) # 6ku2ss9dqobyumt6h41rtnihl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ku2ss9dqobyumt6h41rtnihl|03|org"; nocase; ) # 1up1xli11ydwty1moza05187po1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1up1xli11ydwty1moza05187po1n|03|net"; nocase; ) # b0rkg61cusbsb1jy2482i3uuh3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0rkg61cusbsb1jy2482i3uuh3|03|com"; nocase; ) # 44znsrsg4ttztxxznfwptwu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|44znsrsg4ttztxxznfwptwu|03|org"; nocase; ) # 1an129di3di3c1puh0yj12b67kt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1an129di3di3c1puh0yj12b67kt|03|com"; nocase; ) # 7qoijy1jxy7rlupepgo5utq42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7qoijy1jxy7rlupepgo5utq42|03|org"; nocase; ) # 1ilkcoe1svrelhjiunqg1r5gauj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ilkcoe1svrelhjiunqg1r5gauj|03|biz"; nocase; ) # mp8l1wmpz2pf1ce9t8t6jlxf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mp8l1wmpz2pf1ce9t8t6jlxf|03|biz"; nocase; ) # 72ht7fj6yx4x1nvz5341yn86oq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72ht7fj6yx4x1nvz5341yn86oq|03|biz"; nocase; ) # 5atxcb1r1ytzhy825o4dn1hve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5atxcb1r1ytzhy825o4dn1hve|03|com"; nocase; ) # 44xtr11nvie5115w0x9nwsi97g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|44xtr11nvie5115w0x9nwsi97g|03|net"; nocase; ) # 18ssa2014jgv7q17e339ditsshl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ssa2014jgv7q17e339ditsshl|03|com"; nocase; ) # 1pazjyi13raug81mmzthofd2uon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pazjyi13raug81mmzthofd2uon|03|net"; nocase; ) # itdyx8gbariuw6qbmqln4ts7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itdyx8gbariuw6qbmqln4ts7|03|biz"; nocase; ) # 1jld8xz1rehu021ye0e8q1dcp90f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jld8xz1rehu021ye0e8q1dcp90f|03|org"; nocase; ) # 1hossu51f5wyhq2ff4toddv04w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hossu51f5wyhq2ff4toddv04w|03|biz"; nocase; ) # 1bot2gyox1g4th4ft02bnj9xc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bot2gyox1g4th4ft02bnj9xc|03|biz"; nocase; ) # ykjqb21oqqrk8qbduc91npio7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ykjqb21oqqrk8qbduc91npio7m|03|net"; nocase; ) # l992ndk4p7qw1b7ju29zwl0ex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l992ndk4p7qw1b7ju29zwl0ex|03|net"; nocase; ) # 12bclsm1qtuyey1gqt5gx1vs5dq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12bclsm1qtuyey1gqt5gx1vs5dq|03|net"; nocase; ) # 10q3yane05t1g29eqme1bd8doi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10q3yane05t1g29eqme1bd8doi|03|org"; nocase; ) # mlbzlsf8mnzj7ef3mni7verk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mlbzlsf8mnzj7ef3mni7verk|03|net"; nocase; ) # 1xyeix71i7nhjf16efjfpmn4s5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xyeix71i7nhjf16efjfpmn4s5|03|com"; nocase; ) # 1bxm1nxcbs2kdw2zfiqbmuqko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bxm1nxcbs2kdw2zfiqbmuqko|03|biz"; nocase; ) # 1ellouf7emssvf0w3mq1q2gm93.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ellouf7emssvf0w3mq1q2gm93|03|org"; nocase; ) # 1b2uafh18u656m1hpij0e12c5wmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b2uafh18u656m1hpij0e12c5wmr|03|org"; nocase; ) # 1aaiovwrrpllm2bfrpq1jznmis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aaiovwrrpllm2bfrpq1jznmis|03|com"; nocase; ) # 3ns0g711jn230118ogb37va9sp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ns0g711jn230118ogb37va9sp|03|biz"; nocase; ) # 1k3ga8l5embcj1knpmwldghr4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3ga8l5embcj1knpmwldghr4k|03|net"; nocase; ) # eo9rbgvld5e71r45dgw1lgd7ye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eo9rbgvld5e71r45dgw1lgd7ye|03|com"; nocase; ) # 518thsb965kt5hyccq15huytd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|518thsb965kt5hyccq15huytd|03|biz"; nocase; ) # e3nmom163fjqg1vbnnea10mryf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e3nmom163fjqg1vbnnea10mryf5|03|net"; nocase; ) # hbvmkm12s14zhefhvd018v881r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hbvmkm12s14zhefhvd018v881r|03|net"; nocase; ) # 25s6921nlhh0yfidz8v69t9zn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|25s6921nlhh0yfidz8v69t9zn|03|org"; nocase; ) # 1wttg0vsk400i1cuznb81gj8wbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wttg0vsk400i1cuznb81gj8wbz|03|net"; nocase; ) # 1fg9n4k145mhbm11tfish14nlzys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fg9n4k145mhbm11tfish14nlzys|03|com"; nocase; ) # gzon5ph5xcny1w3s18t1pblbkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gzon5ph5xcny1w3s18t1pblbkk|03|net"; nocase; ) # s0qs6semki4p5y0tmasn2ckh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s0qs6semki4p5y0tmasn2ckh|03|net"; nocase; ) # 1r73jwmpl00ya1ombsts1cur2rz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r73jwmpl00ya1ombsts1cur2rz|03|net"; nocase; ) # 135c5p11j0ioi71vyauyi13p2b0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|135c5p11j0ioi71vyauyi13p2b0d|03|net"; nocase; ) # zo2z35nt2y3t1dxz6ov9a4o0q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zo2z35nt2y3t1dxz6ov9a4o0q|03|org"; nocase; ) # e0o69h1tipdly1857nug1rz8ymk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e0o69h1tipdly1857nug1rz8ymk|03|net"; nocase; ) # 1560bza1kla7z315n6xrvgthfp6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1560bza1kla7z315n6xrvgthfp6|03|org"; nocase; ) # q3rdfe1wge5rc1f72xun1s8akip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q3rdfe1wge5rc1f72xun1s8akip|03|org"; nocase; ) # 15bpjlqa3syjt1kq521e8wwixo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15bpjlqa3syjt1kq521e8wwixo|03|com"; nocase; ) # 1vu6w4vcdjgitdga7avcwthhd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vu6w4vcdjgitdga7avcwthhd|03|org"; nocase; ) # 8elgty1vek70tt8u6nkuzqdk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8elgty1vek70tt8u6nkuzqdk4|03|net"; nocase; ) # 45mlix1xuvnao1oz0cx1wq3l49.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|45mlix1xuvnao1oz0cx1wq3l49|03|com"; nocase; ) # 1gylos01hztgld166w6i947l469.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gylos01hztgld166w6i947l469|03|net"; nocase; ) # 1d5i4fk195153hkzzevzuov4zt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d5i4fk195153hkzzevzuov4zt|03|org"; nocase; ) # 1s1emwbf8f34wkifmy21pgo88r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s1emwbf8f34wkifmy21pgo88r|03|org"; nocase; ) # 3ea2z1leu7d3ee3je9awjgu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ea2z1leu7d3ee3je9awjgu2|03|net"; nocase; ) # e7kqph3dfj3l1qjc5tf1r91ho6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7kqph3dfj3l1qjc5tf1r91ho6|03|biz"; nocase; ) # 45m6k41dgpkkl5wb3bdda1nhx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|45m6k41dgpkkl5wb3bdda1nhx|03|net"; nocase; ) # 3zux9y1cn6ow88n7jqt1vhst7v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3zux9y1cn6ow88n7jqt1vhst7v|03|biz"; nocase; ) # 10ih47p11jyfgcfea27t1pnb75u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ih47p11jyfgcfea27t1pnb75u|03|com"; nocase; ) # 1pq22u6jdsq2m1xb1jjq1d5v6pu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pq22u6jdsq2m1xb1jjq1d5v6pu|03|org"; nocase; ) # 17sdvqcknoz9a1gd3rx11gn6dpv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17sdvqcknoz9a1gd3rx11gn6dpv|03|net"; nocase; ) # t5vphvf386ht1kcs7crdwvofi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t5vphvf386ht1kcs7crdwvofi|03|com"; nocase; ) # t8p5ifopo84t1wk2uaa1sa5di8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8p5ifopo84t1wk2uaa1sa5di8|03|net"; nocase; ) # h0p7221svtj4a5mhj6hmp0gzk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0p7221svtj4a5mhj6hmp0gzk|03|com"; nocase; ) # 1rh1cirnmkq7s1ht53pr5nlykv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rh1cirnmkq7s1ht53pr5nlykv|03|biz"; nocase; ) # 5mwc7zm6ug1h1vxmv3n1b1gi5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5mwc7zm6ug1h1vxmv3n1b1gi5a|03|net"; nocase; ) # laiwccsq0el1qnkx5ce4ca3z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|laiwccsq0el1qnkx5ce4ca3z|03|org"; nocase; ) # 10ou7z516pzra21t1jczum89td.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ou7z516pzra21t1jczum89td|03|com"; nocase; ) # q6jbgrg2z7toxshvkl104fl48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6jbgrg2z7toxshvkl104fl48|03|com"; nocase; ) # 9j6w4i1pvs6grxkqyil9jx479.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9j6w4i1pvs6grxkqyil9jx479|03|net"; nocase; ) # 9fs7rz1kw2yf31hwqokb1r4232z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9fs7rz1kw2yf31hwqokb1r4232z|03|biz"; nocase; ) # 2utc7n1yly79u991jxkgo181y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2utc7n1yly79u991jxkgo181y|03|org"; nocase; ) # 10wfopn1qxnp0ky0fhp41auwgiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wfopn1qxnp0ky0fhp41auwgiw|03|net"; nocase; ) # b04bpbgdvae41mqxa1n1a1bubz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b04bpbgdvae41mqxa1n1a1bubz|03|net"; nocase; ) # let6hn1y75bm4aye9ku1e5tert.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|let6hn1y75bm4aye9ku1e5tert|03|biz"; nocase; ) # p2edcnmp95bkvd7ft581wwma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p2edcnmp95bkvd7ft581wwma|03|com"; nocase; ) # z86zwf9wf7j9a04mu1z3unwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z86zwf9wf7j9a04mu1z3unwm|03|biz"; nocase; ) # 1yug06jywt3s310f8h8v1bpsk7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yug06jywt3s310f8h8v1bpsk7w|03|net"; nocase; ) # 1ogozzbs8u8y39z81vy5403rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ogozzbs8u8y39z81vy5403rd|03|net"; nocase; ) # 1ushtud1ip7cnoidr37egju7hz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ushtud1ip7cnoidr37egju7hz|03|net"; nocase; ) # 15ws3na1n3opzw1yxbst954kcdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ws3na1n3opzw1yxbst954kcdc|03|com"; nocase; ) # 6e616h1raefz46j3mg31d96gca.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6e616h1raefz46j3mg31d96gca|03|org"; nocase; ) # 1fp2j361x3brvyk0oe37pta58x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fp2j361x3brvyk0oe37pta58x|03|biz"; nocase; ) # 1nyifgz2hkzwj17r2c212m3dru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nyifgz2hkzwj17r2c212m3dru|03|net"; nocase; ) # kjzw5n3otrkjixp9vhrm82sb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kjzw5n3otrkjixp9vhrm82sb|03|net"; nocase; ) # 186na7w1vv1gw0j0oj1p1igklc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|186na7w1vv1gw0j0oj1p1igklc|03|com"; nocase; ) # 11uc4ehfljelu300gus1vuh8t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11uc4ehfljelu300gus1vuh8t|03|net"; nocase; ) # 4otms11np3kq131yj4ebkelir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4otms11np3kq131yj4ebkelir|03|net"; nocase; ) # 641r031wijkhu1xqxl706u080i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|641r031wijkhu1xqxl706u080i|03|org"; nocase; ) # r0nqlr156xm0o1pxuxbf1kq3dcz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r0nqlr156xm0o1pxuxbf1kq3dcz|03|net"; nocase; ) # 1tmadfx1b6efi71ehtujtrc8nml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tmadfx1b6efi71ehtujtrc8nml|03|net"; nocase; ) # 1yh53ql1jpg1p91kcwz9q1poozda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yh53ql1jpg1p91kcwz9q1poozda|03|com"; nocase; ) # 1lfsv3uc1rin015gcn012ek5re.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfsv3uc1rin015gcn012ek5re|03|com"; nocase; ) # 1g8mq3u8qxh2f5p56t61tfu9pg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g8mq3u8qxh2f5p56t61tfu9pg|03|net"; nocase; ) # 6hg3bvzywpj7bpj8s1ofe54y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6hg3bvzywpj7bpj8s1ofe54y|03|com"; nocase; ) # 8zmyl21mq0n09181uven1r0icb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8zmyl21mq0n09181uven1r0icb|03|org"; nocase; ) # lranj5swqugr1ycl4u1359wa6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lranj5swqugr1ycl4u1359wa6|03|biz"; nocase; ) # luqf2m1f7ka7n1fe0ifx1d1q54c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|luqf2m1f7ka7n1fe0ifx1d1q54c|03|org"; nocase; ) # 1ojsl6v3kpedk1hon5l9v6j5gn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ojsl6v3kpedk1hon5l9v6j5gn|03|net"; nocase; ) # 14ha91c1bst9qdjeh8yp14kzebe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ha91c1bst9qdjeh8yp14kzebe|03|com"; nocase; ) # yordau1xp0wrl3emcgqxbnssu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yordau1xp0wrl3emcgqxbnssu|03|net"; nocase; ) # 1ntq6hjugdcvg1t15f50ueb5qv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ntq6hjugdcvg1t15f50ueb5qv|03|net"; nocase; ) # 1lj5ffe1142x3b1bn37kh18pf676.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lj5ffe1142x3b1bn37kh18pf676|03|net"; nocase; ) # 1voehvabw9qtm3x1mjj123b4xu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1voehvabw9qtm3x1mjj123b4xu|03|com"; nocase; ) # 1vfpjt61b2yohzxdkgix1rcveyp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfpjt61b2yohzxdkgix1rcveyp|03|net"; nocase; ) # 3kj0cp1v2hk4tao14a7waecgv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3kj0cp1v2hk4tao14a7waecgv|03|net"; nocase; ) # hzlpj2d5qh331b23olgep5nt3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hzlpj2d5qh331b23olgep5nt3|03|biz"; nocase; ) # 17wnapoloivzr1v2x71q1ah429q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17wnapoloivzr1v2x71q1ah429q|03|net"; nocase; ) # 1p0d71o24c9kw1xs2yux2kp1gw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p0d71o24c9kw1xs2yux2kp1gw|03|net"; nocase; ) # 1m3w2qbbr87a0eywagnp31x2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m3w2qbbr87a0eywagnp31x2x|03|net"; nocase; ) # 1f83xu14y5xr51acdw13b4vmlr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f83xu14y5xr51acdw13b4vmlr|03|com"; nocase; ) # 13xim0y1ulh83ikuxhue1nlxjvk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13xim0y1ulh83ikuxhue1nlxjvk|03|biz"; nocase; ) # 1mx8x151c3s4e7ff8ouu3y5qvb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mx8x151c3s4e7ff8ouu3y5qvb|03|org"; nocase; ) # p1d17kleolh811guuzupxr6g8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p1d17kleolh811guuzupxr6g8|03|net"; nocase; ) # hirsehcnf2c8e96h4w1x27a26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hirsehcnf2c8e96h4w1x27a26|03|org"; nocase; ) # 1okqhl3kc58jjnimzmi1n6poqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1okqhl3kc58jjnimzmi1n6poqf|03|net"; nocase; ) # jon8t0coxfix1bnftf51yzb0wo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jon8t0coxfix1bnftf51yzb0wo|03|com"; nocase; ) # 1tspb0s11rd2pwk9lkm71ngy651.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tspb0s11rd2pwk9lkm71ngy651|03|net"; nocase; ) # urgteb1d0ffod1c1tpkttbb7be.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|urgteb1d0ffod1c1tpkttbb7be|03|com"; nocase; ) # bl7ytovspsxfdj6jdrr4o39.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|bl7ytovspsxfdj6jdrr4o39|03|net"; nocase; ) # 1m84xcg1lcfaadre67rznohpz2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m84xcg1lcfaadre67rznohpz2|03|org"; nocase; ) # vmbff1sximp11tugr091urfamj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vmbff1sximp11tugr091urfamj|03|net"; nocase; ) # h8001s10887nw1b362cj1d7dq69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h8001s10887nw1b362cj1d7dq69|03|net"; nocase; ) # gco6xjp9fyh1x2ab9r1gkp464.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gco6xjp9fyh1x2ab9r1gkp464|03|com"; nocase; ) # 1egnz8rnbglo2q3v6a01tjrimv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egnz8rnbglo2q3v6a01tjrimv|03|org"; nocase; ) # unmccdiqkv3shzawaiaj1kj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|unmccdiqkv3shzawaiaj1kj6|03|net"; nocase; ) # c4w9nyf9wpy81dnx8ip9q4ife.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4w9nyf9wpy81dnx8ip9q4ife|03|org"; nocase; ) # 1d8zpie32gtwh6p36gkzsj7hn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d8zpie32gtwh6p36gkzsj7hn|03|net"; nocase; ) # zgxjuh1shy7mt11hlrzr12xuklf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zgxjuh1shy7mt11hlrzr12xuklf|03|net"; nocase; ) # s2z59go1h58ezbzjiu90kssj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s2z59go1h58ezbzjiu90kssj|03|org"; nocase; ) # vfgji3blfvz21xsw01km81b3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vfgji3blfvz21xsw01km81b3k|03|com"; nocase; ) # 1w0uuad1nf6f5n1d2iswgshuj4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w0uuad1nf6f5n1d2iswgshuj4v|03|net"; nocase; ) # 1v03nc71b4knmcgp1dr67x0ltu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v03nc71b4knmcgp1dr67x0ltu|03|com"; nocase; ) # 1twss6ngtczvq7784skfddcwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1twss6ngtczvq7784skfddcwi|03|com"; nocase; ) # 1p4qwel1mo01f9caagsjfpb3vf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p4qwel1mo01f9caagsjfpb3vf|03|org"; nocase; ) # 8og6mq1g2d12x1jgkrb218xiujr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8og6mq1g2d12x1jgkrb218xiujr|03|biz"; nocase; ) # jnv8kdcxcc99r17shdzdvwx1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jnv8kdcxcc99r17shdzdvwx1|03|net"; nocase; ) # 1buwgz01emjkaoub18rt4833n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1buwgz01emjkaoub18rt4833n|03|biz"; nocase; ) # 16yd5zwzmspttiuujna1pedhw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16yd5zwzmspttiuujna1pedhw4|03|org"; nocase; ) # 1cw9chl1o4pipp3ma9k0y7teui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cw9chl1o4pipp3ma9k0y7teui|03|org"; nocase; ) # 1uk9csh16qm87o1vvmf1p1ufrw3q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uk9csh16qm87o1vvmf1p1ufrw3q|03|com"; nocase; ) # 1rdo84pjri54wtqkwpa1u5cl2g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdo84pjri54wtqkwpa1u5cl2g|03|com"; nocase; ) # 1ftcegwc7jddn1or88fz1ipzow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftcegwc7jddn1or88fz1ipzow|03|biz"; nocase; ) # ui7hj71lioeke1l8pdgucosiih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ui7hj71lioeke1l8pdgucosiih|03|com"; nocase; ) # j30nzpys0c90wn2unj15pxyw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j30nzpys0c90wn2unj15pxyw5|03|net"; nocase; ) # 7rqvi613wtfzh1xgk99noc5f0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7rqvi613wtfzh1xgk99noc5f0d|03|net"; nocase; ) # 1w6g73111zi9h99wfsxeylvmry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w6g73111zi9h99wfsxeylvmry|03|com"; nocase; ) # 1uwkmpo5z5s211dlh2e8el1rj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwkmpo5z5s211dlh2e8el1rj0|03|com"; nocase; ) # 1irx6z81u6ttu09bm1ih1x3kt0e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1irx6z81u6ttu09bm1ih1x3kt0e|03|net"; nocase; ) # 1hy3f4xupl7hnann91zedhuck.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hy3f4xupl7hnann91zedhuck|03|org"; nocase; ) # dy22f219zek6e1r2m1vg4d79u5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dy22f219zek6e1r2m1vg4d79u5|03|com"; nocase; ) # 1wrrwoimpk12d2sp4on3qkpoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wrrwoimpk12d2sp4on3qkpoz|03|net"; nocase; ) # ns833w5k26g917kxc3v1b5y7nu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ns833w5k26g917kxc3v1b5y7nu|03|org"; nocase; ) # 149kekg1w1ckx6shk9g5likf9z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|149kekg1w1ckx6shk9g5likf9z|03|org"; nocase; ) # 1nscvop1d3cv6czz5ans1g2crkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nscvop1d3cv6czz5ans1g2crkp|03|org"; nocase; ) # lrex8t69s695f86f1gliwoge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lrex8t69s695f86f1gliwoge|03|org"; nocase; ) # 1f4lydozy5ngt1cuttnl1xhn6ac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f4lydozy5ngt1cuttnl1xhn6ac|03|net"; nocase; ) # 1n5h8ba1lzirkseu1ebdb47l5x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n5h8ba1lzirkseu1ebdb47l5x|03|com"; nocase; ) # xp6dnsin18lju3nmzqyz1jkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xp6dnsin18lju3nmzqyz1jkf|03|org"; nocase; ) # 7f5p0i1n1tj9t13qrai7fn856r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7f5p0i1n1tj9t13qrai7fn856r|03|biz"; nocase; ) # n97ihy1s3l1gkx2xa201ezyoee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n97ihy1s3l1gkx2xa201ezyoee|03|net"; nocase; ) # apuljnrbm3hlvw5vm1j949a9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|apuljnrbm3hlvw5vm1j949a9|03|org"; nocase; ) # 1cfivz011vbuqh1jckv331t4a5iy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cfivz011vbuqh1jckv331t4a5iy|03|net"; nocase; ) # 77g9uz1s5tca71wkzx0s8la48v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77g9uz1s5tca71wkzx0s8la48v|03|biz"; nocase; ) # 24d3az14u2olphrwtvy1px57dh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24d3az14u2olphrwtvy1px57dh|03|net"; nocase; ) # 1ghshvbzyowr4guatqb80nra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ghshvbzyowr4guatqb80nra|03|org"; nocase; ) # 1h6pf38euyrjfqw0ela1mgddeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h6pf38euyrjfqw0ela1mgddeo|03|com"; nocase; ) # ksbzzd1o5aqbd1g4lf2ejc5ubj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ksbzzd1o5aqbd1g4lf2ejc5ubj|03|org"; nocase; ) # 1yg3x731tqsrxn1hss4vr1w2anbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yg3x731tqsrxn1hss4vr1w2anbl|03|com"; nocase; ) # 15u7m5fbwxnkzp7nnr419k690q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15u7m5fbwxnkzp7nnr419k690q|03|org"; nocase; ) # bl6xpl29mmkc1nj3a951pxtdcf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bl6xpl29mmkc1nj3a951pxtdcf|03|org"; nocase; ) # wwnbpb1edjj5y1j3yebj1dqb26h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wwnbpb1edjj5y1j3yebj1dqb26h|03|net"; nocase; ) # jc6f00q4l05g1y6tuirr06b4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jc6f00q4l05g1y6tuirr06b4k|03|net"; nocase; ) # 1v60zn4159d43n1cw1t9a1x8gwll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v60zn4159d43n1cw1t9a1x8gwll|03|org"; nocase; ) # qvv1cqte4jahuxfwue1du8bt8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qvv1cqte4jahuxfwue1du8bt8|03|org"; nocase; ) # 1rx90zlw6jks71caxlgf1xciqxx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rx90zlw6jks71caxlgf1xciqxx|03|biz"; nocase; ) # 1323zt11w01s9s1fhdh3n1gkwkj9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1323zt11w01s9s1fhdh3n1gkwkj9|03|net"; nocase; ) # 1lzkaotv799v41dw89ew2mqa9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lzkaotv799v41dw89ew2mqa9i|03|com"; nocase; ) # 1u1vpxu1q9d741e75tzm5d3d7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u1vpxu1q9d741e75tzm5d3d7|03|net"; nocase; ) # 1ncoov12g3mco9ney12p0eyi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ncoov12g3mco9ney12p0eyi|03|biz"; nocase; ) # 1mewysnkk32v4muuxn1upbxis.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mewysnkk32v4muuxn1upbxis|03|biz"; nocase; ) # 10siuc65xf63w19zjwct1h2dbdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10siuc65xf63w19zjwct1h2dbdo|03|net"; nocase; ) # t0vo91rih0515kx8t4rgtf6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t0vo91rih0515kx8t4rgtf6o|03|net"; nocase; ) # ypneco1e4k2ospv2ddh1o8h0o6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ypneco1e4k2ospv2ddh1o8h0o6|03|com"; nocase; ) # iq5es01vx7eap1umu7oe1jw55ak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iq5es01vx7eap1umu7oe1jw55ak|03|org"; nocase; ) # 6rrwrgigdifs1011hz31360ydd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6rrwrgigdifs1011hz31360ydd|03|biz"; nocase; ) # px0bll1bk2lcw1k60oiv1gwupm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|px0bll1bk2lcw1k60oiv1gwupm9|03|net"; nocase; ) # 19xhmtzbjsqhe184em1t1w901c1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xhmtzbjsqhe184em1t1w901c1|03|com"; nocase; ) # ylrusb1xu0y8wgc8hr51risalk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ylrusb1xu0y8wgc8hr51risalk|03|com"; nocase; ) # 1gd8i6st0x36azmfyrr1fw9du9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gd8i6st0x36azmfyrr1fw9du9|03|org"; nocase; ) # 1n1lc7199fukkyli3m61of1e2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1lc7199fukkyli3m61of1e2h|03|org"; nocase; ) # 10hznxq1f4fgnj1fd25ya1mk3594.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10hznxq1f4fgnj1fd25ya1mk3594|03|com"; nocase; ) # 14mzkps180npno1a4gabz1o2rj5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14mzkps180npno1a4gabz1o2rj5i|03|net"; nocase; ) # zjcg14wlldbb16dxyws1wb34w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zjcg14wlldbb16dxyws1wb34w4|03|org"; nocase; ) # 1wdtsiynpwhzzr3hpdc1l261ul.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wdtsiynpwhzzr3hpdc1l261ul|03|org"; nocase; ) # 14e58am1lmm9vjm68atccvmlum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14e58am1lmm9vjm68atccvmlum|03|net"; nocase; ) # 1mrx6ne13oozyr2qej4c1mvirgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mrx6ne13oozyr2qej4c1mvirgt|03|net"; nocase; ) # 1d6u39214wjyg8ajkjrsjck4n6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d6u39214wjyg8ajkjrsjck4n6|03|org"; nocase; ) # 2drobjybf5zo1yv067uyzhbu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2drobjybf5zo1yv067uyzhbu|03|com"; nocase; ) # l9acmh18vyhus91p4i91s5gsfd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l9acmh18vyhus91p4i91s5gsfd|03|org"; nocase; ) # 1n46vvo1m94swrl2doz12d9c84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n46vvo1m94swrl2doz12d9c84|03|net"; nocase; ) # 1h7rr6u1qeojzt1881x3tfr78uu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h7rr6u1qeojzt1881x3tfr78uu|03|net"; nocase; ) # usrz4hj965k0s5q7yi11ia8t0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|usrz4hj965k0s5q7yi11ia8t0|03|com"; nocase; ) # 1vacitp11lc7m11i13kde1n61o84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vacitp11lc7m11i13kde1n61o84|03|net"; nocase; ) # 13xs3vuvuyh6cgfpnvm8wu6wn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13xs3vuvuyh6cgfpnvm8wu6wn|03|net"; nocase; ) # epipl5bk0h7f176ru3lhlb5mf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epipl5bk0h7f176ru3lhlb5mf|03|biz"; nocase; ) # mrc78kdclwl817q0g1o7t8ksk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mrc78kdclwl817q0g1o7t8ksk|03|com"; nocase; ) # d9pjz5fj13e4pn08nf1jirqep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d9pjz5fj13e4pn08nf1jirqep|03|org"; nocase; ) # 1f9pnnf6rihdb1ls6r401y9ux2c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9pnnf6rihdb1ls6r401y9ux2c|03|org"; nocase; ) # ttuqqf9amub03hjgyx12cvw8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ttuqqf9amub03hjgyx12cvw8x|03|biz"; nocase; ) # 6g9dvy1prl85d1uv633q1mnc69g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6g9dvy1prl85d1uv633q1mnc69g|03|org"; nocase; ) # xolvmw5n776hd07bzaa9nn72.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xolvmw5n776hd07bzaa9nn72|03|com"; nocase; ) # rifgpx1m9olazzpwrwf1azr685.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rifgpx1m9olazzpwrwf1azr685|03|net"; nocase; ) # 1m2gc771gyubnf1ypushypdtkl4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2gc771gyubnf1ypushypdtkl4|03|biz"; nocase; ) # 12fd91tnn2v2r11kgzkl1xcehiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12fd91tnn2v2r11kgzkl1xcehiw|03|net"; nocase; ) # q6htln14ojyddn3xqxv9xg9uf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6htln14ojyddn3xqxv9xg9uf|03|biz"; nocase; ) # 7gvkoo14vr0xsmmvcmmsmp6wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7gvkoo14vr0xsmmvcmmsmp6wk|03|net"; nocase; ) # lnnxcd1c74xwk61dkkj3f8lji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lnnxcd1c74xwk61dkkj3f8lji|03|org"; nocase; ) # 1ux983inbvob311h4ox01nv1yp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ux983inbvob311h4ox01nv1yp4|03|net"; nocase; ) # 1npt0klza57v2fz2oud14116r6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1npt0klza57v2fz2oud14116r6|03|net"; nocase; ) # 17ua07f1gee8ojzy8smoujk4f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17ua07f1gee8ojzy8smoujk4f|03|com"; nocase; ) # ckc13c1bxo3am110bxzxadqb8q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ckc13c1bxo3am110bxzxadqb8q|03|biz"; nocase; ) # 520jd0uijchh1oron367z2a5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|520jd0uijchh1oron367z2a5b|03|biz"; nocase; ) # 1glnjtknfmpc116mn1ky1gji0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1glnjtknfmpc116mn1ky1gji0|03|org"; nocase; ) # myn7jt170hf8w5lj2i81bjgqi8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|myn7jt170hf8w5lj2i81bjgqi8|03|net"; nocase; ) # 191moeqqolkj9bg0q7i1bnubeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|191moeqqolkj9bg0q7i1bnubeb|03|com"; nocase; ) # 17qr1q6kwwavn19mj0s81rnrcn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17qr1q6kwwavn19mj0s81rnrcn0|03|net"; nocase; ) # 1n9fagz84swmo1ktko2o1vgpafk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9fagz84swmo1ktko2o1vgpafk|03|org"; nocase; ) # 1rdy4xwpil1bt6omezl1frddvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdy4xwpil1bt6omezl1frddvi|03|com"; nocase; ) # 7mk770199qv3m1h226mw6p4uq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7mk770199qv3m1h226mw6p4uq|03|com"; nocase; ) # 19vjpuesdx1g91swr7pvq6fgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19vjpuesdx1g91swr7pvq6fgj|03|net"; nocase; ) # 7m4xjvu73on6xcrt351rs719a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7m4xjvu73on6xcrt351rs719a|03|com"; nocase; ) # 4u8tqs1jjrkno10ec70km2vyfz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4u8tqs1jjrkno10ec70km2vyfz|03|net"; nocase; ) # tbsmhy1x170bkkb5uq517r405z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbsmhy1x170bkkb5uq517r405z|03|org"; nocase; ) # b3rp0w158muk3zhx3b0h59q4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3rp0w158muk3zhx3b0h59q4e|03|net"; nocase; ) # 1qus17z1v8go80u1620wkyw5gw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qus17z1v8go80u1620wkyw5gw|03|org"; nocase; ) # 1da41dx6pafl11yjueky1bou2ws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1da41dx6pafl11yjueky1bou2ws|03|com"; nocase; ) # 1qwzsvugp6jt1w9fbadfe0m6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qwzsvugp6jt1w9fbadfe0m6|03|biz"; nocase; ) # 1ojh6kgdyfq1duh0kz29yo53d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ojh6kgdyfq1duh0kz29yo53d|03|biz"; nocase; ) # ecldkqvi633tuysxev1rwkqd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ecldkqvi633tuysxev1rwkqd4|03|net"; nocase; ) # 16cptv57wwpjz8nhcmhnz8dsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16cptv57wwpjz8nhcmhnz8dsr|03|net"; nocase; ) # e92fpg8tjr0113wvssg1uzbfr0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e92fpg8tjr0113wvssg1uzbfr0|03|com"; nocase; ) # x97aynf05q9yi3d7s91gxb7dn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x97aynf05q9yi3d7s91gxb7dn|03|org"; nocase; ) # beguh2142wefy3qyliy1hu3kvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|beguh2142wefy3qyliy1hu3kvf|03|net"; nocase; ) # 5gdt7im8p21d19ehl8y50yveh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5gdt7im8p21d19ehl8y50yveh|03|net"; nocase; ) # wwrurki64p9lgx2dqceidl3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|wwrurki64p9lgx2dqceidl3|03|biz"; nocase; ) # 4wtujf1y4s03s5nzi0213ob5pr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4wtujf1y4s03s5nzi0213ob5pr|03|org"; nocase; ) # ve40e6a3pjcb16wml7sxdunrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ve40e6a3pjcb16wml7sxdunrl|03|net"; nocase; ) # 19i4ooy1ewyw4ryckzv4y61ida.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19i4ooy1ewyw4ryckzv4y61ida|03|com"; nocase; ) # 1qaaz9enc1sr4r1vzok13rbd4y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qaaz9enc1sr4r1vzok13rbd4y|03|com"; nocase; ) # j21ljf1drh70r1d8ocgoj418p4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j21ljf1drh70r1d8ocgoj418p4|03|net"; nocase; ) # 1oqri5114udwdu1l89q9s1e07ti7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oqri5114udwdu1l89q9s1e07ti7|03|net"; nocase; ) # 94uiikxucj2x1r4fqnccy3gx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94uiikxucj2x1r4fqnccy3gx2|03|org"; nocase; ) # 1y9ndn216jfjll1f9v0a6q33281.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y9ndn216jfjll1f9v0a6q33281|03|net"; nocase; ) # 1u0uiqd8wz1ch2ms3rapcqqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1u0uiqd8wz1ch2ms3rapcqqq|03|biz"; nocase; ) # c6psczpmh7hg1rnhr4ugmmij.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c6psczpmh7hg1rnhr4ugmmij|03|org"; nocase; ) # yvsx1m17wlc79edzdbzv99gk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yvsx1m17wlc79edzdbzv99gk7|03|net"; nocase; ) # 13rxgqn1vx5esm1o75419zwveh6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13rxgqn1vx5esm1o75419zwveh6|03|org"; nocase; ) # 1ww3xkz1mc6364a97bta1svy5mr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ww3xkz1mc6364a97bta1svy5mr|03|org"; nocase; ) # 1yluzik1m07gka5bafk71jd2vlx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yluzik1m07gka5bafk71jd2vlx|03|com"; nocase; ) # 16lptibvad705111ydrcu6jpx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16lptibvad705111ydrcu6jpx6|03|biz"; nocase; ) # 11knvy3bjt7ugq0kumk1di4nmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11knvy3bjt7ugq0kumk1di4nmf|03|net"; nocase; ) # 1ev6l8i7i7wgsyti8hz1kuf2l1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ev6l8i7i7wgsyti8hz1kuf2l1|03|net"; nocase; ) # 1kfilyu8q1xah1hr4avqx0hvag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfilyu8q1xah1hr4avqx0hvag|03|net"; nocase; ) # u526c61lzm3fa588n5ofg0vap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u526c61lzm3fa588n5ofg0vap|03|biz"; nocase; ) # 1gphm6bk8nr87hhibx8188dkd1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gphm6bk8nr87hhibx8188dkd1|03|biz"; nocase; ) # 1l6s3czr90e7y1k8l72muz84ta.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l6s3czr90e7y1k8l72muz84ta|03|org"; nocase; ) # 8x52fgnbch6rdmspmbwbaqhj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8x52fgnbch6rdmspmbwbaqhj|03|org"; nocase; ) # xawamvpkbluf1vs87r0v4zd0p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xawamvpkbluf1vs87r0v4zd0p|03|com"; nocase; ) # q4fio718xooja14rr85s1wpr6kb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q4fio718xooja14rr85s1wpr6kb|03|net"; nocase; ) # sjw3ok120egry1vfk3wn1yd218i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sjw3ok120egry1vfk3wn1yd218i|03|net"; nocase; ) # p9asylcg7z6j1cnmp0ej5onw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p9asylcg7z6j1cnmp0ej5onw8|03|net"; nocase; ) # xsn76a7bgclh1fqi04y1svakl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsn76a7bgclh1fqi04y1svakl0|03|org"; nocase; ) # 14ve9jbp4bqc0ql732s15ct35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14ve9jbp4bqc0ql732s15ct35|03|com"; nocase; ) # c2htol18dlk0a9u11rklxbljb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c2htol18dlk0a9u11rklxbljb|03|net"; nocase; ) # 14onbg61tfkwzg150tts9xoqitc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14onbg61tfkwzg150tts9xoqitc|03|com"; nocase; ) # 1wx1wf51yfenwvyuhu521dnt1tf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wx1wf51yfenwvyuhu521dnt1tf|03|biz"; nocase; ) # rz7fngbjc96c1xqo0c5oki653.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rz7fngbjc96c1xqo0c5oki653|03|net"; nocase; ) # 1rxc8cy1xy5nhj3p02sv6oohz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rxc8cy1xy5nhj3p02sv6oohz8|03|com"; nocase; ) # e1ch2v5ulop61x8i12otlijss.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1ch2v5ulop61x8i12otlijss|03|biz"; nocase; ) # 2c346d1oun977h10ci61mjdl3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2c346d1oun977h10ci61mjdl3v|03|net"; nocase; ) # 1jy53steusw04rtiebbfh6pwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jy53steusw04rtiebbfh6pwe|03|net"; nocase; ) # hfnhlp1eyya3jelaemjo8mfp5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hfnhlp1eyya3jelaemjo8mfp5|03|com"; nocase; ) # 1cr3g19om0eaq55eacd7y0v6t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cr3g19om0eaq55eacd7y0v6t|03|com"; nocase; ) # h7r54a27rm7x194h4m71x3unjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h7r54a27rm7x194h4m71x3unjd|03|biz"; nocase; ) # 1rorqr61tublz1qp4py61pgpqjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rorqr61tublz1qp4py61pgpqjl|03|net"; nocase; ) # 1x7kyt41raep9g1q0p7wgbgbbxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x7kyt41raep9g1q0p7wgbgbbxb|03|org"; nocase; ) # 1i3hcsm4z8wvf5s0lv5vxehbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i3hcsm4z8wvf5s0lv5vxehbq|03|net"; nocase; ) # 197m8fqccen166tkknkk733q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|197m8fqccen166tkknkk733q|03|org"; nocase; ) # bwkr941gu8dh827tyxs5f0275.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bwkr941gu8dh827tyxs5f0275|03|net"; nocase; ) # 1kvmf6u1mq8zng1n99akkakmv86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kvmf6u1mq8zng1n99akkakmv86|03|com"; nocase; ) # jklcrbjf2r8ynb9ady5rczq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jklcrbjf2r8ynb9ady5rczq1|03|net"; nocase; ) # 1nb4usp7goo211qgg54bc82iju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nb4usp7goo211qgg54bc82iju|03|org"; nocase; ) # 1ry6sfvosllvtwt7gzkmi89dt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ry6sfvosllvtwt7gzkmi89dt|03|com"; nocase; ) # 17gqhoew2k6jrizfihb1kq68g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17gqhoew2k6jrizfihb1kq68g|03|net"; nocase; ) # jwwayk7ebn2tifphdc1wpldeb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jwwayk7ebn2tifphdc1wpldeb|03|biz"; nocase; ) # 16rw75510x6vxpwjgp9rh1i5m3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16rw75510x6vxpwjgp9rh1i5m3|03|net"; nocase; ) # 1isky3617125mv17b53h71v9tpwr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1isky3617125mv17b53h71v9tpwr|03|biz"; nocase; ) # 3bnxw91j14dd115olk4x1uywoo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3bnxw91j14dd115olk4x1uywoo0|03|net"; nocase; ) # 1aka3t3f9sdb2888h57p8fpa1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aka3t3f9sdb2888h57p8fpa1|03|com"; nocase; ) # 1ntg8k81renlmc8vej5o1jmrd1a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ntg8k81renlmc8vej5o1jmrd1a|03|org"; nocase; ) # 1wqlcjh1n1j71g3cmerkm8f7y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wqlcjh1n1j71g3cmerkm8f7y|03|com"; nocase; ) # 10vrcg4y29fkeqa6hcl1uafrbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10vrcg4y29fkeqa6hcl1uafrbc|03|com"; nocase; ) # 1p9l1dyorf5e61r94ya31y6ad0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p9l1dyorf5e61r94ya31y6ad0c|03|org"; nocase; ) # 1tgsm0fteil2v1x11l4uy9fywy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tgsm0fteil2v1x11l4uy9fywy|03|com"; nocase; ) # 1pbnuy3yhzx41so6lc11a78nez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbnuy3yhzx41so6lc11a78nez|03|net"; nocase; ) # usftzu1dnwckou0r5t416kjg0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|usftzu1dnwckou0r5t416kjg0h|03|net"; nocase; ) # x9henr15j752h3bclyv54qmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x9henr15j752h3bclyv54qmk|03|com"; nocase; ) # snl5uct2kqgc1azbow81wdtz84.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|snl5uct2kqgc1azbow81wdtz84|03|org"; nocase; ) # 1ccf32j1asr4kr1y0uqq5urr3jk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ccf32j1asr4kr1y0uqq5urr3jk|03|biz"; nocase; ) # 16h5090vor0hhphrhdc1x6czjg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16h5090vor0hhphrhdc1x6czjg|03|net"; nocase; ) # 1tqltv31gwxakaddl94q9lqfi1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqltv31gwxakaddl94q9lqfi1|03|org"; nocase; ) # 14m05idvt96nf1d4vqqd79tjv6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14m05idvt96nf1d4vqqd79tjv6|03|biz"; nocase; ) # 17os3zhxgdili191kk2mt2al2b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17os3zhxgdili191kk2mt2al2b|03|org"; nocase; ) # mlhqw917s26ad1ni7xvo1b813xi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mlhqw917s26ad1ni7xvo1b813xi|03|com"; nocase; ) # hkw9zo38lmpu1j5wwkc1fs6j0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hkw9zo38lmpu1j5wwkc1fs6j0|03|org"; nocase; ) # 184x60pnzjcej1ywlranie2a44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184x60pnzjcej1ywlranie2a44|03|com"; nocase; ) # 1iah2p3s1koh14xh8jl1enovb7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iah2p3s1koh14xh8jl1enovb7|03|org"; nocase; ) # 1kmp68nrjk62lomsaxthsq2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1kmp68nrjk62lomsaxthsq2l|03|net"; nocase; ) # rzi0qfehwgmagcaj2mlnnp8s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rzi0qfehwgmagcaj2mlnnp8s|03|biz"; nocase; ) # 1rudtsefur8wphhynpejd0i3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rudtsefur8wphhynpejd0i3k|03|net"; nocase; ) # q4l0k7jokasakzegpx178pd3l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q4l0k7jokasakzegpx178pd3l|03|biz"; nocase; ) # ozq58q1brmr3x13wkcss15f1lge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ozq58q1brmr3x13wkcss15f1lge|03|biz"; nocase; ) # 1nzmqza6u6jnfl0h72r1xuhbcb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzmqza6u6jnfl0h72r1xuhbcb|03|org"; nocase; ) # 1j1oxbu3is3ln3jjvpq1pvhfj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j1oxbu3is3ln3jjvpq1pvhfj3|03|com"; nocase; ) # 1m0wajk2f33lm1ry5kyfwmo1yw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m0wajk2f33lm1ry5kyfwmo1yw|03|com"; nocase; ) # oirgc910i0gha1c6vq4grnnfw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oirgc910i0gha1c6vq4grnnfw3|03|net"; nocase; ) # jgwhh2lvgyrev3pauqpslv62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jgwhh2lvgyrev3pauqpslv62|03|net"; nocase; ) # e7gw6x17g8s8zhvpp6g11yo710.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7gw6x17g8s8zhvpp6g11yo710|03|net"; nocase; ) # utlbly1e8yv1nt4x9etm199tj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|utlbly1e8yv1nt4x9etm199tj|03|net"; nocase; ) # 1faakg7ufzlf51mmybede9y1g6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1faakg7ufzlf51mmybede9y1g6|03|biz"; nocase; ) # b4thi17aocb71ro3wdt8w4o5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b4thi17aocb71ro3wdt8w4o5j|03|org"; nocase; ) # i4ja7mf0hn11wk0083dgdens.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i4ja7mf0hn11wk0083dgdens|03|com"; nocase; ) # kt5c5b2liltf14cmt7z1uje3ip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kt5c5b2liltf14cmt7z1uje3ip|03|com"; nocase; ) # qhktd11nr3ienlv7m4mb7qon.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qhktd11nr3ienlv7m4mb7qon|03|com"; nocase; ) # ebpnd51i6udb0iixdbu11y0bx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ebpnd51i6udb0iixdbu11y0bx1|03|biz"; nocase; ) # 1lzj39o11hv03p1tqet0610dpk6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lzj39o11hv03p1tqet0610dpk6r|03|net"; nocase; ) # 16tqfow1pbvny4d2mwfoyub803.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16tqfow1pbvny4d2mwfoyub803|03|net"; nocase; ) # 15m97kd7zbqmuwo6z7w91usu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15m97kd7zbqmuwo6z7w91usu|03|org"; nocase; ) # d4dvr81uisrec1krbvuv2dxmho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d4dvr81uisrec1krbvuv2dxmho|03|com"; nocase; ) # 1d0bxc6x0jppm19aexdq1qndro1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d0bxc6x0jppm19aexdq1qndro1|03|biz"; nocase; ) # onv3w21jso3gqhce190n8tu42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|onv3w21jso3gqhce190n8tu42|03|com"; nocase; ) # 1j9ic3v5wuprj1ech1l3a1irxc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9ic3v5wuprj1ech1l3a1irxc|03|org"; nocase; ) # 1pgdtaa1x0qyya1fbnrvvt0c3lf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pgdtaa1x0qyya1fbnrvvt0c3lf|03|org"; nocase; ) # fj0gorgop353funsnjdmle0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fj0gorgop353funsnjdmle0l|03|com"; nocase; ) # 1lp8at11mrfvsqg8clav1q5w32k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lp8at11mrfvsqg8clav1q5w32k|03|com"; nocase; ) # t8ctl61fng5b61iqimiu12eufw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8ctl61fng5b61iqimiu12eufw|03|net"; nocase; ) # 1n3hmavtyzgagus6b6e1wdta1i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n3hmavtyzgagus6b6e1wdta1i|03|net"; nocase; ) # 1d983su1awp9sj12q2z5o6zuwpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d983su1awp9sj12q2z5o6zuwpi|03|com"; nocase; ) # 1pkuzwl15l8y8n1rhuo7mi63oke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkuzwl15l8y8n1rhuo7mi63oke|03|com"; nocase; ) # 1dcs6fq296ltn26674wgvvf4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1dcs6fq296ltn26674wgvvf4|03|org"; nocase; ) # t4kl2h1dcisbc1j90b2g1cfehtz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t4kl2h1dcisbc1j90b2g1cfehtz|03|org"; nocase; ) # 1f7p40vvpvbk2aqzti4183whn4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f7p40vvpvbk2aqzti4183whn4|03|org"; nocase; ) # 1ml2j4jnlz09h1b42fx610o67u7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ml2j4jnlz09h1b42fx610o67u7|03|com"; nocase; ) # tu74l641jc8r12u0nxt123r4ax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tu74l641jc8r12u0nxt123r4ax|03|net"; nocase; ) # 1xvo80773ojgccemi7r61bkus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xvo80773ojgccemi7r61bkus|03|net"; nocase; ) # 2cnz5v1mefxfp1e2fw25ajqlct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cnz5v1mefxfp1e2fw25ajqlct|03|com"; nocase; ) # n1xh1e17tkup6ikac711xlj62j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1xh1e17tkup6ikac711xlj62j|03|org"; nocase; ) # a433bv1csimho1q5oi78i6wm7e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a433bv1csimho1q5oi78i6wm7e|03|net"; nocase; ) # 1vb3iyv1rseifc14u4pvh1xb0vd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vb3iyv1rseifc14u4pvh1xb0vd2|03|com"; nocase; ) # 1wmp5yi1jriq3cg6b3oxy3bivg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wmp5yi1jriq3cg6b3oxy3bivg|03|biz"; nocase; ) # gz888g39zj77q85y9ebl6223.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gz888g39zj77q85y9ebl6223|03|com"; nocase; ) # 1dax74sw30ngxevlx4sb3j0ek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dax74sw30ngxevlx4sb3j0ek|03|net"; nocase; ) # 1os4d0sqnlie91825sdrhoimd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1os4d0sqnlie91825sdrhoimd6|03|net"; nocase; ) # 1dkf3eh1lexulr1ir8e749r0pn7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dkf3eh1lexulr1ir8e749r0pn7|03|org"; nocase; ) # ljj4eltb43t117mxrow1643ggl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ljj4eltb43t117mxrow1643ggl|03|net"; nocase; ) # f5y8yt1qttkh5kb2sn2tmuahh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f5y8yt1qttkh5kb2sn2tmuahh|03|org"; nocase; ) # 15ovb8i1w4bk2z19tpwlkfn4h8y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ovb8i1w4bk2z19tpwlkfn4h8y|03|com"; nocase; ) # kz6qvtdgim2l1pecol1vbdv16.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kz6qvtdgim2l1pecol1vbdv16|03|org"; nocase; ) # 1uxa7tfpikwio1wdszshs8og71.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxa7tfpikwio1wdszshs8og71|03|com"; nocase; ) # 144qzcl19lp42a54nglw76by9f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144qzcl19lp42a54nglw76by9f|03|biz"; nocase; ) # kdhxbd1s78uyu7pce461sp8xlv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kdhxbd1s78uyu7pce461sp8xlv|03|com"; nocase; ) # 18szfux81y18ko7hkgs6jo44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18szfux81y18ko7hkgs6jo44|03|com"; nocase; ) # wlaqqkz1j50eoj63011xq1lz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wlaqqkz1j50eoj63011xq1lz7|03|com"; nocase; ) # 122ba7v1jszaxy1xv6ab62ai5xx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|122ba7v1jszaxy1xv6ab62ai5xx|03|net"; nocase; ) # z2noo51ujmw2819hll0kt4cofq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z2noo51ujmw2819hll0kt4cofq|03|org"; nocase; ) # 15jl8p8ehzje6156klep1unhq95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15jl8p8ehzje6156klep1unhq95|03|net"; nocase; ) # 1kbkjur15w09zj1mh5m6g1o5gm1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kbkjur15w09zj1mh5m6g1o5gm1u|03|org"; nocase; ) # 2z55zn1gy275fdyix8imkbtvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2z55zn1gy275fdyix8imkbtvk|03|net"; nocase; ) # 10k4uxmugmjitt30vgp1nwwpid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10k4uxmugmjitt30vgp1nwwpid|03|net"; nocase; ) # 1a6h4d811zrlf3vhqucb8lwr7t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6h4d811zrlf3vhqucb8lwr7t|03|com"; nocase; ) # cd0yxf193g91bmelhimp3l5wb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cd0yxf193g91bmelhimp3l5wb|03|net"; nocase; ) # 6sidm1g3sbvxr21kh6wwkdjj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6sidm1g3sbvxr21kh6wwkdjj|03|net"; nocase; ) # h6z2jky5l1tj1fqzucp1umlu4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h6z2jky5l1tj1fqzucp1umlu4k|03|com"; nocase; ) # 1lmzi28ptfeoqj90v9fmwwnfd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lmzi28ptfeoqj90v9fmwwnfd|03|org"; nocase; ) # 12pexs92isga4wtic62m8f03p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12pexs92isga4wtic62m8f03p|03|com"; nocase; ) # d98kb2tmmir7c02dg9tx9bt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|d98kb2tmmir7c02dg9tx9bt|03|com"; nocase; ) # 4oirl5sl48wi1qey3u81i9zrnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4oirl5sl48wi1qey3u81i9zrnv|03|biz"; nocase; ) # wdfztlto7g6014konwk708h0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wdfztlto7g6014konwk708h0c|03|org"; nocase; ) # 18txhnleuryr1di3w2917aidtz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18txhnleuryr1di3w2917aidtz|03|com"; nocase; ) # 16o7mrzf31ycy12fnqte1kydiyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16o7mrzf31ycy12fnqte1kydiyh|03|com"; nocase; ) # b7ol7uwdkody2b8kaw8fbrat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b7ol7uwdkody2b8kaw8fbrat|03|com"; nocase; ) # 1ct5xhdcjj0t81sl1m3q1x4cci7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ct5xhdcjj0t81sl1m3q1x4cci7|03|com"; nocase; ) # ao8aat1rmqu1egabq9x18nzkfw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ao8aat1rmqu1egabq9x18nzkfw|03|biz"; nocase; ) # iwhnb7wwq12k1xp7tp99jl3vi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwhnb7wwq12k1xp7tp99jl3vi|03|org"; nocase; ) # 1nugsa21qasg8r10p2sz81pmc4k8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nugsa21qasg8r10p2sz81pmc4k8|03|com"; nocase; ) # theemn1obihvahlvg0a1u2jmz1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|theemn1obihvahlvg0a1u2jmz1|03|net"; nocase; ) # 170oflrwzdzyh8qzoq41dxb6si.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|170oflrwzdzyh8qzoq41dxb6si|03|net"; nocase; ) # i0cfqmbsaz9r17ezsmd15bhgk1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i0cfqmbsaz9r17ezsmd15bhgk1|03|org"; nocase; ) # 147q3y5r2qo0lxofy3h1m5idrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147q3y5r2qo0lxofy3h1m5idrk|03|net"; nocase; ) # 1f6gqhy1ozkiox1tvnirlhde7ld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6gqhy1ozkiox1tvnirlhde7ld|03|net"; nocase; ) # ds8p9rgtzbcg1bfjntl1vr8qpf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ds8p9rgtzbcg1bfjntl1vr8qpf|03|net"; nocase; ) # 1to6gnvf4btvh1axs2s1jgfp0n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1to6gnvf4btvh1axs2s1jgfp0n|03|net"; nocase; ) # 1ygtte8yndl7218nyti91yq737s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ygtte8yndl7218nyti91yq737s|03|org"; nocase; ) # 12ucqix7e1darkymlt3gu497f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ucqix7e1darkymlt3gu497f|03|net"; nocase; ) # 129aw1ukncvdy2w5coitwu4d1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|129aw1ukncvdy2w5coitwu4d1|03|net"; nocase; ) # oqcokhwpnytaxs1jonib9mg4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oqcokhwpnytaxs1jonib9mg4|03|com"; nocase; ) # f60uky188ejuw19kcsixwvbt6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f60uky188ejuw19kcsixwvbt6z|03|net"; nocase; ) # 1vqi2xk189otojglwdwnb2ogv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vqi2xk189otojglwdwnb2ogv|03|org"; nocase; ) # g0rqdm1apaogd19bix2hf31v4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g0rqdm1apaogd19bix2hf31v4a|03|net"; nocase; ) # 1oxbbpdrulla1h6vrpalm4yth.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oxbbpdrulla1h6vrpalm4yth|03|com"; nocase; ) # 1uyqxiaotdvwf07vto1ot7dlk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uyqxiaotdvwf07vto1ot7dlk|03|net"; nocase; ) # ecsw1odnnlfgpyq2g71x8rx17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ecsw1odnnlfgpyq2g71x8rx17|03|org"; nocase; ) # 1kcvn7y1daq5jlc7pg221xoe8e8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kcvn7y1daq5jlc7pg221xoe8e8|03|net"; nocase; ) # 1rlthu11op5dlm157goa7m5sv5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rlthu11op5dlm157goa7m5sv5r|03|biz"; nocase; ) # 16qrbaxoacd6ifw1cwxalldh4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16qrbaxoacd6ifw1cwxalldh4|03|com"; nocase; ) # m2indfachnp6fyhb8fp48wr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|m2indfachnp6fyhb8fp48wr|03|net"; nocase; ) # cpurwe17rjat41mzf3bhhwof0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cpurwe17rjat41mzf3bhhwof0|03|org"; nocase; ) # aj4iu3qkv0liols3tw5cw1v3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aj4iu3qkv0liols3tw5cw1v3|03|biz"; nocase; ) # 1hzan8b1c5wdsg1029ttg1qmx15m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hzan8b1c5wdsg1029ttg1qmx15m|03|org"; nocase; ) # 1mut8wx1weo45nkyv7i91ct7pbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mut8wx1weo45nkyv7i91ct7pbz|03|net"; nocase; ) # 1gegbr6mp8f7is6ypfv52w92r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gegbr6mp8f7is6ypfv52w92r|03|org"; nocase; ) # regrl01s4jx281oe2tn7u1jf98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|regrl01s4jx281oe2tn7u1jf98|03|net"; nocase; ) # 12hheqitsetb0505jbix60g1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12hheqitsetb0505jbix60g1y|03|net"; nocase; ) # 1ttpqwgtbp8jf1mhttc01djah2b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ttpqwgtbp8jf1mhttc01djah2b|03|biz"; nocase; ) # q01tmw82if26kk72wz1rzk3ya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q01tmw82if26kk72wz1rzk3ya|03|org"; nocase; ) # 1hkxvfuyhar7h16c0d6e3bks5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkxvfuyhar7h16c0d6e3bks5a|03|net"; nocase; ) # 8gjvpo14t6t7lpgqipx16bixs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8gjvpo14t6t7lpgqipx16bixs|03|biz"; nocase; ) # 3g6mq21ti8pzg178hwqv3ga71i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3g6mq21ti8pzg178hwqv3ga71i|03|org"; nocase; ) # 1fse9uhwn4tr9ou8rl81iytxx9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fse9uhwn4tr9ou8rl81iytxx9|03|org"; nocase; ) # nsuspy1ewswne1r39z8v1uhpifq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nsuspy1ewswne1r39z8v1uhpifq|03|net"; nocase; ) # 12j32wgf8anpg1n1ikq47gwy1p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12j32wgf8anpg1n1ikq47gwy1p|03|org"; nocase; ) # hbp0v0dxgd7suxw8ae12y9kc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hbp0v0dxgd7suxw8ae12y9kc|03|net"; nocase; ) # 1pjt8mv15v8jz61gbkqin45ho3e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pjt8mv15v8jz61gbkqin45ho3e|03|org"; nocase; ) # 1stz8cp18o269v1wqahwu869dps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1stz8cp18o269v1wqahwu869dps|03|biz"; nocase; ) # mzi4gqll7ssp1b3gd6o1m26fc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mzi4gqll7ssp1b3gd6o1m26fc5|03|net"; nocase; ) # y6d3e1d6wamj1rkxbfg1kro7fd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6d3e1d6wamj1rkxbfg1kro7fd|03|com"; nocase; ) # kdaww2ybljuoofdaq1e2mi1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kdaww2ybljuoofdaq1e2mi1w|03|com"; nocase; ) # vf77fk1j6wbyqisabuz5kzjii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vf77fk1j6wbyqisabuz5kzjii|03|com"; nocase; ) # 1c7misc1jxtskpc6v0v8lcnykf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c7misc1jxtskpc6v0v8lcnykf|03|biz"; nocase; ) # 1ad6fd11a63qhm2tx90l25wdm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ad6fd11a63qhm2tx90l25wdm4|03|org"; nocase; ) # y26byro7q38p49qcp411dk0r3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y26byro7q38p49qcp411dk0r3|03|com"; nocase; ) # 8du4u61jjjseo10rs8yq2uh4fq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8du4u61jjjseo10rs8yq2uh4fq|03|org"; nocase; ) # 7rualbhjep6b3zdvzo16s4l5f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rualbhjep6b3zdvzo16s4l5f|03|net"; nocase; ) # 1kdan851jwpcy1axl0w1ifljnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kdan851jwpcy1axl0w1ifljnm|03|biz"; nocase; ) # 19vufo21x3utl81xtafq116ptqcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19vufo21x3utl81xtafq116ptqcn|03|com"; nocase; ) # 114lwv91upfrlkr4xpnkpx3vd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|114lwv91upfrlkr4xpnkpx3vd2|03|com"; nocase; ) # 12ldyocrtveh31w350hvqu1vsb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12ldyocrtveh31w350hvqu1vsb|03|net"; nocase; ) # 13ks57i1i105d13gba6n1jxiuw0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ks57i1i105d13gba6n1jxiuw0|03|com"; nocase; ) # 1f478dmiap9yh17bjljxz5xtyq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f478dmiap9yh17bjljxz5xtyq|03|biz"; nocase; ) # rt6vxp1nmxx7eyxu1gs8yezuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rt6vxp1nmxx7eyxu1gs8yezuh|03|com"; nocase; ) # 1h8silpg30nwg1q7qfr6vv7v5u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h8silpg30nwg1q7qfr6vv7v5u|03|org"; nocase; ) # foxr6u1nwrkyt1ixflc91t5r7om.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|foxr6u1nwrkyt1ixflc91t5r7om|03|net"; nocase; ) # 1sddj3ow8bhrw1060cwp1n08tl5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sddj3ow8bhrw1060cwp1n08tl5|03|org"; nocase; ) # zi4a04s6m50b10gyh9s1f8koys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zi4a04s6m50b10gyh9s1f8koys|03|com"; nocase; ) # 1xfx6fe5hjhxw1vvb4mt1lcvwwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xfx6fe5hjhxw1vvb4mt1lcvwwi|03|net"; nocase; ) # 1179wqs1sftqhx178m7stye7dxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1179wqs1sftqhx178m7stye7dxh|03|com"; nocase; ) # qk54uw1fxrwlqjhvdul16yfp8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qk54uw1fxrwlqjhvdul16yfp8m|03|com"; nocase; ) # rtz47sg7ndtt1qhme0081fjyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rtz47sg7ndtt1qhme0081fjyd|03|org"; nocase; ) # n89py11m1pqyv1nh465y11wneo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n89py11m1pqyv1nh465y11wneo0|03|net"; nocase; ) # 1ss7tpm1ds47r611hjmk86h73yk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ss7tpm1ds47r611hjmk86h73yk|03|biz"; nocase; ) # 15splbb1hdohe31tadbwgwejzl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15splbb1hdohe31tadbwgwejzl0|03|org"; nocase; ) # 10haep71i0a1f5158l7xh1im0ymx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10haep71i0a1f5158l7xh1im0ymx|03|com"; nocase; ) # 1x4k7pfoz0jsk11z0yju19zh9vv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4k7pfoz0jsk11z0yju19zh9vv|03|org"; nocase; ) # 1c7kkmu1s0e2u617lvm210cl6j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c7kkmu1s0e2u617lvm210cl6j6|03|net"; nocase; ) # 117cy7y1q2gqkdy1ret4an5nmg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117cy7y1q2gqkdy1ret4an5nmg|03|org"; nocase; ) # h6u2r67btcs5of78i61v23h61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h6u2r67btcs5of78i61v23h61|03|net"; nocase; ) # 1bh0p3c1k5r9to7tmhxuldoqo4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bh0p3c1k5r9to7tmhxuldoqo4|03|com"; nocase; ) # l3ws6412ezx2kf5xuk1296h4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l3ws6412ezx2kf5xuk1296h4t|03|net"; nocase; ) # 1x4rip8fwn3641a2qxpr101d7wp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4rip8fwn3641a2qxpr101d7wp|03|org"; nocase; ) # guo3m4hgww2k4314e417qhn1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000013999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|guo3m4hgww2k4314e417qhn1t|03|net"; nocase; ) # s6dqfb1k5irzygvona9rkm9nc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s6dqfb1k5irzygvona9rkm9nc|03|org"; nocase; ) # rofggl1nw3rc01rtolb11jol3tr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rofggl1nw3rc01rtolb11jol3tr|03|biz"; nocase; ) # mc72iiqjkoxw1dx84rf3nwd1q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mc72iiqjkoxw1dx84rf3nwd1q|03|com"; nocase; ) # ajq7r81a583oe3st8h58qz1ie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ajq7r81a583oe3st8h58qz1ie|03|org"; nocase; ) # j9nui51vswqmh1qk3moaewawda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9nui51vswqmh1qk3moaewawda|03|com"; nocase; ) # 1skezsl19pcp8cy2umyx9vivau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1skezsl19pcp8cy2umyx9vivau|03|net"; nocase; ) # yizf8p3ebeoy4kki531zd0ss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yizf8p3ebeoy4kki531zd0ss|03|org"; nocase; ) # modoha14uzxsl1gh5v9o1rjayac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|modoha14uzxsl1gh5v9o1rjayac|03|net"; nocase; ) # 19zofwk1rn6dhry9xlis1c8y6de.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19zofwk1rn6dhry9xlis1c8y6de|03|org"; nocase; ) # 23e0uauldh0ygskkbr1pnfy68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|23e0uauldh0ygskkbr1pnfy68|03|net"; nocase; ) # 1tuoot1u2nm8er9tdwfgrjfg4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tuoot1u2nm8er9tdwfgrjfg4|03|biz"; nocase; ) # 1dlf5f21v8y1tv3vcre1k2fr0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlf5f21v8y1tv3vcre1k2fr0k|03|org"; nocase; ) # gxpf3j1h95o8x13jccyp1ldd1rl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gxpf3j1h95o8x13jccyp1ldd1rl|03|com"; nocase; ) # 1r5h8e81258hxptc8sl01eewn62.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r5h8e81258hxptc8sl01eewn62|03|biz"; nocase; ) # 2eyv701dq3cq0a18vdr7z8yh6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2eyv701dq3cq0a18vdr7z8yh6|03|com"; nocase; ) # cp1s2c1s3mmz2127ui1e1gxirrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cp1s2c1s3mmz2127ui1e1gxirrh|03|net"; nocase; ) # 16238zx4lu7sh1g6cd81xs8epr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16238zx4lu7sh1g6cd81xs8epr|03|net"; nocase; ) # 11tjt2d2h91de15nia8h1o9gmce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11tjt2d2h91de15nia8h1o9gmce|03|biz"; nocase; ) # 1vb9iygi4nl7719tg8jx1gpx1wi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vb9iygi4nl7719tg8jx1gpx1wi|03|org"; nocase; ) # 2ls7xyr400ew168vfx418dkwt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ls7xyr400ew168vfx418dkwt1|03|org"; nocase; ) # 1b615kiwucgan13w26o03tctj5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b615kiwucgan13w26o03tctj5|03|biz"; nocase; ) # pccj0k17ndh3v1vjo83es121kb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pccj0k17ndh3v1vjo83es121kb|03|biz"; nocase; ) # 125fdnz15kcyxkevz0o71vpukp8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|125fdnz15kcyxkevz0o71vpukp8|03|net"; nocase; ) # 13p1ij91n8p5u31shp9q2198210n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13p1ij91n8p5u31shp9q2198210n|03|biz"; nocase; ) # faoaq05h4xwa1dbfaso7tyfro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|faoaq05h4xwa1dbfaso7tyfro|03|net"; nocase; ) # 1ci007y179nx952vlk4b1d0jykk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ci007y179nx952vlk4b1d0jykk|03|com"; nocase; ) # 1xua2gl1udnand1g3l1bbxfmgbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xua2gl1udnand1g3l1bbxfmgbs|03|net"; nocase; ) # 1f3vhth1ktnc6z1uzcm3vpsuoeo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3vhth1ktnc6z1uzcm3vpsuoeo|03|biz"; nocase; ) # vok9nm16c1viipgo1nmnldpyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vok9nm16c1viipgo1nmnldpyk|03|org"; nocase; ) # smlvkl18imw121rjpesx1el2ulh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|smlvkl18imw121rjpesx1el2ulh|03|org"; nocase; ) # 1jnxpa0upmwck14n0otvs42lxc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jnxpa0upmwck14n0otvs42lxc|03|org"; nocase; ) # ezetx31nbmp26xovlbn4l5rpd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ezetx31nbmp26xovlbn4l5rpd|03|org"; nocase; ) # vqghwf1i31gvi1122jwyl46ptb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vqghwf1i31gvi1122jwyl46ptb|03|net"; nocase; ) # 1o9xk981j8y811qopkp1106f2qe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o9xk981j8y811qopkp1106f2qe|03|biz"; nocase; ) # 1i52md4s3lody16y75b7ay54mw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i52md4s3lody16y75b7ay54mw|03|net"; nocase; ) # kq79pxwjk5fi1b1ms511671ak6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kq79pxwjk5fi1b1ms511671ak6|03|org"; nocase; ) # xaerzlptp018nnrm28rg82az.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xaerzlptp018nnrm28rg82az|03|com"; nocase; ) # w0c9gc9vkxwq273ize1udsie8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w0c9gc9vkxwq273ize1udsie8|03|org"; nocase; ) # hq7oj0jdpufdwla2kx1hgr1h9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hq7oj0jdpufdwla2kx1hgr1h9|03|net"; nocase; ) # 1hus72nmomksbohjk5j1s690cq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hus72nmomksbohjk5j1s690cq|03|net"; nocase; ) # 1kg6x3ulyi677547i37jv679w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kg6x3ulyi677547i37jv679w|03|biz"; nocase; ) # ukljks1xf2bov4v3wqe5prilg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ukljks1xf2bov4v3wqe5prilg|03|org"; nocase; ) # n1hty7d9afgm1rbz1151bvezrm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1hty7d9afgm1rbz1151bvezrm|03|biz"; nocase; ) # 8gak8711mwqm7gol9f632ppkc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8gak8711mwqm7gol9f632ppkc|03|net"; nocase; ) # 5f9frsyv7qle79hszy1e8hhvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5f9frsyv7qle79hszy1e8hhvi|03|com"; nocase; ) # 1pfbgbk14gxod7s9dolx1uhxr6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pfbgbk14gxod7s9dolx1uhxr6p|03|net"; nocase; ) # 1an7nslob190qkmi4e58ah6vq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1an7nslob190qkmi4e58ah6vq|03|org"; nocase; ) # 1uxcpq51dsgdsz1wv64oy16p5f4p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uxcpq51dsgdsz1wv64oy16p5f4p|03|com"; nocase; ) # 1kedxc414jckxu492l7413ctjvv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kedxc414jckxu492l7413ctjvv|03|org"; nocase; ) # madhlx6qaobche6e2yxukkff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|madhlx6qaobche6e2yxukkff|03|net"; nocase; ) # rxdqur1o803pe1rvn7t81fgk4nz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rxdqur1o803pe1rvn7t81fgk4nz|03|net"; nocase; ) # 1cafjn3744f2xz323gq1fm09fh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cafjn3744f2xz323gq1fm09fh|03|net"; nocase; ) # zqby4ewbcw5gfq4g3gywadsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zqby4ewbcw5gfq4g3gywadsl|03|org"; nocase; ) # xeqb45p56dob66xexu1u67vbw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xeqb45p56dob66xexu1u67vbw|03|org"; nocase; ) # 1ttud0rn4etlnjvjwi41mqgi30.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttud0rn4etlnjvjwi41mqgi30|03|org"; nocase; ) # 194z78mcwf2gc1s00ynl10ahlgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|194z78mcwf2gc1s00ynl10ahlgw|03|net"; nocase; ) # 19iceix1ynrqx6q6y754wgav58.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19iceix1ynrqx6q6y754wgav58|03|org"; nocase; ) # 1vso1hxi3zaca1jzttx6y5ddfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vso1hxi3zaca1jzttx6y5ddfg|03|com"; nocase; ) # 6q9qjr1wweb0b31pa1f17qsui9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6q9qjr1wweb0b31pa1f17qsui9|03|org"; nocase; ) # 1day7e2clytjltwdl6t19ba0t3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1day7e2clytjltwdl6t19ba0t3|03|org"; nocase; ) # cv8tu21vas61f1jq0sv1y91ayk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cv8tu21vas61f1jq0sv1y91ayk|03|org"; nocase; ) # 4ewak8h760yo1c69ldq1no4tkj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ewak8h760yo1c69ldq1no4tkj|03|com"; nocase; ) # ifhza1fwc6adxwwjjw1dbntrq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ifhza1fwc6adxwwjjw1dbntrq|03|org"; nocase; ) # uj7nt6sg0grcvec79zz77adl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uj7nt6sg0grcvec79zz77adl|03|org"; nocase; ) # 13nz1crs5h7ippruke115kw4f1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13nz1crs5h7ippruke115kw4f1|03|com"; nocase; ) # 1quxqwgl0v04pug37kp1rgb2s5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1quxqwgl0v04pug37kp1rgb2s5|03|net"; nocase; ) # 71ssym1l91lp31mnltmt1759bqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|71ssym1l91lp31mnltmt1759bqg|03|org"; nocase; ) # x8ppii1gdjsxu1bydkdm13j92eq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x8ppii1gdjsxu1bydkdm13j92eq|03|com"; nocase; ) # 868opwlq9vc1cv6l1216pyn6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|868opwlq9vc1cv6l1216pyn6r|03|org"; nocase; ) # 1i40onp1hlqpb21pm1qmvjzgn0x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i40onp1hlqpb21pm1qmvjzgn0x|03|net"; nocase; ) # 1u6h2bd2gjfp74dzolwplxkpv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u6h2bd2gjfp74dzolwplxkpv|03|org"; nocase; ) # 1iei2221s4a6q31tu6tlivdw0hi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iei2221s4a6q31tu6tlivdw0hi|03|biz"; nocase; ) # 3eqn3omqec9k5admbpsl9bfz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3eqn3omqec9k5admbpsl9bfz|03|org"; nocase; ) # 17y4d0qlel0dpvf46pl1qg3mep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17y4d0qlel0dpvf46pl1qg3mep|03|com"; nocase; ) # 1fg1ucb16ebo0k11p6ert1xdu1ex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fg1ucb16ebo0k11p6ert1xdu1ex|03|net"; nocase; ) # efz08m12tzgl41pa1ymp1uipuct.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|efz08m12tzgl41pa1ymp1uipuct|03|biz"; nocase; ) # 19xuftq1quqa1trrm0hn1b0lrd4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xuftq1quqa1trrm0hn1b0lrd4|03|com"; nocase; ) # abz64w15xaze111iju7cwqbesw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|abz64w15xaze111iju7cwqbesw|03|net"; nocase; ) # 797pye1p6evo8bcs7291w0evwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|797pye1p6evo8bcs7291w0evwr|03|org"; nocase; ) # 1m0vxyhw9to8y4zx77iym2nzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m0vxyhw9to8y4zx77iym2nzu|03|org"; nocase; ) # 1lj49af1szfxb2176yvx1cfc734.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lj49af1szfxb2176yvx1cfc734|03|org"; nocase; ) # udzjbtt36e1s1p7d2kdd318sj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|udzjbtt36e1s1p7d2kdd318sj|03|net"; nocase; ) # l1vduf17ymb21ke18plv8lc2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l1vduf17ymb21ke18plv8lc2r|03|org"; nocase; ) # 1u9rmz71h32lwzr7qz821ubglv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9rmz71h32lwzr7qz821ubglv6|03|com"; nocase; ) # xp7goo1jye4sp99yem91bym1bv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xp7goo1jye4sp99yem91bym1bv|03|com"; nocase; ) # p5ehp31cdy8q8znelg53wjq5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5ehp31cdy8q8znelg53wjq5w|03|net"; nocase; ) # rznfhqfxt84a1pai6jmhvfpsv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rznfhqfxt84a1pai6jmhvfpsv|03|biz"; nocase; ) # 1ljydept7tn3vzutdn1v00z2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ljydept7tn3vzutdn1v00z2y|03|com"; nocase; ) # z9ertz1dnckhqbfj9rv1yw6o1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z9ertz1dnckhqbfj9rv1yw6o1u|03|org"; nocase; ) # alqbpylhd5ofp2su091xqc6wk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|alqbpylhd5ofp2su091xqc6wk|03|org"; nocase; ) # 1sd45h5ggjfmd1sncse41knw8lp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sd45h5ggjfmd1sncse41knw8lp|03|biz"; nocase; ) # 8g1xl81yqhz5szjrnwvnkp94r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8g1xl81yqhz5szjrnwvnkp94r|03|net"; nocase; ) # rx3m3g18xy4aa1jtderr1vxkgjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rx3m3g18xy4aa1jtderr1vxkgjs|03|com"; nocase; ) # jtp9ba3x2p5yjwvyp3w3adfx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jtp9ba3x2p5yjwvyp3w3adfx|03|biz"; nocase; ) # 15dh5jj3iddlycoo9be1os9vp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15dh5jj3iddlycoo9be1os9vp5|03|net"; nocase; ) # ymqpm71fz2ora19ypurk1icqhte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ymqpm71fz2ora19ypurk1icqhte|03|net"; nocase; ) # v9iotc4tetat1slcgzh1esfq9t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9iotc4tetat1slcgzh1esfq9t|03|com"; nocase; ) # 1g6ii9415uad32192p2sdry17kn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g6ii9415uad32192p2sdry17kn|03|org"; nocase; ) # qu4of4tyzb73127q6eo1byq3dx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qu4of4tyzb73127q6eo1byq3dx|03|org"; nocase; ) # mpnzq313ss000exv41k1xgloef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mpnzq313ss000exv41k1xgloef|03|org"; nocase; ) # vkhzlm1o85svo1nou1c0vkgmq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vkhzlm1o85svo1nou1c0vkgmq8|03|net"; nocase; ) # 3a1sz31rvanf11uh9i8s1pzfkj7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3a1sz31rvanf11uh9i8s1pzfkj7|03|biz"; nocase; ) # htzycnkvetoc17czazl5cf772.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|htzycnkvetoc17czazl5cf772|03|net"; nocase; ) # 1ta8az11nsx3vxmbm9s71h2v5e7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ta8az11nsx3vxmbm9s71h2v5e7|03|biz"; nocase; ) # g67a0516580hkxih40s1qkv9oz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g67a0516580hkxih40s1qkv9oz|03|biz"; nocase; ) # 6umnz61pqbsku1iui05xfno4ef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6umnz61pqbsku1iui05xfno4ef|03|com"; nocase; ) # 16c9b2u1oul55b1jj9felylx4hi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16c9b2u1oul55b1jj9felylx4hi|03|net"; nocase; ) # q8a7kv53072w1nd3yml1m0pj9v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8a7kv53072w1nd3yml1m0pj9v|03|com"; nocase; ) # 1dn81i4hdk7fy5aoc3o1crtj3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dn81i4hdk7fy5aoc3o1crtj3s|03|com"; nocase; ) # t7uim5129ttanqnyvyn18mws5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t7uim5129ttanqnyvyn18mws5p|03|net"; nocase; ) # 1ibliuya0e9921lpxpc5fhrjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ibliuya0e9921lpxpc5fhrjv|03|net"; nocase; ) # 15ao7o411t286xxwva671bdhoru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ao7o411t286xxwva671bdhoru|03|net"; nocase; ) # 1g4n25n18n6afjnhxg6z1se6ler.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g4n25n18n6afjnhxg6z1se6ler|03|biz"; nocase; ) # 1lfvucw19sbkfh2p2cbapbnwpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfvucw19sbkfh2p2cbapbnwpb|03|org"; nocase; ) # 1gjnyyvyi9lwl1mfyeegmkujoi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gjnyyvyi9lwl1mfyeegmkujoi|03|com"; nocase; ) # 14hbakrtp8l7f1cf661d1oiqj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14hbakrtp8l7f1cf661d1oiqj4|03|org"; nocase; ) # 1q297ce99aavtgv0j0zxcwufe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q297ce99aavtgv0j0zxcwufe|03|org"; nocase; ) # z22uc91jf5pwu48iwoxb35l13.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z22uc91jf5pwu48iwoxb35l13|03|com"; nocase; ) # 8r291c7lz2rdidvzygxya0d6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8r291c7lz2rdidvzygxya0d6|03|biz"; nocase; ) # 1pz183ha4ptq7vc3bg7pqqo3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pz183ha4ptq7vc3bg7pqqo3z|03|net"; nocase; ) # 16dibow1fe46a41gz7vww1pg7sd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16dibow1fe46a41gz7vww1pg7sd|03|net"; nocase; ) # vuotqueki5vd1r5rfqmopabja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vuotqueki5vd1r5rfqmopabja|03|org"; nocase; ) # usb4sehtyzxn1q6ug62121s7uq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|usb4sehtyzxn1q6ug62121s7uq|03|com"; nocase; ) # 1g5o2jjqsjqk1u9ab251eyyp41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g5o2jjqsjqk1u9ab251eyyp41|03|net"; nocase; ) # 1yala5216n15frb1a9lb5zjk0p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yala5216n15frb1a9lb5zjk0p|03|com"; nocase; ) # z90ges1uz84mu184wqkx1kpgbab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z90ges1uz84mu184wqkx1kpgbab|03|net"; nocase; ) # 2xye4q1xet0ku1nbjeif1ys8ts9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2xye4q1xet0ku1nbjeif1ys8ts9|03|biz"; nocase; ) # 3u03bu87itcb1oqga71echenh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3u03bu87itcb1oqga71echenh|03|com"; nocase; ) # 82ilvqkga0mh1h59wnm1cnyuw2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|82ilvqkga0mh1h59wnm1cnyuw2|03|biz"; nocase; ) # 1i59yfx9l92z11uicai2155bbgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i59yfx9l92z11uicai2155bbgb|03|com"; nocase; ) # 1hctyoq1t0skv1cagud7nsvkt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hctyoq1t0skv1cagud7nsvkt6|03|net"; nocase; ) # 1lbjdwo1i2rnla834u7y1h3kuu8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lbjdwo1i2rnla834u7y1h3kuu8|03|com"; nocase; ) # qsm3qagu0dffsaorytkeqtz2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qsm3qagu0dffsaorytkeqtz2|03|org"; nocase; ) # vha8k3bunn3qcr9a1hbabcuv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vha8k3bunn3qcr9a1hbabcuv|03|biz"; nocase; ) # 1dv39yk2bah7k11j8kb6odny1h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dv39yk2bah7k11j8kb6odny1h|03|net"; nocase; ) # 1chk29gqk2xujus91qh4uau7x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1chk29gqk2xujus91qh4uau7x|03|com"; nocase; ) # xowbl3s2a77fr8u8i61jabby5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xowbl3s2a77fr8u8i61jabby5|03|net"; nocase; ) # f9s5org84t68qtwphr1xflphe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f9s5org84t68qtwphr1xflphe|03|com"; nocase; ) # ha3n7k97lxxnytlwju1q0dxyt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ha3n7k97lxxnytlwju1q0dxyt|03|biz"; nocase; ) # lourn465hwce1s276xm3yfuie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lourn465hwce1s276xm3yfuie|03|org"; nocase; ) # 1aboeidyurtfpo7f5s0pn57xg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aboeidyurtfpo7f5s0pn57xg|03|com"; nocase; ) # lu0edt19thjh11jnsmmrr9dpfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lu0edt19thjh11jnsmmrr9dpfh|03|org"; nocase; ) # oudo00lu69oq9xrk18z0jsgi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oudo00lu69oq9xrk18z0jsgi|03|org"; nocase; ) # 199crmb1vtxsnflwsw7j3stepl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|199crmb1vtxsnflwsw7j3stepl|03|net"; nocase; ) # 1cnpw8y1nkuv3k6mqcvn15dv0s8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cnpw8y1nkuv3k6mqcvn15dv0s8|03|com"; nocase; ) # 1yps07ffht8f4i8vsau10na0gy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yps07ffht8f4i8vsau10na0gy|03|biz"; nocase; ) # 1ba3ezivytbre13adfz3t0w4nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ba3ezivytbre13adfz3t0w4nf|03|com"; nocase; ) # m2o61fvyi67yc996u2808vot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m2o61fvyi67yc996u2808vot|03|net"; nocase; ) # 1t6g5xkxdf6ga1yns0iiymknju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t6g5xkxdf6ga1yns0iiymknju|03|biz"; nocase; ) # wqgw8ovdbygi12fbczvj6xenv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqgw8ovdbygi12fbczvj6xenv|03|org"; nocase; ) # 1uoo04kgws46p10jvra415wc6x6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uoo04kgws46p10jvra415wc6x6|03|org"; nocase; ) # ao064o1xe0p45ubc2az1ckzg92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ao064o1xe0p45ubc2az1ckzg92|03|net"; nocase; ) # 6j1bgq1lg4nkc15q3vw67md818.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6j1bgq1lg4nkc15q3vw67md818|03|net"; nocase; ) # 83290o1889qqg7yotvsy950l1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|83290o1889qqg7yotvsy950l1|03|org"; nocase; ) # w0n26l8mtfwi11sb1kjzerz7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w0n26l8mtfwi11sb1kjzerz7l|03|net"; nocase; ) # 1cpc6ve1g58uyrfi2pxg57y5m1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpc6ve1g58uyrfi2pxg57y5m1|03|org"; nocase; ) # 10hymnx17xyqiy1uieor9dtpxcz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10hymnx17xyqiy1uieor9dtpxcz|03|org"; nocase; ) # 1yru0ga2qlirhbq6zy86vbzpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yru0ga2qlirhbq6zy86vbzpq|03|org"; nocase; ) # wl378grxz4w44gk0o7e5esib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wl378grxz4w44gk0o7e5esib|03|com"; nocase; ) # 1bvcc3g5zp7vf5f5hq0suolc7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bvcc3g5zp7vf5f5hq0suolc7|03|com"; nocase; ) # 1vwjgwh1mm4x031ytgp611yn9ou8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vwjgwh1mm4x031ytgp611yn9ou8|03|net"; nocase; ) # ufdo84150jeqxg5e1n1175crms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ufdo84150jeqxg5e1n1175crms|03|net"; nocase; ) # n7z90xinfmsf1vhcboovjbkm0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7z90xinfmsf1vhcboovjbkm0|03|biz"; nocase; ) # 1peyeaivyvnokrsuy20l703p4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1peyeaivyvnokrsuy20l703p4|03|org"; nocase; ) # peeqc4yr4qtpk1g0gjbi4vww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|peeqc4yr4qtpk1g0gjbi4vww|03|net"; nocase; ) # 17jz9i6iccv8x1yjw5mj1aggl7a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17jz9i6iccv8x1yjw5mj1aggl7a|03|biz"; nocase; ) # 1yfqvj4dwforp1ntduevgxzav.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yfqvj4dwforp1ntduevgxzav|03|net"; nocase; ) # 1mu2lr61g9zrl41lht9ak1cungu6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mu2lr61g9zrl41lht9ak1cungu6|03|biz"; nocase; ) # 1ca7jir1pyxscr1q6jd201vtes4m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ca7jir1pyxscr1q6jd201vtes4m|03|net"; nocase; ) # 1mvpg5db3t2d9116lm5l15oe6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvpg5db3t2d9116lm5l15oe6e|03|org"; nocase; ) # a95hvpl7ufwi3l4vsy1cgsr8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a95hvpl7ufwi3l4vsy1cgsr8f|03|net"; nocase; ) # 10c7eeia2ols2o69mw1hn7wrw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10c7eeia2ols2o69mw1hn7wrw|03|biz"; nocase; ) # 1ohct3kgf3gqt1oj9a3u1i6kuao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohct3kgf3gqt1oj9a3u1i6kuao|03|net"; nocase; ) # 1qi22blhfe2tj2g25ml1037f6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qi22blhfe2tj2g25ml1037f6x|03|org"; nocase; ) # 1g7z90z1w97nxkwmdyxj7m01no.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7z90z1w97nxkwmdyxj7m01no|03|net"; nocase; ) # 1ib0vwm6mgqy31xw00qwdhck0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ib0vwm6mgqy31xw00qwdhck0g|03|net"; nocase; ) # 1ry2oidxiphdw1mtiywng8859o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ry2oidxiphdw1mtiywng8859o|03|net"; nocase; ) # 1cp1trqaouqet17wcfx819py2v9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cp1trqaouqet17wcfx819py2v9|03|net"; nocase; ) # 8uresrutsk1d1v185s11v316k2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8uresrutsk1d1v185s11v316k2|03|org"; nocase; ) # 1t4yqtm589pb51th4v431qaxatn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4yqtm589pb51th4v431qaxatn|03|net"; nocase; ) # 16ewvblr85de71tm2wsk1wthz96.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ewvblr85de71tm2wsk1wthz96|03|com"; nocase; ) # 1f8wtldfhi6vx1vugllg111q6cq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f8wtldfhi6vx1vugllg111q6cq|03|net"; nocase; ) # 1iqgcwp19hsnbxy4dll84f9uf0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iqgcwp19hsnbxy4dll84f9uf0|03|com"; nocase; ) # 4v8q1km83szet76k4slrjwzp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4v8q1km83szet76k4slrjwzp|03|org"; nocase; ) # 12oz69d18zs30q5gks57mx5j66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12oz69d18zs30q5gks57mx5j66|03|net"; nocase; ) # 1yeo3g7993u4a1mcucc8mmokiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yeo3g7993u4a1mcucc8mmokiv|03|com"; nocase; ) # s24l2ij0ieownxmzdckjupac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s24l2ij0ieownxmzdckjupac|03|org"; nocase; ) # l3n40hsfay7md9ge0r1564nqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l3n40hsfay7md9ge0r1564nqa|03|org"; nocase; ) # 1tpzo0313lv2ntr7v1tixs2ly1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tpzo0313lv2ntr7v1tixs2ly1|03|biz"; nocase; ) # ne9o924h0boxqdnbjy1o0rdo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ne9o924h0boxqdnbjy1o0rdo7|03|net"; nocase; ) # tm9fbelgr9ad1sr9e4c1amuhfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tm9fbelgr9ad1sr9e4c1amuhfa|03|org"; nocase; ) # fxgxpbs45woq1nsq86t1vuo09o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxgxpbs45woq1nsq86t1vuo09o|03|org"; nocase; ) # 1qa8yoi1qz780w12tos6nly4xn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qa8yoi1qz780w12tos6nly4xn0|03|net"; nocase; ) # bblsiy1bp4z301kpxb201g6zl5k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bblsiy1bp4z301kpxb201g6zl5k|03|com"; nocase; ) # 2u784m4gmvu9z4rl30wh7a5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2u784m4gmvu9z4rl30wh7a5u|03|net"; nocase; ) # e49dm113wnb3w13ckewp18177q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e49dm113wnb3w13ckewp18177q|03|org"; nocase; ) # 5fx0iw1sspnwfga566r1uqx2ex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fx0iw1sspnwfga566r1uqx2ex|03|org"; nocase; ) # 1o9g75re5a11n1bkyu0yofvxgo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o9g75re5a11n1bkyu0yofvxgo|03|com"; nocase; ) # mkzmfl2tsafj1c9rc62t94ned.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mkzmfl2tsafj1c9rc62t94ned|03|net"; nocase; ) # 8e7sxg1vmysuh16himka1wcr8t7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8e7sxg1vmysuh16himka1wcr8t7|03|org"; nocase; ) # sdrc9w2wmruoxacyjqieh9zs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sdrc9w2wmruoxacyjqieh9zs|03|com"; nocase; ) # g07ksp19uf8s919nk6k21uw9zu4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g07ksp19uf8s919nk6k21uw9zu4|03|net"; nocase; ) # n7hl4bbca7tc1firl6i1qg0srj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n7hl4bbca7tc1firl6i1qg0srj|03|org"; nocase; ) # 181vq4y1eg4u9nfg1yhq2ttips.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|181vq4y1eg4u9nfg1yhq2ttips|03|net"; nocase; ) # gul41v1np3rq1x8s7fe1y13ncj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gul41v1np3rq1x8s7fe1y13ncj|03|org"; nocase; ) # 1joy8rh14nv9e51oiihql1a3purb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1joy8rh14nv9e51oiihql1a3purb|03|biz"; nocase; ) # 1iv10kw1t3pn621pgscadv6jyhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iv10kw1t3pn621pgscadv6jyhc|03|com"; nocase; ) # resq1b9mvzaq11ipvdbpi7oca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|resq1b9mvzaq11ipvdbpi7oca|03|biz"; nocase; ) # 15avo9f1mikov13wb0su1afho5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15avo9f1mikov13wb0su1afho5r|03|com"; nocase; ) # ny9dvv1b8g7rax69s8t289cgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ny9dvv1b8g7rax69s8t289cgn|03|com"; nocase; ) # 1sgmv0vf8eh9mhjqn2tj43e7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sgmv0vf8eh9mhjqn2tj43e7h|03|com"; nocase; ) # 1knals51nt6syh16vqa8z1te02g0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1knals51nt6syh16vqa8z1te02g0|03|net"; nocase; ) # 1h54r5x4v7agh1afsz551g744km.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h54r5x4v7agh1afsz551g744km|03|net"; nocase; ) # z7sns8i139lzw71dmy91lc49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z7sns8i139lzw71dmy91lc49|03|net"; nocase; ) # hobpqyk5okan1gutpqeuzzt8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hobpqyk5okan1gutpqeuzzt8s|03|net"; nocase; ) # 5486cf11igu81y4xzya1x6oulu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5486cf11igu81y4xzya1x6oulu|03|biz"; nocase; ) # 1mhpob01rov51khrmhqfs0p3nj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mhpob01rov51khrmhqfs0p3nj|03|org"; nocase; ) # 1meq2zh1js80r81stva1k3tnuue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1meq2zh1js80r81stva1k3tnuue|03|com"; nocase; ) # 1hp3uy4boukthhpi32nsvhkr3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hp3uy4boukthhpi32nsvhkr3|03|net"; nocase; ) # exp8om12eohqab9bcd8th2okv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exp8om12eohqab9bcd8th2okv|03|net"; nocase; ) # uats8twb80b01anotco1sd8vkl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uats8twb80b01anotco1sd8vkl|03|biz"; nocase; ) # fxt4pa2ug2ly7w1hsg3hao9f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fxt4pa2ug2ly7w1hsg3hao9f|03|org"; nocase; ) # 1vkoegt1ogfa6c3vqfpf1tm8w0g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vkoegt1ogfa6c3vqfpf1tm8w0g|03|org"; nocase; ) # 76j4wl145enrddnw47m1j5nzt0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|76j4wl145enrddnw47m1j5nzt0|03|net"; nocase; ) # 1cwz7uo1y3ykhx1oqm6p71erssvw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cwz7uo1y3ykhx1oqm6p71erssvw|03|biz"; nocase; ) # 16uhny64cg56w1y02x3vj9n0p9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16uhny64cg56w1y02x3vj9n0p9|03|net"; nocase; ) # cf8dyi8uoet9hm1phc1k1wqth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cf8dyi8uoet9hm1phc1k1wqth|03|net"; nocase; ) # 18qdmnonxwkkvwud5mvxaxetb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18qdmnonxwkkvwud5mvxaxetb|03|biz"; nocase; ) # gov0hi8t813w2ved9p7vs3r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gov0hi8t813w2ved9p7vs3r|03|com"; nocase; ) # kfdmd3br7bjsbgakgkrrtpk2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kfdmd3br7bjsbgakgkrrtpk2|03|biz"; nocase; ) # 1pj76z7178h61k1iunyc016og9cu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pj76z7178h61k1iunyc016og9cu|03|com"; nocase; ) # 5ehlpk1mivw371civ9916x3bji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ehlpk1mivw371civ9916x3bji|03|com"; nocase; ) # 8rvyqb8mr7lw8kdehc1hs6mh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8rvyqb8mr7lw8kdehc1hs6mh5|03|net"; nocase; ) # 1n6ts5aqudplny43dhaig90ph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n6ts5aqudplny43dhaig90ph|03|biz"; nocase; ) # endqqea7jccmce2asu20i81y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|endqqea7jccmce2asu20i81y|03|com"; nocase; ) # 1yg1nu3bsm3x1vvploo1bqhw9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yg1nu3bsm3x1vvploo1bqhw9g|03|com"; nocase; ) # 1iv7jts1lrsp6pvuctwylyvvkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iv7jts1lrsp6pvuctwylyvvkf|03|net"; nocase; ) # 1733z5l3af8o21uru8wj14vvo0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1733z5l3af8o21uru8wj14vvo0s|03|org"; nocase; ) # 1wv1dcb1fssb5o14gchgupbwe0k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wv1dcb1fssb5o14gchgupbwe0k|03|biz"; nocase; ) # gp1u6x1fqzo9m1ciede51cq2ci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gp1u6x1fqzo9m1ciede51cq2ci|03|net"; nocase; ) # 1qyv1s5pm5zq31w55all1pj4sci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qyv1s5pm5zq31w55all1pj4sci|03|com"; nocase; ) # 88bacga8ioehjtham14ffkma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|88bacga8ioehjtham14ffkma|03|org"; nocase; ) # 1ecuz0xgj1mkphj17dg1sx8asi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ecuz0xgj1mkphj17dg1sx8asi|03|net"; nocase; ) # 1f5xpww1ffc837ihaf0wf5xr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f5xpww1ffc837ihaf0wf5xr8|03|com"; nocase; ) # z3grsdp219ij1qkod04154nn2g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z3grsdp219ij1qkod04154nn2g|03|biz"; nocase; ) # zz40m4cf9gxn5qb85j1ug6r4e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zz40m4cf9gxn5qb85j1ug6r4e|03|com"; nocase; ) # 1c00oz61qqh4kl7qs529pwyajt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c00oz61qqh4kl7qs529pwyajt|03|net"; nocase; ) # 17hyepn1442sk01kr9rutv7za34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17hyepn1442sk01kr9rutv7za34|03|org"; nocase; ) # 1ezuibh16qgl5z1tnh1d216o3xef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ezuibh16qgl5z1tnh1d216o3xef|03|org"; nocase; ) # 1h1uxas159bup318lhomg2m0qpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h1uxas159bup318lhomg2m0qpj|03|biz"; nocase; ) # gtn4cmf22t41d2c0c6jree8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gtn4cmf22t41d2c0c6jree8i|03|net"; nocase; ) # yigak6tu612zf83qaf1rt2nzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yigak6tu612zf83qaf1rt2nzu|03|net"; nocase; ) # nv1nbt1p2rirmvbnzrsi7ryag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nv1nbt1p2rirmvbnzrsi7ryag|03|biz"; nocase; ) # k059kdo892vi1m2kzx3up5ey6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k059kdo892vi1m2kzx3up5ey6|03|org"; nocase; ) # 18yyho0aawh9fmwg0rmts4y45.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18yyho0aawh9fmwg0rmts4y45|03|biz"; nocase; ) # 6ulcwt1ajth471djsp351yk5zoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ulcwt1ajth471djsp351yk5zoj|03|net"; nocase; ) # c74qzel58ijp6i6m0m17s95s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c74qzel58ijp6i6m0m17s95s|03|biz"; nocase; ) # 1sg9fv1erzji48cy5tc183h1wj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sg9fv1erzji48cy5tc183h1wj|03|com"; nocase; ) # 6xmxjjwys0a0195bky71mcxijc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xmxjjwys0a0195bky71mcxijc|03|net"; nocase; ) # 1p8kfr9mfjhtt11h9ts27vg0hj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p8kfr9mfjhtt11h9ts27vg0hj|03|org"; nocase; ) # r2azsenk42wq1mys12d7wntqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r2azsenk42wq1mys12d7wntqs|03|net"; nocase; ) # 12er47pq4g167dv7ebklxbs2j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12er47pq4g167dv7ebklxbs2j|03|com"; nocase; ) # 1gcz7o0zqqu1l11o98gcl3v7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gcz7o0zqqu1l11o98gcl3v7m|03|net"; nocase; ) # 1hohh28rhgdfb3tjnbm1brh431.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hohh28rhgdfb3tjnbm1brh431|03|com"; nocase; ) # a8uis14ng1y03tut2r1o0423l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8uis14ng1y03tut2r1o0423l|03|net"; nocase; ) # gzyxei1udm0281itz86d1o5s4vr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gzyxei1udm0281itz86d1o5s4vr|03|com"; nocase; ) # 1dmrpt51xm1ksjachbsbj2dc6w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dmrpt51xm1ksjachbsbj2dc6w|03|org"; nocase; ) # gqr79wkwcrp3wggwk71sy2jgd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqr79wkwcrp3wggwk71sy2jgd|03|org"; nocase; ) # di6l99184b4q71muldwd1ycjik1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|di6l99184b4q71muldwd1ycjik1|03|net"; nocase; ) # qh0dn2mhm3azbjhpnn7wwvdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qh0dn2mhm3azbjhpnn7wwvdp|03|com"; nocase; ) # 9kssgg1qlesdczj31ocjop4fe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9kssgg1qlesdczj31ocjop4fe|03|com"; nocase; ) # ez3ov21evxbq5j6sfyfou98q2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ez3ov21evxbq5j6sfyfou98q2|03|net"; nocase; ) # 1qf7rge1fqbgd6utfx9h9j6cny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qf7rge1fqbgd6utfx9h9j6cny|03|org"; nocase; ) # xuy8uy1wvnkn7bi5ru714zp3iu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xuy8uy1wvnkn7bi5ru714zp3iu|03|com"; nocase; ) # 135j10m14e091vcyyx5low53ay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135j10m14e091vcyyx5low53ay|03|net"; nocase; ) # 1l15wwo1tnnxnulpovnfqb2a5u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l15wwo1tnnxnulpovnfqb2a5u|03|org"; nocase; ) # 8v1jpujwitwm1c7sujy1qeumaq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8v1jpujwitwm1c7sujy1qeumaq|03|biz"; nocase; ) # 1geywl51fhjt2j16nne8vxi5ehq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1geywl51fhjt2j16nne8vxi5ehq|03|biz"; nocase; ) # v6olk21g8au6h7r090deton9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v6olk21g8au6h7r090deton9|03|com"; nocase; ) # 16uktahfa3h4d1fzrwu41ngrudc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16uktahfa3h4d1fzrwu41ngrudc|03|com"; nocase; ) # x47z3ogfkcnk1sfbvf0s8jduh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x47z3ogfkcnk1sfbvf0s8jduh|03|com"; nocase; ) # 1g0bbd219zguyg1oopdgg1xje8nm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g0bbd219zguyg1oopdgg1xje8nm|03|biz"; nocase; ) # snoh0u1590iuqvmbblq184yos5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|snoh0u1590iuqvmbblq184yos5|03|com"; nocase; ) # 52k3gp1ax222r1u3t7c6vf3k1p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52k3gp1ax222r1u3t7c6vf3k1p|03|net"; nocase; ) # 1a416ng14acmfd1e6kt821brjcn0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a416ng14acmfd1e6kt821brjcn0|03|biz"; nocase; ) # gfwi3j1nqxapj1lfouvu7ypdpm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gfwi3j1nqxapj1lfouvu7ypdpm|03|org"; nocase; ) # xtcrtagylxstyqkg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014286; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xtcrtagylxstyqkg|02|eu"; nocase; ) # xibjqosutnilxcag.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014287; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xibjqosutnilxcag|02|eu"; nocase; ) # xwmnadsepqxpjncs.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014288; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xwmnadsepqxpjncs|02|eu"; nocase; ) # xesjlqfvafmfpgwf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014289; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xesjlqfvafmfpgwf|02|eu"; nocase; ) # xakwgsrjgjdytwgr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014290; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xakwgsrjgjdytwgr|02|eu"; nocase; ) # ljcrjjmkgwrnwwef.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014291; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ljcrjjmkgwrnwwef|02|eu"; nocase; ) # fggxaaddhhphtrjl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014292; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fggxaaddhhphtrjl|02|eu"; nocase; ) # ffihorovqqxjifxw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014293; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ffihorovqqxjifxw|02|eu"; nocase; ) # yanvitffjlgygonq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014294; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yanvitffjlgygonq|02|eu"; nocase; ) # yhgrthfwtmhbmhiq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014295; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yhgrthfwtmhbmhiq|02|eu"; nocase; ) # yoyafiforbvdfadq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014296; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yoyafiforbvdfadq|02|eu"; nocase; ) # ykqnakrcxfmwjqmp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014297; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ykqnakrcxfmwjqmp|02|eu"; nocase; ) # saclsaidbovbnswv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014298; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|saclsaidbovbnswv|02|eu"; nocase; ) # mlrvsrxewbvyilec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014299; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mlrvsrxewbvyilec|02|eu"; nocase; ) # gmecctcjrhpyncmv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014300; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gmecctcjrhpyncmv|02|eu"; nocase; ) # amseymrtvwrbugvb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014301; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|amseymrtvwrbugvb|02|eu"; nocase; ) # atlaknrltlgqnydb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014302; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|atlaknrltlgqnydb|02|eu"; nocase; ) # abrvibrdrausgrxn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014303; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|abrvibrdrausgrxn|02|eu"; nocase; ) # tdpgbeieuvqwwgih.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014304; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|tdpgbeieuvqwwgih|02|eu"; nocase; ) # npduaemmtyufqybo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014305; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|npduaemmtyufqybo|02|eu"; nocase; ) # gaddd72172dbc906cc093bb25b6db90ad9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gaddd72172dbc906cc093bb25b6db90ad9|02|tk"; nocase; ) # i8e8722d7bfa54d4e21e98efeff617a751.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i8e8722d7bfa54d4e21e98efeff617a751|02|cc"; nocase; ) # l378a3af4b60922c924f641d6e5806f283.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l378a3af4b60922c924f641d6e5806f283|02|in"; nocase; ) # mf9e3b3d87e0e8def797db181263acc0c9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf9e3b3d87e0e8def797db181263acc0c9|02|hk"; nocase; ) # oa7397169743d94d6d844e89a85bfcb725.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oa7397169743d94d6d844e89a85bfcb725|02|tk"; nocase; ) # s87a24749fe2cb8501b7162db7845f51e0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s87a24749fe2cb8501b7162db7845f51e0|02|to"; nocase; ) # v411392f1599b78d44cbb68e5053b65db6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v411392f1599b78d44cbb68e5053b65db6|02|cn"; nocase; ) # x9e454b959335be7751e77b5c581a62b3c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9e454b959335be7751e77b5c581a62b3c|02|so"; nocase; ) # qf1caecee20b57dd2438218efe2bd5155a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf1caecee20b57dd2438218efe2bd5155a|02|to"; nocase; ) # s1385aaeb7bf28e23ce5ef76be50693d9d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s1385aaeb7bf28e23ce5ef76be50693d9d|02|hk"; nocase; ) # x375a35cfedec5a4689aca80cf1e0bc58c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x375a35cfedec5a4689aca80cf1e0bc58c|02|ws"; nocase; ) # e5da3dcd4bbd44c7f5c8683cb77d07c60e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e5da3dcd4bbd44c7f5c8683cb77d07c60e|02|cc"; nocase; ) # i41e9bf7e9dbd48fa19f78f1c6a92e17a9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i41e9bf7e9dbd48fa19f78f1c6a92e17a9|02|hk"; nocase; ) # o0f653194165af9763d57bf5bd7e91dd85.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0f653194165af9763d57bf5bd7e91dd85|02|to"; nocase; ) # v7a1f63eba28856772e3977a9cfa7ae438.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7a1f63eba28856772e3977a9cfa7ae438|02|ws"; nocase; ) # h96e330a921f352aba711472e810696ffe.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h96e330a921f352aba711472e810696ffe|02|cn"; nocase; ) # i7206b58d79ad2100cd71e71b22dd2c849.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i7206b58d79ad2100cd71e71b22dd2c849|02|tk"; nocase; ) # j284eff624a219d5dfd2a3d9e23499de1b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j284eff624a219d5dfd2a3d9e23499de1b|02|so"; nocase; ) # laffaa4cbc57d46a5ab12036aae59cf718.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|laffaa4cbc57d46a5ab12036aae59cf718|02|ws"; nocase; ) # n5eb9847b817ce968b5f0f48a561114b04.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5eb9847b817ce968b5f0f48a561114b04|02|in"; nocase; ) # p485ccb19845fecb2ffb275dee7f0350bd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p485ccb19845fecb2ffb275dee7f0350bd|02|cn"; nocase; ) # r511c04cada266a7171c1f6e107e593c1d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r511c04cada266a7171c1f6e107e593c1d|02|so"; nocase; ) # s2e44827528d3716d25f516a0ddd3c0430.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2e44827528d3716d25f516a0ddd3c0430|02|cc"; nocase; ) # ua340dd09b919d7c15a4ec00e2b05d3b3f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua340dd09b919d7c15a4ec00e2b05d3b3f|02|to"; nocase; ) # wc0bdda1ff38e907cef44d60a9b4092bfd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc0bdda1ff38e907cef44d60a9b4092bfd|02|hk"; nocase; ) # z2a37036bf9b313616991dece315879498.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z2a37036bf9b313616991dece315879498|02|so"; nocase; ) # j8daa71f0b32d9fe09e103fe7d1342fbf9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j8daa71f0b32d9fe09e103fe7d1342fbf9|02|ws"; nocase; ) # p1dd5386f426137beec4a9ec2294e0c9a8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p1dd5386f426137beec4a9ec2294e0c9a8|02|so"; nocase; ) # w9de48d241450d17a1355ce857d5db77be.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w9de48d241450d17a1355ce857d5db77be|02|tk"; nocase; ) # aba08c6c6b5787162496c536ea1f9cc12c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aba08c6c6b5787162496c536ea1f9cc12c|02|to"; nocase; ) # b5dbb11ee2c8db57097397151da564e061.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5dbb11ee2c8db57097397151da564e061|02|in"; nocase; ) # i1f26755c16a101c257625a2905c2d01a0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i1f26755c16a101c257625a2905c2d01a0|02|to"; nocase; ) # ma17cc3bd4a468b05e37ac63a07a41e32f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ma17cc3bd4a468b05e37ac63a07a41e32f|02|tk"; nocase; ) # vd92dc97ba53a8a599a13c46b9e8a5d192.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd92dc97ba53a8a599a13c46b9e8a5d192|02|so"; nocase; ) # y18a67eb1ccba2cc02e6d90e94edb36c95.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y18a67eb1ccba2cc02e6d90e94edb36c95|02|to"; nocase; ) # d35fc05f095b7c238f8785faa8677973fd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d35fc05f095b7c238f8785faa8677973fd|02|so"; nocase; ) # mb2f8a96decce0174636dccddce3ca6051.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb2f8a96decce0174636dccddce3ca6051|02|cc"; nocase; ) # qdfff8e08c09d3d5b3aeff3ad94554914c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qdfff8e08c09d3d5b3aeff3ad94554914c|02|hk"; nocase; ) # tebdf613b22d133b8b585e48d6f8923a3d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tebdf613b22d133b8b585e48d6f8923a3d|02|so"; nocase; ) # wd4e1b8076aba00dc644222c8ecbedad4c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd4e1b8076aba00dc644222c8ecbedad4c|02|to"; nocase; ) # m23de6140f6018fcffdd4d817ac3f802ab.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m23de6140f6018fcffdd4d817ac3f802ab|02|to"; nocase; ) # wbd72dc249e4319e0ff2851b7198a59026.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wbd72dc249e4319e0ff2851b7198a59026|02|hk"; nocase; ) # y2d7fb9e064ed0f45999be288a3e968dd7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y2d7fb9e064ed0f45999be288a3e968dd7|02|tk"; nocase; ) # a8a321a10602e9409b35d14a3b4b42573c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8a321a10602e9409b35d14a3b4b42573c|02|cc"; nocase; ) # l214cd15b7796262e1f6a0327897a59bd0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l214cd15b7796262e1f6a0327897a59bd0|02|in"; nocase; ) # m8d0a1f7e8fad53585afd0a17943c5961d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8d0a1f7e8fad53585afd0a17943c5961d|02|hk"; nocase; ) # q3c46d8dff47c24ae9ccff6c503bb745c0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q3c46d8dff47c24ae9ccff6c503bb745c0|02|cc"; nocase; ) # u2fcd9b9dc3c12fab5506c55757f7188ce.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2fcd9b9dc3c12fab5506c55757f7188ce|02|hk"; nocase; ) # w2ff86a7826eb70230c3cb1c193b21de3f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w2ff86a7826eb70230c3cb1c193b21de3f|02|tk"; nocase; ) # d2247de19915e308387685a6fed34696be.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d2247de19915e308387685a6fed34696be|02|cn"; nocase; ) # g746029ae285ac50cc2a34558dcc8ef3d1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g746029ae285ac50cc2a34558dcc8ef3d1|02|cc"; nocase; ) # h1050c0c9cee9a7142e93912a64765f67c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h1050c0c9cee9a7142e93912a64765f67c|02|ws"; nocase; ) # k393c40c1411c68a87bdde0d53d638df03.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k393c40c1411c68a87bdde0d53d638df03|02|hk"; nocase; ) # l79122f53143d62305b5079fea0852efa7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l79122f53143d62305b5079fea0852efa7|02|cn"; nocase; ) # n8b304be0958518c353efcb8128e9cf519.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n8b304be0958518c353efcb8128e9cf519|02|so"; nocase; ) # o710d78be215599c80066db4c512d98a1a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o710d78be215599c80066db4c512d98a1a|02|cc"; nocase; ) # p0d65833e853b89342a304501d281f2679.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0d65833e853b89342a304501d281f2679|02|ws"; nocase; ) # qea04d3afc7ce040cc5ae93a2dc74cfb58.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qea04d3afc7ce040cc5ae93a2dc74cfb58|02|to"; nocase; ) # rde534b96c7d3d740a12d3c223bbef8a2c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rde534b96c7d3d740a12d3c223bbef8a2c|02|in"; nocase; ) # v8750968973a1663ddcf7bf439cead4185.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8750968973a1663ddcf7bf439cead4185|02|so"; nocase; ) # w91d407f7d25f8407a5e16198b2bc48aa0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w91d407f7d25f8407a5e16198b2bc48aa0|02|cc"; nocase; ) # yd486db8abcdd57d51c5c1365faebf43d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yd486db8abcdd57d51c5c1365faebf43d2|02|to"; nocase; ) # d0c4f83a04ec408f1b7e610e2320364bdd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0c4f83a04ec408f1b7e610e2320364bdd|02|so"; nocase; ) # g5c4bfbc726b976f9107abdee44eb696ce.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g5c4bfbc726b976f9107abdee44eb696ce|02|to"; nocase; ) # of41fd873566df3d8869d4be201ae5bbeb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|of41fd873566df3d8869d4be201ae5bbeb|02|to"; nocase; ) # qdc629167dd0bad5431027f15fa3461347.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qdc629167dd0bad5431027f15fa3461347|02|hk"; nocase; ) # h16259b4f06aed985bd2f690d3ad6df26f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h16259b4f06aed985bd2f690d3ad6df26f|02|cn"; nocase; ) # o1bac179c24570527e5904a5bc4e53923f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1bac179c24570527e5904a5bc4e53923f|02|hk"; nocase; ) # y9c5b28ba1d09d60f58e26e18b09e83229.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9c5b28ba1d09d60f58e26e18b09e83229|02|tk"; nocase; ) # z4bc5437ce129e70e42c5e8a5abc85962d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z4bc5437ce129e70e42c5e8a5abc85962d|02|so"; nocase; ) # c037481821efa1d575037bf163839cbc04.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c037481821efa1d575037bf163839cbc04|02|to"; nocase; ) # j2053eec9da2c058ace10177f3df236d2a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2053eec9da2c058ace10177f3df236d2a|02|ws"; nocase; ) # q28b152d3233370fcef88a203af01256d9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q28b152d3233370fcef88a203af01256d9|02|cc"; nocase; ) # y664905e603a084dd341927685d5c6dce4.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y664905e603a084dd341927685d5c6dce4|02|cc"; nocase; ) # ab486e0431191ecc12ccc0212e0b24348b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab486e0431191ecc12ccc0212e0b24348b|02|to"; nocase; ) # h9375bdfed87d7eee30fe174feb59ecedd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h9375bdfed87d7eee30fe174feb59ecedd|02|ws"; nocase; ) # i353e9db4c3f68ffe2db74f5fde102a86f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i353e9db4c3f68ffe2db74f5fde102a86f|02|to"; nocase; ) # j92cddf61909467c0bff29ef521db6eba9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j92cddf61909467c0bff29ef521db6eba9|02|in"; nocase; ) # kde9a6b838bbc30036c83dfb33ca5bad95.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kde9a6b838bbc30036c83dfb33ca5bad95|02|hk"; nocase; ) # lcae1d9f7f9a39bf6be16eefa4ecc941fa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lcae1d9f7f9a39bf6be16eefa4ecc941fa|02|cn"; nocase; ) # va5a27839e4da2229f0ba58aec85539fc1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va5a27839e4da2229f0ba58aec85539fc1|02|so"; nocase; ) # x48dea4577e90552ecd7e0529e636fdd0a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x48dea4577e90552ecd7e0529e636fdd0a|02|ws"; nocase; ) # y3c2f0faff7e4cc7227ed8fa3d813ccd03.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3c2f0faff7e4cc7227ed8fa3d813ccd03|02|to"; nocase; ) # g6418c8cd279366673c2bc5946686a1402.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6418c8cd279366673c2bc5946686a1402|02|to"; nocase; ) # hd631e2fc5f8e8a2404bb575ff2f91a0bb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd631e2fc5f8e8a2404bb575ff2f91a0bb|02|in"; nocase; ) # l4ca7cae28c2d7a62e06e676f433ea6b5a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4ca7cae28c2d7a62e06e676f433ea6b5a|02|so"; nocase; ) # m2651fafee7ef140c00bd6ebab38f67114.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m2651fafee7ef140c00bd6ebab38f67114|02|cc"; nocase; ) # ne33d52e09541885bf3b6ab80edffee859.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne33d52e09541885bf3b6ab80edffee859|02|ws"; nocase; ) # v68f41eb3aa98f998f7eea4e6b351e33e3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v68f41eb3aa98f998f7eea4e6b351e33e3|02|ws"; nocase; ) # x76cfe37344210fa3c3c027e984b65fdeb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x76cfe37344210fa3c3c027e984b65fdeb|02|in"; nocase; ) # ea3389bd8117f5c2dae028ac64db575cf5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea3389bd8117f5c2dae028ac64db575cf5|02|to"; nocase; ) # i2f690d87b2ff932fae44e63c90fe9dfdc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2f690d87b2ff932fae44e63c90fe9dfdc|02|tk"; nocase; ) # l955c3b103f6655907b4b41ad59e65f0ce.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l955c3b103f6655907b4b41ad59e65f0ce|02|ws"; nocase; ) # y59ae47f0a97c445089791c83049465161.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y59ae47f0a97c445089791c83049465161|02|tk"; nocase; ) # a067d07a66fa462de83971adf09b21df1b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a067d07a66fa462de83971adf09b21df1b|02|cc"; nocase; ) # ba9ca8d420086b365ba19f1b3726ce3d93.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ba9ca8d420086b365ba19f1b3726ce3d93|02|ws"; nocase; ) # e5878acca63fb5898648b07c985dbf5da8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e5878acca63fb5898648b07c985dbf5da8|02|hk"; nocase; ) # ib694d7fee21d176874a54c0d836970f5d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib694d7fee21d176874a54c0d836970f5d|02|cc"; nocase; ) # r0e47aab3761fb72482e36a64dab01f6c4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r0e47aab3761fb72482e36a64dab01f6c4|02|ws"; nocase; ) # tdc2df5cc6d4e6a1dbf8d4620b58907eff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tdc2df5cc6d4e6a1dbf8d4620b58907eff|02|in"; nocase; ) # xa634b5071df478f31a7291c6c5afacd82.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa634b5071df478f31a7291c6c5afacd82|02|so"; nocase; ) # y46004144deb2676abe222fc26e37e2e60.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y46004144deb2676abe222fc26e37e2e60|02|cc"; nocase; ) # zdc49f056e9e4932a7c6ba0a8c7d62e5e9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zdc49f056e9e4932a7c6ba0a8c7d62e5e9|02|ws"; nocase; ) # a3243426d9769078186e1ff6087f0905cf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a3243426d9769078186e1ff6087f0905cf|02|to"; nocase; ) # ha3f4f049848bcae46f77bc02a982ada70.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha3f4f049848bcae46f77bc02a982ada70|02|ws"; nocase; ) # k83b9944bffd5404e985db249f51d54ec9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k83b9944bffd5404e985db249f51d54ec9|02|hk"; nocase; ) # qf55e923a30840f5f9a1dd4b9b94ca8e0a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf55e923a30840f5f9a1dd4b9b94ca8e0a|02|to"; nocase; ) # s6c2b9e5b95ce6a2b7cedb4d5f98059d22.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s6c2b9e5b95ce6a2b7cedb4d5f98059d22|02|hk"; nocase; ) # h275d87242fddfd1d03e0f6f4065d161c8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h275d87242fddfd1d03e0f6f4065d161c8|02|in"; nocase; ) # i563d33c81e6f22025ddebd81103fb30ed.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i563d33c81e6f22025ddebd81103fb30ed|02|hk"; nocase; ) # kc3422d13799bf5c38d6574a21189889a7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kc3422d13799bf5c38d6574a21189889a7|02|tk"; nocase; ) # n7481617e644695d98f2c64e1a5c53bb3d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7481617e644695d98f2c64e1a5c53bb3d|02|ws"; nocase; ) # sb950c26cb42e1be9a05d9a3fcf663b7f3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb950c26cb42e1be9a05d9a3fcf663b7f3|02|tk"; nocase; ) # cf70024c27262f34d073aad022e1b74186.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cf70024c27262f34d073aad022e1b74186|02|cc"; nocase; ) # g396d9022181d72e58306177f62227aa57.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g396d9022181d72e58306177f62227aa57|02|hk"; nocase; ) # m076b6bc95c73121a6b30cb5fb27bc8e8e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m076b6bc95c73121a6b30cb5fb27bc8e8e|02|to"; nocase; ) # n10a2ee14dcd34d554f8be661552a5f2ed.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n10a2ee14dcd34d554f8be661552a5f2ed|02|in"; nocase; ) # s699631788f3cd5159585a9489a5349a6b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s699631788f3cd5159585a9489a5349a6b|02|to"; nocase; ) # t40a9a1229e03f61c3f6ec14ffe50ed21b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t40a9a1229e03f61c3f6ec14ffe50ed21b|02|in"; nocase; ) # w723ddb8cd365595e8802515ca5c9e1b62.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w723ddb8cd365595e8802515ca5c9e1b62|02|tk"; nocase; ) # xb2d1b47bd3a36cce7f4aa14ee555a3732.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb2d1b47bd3a36cce7f4aa14ee555a3732|02|so"; nocase; ) # acdb8a49e12582ef5cf7574f7e2c3fcee4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|acdb8a49e12582ef5cf7574f7e2c3fcee4|02|to"; nocase; ) # iebb91f89468b6d0c2cc2baeaad0d78182.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iebb91f89468b6d0c2cc2baeaad0d78182|02|to"; nocase; ) # r720670a93357a34015dfec7e0702d0796.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r720670a93357a34015dfec7e0702d0796|02|in"; nocase; ) # vabedebc0ad007ce59213e1314914fc562.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vabedebc0ad007ce59213e1314914fc562|02|so"; nocase; ) # weff3eea75e1092e1cea2fcdf74eddc519.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|weff3eea75e1092e1cea2fcdf74eddc519|02|cc"; nocase; ) # h18ea0f844193eee22e1de21decd617cac.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h18ea0f844193eee22e1de21decd617cac|02|in"; nocase; ) # lc34539b5be31171fbfb2162ff3ee000cd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc34539b5be31171fbfb2162ff3ee000cd|02|so"; nocase; ) # y6f13cb7aa993191624cfaf45a7fc1fe1b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y6f13cb7aa993191624cfaf45a7fc1fe1b|02|hk"; nocase; ) # z6712fac8ed74b29030fdf1d6f331b6e1a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6712fac8ed74b29030fdf1d6f331b6e1a|02|cn"; nocase; ) # be735c55dcded2b9e23a92d6a829a8e986.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be735c55dcded2b9e23a92d6a829a8e986|02|so"; nocase; ) # d05c09011f15a039e0ec6aa627eaf7c3ff.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d05c09011f15a039e0ec6aa627eaf7c3ff|02|ws"; nocase; ) # e339221107166ec556db4c6169f96e51a8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e339221107166ec556db4c6169f96e51a8|02|to"; nocase; ) # hfab61c5040fae3ec98fcb3e8f41d266f6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hfab61c5040fae3ec98fcb3e8f41d266f6|02|cn"; nocase; ) # kda0659954bf4a3dd4d2cd5300450f772b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kda0659954bf4a3dd4d2cd5300450f772b|02|cc"; nocase; ) # l4a81a481d34c28e562511438235040f8d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4a81a481d34c28e562511438235040f8d|02|ws"; nocase; ) # r49b783a2cac7b61d5055bacefa732b3a7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r49b783a2cac7b61d5055bacefa732b3a7|02|so"; nocase; ) # s0f424b4895b620dd365dede517fb53eb6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0f424b4895b620dd365dede517fb53eb6|02|cc"; nocase; ) # u6e1435a61052ac10c5905bdc53d0c7e92.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u6e1435a61052ac10c5905bdc53d0c7e92|02|to"; nocase; ) # x8fe64c96eeb5d859f1f87d3e8faee2882.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x8fe64c96eeb5d859f1f87d3e8faee2882|02|cn"; nocase; ) # n01fe77464fbb087ab27e8d4ddc63c55fe.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n01fe77464fbb087ab27e8d4ddc63c55fe|02|cn"; nocase; ) # pd30bb3bab4d281d38713228328e675a7e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd30bb3bab4d281d38713228328e675a7e|02|so"; nocase; ) # u4862e33a1d929f39d3000e1127af9821d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u4862e33a1d929f39d3000e1127af9821d|02|hk"; nocase; ) # ce7a42322ba84ecc3a8cfd7a1d5d97a774.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ce7a42322ba84ecc3a8cfd7a1d5d97a774|02|hk"; nocase; ) # e0288a30a2e8e715d303bd8a8ab9d8dc40.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0288a30a2e8e715d303bd8a8ab9d8dc40|02|tk"; nocase; ) # f8b4a88f58186a47cb5fc59fa5b8fef821.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8b4a88f58186a47cb5fc59fa5b8fef821|02|so"; nocase; ) # ga1f225eea0ba35aa65bd72efaaa99e946.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga1f225eea0ba35aa65bd72efaaa99e946|02|cc"; nocase; ) # l4d107f1b1f791a6bbdcc41eeaa1c79605.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4d107f1b1f791a6bbdcc41eeaa1c79605|02|cn"; nocase; ) # x55184d4d6c856a657c07e6612e2c3a1b6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x55184d4d6c856a657c07e6612e2c3a1b6|02|ws"; nocase; ) # z9cd456d74bd761f196577b446e26bd745.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9cd456d74bd761f196577b446e26bd745|02|in"; nocase; ) # ba27c8b0263e372dd6cd3ae8f9502e231d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ba27c8b0263e372dd6cd3ae8f9502e231d|02|cn"; nocase; ) # c0b4c488b0c160c961b30aa359e1577f64.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c0b4c488b0c160c961b30aa359e1577f64|02|tk"; nocase; ) # f43a1ee69df1f154171936e341dc200419.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f43a1ee69df1f154171936e341dc200419|02|ws"; nocase; ) # g9208b19f98b5dc534509f604dfac50148.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g9208b19f98b5dc534509f604dfac50148|02|to"; nocase; ) # nfacd20a0962b91685b1b2c495c2bbb7a4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfacd20a0962b91685b1b2c495c2bbb7a4|02|ws"; nocase; ) # s61fdb177900ac0d6037bfaa4866a5b7b3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s61fdb177900ac0d6037bfaa4866a5b7b3|02|tk"; nocase; ) # cc7b914c2412f86bec19acacd6ea9112f9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc7b914c2412f86bec19acacd6ea9112f9|02|cc"; nocase; ) # i2b3a1510c53f15b0d9ed0f396c984dd6b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2b3a1510c53f15b0d9ed0f396c984dd6b|02|tk"; nocase; ) # l256fd8749692d5cd98558194b80f1eb76.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l256fd8749692d5cd98558194b80f1eb76|02|ws"; nocase; ) # n23bd610f291ea7ced9699320b4036284d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n23bd610f291ea7ced9699320b4036284d|02|in"; nocase; ) # t88ce4eda75c7ea9fffc6ae65113e2e197.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t88ce4eda75c7ea9fffc6ae65113e2e197|02|ws"; nocase; ) # w6426a6b4c3e00176efbcfe85c06dde6d3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w6426a6b4c3e00176efbcfe85c06dde6d3|02|hk"; nocase; ) # x642fce958d312e897a9c85972e5806c55.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x642fce958d312e897a9c85972e5806c55|02|cn"; nocase; ) # w60fbff2340cad8d9788c40426622b5847.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w60fbff2340cad8d9788c40426622b5847|02|tk"; nocase; ) # ab6b3dad7656a22c7744942341ff76e79d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab6b3dad7656a22c7744942341ff76e79d|02|to"; nocase; ) # b75f1ae7b04021847869c459865c86b8b4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b75f1ae7b04021847869c459865c86b8b4|02|in"; nocase; ) # fcd7d5dc837226a5c74d61c52ec3ce8bd6.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fcd7d5dc837226a5c74d61c52ec3ce8bd6|02|so"; nocase; ) # md6f1743690d183c90af3d748ef8d589df.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md6f1743690d183c90af3d748ef8d589df|02|tk"; nocase; ) # nd0825b8980c9e259beae7a9e226203955.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd0825b8980c9e259beae7a9e226203955|02|so"; nocase; ) # qeed4092022fd6437b3ab7e9f6120948b4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qeed4092022fd6437b3ab7e9f6120948b4|02|to"; nocase; ) # yfb0f1d73915e51c4cd657ba27ddc8024a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yfb0f1d73915e51c4cd657ba27ddc8024a|02|to"; nocase; ) # f2153f49df36f6894502a63cb083be74ae.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2153f49df36f6894502a63cb083be74ae|02|ws"; nocase; ) # kf93cd51e5437f20a5f90cec27ddf076b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf93cd51e5437f20a5f90cec27ddf076b7|02|tk"; nocase; ) # pcc844d3210cf53e71ef3973eb796f3ced.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pcc844d3210cf53e71ef3973eb796f3ced|02|in"; nocase; ) # rb05047f34e9ea04ac61462aaf7bd54e15.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb05047f34e9ea04ac61462aaf7bd54e15|02|cn"; nocase; ) # wf6be75d7ba7d82569f2ac21cbcb05e202.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wf6be75d7ba7d82569f2ac21cbcb05e202|02|to"; nocase; ) # c977a92adead5df9390693cb044908fb08.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c977a92adead5df9390693cb044908fb08|02|cc"; nocase; ) # h141b422ab8229501709ddc22512a0905b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h141b422ab8229501709ddc22512a0905b|02|cn"; nocase; ) # k58de9982879fffff5f79d07b3161516b3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k58de9982879fffff5f79d07b3161516b3|02|cc"; nocase; ) # oad484092ec069acee214d441d48c30ee0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oad484092ec069acee214d441d48c30ee0|02|hk"; nocase; ) # uc7b3cd405ac2e0b5dea3171f9be9ac2e8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc7b3cd405ac2e0b5dea3171f9be9ac2e8|02|to"; nocase; ) # y83aac6027533a6286ce09dec8270df624.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y83aac6027533a6286ce09dec8270df624|02|tk"; nocase; ) # t657f3380768685ed61421142dd10257c4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t657f3380768685ed61421142dd10257c4|02|in"; nocase; ) # bd59923dafa591794339fe032e2fc4e748.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd59923dafa591794339fe032e2fc4e748|02|in"; nocase; ) # cdb236f2aba3bc6ec458705d686de977b2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cdb236f2aba3bc6ec458705d686de977b2|02|hk"; nocase; ) # j48003e49ef130361eb9dbe35115127275.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j48003e49ef130361eb9dbe35115127275|02|in"; nocase; ) # a1b159c5cd75cd987b9f822d728b7b33a7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1b159c5cd75cd987b9f822d728b7b33a7|02|hk"; nocase; ) # b5c6c586f3c4928b2e95a43623fab38830.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5c6c586f3c4928b2e95a43623fab38830|02|cn"; nocase; ) # j79ccc0643915aa200d63288940956d3b4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j79ccc0643915aa200d63288940956d3b4|02|cn"; nocase; ) # lf22623015837f64c5ec9ab586b889aa08.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lf22623015837f64c5ec9ab586b889aa08|02|so"; nocase; ) # pe25995c2b637cdd043ea6aa807305bb73.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe25995c2b637cdd043ea6aa807305bb73|02|in"; nocase; ) # s49e292647b5681a2ea7c00858736c6060.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s49e292647b5681a2ea7c00858736c6060|02|tk"; nocase; ) # u2d5518c041b90bc6b411bb3c71198554b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2d5518c041b90bc6b411bb3c71198554b|02|cc"; nocase; ) # x8028ece02287c36a52144299fbf2a5227.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x8028ece02287c36a52144299fbf2a5227|02|in"; nocase; ) # b1ce6b6b691392bb05745e2ce61e5b6487.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1ce6b6b691392bb05745e2ce61e5b6487|02|so"; nocase; ) # d1c966a23f99e3e4f713437dd09e3d0ac8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d1c966a23f99e3e4f713437dd09e3d0ac8|02|ws"; nocase; ) # je34f3b6c38f80ff94a51688bf2e0b3c65.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|je34f3b6c38f80ff94a51688bf2e0b3c65|02|so"; nocase; ) # m682db9ddde36940ee7733b8b7ba47ec54.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m682db9ddde36940ee7733b8b7ba47ec54|02|to"; nocase; ) # p0cd11be7774def132d9800d4a90aef9c9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0cd11be7774def132d9800d4a90aef9c9|02|cn"; nocase; ) # d4a963f7f5e16fe13dd92350788485c376.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d4a963f7f5e16fe13dd92350788485c376|02|in"; nocase; ) # ea07a95ffa4c55826cfaefde6c9a803011.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea07a95ffa4c55826cfaefde6c9a803011|02|hk"; nocase; ) # hc60f53ffeeea13ef0627962f6e731942b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc60f53ffeeea13ef0627962f6e731942b|02|so"; nocase; ) # kd071e6d884c1ea26225b5c18c9f636917.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd071e6d884c1ea26225b5c18c9f636917|02|to"; nocase; ) # m19e045713d4af5a9b44a9f2b17a027257.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m19e045713d4af5a9b44a9f2b17a027257|02|hk"; nocase; ) # r325c6a2bc03a338be5fdf57505c80635c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r325c6a2bc03a338be5fdf57505c80635c|02|ws"; nocase; ) # t7d22a31d43cdc9d23b5790773e829dca5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t7d22a31d43cdc9d23b5790773e829dca5|02|in"; nocase; ) # vc640eba4ff8d1eade92d80327e84c384a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vc640eba4ff8d1eade92d80327e84c384a|02|cn"; nocase; ) # l42793a828d5d3931c1a579e50f1aadc99.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l42793a828d5d3931c1a579e50f1aadc99|02|cn"; nocase; ) # w46a6dff503733efd796555d681ad2f170.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w46a6dff503733efd796555d681ad2f170|02|cc"; nocase; ) # z7d453c27d3f415148f64aeef4e7992193.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z7d453c27d3f415148f64aeef4e7992193|02|in"; nocase; ) # i9f79d00dcd3d95c352d8b83eaafe12d11.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i9f79d00dcd3d95c352d8b83eaafe12d11|02|hk"; nocase; ) # l975f0d9bd549966f7b2d436ec4adb675f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l975f0d9bd549966f7b2d436ec4adb675f|02|so"; nocase; ) # a4b1c891a65a16be356a49df6b7bef6d95.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4b1c891a65a16be356a49df6b7bef6d95|02|cc"; nocase; ) # ca4b70209a3bd1c8ce0faa16458d1c3c7f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca4b70209a3bd1c8ce0faa16458d1c3c7f|02|to"; nocase; ) # e19aeb7cb011e9d7ca9fdd6fb7e82cfd6f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e19aeb7cb011e9d7ca9fdd6fb7e82cfd6f|02|hk"; nocase; ) # l6c0ee495ee7c84c30e13b842f7df61821.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6c0ee495ee7c84c30e13b842f7df61821|02|in"; nocase; ) # nb4730114b4390609f21283d590531976c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb4730114b4390609f21283d590531976c|02|cn"; nocase; ) # q5868360a61367a0f74145439ac6f1c9e1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5868360a61367a0f74145439ac6f1c9e1|02|cc"; nocase; ) # x891a2cab2e1f9d90fff014911a08812ae.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x891a2cab2e1f9d90fff014911a08812ae|02|so"; nocase; ) # b05c79a886ea6abfb67abda749e2f2ceec.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b05c79a886ea6abfb67abda749e2f2ceec|02|in"; nocase; ) # i5645326db0895d1a498392d0cb7ca17e4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5645326db0895d1a498392d0cb7ca17e4|02|to"; nocase; ) # obb55c2a2528af410e0bf4637ddcf5f075.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obb55c2a2528af410e0bf4637ddcf5f075|02|cc"; nocase; ) # x1190274cb391790fe7853cc20bd3b0966.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1190274cb391790fe7853cc20bd3b0966|02|ws"; nocase; ) # cdccf40b481438e8ccfb0f1806a0ec82b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cdccf40b481438e8ccfb0f1806a0ec82b7|02|tk"; nocase; ) # k656f65d848363591948b28a31fae16e4e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k656f65d848363591948b28a31fae16e4e|02|tk"; nocase; ) # l8dc689b50f8ffed84730b9d89da2208dd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8dc689b50f8ffed84730b9d89da2208dd|02|so"; nocase; ) # nbb699a856ec559383f3ecf30542144fb3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nbb699a856ec559383f3ecf30542144fb3|02|ws"; nocase; ) # sc636e5e9d8cb98faf746a0d7e7e7aca17.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sc636e5e9d8cb98faf746a0d7e7e7aca17|02|tk"; nocase; ) # uf393f970fa2c973d26e884668aa738db3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf393f970fa2c973d26e884668aa738db3|02|cc"; nocase; ) # wec79b76b1a6fb9f4787dce202bb085864.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wec79b76b1a6fb9f4787dce202bb085864|02|to"; nocase; ) # ec070f9029db4c27c44591b2ab69eade58.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec070f9029db4c27c44591b2ab69eade58|02|to"; nocase; ) # h04a9a959af1380adaf6c2902865c89112.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h04a9a959af1380adaf6c2902865c89112|02|cn"; nocase; ) # af4b5577a9ffbaee3cd8c8837d1f30edff.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af4b5577a9ffbaee3cd8c8837d1f30edff|02|cc"; nocase; ) # ic70899c0261bdfa05b2db140c61e5e1fc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ic70899c0261bdfa05b2db140c61e5e1fc|02|cc"; nocase; ) # j1905604e7c394f349f432f47141c1fdf1.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1905604e7c394f349f432f47141c1fdf1|02|ws"; nocase; ) # l6364c0ef47d349034a81741ffc292cc68.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6364c0ef47d349034a81741ffc292cc68|02|in"; nocase; ) # n083defdfed90c8cb33445ed10d48ba73c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n083defdfed90c8cb33445ed10d48ba73c|02|cn"; nocase; ) # u3c33f6c94e81734c31336f861ef45bf48.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3c33f6c94e81734c31336f861ef45bf48|02|hk"; nocase; ) # vff80128ae6b14efee7471793eadeaf8e9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vff80128ae6b14efee7471793eadeaf8e9|02|cn"; nocase; ) # w57d4e58c911d246d3e0f2199887b74cae.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w57d4e58c911d246d3e0f2199887b74cae|02|tk"; nocase; ) # a6f821fb5e8e09de30a8f2b17abb73c324.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a6f821fb5e8e09de30a8f2b17abb73c324|02|to"; nocase; ) # gd843565420fed686fbd3cb095552a352c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd843565420fed686fbd3cb095552a352c|02|cc"; nocase; ) # i21783260d4ab79cfbcc5ef02e0bacad6f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i21783260d4ab79cfbcc5ef02e0bacad6f|02|to"; nocase; ) # m86a021be51342040cb95a838c891eb7c8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m86a021be51342040cb95a838c891eb7c8|02|tk"; nocase; ) # q137fa155a25d3c76259834c4fae5c2287.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q137fa155a25d3c76259834c4fae5c2287|02|to"; nocase; ) # v5c867c7562c6c638077b8ec6f9e8e2582.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v5c867c7562c6c638077b8ec6f9e8e2582|02|so"; nocase; ) # wf05fff0a4cc56dfbe788c8cae22ff8dc0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wf05fff0a4cc56dfbe788c8cae22ff8dc0|02|cc"; nocase; ) # b804b0712bf4908d485526f69f922d76f7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b804b0712bf4908d485526f69f922d76f7|02|cn"; nocase; ) # pc39cbaec8ae1306756077ae6482708021.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc39cbaec8ae1306756077ae6482708021|02|in"; nocase; ) # s8f6c7fdcb23602f47f5fb62f4b1bc2ab4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8f6c7fdcb23602f47f5fb62f4b1bc2ab4|02|tk"; nocase; ) # u46111fb6095a65131ce5a77486604189f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u46111fb6095a65131ce5a77486604189f|02|cc"; nocase; ) # w1db97b443807e7a7eec807e5d35c97b57.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1db97b443807e7a7eec807e5d35c97b57|02|to"; nocase; ) # ace2c331e1aee0098a4e8c9dbd7c761a39.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ace2c331e1aee0098a4e8c9dbd7c761a39|02|tk"; nocase; ) # d8ad9221f840927256ea7c7a037ba79f81.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8ad9221f840927256ea7c7a037ba79f81|02|ws"; nocase; ) # ndb39d8cb203f09c054e0072c53de14221.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ndb39d8cb203f09c054e0072c53de14221|02|in"; nocase; ) # t65a055f3019e5f2e222f4b9812e4c8f3d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t65a055f3019e5f2e222f4b9812e4c8f3d|02|ws"; nocase; ) # w168fe3ff3d3777c988fd8b9dc5b57bc7a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w168fe3ff3d3777c988fd8b9dc5b57bc7a|02|hk"; nocase; ) # z6495d9e9e4d3a49762209de8ec17b2271.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6495d9e9e4d3a49762209de8ec17b2271|02|so"; nocase; ) # k139483d6af37ba424d9cf7fe22eba0b5f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k139483d6af37ba424d9cf7fe22eba0b5f|02|to"; nocase; ) # l55903b9af0e1a1db1b65ca17efb6c06cc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l55903b9af0e1a1db1b65ca17efb6c06cc|02|in"; nocase; ) # t39f58d8d7b214b6791e37ba19d0eb4d92.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t39f58d8d7b214b6791e37ba19d0eb4d92|02|in"; nocase; ) # b13f0fe4b475c3f431e78efef08c93a507.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b13f0fe4b475c3f431e78efef08c93a507|02|in"; nocase; ) # h02d0e8ae355a6f1464d5fbf25459f0e96.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h02d0e8ae355a6f1464d5fbf25459f0e96|02|ws"; nocase; ) # t9f97281879396968ae3cb6e0397153a5b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9f97281879396968ae3cb6e0397153a5b|02|cn"; nocase; ) # y8958e760e93b2e49bf5603876d876ab74.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8958e760e93b2e49bf5603876d876ab74|02|to"; nocase; ) # ac5564ffc79f212e987ba32d650a058c04.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ac5564ffc79f212e987ba32d650a058c04|02|hk"; nocase; ) # off91193d174b28aa5c7d30012a9d4e678.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|off91193d174b28aa5c7d30012a9d4e678|02|to"; nocase; ) # p9425dc2c2f14226eb4776f7c87b5f39e9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p9425dc2c2f14226eb4776f7c87b5f39e9|02|in"; nocase; ) # r2a20ae8c5f7150ac20a957c8ba81c090c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2a20ae8c5f7150ac20a957c8ba81c090c|02|cn"; nocase; ) # tb22e02ce96e3838c9d8db7d3aa374c094.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb22e02ce96e3838c9d8db7d3aa374c094|02|so"; nocase; ) # a53bc1b1886f4605813168dba37642d260.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a53bc1b1886f4605813168dba37642d260|02|tk"; nocase; ) # ob365c44dcacab703c7aaf8ff8ac13f408.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ob365c44dcacab703c7aaf8ff8ac13f408|02|hk"; nocase; ) # s52b57d990a9cb8c71a4d51f7cce8d8dbb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s52b57d990a9cb8c71a4d51f7cce8d8dbb|02|cc"; nocase; ) # t0de6754b7f338bed6b5c2d7e43c08e3de.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t0de6754b7f338bed6b5c2d7e43c08e3de|02|ws"; nocase; ) # ufbebb2c0d3f9b4513a8b17ad04219b198.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ufbebb2c0d3f9b4513a8b17ad04219b198|02|to"; nocase; ) # n0267e2f10f3e10d8204685cd6731c924a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n0267e2f10f3e10d8204685cd6731c924a|02|cn"; nocase; ) # p19db9eb8ac14fc451fa640f959da517ea.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p19db9eb8ac14fc451fa640f959da517ea|02|so"; nocase; ) # rb336601766b18d8ffb2247d4a77ac3345.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb336601766b18d8ffb2247d4a77ac3345|02|ws"; nocase; ) # uc789f241da40b9ddfbddb8af9f7c582c6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc789f241da40b9ddfbddb8af9f7c582c6|02|hk"; nocase; ) # ojy6uhs2m4u0303.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014585; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|ojy6uhs2m4u0303|04|ddns|03|net"; nocase; ) # q252w2aj3vy210o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014586; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|q252w2aj3vy210o|04|ddns|03|net"; nocase; ) # or7pcx5t1x36sr3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014587; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|or7pcx5t1x36sr3|04|ddns|03|net"; nocase; ) # s0wx1rcfure4yxmnkde.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014588; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|s0wx1rcfure4yxmnkde|04|ddns|03|net"; nocase; ) # 3j1bonw0adihkxa.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014589; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|3j1bonw0adihkxa|04|ddns|03|net"; nocase; ) # 38q63hi6op7bsn1v1je.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014590; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|38q63hi6op7bsn1v1je|04|ddns|03|net"; nocase; ) # 3jcr7h5t5botari61p70yj7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014591; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|3jcr7h5t5botari61p70yj7|04|ddns|03|net"; nocase; ) # c4w4mp1pmbql7xilw6u21b7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014592; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|c4w4mp1pmbql7xilw6u21b7|04|ddns|03|net"; nocase; ) # tiatacavocsot.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014593; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|tiatacavocsot|04|ddns|03|net"; nocase; ) # uwxcyhpmcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uwxcyhpmcy|03|com"; nocase; ) # jnlaah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jnlaah|03|com"; nocase; ) # cgzwxmjgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cgzwxmjgf|03|com"; nocase; ) # grhjtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|grhjtu|03|net"; nocase; ) # fqkmnubls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fqkmnubls|03|org"; nocase; ) # uizihpbddh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uizihpbddh|03|com"; nocase; ) # qbprglgzsvr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qbprglgzsvr|04|info"; nocase; ) # setnsxx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|setnsxx|04|info"; nocase; ) # cvekzfoqfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cvekzfoqfa|03|com"; nocase; ) # ouyfotdnypl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ouyfotdnypl|03|biz"; nocase; ) # ryuazgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ryuazgi|03|com"; nocase; ) # jgdrrgrvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jgdrrgrvm|04|info"; nocase; ) # auzvccd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|auzvccd|03|com"; nocase; ) # vxruspvy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vxruspvy|04|info"; nocase; ) # ihdypdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ihdypdc|03|com"; nocase; ) # tyhfbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tyhfbm|03|com"; nocase; ) # fhwwhtukoqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fhwwhtukoqq|03|biz"; nocase; ) # pwrwutz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pwrwutz|03|net"; nocase; ) # fkwukjashox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fkwukjashox|03|biz"; nocase; ) # rzhzlwogl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rzhzlwogl|03|com"; nocase; ) # srzdcqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|srzdcqw|03|biz"; nocase; ) # xrfoheo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xrfoheo|03|com"; nocase; ) # epozynsfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|epozynsfm|03|com"; nocase; ) # zwvpih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zwvpih|03|com"; nocase; ) # hltbjlaicau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hltbjlaicau|03|com"; nocase; ) # lgksiatars.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lgksiatars|03|net"; nocase; ) # hzjavj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hzjavj|04|info"; nocase; ) # qjqgyczqzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qjqgyczqzf|04|info"; nocase; ) # esxxtvg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|esxxtvg|04|info"; nocase; ) # ayptszd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ayptszd|04|info"; nocase; ) # blywfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|blywfy|03|com"; nocase; ) # cqkynuugkaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cqkynuugkaq|03|com"; nocase; ) # nrvwuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nrvwuw|03|net"; nocase; ) # wanobwpug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wanobwpug|03|net"; nocase; ) # fqckhydn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fqckhydn|03|com"; nocase; ) # nedpbltvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nedpbltvv|04|info"; nocase; ) # iykxno.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|iykxno|03|biz"; nocase; ) # hvypodg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hvypodg|03|com"; nocase; ) # xcojamt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xcojamt|03|org"; nocase; ) # wgcchueuhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wgcchueuhi|03|com"; nocase; ) # yyriql.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yyriql|03|biz"; nocase; ) # ccwkozxyfjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ccwkozxyfjt|03|org"; nocase; ) # kqiqjq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kqiqjq|03|org"; nocase; ) # nxtfmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nxtfmz|03|org"; nocase; ) # paacvd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|paacvd|04|info"; nocase; ) # qcrymcccb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qcrymcccb|03|com"; nocase; ) # qfxgnjjehb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qfxgnjjehb|03|com"; nocase; ) # yqnmkmorr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yqnmkmorr|03|net"; nocase; ) # nlmipbbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nlmipbbc|03|com"; nocase; ) # rivviqbyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rivviqbyl|04|info"; nocase; ) # yytszxl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yytszxl|04|info"; nocase; ) # tmteojzw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tmteojzw|04|info"; nocase; ) # cnhqusge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cnhqusge|03|com"; nocase; ) # dhmdne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dhmdne|03|biz"; nocase; ) # vwjvidqmo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vwjvidqmo|03|org"; nocase; ) # ylrwrdzrnj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ylrwrdzrnj|03|biz"; nocase; ) # aebpnvyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aebpnvyw|04|info"; nocase; ) # iwcgijhw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|iwcgijhw|03|com"; nocase; ) # mpkhtqowtbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mpkhtqowtbb|03|com"; nocase; ) # hquysikx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hquysikx|03|org"; nocase; ) # rrmddmfzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rrmddmfzj|04|info"; nocase; ) # tiwhkpxi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tiwhkpxi|04|info"; nocase; ) # uizhrquvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uizhrquvv|04|info"; nocase; ) # yptqrfto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yptqrfto|03|net"; nocase; ) # jvljjgrecv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jvljjgrecv|03|com"; nocase; ) # ezttdclccna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ezttdclccna|03|biz"; nocase; ) # wpevyr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wpevyr|04|info"; nocase; ) # xwcirsean.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xwcirsean|03|com"; nocase; ) # fxnxryrohxd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fxnxryrohxd|04|info"; nocase; ) # wgnpop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wgnpop|03|biz"; nocase; ) # zhjnsduktqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zhjnsduktqr|03|biz"; nocase; ) # fzbnjzdpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fzbnjzdpj|03|biz"; nocase; ) # mmtsymmde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mmtsymmde|03|com"; nocase; ) # ykppviyxxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ykppviyxxp|04|info"; nocase; ) # deyqddqcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|deyqddqcg|03|com"; nocase; ) # ojjfbkn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ojjfbkn|03|org"; nocase; ) # wjhkea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wjhkea|03|com"; nocase; ) # pkajpvchpiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pkajpvchpiq|03|com"; nocase; ) # bzixav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bzixav|03|com"; nocase; ) # fbaagi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fbaagi|03|com"; nocase; ) # valvmixvb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|valvmixvb|04|info"; nocase; ) # plxaue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|plxaue|03|net"; nocase; ) # tuchhndljhu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tuchhndljhu|03|com"; nocase; ) # zgzqtqzwqee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zgzqtqzwqee|03|com"; nocase; ) # ajzoqhksmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ajzoqhksmu|03|org"; nocase; ) # vzvinwefdwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vzvinwefdwm|04|info"; nocase; ) # taepjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|taepjg|03|org"; nocase; ) # lhpwjnq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lhpwjnq|03|biz"; nocase; ) # keizfpztjcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|keizfpztjcl|03|com"; nocase; ) # xbydrozhnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xbydrozhnn|03|biz"; nocase; ) # snehgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|snehgk|03|com"; nocase; ) # nikpvxwbfdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nikpvxwbfdp|03|com"; nocase; ) # vvjfrkdvsjq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vvjfrkdvsjq|03|org"; nocase; ) # xavejumcvf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xavejumcvf|04|info"; nocase; ) # edtlqyrvgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|edtlqyrvgv|03|com"; nocase; ) # ndgktakjopy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ndgktakjopy|03|biz"; nocase; ) # qgdjaccwzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qgdjaccwzm|04|info"; nocase; ) # dpdanoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dpdanoc|03|biz"; nocase; ) # tteufnohn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tteufnohn|03|com"; nocase; ) # virhckrait.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|virhckrait|03|com"; nocase; ) # inrsegpekv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|inrsegpekv|03|org"; nocase; ) # kdjhvigfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kdjhvigfn|03|com"; nocase; ) # vdhlji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vdhlji|03|org"; nocase; ) # edhctoqvmo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|edhctoqvmo|03|org"; nocase; ) # kpjisryfqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kpjisryfqc|03|biz"; nocase; ) # ksqhfvinzua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ksqhfvinzua|03|net"; nocase; ) # vmxpuvhzzu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vmxpuvhzzu|04|info"; nocase; ) # xcicudpoeiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xcicudpoeiv|03|com"; nocase; ) # lkvaadgxmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lkvaadgxmq|03|org"; nocase; ) # qvjecr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qvjecr|03|com"; nocase; ) # igogfkzhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|igogfkzhi|03|com"; nocase; ) # czazgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|czazgc|03|com"; nocase; ) # vdzobcwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vdzobcwm|04|info"; nocase; ) # fgqrfeyz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fgqrfeyz|04|info"; nocase; ) # bdeisyly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bdeisyly|03|org"; nocase; ) # fugwzo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fugwzo|04|info"; nocase; ) # ilqjjak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ilqjjak|03|com"; nocase; ) # zbdhdgxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zbdhdgxw|04|info"; nocase; ) # wtqqnvrmfxj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wtqqnvrmfxj|04|info"; nocase; ) # xrdtkqkgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xrdtkqkgd|03|com"; nocase; ) # cgeuvenh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cgeuvenh|03|biz"; nocase; ) # wtwnktttj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wtwnktttj|03|net"; nocase; ) # gxhufrsk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gxhufrsk|03|net"; nocase; ) # uayntgqfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uayntgqfo|03|com"; nocase; ) # suskmntofkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|suskmntofkz|03|org"; nocase; ) # nyjanyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nyjanyn|04|info"; nocase; ) # njhdab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|njhdab|03|com"; nocase; ) # ehceuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ehceuu|03|net"; nocase; ) # ivqhiphoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ivqhiphoc|03|biz"; nocase; ) # cjyfptly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cjyfptly|03|org"; nocase; ) # eegvadomnkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|eegvadomnkt|03|org"; nocase; ) # rekcdrnc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rekcdrnc|03|biz"; nocase; ) # soqgsdhky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|soqgsdhky|03|org"; nocase; ) # rcdjyxbymb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rcdjyxbymb|03|org"; nocase; ) # ragdah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ragdah|03|com"; nocase; ) # ajmqtd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ajmqtd|03|net"; nocase; ) # kpxgxpitvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kpxgxpitvs|04|info"; nocase; ) # ikroopuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ikroopuy|03|net"; nocase; ) # jdpavw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jdpavw|04|info"; nocase; ) # waghlesigri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|waghlesigri|03|net"; nocase; ) # jnugegw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jnugegw|03|com"; nocase; ) # dospsbfgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dospsbfgy|03|com"; nocase; ) # fxnwynre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fxnwynre|03|net"; nocase; ) # nfjzqxlhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nfjzqxlhl|03|com"; nocase; ) # tlxpvwlco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tlxpvwlco|03|com"; nocase; ) # kvazrswqjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kvazrswqjf|03|org"; nocase; ) # wuthqyvvwwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wuthqyvvwwh|04|info"; nocase; ) # pijpmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pijpmz|03|org"; nocase; ) # lhhvqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lhhvqn|03|biz"; nocase; ) # texriczrag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|texriczrag|03|com"; nocase; ) # ntrvcfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ntrvcfj|03|com"; nocase; ) # esiahy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|esiahy|03|com"; nocase; ) # zidjyhvxqp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zidjyhvxqp|03|biz"; nocase; ) # fvxlkgyxrkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fvxlkgyxrkv|03|org"; nocase; ) # ytnqclecj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ytnqclecj|03|com"; nocase; ) # pucwyfdlnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pucwyfdlnx|03|biz"; nocase; ) # occjnwqgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|occjnwqgj|03|com"; nocase; ) # biwalpownz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|biwalpownz|03|biz"; nocase; ) # jsiobuah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jsiobuah|03|com"; nocase; ) # ehopsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ehopsc|03|net"; nocase; ) # izuspms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|izuspms|03|org"; nocase; ) # dqlkcks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dqlkcks|03|org"; nocase; ) # cryaohgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cryaohgk|03|com"; nocase; ) # nxtrxxwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nxtrxxwm|04|info"; nocase; ) # etdrrgchat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|etdrrgchat|03|com"; nocase; ) # atafqrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|atafqrp|03|net"; nocase; ) # cjecyjthm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cjecyjthm|03|com"; nocase; ) # dkdxqlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dkdxqlu|03|org"; nocase; ) # giteku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|giteku|03|org"; nocase; ) # ojrqagb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ojrqagb|03|com"; nocase; ) # vqjolrsntt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vqjolrsntt|03|net"; nocase; ) # oiharr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oiharr|03|net"; nocase; ) # duzfkvoap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|duzfkvoap|03|com"; nocase; ) # pkctqmmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pkctqmmq|03|org"; nocase; ) # qvbwcxrrjhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qvbwcxrrjhr|03|com"; nocase; ) # tqhkct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tqhkct|03|com"; nocase; ) # tnjovtpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tnjovtpa|03|biz"; nocase; ) # chpzhrqzl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|chpzhrqzl|04|info"; nocase; ) # xqwfbmhj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xqwfbmhj|03|com"; nocase; ) # qarduexasjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qarduexasjm|03|org"; nocase; ) # xwpdloj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xwpdloj|03|biz"; nocase; ) # gleijeudta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gleijeudta|03|net"; nocase; ) # peoqrxmmnuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|peoqrxmmnuo|03|net"; nocase; ) # cpmjmcopulx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cpmjmcopulx|03|org"; nocase; ) # vdczeujfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vdczeujfm|03|com"; nocase; ) # rrrjqyybfmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rrrjqyybfmu|03|org"; nocase; ) # nikxkaexa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nikxkaexa|04|info"; nocase; ) # gglxotwttrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gglxotwttrz|03|net"; nocase; ) # zgnhewyi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zgnhewyi|04|info"; nocase; ) # wauyjlnyisb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wauyjlnyisb|03|net"; nocase; ) # fxawidino.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fxawidino|03|biz"; nocase; ) # cugbjvzkfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cugbjvzkfm|03|com"; nocase; ) # pfemmkftzg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pfemmkftzg|04|info"; nocase; ) # gmywmc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gmywmc|03|org"; nocase; ) # tvmdap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tvmdap|03|com"; nocase; ) # dyihbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dyihbt|03|com"; nocase; ) # jhffvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jhffvh|04|info"; nocase; ) # yxshqyxyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yxshqyxyl|04|info"; nocase; ) # tnzhrcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tnzhrcu|03|com"; nocase; ) # vgxsxeaglqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014793; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vgxsxeaglqt|03|biz"; nocase; ) # ewzutz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014794; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ewzutz|03|net"; nocase; ) # fmabnfbmaccdbble.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014795; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fmabnfbmaccdbble|03|com"; nocase; ) # cccmmaaalbflmcob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014796; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cccmmaaalbflmcob|03|com"; nocase; ) # adddfkaamnmbnbem.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014797; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|adddfkaamnmbnbem|03|org"; nocase; ) # bnflaafcfldcokdd.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014798; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bnflaafcfldcokdd|02|co"; nocase; ) # fecamlcocbccomba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014799; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fecamlcocbccomba|03|com"; nocase; ) # okalaabbmmlfoffe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014800; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|okalaabbmmlfoffe|03|org"; nocase; ) # occfdfolbmccboad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014801; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|occfdfolbmccboad|03|com"; nocase; ) # anfbdlacfmabkmoe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014802; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|anfbdlacfmabkmoe|03|com"; nocase; ) # fkbaedoekbkcnbcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014803; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fkbaedoekbkcnbcn|03|com"; nocase; ) # fblmklcdadadfaaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014804; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fblmklcdadadfaaa|03|com"; nocase; ) # afflmfcacecbafll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014805; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|afflmfcacecbafll|03|org"; nocase; ) # fdenboobkbfocedf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014806; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdenboobkbfocedf|03|com"; nocase; ) # lfemefcknodcbend.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014807; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lfemefcknodcbend|03|com"; nocase; ) # fcbodbobdmobcmkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014808; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcbodbobdmobcmkm|03|com"; nocase; ) # afldfebfdfkocdnf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014809; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|afldfebfdfkocdnf|03|com"; nocase; ) # bcbafckmknnbobnd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014810; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bcbafckmknnbobnd|03|com"; nocase; ) # cdbflbkfekamafkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014811; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdbflbkfekamafkd|03|com"; nocase; ) # mkmbbdccbndodoed.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014812; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mkmbbdccbndodoed|02|de"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # lmdolckofdbenfmc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014813; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lmdolckofdbenfmc|03|net"; nocase; ) # cacdaoecaflnncbk.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014814; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cacdaoecaflnncbk|06|online"; nocase; ) # htjsue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014815; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|htjsue|03|com"; nocase; ) # iqamse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014816; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iqamse|03|com"; nocase; ) # kfjhuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014817; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kfjhuo|03|com"; nocase; ) # jswcrq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014818; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|jswcrq|03|com"; nocase; ) # ctyzhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014819; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ctyzhm|03|com"; nocase; ) # bidack.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014820; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bidack|03|com"; nocase; ) # atpcfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014821; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|atpcfu|03|com"; nocase; ) # fueraw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014822; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fueraw|03|com"; nocase; ) # fjpydy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014823; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fjpydy|03|com"; nocase; ) # ilcpee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014824; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ilcpee|03|com"; nocase; ) # cfflqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014825; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cfflqx|03|com"; nocase; ) # uiihyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014826; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uiihyu|03|com"; nocase; ) # tcihhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014827; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tcihhd|03|com"; nocase; ) # gsslre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014828; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gsslre|03|com"; nocase; ) # uiiloy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014829; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uiiloy|03|com"; nocase; ) # umsgdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014830; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|umsgdy|03|com"; nocase; ) # zmekni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014831; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zmekni|03|com"; nocase; ) # oflofv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014832; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oflofv|03|com"; nocase; ) # duuewj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014833; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|duuewj|03|com"; nocase; ) # zrplzh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014834; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zrplzh|03|com"; nocase; ) # eeevyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014835; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eeevyj|03|com"; nocase; ) # qrqmqe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014836; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qrqmqe|03|com"; nocase; ) # quravjkhxhqfh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014837; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|quravjkhxhqfh|03|biz"; nocase; ) # nofbdqpgpmhog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014838; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nofbdqpgpmhog|03|biz"; nocase; ) # ciltoctjuibyw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014839; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ciltoctjuibyw|02|co|02|uk"; nocase; ) # deawmsfamhcnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014840; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|deawmsfamhcnc|03|net"; nocase; ) # ffprgcnypjikj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014841; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ffprgcnypjikj|02|ru"; nocase; ) # avlbpboldkguent.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014842; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|avlbpboldkguent|03|com"; nocase; ) # uijchvrftdcbjkm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014843; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uijchvrftdcbjkm|04|info"; nocase; ) # abcjsqsmhlvhxuc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014844; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|abcjsqsmhlvhxuc|04|info"; nocase; ) # cgmqxggwxwbivfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014845; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cgmqxggwxwbivfl|03|net"; nocase; ) # pknubbmyksoufko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014846; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pknubbmyksoufko|03|biz"; nocase; ) # rdhvmexsivnvjkq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014847; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rdhvmexsivnvjkq|03|org"; nocase; ) # onyoojxyrjrewgd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014848; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|onyoojxyrjrewgd|04|info"; nocase; ) # pdaajecgerhmxok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014849; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pdaajecgerhmxok|03|com"; nocase; ) # cjynmfpybbgsmub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014850; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cjynmfpybbgsmub|03|net"; nocase; ) # ubpkatnoifjwakk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014851; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ubpkatnoifjwakk|04|info"; nocase; ) # oqnamujtusjdawb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014852; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oqnamujtusjdawb|02|co|02|uk"; nocase; ) # pgwvwjakbhieyyb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014853; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pgwvwjakbhieyyb|04|info"; nocase; ) # qvxhreernpxmaom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014854; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qvxhreernpxmaom|03|com"; nocase; ) # aeexwyweneuiwcj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014855; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aeexwyweneuiwcj|04|info"; nocase; ) # ecignefjgjolwnh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014856; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ecignefjgjolwnh|02|ru"; nocase; ) # fkscntshublynii.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014857; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fkscntshublynii|02|co|02|uk"; nocase; ) # qxrburejcrginai.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014858; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qxrburejcrginai|04|info"; nocase; ) # rlmovjrwkppuooi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014859; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rlmovjrwkppuooi|03|com"; nocase; ) # wrbsmenarmglqmi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014860; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wrbsmenarmglqmi|04|info"; nocase; ) # ovggdyufyaowonb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014861; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ovggdyufyaowonb|03|net"; nocase; ) # qbqnioippltxvoc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014862; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qbqnioippltxvoc|02|ru"; nocase; ) # stkotedkrfiaovi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014863; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|stkotedkrfiaovi|02|co|02|uk"; nocase; ) # hwatcyksymuofqw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014864; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hwatcyksymuofqw|04|info"; nocase; ) # gdowcjpjvlrbdmn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014865; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gdowcjpjvlrbdmn|03|biz"; nocase; ) # iiyehydtmwwckyw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014866; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iiyehydtmwwckyw|03|org"; nocase; ) # kbsfsoxooqleobn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014867; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kbsfsoxooqleobn|04|info"; nocase; ) # mgdmxelyfcqfomn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014868; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mgdmxelyfcqfomn|03|net"; nocase; ) # usasauenoprenif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014869; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|usasauenoprenif|03|net"; nocase; ) # votqtqvcxmqjnlh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014870; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|votqtqvcxmqjnlh|02|ru"; nocase; ) # wcoeuijpgkavoah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014871; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wcoeuijpgkavoah|03|org"; nocase; ) # odkrgciaxfpqlxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014872; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|odkrgciaxfpqlxf|03|org"; nocase; ) # pqffhwmhhxhumnq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014873; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pqffhwmhhxhumnq|02|co|02|uk"; nocase; ) # msjtuwjvguiisks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014874; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|msjtuwjvguiisks|03|com"; nocase; ) # eqkadngeuwgkuvn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014875; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eqkadngeuwgkuvn|02|co|02|uk"; nocase; ) # hxqhlqtmmabirnb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014876; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hxqhlqtmmabirnb|03|com"; nocase; ) # mlvydbgpumagsfa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014877; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mlvydbgpumagsfa|02|co|02|uk"; nocase; ) # ytlxrvcbjtrxuay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014878; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ytlxrvcbjtrxuay|03|net"; nocase; ) # pbodrtwfefgvsib.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014879; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pbodrtwfefgvsib|03|org"; nocase; ) # pvxrmaxbhhshpiq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014880; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pvxrmaxbhhshpiq|03|biz"; nocase; ) # pkuimrftkaeivet.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014881; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pkuimrftkaeivet|02|ru"; nocase; ) # miidqbxypfigckj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014882; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|miidqbxypfigckj|03|com"; nocase; ) # myolnkarjvhjpqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014883; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|myolnkarjvhjpqg|03|biz"; nocase; ) # uiwbnvanjvmfpef.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014884; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uiwbnvanjvmfpef|02|ru"; nocase; ) # fjtuqnpinwugkkq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014885; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fjtuqnpinwugkkq|04|info"; nocase; ) # sloutffcrcwtkqd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014886; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sloutffcrcwtkqd|03|com"; nocase; ) # edarteprsytvhww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014887; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|edarteprsytvhww|03|net"; nocase; ) # fqudbvdqwconiwf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014888; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fqudbvdqwconiwf|03|biz"; nocase; ) # fhxrutdpmhijomw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014889; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fhxrutdpmhijomw|02|ru"; nocase; ) # ibeakjxwlenyshj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014890; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ibeakjxwlenyshj|02|co|02|uk"; nocase; ) # akoqyvlfsltrkjf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014891; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|akoqyvlfsltrkjf|03|biz"; nocase; ) # lsuvdmjvvdntcaq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014892; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lsuvdmjvvdntcaq|03|org"; nocase; ) # mgxnahskewfhies.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014893; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mgxnahskewfhies|02|co|02|uk"; nocase; ) # saocbjbrnalitdt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014894; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|saocbjbrnalitdt|02|co|02|uk"; nocase; ) # khwsauujfnlsihv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014895; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khwsauujfnlsihv|04|info"; nocase; ) # llusbepbcerpyop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014896; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|llusbepbcerpyop|03|net"; nocase; ) # mybebafncglmmot.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014897; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mybebafncglmmot|02|ru"; nocase; ) # ycoudahlmygaiis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014898; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ycoudahlmygaiis|03|com"; nocase; ) # psvjftgauvqtybj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014899; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|psvjftgauvqtybj|02|co|02|uk"; nocase; ) # urhiqqgohlnhna.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014900; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|urhiqqgohlnhna|02|ru"; nocase; ) # xrlworrfluqoms.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014901; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xrlworrfluqoms|04|info"; nocase; ) # akapcjjanhvxyu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014902; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|akapcjjanhvxyu|02|ru"; nocase; ) # nobtfepcadjkyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014903; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nobtfepcadjkyj|03|org"; nocase; ) # kysitjpfbwmafv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014904; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kysitjpfbwmafv|04|info"; nocase; ) # lottoetmnfcigl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014905; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lottoetmnfcigl|03|com"; nocase; ) # pgmnrypldofmqx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014906; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pgmnrypldofmqx|02|ru"; nocase; ) # icofpyvyemwqoe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014907; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|icofpyvyemwqoe|04|info"; nocase; ) # jkywciqndjndok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014908; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jkywciqndjndok|03|net"; nocase; ) # bigkmvwkuawbcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bigkmvwkuawbcu|03|com"; nocase; ) # bvmvsjyogodryo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bvmvsjyogodryo|02|co|02|uk"; nocase; ) # qhphemssosporn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qhphemssosporn|02|ru"; nocase; ) # rpayqcgtucoryo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rpayqcgtucoryo|02|co|02|uk"; nocase; ) # wsamkycmlqoyua.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wsamkycmlqoyua|02|ru"; nocase; ) # fsokicnvdbkvpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fsokicnvdbkvpi|03|net"; nocase; ) # jowpdmkuaxoixa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jowpdmkuaxoixa|03|biz"; nocase; ) # mhcgvwcjrikupk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mhcgvwcjrikupk|02|co|02|uk"; nocase; ) # qwpgyywjhtojru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qwpgyywjhtojru|03|org"; nocase; ) # edfvoqcsxherpl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|edfvoqcsxherpl|02|co|02|uk"; nocase; ) # rfaxlirxgqfvpg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rfaxlirxgqfvpg|04|info"; nocase; ) # fhxpxmtkjamhpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fhxpxmtkjamhpo|03|com"; nocase; ) # gpihkvoyiwdtpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gpihkvoyiwdtpu|03|biz"; nocase; ) # iynbjbydueqvby.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iynbjbydueqvby|04|info"; nocase; ) # pdrsjwgfppifpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pdrsjwgfppifpk|03|net"; nocase; ) # dfmugrmhytbrpr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dfmugrmhytbrpr|03|biz"; nocase; ) # ricvbgbgqyuegd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ricvbgbgqyuegd|02|ru"; nocase; ) # vifrdmniytatqc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vifrdmniytatqc|04|info"; nocase; ) # xnpuuvijadmsok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xnpuuvijadmsok|03|net"; nocase; ) # njogwwrhorjqbl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|njogwwrhorjqbl|04|info"; nocase; ) # rytgppqlqdgkbd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rytgppqlqdgkbd|02|ru"; nocase; ) # ocmccjoymtisup.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ocmccjoymtisup|03|biz"; nocase; ) # phtansqbnbljyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|phtansqbnbljyt|03|org"; nocase; ) # qlrvbclpsepvgh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qlrvbclpsepvgh|04|info"; nocase; ) # vhwvoltuhqrtdp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vhwvoltuhqrtdp|03|net"; nocase; ) # vjtsperwctsjxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vjtsperwctsjxr|04|info"; nocase; ) # cjwoqwucvjqcfx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cjwoqwucvjqcfx|02|ru"; nocase; ) # favwibtytfnowu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|favwibtytfnowu|04|info"; nocase; ) # aqpsinqpndkjtk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aqpsinqpndkjtk|03|org"; nocase; ) # egusbsyuvtbetl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|egusbsyuvtbetl|03|net"; nocase; ) # smnoracplnqmtr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|smnoracplnqmtr|03|org"; nocase; ) # emxxdymcfsrpqx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|emxxdymcfsrpqx|02|co|02|uk"; nocase; ) # lcscmfribywpil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lcscmfribywpil|03|net"; nocase; ) # ndqbdufpohhgpp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ndqbdufpohhgpp|02|ru"; nocase; ) # oedqxpvrvswwcp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oedqxpvrvswwcp|03|org"; nocase; ) # qfbpofjyjbhnsv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qfbpofjyjbhnsv|04|info"; nocase; ) # cssbffhbycwlbt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cssbffhbycwlbt|03|biz"; nocase; ) # qadubsclheiakh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qadubsclheiakh|02|co|02|uk"; nocase; ) # eajfqvuvivoiy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eajfqvuvivoiy|02|co|02|uk"; nocase; ) # yosioorsurviy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yosioorsurviy|02|co|02|uk"; nocase; ) # rjbrwgfyysuha.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rjbrwgfyysuha|02|co|02|uk"; nocase; ) # qgvdtyciourap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qgvdtyciourap|03|biz"; nocase; ) # fsheaasmdiulp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fsheaasmdiulp|02|co|02|uk"; nocase; ) # tgkstbvwhqtdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tgkstbvwhqtdb|03|net"; nocase; ) # bqkfxctobldet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bqkfxctobldet|03|com"; nocase; ) # cyubxlogrsqjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cyubxlogrsqjb|03|biz"; nocase; ) # wynrlsptmdepa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wynrlsptmdepa|03|org"; nocase; ) # pvsbjpwliewrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pvsbjpwliewrn|03|com"; nocase; ) # pimneybkrvwgp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pimneybkrvwgp|03|biz"; nocase; ) # sdxfbdgwwkvvo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sdxfbdgwwkvvo|02|co|02|uk"; nocase; ) # xjqqctukqbcsa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xjqqctukqbcsa|04|info"; nocase; ) # ktmenjrtufkub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ktmenjrtufkub|03|net"; nocase; ) # lsidiefnnfvtb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lsidiefnnfvtb|04|info"; nocase; ) # ylomtjpggbpbp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ylomtjpggbpbp|02|ru"; nocase; ) # adefuescneuvv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|adefuescneuvv|03|org"; nocase; ) # djsdjoarptqhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|djsdjoarptqhb|03|com"; nocase; ) # ycopllhtaoiag.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ycopllhtaoiag|04|info"; nocase; ) # mjnmrpynowxly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mjnmrpynowxly|03|com"; nocase; ) # alinlhuawqpri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|alinlhuawqpri|03|net"; nocase; ) # rcsnmrpsyfvnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rcsnmrpsyfvnl|03|biz"; nocase; ) # bovidqsuenntv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bovidqsuenntv|03|com"; nocase; ) # dovnoruvnlwgc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dovnoruvnlwgc|04|info"; nocase; ) # ndbhhoggjnceh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ndbhhoggjnceh|02|ru"; nocase; ) # hnmmxswrwloji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hnmmxswrwloji|03|net"; nocase; ) # idnuvkqxqccdj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|idnuvkqxqccdj|03|biz"; nocase; ) # nfplmsbtiaxva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nfplmsbtiaxva|03|net"; nocase; ) # hxaaakaoniukx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hxaaakaoniukx|03|org"; nocase; ) # ucbdmfmjeppeh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ucbdmfmjeppeh|02|co|02|uk"; nocase; ) # wyhqxivwgooil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wyhqxivwgooil|03|com"; nocase; ) # pqkievakoqqwj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pqkievakoqqwj|02|co|02|uk"; nocase; ) # hhgntmeqxliun.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hhgntmeqxliun|02|ru"; nocase; ) # nimcxffewfebk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nimcxffewfebk|03|com"; nocase; ) # sgouyjaxvbjxl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sgouyjaxvbjxl|03|com"; nocase; ) # tvpdwekbmwljd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tvpdwekbmwljd|03|net"; nocase; ) # uhmxdsuvueapc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uhmxdsuvueapc|03|biz"; nocase; ) # wlagiejhbkitt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wlagiejhbkitt|03|biz"; nocase; ) # bjewxjtskdjaf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bjewxjtskdjaf|04|info"; nocase; ) # olioxqdwhqife.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|olioxqdwhqife|04|info"; nocase; ) # iyyckrtennkaa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iyyckrtennkaa|03|biz"; nocase; ) # tsqusjnocopit.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tsqusjnocopit|02|co|02|uk"; nocase; ) # iecojuottwjlb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iecojuottwjlb|03|net"; nocase; ) # jrwbtpywhaebs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jrwbtpywhaebs|03|biz"; nocase; ) # kvgijawrhgeif.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kvgijawrhgeif|02|co|02|uk"; nocase; ) # nkyxxecstmppe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nkyxxecstmppe|03|net"; nocase; ) # mhclqgaardhl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mhclqgaardhl|03|org"; nocase; ) # qwhtiywxdjdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qwhtiywxdjdi|03|net"; nocase; ) # uamtuqsjcfer.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uamtuqsjcfer|02|co|02|uk"; nocase; ) # quqboogmnsap.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|quqboogmnsap|04|info"; nocase; ) # irkkcfjxlggw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|irkkcfjxlggw|03|com"; nocase; ) # lqqwrpcpydln.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lqqwrpcpydln|02|co|02|uk"; nocase; ) # myboeywexaca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000014999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|myboeywexaca|03|com"; nocase; ) # qahmciyqajsb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qahmciyqajsb|02|co|02|uk"; nocase; ) # eeiridlamvsl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eeiridlamvsl|04|info"; nocase; ) # sfrptrtrbsfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sfrptrtrbsfa|03|com"; nocase; ) # wjmsiasruapf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjmsiasruapf|03|biz"; nocase; ) # aexgrexhibmk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aexgrexhibmk|02|co|02|uk"; nocase; ) # tukcijinlmsb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tukcijinlmsb|04|info"; nocase; ) # jakrthjlvqnp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jakrthjlvqnp|03|com"; nocase; ) # kdkkwepfhrat.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kdkkwepfhrat|02|co|02|uk"; nocase; ) # xhreyhfhcste.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xhreyhfhcste|04|info"; nocase; ) # echpicdajrjk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|echpicdajrjk|02|co|02|uk"; nocase; ) # usxjipaklmjr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|usxjipaklmjr|03|biz"; nocase; ) # jvnundjgxefq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jvnundjgxefq|02|co|02|uk"; nocase; ) # vekbvvbkyqhv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vekbvvbkyqhv|02|ru"; nocase; ) # aixgqrquuvtm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aixgqrquuvtm|04|info"; nocase; ) # nmyjdjmvoxdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nmyjdjmvoxdx|03|com"; nocase; ) # exdoiknsgcpj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|exdoiknsgcpj|02|ru"; nocase; ) # rcerucjtaeyu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rcerucjtaeyu|03|org"; nocase; ) # hwkshndekpqv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hwkshndekpqv|02|co|02|uk"; nocase; ) # skbgriqnofur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|skbgriqnofur|03|com"; nocase; ) # ybenaqbsntbf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ybenaqbsntbf|04|info"; nocase; ) # lumpaooxnieu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lumpaooxnieu|02|ru"; nocase; ) # gjvurfcyxjfn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gjvurfcyxjfn|02|ru"; nocase; ) # spnabnthufnq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|spnabnthufnq|02|co|02|uk"; nocase; ) # griybfpiyexg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|griybfpiyexg|04|info"; nocase; ) # ttlvodhigtbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ttlvodhigtbl|03|com"; nocase; ) # khnhskatxlje.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|khnhskatxlje|02|ru"; nocase; ) # xjqegirtfbmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xjqegirtfbmj|03|org"; nocase; ) # yvy8gpl9t4fyq4qhly1m0w030.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yvy8gpl9t4fyq4qhly1m0w030|03|com"; nocase; ) # 7j53rwtmgdx510br7hl8ltlfp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7j53rwtmgdx510br7hl8ltlfp|03|net"; nocase; ) # aipyna1glt4bb1kva9e01xf4kn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aipyna1glt4bb1kva9e01xf4kn|03|org"; nocase; ) # hjrmxj1ug1ezu1jlxb7lq1d2cf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hjrmxj1ug1ezu1jlxb7lq1d2cf|03|net"; nocase; ) # 1pd6y8tf7i10qzv5u7pbkzq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1pd6y8tf7i10qzv5u7pbkzq|03|net"; nocase; ) # v6ls6v1h9svu81ssvi96gjnb2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v6ls6v1h9svu81ssvi96gjnb2m|03|net"; nocase; ) # 15ig4o41a4yp27kl5279bdksbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ig4o41a4yp27kl5279bdksbw|03|com"; nocase; ) # ut3a8b3k6km0cfjc6r119236w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ut3a8b3k6km0cfjc6r119236w|03|net"; nocase; ) # 6cmzwt1ip2yoq10qp5yb1k7qwmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6cmzwt1ip2yoq10qp5yb1k7qwmb|03|org"; nocase; ) # 1vaixkp2re5foz0l0nu17z2mzh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vaixkp2re5foz0l0nu17z2mzh|03|net"; nocase; ) # 7hgjznl7h11l15ncfb41i964ik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7hgjznl7h11l15ncfb41i964ik|03|com"; nocase; ) # 1l13ebdl8xngj15j53xhneta92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l13ebdl8xngj15j53xhneta92|03|org"; nocase; ) # 10h0ab3tpdqn29i3g5g19z4nh2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10h0ab3tpdqn29i3g5g19z4nh2|03|net"; nocase; ) # f348z11i7rpz71b9mbbpmqyh9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f348z11i7rpz71b9mbbpmqyh9b|03|com"; nocase; ) # h9nmnb11l48in1tprs8l13be3do.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h9nmnb11l48in1tprs8l13be3do|03|biz"; nocase; ) # 1dd77uk1w69s6z1kw6geh1pk2u1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dd77uk1w69s6z1kw6geh1pk2u1s|03|biz"; nocase; ) # 18n6opvm25hpp17ukqk319gpwtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18n6opvm25hpp17ukqk319gpwtt|03|net"; nocase; ) # kekat7625d5le9ge561i7qd9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kekat7625d5le9ge561i7qd9e|03|com"; nocase; ) # 198guow19f8yq71krus5q1qfpm7a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|198guow19f8yq71krus5q1qfpm7a|03|biz"; nocase; ) # 1qusk1mjbyr0k5w837b1w313km.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qusk1mjbyr0k5w837b1w313km|03|org"; nocase; ) # 4gwqks4w9ucg1oo2nrm1kc0fp2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4gwqks4w9ucg1oo2nrm1kc0fp2|03|biz"; nocase; ) # 1grkxpmxwk7rd11z0j5c192ht15.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grkxpmxwk7rd11z0j5c192ht15|03|org"; nocase; ) # 1crcbyx2crs2fhpj0zr1ub4lt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1crcbyx2crs2fhpj0zr1ub4lt2|03|net"; nocase; ) # 1p8e2651waeztc1s9f7iv1jshoxj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p8e2651waeztc1s9f7iv1jshoxj|03|biz"; nocase; ) # me07zukfznv11ifay8y13sce3s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|me07zukfznv11ifay8y13sce3s|03|org"; nocase; ) # 14t26d3qxmlgv1mgn25fjrgc7l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14t26d3qxmlgv1mgn25fjrgc7l|03|com"; nocase; ) # z95lm7p8w7ib16vhnin1ir1uud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z95lm7p8w7ib16vhnin1ir1uud|03|com"; nocase; ) # 8jncvl1uk8umvqth4uq1uh1znj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8jncvl1uk8umvqth4uq1uh1znj|03|org"; nocase; ) # b34weeh642rp198dl8b1o13n45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b34weeh642rp198dl8b1o13n45|03|net"; nocase; ) # 8ah1201kk3e45kq7sz01iscasd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ah1201kk3e45kq7sz01iscasd|03|com"; nocase; ) # 138n817wutj8c1lp3spy1tszxrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|138n817wutj8c1lp3spy1tszxrk|03|net"; nocase; ) # 1wront2v6kv96y1kty7wci629.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wront2v6kv96y1kty7wci629|03|com"; nocase; ) # 9rl58e1w64oxo1cf21f41dazwld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9rl58e1w64oxo1cf21f41dazwld|03|com"; nocase; ) # 21qlnz90y9ze10l5ejivojekv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21qlnz90y9ze10l5ejivojekv|03|org"; nocase; ) # 1tzc54c15xaq6mkfbig38yw232.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzc54c15xaq6mkfbig38yw232|03|biz"; nocase; ) # 7yvirj7klxbt3lzynr1bxtuak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7yvirj7klxbt3lzynr1bxtuak|03|org"; nocase; ) # vtvt9b1dch0j41iued9g2xy6ls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vtvt9b1dch0j41iued9g2xy6ls|03|com"; nocase; ) # 1y4jr8se1xcued5kkw5z8pa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1y4jr8se1xcued5kkw5z8pa|03|org"; nocase; ) # ltgcbqlucgwe1mdkodyw6hgjk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ltgcbqlucgwe1mdkodyw6hgjk|03|com"; nocase; ) # 1necu4innp46b12vsawwbegzju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1necu4innp46b12vsawwbegzju|03|net"; nocase; ) # u0wd5v13eie891tbywtu1fe6xon.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u0wd5v13eie891tbywtu1fe6xon|03|org"; nocase; ) # 1992uefq9a3jyp2nmhe9d0koy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1992uefq9a3jyp2nmhe9d0koy|03|net"; nocase; ) # 13200cbldg6oa3vskq6j5ypi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13200cbldg6oa3vskq6j5ypi7|03|net"; nocase; ) # 1xu1ooa5pz6zhc8fksjak786.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1xu1ooa5pz6zhc8fksjak786|03|net"; nocase; ) # n6pgpb1uji6kcni5viui61mxy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n6pgpb1uji6kcni5viui61mxy|03|com"; nocase; ) # 8wnibwltd0it1ylsjxm1y726gb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8wnibwltd0it1ylsjxm1y726gb|03|com"; nocase; ) # 1orc3a611q881a1ljt2tv1vm2qvm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1orc3a611q881a1ljt2tv1vm2qvm|03|com"; nocase; ) # sa0oijl4ct7uyynvrw11lgk9g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sa0oijl4ct7uyynvrw11lgk9g|03|net"; nocase; ) # 1lbe0qc1dpp1pb1194ph4yaepqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lbe0qc1dpp1pb1194ph4yaepqg|03|org"; nocase; ) # itejsky6r2fvyinogygsfbzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itejsky6r2fvyinogygsfbzw|03|com"; nocase; ) # 1robb65obh6ml1g8mk2411z2acs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1robb65obh6ml1g8mk2411z2acs|03|com"; nocase; ) # ox0j0p1vv831fcjxp86491brh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ox0j0p1vv831fcjxp86491brh|03|net"; nocase; ) # 62cyey1dkaxmq136mwje1k52mms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|62cyey1dkaxmq136mwje1k52mms|03|net"; nocase; ) # 1ycow721mcfz8qpqgedazngfl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ycow721mcfz8qpqgedazngfl0|03|org"; nocase; ) # g5xotw1b2ujbqaown7v7u16hy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g5xotw1b2ujbqaown7v7u16hy|03|org"; nocase; ) # 1txw9s1129ypti8mn2zx1a1nns7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1txw9s1129ypti8mn2zx1a1nns7|03|net"; nocase; ) # 1sv0xl01rt49wq7kyjwv1i2v4o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sv0xl01rt49wq7kyjwv1i2v4o|03|biz"; nocase; ) # 14g1928uerh34dkdcpl1p76c4v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14g1928uerh34dkdcpl1p76c4v|03|org"; nocase; ) # s9y53e1fqnkgcal4wp611chkr8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s9y53e1fqnkgcal4wp611chkr8|03|biz"; nocase; ) # 11tpqaptokdalpug9o11ygcc9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11tpqaptokdalpug9o11ygcc9v|03|net"; nocase; ) # 16bbrrmrhld13v0fzylqa3wv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|16bbrrmrhld13v0fzylqa3wv|03|com"; nocase; ) # 1vhmxd017jyf8g1fctoe76qxag3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vhmxd017jyf8g1fctoe76qxag3|03|org"; nocase; ) # 14rhbqy48kt11wmr3c11gg9y4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14rhbqy48kt11wmr3c11gg9y4c|03|net"; nocase; ) # 5y2rmp4rzqbh2l9ba1if4lsf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5y2rmp4rzqbh2l9ba1if4lsf|03|com"; nocase; ) # 1tynkm1etbm3pnspulr1y72s4r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tynkm1etbm3pnspulr1y72s4r|03|com"; nocase; ) # 1plp5x4kucnon12ugv191mqdbug.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1plp5x4kucnon12ugv191mqdbug|03|org"; nocase; ) # nbep4vkqmihkb0lxw51rzxwun.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nbep4vkqmihkb0lxw51rzxwun|03|org"; nocase; ) # 6r6up1bxktx31y8oylf163at5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6r6up1bxktx31y8oylf163at5c|03|org"; nocase; ) # je466y13ykbn1eumr9dkhzn8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|je466y13ykbn1eumr9dkhzn8r|03|net"; nocase; ) # aoaej1rvynb01xad0r4d1g51h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aoaej1rvynb01xad0r4d1g51h|03|biz"; nocase; ) # 3czq7kwp3c4y1l30nz21rs3klw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3czq7kwp3c4y1l30nz21rs3klw|03|net"; nocase; ) # z313k02zkaj41yjt5kb1akach.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z313k02zkaj41yjt5kb1akach|03|net"; nocase; ) # a6qdylyn29wt1fqsjf112vd6uc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a6qdylyn29wt1fqsjf112vd6uc|03|net"; nocase; ) # 1kqdo7t1vhpkhr19608zm13fwn2f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kqdo7t1vhpkhr19608zm13fwn2f|03|biz"; nocase; ) # 1el78q51djahd31shiet391uanx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1el78q51djahd31shiet391uanx|03|org"; nocase; ) # 1isqip5qkld5l15y5kaa25g11d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1isqip5qkld5l15y5kaa25g11d|03|net"; nocase; ) # 1vk6ea31fgx46f13i6l7b11bodj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vk6ea31fgx46f13i6l7b11bodj|03|org"; nocase; ) # 1cjm1n11nydmj414s3s4jdtwuva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjm1n11nydmj414s3s4jdtwuva|03|net"; nocase; ) # 1btlq65yt2gab1cvcsizpodjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1btlq65yt2gab1cvcsizpodjw|03|org"; nocase; ) # uvf3vk8ftoyf1t1x0f4rfdja9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvf3vk8ftoyf1t1x0f4rfdja9|03|net"; nocase; ) # 5l0ij911n58fr1c59rz14o2q8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5l0ij911n58fr1c59rz14o2q8n|03|biz"; nocase; ) # 1c6phgq17xim691cxt9zk18iuxwf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c6phgq17xim691cxt9zk18iuxwf|03|org"; nocase; ) # 1e2gjdz1945nb71y8nj881bp5fcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e2gjdz1945nb71y8nj881bp5fcn|03|com"; nocase; ) # 1k75kqf1aps3a87gf81i63mts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k75kqf1aps3a87gf81i63mts|03|net"; nocase; ) # mn3q6c17qhjwv1379u0v1vg02wm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mn3q6c17qhjwv1379u0v1vg02wm|03|org"; nocase; ) # 1dy3t7a1k8n0pxko7zgs1ef3lbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dy3t7a1k8n0pxko7zgs1ef3lbj|03|org"; nocase; ) # l4d45p1398xjj1ye67ej57ka2k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l4d45p1398xjj1ye67ej57ka2k|03|com"; nocase; ) # 1t9wi9d1c52o5g8ez6i6b3lsgh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t9wi9d1c52o5g8ez6i6b3lsgh|03|org"; nocase; ) # lg41ct7cqq041j6dtoyo923r1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lg41ct7cqq041j6dtoyo923r1|03|com"; nocase; ) # 14vd390qlclm7wb6sugry6ext.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14vd390qlclm7wb6sugry6ext|03|org"; nocase; ) # 1k2f9fh1d2n8bknv7obr1ld9sz7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k2f9fh1d2n8bknv7obr1ld9sz7|03|org"; nocase; ) # 1oxwzi21oor74l1d9odj4ghuigh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oxwzi21oor74l1d9odj4ghuigh|03|org"; nocase; ) # 1h3aobmunqo9c1quv3t5959hv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h3aobmunqo9c1quv3t5959hv|03|biz"; nocase; ) # 1vv09p79iy7bp1tzyhu0t7n9zp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vv09p79iy7bp1tzyhu0t7n9zp|03|net"; nocase; ) # wz1vohlo0bxh15821du2f7y4h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wz1vohlo0bxh15821du2f7y4h|03|com"; nocase; ) # cfzad3ul1udy1d2m2721784okm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cfzad3ul1udy1d2m2721784okm|03|net"; nocase; ) # 1shqh9j1uyllj8pnfv4yrdvv9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1shqh9j1uyllj8pnfv4yrdvv9e|03|com"; nocase; ) # 1rvycyt18i1l5z1jt9pxw1cup6y3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rvycyt18i1l5z1jt9pxw1cup6y3|03|biz"; nocase; ) # hpdkf1c02k60wdtjk71da03g4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hpdkf1c02k60wdtjk71da03g4|03|com"; nocase; ) # 18icnxw1bj6zx1wn7d6u1hk7dg6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18icnxw1bj6zx1wn7d6u1hk7dg6|03|org"; nocase; ) # j2cx1j1j1mlzu1awrhyff5oeqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2cx1j1j1mlzu1awrhyff5oeqy|03|net"; nocase; ) # 5k9von1xahq941817s4b18xfyay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5k9von1xahq941817s4b18xfyay|03|org"; nocase; ) # 17tixmf1iv2u0km463hk1tpedws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tixmf1iv2u0km463hk1tpedws|03|net"; nocase; ) # 1utmfjk1ft86jr7w0wrh12wuk8u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1utmfjk1ft86jr7w0wrh12wuk8u|03|org"; nocase; ) # uvafli18pj2ax193ngi3il6h45.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uvafli18pj2ax193ngi3il6h45|03|biz"; nocase; ) # 1uc6g5r41owxgcq8xhg1a4i9h1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uc6g5r41owxgcq8xhg1a4i9h1|03|org"; nocase; ) # 2mmck41vg9d8w1vxeqv01p9ru8p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2mmck41vg9d8w1vxeqv01p9ru8p|03|com"; nocase; ) # 50uol417jzkzk139ozx7tdhf5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50uol417jzkzk139ozx7tdhf5|03|com"; nocase; ) # 107twfu16wpv8v1w4uakhfgzv30.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107twfu16wpv8v1w4uakhfgzv30|03|org"; nocase; ) # 1mb3q1d1y8iht01dudsj5hk18o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mb3q1d1y8iht01dudsj5hk18o|03|org"; nocase; ) # xagvbrgjiq1xtpu6xdz99aaw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xagvbrgjiq1xtpu6xdz99aaw|03|biz"; nocase; ) # 1pc5hken8dlbk1gv47ie8zr9rc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pc5hken8dlbk1gv47ie8zr9rc|03|net"; nocase; ) # 19ynpane40q66irxkyadvin16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ynpane40q66irxkyadvin16|03|com"; nocase; ) # 1ncfi11wlueq51t539ur1ggpxrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ncfi11wlueq51t539ur1ggpxrk|03|net"; nocase; ) # 1x9c4o81nipoo41khkfau1c1bur9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x9c4o81nipoo41khkfau1c1bur9|03|net"; nocase; ) # 1owoy4v1xpvr4m1mqgd4e19h595a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1owoy4v1xpvr4m1mqgd4e19h595a|03|org"; nocase; ) # 1g6mspy1qsgyjwg9q3jg1gm0nxv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g6mspy1qsgyjwg9q3jg1gm0nxv|03|com"; nocase; ) # sx0l1v12vxlx51jg0zx613zzw8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sx0l1v12vxlx51jg0zx613zzw8v|03|org"; nocase; ) # 18gz5ew6geq9gf1xaot16ll9tf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18gz5ew6geq9gf1xaot16ll9tf|03|com"; nocase; ) # pesxpg1tj8srduxk5by8uoyel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pesxpg1tj8srduxk5by8uoyel|03|net"; nocase; ) # 3ytsdd171igxy1ea6imh1xq0y63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3ytsdd171igxy1ea6imh1xq0y63|03|com"; nocase; ) # 1du3oqvoj1jn2ic76opoqhx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1du3oqvoj1jn2ic76opoqhx2|03|org"; nocase; ) # 1pb1zqc1a8xlyqk8yd7k4uh0na.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pb1zqc1a8xlyqk8yd7k4uh0na|03|net"; nocase; ) # 1criqj3h5mkw39mpvcdhgc92v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1criqj3h5mkw39mpvcdhgc92v|03|com"; nocase; ) # j2cgixkv8brn1eczsdxgvn411.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j2cgixkv8brn1eczsdxgvn411|03|com"; nocase; ) # kbu4911q0h0h13npikp437dy8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kbu4911q0h0h13npikp437dy8|03|biz"; nocase; ) # p6jdano7mmbuczy7xfl8mvho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p6jdano7mmbuczy7xfl8mvho|03|net"; nocase; ) # dz3vjbhys8dg1464brhdsh7zz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dz3vjbhys8dg1464brhdsh7zz|03|org"; nocase; ) # 12rkjwn1d27io39s01oy1wsh4ja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12rkjwn1d27io39s01oy1wsh4ja|03|com"; nocase; ) # rediw31mxvzpc1xzahx45yzxa9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rediw31mxvzpc1xzahx45yzxa9|03|biz"; nocase; ) # x1bc8sw0gmgo106qo3816pumfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1bc8sw0gmgo106qo3816pumfh|03|org"; nocase; ) # 12fmjzr2r1gk84x4blg1vhnt6z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12fmjzr2r1gk84x4blg1vhnt6z|03|org"; nocase; ) # scvcew133rxt81uwqv5g12ke4bi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|scvcew133rxt81uwqv5g12ke4bi|03|net"; nocase; ) # v8k0wp1lq7um31krkrpo7msnl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8k0wp1lq7um31krkrpo7msnl3|03|org"; nocase; ) # 870zxe1gtgog61dkg1xf1idy44d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|870zxe1gtgog61dkg1xf1idy44d|03|net"; nocase; ) # k090l0xm35hol2en9opq1bcu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k090l0xm35hol2en9opq1bcu|03|org"; nocase; ) # 8btopz4ubn2uretohqhnr4f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8btopz4ubn2uretohqhnr4f2|03|net"; nocase; ) # 1tv2espwda5661v6xad91ou7xr6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tv2espwda5661v6xad91ou7xr6|03|org"; nocase; ) # 1qbjvlbrix5na16z3c751ft1buo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qbjvlbrix5na16z3c751ft1buo|03|net"; nocase; ) # az81coynzd1ynu960s1ll64c3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|az81coynzd1ynu960s1ll64c3|03|org"; nocase; ) # pcukpr1c024nus8ad61s8bpcs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pcukpr1c024nus8ad61s8bpcs|03|org"; nocase; ) # 1yh12eb1bv53c213lfl2rxbvva6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yh12eb1bv53c213lfl2rxbvva6|03|biz"; nocase; ) # 1p14v8d2jonnowrcsjr169cpip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p14v8d2jonnowrcsjr169cpip|03|org"; nocase; ) # 1mnmih511ocpo7jph9a21j1kvnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnmih511ocpo7jph9a21j1kvnc|03|net"; nocase; ) # 897p7k1piqd611rkmhms19by4i7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|897p7k1piqd611rkmhms19by4i7|03|com"; nocase; ) # d1n61s1496ost1ragh78yzomiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d1n61s1496ost1ragh78yzomiz|03|org"; nocase; ) # 1l4krmh16ea82rqkm0vt1kkaduc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4krmh16ea82rqkm0vt1kkaduc|03|net"; nocase; ) # 126kffc31r0m8nou853r9vej6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|126kffc31r0m8nou853r9vej6|03|net"; nocase; ) # nsmvl21y0x0dj11sri1ynwx8mt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nsmvl21y0x0dj11sri1ynwx8mt|03|org"; nocase; ) # b8zip41hrwsyw9iaj4pnsjuzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b8zip41hrwsyw9iaj4pnsjuzm|03|net"; nocase; ) # ahsrwxlad5ox1n4j3b96mjaeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ahsrwxlad5ox1n4j3b96mjaeo|03|com"; nocase; ) # 1iudfo914tl8p31yartnk15o0yro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iudfo914tl8p31yartnk15o0yro|03|net"; nocase; ) # 1vx81a8v376s28sig74ib6d1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vx81a8v376s28sig74ib6d1b|03|org"; nocase; ) # 1mqt1sx6c3fy1xgdu2012v8hn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqt1sx6c3fy1xgdu2012v8hn8|03|com"; nocase; ) # 1etskq510uas0s3jrtol1gp5mww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1etskq510uas0s3jrtol1gp5mww|03|net"; nocase; ) # 9hrta61ngkxi81o5nyj31062f01.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9hrta61ngkxi81o5nyj31062f01|03|net"; nocase; ) # 1mz3f8f14qsce7x2zito6x8wb6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mz3f8f14qsce7x2zito6x8wb6|03|org"; nocase; ) # 1mfybh8qmsx8h1f6ily21h5igj6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mfybh8qmsx8h1f6ily21h5igj6|03|com"; nocase; ) # 1yf9f1a1bcrwg21cewnfc1oey60m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yf9f1a1bcrwg21cewnfc1oey60m|03|com"; nocase; ) # rvjmt8xq1kz51xzhl1g1js3jb0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rvjmt8xq1kz51xzhl1g1js3jb0|03|biz"; nocase; ) # 1hpoixnsbwbn51jpr4vv2gqsh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hpoixnsbwbn51jpr4vv2gqsh4|03|net"; nocase; ) # 3dq50cdn2l2ams9lw5snd87i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3dq50cdn2l2ams9lw5snd87i|03|net"; nocase; ) # 1tkw1eiwsh8ul1epsxy1rgzk2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tkw1eiwsh8ul1epsxy1rgzk2n|03|org"; nocase; ) # x9urmtfs61s2g6ioc1uupuso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x9urmtfs61s2g6ioc1uupuso|03|net"; nocase; ) # 10ry817uu1fhvp4n8r71090cst.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ry817uu1fhvp4n8r71090cst|03|com"; nocase; ) # 604ly0fyenmoheo9917x74p4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|604ly0fyenmoheo9917x74p4|03|net"; nocase; ) # 1kk3cdr1w6nglf8lzk2d87514q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kk3cdr1w6nglf8lzk2d87514q|03|net"; nocase; ) # iwfayp1uo06p0wspivjaaqeue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwfayp1uo06p0wspivjaaqeue|03|org"; nocase; ) # lpr6ec1q4ykhule0z2575417f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lpr6ec1q4ykhule0z2575417f|03|net"; nocase; ) # 13paix1caw7m01q0og7p1qtk5zn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13paix1caw7m01q0og7p1qtk5zn|03|com"; nocase; ) # 15xj56v16j737t1t73jq1lclqyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15xj56v16j737t1t73jq1lclqyv|03|net"; nocase; ) # p3lkup5inqvi17bhn4l7rsuli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p3lkup5inqvi17bhn4l7rsuli|03|com"; nocase; ) # mhcezt184i2siwh0wju1fpzbs5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mhcezt184i2siwh0wju1fpzbs5|03|com"; nocase; ) # q6btvv10as0cno3uknb1lxmeju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q6btvv10as0cno3uknb1lxmeju|03|org"; nocase; ) # vfhvkv1evhp9hp607l21pnok16.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vfhvkv1evhp9hp607l21pnok16|03|org"; nocase; ) # 1m9hsi34xnfd0ewxw8ih886dw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m9hsi34xnfd0ewxw8ih886dw|03|org"; nocase; ) # 14ydb4vni2ernl9eny1dlfgjy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14ydb4vni2ernl9eny1dlfgjy|03|net"; nocase; ) # lhd7zr1mrfkuw1eib3uy40yvoc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhd7zr1mrfkuw1eib3uy40yvoc|03|net"; nocase; ) # 1kehl7m1ozoguglbrv1s10huqsf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kehl7m1ozoguglbrv1s10huqsf|03|org"; nocase; ) # 9wmkf11ei34zxksufh5100tq70.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wmkf11ei34zxksufh5100tq70|03|biz"; nocase; ) # 1ojwivadhbqfq15bmxuk1sl9wd3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ojwivadhbqfq15bmxuk1sl9wd3|03|net"; nocase; ) # a2dva713nor961xygcmkgda0n8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a2dva713nor961xygcmkgda0n8|03|biz"; nocase; ) # b1zcr634z32a1rak7kk11t49qa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b1zcr634z32a1rak7kk11t49qa|03|org"; nocase; ) # ek239iz4lhwipxkiqu1gj0tep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ek239iz4lhwipxkiqu1gj0tep|03|com"; nocase; ) # 3dx62m8l43408qokn210vj52o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3dx62m8l43408qokn210vj52o|03|org"; nocase; ) # qdvmjs1hxnru913zsq141hcgbms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qdvmjs1hxnru913zsq141hcgbms|03|biz"; nocase; ) # 1n2hvsh7a5h2819aw72o135l3jh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n2hvsh7a5h2819aw72o135l3jh|03|com"; nocase; ) # 12xm3nl175m6n012eqmwh1w5la03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12xm3nl175m6n012eqmwh1w5la03|03|com"; nocase; ) # 1m593wov83ez2jbj2xpka6a6c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m593wov83ez2jbj2xpka6a6c|03|net"; nocase; ) # doja521sw1sg1vwa5t6udy09r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|doja521sw1sg1vwa5t6udy09r|03|biz"; nocase; ) # 1qw76x7mrpajfjv1zye1lgxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qw76x7mrpajfjv1zye1lgxq|03|net"; nocase; ) # 1j1wu8gvt39d61xmgmdg1la5667.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j1wu8gvt39d61xmgmdg1la5667|03|biz"; nocase; ) # 12s59ht1uzzvw14nhafeaqxm4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12s59ht1uzzvw14nhafeaqxm4f|03|net"; nocase; ) # 1vgzww41bzc19jwe7ujht38xg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vgzww41bzc19jwe7ujht38xg2|03|net"; nocase; ) # 17rkdbv1l2d9d81q6gxse4xcii3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rkdbv1l2d9d81q6gxse4xcii3|03|net"; nocase; ) # 1gv4ck9kv18rq1m8ncv81nz7zj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gv4ck9kv18rq1m8ncv81nz7zj|03|com"; nocase; ) # fvcanly31skyv4pm1gcki1rc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fvcanly31skyv4pm1gcki1rc|03|com"; nocase; ) # zlsnqt19omn9phmjt3i1tot114.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zlsnqt19omn9phmjt3i1tot114|03|net"; nocase; ) # 89zna01u5q0z71srwreg18qh66w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|89zna01u5q0z71srwreg18qh66w|03|com"; nocase; ) # 1cuh48uif0k0qlf29v81rwpmdf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cuh48uif0k0qlf29v81rwpmdf|03|net"; nocase; ) # c6t72hs0wpjy1psp79ddf6r77.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c6t72hs0wpjy1psp79ddf6r77|03|org"; nocase; ) # 1e6bl5e9quux8td7w3pqh1paf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e6bl5e9quux8td7w3pqh1paf|03|com"; nocase; ) # 1jumwo11k3ahqwauv7zt1lyrr4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jumwo11k3ahqwauv7zt1lyrr4h|03|net"; nocase; ) # 1xqol4djproz6cbb0l7u8fb4n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xqol4djproz6cbb0l7u8fb4n|03|biz"; nocase; ) # uuxr0616lhwxkakyf4518hp8or.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uuxr0616lhwxkakyf4518hp8or|03|net"; nocase; ) # 1ek7jryq3u5deb9sb3k17brhze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ek7jryq3u5deb9sb3k17brhze|03|org"; nocase; ) # 1wjnk4r189vf8u5yqnclnszhlm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjnk4r189vf8u5yqnclnszhlm|03|biz"; nocase; ) # 1eh88e71trmqll1kvddl31a2hfju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eh88e71trmqll1kvddl31a2hfju|03|net"; nocase; ) # 158t2ur1ii4xvn1mfub0k1d2lpzk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|158t2ur1ii4xvn1mfub0k1d2lpzk|03|com"; nocase; ) # ndqo3v421dxafkcbs59xsxkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ndqo3v421dxafkcbs59xsxkt|03|com"; nocase; ) # 10hngbu1tndase1g0po9kj3hvl7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10hngbu1tndase1g0po9kj3hvl7|03|net"; nocase; ) # 1or9npf3da9cepzha0u191jkmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1or9npf3da9cepzha0u191jkmk|03|com"; nocase; ) # cni064hc3xsv1p1pqfd44v9r5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cni064hc3xsv1p1pqfd44v9r5|03|org"; nocase; ) # ce4nfg2ds7vz881jsfpc31ee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ce4nfg2ds7vz881jsfpc31ee|03|com"; nocase; ) # 1nu8edh1aln2p1ilorcnnr9azh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nu8edh1aln2p1ilorcnnr9azh|03|net"; nocase; ) # 17mxjbi77kq5iv3xj631thrvi5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17mxjbi77kq5iv3xj631thrvi5|03|net"; nocase; ) # 1t63bx91c6oo4v1989i3q1omb67e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t63bx91c6oo4v1989i3q1omb67e|03|org"; nocase; ) # 5bxo4fdpox3k1pdu4q3gf0xrw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5bxo4fdpox3k1pdu4q3gf0xrw|03|org"; nocase; ) # 1ooookd1ei56dg1s32tmv18v1jeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ooookd1ei56dg1s32tmv18v1jeh|03|com"; nocase; ) # 1kbm0ckcya40t13djigwsnmc69.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kbm0ckcya40t13djigwsnmc69|03|biz"; nocase; ) # b0g56m26cohl1wwonh4aml8ez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b0g56m26cohl1wwonh4aml8ez|03|org"; nocase; ) # 1ieyscxctz2r81ec5wkz130il8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ieyscxctz2r81ec5wkz130il8c|03|com"; nocase; ) # kshylx13sfyrd1jbwykr6k9659.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kshylx13sfyrd1jbwykr6k9659|03|net"; nocase; ) # 1u9wiym1ofoylr400dud18oiz8f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9wiym1ofoylr400dud18oiz8f|03|biz"; nocase; ) # rtjg2f1u36y8x42nf9s8elfxp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rtjg2f1u36y8x42nf9s8elfxp|03|com"; nocase; ) # 5x31dpr8la6h1vqos241x3f572.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5x31dpr8la6h1vqos241x3f572|03|net"; nocase; ) # f02f035xnui38vf9g71gkpclq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f02f035xnui38vf9g71gkpclq|03|net"; nocase; ) # 1oxsnw0vhex3p4mnenefcgbvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oxsnw0vhex3p4mnenefcgbvq|03|org"; nocase; ) # 1nz2e1m1re6grz1z0pcuh4i11bs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nz2e1m1re6grz1z0pcuh4i11bs|03|net"; nocase; ) # egffqj1296hrzvxpi0kt3we65.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|egffqj1296hrzvxpi0kt3we65|03|com"; nocase; ) # 10kevrx13uiy9v11wbgms1kkhnkv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10kevrx13uiy9v11wbgms1kkhnkv|03|net"; nocase; ) # ycgjq91dwxjo31exl5rgqylb5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycgjq91dwxjo31exl5rgqylb5g|03|org"; nocase; ) # i1m321juk5eqzrswwm1lb3mlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i1m321juk5eqzrswwm1lb3mlc|03|net"; nocase; ) # 4oodhv1n6ktetcgvszs1w3tl01.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4oodhv1n6ktetcgvszs1w3tl01|03|net"; nocase; ) # 4nvs63k4sv4dl0hhydn37kqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4nvs63k4sv4dl0hhydn37kqy|03|org"; nocase; ) # 5fbe0m1labkxj1ex0nxb8w5l3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fbe0m1labkxj1ex0nxb8w5l3g|03|org"; nocase; ) # siflh41ipt20d1km16ks1kiwo7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|siflh41ipt20d1km16ks1kiwo7y|03|net"; nocase; ) # 1d7gpda1r4n2xpg539ze1hc8muc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d7gpda1r4n2xpg539ze1hc8muc|03|org"; nocase; ) # 1yj1ji4lofmffqfx4br18pyl8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yj1ji4lofmffqfx4br18pyl8x|03|biz"; nocase; ) # f1o4b413oac6d78agae1tqfdct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1o4b413oac6d78agae1tqfdct|03|org"; nocase; ) # 9wifb1197175qs0vae61fydebd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wifb1197175qs0vae61fydebd|03|org"; nocase; ) # 7kbgyig1w0dbo9xd6ulnuvvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7kbgyig1w0dbo9xd6ulnuvvo|03|net"; nocase; ) # 1e1om7friygvslhyxhyq1hp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1e1om7friygvslhyxhyq1hp|03|biz"; nocase; ) # 1nzy22w14sxdd1q4t8oi1eig75r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nzy22w14sxdd1q4t8oi1eig75r|03|com"; nocase; ) # so34bu1bwegxewzdl3e1clf86i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|so34bu1bwegxewzdl3e1clf86i|03|com"; nocase; ) # 5qoticvu9yba7vg2og5uiiez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5qoticvu9yba7vg2og5uiiez|03|net"; nocase; ) # 6c669016b8obi12we1e73dkhom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6c669016b8obi12we1e73dkhom|03|com"; nocase; ) # z78wy445yuvx11t76jk8wnvqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z78wy445yuvx11t76jk8wnvqq|03|biz"; nocase; ) # 19itg8wztgjpu1sz7wvc23il4z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19itg8wztgjpu1sz7wvc23il4z|03|biz"; nocase; ) # keyxrkv3xcy31s8wvjmqcdyxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|keyxrkv3xcy31s8wvjmqcdyxx|03|com"; nocase; ) # 1izyacg1ytdhgkgu0ci53n4her.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1izyacg1ytdhgkgu0ci53n4her|03|com"; nocase; ) # 10ogtl11of2g561hg35ap1jgnrfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ogtl11of2g561hg35ap1jgnrfg|03|com"; nocase; ) # wb7kld9lm47og53kit1y3p8zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wb7kld9lm47og53kit1y3p8zh|03|net"; nocase; ) # oqzk4kmwlmba1m83zuh1gso8zr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oqzk4kmwlmba1m83zuh1gso8zr|03|net"; nocase; ) # nx0tzhgc167w10337rpkgi653.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nx0tzhgc167w10337rpkgi653|03|com"; nocase; ) # 1b5u3ij1v655nir8lf2v14pkihi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b5u3ij1v655nir8lf2v14pkihi|03|com"; nocase; ) # 16w9hzv1jrad1glorj73ytx2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16w9hzv1jrad1glorj73ytx2n|03|net"; nocase; ) # nwewzmeup07kkyvjnl1qn0n3h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nwewzmeup07kkyvjnl1qn0n3h|03|org"; nocase; ) # 1i1zla615zculy70fpds1jcjvwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i1zla615zculy70fpds1jcjvwr|03|net"; nocase; ) # 116y4saows1u21hfzscuv1nh3h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|116y4saows1u21hfzscuv1nh3h|03|net"; nocase; ) # 10di8p9gfz9n51ssy8kbkgg8s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10di8p9gfz9n51ssy8kbkgg8s|03|org"; nocase; ) # y1pn83x2j8xmk5205ow01jx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y1pn83x2j8xmk5205ow01jx|03|net"; nocase; ) # 15qcksb94cbwunysa8a7w69tv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15qcksb94cbwunysa8a7w69tv|03|com"; nocase; ) # u2j0lf1jcqppn1z0osh5peutu0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2j0lf1jcqppn1z0osh5peutu0|03|biz"; nocase; ) # 1wd5oe21rwdim16zhk91pei5f7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wd5oe21rwdim16zhk91pei5f7|03|com"; nocase; ) # 1vwo0rp3o34pcwgm6c21nbf6jd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vwo0rp3o34pcwgm6c21nbf6jd|03|com"; nocase; ) # kdey8d10v9maa1k89bge1iw90tw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kdey8d10v9maa1k89bge1iw90tw|03|net"; nocase; ) # l995mf1w0k3qxecmxvw1hj216i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l995mf1w0k3qxecmxvw1hj216i|03|org"; nocase; ) # 19nfg1w1rrm6wluv2s7617ay82w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19nfg1w1rrm6wluv2s7617ay82w|03|com"; nocase; ) # telzk2rhepnu13kkx2emh1bja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|telzk2rhepnu13kkx2emh1bja|03|net"; nocase; ) # ocn9adx5dlrxxz612e1b691nf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ocn9adx5dlrxxz612e1b691nf|03|org"; nocase; ) # b7p7dbzo8b61lelmdr1ijyaza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b7p7dbzo8b61lelmdr1ijyaza|03|net"; nocase; ) # 1mtzabj19ib36gadx5b5cqhig1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mtzabj19ib36gadx5b5cqhig1|03|org"; nocase; ) # ynw8id1rtovnk1d99buvl2phd7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ynw8id1rtovnk1d99buvl2phd7|03|net"; nocase; ) # 85ktk216vf76a111xmrs1vo0c80.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|85ktk216vf76a111xmrs1vo0c80|03|biz"; nocase; ) # jstvef19ctd9tz3f5x15rfp34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jstvef19ctd9tz3f5x15rfp34|03|com"; nocase; ) # 6o8765u3s141s2ym9i1fswhmz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6o8765u3s141s2ym9i1fswhmz|03|biz"; nocase; ) # a8jfqxo3f93chvez81169wsq3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8jfqxo3f93chvez81169wsq3|03|org"; nocase; ) # 1wv2auihc809x1x30mz1gv4nm0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wv2auihc809x1x30mz1gv4nm0|03|com"; nocase; ) # ri1l8y4qkn4lvss2jvgur99k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ri1l8y4qkn4lvss2jvgur99k|03|com"; nocase; ) # 15xh9jb2wwulkik74e2qnrcnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15xh9jb2wwulkik74e2qnrcnv|03|org"; nocase; ) # 1uuu0ie1vyz2qf1x1czfa1gq3aya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uuu0ie1vyz2qf1x1czfa1gq3aya|03|com"; nocase; ) # 1h18yh31wwgn4spdnyrnun0nqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h18yh31wwgn4spdnyrnun0nqp|03|com"; nocase; ) # 1rh3qbt15lmnll9zalsf1oc77kd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rh3qbt15lmnll9zalsf1oc77kd|03|net"; nocase; ) # 5acg68k3pwgm19my1a0bv7qku.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5acg68k3pwgm19my1a0bv7qku|03|com"; nocase; ) # eft7e72b6y671m07rt21uo0pq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eft7e72b6y671m07rt21uo0pq4|03|net"; nocase; ) # 1nx4zuxge6tvtev9smk1ycyqr5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nx4zuxge6tvtev9smk1ycyqr5|03|org"; nocase; ) # 1og1kyasgyybl1hlfvdqil78on.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1og1kyasgyybl1hlfvdqil78on|03|com"; nocase; ) # 1egagelsfh9cs1rv96q3ggsm6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1egagelsfh9cs1rv96q3ggsm6|03|org"; nocase; ) # 1rqicj51stxtsg1dlhnkooesrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqicj51stxtsg1dlhnkooesrp|03|net"; nocase; ) # 1s2aj5fp58e8f108b0kv6kmtjx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s2aj5fp58e8f108b0kv6kmtjx|03|biz"; nocase; ) # cl79bb13g158y2xvk2p8p0gfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cl79bb13g158y2xvk2p8p0gfa|03|org"; nocase; ) # 9rzlee121jqcg1ah6fnwwhbfin.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9rzlee121jqcg1ah6fnwwhbfin|03|biz"; nocase; ) # 11p0v0ufeezw41nss50o1vp19ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11p0v0ufeezw41nss50o1vp19ip|03|net"; nocase; ) # bxu4341b5ovy36fj8sc18kvarx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bxu4341b5ovy36fj8sc18kvarx|03|org"; nocase; ) # 1ibh0931j9td7c8t3stm1mv9sfk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ibh0931j9td7c8t3stm1mv9sfk|03|org"; nocase; ) # kzxxk0133v3721d2g0uioyod8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kzxxk0133v3721d2g0uioyod8|03|net"; nocase; ) # 2i4zu2lti68x1xtbd78gnizma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2i4zu2lti68x1xtbd78gnizma|03|com"; nocase; ) # 1sjafr6xe7fr1gnk50o1hdqvcx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sjafr6xe7fr1gnk50o1hdqvcx|03|biz"; nocase; ) # 17nyrdb1tmvpmtcz4xg515098gt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17nyrdb1tmvpmtcz4xg515098gt|03|net"; nocase; ) # 1odgfpejdpbxfsz3ppp4ubi3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1odgfpejdpbxfsz3ppp4ubi3c|03|com"; nocase; ) # 1q5eac02n8o4z1ifpacy10hrm3i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q5eac02n8o4z1ifpacy10hrm3i|03|net"; nocase; ) # qu3z7x1khd6ux1asy6jtpf3dc5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qu3z7x1khd6ux1asy6jtpf3dc5|03|com"; nocase; ) # 1lc6333tjgzt21amlh6ku0ht3w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lc6333tjgzt21amlh6ku0ht3w|03|org"; nocase; ) # 13thmifbawqqc645i998bx8s4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13thmifbawqqc645i998bx8s4|03|org"; nocase; ) # 12zoe4d1diezl213niuqxkkqx25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12zoe4d1diezl213niuqxkkqx25|03|net"; nocase; ) # 14zufzb11dzsch17gelqxvvknt3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14zufzb11dzsch17gelqxvvknt3|03|com"; nocase; ) # 1id50y81pz4n21lta9kbi5bgqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1id50y81pz4n21lta9kbi5bgqg|03|biz"; nocase; ) # 1gkor5wftl9k4akh6x7h1bmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gkor5wftl9k4akh6x7h1bmp|03|org"; nocase; ) # eauvvkdokx5w1kg52e6x9i1b1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eauvvkdokx5w1kg52e6x9i1b1|03|net"; nocase; ) # 1hdu0ln6mhj185so3h112oat8p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hdu0ln6mhj185so3h112oat8p|03|biz"; nocase; ) # o4urf811t7k36gi192n10vguep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4urf811t7k36gi192n10vguep|03|org"; nocase; ) # 1ihy5gh1main3r1ctn6vp1f0m3po.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ihy5gh1main3r1ctn6vp1f0m3po|03|net"; nocase; ) # 6nqcxf18aog931w8xxs87lkxgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nqcxf18aog931w8xxs87lkxgj|03|com"; nocase; ) # xvcop11w51qfg7l2set125o5d2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xvcop11w51qfg7l2set125o5d2|03|net"; nocase; ) # 68nrao9m1aewyuohdc13w0vpe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68nrao9m1aewyuohdc13w0vpe|03|net"; nocase; ) # 1sjb6ga3jy276vy4qiy15y5xfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sjb6ga3jy276vy4qiy15y5xfe|03|com"; nocase; ) # 1ko9hfx1m4u9ic1mwq3o71f5z8my.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ko9hfx1m4u9ic1mwq3o71f5z8my|03|biz"; nocase; ) # 14f5f3t1sy5kdt1eigwqskgrstr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14f5f3t1sy5kdt1eigwqskgrstr|03|net"; nocase; ) # 1eoc1cy18up34a1dkcmcj1yf3cmd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eoc1cy18up34a1dkcmcj1yf3cmd|03|com"; nocase; ) # 3vyojx1ezllkea6m3kfubjcu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3vyojx1ezllkea6m3kfubjcu|03|biz"; nocase; ) # 17lcigp1aw4z8l12vpe701p6xotd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17lcigp1aw4z8l12vpe701p6xotd|03|net"; nocase; ) # 1lqbv4x164hz30lrn2f714iz3q7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lqbv4x164hz30lrn2f714iz3q7|03|com"; nocase; ) # 14ec8z172fdnu1h1l9w21e9p7ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ec8z172fdnu1h1l9w21e9p7ia|03|net"; nocase; ) # 9tn1tqu43m13awr1extd4smi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9tn1tqu43m13awr1extd4smi|03|org"; nocase; ) # p6rhon12zntn5croopnu470kr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p6rhon12zntn5croopnu470kr|03|com"; nocase; ) # baqe6j1kj6eub6yhdgqtxbff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|baqe6j1kj6eub6yhdgqtxbff|03|com"; nocase; ) # 1sstekq1kb777umsgkw1xdd0xo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sstekq1kb777umsgkw1xdd0xo|03|org"; nocase; ) # 10pfvcj16bx5vrd0xyxa165gkwz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10pfvcj16bx5vrd0xyxa165gkwz|03|net"; nocase; ) # 19pxzlx1bwox0styijwfzh913q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19pxzlx1bwox0styijwfzh913q|03|org"; nocase; ) # v2x6m61t0ipnq1npqzgfxafglh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v2x6m61t0ipnq1npqzgfxafglh|03|com"; nocase; ) # 1o0dkl8m34ech16b39m8hib61a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o0dkl8m34ech16b39m8hib61a|03|biz"; nocase; ) # ofxd8f1y2pmmdcriipd1pkmk8j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ofxd8f1y2pmmdcriipd1pkmk8j|03|org"; nocase; ) # 19ghj7bm6w4o87pw791csxgrv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ghj7bm6w4o87pw791csxgrv|03|biz"; nocase; ) # v9t7jd1yky5bk1dcc60t1b6tnv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v9t7jd1yky5bk1dcc60t1b6tnv3|03|net"; nocase; ) # bpubmjmfwxfm225dwoenmx34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bpubmjmfwxfm225dwoenmx34|03|com"; nocase; ) # 11mc07119kilqb19v2czkuow09d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11mc07119kilqb19v2czkuow09d|03|org"; nocase; ) # qo9hu41764gsobwo1bfw2ozmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qo9hu41764gsobwo1bfw2ozmr|03|net"; nocase; ) # 1afpn9c157i0it1o045ji63rm32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1afpn9c157i0it1o045ji63rm32|03|net"; nocase; ) # fatzkn1vpezhv13d8utr1x6n10m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fatzkn1vpezhv13d8utr1x6n10m|03|net"; nocase; ) # 1q52i71idsvq13spgk1e5nw8k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q52i71idsvq13spgk1e5nw8k|03|net"; nocase; ) # 4ammryg3ce5x31l6zgi94rv6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ammryg3ce5x31l6zgi94rv6|03|org"; nocase; ) # qko58z1du14mw1573vta12kc67l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qko58z1du14mw1573vta12kc67l|03|net"; nocase; ) # 1mflsd719ewbvr1tpjkmqlbr1rp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mflsd719ewbvr1tpjkmqlbr1rp|03|net"; nocase; ) # wcz1412rkai7jfyx2d3t87ay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wcz1412rkai7jfyx2d3t87ay|03|org"; nocase; ) # 8owhjo1tpc54x9k9azp1gfb76n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8owhjo1tpc54x9k9azp1gfb76n|03|com"; nocase; ) # 1erkeu517jgsrhykp9ue1tjzx1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1erkeu517jgsrhykp9ue1tjzx1d|03|net"; nocase; ) # avmbu8q9oz0y1c0kderzrpdqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|avmbu8q9oz0y1c0kderzrpdqy|03|biz"; nocase; ) # 6i9td11slyn9d1hko24vy7b137.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6i9td11slyn9d1hko24vy7b137|03|org"; nocase; ) # 1xvz2uo1a539q88a1mf317nzxlb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvz2uo1a539q88a1mf317nzxlb|03|com"; nocase; ) # 1l5wj8j7k03s017k7ai4190f5rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5wj8j7k03s017k7ai4190f5rd|03|net"; nocase; ) # 1jjm3wq3hr2tv1n9p0w01plhz2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jjm3wq3hr2tv1n9p0w01plhz2t|03|org"; nocase; ) # 1gt6lvv5cq1ox8djcqqtehi28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gt6lvv5cq1ox8djcqqtehi28|03|org"; nocase; ) # 1477onrr6a5bc123sa096opsbk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1477onrr6a5bc123sa096opsbk|03|biz"; nocase; ) # 18rugh09hlr84pvn8tf13zvw4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18rugh09hlr84pvn8tf13zvw4j|03|com"; nocase; ) # 1xaaw7f9us99zyi8m1o10amo6l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xaaw7f9us99zyi8m1o10amo6l|03|org"; nocase; ) # ask5siu9u7ih1q9sv9016s07dr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ask5siu9u7ih1q9sv9016s07dr|03|net"; nocase; ) # s1m11h145zcqs15rlobm7wva99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s1m11h145zcqs15rlobm7wva99|03|net"; nocase; ) # 51cn1n1uthghq68eyzr1f5dzec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|51cn1n1uthghq68eyzr1f5dzec|03|net"; nocase; ) # 1kfcfzmqvsih6ue9rea1d038iu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfcfzmqvsih6ue9rea1d038iu|03|com"; nocase; ) # dj7vhzr8k17o15yolzqgovm93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dj7vhzr8k17o15yolzqgovm93|03|com"; nocase; ) # 1szxzwriugbg162otzi7xntb8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1szxzwriugbg162otzi7xntb8|03|com"; nocase; ) # zm80fg526ct6ecp91p83qzeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zm80fg526ct6ecp91p83qzeb|03|com"; nocase; ) # 1z11lbz1ae6dnh1dx8raipyl2p5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1z11lbz1ae6dnh1dx8raipyl2p5|03|com"; nocase; ) # 1pmmuxnq1jrn8h68czu7lje8b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pmmuxnq1jrn8h68czu7lje8b|03|org"; nocase; ) # 1ohwx9b14ej1th1huvjkd1qsh4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohwx9b14ej1th1huvjkd1qsh4t|03|com"; nocase; ) # 94qobf1h15uaf1cgsyfmah0x8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|94qobf1h15uaf1cgsyfmah0x8q|03|com"; nocase; ) # ni9zr9o1tsek1uy7ttq1oesl5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ni9zr9o1tsek1uy7ttq1oesl5z|03|org"; nocase; ) # n4mmpe1oanvhxjd0cs714v761e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4mmpe1oanvhxjd0cs714v761e|03|biz"; nocase; ) # 1tn9bnx1136td71pxklm71jc82aw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tn9bnx1136td71pxklm71jc82aw|03|net"; nocase; ) # 1w884vw1as8no63owlpd17h856n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w884vw1as8no63owlpd17h856n|03|org"; nocase; ) # 1n60s5teuuxve15fdrjs1244nf3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n60s5teuuxve15fdrjs1244nf3|03|biz"; nocase; ) # 1fx4fr01e58s0awqufsh151wu0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fx4fr01e58s0awqufsh151wu0m|03|com"; nocase; ) # 1j7zvl111522pm11yb6orodr4sy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7zvl111522pm11yb6orodr4sy|03|biz"; nocase; ) # 1l9rellq8dffjihgkmenajxbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l9rellq8dffjihgkmenajxbo|03|org"; nocase; ) # 1vnnps5w9ud2h1evsvs51vm6mzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vnnps5w9ud2h1evsvs51vm6mzk|03|org"; nocase; ) # 1dcvfpr3fws26uifhg1n1egbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dcvfpr3fws26uifhg1n1egbq|03|com"; nocase; ) # 1ahepzo1x29bmm153sa59i87clv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ahepzo1x29bmm153sa59i87clv|03|org"; nocase; ) # c38d0213aaayz1ks3cy9183r7rh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c38d0213aaayz1ks3cy9183r7rh|03|org"; nocase; ) # j6uue4ldbp1tntnj71438vmd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j6uue4ldbp1tntnj71438vmd|03|com"; nocase; ) # 1fm6ru61lmp88mjh23d71h0eke4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fm6ru61lmp88mjh23d71h0eke4|03|net"; nocase; ) # tdtp8u8hj3l4awoxza7z2vb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tdtp8u8hj3l4awoxza7z2vb|03|net"; nocase; ) # 1j3ft68h5p6ga1ta4ns91dpq8hu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3ft68h5p6ga1ta4ns91dpq8hu|03|net"; nocase; ) # 1ujfashklwu921psgz3061l2q9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujfashklwu921psgz3061l2q9|03|biz"; nocase; ) # 15t9hny1ratje01mdt6yrdo4qju.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15t9hny1ratje01mdt6yrdo4qju|03|com"; nocase; ) # 1nrzb1zq0eutdzhvc0q1wm7534.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nrzb1zq0eutdzhvc0q1wm7534|03|net"; nocase; ) # os3ct71ddz5lj1l1vt651c91x2v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|os3ct71ddz5lj1l1vt651c91x2v|03|com"; nocase; ) # sfy6pp9l7rsysxkrzg1jwgu8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfy6pp9l7rsysxkrzg1jwgu8r|03|net"; nocase; ) # 18u18443puqgubmud1d1i3n80f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18u18443puqgubmud1d1i3n80f|03|net"; nocase; ) # 1kwnjs7925cy9cludv5i131nm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kwnjs7925cy9cludv5i131nm|03|org"; nocase; ) # o1csbiqdxg7yo2ap61vu809x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o1csbiqdxg7yo2ap61vu809x|03|org"; nocase; ) # 1mvjd951bh4pmb1lrdkro17c1wig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mvjd951bh4pmb1lrdkro17c1wig|03|net"; nocase; ) # 7ndu9r1pzeq0rosa5fw1kalzxi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ndu9r1pzeq0rosa5fw1kalzxi|03|com"; nocase; ) # 1suqdt5z5gq6si4g3jg1bpiysl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1suqdt5z5gq6si4g3jg1bpiysl|03|org"; nocase; ) # gjng3lt8vyg23rqhoi2s0ont.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gjng3lt8vyg23rqhoi2s0ont|03|com"; nocase; ) # ys6to0smooqx4isla219fu1er.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ys6to0smooqx4isla219fu1er|03|biz"; nocase; ) # ave9zx1xq3qc9r3oho8pao20c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ave9zx1xq3qc9r3oho8pao20c|03|net"; nocase; ) # 1adf6uwv5w2eccndt276ofwsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1adf6uwv5w2eccndt276ofwsa|03|com"; nocase; ) # swkivc1ajq88w7h6jo615aw85k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swkivc1ajq88w7h6jo615aw85k|03|biz"; nocase; ) # calypbrjd1441dn00v9143g4y6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|calypbrjd1441dn00v9143g4y6|03|org"; nocase; ) # bdrc4pbuimz11irdpgk15p9ulj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bdrc4pbuimz11irdpgk15p9ulj|03|biz"; nocase; ) # 14qb7eomjetqc171ebpl5q8j5w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14qb7eomjetqc171ebpl5q8j5w|03|biz"; nocase; ) # yzzs2q8wmgd516ht73h1ut0ivr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yzzs2q8wmgd516ht73h1ut0ivr|03|biz"; nocase; ) # 18p0210nbleibxxc6bb67baht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18p0210nbleibxxc6bb67baht|03|org"; nocase; ) # j7urc4ai97d41v5osnyske2tt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j7urc4ai97d41v5osnyske2tt|03|net"; nocase; ) # 1il1vtgkjqc74rvg0hp1w573pd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1il1vtgkjqc74rvg0hp1w573pd|03|net"; nocase; ) # 1a2zc2k8tzrwi47ugjw10mddnq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a2zc2k8tzrwi47ugjw10mddnq|03|biz"; nocase; ) # 1gftpnd15fxgwv16sc26gqn25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gftpnd15fxgwv16sc26gqn25|03|com"; nocase; ) # 1sjar1w10hhxkmr0vnv5nkbma3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sjar1w10hhxkmr0vnv5nkbma3|03|net"; nocase; ) # qtmm9lu7ofhi1m46zy0hrpfug.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qtmm9lu7ofhi1m46zy0hrpfug|03|biz"; nocase; ) # aky5f81bmck671kpzud31ms722f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aky5f81bmck671kpzud31ms722f|03|biz"; nocase; ) # p54bvi1bzpd2mhzw00g1m8jblw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p54bvi1bzpd2mhzw00g1m8jblw|03|org"; nocase; ) # ej8ffm1uol9eh1glqonv1r00k1e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ej8ffm1uol9eh1glqonv1r00k1e|03|biz"; nocase; ) # 1bcm3wvvqtbaqwvaifo132z31.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bcm3wvvqtbaqwvaifo132z31|03|biz"; nocase; ) # clc7kfoo5x2o10kx89z1s446z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|clc7kfoo5x2o10kx89z1s446z4|03|org"; nocase; ) # 1pcw7qdjdzpgy5cq5qh55ai2y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pcw7qdjdzpgy5cq5qh55ai2y|03|biz"; nocase; ) # 1yiwdy11eq2xuohjqsrcsbvpxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yiwdy11eq2xuohjqsrcsbvpxq|03|com"; nocase; ) # pqn2xf1l2am1j5g9ete1yay4x2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pqn2xf1l2am1j5g9ete1yay4x2|03|biz"; nocase; ) # 13yyb111699bj81twbbkmlxxxdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13yyb111699bj81twbbkmlxxxdu|03|net"; nocase; ) # pseapj1w919ng17fu6gk1qsjvl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pseapj1w919ng17fu6gk1qsjvl8|03|com"; nocase; ) # xo75uv3mb03n7f9hjpkms11b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xo75uv3mb03n7f9hjpkms11b|03|org"; nocase; ) # 1m1twp4yp8qf2hpmhic17jl2k5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1twp4yp8qf2hpmhic17jl2k5|03|biz"; nocase; ) # 1jbzfbxw2gw3dil5bouli2qtl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jbzfbxw2gw3dil5bouli2qtl|03|org"; nocase; ) # 8xjyna7wifx2ufkg8a1w3e40c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8xjyna7wifx2ufkg8a1w3e40c|03|org"; nocase; ) # 1bewzws18j6dv8qldv8a7m014y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bewzws18j6dv8qldv8a7m014y|03|net"; nocase; ) # 19kjuft16upoel19a1yj4y8uvfh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19kjuft16upoel19a1yj4y8uvfh|03|com"; nocase; ) # dexup618pc1uf1llpihp1t4w47r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dexup618pc1uf1llpihp1t4w47r|03|com"; nocase; ) # u7osjtwie2va4nfil3co74ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u7osjtwie2va4nfil3co74ty|03|net"; nocase; ) # 1hi7bfak56eaw1o2dd9q12aqzxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hi7bfak56eaw1o2dd9q12aqzxj|03|net"; nocase; ) # nmxnqxlr0k7vrlputa13sd2rq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmxnqxlr0k7vrlputa13sd2rq|03|net"; nocase; ) # 1mn6523h31kmf1xc76st1vth6mz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mn6523h31kmf1xc76st1vth6mz|03|com"; nocase; ) # 143li77djj4igq25riy1ghsnwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|143li77djj4igq25riy1ghsnwe|03|net"; nocase; ) # spydgc48nvrhyeumff4gt3nd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|spydgc48nvrhyeumff4gt3nd|03|com"; nocase; ) # 1wkds8h1lsve2t1va8rdtemelwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wkds8h1lsve2t1va8rdtemelwr|03|net"; nocase; ) # ritke719qzrx7rl2ae41cb4ll6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ritke719qzrx7rl2ae41cb4ll6|03|biz"; nocase; ) # 50jdjxginwkteyjkr810xoazs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50jdjxginwkteyjkr810xoazs|03|biz"; nocase; ) # r534gy11kkxg31id2s3b1168gwd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r534gy11kkxg31id2s3b1168gwd|03|net"; nocase; ) # o8cowfgxzks7gi07fye5hbew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o8cowfgxzks7gi07fye5hbew|03|org"; nocase; ) # 1p4bcb41mj9w2a1g8aqerp0mn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p4bcb41mj9w2a1g8aqerp0mn|03|net"; nocase; ) # 1ond890174lvcnm7y751y2824u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ond890174lvcnm7y751y2824u|03|org"; nocase; ) # 11nijqg193vt27x5icmg11wspnt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nijqg193vt27x5icmg11wspnt|03|com"; nocase; ) # 1h9vg6pdtz43y1ezy6nxj8abxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h9vg6pdtz43y1ezy6nxj8abxk|03|net"; nocase; ) # 17hmg9eugvlly1tl4ostrmgkz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17hmg9eugvlly1tl4ostrmgkz4|03|net"; nocase; ) # 1snucmykm5y6y1gofi911yzdpb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1snucmykm5y6y1gofi911yzdpb1|03|net"; nocase; ) # ek7do92ka3cyvgcag81nbgho3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ek7do92ka3cyvgcag81nbgho3|03|net"; nocase; ) # 1w1xl53jibu8o1kcyatmvj1n7j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1xl53jibu8o1kcyatmvj1n7j|03|net"; nocase; ) # 7xrbmkeds5grjj1dlx1c3njl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7xrbmkeds5grjj1dlx1c3njl0|03|org"; nocase; ) # 17v8siedxkom51v898ev48ibyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17v8siedxkom51v898ev48ibyv|03|net"; nocase; ) # 8dmbqzcpxwc817swfbk1jqmte7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8dmbqzcpxwc817swfbk1jqmte7|03|org"; nocase; ) # 1llotzp1e55528mziegvs4g6f7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1llotzp1e55528mziegvs4g6f7|03|com"; nocase; ) # wp9axtko62se1wz9e9j172ktjv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wp9axtko62se1wz9e9j172ktjv|03|biz"; nocase; ) # und1qh1u6yx4rp3cxqz1lfa7q3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|und1qh1u6yx4rp3cxqz1lfa7q3|03|org"; nocase; ) # r8rbfeuc0x0w1o2d960hmzhml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r8rbfeuc0x0w1o2d960hmzhml|03|net"; nocase; ) # 11vb8rs1w7cmd51jrcph615c3gmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11vb8rs1w7cmd51jrcph615c3gmf|03|net"; nocase; ) # rag18tny21j27um41s1k6nuwy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rag18tny21j27um41s1k6nuwy|03|com"; nocase; ) # 1023t1dnok6ghr8oakdgjbbsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1023t1dnok6ghr8oakdgjbbsa|03|com"; nocase; ) # 19c3tc210m7w6p9637df17yck6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19c3tc210m7w6p9637df17yck6o|03|org"; nocase; ) # xmjy451hgap2g1rkbrc81b31cq2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xmjy451hgap2g1rkbrc81b31cq2|03|biz"; nocase; ) # 7ttl75zn7wnk1n8cv8315cjeb8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ttl75zn7wnk1n8cv8315cjeb8|03|com"; nocase; ) # vrot351mw7eyg1ijpehlubtyzy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vrot351mw7eyg1ijpehlubtyzy|03|org"; nocase; ) # onrydl7tqn2v16uvr3r7rd1ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|onrydl7tqn2v16uvr3r7rd1ap|03|net"; nocase; ) # 12hci0d1663jdp11h7tyukdc2q9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12hci0d1663jdp11h7tyukdc2q9|03|org"; nocase; ) # 7mwn6c1xcft571olfhx31y28rxz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7mwn6c1xcft571olfhx31y28rxz|03|org"; nocase; ) # 983so7131j1rgbf11xxg5d0le.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|983so7131j1rgbf11xxg5d0le|03|net"; nocase; ) # dvoztt168tnd0a7q36p1qyc4ux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dvoztt168tnd0a7q36p1qyc4ux|03|com"; nocase; ) # cid553cnh4e81p43gtptsevxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cid553cnh4e81p43gtptsevxs|03|net"; nocase; ) # 2ud0o0anakofvjrj0pcwdupj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ud0o0anakofvjrj0pcwdupj|03|net"; nocase; ) # 1ktzw8axccd4mc5ezpx1chte6m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ktzw8axccd4mc5ezpx1chte6m|03|com"; nocase; ) # jrr8864x5bqw79vysbi2p6sz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jrr8864x5bqw79vysbi2p6sz|03|org"; nocase; ) # 196ckby1fups6512rozyjt13hnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|196ckby1fups6512rozyjt13hnn|03|com"; nocase; ) # 16vxi5i1botn0oe0w4hs2tdq4l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16vxi5i1botn0oe0w4hs2tdq4l|03|com"; nocase; ) # 12i4s6j1at0y1r1g6gzmmfa5mka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12i4s6j1at0y1r1g6gzmmfa5mka|03|net"; nocase; ) # 1v38u4z1qv7on81difyi0ywsqt8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v38u4z1qv7on81difyi0ywsqt8|03|org"; nocase; ) # 122fpfi12l8vkx1ciqezp1jqiewo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|122fpfi12l8vkx1ciqezp1jqiewo|03|com"; nocase; ) # 14wwazd1o98e591atzss8iavbc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wwazd1o98e591atzss8iavbc1|03|com"; nocase; ) # 6tnj7udrw7sgfxbef05ia5ol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6tnj7udrw7sgfxbef05ia5ol|03|com"; nocase; ) # zsl194kmy46z8v1ztsh1ju8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zsl194kmy46z8v1ztsh1ju8s|03|com"; nocase; ) # ziviq819c04bo1m8ybgnkurtdn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ziviq819c04bo1m8ybgnkurtdn|03|org"; nocase; ) # 1fc12fb1ujp47k1uww4o21usvecr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fc12fb1ujp47k1uww4o21usvecr|03|com"; nocase; ) # 1ke417h1nx238luah1zl10v55i8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ke417h1nx238luah1zl10v55i8|03|biz"; nocase; ) # 1k3b3fxarfw4c1t3a9vd1i8wg96.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k3b3fxarfw4c1t3a9vd1i8wg96|03|net"; nocase; ) # dtd1ox15jal13b3v0blbtjkka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dtd1ox15jal13b3v0blbtjkka|03|net"; nocase; ) # c6mzmo1wl9pj013c5iwwjhqy4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c6mzmo1wl9pj013c5iwwjhqy4x|03|net"; nocase; ) # 1mmkwzj8ll9lf1njqt631iutjvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mmkwzj8ll9lf1njqt631iutjvd|03|com"; nocase; ) # 61yxyx1wgnv8614sx8u8vev0a2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|61yxyx1wgnv8614sx8u8vev0a2|03|net"; nocase; ) # 1r9bsm11tv92kct207xh1xbcsay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9bsm11tv92kct207xh1xbcsay|03|com"; nocase; ) # 1abtwdt12z7s68i1pmo77ij68o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1abtwdt12z7s68i1pmo77ij68o|03|org"; nocase; ) # 1y2lowlroewp1vjrt8zfxmys6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y2lowlroewp1vjrt8zfxmys6|03|biz"; nocase; ) # 13jnwrr1qxqdcm19zzsv8b2drei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13jnwrr1qxqdcm19zzsv8b2drei|03|net"; nocase; ) # 1mmycxy15v9sge1bp595j1mj5nat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mmycxy15v9sge1bp595j1mj5nat|03|net"; nocase; ) # 118llu31g4jk4vi9iyrwrdsx2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|118llu31g4jk4vi9iyrwrdsx2r|03|biz"; nocase; ) # 1ufeqfo10sb1fka9k7y7x98vbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ufeqfo10sb1fka9k7y7x98vbe|03|org"; nocase; ) # 1qwk60t9uwt7fgdsq5u1ozcooi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qwk60t9uwt7fgdsq5u1ozcooi|03|com"; nocase; ) # 10oi8nu1hyptop1cr0z081fj4o74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10oi8nu1hyptop1cr0z081fj4o74|03|net"; nocase; ) # 18q937p1ucztc9126oq159wpbb9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18q937p1ucztc9126oq159wpbb9|03|biz"; nocase; ) # 15sp0ps1qsti0o1he5tddnrinif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15sp0ps1qsti0o1he5tddnrinif|03|net"; nocase; ) # 5it2xig7so7a1v2gjg55pqvpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5it2xig7so7a1v2gjg55pqvpt|03|biz"; nocase; ) # 1wwv9v51na3i0r16dpm2684u0tx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wwv9v51na3i0r16dpm2684u0tx|03|com"; nocase; ) # 2xs1qofdcgymewwqzm1m1s94q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2xs1qofdcgymewwqzm1m1s94q|03|net"; nocase; ) # 13bd8zgm22oj1748mimcsbcak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13bd8zgm22oj1748mimcsbcak|03|net"; nocase; ) # 1wjypfecj2jza6673x61qwvpbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjypfecj2jza6673x61qwvpbm|03|net"; nocase; ) # lz324c14gqlac7ieomlwe2m9b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lz324c14gqlac7ieomlwe2m9b|03|net"; nocase; ) # fb3lsq1wy36rq1tmvlrd9o3yae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fb3lsq1wy36rq1tmvlrd9o3yae|03|com"; nocase; ) # 1nvna1e1bxpeq81kqngjis7m467.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nvna1e1bxpeq81kqngjis7m467|03|org"; nocase; ) # 1y9pzog1x6fj4zxwqdbpf6diyb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y9pzog1x6fj4zxwqdbpf6diyb|03|net"; nocase; ) # 180p8lvlp9moj5e0vzzqtsnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|180p8lvlp9moj5e0vzzqtsnm|03|net"; nocase; ) # 1uyg47sngy5lu3sfto11audex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uyg47sngy5lu3sfto11audex|03|biz"; nocase; ) # awzcy7cpkv5ueivpjg1psw6v2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|awzcy7cpkv5ueivpjg1psw6v2|03|net"; nocase; ) # 1reeuru1k3bfi6lxazvd1phu7ia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1reeuru1k3bfi6lxazvd1phu7ia|03|com"; nocase; ) # 11tsjjq9fulf213hl37snov8y5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11tsjjq9fulf213hl37snov8y5|03|net"; nocase; ) # 1ixcd6jjuytfg1p0ig25yp9t8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixcd6jjuytfg1p0ig25yp9t8n|03|net"; nocase; ) # rhrgc9co8xa3n1wp6514ocq2o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhrgc9co8xa3n1wp6514ocq2o|03|org"; nocase; ) # qn323q1q6a83514qzr8w1fpl5ij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qn323q1q6a83514qzr8w1fpl5ij|03|biz"; nocase; ) # kocb8pn53dus2ye6kx109gjq5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kocb8pn53dus2ye6kx109gjq5|03|org"; nocase; ) # 1hqpnac4x5grozrly9f1s9v4eo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hqpnac4x5grozrly9f1s9v4eo|03|org"; nocase; ) # 11ee6dzx9w65v75xzrj1rkogxm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ee6dzx9w65v75xzrj1rkogxm|03|biz"; nocase; ) # r5t4cv1w91piq1jci2ic1ajhit4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r5t4cv1w91piq1jci2ic1ajhit4|03|biz"; nocase; ) # p2it7efubj76fwgpl95fuk40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p2it7efubj76fwgpl95fuk40|03|net"; nocase; ) # 72upoijiuvf8owjxshcnk17x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|72upoijiuvf8owjxshcnk17x|03|net"; nocase; ) # 64tocx1fvfj5k73ykwt11zxs35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64tocx1fvfj5k73ykwt11zxs35|03|org"; nocase; ) # 14t6collxdky0lkl6im1li713q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14t6collxdky0lkl6im1li713q|03|org"; nocase; ) # o5zyj14e9xal1sg8n0ghmb6sy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o5zyj14e9xal1sg8n0ghmb6sy|03|org"; nocase; ) # 1mvu564zk74c511zzizo82kl3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvu564zk74c511zzizo82kl3d|03|net"; nocase; ) # 1kzi00lgts4171tl3v2n1lm2afx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzi00lgts4171tl3v2n1lm2afx|03|biz"; nocase; ) # nh52qg1t2x12ncb19661sdgm4b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nh52qg1t2x12ncb19661sdgm4b|03|biz"; nocase; ) # 1dvz0hi1dih7db1l4l51i7xc1kp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dvz0hi1dih7db1l4l51i7xc1kp|03|net"; nocase; ) # j4emfm12kv6gki8zjlm1txlj3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4emfm12kv6gki8zjlm1txlj3v|03|net"; nocase; ) # 1dpua5vj8z2qi1rl7atmvyax4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dpua5vj8z2qi1rl7atmvyax4|03|net"; nocase; ) # vjlitrm7jing1p7r7361xz4ke7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vjlitrm7jing1p7r7361xz4ke7|03|biz"; nocase; ) # 47du7n1ro1umt1sb39odopt2vf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|47du7n1ro1umt1sb39odopt2vf|03|net"; nocase; ) # 1j8bnix9843lkj017p8hlb4bq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j8bnix9843lkj017p8hlb4bq|03|com"; nocase; ) # 1keiv191qjmfa21mbsnfq1dnco6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1keiv191qjmfa21mbsnfq1dnco6i|03|com"; nocase; ) # id28yp1b68qg87o5ttc5eo01t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|id28yp1b68qg87o5ttc5eo01t|03|net"; nocase; ) # 1w8m1a611v6cgnigl1l298xos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w8m1a611v6cgnigl1l298xos|03|com"; nocase; ) # 1u3q5jhcxzod613c4yie1w3jqqx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3q5jhcxzod613c4yie1w3jqqx|03|net"; nocase; ) # 1c07up9uugkzcy1r95nzanr0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c07up9uugkzcy1r95nzanr0h|03|biz"; nocase; ) # fjxby81xnkuti1nsbp3qopbmgz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjxby81xnkuti1nsbp3qopbmgz|03|net"; nocase; ) # 8sdoi24oizlv1xli7wjlb5nbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sdoi24oizlv1xli7wjlb5nbb|03|com"; nocase; ) # 1nzzaty16113l01jaxylr1hucunc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nzzaty16113l01jaxylr1hucunc|03|org"; nocase; ) # nnh0cg1rpvyrfc1r9rf146tnut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnh0cg1rpvyrfc1r9rf146tnut|03|org"; nocase; ) # 7co15fwllrbq1z063rx10vfr9p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7co15fwllrbq1z063rx10vfr9p|03|org"; nocase; ) # 5cyobvaoruxkd3y01s1cq9vwd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5cyobvaoruxkd3y01s1cq9vwd|03|net"; nocase; ) # 1gnu2n35fusp1q7u6z4tw57b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gnu2n35fusp1q7u6z4tw57b|03|biz"; nocase; ) # 1npmon61l4duxu1y2w5o51kr4d56.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1npmon61l4duxu1y2w5o51kr4d56|03|com"; nocase; ) # 1ablr37y754zq1b1p3va1nsfbu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ablr37y754zq1b1p3va1nsfbu7|03|net"; nocase; ) # 17njtqd15wv7sw129b1rp10ss5xm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17njtqd15wv7sw129b1rp10ss5xm|03|org"; nocase; ) # p5sa711m52hs1kpk45qwvaulg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5sa711m52hs1kpk45qwvaulg|03|net"; nocase; ) # w2v90e12mmp9ko3ezqlac13oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w2v90e12mmp9ko3ezqlac13oh|03|biz"; nocase; ) # laovfx1rukvur1jzxk2f1jgnzx8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|laovfx1rukvur1jzxk2f1jgnzx8|03|net"; nocase; ) # 1xd6sv9ktw9s39zv6owyf2jba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xd6sv9ktw9s39zv6owyf2jba|03|org"; nocase; ) # kg3e8oh7w8h610qa06i1euyw90.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kg3e8oh7w8h610qa06i1euyw90|03|net"; nocase; ) # 1oby479vi8g1p14q8lyv1ravrp2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oby479vi8g1p14q8lyv1ravrp2|03|net"; nocase; ) # nt31dk1ewbjj0t8d9xo1jfaks2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nt31dk1ewbjj0t8d9xo1jfaks2|03|org"; nocase; ) # 1w9c5lp1w9cmbqc2pzpd1d1l2jr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w9c5lp1w9cmbqc2pzpd1d1l2jr|03|com"; nocase; ) # x9pgl11r6bmai8z8m8sojl6yh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x9pgl11r6bmai8z8m8sojl6yh|03|net"; nocase; ) # 15va1711krj8i9sb3oc0hv9bq6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15va1711krj8i9sb3oc0hv9bq6|03|org"; nocase; ) # 1qedxni11yg13nmksitwd82b0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qedxni11yg13nmksitwd82b0s|03|net"; nocase; ) # yyrx4exjrxia1vd7k0v8vz2tz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yyrx4exjrxia1vd7k0v8vz2tz|03|com"; nocase; ) # mc9v4avaiqh51u06p30x5blge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mc9v4avaiqh51u06p30x5blge|03|org"; nocase; ) # p7gpqu1oo98dikktiao13sd74z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7gpqu1oo98dikktiao13sd74z|03|com"; nocase; ) # 14w4otr1odi1qkqu4q5m1pb74xa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14w4otr1odi1qkqu4q5m1pb74xa|03|org"; nocase; ) # 7npluq4tzivx6y7rs147z6xz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7npluq4tzivx6y7rs147z6xz|03|biz"; nocase; ) # 1tdceaxqqo8qbtdgxfv4rdnra.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tdceaxqqo8qbtdgxfv4rdnra|03|biz"; nocase; ) # 1szoljdwbjqk3zfp77srqyzex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1szoljdwbjqk3zfp77srqyzex|03|com"; nocase; ) # 1swa4rge13rty1k5epo11z0scm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1swa4rge13rty1k5epo11z0scm4|03|org"; nocase; ) # 1i2mn201ag3pa2mxq3b5dq7yyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i2mn201ag3pa2mxq3b5dq7yyd|03|org"; nocase; ) # 1dy8px41t5sed51vvzjpyt2070r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dy8px41t5sed51vvzjpyt2070r|03|net"; nocase; ) # 1091bjfj2meszlkl171gz10z8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1091bjfj2meszlkl171gz10z8|03|com"; nocase; ) # 1ogfoqc1a4sfgvuzjx8t1nfccxn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ogfoqc1a4sfgvuzjx8t1nfccxn|03|net"; nocase; ) # 19yst4k1d1ut3nf1b4am1wksepf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19yst4k1d1ut3nf1b4am1wksepf|03|com"; nocase; ) # l9k9l4ij0zq1r588l44b0fw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l9k9l4ij0zq1r588l44b0fw5|03|net"; nocase; ) # 4kd09ro8mat613vnte31xwdlb9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4kd09ro8mat613vnte31xwdlb9|03|org"; nocase; ) # 1iqnp6953oz5p15lazi01wn59sm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iqnp6953oz5p15lazi01wn59sm|03|com"; nocase; ) # 1dkaowl1t6j8v9igbozz1c5jzig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dkaowl1t6j8v9igbozz1c5jzig|03|net"; nocase; ) # j4ai916lzy3rmps31veh2dph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j4ai916lzy3rmps31veh2dph|03|biz"; nocase; ) # 19po0n71698atndmi9gmvt6b7l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19po0n71698atndmi9gmvt6b7l|03|com"; nocase; ) # 1xrvyyzlwdo74ims7fa1nwksak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xrvyyzlwdo74ims7fa1nwksak|03|net"; nocase; ) # 99io9s7bb9rdjn5hzq1lqyd0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|99io9s7bb9rdjn5hzq1lqyd0w|03|net"; nocase; ) # 18v92oedima08edmqtiadnfw7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18v92oedima08edmqtiadnfw7|03|com"; nocase; ) # 1mpv3jfi67n5y1m6kvocmqoyo2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpv3jfi67n5y1m6kvocmqoyo2|03|org"; nocase; ) # 1n01ejpk8k6u1ur4cz913gr962.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n01ejpk8k6u1ur4cz913gr962|03|com"; nocase; ) # 1rlcz2v1qk17xf135mj1lz1h7x3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rlcz2v1qk17xf135mj1lz1h7x3|03|org"; nocase; ) # 1eqgr8i1k9zg5a1gr88wjsftuzq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eqgr8i1k9zg5a1gr88wjsftuzq|03|net"; nocase; ) # 64lb4nhc9vu8hafzkmpgbn0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|64lb4nhc9vu8hafzkmpgbn0z|03|org"; nocase; ) # fa5dv3jjr1o36elzkb11ywish.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fa5dv3jjr1o36elzkb11ywish|03|org"; nocase; ) # thia4gtxy2mwj2poyw1n2stnw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thia4gtxy2mwj2poyw1n2stnw|03|com"; nocase; ) # 1v2xerl1202l2sdgr2y91cxihgl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v2xerl1202l2sdgr2y91cxihgl|03|biz"; nocase; ) # 1l19lvk1qzlydytxsrjt13ldjzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l19lvk1qzlydytxsrjt13ldjzv|03|net"; nocase; ) # 1nju8z0jfgblq1li33dzzwmcy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nju8z0jfgblq1li33dzzwmcy|03|org"; nocase; ) # zuj5wa91gaz017zvtdr8l0o0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zuj5wa91gaz017zvtdr8l0o0|03|com"; nocase; ) # 1qun5xkx0zzuy1dyq9oapfumjp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qun5xkx0zzuy1dyq9oapfumjp|03|biz"; nocase; ) # 1arxybi11yh9sq19aex59js9s91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1arxybi11yh9sq19aex59js9s91|03|net"; nocase; ) # 1v7q5omode6g51hbz4o212ba4zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v7q5omode6g51hbz4o212ba4zy|03|net"; nocase; ) # txfl281ow30ny6rsrsy1nr7v7e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|txfl281ow30ny6rsrsy1nr7v7e|03|org"; nocase; ) # 8n9sw31onreha5zzs19ugiqck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8n9sw31onreha5zzs19ugiqck|03|net"; nocase; ) # 11olq1n1wq694l1v0495kjekjij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11olq1n1wq694l1v0495kjekjij|03|com"; nocase; ) # wwzxr7o8e39a15fp3tzbzih87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wwzxr7o8e39a15fp3tzbzih87|03|org"; nocase; ) # 30lyx86m451guyrxj71qfpvk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30lyx86m451guyrxj71qfpvk1|03|net"; nocase; ) # 1dxt5ox1p1k8dp179o50p1fxqapr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dxt5ox1p1k8dp179o50p1fxqapr|03|net"; nocase; ) # mui7g1lzrkz5s4p4831ru3t4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mui7g1lzrkz5s4p4831ru3t4t|03|com"; nocase; ) # l767shvc0phc16xa1cclm81q7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l767shvc0phc16xa1cclm81q7|03|biz"; nocase; ) # 1ety5fe1y2rebbr0wm2bf274i3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ety5fe1y2rebbr0wm2bf274i3|03|net"; nocase; ) # 1vqfrqishjbof19wijj0judjup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vqfrqishjbof19wijj0judjup|03|org"; nocase; ) # zicz5ok717jx2azcxuagrlb5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zicz5ok717jx2azcxuagrlb5|03|net"; nocase; ) # rjhjjkbaio451xqou0dvjn5ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rjhjjkbaio451xqou0dvjn5ar|03|net"; nocase; ) # 1q1qmhg172hvc9i43no27dfke9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q1qmhg172hvc9i43no27dfke9|03|com"; nocase; ) # n6oj292xu9usv3datu1u71cmq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n6oj292xu9usv3datu1u71cmq|03|com"; nocase; ) # p92hv4z90tas1zm4921lrqo71.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p92hv4z90tas1zm4921lrqo71|03|com"; nocase; ) # 1ub80f21fn4v7f10ji57hd1rbvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ub80f21fn4v7f10ji57hd1rbvs|03|com"; nocase; ) # 19qwplw19ib3fg1lymtuz1e0op64.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19qwplw19ib3fg1lymtuz1e0op64|03|biz"; nocase; ) # abztg91cx647s1k6p55w1w8culz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|abztg91cx647s1k6p55w1w8culz|03|org"; nocase; ) # scwqu38k662i1wvo4tg174dqen.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|scwqu38k662i1wvo4tg174dqen|03|biz"; nocase; ) # 1yshqcenzwqhq37v15g1qpwbeg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yshqcenzwqhq37v15g1qpwbeg|03|net"; nocase; ) # 5wbmnj1wt3k16v6z3v31refx53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5wbmnj1wt3k16v6z3v31refx53|03|net"; nocase; ) # 1mo1xrubrzv931fmunbc15xjeg5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mo1xrubrzv931fmunbc15xjeg5|03|com"; nocase; ) # 1769so418yyi17hmsdxp9uw56g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1769so418yyi17hmsdxp9uw56g|03|org"; nocase; ) # 4wpfmzvx0neo17b6hxm1k6t146.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4wpfmzvx0neo17b6hxm1k6t146|03|net"; nocase; ) # zgh2zempmvdgrvs8ikmkfr49.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zgh2zempmvdgrvs8ikmkfr49|03|org"; nocase; ) # qxiu3vc82bds139t7ul8k7eno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qxiu3vc82bds139t7ul8k7eno|03|org"; nocase; ) # 1e2ryi01k5nhmjd6thfk10rjtzt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e2ryi01k5nhmjd6thfk10rjtzt|03|biz"; nocase; ) # 1wl69f6n3014iov0ras1ukgqg6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wl69f6n3014iov0ras1ukgqg6|03|org"; nocase; ) # 1gplhpf1q9svfll3ocqte80iqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gplhpf1q9svfll3ocqte80iqd|03|net"; nocase; ) # dc6v8tsmu5s11u0iylc51n7ba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dc6v8tsmu5s11u0iylc51n7ba|03|net"; nocase; ) # 1ls9llj6ax6iwtlq8xg3wf8nm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ls9llj6ax6iwtlq8xg3wf8nm|03|com"; nocase; ) # 1thnmvxc4m07lod8xkxturn20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1thnmvxc4m07lod8xkxturn20|03|net"; nocase; ) # b8prxpkdnh212q7xp6jplbrf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b8prxpkdnh212q7xp6jplbrf|03|com"; nocase; ) # 7cppw180nnwe1d1ct1v34m79u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7cppw180nnwe1d1ct1v34m79u|03|net"; nocase; ) # 6e1g401x9q18qvwbovqqne46t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6e1g401x9q18qvwbovqqne46t|03|org"; nocase; ) # 142w9b35hjlcq1wjuekv1qj89kn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142w9b35hjlcq1wjuekv1qj89kn|03|com"; nocase; ) # 1vsjkmb1vm2n2u1e4ol911bq3nxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vsjkmb1vm2n2u1e4ol911bq3nxd|03|org"; nocase; ) # 6vyhm010cadr8170kybxeh8eno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6vyhm010cadr8170kybxeh8eno|03|org"; nocase; ) # 1r75i431b1osij115mvs953kgt0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r75i431b1osij115mvs953kgt0|03|org"; nocase; ) # 47dqxzpyowmxl74l6upyez9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|47dqxzpyowmxl74l6upyez9p|03|com"; nocase; ) # o2mymb7q0kjk15kvmv6gmpjlr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o2mymb7q0kjk15kvmv6gmpjlr|03|org"; nocase; ) # 1koekf9vybryy1iadau81kv9cy7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1koekf9vybryy1iadau81kv9cy7|03|net"; nocase; ) # 1avxvwlttmb5j1ezzw541ofe3gc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1avxvwlttmb5j1ezzw541ofe3gc|03|net"; nocase; ) # 6nutdih7swe8lazpz1ab8wyx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6nutdih7swe8lazpz1ab8wyx|03|org"; nocase; ) # 1rsk8tofepyag1eulwhg2dnqyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rsk8tofepyag1eulwhg2dnqyv|03|org"; nocase; ) # 1vxx2hd4sw7wdwsdwmu1bl97ba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxx2hd4sw7wdwsdwmu1bl97ba|03|net"; nocase; ) # 10mola91ixvbpwy3an3v6j7c94.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10mola91ixvbpwy3an3v6j7c94|03|net"; nocase; ) # 19tcggrya4s9v6f83h45dsyij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19tcggrya4s9v6f83h45dsyij|03|com"; nocase; ) # 1ktr6t3p1n78q1pgi3j1xgo3de.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ktr6t3p1n78q1pgi3j1xgo3de|03|com"; nocase; ) # 1pjxkgmbk7kwnd2l1apyo0kvl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pjxkgmbk7kwnd2l1apyo0kvl|03|org"; nocase; ) # 11rybccn2508j14b5npk1uk349a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11rybccn2508j14b5npk1uk349a|03|biz"; nocase; ) # 60664p16bqbr2a160eqs5m7h2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|60664p16bqbr2a160eqs5m7h2|03|net"; nocase; ) # 16iqk3r1e3w3oumwejkr1jlfsyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16iqk3r1e3w3oumwejkr1jlfsyy|03|net"; nocase; ) # pqf9kjp2ojyte712tt1tpzpfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pqf9kjp2ojyte712tt1tpzpfu|03|net"; nocase; ) # 1rl5dsw1esez507ju4oo1cpw0he.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rl5dsw1esez507ju4oo1cpw0he|03|org"; nocase; ) # 13yw2n7zh8nah2cp8r1auon3z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13yw2n7zh8nah2cp8r1auon3z|03|com"; nocase; ) # 1wbhb9q6eb16a199mfee5ipqj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbhb9q6eb16a199mfee5ipqj3|03|com"; nocase; ) # 1boc4661avcmx0pgl9dqm5yy5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1boc4661avcmx0pgl9dqm5yy5i|03|net"; nocase; ) # yz180x1n4bk0d1wafbih1xq823.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yz180x1n4bk0d1wafbih1xq823|03|biz"; nocase; ) # 1ll957a11t5n8x1qgt2um1wv71n9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ll957a11t5n8x1qgt2um1wv71n9|03|biz"; nocase; ) # 1vgs0akcrzyyjy7t40mh5kcvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgs0akcrzyyjy7t40mh5kcvk|03|net"; nocase; ) # 1ca5zt1lqve0l1x208p66vy51i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ca5zt1lqve0l1x208p66vy51i|03|com"; nocase; ) # 1uicbm94w0ejnp8g394ej6v6d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uicbm94w0ejnp8g394ej6v6d|03|net"; nocase; ) # 1p76w3v1kko2sg149z7ia89rexf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p76w3v1kko2sg149z7ia89rexf|03|com"; nocase; ) # 1cv8x41x0yjup1v8y6bo123vewn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cv8x41x0yjup1v8y6bo123vewn|03|net"; nocase; ) # 1sub6wz1018ht97ltu2dmql3b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sub6wz1018ht97ltu2dmql3b|03|biz"; nocase; ) # 1s2f2yu1sd57ciwa7yb91sbh1ag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2f2yu1sd57ciwa7yb91sbh1ag|03|biz"; nocase; ) # yplseq3zpkfshp1y541dnsl09.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yplseq3zpkfshp1y541dnsl09|03|com"; nocase; ) # sratp64ulizn4p0ael108z69m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sratp64ulizn4p0ael108z69m|03|org"; nocase; ) # 3decb6pfg3i81xsniro1xdtc5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3decb6pfg3i81xsniro1xdtc5b|03|com"; nocase; ) # 14fgvm14p9tkyvzsip10t4y7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14fgvm14p9tkyvzsip10t4y7w|03|org"; nocase; ) # 14dz8oz2t3ex1ufi2pj11ds5pe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14dz8oz2t3ex1ufi2pj11ds5pe|03|net"; nocase; ) # adoozo3weao58lln6121k8bb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|adoozo3weao58lln6121k8bb|03|org"; nocase; ) # 1vm8at41dd8ixyfwmgml17xe7tv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vm8at41dd8ixyfwmgml17xe7tv|03|com"; nocase; ) # 1ss7h3t7y3w8yidk5uja7xt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1ss7h3t7y3w8yidk5uja7xt|03|org"; nocase; ) # 16ap4jd1b37w6f2ve3sfw2u540.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16ap4jd1b37w6f2ve3sfw2u540|03|net"; nocase; ) # 140py7vkg21iq4wj5wy1h3frbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|140py7vkg21iq4wj5wy1h3frbx|03|org"; nocase; ) # 1b3wmjr1q79qpn1satmue1p7hr45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b3wmjr1q79qpn1satmue1p7hr45|03|net"; nocase; ) # fr8pjvppy3wc16qmljow619t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fr8pjvppy3wc16qmljow619t9|03|com"; nocase; ) # 1tznkf398cwfytg60qqna3238.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tznkf398cwfytg60qqna3238|03|com"; nocase; ) # 14dfai414imj961hd9fn41vu2r7o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14dfai414imj961hd9fn41vu2r7o|03|org"; nocase; ) # yso647py5leb1p83cmwczz21n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yso647py5leb1p83cmwczz21n|03|org"; nocase; ) # 4podmnwgv6k41y66ojlp1d18j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4podmnwgv6k41y66ojlp1d18j|03|net"; nocase; ) # vzxw891dmxyfuej6iyol9cb7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vzxw891dmxyfuej6iyol9cb7|03|biz"; nocase; ) # 1j7urtu12w65jnqcuu1s1o1xyuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7urtu12w65jnqcuu1s1o1xyuw|03|org"; nocase; ) # 1bs090b34m9rr1n1vhjo1mjd4tm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bs090b34m9rr1n1vhjo1mjd4tm|03|org"; nocase; ) # m015ezfvvpsm3dzo5f1vjlree.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m015ezfvvpsm3dzo5f1vjlree|03|org"; nocase; ) # n4tfnp1fuj4tkgnigexrftu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n4tfnp1fuj4tkgnigexrftu2|03|net"; nocase; ) # 498q251gf7wiqa5frnf13lz0ww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|498q251gf7wiqa5frnf13lz0ww|03|net"; nocase; ) # uk577b7e25hisy52i71u7xwbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uk577b7e25hisy52i71u7xwbb|03|com"; nocase; ) # 1nt5uv0o41ogo7qdyb1cbvx90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nt5uv0o41ogo7qdyb1cbvx90|03|com"; nocase; ) # 1xbnpiq1pkizo2n8u21c1rl5l8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xbnpiq1pkizo2n8u21c1rl5l8s|03|com"; nocase; ) # po44f0t8s0wr13kvy0wilfo42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|po44f0t8s0wr13kvy0wilfo42|03|net"; nocase; ) # 1ln60p4tc5sbl1d541kk1lwpt6q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ln60p4tc5sbl1d541kk1lwpt6q|03|biz"; nocase; ) # 1tk3gn615i788oltzalrfovp5f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tk3gn615i788oltzalrfovp5f|03|biz"; nocase; ) # 17bm46k1epyar41om1a33jr3l4p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17bm46k1epyar41om1a33jr3l4p|03|com"; nocase; ) # 1ayquycqhgx3s1xrbv5wascdmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ayquycqhgx3s1xrbv5wascdmj|03|org"; nocase; ) # vysk0rxmgyl015ooqix1f892f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vysk0rxmgyl015ooqix1f892f|03|com"; nocase; ) # 1bubmz35y1ms1qovsnu1fl2qx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bubmz35y1ms1qovsnu1fl2qx1|03|biz"; nocase; ) # 1equd0q1wl5a7ohnfktxbf4nwo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1equd0q1wl5a7ohnfktxbf4nwo|03|com"; nocase; ) # qne7ifr5kd1dqu4eryoloft8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qne7ifr5kd1dqu4eryoloft8|03|net"; nocase; ) # 197cv6f1otg8901sgpa1075yyrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|197cv6f1otg8901sgpa1075yyrz|03|net"; nocase; ) # 15qw0bajvw38w1psw1610pz4tz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15qw0bajvw38w1psw1610pz4tz|03|biz"; nocase; ) # j0s1bxg6ycly1q6hv8vhrdpbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0s1bxg6ycly1q6hv8vhrdpbo|03|org"; nocase; ) # 12141ui1sbzeccjibyydvryud6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12141ui1sbzeccjibyydvryud6|03|biz"; nocase; ) # 1oyxgcl1x9t1oocj98tbf2hx61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oyxgcl1x9t1oocj98tbf2hx61|03|net"; nocase; ) # y9npta1m1gz7v1jx5em913y8eue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y9npta1m1gz7v1jx5em913y8eue|03|org"; nocase; ) # 8a90531h8q6g0y70m4kkfli7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8a90531h8q6g0y70m4kkfli7a|03|com"; nocase; ) # 1559xwc1octi1by4t7xr19s8tsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1559xwc1octi1by4t7xr19s8tsx|03|net"; nocase; ) # yhcs3i18m1soigckydw75wvty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yhcs3i18m1soigckydw75wvty|03|org"; nocase; ) # 7gal9b196xshpihdnjtttyidb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7gal9b196xshpihdnjtttyidb|03|net"; nocase; ) # 1apkxh21d1kc8z1ffd5ug1hyqty5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1apkxh21d1kc8z1ffd5ug1hyqty5|03|com"; nocase; ) # 1yd1n8q11zk4j9369ha5k04k66.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yd1n8q11zk4j9369ha5k04k66|03|biz"; nocase; ) # 7ccopapd44u71of62nem6z9bf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ccopapd44u71of62nem6z9bf|03|org"; nocase; ) # 8nv83y1b0yq3f1i5cmk21uj17s9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8nv83y1b0yq3f1i5cmk21uj17s9|03|com"; nocase; ) # 16kr05m6vcqu1il52c215t0ild.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16kr05m6vcqu1il52c215t0ild|03|biz"; nocase; ) # 1w7b1f413b5tcpyniqmu10xunb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w7b1f413b5tcpyniqmu10xunb8|03|net"; nocase; ) # oupyd9zhv1tk1y0qx7g17mut2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oupyd9zhv1tk1y0qx7g17mut2m|03|net"; nocase; ) # 17ml6qdm70for17prdot1bcfaip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ml6qdm70for17prdot1bcfaip|03|net"; nocase; ) # byxwth153glk11cdfgwz1h1nxlj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|byxwth153glk11cdfgwz1h1nxlj|03|com"; nocase; ) # fd63hvs33obr191040o16p15je.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fd63hvs33obr191040o16p15je|03|biz"; nocase; ) # o3mckp1yqwxchdui1k921omk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3mckp1yqwxchdui1k921omk6|03|net"; nocase; ) # 1e0rzx01ydgd8h151j4f21kp4f6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e0rzx01ydgd8h151j4f21kp4f6h|03|org"; nocase; ) # 9zfkiubk8rjn14p39z61u8stlg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9zfkiubk8rjn14p39z61u8stlg|03|com"; nocase; ) # 1p9f0gj2smwnera6s48gk5dlj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p9f0gj2smwnera6s48gk5dlj|03|com"; nocase; ) # waqh97d30qgxmqhs4frtfypu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|waqh97d30qgxmqhs4frtfypu|03|net"; nocase; ) # wa9sp19cbbsb18n2cxe1mx213m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wa9sp19cbbsb18n2cxe1mx213m|03|org"; nocase; ) # gozqy1w35aho1cv4qr01n90vs6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gozqy1w35aho1cv4qr01n90vs6|03|com"; nocase; ) # su4zb31op2mqecbhczh19tgn6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|su4zb31op2mqecbhczh19tgn6i|03|net"; nocase; ) # 1jsh97l1mi7ihlzpe8nthwh0eu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jsh97l1mi7ihlzpe8nthwh0eu|03|org"; nocase; ) # 1yb48xdihgjfxub6d2m1pbjtvh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yb48xdihgjfxub6d2m1pbjtvh|03|net"; nocase; ) # ejq8eu1twg6hg1jmiilj1soju5b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ejq8eu1twg6hg1jmiilj1soju5b|03|org"; nocase; ) # 1o8uhd4s2wb8l17b98adrplck1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o8uhd4s2wb8l17b98adrplck1|03|com"; nocase; ) # 5gouq83wu9381btvxj4gatwv8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5gouq83wu9381btvxj4gatwv8|03|net"; nocase; ) # 178sgo6151qhb71jb4do8mdp8tm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178sgo6151qhb71jb4do8mdp8tm|03|org"; nocase; ) # wo07xq1toq9x2mhc2wo1hzlh4f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wo07xq1toq9x2mhc2wo1hzlh4f|03|org"; nocase; ) # 1ycn7fv1fpmnn61h9dp0s1vdzpf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ycn7fv1fpmnn61h9dp0s1vdzpf6|03|com"; nocase; ) # 8b1p9316hve3w1d814y6jvca3h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8b1p9316hve3w1d814y6jvca3h|03|biz"; nocase; ) # p0og2q1iqfo3w12qepq61rxb4ot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p0og2q1iqfo3w12qepq61rxb4ot|03|net"; nocase; ) # ezuavmsqpgclq9mgxjit4mlg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ezuavmsqpgclq9mgxjit4mlg|03|com"; nocase; ) # sasc9lvylruw15yo77v1hk2ejz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sasc9lvylruw15yo77v1hk2ejz|03|org"; nocase; ) # ce4cspwwz2ze1ndh9gx1ajijex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ce4cspwwz2ze1ndh9gx1ajijex|03|com"; nocase; ) # k4n2hxn1jv9f1czpxj3k56eta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k4n2hxn1jv9f1czpxj3k56eta|03|net"; nocase; ) # zbqran1q5mot18b83vjt044ne.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zbqran1q5mot18b83vjt044ne|03|net"; nocase; ) # 1exbj141q2m8e19qg4rs18v6v6d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1exbj141q2m8e19qg4rs18v6v6d|03|com"; nocase; ) # a2qdg4ly3f3t4ydn8p1vwrh8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a2qdg4ly3f3t4ydn8p1vwrh8v|03|org"; nocase; ) # pxf4m51c1kqpz1bp9oh6cphmh0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pxf4m51c1kqpz1bp9oh6cphmh0|03|net"; nocase; ) # c3gfndp9xks1g2thc11p1rwlx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c3gfndp9xks1g2thc11p1rwlx|03|net"; nocase; ) # ynn3agk61e8eenj0kz10qzz5a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ynn3agk61e8eenj0kz10qzz5a|03|biz"; nocase; ) # 1kvnb0a2ka0t1j0me7o19ctev5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kvnb0a2ka0t1j0me7o19ctev5|03|org"; nocase; ) # p5o4121t05uij1frsfkn1xmihag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p5o4121t05uij1frsfkn1xmihag|03|net"; nocase; ) # 1jo0vnsevm4hxyfd2iw18xyfjo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jo0vnsevm4hxyfd2iw18xyfjo|03|biz"; nocase; ) # 1g8ybhrms7xtllrlbnshm94gd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g8ybhrms7xtllrlbnshm94gd|03|com"; nocase; ) # r9i6hlhzcblmeuykuxyhg5oe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r9i6hlhzcblmeuykuxyhg5oe|03|net"; nocase; ) # 1nq26cz260fj7101k1el18m5fqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nq26cz260fj7101k1el18m5fqw|03|org"; nocase; ) # 14fitcfm1iz8e1tx6uyzh01fi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14fitcfm1iz8e1tx6uyzh01fi|03|org"; nocase; ) # 1jsrt6x1ubigp7lfz78orqhc5u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jsrt6x1ubigp7lfz78orqhc5u|03|biz"; nocase; ) # 1hav7slw0919k10ucaqz1765fe0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hav7slw0919k10ucaqz1765fe0|03|com"; nocase; ) # 1v3jt9d1szhzv8yfhj6k18f9pjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v3jt9d1szhzv8yfhj6k18f9pjb|03|org"; nocase; ) # zg6vs215yc7kx109qhl919laxc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zg6vs215yc7kx109qhl919laxc3|03|net"; nocase; ) # wqibc4kg4ewi1gcuqx1u6mcr6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqibc4kg4ewi1gcuqx1u6mcr6|03|net"; nocase; ) # maxs3n1lb39f4dyluj51kvuldb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|maxs3n1lb39f4dyluj51kvuldb|03|com"; nocase; ) # 11utkbvq322u21prqamv1w2s06i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11utkbvq322u21prqamv1w2s06i|03|biz"; nocase; ) # cj3anjmcjul6draz5h4n2gts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cj3anjmcjul6draz5h4n2gts|03|org"; nocase; ) # 4ab3o3koq9i31lggq0izg3wl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ab3o3koq9i31lggq0izg3wl|03|net"; nocase; ) # r2wnej1iotx631q2cj2fu5zdoi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r2wnej1iotx631q2cj2fu5zdoi|03|org"; nocase; ) # yhz0p8z938vu1apwxrc1cm1kcw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yhz0p8z938vu1apwxrc1cm1kcw|03|net"; nocase; ) # flnth9cfd1mla3kdv41soc1kc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|flnth9cfd1mla3kdv41soc1kc|03|org"; nocase; ) # 1nrdzihsug1n0wfwf8071o5me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nrdzihsug1n0wfwf8071o5me|03|net"; nocase; ) # y5a6vp1dwz6stp7kg2td3uon8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y5a6vp1dwz6stp7kg2td3uon8|03|biz"; nocase; ) # acjo37h2egp5wiifqndpx94.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|acjo37h2egp5wiifqndpx94|03|net"; nocase; ) # 1baa84l9o69un19npoou1d0ba5s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1baa84l9o69un19npoou1d0ba5s|03|com"; nocase; ) # b6jq9t27x0ahom000o16o0yro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b6jq9t27x0ahom000o16o0yro|03|net"; nocase; ) # 12lvz0s1sa5s8w1e7l6uv1vb07gn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12lvz0s1sa5s8w1e7l6uv1vb07gn|03|com"; nocase; ) # 68pvms1v3r2057nxa4ocl16dp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68pvms1v3r2057nxa4ocl16dp|03|com"; nocase; ) # y5ngr6lvkzz6ep6tq5oe8j0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y5ngr6lvkzz6ep6tq5oe8j0f|03|net"; nocase; ) # 15qntfq17hj489qih5e41l7qda5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15qntfq17hj489qih5e41l7qda5|03|org"; nocase; ) # ykxx376bng9okqp04z10hq0gu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ykxx376bng9okqp04z10hq0gu|03|biz"; nocase; ) # ppmjkg91e61p18my1xos2crnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ppmjkg91e61p18my1xos2crnj|03|org"; nocase; ) # v3ck06fk0ili3lthx1kgqkit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v3ck06fk0ili3lthx1kgqkit|03|net"; nocase; ) # 1031llh1652bhr1m5cxdk18r3gi2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1031llh1652bhr1m5cxdk18r3gi2|03|com"; nocase; ) # 15jq2u71e3trwzb19fmqho2dky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15jq2u71e3trwzb19fmqho2dky|03|net"; nocase; ) # 1fkdpafkns0jh1b1uc6c1rrigfm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fkdpafkns0jh1b1uc6c1rrigfm|03|net"; nocase; ) # dwbbnd1dm2lhn16w7wvaz5cpzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dwbbnd1dm2lhn16w7wvaz5cpzy|03|net"; nocase; ) # lj6dscsmvy9u48gs7k6v19as.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lj6dscsmvy9u48gs7k6v19as|03|org"; nocase; ) # yu9cst5hsh2s1dk7r451vttkqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yu9cst5hsh2s1dk7r451vttkqq|03|com"; nocase; ) # 1v03eal1oyxysxhx8ojhyezus2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v03eal1oyxysxhx8ojhyezus2|03|com"; nocase; ) # 1bb2ar912ivd60188qh5q1piewel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bb2ar912ivd60188qh5q1piewel|03|net"; nocase; ) # 1ph21jhqvckz6ozv4j1dgxrzv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ph21jhqvckz6ozv4j1dgxrzv|03|com"; nocase; ) # fxy5i314wvuuhfp53591someok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxy5i314wvuuhfp53591someok|03|net"; nocase; ) # 10wi5461t8u8f61ckdhgm1tqp76b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10wi5461t8u8f61ckdhgm1tqp76b|03|net"; nocase; ) # 7ugc6x16zd27ny2f3srw268wm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ugc6x16zd27ny2f3srw268wm|03|biz"; nocase; ) # 166ss4mxj3wd6m1jl1fac0job.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|166ss4mxj3wd6m1jl1fac0job|03|org"; nocase; ) # 1vkcyi41pp6x4g1696m6veft7sn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vkcyi41pp6x4g1696m6veft7sn|03|org"; nocase; ) # 3vzmpp14rbu5i86zoaf1xbj3m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3vzmpp14rbu5i86zoaf1xbj3m7|03|com"; nocase; ) # 1ou31ivoqht9lxu4ilb1q5i8o4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ou31ivoqht9lxu4ilb1q5i8o4|03|org"; nocase; ) # 2ujmee1d2jmc01tf0tvv1nstw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ujmee1d2jmc01tf0tvv1nstw|03|biz"; nocase; ) # 1h5g5r8st141yqptlx1e8j6pd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h5g5r8st141yqptlx1e8j6pd|03|com"; nocase; ) # roqjth190gouxgp7vgk14ubitc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|roqjth190gouxgp7vgk14ubitc|03|org"; nocase; ) # bm8vgkj4pnnzke7pmli5rwh8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bm8vgkj4pnnzke7pmli5rwh8|03|net"; nocase; ) # 3hxxqy1kfridri15cel1hl466.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3hxxqy1kfridri15cel1hl466|03|com"; nocase; ) # 1xhqxs8x5yum11hr6fxn11awipd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xhqxs8x5yum11hr6fxn11awipd|03|net"; nocase; ) # 1npg77p1tikkgqaigtjx1uulurd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1npg77p1tikkgqaigtjx1uulurd|03|org"; nocase; ) # acf9k7wvfafsiy7b052gaxc0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|acf9k7wvfafsiy7b052gaxc0|03|net"; nocase; ) # xh0rxl1g56v5c1eosqfcew8dhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xh0rxl1g56v5c1eosqfcew8dhi|03|net"; nocase; ) # wkoqhz1bqjtdyi6amqz1uq8cz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkoqhz1bqjtdyi6amqz1uq8cz3|03|org"; nocase; ) # 1dpo96treriozogdp6y1qyanxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dpo96treriozogdp6y1qyanxx|03|com"; nocase; ) # 1cx5y1i1ed7iwcugfvn215oadl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cx5y1i1ed7iwcugfvn215oadl|03|net"; nocase; ) # b94mkg1whbisjzopbo3fbscao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b94mkg1whbisjzopbo3fbscao|03|org"; nocase; ) # 15im4uj1yztirtjoyqof1y6vzb4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15im4uj1yztirtjoyqof1y6vzb4|03|biz"; nocase; ) # ry3014n2t68z1823rjw103ofm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ry3014n2t68z1823rjw103ofm2|03|com"; nocase; ) # 139dl3gfa96w1p0khxtroc7bt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|139dl3gfa96w1p0khxtroc7bt|03|net"; nocase; ) # 1njmvgrqqz6ioe6jd9dkva3ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1njmvgrqqz6ioe6jd9dkva3ec|03|org"; nocase; ) # 60a07310fvv5qtysau91voj31l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|60a07310fvv5qtysau91voj31l|03|net"; nocase; ) # pyejan1ec5wb6170zbv8199dqo9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pyejan1ec5wb6170zbv8199dqo9|03|org"; nocase; ) # nb872uuicj6g17zj5ts184otnu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nb872uuicj6g17zj5ts184otnu|03|net"; nocase; ) # 1csw1351phituracgm2416rnsjn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1csw1351phituracgm2416rnsjn|03|biz"; nocase; ) # 194ocneczwe4u1cvbicnjten1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|194ocneczwe4u1cvbicnjten1f|03|net"; nocase; ) # 1hsicar1hihg9tvnqemp1px8lum.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hsicar1hihg9tvnqemp1px8lum|03|biz"; nocase; ) # rfmygd1rq9q3im39h5xejohor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rfmygd1rq9q3im39h5xejohor|03|net"; nocase; ) # i800qb19x9p1o1nb8edg1mwkzih.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i800qb19x9p1o1nb8edg1mwkzih|03|org"; nocase; ) # 9g0ig7szv2g0l72llvoba4bn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9g0ig7szv2g0l72llvoba4bn|03|com"; nocase; ) # 1hxvlt91c3iqbs1k0b2d13t5cly.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hxvlt91c3iqbs1k0b2d13t5cly|03|biz"; nocase; ) # 1xigu791l3klx8olobisfd9xjg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xigu791l3klx8olobisfd9xjg|03|net"; nocase; ) # aqbawiuxhj291ipkwuoo12m33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aqbawiuxhj291ipkwuoo12m33|03|com"; nocase; ) # 1va1nx21rt0llscpq67b18pldit.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1va1nx21rt0llscpq67b18pldit|03|biz"; nocase; ) # 16xdikk10hzpch1ackfzs1e65ij9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16xdikk10hzpch1ackfzs1e65ij9|03|net"; nocase; ) # dvqd0yytyf8p1a2330bt043w4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dvqd0yytyf8p1a2330bt043w4|03|net"; nocase; ) # 1eu6ru3yuyj1bvn0k641vx88a5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eu6ru3yuyj1bvn0k641vx88a5|03|org"; nocase; ) # 1ov1lmhffm99l7yee4iyioi4i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ov1lmhffm99l7yee4iyioi4i|03|com"; nocase; ) # japezvvob1shyikkse1c4l01u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|japezvvob1shyikkse1c4l01u|03|com"; nocase; ) # 1rcol84ml825a11ofgtl1v66nh5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rcol84ml825a11ofgtl1v66nh5|03|biz"; nocase; ) # 198r2rfl4s1ax19i6qb7s765cc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|198r2rfl4s1ax19i6qb7s765cc|03|net"; nocase; ) # 1er2tqr0fmgznprj72r05x8c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1er2tqr0fmgznprj72r05x8c|03|biz"; nocase; ) # 16u438t18iz4b0edqh3mqzzsl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16u438t18iz4b0edqh3mqzzsl8|03|com"; nocase; ) # mhcpau15ivfc915kcyokg9oeve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mhcpau15ivfc915kcyokg9oeve|03|net"; nocase; ) # xilj31j3q2a2lx8rm911fyykp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xilj31j3q2a2lx8rm911fyykp|03|net"; nocase; ) # c5e6fuoxlh4y7otko1d8yrm8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c5e6fuoxlh4y7otko1d8yrm8|03|biz"; nocase; ) # 1b5t5ah1k0x5xv13vqarwgkryfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b5t5ah1k0x5xv13vqarwgkryfs|03|com"; nocase; ) # 1uaz6qp10uxe06bwxhfq1kxe9qy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uaz6qp10uxe06bwxhfq1kxe9qy|03|org"; nocase; ) # iv5aa31s31awb1300e823b2nf3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iv5aa31s31awb1300e823b2nf3|03|org"; nocase; ) # 13hed5b1fofkiiogfmapl5390h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13hed5b1fofkiiogfmapl5390h|03|com"; nocase; ) # k83s8o1km815zkdoqrt17aer4d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k83s8o1km815zkdoqrt17aer4d|03|org"; nocase; ) # efi5gb1ibfljy3ge6j6kmhju.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|efi5gb1ibfljy3ge6j6kmhju|03|com"; nocase; ) # izogwf1vb0d6f1kwggkw1p8a6g1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|izogwf1vb0d6f1kwggkw1p8a6g1|03|org"; nocase; ) # bf2fg516x6muh1ijmn43aydivk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bf2fg516x6muh1ijmn43aydivk|03|net"; nocase; ) # qkemn21md1p9x7mgkxm1bd2oef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qkemn21md1p9x7mgkxm1bd2oef|03|com"; nocase; ) # n5wwmh1xt1plsli8nwenjz01s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5wwmh1xt1plsli8nwenjz01s|03|net"; nocase; ) # zedhnr1us4kbmf9ey35kqwgfd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zedhnr1us4kbmf9ey35kqwgfd|03|biz"; nocase; ) # g3sy7n30d55x12e7wgem3kpip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3sy7n30d55x12e7wgem3kpip|03|org"; nocase; ) # 30m9819vf1ug1eo8prenqfnme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30m9819vf1ug1eo8prenqfnme|03|com"; nocase; ) # 1lhgj4vx96k9h7er7fj169qdy0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lhgj4vx96k9h7er7fj169qdy0|03|net"; nocase; ) # nnzw8xzawhpe1vd4giq6jc7dn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nnzw8xzawhpe1vd4giq6jc7dn|03|org"; nocase; ) # 1x9tlwsxe4cdx1o6kv5agxo2j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x9tlwsxe4cdx1o6kv5agxo2j|03|com"; nocase; ) # 7tsb4h2r1ggl18wdtgi1ozszri.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7tsb4h2r1ggl18wdtgi1ozszri|03|biz"; nocase; ) # 1qa0ajv1pc95ym1skwdzh1bubso9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qa0ajv1pc95ym1skwdzh1bubso9|03|org"; nocase; ) # 1ie1hljo0wrh013dz3vp1wrd995.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ie1hljo0wrh013dz3vp1wrd995|03|net"; nocase; ) # 1r254s31gn4gx3ztu8pi1qwcc19.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r254s31gn4gx3ztu8pi1qwcc19|03|biz"; nocase; ) # 1vi9egpborokz1kvrrol7reyb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vi9egpborokz1kvrrol7reyb7|03|net"; nocase; ) # 1u8ggsjjrmpkb1iofysd1a3md08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u8ggsjjrmpkb1iofysd1a3md08|03|net"; nocase; ) # ap6g81x2fq37121lozas7ewh0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ap6g81x2fq37121lozas7ewh0|03|biz"; nocase; ) # i2zu3av70xhzl04ese1jfp0ak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i2zu3av70xhzl04ese1jfp0ak|03|com"; nocase; ) # 1cn3bal1xc6ia71voqnuq1feeuja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cn3bal1xc6ia71voqnuq1feeuja|03|net"; nocase; ) # 1t8fwqth82p8asaj3lfyuh550.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t8fwqth82p8asaj3lfyuh550|03|net"; nocase; ) # j4n7db1aqjczw1sxbb6b3pkfk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4n7db1aqjczw1sxbb6b3pkfk5|03|com"; nocase; ) # 1xvqh4o1cxy8aq910tvz1xyfe4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xvqh4o1cxy8aq910tvz1xyfe4|03|net"; nocase; ) # 33e3i415advkr3hjmey1q5g22k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|33e3i415advkr3hjmey1q5g22k|03|com"; nocase; ) # k3dvi41rsiuwm15nxi0e55myv7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3dvi41rsiuwm15nxi0e55myv7|03|org"; nocase; ) # 17ugm7qmsm6onzjxyzw88hm5v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17ugm7qmsm6onzjxyzw88hm5v|03|net"; nocase; ) # 199fsb618cod1i9kt86m1gktcae.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|199fsb618cod1i9kt86m1gktcae|03|org"; nocase; ) # g1pmq71oada1pf5y9o21x4k8wv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g1pmq71oada1pf5y9o21x4k8wv|03|biz"; nocase; ) # 145egen6645wczyxx0chfm1vz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|145egen6645wczyxx0chfm1vz|03|org"; nocase; ) # 5982y9pimvndhoi6rn1e2px5x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5982y9pimvndhoi6rn1e2px5x|03|net"; nocase; ) # snrmu5moqi79ik4exs1azvvga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|snrmu5moqi79ik4exs1azvvga|03|net"; nocase; ) # lnb2dmvchzbf3avjsqej2q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|lnb2dmvchzbf3avjsqej2q|03|biz"; nocase; ) # w1odau1fau3mgc3nirmwr91kk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w1odau1fau3mgc3nirmwr91kk|03|net"; nocase; ) # jy8ufi1qr93g7152t12apzftkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jy8ufi1qr93g7152t12apzftkm|03|com"; nocase; ) # xts5e8txy0jdil5zn1btio3y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xts5e8txy0jdil5zn1btio3y|03|org"; nocase; ) # 1mdzvz01w62kmcja428f1asfxpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mdzvz01w62kmcja428f1asfxpw|03|org"; nocase; ) # 103o2sf15fkp3bxp3x1a9sidkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|103o2sf15fkp3bxp3x1a9sidkz|03|org"; nocase; ) # 1mzob4c12q57t110gs1feqlvm1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mzob4c12q57t110gs1feqlvm1w|03|com"; nocase; ) # 1m1i7h51elgv661itm4jq1v8pxby.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m1i7h51elgv661itm4jq1v8pxby|03|net"; nocase; ) # 1p8v2lb16kmh9z1rr69hl1vh5nks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p8v2lb16kmh9z1rr69hl1vh5nks|03|biz"; nocase; ) # 1n59m3nd8o9i31164jlb15x4uxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n59m3nd8o9i31164jlb15x4uxd|03|org"; nocase; ) # 1h5jbk91abd6p41qkls8817kjqn9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h5jbk91abd6p41qkls8817kjqn9|03|org"; nocase; ) # 1o1uid74jb0wd1sy8cxu11jp2q0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o1uid74jb0wd1sy8cxu11jp2q0|03|org"; nocase; ) # 1btvei11wfbw3v1x8x21w1ukulr9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1btvei11wfbw3v1x8x21w1ukulr9|03|com"; nocase; ) # 12yzf8i138p3591neergvhcd0a2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12yzf8i138p3591neergvhcd0a2|03|biz"; nocase; ) # ioocty16l4z2b1oarfs71ud80hz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ioocty16l4z2b1oarfs71ud80hz|03|org"; nocase; ) # 1bp1id7nlnze71r7ev16182l1aa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bp1id7nlnze71r7ev16182l1aa|03|com"; nocase; ) # 1pfvyeyauubo91hwhjd61uqp9yr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pfvyeyauubo91hwhjd61uqp9yr|03|net"; nocase; ) # zrr1u8drp5gtqpahth9jylm1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zrr1u8drp5gtqpahth9jylm1|03|net"; nocase; ) # rhdp0mzg4k4gh2foxyhruqif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rhdp0mzg4k4gh2foxyhruqif|03|biz"; nocase; ) # 103uhnmiofbwjfmiwc1zy2pvg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|103uhnmiofbwjfmiwc1zy2pvg|03|org"; nocase; ) # 1rfx0nm13d3rf1mwp4q01sdc8og.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rfx0nm13d3rf1mwp4q01sdc8og|03|org"; nocase; ) # 19fi3s01e7a1ml1h2s4icf1jb6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19fi3s01e7a1ml1h2s4icf1jb6i|03|org"; nocase; ) # 1wz5pqkm39p6n1kpzwgy1mhlq99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wz5pqkm39p6n1kpzwgy1mhlq99|03|org"; nocase; ) # vez3mljpdhmgspc5223ohcf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|vez3mljpdhmgspc5223ohcf|03|com"; nocase; ) # 1wqgmm71jbr15t115ovawgpat94.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wqgmm71jbr15t115ovawgpat94|03|biz"; nocase; ) # 88zsdz1wiih531t8lgeo1efh36d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|88zsdz1wiih531t8lgeo1efh36d|03|net"; nocase; ) # oi0sg12bt4mqekv1yji5hq3d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oi0sg12bt4mqekv1yji5hq3d|03|biz"; nocase; ) # 1ua9i8u6e6abl1fn3wt7cn37fd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ua9i8u6e6abl1fn3wt7cn37fd|03|com"; nocase; ) # 1gxb2sfwxqfiq19tf9rt14llcr9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gxb2sfwxqfiq19tf9rt14llcr9|03|net"; nocase; ) # srhw4qu4ricjkwntg1d77bui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|srhw4qu4ricjkwntg1d77bui|03|com"; nocase; ) # 1bjfur195xfc0nvgp661kx0qli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjfur195xfc0nvgp661kx0qli|03|org"; nocase; ) # iu17hwuvdz8h11k5ys1kd1f95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iu17hwuvdz8h11k5ys1kd1f95|03|net"; nocase; ) # zlpitn13y94621wepsy7g2k96f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zlpitn13y94621wepsy7g2k96f|03|net"; nocase; ) # 12kajgc1toxvmxv2lej1hq8as1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12kajgc1toxvmxv2lej1hq8as1|03|net"; nocase; ) # 8e7sm51i4csm31mswppszk705y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8e7sm51i4csm31mswppszk705y|03|com"; nocase; ) # 1u7w0vo19qubzt1h3ek9dpob4do.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u7w0vo19qubzt1h3ek9dpob4do|03|biz"; nocase; ) # lrymn01xd9hy51stbbrl1kdce2k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lrymn01xd9hy51stbbrl1kdce2k|03|com"; nocase; ) # xhoqoi6mjzcxqvwz4ewkcejs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xhoqoi6mjzcxqvwz4ewkcejs|03|biz"; nocase; ) # 1l6fk3yc6b71y103h0yxp5duip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l6fk3yc6b71y103h0yxp5duip|03|org"; nocase; ) # zp4usz1wuri8u87tibtvoict8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zp4usz1wuri8u87tibtvoict8|03|org"; nocase; ) # ukdp3n13hemnraj5mbju2ahvy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ukdp3n13hemnraj5mbju2ahvy|03|net"; nocase; ) # 1d6oeotjn2a1n1mqokk17ngq8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d6oeotjn2a1n1mqokk17ngq8z|03|com"; nocase; ) # 1rb1imsesy0421epe9or16c5gnp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rb1imsesy0421epe9or16c5gnp|03|org"; nocase; ) # 1loi7571sq5cylf5obsb11eh9h8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1loi7571sq5cylf5obsb11eh9h8|03|biz"; nocase; ) # h5jco51yt61ehjewft696frly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h5jco51yt61ehjewft696frly|03|org"; nocase; ) # 7i3pldn997b17u4a99vg9gn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7i3pldn997b17u4a99vg9gn8|03|com"; nocase; ) # w1y9t8g6e8xsx1enfy11hdasd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w1y9t8g6e8xsx1enfy11hdasd|03|org"; nocase; ) # 1eijwc917kf7t21qhlv1x1dbkehl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eijwc917kf7t21qhlv1x1dbkehl|03|com"; nocase; ) # 1ptk14d1o611iu1i99rardihqzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptk14d1o611iu1i99rardihqzm|03|net"; nocase; ) # 16voalo1vpa21g3hcudj1dnvrzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16voalo1vpa21g3hcudj1dnvrzm|03|com"; nocase; ) # 1lnc862er3mni28dmxeym7h2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lnc862er3mni28dmxeym7h2|03|net"; nocase; ) # 1lmyejh1jayxxcc5a59o1smtx9x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lmyejh1jayxxcc5a59o1smtx9x|03|biz"; nocase; ) # 1hneq9b1xo90svlbvje01d3mbji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hneq9b1xo90svlbvje01d3mbji|03|net"; nocase; ) # 1rslxnncx2pqw17gdpwnx049ih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rslxnncx2pqw17gdpwnx049ih|03|net"; nocase; ) # 1yieaoe1yxqblz1gkkpcaw9qczj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yieaoe1yxqblz1gkkpcaw9qczj|03|org"; nocase; ) # 1of7eklp57ttdpafqan9dc7bc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1of7eklp57ttdpafqan9dc7bc|03|com"; nocase; ) # falptdaaiej71rcreny1vttw2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|falptdaaiej71rcreny1vttw2m|03|org"; nocase; ) # kjfiqw7xi91i13w28gr1r2n1sy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kjfiqw7xi91i13w28gr1r2n1sy|03|biz"; nocase; ) # xgxaho1x51zc6wq5m8b1qti5lh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xgxaho1x51zc6wq5m8b1qti5lh|03|com"; nocase; ) # 1gohhsz1x4z1o41ok7dii199gs5x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gohhsz1x4z1o41ok7dii199gs5x|03|net"; nocase; ) # imr8h910luj9b6hreruy5k61f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|imr8h910luj9b6hreruy5k61f|03|biz"; nocase; ) # 9raaw3yvpjdt51shy34oa1qx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9raaw3yvpjdt51shy34oa1qx|03|net"; nocase; ) # 1n67o15hzzeznacp2gio5aqdn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n67o15hzzeznacp2gio5aqdn|03|net"; nocase; ) # 1qo6l0e1yb17p2nl3xay1gkf10g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qo6l0e1yb17p2nl3xay1gkf10g|03|net"; nocase; ) # 1umf9e1wzf7j1kf4zeo7tc18q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1umf9e1wzf7j1kf4zeo7tc18q|03|org"; nocase; ) # qkdq2djep2751h4zbt7nbs3bh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qkdq2djep2751h4zbt7nbs3bh|03|com"; nocase; ) # 103s37q10n8qy4ipczvx1fyn574.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|103s37q10n8qy4ipczvx1fyn574|03|net"; nocase; ) # srx3lu1k28mdgkqdbat1smcgjy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|srx3lu1k28mdgkqdbat1smcgjy|03|net"; nocase; ) # lxct5y90dg3bgxfw815oxozy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lxct5y90dg3bgxfw815oxozy|03|com"; nocase; ) # qmry1p1yxwhxn46mhij19ejeoc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qmry1p1yxwhxn46mhij19ejeoc|03|org"; nocase; ) # q64qm31tbees0kfkhaw187zpw6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q64qm31tbees0kfkhaw187zpw6|03|com"; nocase; ) # psajwx1n4n01ezxwecn1f1k842.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|psajwx1n4n01ezxwecn1f1k842|03|net"; nocase; ) # 1qlkofrxyvs7h17glwgv16xndv9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qlkofrxyvs7h17glwgv16xndv9|03|org"; nocase; ) # 1ofueom119ww0n19py6zqeiamsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ofueom119ww0n19py6zqeiamsh|03|net"; nocase; ) # 18ywn8vptfa5g1mzqszd1u7dg93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ywn8vptfa5g1mzqszd1u7dg93|03|com"; nocase; ) # 1gfsr0obktwjlftlrnd9a23vp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gfsr0obktwjlftlrnd9a23vp|03|net"; nocase; ) # 139ytv6gawyox8ew6qt1tgxmnp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|139ytv6gawyox8ew6qt1tgxmnp|03|biz"; nocase; ) # 1i9qkdu2cj7co19grpr93mwl2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i9qkdu2cj7co19grpr93mwl2l|03|com"; nocase; ) # 1irp8dk1lx0egk1ku6cava5ofth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1irp8dk1lx0egk1ku6cava5ofth|03|org"; nocase; ) # 1141lh8181x9ev1w5q661h3v29f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1141lh8181x9ev1w5q661h3v29f|03|com"; nocase; ) # gh18lxmy6jp4j9vdj6qaug8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gh18lxmy6jp4j9vdj6qaug8r|03|com"; nocase; ) # 58wem31djbhul1txs98m15ftlvj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|58wem31djbhul1txs98m15ftlvj|03|biz"; nocase; ) # 1fiwxxz1fib9ajqpnkexzhtbd3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fiwxxz1fib9ajqpnkexzhtbd3|03|org"; nocase; ) # ci9320vtfgm513lwudf10nge70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ci9320vtfgm513lwudf10nge70|03|net"; nocase; ) # 5k8hjw1t6d40v4piwz8hgqtt9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5k8hjw1t6d40v4piwz8hgqtt9|03|biz"; nocase; ) # 1m5itid1giuselox8vk910tk7nu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m5itid1giuselox8vk910tk7nu|03|com"; nocase; ) # zsgyu2xyo2gq143wjn0c4t7s1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zsgyu2xyo2gq143wjn0c4t7s1|03|com"; nocase; ) # 1yta9zed0efhbsg18bbossulz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yta9zed0efhbsg18bbossulz|03|org"; nocase; ) # 3lo9o41kqhbcgc7b62v1gs6dm9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3lo9o41kqhbcgc7b62v1gs6dm9|03|biz"; nocase; ) # 1gpdst91bqi2b8mfkf7k1qix2vg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gpdst91bqi2b8mfkf7k1qix2vg|03|biz"; nocase; ) # zisi0m1jcqv9v3vssu198z35j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zisi0m1jcqv9v3vssu198z35j|03|com"; nocase; ) # 1drpi9k1hv7gvh1nfc0ic1dg85u2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1drpi9k1hv7gvh1nfc0ic1dg85u2|03|com"; nocase; ) # lzbbpv1bxosne9hr3e9fyluc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lzbbpv1bxosne9hr3e9fyluc1|03|com"; nocase; ) # 1p9v7soxicldcz24231jqvq68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p9v7soxicldcz24231jqvq68|03|net"; nocase; ) # 12lqmc68ycjs61lz32jkv702p0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12lqmc68ycjs61lz32jkv702p0|03|com"; nocase; ) # 1jbekrnwkcpjvr01jk71xt4y84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbekrnwkcpjvr01jk71xt4y84|03|net"; nocase; ) # 860hcfuxomqe1b111h3ow0214.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|860hcfuxomqe1b111h3ow0214|03|biz"; nocase; ) # 1tjgzs21kwda72k3avroerilrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tjgzs21kwda72k3avroerilrm|03|net"; nocase; ) # hdrys9hcbf1i7oqax1prc6l3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hdrys9hcbf1i7oqax1prc6l3|03|com"; nocase; ) # 1c2cl98dsivv013q5nu71rsxgcd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c2cl98dsivv013q5nu71rsxgcd|03|org"; nocase; ) # 1ubhuvaqj96pl1dodnkdkj854k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ubhuvaqj96pl1dodnkdkj854k|03|net"; nocase; ) # 12xrq2pk10vk8x7h4momr1fg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|12xrq2pk10vk8x7h4momr1fg|03|com"; nocase; ) # 1yqajha1i1h7uly81jb01xvmd52.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yqajha1i1h7uly81jb01xvmd52|03|net"; nocase; ) # 1eg89j815ichkahi9a3pz86446.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eg89j815ichkahi9a3pz86446|03|org"; nocase; ) # 92b7z61td57qy16tz8d31t3iso7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|92b7z61td57qy16tz8d31t3iso7|03|com"; nocase; ) # 1js7bu2yusd5m1qish2ng8ekn4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000015999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1js7bu2yusd5m1qish2ng8ekn4|03|net"; nocase; ) # 17ul7ae18qnudr1j072v81xtieze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17ul7ae18qnudr1j072v81xtieze|03|org"; nocase; ) # 1fcg7a71p87g6i91d7eg8i3uxn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fcg7a71p87g6i91d7eg8i3uxn|03|org"; nocase; ) # gsohu6hgar8e1rq6kkn11bngb1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gsohu6hgar8e1rq6kkn11bngb1|03|biz"; nocase; ) # 1wy7wul15wk83w19fz9j0alb1oy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wy7wul15wk83w19fz9j0alb1oy|03|biz"; nocase; ) # 173uostnw4h2x1qudf65unfaf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|173uostnw4h2x1qudf65unfaf2|03|org"; nocase; ) # 1wk2czx10hu3ohvjglwp1aty91t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wk2czx10hu3ohvjglwp1aty91t|03|biz"; nocase; ) # cfrcttu0kvqf1db12hr1e6tbmu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cfrcttu0kvqf1db12hr1e6tbmu|03|com"; nocase; ) # 1372vfo1886ds76i0t0eu23zqr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1372vfo1886ds76i0t0eu23zqr|03|com"; nocase; ) # t7r2gk1renp6h82ehlu50des7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t7r2gk1renp6h82ehlu50des7|03|org"; nocase; ) # 1bg5n5zq1yr3n1uwb4lz1vzg7a3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bg5n5zq1yr3n1uwb4lz1vzg7a3|03|net"; nocase; ) # dz6tc3g96s001f4alloq7c4eq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dz6tc3g96s001f4alloq7c4eq|03|org"; nocase; ) # 132akbwnfvv20atrso7958mt7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|132akbwnfvv20atrso7958mt7|03|com"; nocase; ) # 7e4ruho0lyc2alzyyu1gg13hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7e4ruho0lyc2alzyyu1gg13hu|03|com"; nocase; ) # 1b59ymn2mrx0e9s0whv1qa1vf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b59ymn2mrx0e9s0whv1qa1vf|03|net"; nocase; ) # 1jajbab1m95jsy112j7pw6ad4s2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jajbab1m95jsy112j7pw6ad4s2|03|net"; nocase; ) # 1m175rt13jhh381cncsj21ht6hj5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m175rt13jhh381cncsj21ht6hj5|03|org"; nocase; ) # 9u1jtp1acggsg1qmy53n1nn19qy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9u1jtp1acggsg1qmy53n1nn19qy|03|com"; nocase; ) # g4xrxs1a1fix8l69xi01mwlee1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4xrxs1a1fix8l69xi01mwlee1|03|net"; nocase; ) # 5s6rupno0pt91eh1r201uns1f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5s6rupno0pt91eh1r201uns1f|03|com"; nocase; ) # 1a3352623rnj21nhie3xbxv95r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a3352623rnj21nhie3xbxv95r|03|net"; nocase; ) # nlqiaw1i91q8tqmognd107saq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nlqiaw1i91q8tqmognd107saq0|03|biz"; nocase; ) # 1k3mvzq1ex3qkypa2lcdq67iba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3mvzq1ex3qkypa2lcdq67iba|03|org"; nocase; ) # lle9cu1kw8gl716sep7t1k03499.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lle9cu1kw8gl716sep7t1k03499|03|com"; nocase; ) # 1ytdzj912vfm5sw4a41k28l2nw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ytdzj912vfm5sw4a41k28l2nw|03|org"; nocase; ) # 1ru5klj1slmsg88amwx3fe3zi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ru5klj1slmsg88amwx3fe3zi|03|net"; nocase; ) # 4m02cqs5y4kq1taluqokfl6cn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4m02cqs5y4kq1taluqokfl6cn|03|biz"; nocase; ) # tk3mrdnb4iph1rpl10uespojc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tk3mrdnb4iph1rpl10uespojc|03|com"; nocase; ) # fz2bxff0cv1kojhzaz1lxjavg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fz2bxff0cv1kojhzaz1lxjavg|03|org"; nocase; ) # ei2mod3qw3wk14nbh6x1767867.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ei2mod3qw3wk14nbh6x1767867|03|org"; nocase; ) # qraxz93plapx1atwkdn1yn4qq3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qraxz93plapx1atwkdn1yn4qq3|03|net"; nocase; ) # 1vst7feokdr1ru2w5dkbtngei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vst7feokdr1ru2w5dkbtngei|03|org"; nocase; ) # iu1fx5twg9yc54nhtvkrh97a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iu1fx5twg9yc54nhtvkrh97a|03|org"; nocase; ) # 1huk19o1o4fh5oqqyzu1dgbk9a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1huk19o1o4fh5oqqyzu1dgbk9a|03|com"; nocase; ) # 1lxy7i810x0sux1qcht6ma8gl4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxy7i810x0sux1qcht6ma8gl4n|03|com"; nocase; ) # r6pvi24k5mosnfzbbpwh9fk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r6pvi24k5mosnfzbbpwh9fk4|03|net"; nocase; ) # lpujr11ibwjlj1g9hmrqff4f7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lpujr11ibwjlj1g9hmrqff4f7k|03|biz"; nocase; ) # 1jvsldi1pvlrfn118xdbaqu60aj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jvsldi1pvlrfn118xdbaqu60aj|03|com"; nocase; ) # 1yxgwwl1vrr4sk1jyal5df1gvfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxgwwl1vrr4sk1jyal5df1gvfx|03|net"; nocase; ) # qm74gzxdbcv8n445rb1gcbyn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qm74gzxdbcv8n445rb1gcbyn|03|com"; nocase; ) # 1qwcd1sdus1143enjg6t2rtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qwcd1sdus1143enjg6t2rtb|03|net"; nocase; ) # 18s0ukl1kcp63l16da4zt5few9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18s0ukl1kcp63l16da4zt5few9e|03|biz"; nocase; ) # 15xd13ng2ncffj9snej1ht3rdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15xd13ng2ncffj9snej1ht3rdy|03|com"; nocase; ) # 1jc13vj1jbe8r01r8f8j617hcfb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jc13vj1jbe8r01r8f8j617hcfb0|03|com"; nocase; ) # 63r7tl1lkw4bpxm8dfc1uzdwr3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|63r7tl1lkw4bpxm8dfc1uzdwr3|03|net"; nocase; ) # 1728bwf1f17g4r1gce2wz186cxap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1728bwf1f17g4r1gce2wz186cxap|03|com"; nocase; ) # vm1hqxrvohbwfzihi51l3mb7h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vm1hqxrvohbwfzihi51l3mb7h|03|biz"; nocase; ) # cr6w6r1gvcvws188d2xvb1rxsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cr6w6r1gvcvws188d2xvb1rxsa|03|com"; nocase; ) # ctp70fhjigsd1vvnsmwmr063z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctp70fhjigsd1vvnsmwmr063z|03|biz"; nocase; ) # eevx9qqhagfw1048e4c1hq8ioe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eevx9qqhagfw1048e4c1hq8ioe|03|biz"; nocase; ) # e7hyii1xi2hs017tolss4vfyj7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7hyii1xi2hs017tolss4vfyj7|03|biz"; nocase; ) # 1bok7cq17oblhbso82z41oq99vt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bok7cq17oblhbso82z41oq99vt|03|org"; nocase; ) # 1h9dz311836vmt1bqaxul7nl8ev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h9dz311836vmt1bqaxul7nl8ev|03|net"; nocase; ) # 14vp0w8wzswqg1iq7f2e1cjm7fq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14vp0w8wzswqg1iq7f2e1cjm7fq|03|org"; nocase; ) # 11a90g365g5yiuxuiqdy3d77p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11a90g365g5yiuxuiqdy3d77p|03|com"; nocase; ) # k6ouv965rtwbul52onpbrif6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k6ouv965rtwbul52onpbrif6|03|biz"; nocase; ) # 1bbdi2ih0ihkxho22zt1kp8vs0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bbdi2ih0ihkxho22zt1kp8vs0|03|biz"; nocase; ) # kmmzeac9nnrd3jf0fu1hhv51b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmmzeac9nnrd3jf0fu1hhv51b|03|org"; nocase; ) # 4xu3wy1vrpmly1xc0dbxjohgjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4xu3wy1vrpmly1xc0dbxjohgjl|03|org"; nocase; ) # 12x47791l7ha5z1g3u3rw6e0bfy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12x47791l7ha5z1g3u3rw6e0bfy|03|biz"; nocase; ) # 1t2yix7166jkrhp03ou1q2xzxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t2yix7166jkrhp03ou1q2xzxu|03|com"; nocase; ) # p5gxr61huvy8w6aq3hg1e7ytia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p5gxr61huvy8w6aq3hg1e7ytia|03|org"; nocase; ) # j31dmc1g2t8ad871p5b1fi8xw6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j31dmc1g2t8ad871p5b1fi8xw6|03|org"; nocase; ) # 9bcfpo1cvm72o1tt5f94xutrn0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9bcfpo1cvm72o1tt5f94xutrn0|03|com"; nocase; ) # 18xs8k51cb0ilq19xzb4ixlroh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18xs8k51cb0ilq19xzb4ixlroh9|03|net"; nocase; ) # 1c5jrsi1z0g7jpbs2iwn1mc8pga.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c5jrsi1z0g7jpbs2iwn1mc8pga|03|biz"; nocase; ) # 10r11hc1feap8krurlnv1oxl0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10r11hc1feap8krurlnv1oxl0o|03|com"; nocase; ) # 1eerbqwvndp3w139tzpulu90ju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eerbqwvndp3w139tzpulu90ju|03|org"; nocase; ) # ceg63315vzfgk1dp5y40i0qns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ceg63315vzfgk1dp5y40i0qns|03|com"; nocase; ) # 1tfr5n4udcjzt1ufmk577tiv1j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tfr5n4udcjzt1ufmk577tiv1j|03|com"; nocase; ) # 1n9e1yh1oibu213gz172ay2ra5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n9e1yh1oibu213gz172ay2ra5|03|net"; nocase; ) # 18dmw0e6xb8ph18kpyd11seq9kg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18dmw0e6xb8ph18kpyd11seq9kg|03|org"; nocase; ) # wvzhca1tq44r21m3lfch1yl3qd0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wvzhca1tq44r21m3lfch1yl3qd0|03|net"; nocase; ) # ypsars19ocmqlgxlhuvxt56o7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypsars19ocmqlgxlhuvxt56o7|03|com"; nocase; ) # vpuqkpqpmhmwdewhhr1dixiix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vpuqkpqpmhmwdewhhr1dixiix|03|com"; nocase; ) # yw3m0d7qh6iq1arexb31d9ulhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yw3m0d7qh6iq1arexb31d9ulhw|03|net"; nocase; ) # 3bscczzij84c1nw68821bhiqr8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3bscczzij84c1nw68821bhiqr8|03|org"; nocase; ) # 1frkitoz27xf6hnnmhbsvlah1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1frkitoz27xf6hnnmhbsvlah1|03|biz"; nocase; ) # 1qpze11ttexamojycjz1evtlqn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qpze11ttexamojycjz1evtlqn|03|com"; nocase; ) # rdr491pp0fbc19erry21saczbk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rdr491pp0fbc19erry21saczbk|03|org"; nocase; ) # 1fyhlyxhvzr0r13t0vzv1scj1pd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fyhlyxhvzr0r13t0vzv1scj1pd|03|net"; nocase; ) # 4ah9uqdm60v0cf54wdswuqo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ah9uqdm60v0cf54wdswuqo7|03|net"; nocase; ) # 1d3w45t16i8cea18pf28je0l1d9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d3w45t16i8cea18pf28je0l1d9|03|org"; nocase; ) # 10zyzo1kqz65y1y76sg113ey88y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zyzo1kqz65y1y76sg113ey88y|03|com"; nocase; ) # i0lwsbph4cpcj8l0xvs1auh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|i0lwsbph4cpcj8l0xvs1auh|03|biz"; nocase; ) # a34l9qhnv04qy3bamgobx2mz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a34l9qhnv04qy3bamgobx2mz|03|net"; nocase; ) # b53l7y18ix1xp17rosdk12tj3wf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b53l7y18ix1xp17rosdk12tj3wf|03|org"; nocase; ) # 1tkbxua172kdmz1ucbl4m18pu035.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tkbxua172kdmz1ucbl4m18pu035|03|org"; nocase; ) # ie0m2k1lfzyhjsv12qc1qflcs6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ie0m2k1lfzyhjsv12qc1qflcs6|03|biz"; nocase; ) # aqy5p9z9xq091l8x5yl2zqu2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aqy5p9z9xq091l8x5yl2zqu2o|03|net"; nocase; ) # 1jm5jfdp35jkf1u83i8t1aqcu9w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jm5jfdp35jkf1u83i8t1aqcu9w|03|com"; nocase; ) # 33ra0n6ojjo412ldsn2llhuw6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|33ra0n6ojjo412ldsn2llhuw6|03|org"; nocase; ) # 14okamhooa6o63tg5k2rlzy6d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14okamhooa6o63tg5k2rlzy6d|03|org"; nocase; ) # yab1gaq8zq9g1vg9wdt1ifbaq8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yab1gaq8zq9g1vg9wdt1ifbaq8|03|biz"; nocase; ) # l0xman1ry6hp57606y71ttmjvh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0xman1ry6hp57606y71ttmjvh|03|com"; nocase; ) # 1104pue15zgup516wtcpunnbqu2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1104pue15zgup516wtcpunnbqu2|03|org"; nocase; ) # ofyk9ppxib62170z6w71lavqdb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ofyk9ppxib62170z6w71lavqdb|03|org"; nocase; ) # 1a49o21xctb7i4h2qu93yud9v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a49o21xctb7i4h2qu93yud9v|03|biz"; nocase; ) # 1bby78bvh8cry1dtgvm7vtq5w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bby78bvh8cry1dtgvm7vtq5w4|03|org"; nocase; ) # 11g64pifwf1y415n6svkukse7a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11g64pifwf1y415n6svkukse7a|03|biz"; nocase; ) # 1yyibt11j2ye5f1u988dj1hn5b19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yyibt11j2ye5f1u988dj1hn5b19|03|net"; nocase; ) # erztnqoybp3qc4c503f6dgxp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|erztnqoybp3qc4c503f6dgxp|03|org"; nocase; ) # 1kcz0i2y7tcpld5ncou32j42q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kcz0i2y7tcpld5ncou32j42q|03|net"; nocase; ) # 1hzjkwwwpjqrs1x3iso914xf8ck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hzjkwwwpjqrs1x3iso914xf8ck|03|net"; nocase; ) # a6x2yz1p7rd009oqug4jc9pjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a6x2yz1p7rd009oqug4jc9pjx|03|org"; nocase; ) # 1si7jvj15yfuzxuv4jskokr9pd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1si7jvj15yfuzxuv4jskokr9pd|03|net"; nocase; ) # 1mk9sxu1yx2c7q1qqszp12cys4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mk9sxu1yx2c7q1qqszp12cys4n|03|net"; nocase; ) # mdk4n31dp94o61umkt6n1rb4kad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mdk4n31dp94o61umkt6n1rb4kad|03|net"; nocase; ) # weqr13174x5yeftan0x1qu4pv1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|weqr13174x5yeftan0x1qu4pv1|03|org"; nocase; ) # 1q1erk1162ma3h1471aqg1h8he8a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q1erk1162ma3h1471aqg1h8he8a|03|net"; nocase; ) # 7odytv1w21mt31anobmm1tf1j5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7odytv1w21mt31anobmm1tf1j5g|03|org"; nocase; ) # 1k3xglwcjzli3m8xrsh9re933.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k3xglwcjzli3m8xrsh9re933|03|org"; nocase; ) # 1draokyy2f57pferlx91ar39i4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1draokyy2f57pferlx91ar39i4|03|biz"; nocase; ) # n3rmh31ugi53xy2z7c71ukzvbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3rmh31ugi53xy2z7c71ukzvbu|03|net"; nocase; ) # 1x0an0wiq2w1u1w66fxxy9tw90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0an0wiq2w1u1w66fxxy9tw90|03|com"; nocase; ) # 10tjale13rnpk1u4xprn6mr0yh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10tjale13rnpk1u4xprn6mr0yh|03|net"; nocase; ) # 1msvndggfq9g8oxbrz71ai6am.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1msvndggfq9g8oxbrz71ai6am|03|biz"; nocase; ) # xsovlu156cwy32jommf1arovgk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsovlu156cwy32jommf1arovgk|03|net"; nocase; ) # v9o5gs1wfxyq4td9uz58mnwqa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9o5gs1wfxyq4td9uz58mnwqa|03|com"; nocase; ) # 1fogeguxl1h59jddss71u2pypv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fogeguxl1h59jddss71u2pypv|03|net"; nocase; ) # xbqsxc19xqzbg13obbcj1oxvi1r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xbqsxc19xqzbg13obbcj1oxvi1r|03|org"; nocase; ) # 1mpx5e21p906zt1w66wimomxbsu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mpx5e21p906zt1w66wimomxbsu|03|com"; nocase; ) # 1b6g6qpqzlteumdxrr9i3826.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1b6g6qpqzlteumdxrr9i3826|03|com"; nocase; ) # 1h2tw651g1l3s1yansdmpqj6ut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2tw651g1l3s1yansdmpqj6ut|03|com"; nocase; ) # 14l5h7ew6hmu3sqccywzgiqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14l5h7ew6hmu3sqccywzgiqc|03|org"; nocase; ) # dbpf77n7ztfp15m6nsllxepoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dbpf77n7ztfp15m6nsllxepoy|03|net"; nocase; ) # 12zx01n1ttdzadu5g2wc1bfniiv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12zx01n1ttdzadu5g2wc1bfniiv|03|biz"; nocase; ) # 1hxptuhgubwfsotvqd2129eyo8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hxptuhgubwfsotvqd2129eyo8|03|org"; nocase; ) # n2f3b51o7suc81xe5y2fmf4jb5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n2f3b51o7suc81xe5y2fmf4jb5|03|net"; nocase; ) # 1x1eaujlxrrao1jk9oma1ondg7r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1eaujlxrrao1jk9oma1ondg7r|03|org"; nocase; ) # c3ooagsh283bh4jffy1uwktmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c3ooagsh283bh4jffy1uwktmj|03|org"; nocase; ) # dmrgsi11jte8fsvcy5g17dmfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmrgsi11jte8fsvcy5g17dmfd|03|com"; nocase; ) # 6jph6u2lwrtsvv9npy1y9dfs9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6jph6u2lwrtsvv9npy1y9dfs9|03|net"; nocase; ) # 1y3vzw2vy74lcv41m4551cap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1y3vzw2vy74lcv41m4551cap|03|biz"; nocase; ) # lnsjyoxqc2pbusf909s7paxj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lnsjyoxqc2pbusf909s7paxj|03|org"; nocase; ) # 1244e3h1177hqw13xl76m49rhp6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1244e3h1177hqw13xl76m49rhp6|03|biz"; nocase; ) # 1bksmjp1602jzphd4cn67w7lg3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bksmjp1602jzphd4cn67w7lg3|03|net"; nocase; ) # lqohfnwahl591nnx1ltfv0aia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lqohfnwahl591nnx1ltfv0aia|03|org"; nocase; ) # 28nqf8mk3kqlv1mxwf8ngdy0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|28nqf8mk3kqlv1mxwf8ngdy0|03|com"; nocase; ) # 15wraph1ypa0gn19gxeh7pu5fxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15wraph1ypa0gn19gxeh7pu5fxm|03|com"; nocase; ) # 7vq6pa1i6bx5c1eir5ea16kgdbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7vq6pa1i6bx5c1eir5ea16kgdbl|03|net"; nocase; ) # 1l33j63qwr577fhwfzh190mog1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l33j63qwr577fhwfzh190mog1|03|net"; nocase; ) # 1h0u390gbpv4fuoe2kc179spiq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h0u390gbpv4fuoe2kc179spiq|03|net"; nocase; ) # 1goac6w53xw081ql6j3c19e0vly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1goac6w53xw081ql6j3c19e0vly|03|com"; nocase; ) # zs3z1ex06r43ide7xg3sq5m4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zs3z1ex06r43ide7xg3sq5m4|03|net"; nocase; ) # sk4wha1ahvko71d723v21a6lolz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sk4wha1ahvko71d723v21a6lolz|03|net"; nocase; ) # 5bf40wgcvxg9196pron5drh2l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5bf40wgcvxg9196pron5drh2l|03|org"; nocase; ) # jon0nc1v3jkythdvt2kpl9p8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jon0nc1v3jkythdvt2kpl9p8d|03|org"; nocase; ) # ag4i08u777xx1nzj61ae9t86c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ag4i08u777xx1nzj61ae9t86c|03|com"; nocase; ) # i3r4rd6ir70s1gj6mbt1tgmz1r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i3r4rd6ir70s1gj6mbt1tgmz1r|03|biz"; nocase; ) # 8nc8os1ypjz3ue3xsy36v7fc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8nc8os1ypjz3ue3xsy36v7fc|03|com"; nocase; ) # ak43kf8tikgu1n8ejbnthgsiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ak43kf8tikgu1n8ejbnthgsiz|03|com"; nocase; ) # 1egqruwizyufe140nzapck1y2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egqruwizyufe140nzapck1y2n|03|org"; nocase; ) # 1qpmj551seam3uwhpnoalw363u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qpmj551seam3uwhpnoalw363u|03|biz"; nocase; ) # 10rkdnbusc5j71cr6wuz1kjucct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rkdnbusc5j71cr6wuz1kjucct|03|org"; nocase; ) # f1304otzxkoa1w6c6o693n8zl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f1304otzxkoa1w6c6o693n8zl|03|com"; nocase; ) # 9qhdwvqqgpv9y6bp3rjwh5pi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9qhdwvqqgpv9y6bp3rjwh5pi|03|biz"; nocase; ) # ye2bugovbcbu1ec8u8i64f0mn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ye2bugovbcbu1ec8u8i64f0mn|03|com"; nocase; ) # 1tjcbo10e0qio1iun9ke12l0xpf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tjcbo10e0qio1iun9ke12l0xpf|03|com"; nocase; ) # 1w7hrr814v39ammb1zctd1x3az.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w7hrr814v39ammb1zctd1x3az|03|net"; nocase; ) # 146sps6bll1621mh0f4z8b86au.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146sps6bll1621mh0f4z8b86au|03|org"; nocase; ) # 1056d3f1n901qng8l0o1l2765j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1056d3f1n901qng8l0o1l2765j|03|biz"; nocase; ) # fwo2ho1sc8cxtlfoaz6g3ei9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fwo2ho1sc8cxtlfoaz6g3ei9o|03|net"; nocase; ) # 5cig76mz4l2o1pvhaevy8u4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5cig76mz4l2o1pvhaevy8u4g|03|net"; nocase; ) # 1up3bwlhvvtnq1hr8clm1fxqpyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1up3bwlhvvtnq1hr8clm1fxqpyj|03|org"; nocase; ) # nv8dp5l6gmzo1g8m1aq1hlzmr3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nv8dp5l6gmzo1g8m1aq1hlzmr3|03|biz"; nocase; ) # 7muw8g1gpk0th3g6as0jr1ym3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7muw8g1gpk0th3g6as0jr1ym3|03|net"; nocase; ) # 1tporzf18bq9e7vg015e1h6u122.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tporzf18bq9e7vg015e1h6u122|03|org"; nocase; ) # 1i3sy1y5wkc6q1w6p3qowykv4a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i3sy1y5wkc6q1w6p3qowykv4a|03|com"; nocase; ) # fkbs6prwr44zlr7yie1w1p781.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fkbs6prwr44zlr7yie1w1p781|03|net"; nocase; ) # 1s2vdqc18bi2sy192ba7tjha42r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2vdqc18bi2sy192ba7tjha42r|03|org"; nocase; ) # 10lwyot1ns3s9219yrnl64sil4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10lwyot1ns3s9219yrnl64sil4c|03|net"; nocase; ) # 1qnh7gb8tuc791yimzzg1tcjgw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qnh7gb8tuc791yimzzg1tcjgw5|03|org"; nocase; ) # 1kkpisy1rzzf3pwcad9by0hqsr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkpisy1rzzf3pwcad9by0hqsr|03|org"; nocase; ) # 1x6y2k01l6zrxqdyr5j2pqnh3l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x6y2k01l6zrxqdyr5j2pqnh3l|03|biz"; nocase; ) # jkrykaou0rj58davzwxubax8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jkrykaou0rj58davzwxubax8|03|org"; nocase; ) # h65aej6lx7md1o58g847tg7sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h65aej6lx7md1o58g847tg7sq|03|net"; nocase; ) # 1nopho7tnbe9p1gtuqpt7crowx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nopho7tnbe9p1gtuqpt7crowx|03|com"; nocase; ) # 1rdumqd1ajjj7190dyqc71gmjx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdumqd1ajjj7190dyqc71gmjx|03|com"; nocase; ) # faev06ibjb741e4ijij1oorhit.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|faev06ibjb741e4ijij1oorhit|03|biz"; nocase; ) # 1wtrkpt1ngzg43snh56u1n702l3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wtrkpt1ngzg43snh56u1n702l3|03|org"; nocase; ) # 1cj45xseoczcgfg4arl1se03c8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cj45xseoczcgfg4arl1se03c8|03|com"; nocase; ) # 1472kzbkgfrt6y5aqo1hcqra4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1472kzbkgfrt6y5aqo1hcqra4|03|biz"; nocase; ) # 1nfvk9j1lvvg26kxoq95znd793.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nfvk9j1lvvg26kxoq95znd793|03|org"; nocase; ) # 4blio21wc5vm915h3sdanivz1c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4blio21wc5vm915h3sdanivz1c|03|com"; nocase; ) # 1vfjwvxouzo2jyxsur91nq3wfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vfjwvxouzo2jyxsur91nq3wfq|03|net"; nocase; ) # 1wlnbx9fahw471od64todwdidw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlnbx9fahw471od64todwdidw|03|biz"; nocase; ) # mz55sw2x2eieeco6h22liez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mz55sw2x2eieeco6h22liez|03|net"; nocase; ) # c7uso989wfpl1wl46n31trocuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c7uso989wfpl1wl46n31trocuz|03|com"; nocase; ) # 1pz4ntn1c23x621fycwd61ut0m5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pz4ntn1c23x621fycwd61ut0m5r|03|com"; nocase; ) # 8828mm11zix8518oa63p1w29mw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8828mm11zix8518oa63p1w29mw3|03|biz"; nocase; ) # bv12eq135u7cz1s74uulu9iyqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bv12eq135u7cz1s74uulu9iyqf|03|com"; nocase; ) # 14qumrs5hmodk1pwswsw16btckf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14qumrs5hmodk1pwswsw16btckf|03|com"; nocase; ) # 1y2hyvuzahyub113cllh1ug5pgf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y2hyvuzahyub113cllh1ug5pgf|03|net"; nocase; ) # cv45cq5uwmqz1n4np1yl6nb80.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cv45cq5uwmqz1n4np1yl6nb80|03|org"; nocase; ) # 18d1quutfcmhra4qi581tjgwfs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18d1quutfcmhra4qi581tjgwfs|03|net"; nocase; ) # xwbvq71li2zfv1oi7tb6wdji2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwbvq71li2zfv1oi7tb6wdji2h|03|com"; nocase; ) # s6i4xr1dym1ok103hnx91ha2rp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6i4xr1dym1ok103hnx91ha2rp|03|biz"; nocase; ) # 191ozz9ikbe1712bnqr55yy6ta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|191ozz9ikbe1712bnqr55yy6ta|03|net"; nocase; ) # 1mipx11fhcbiq12lf31rxq8sf5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mipx11fhcbiq12lf31rxq8sf5|03|com"; nocase; ) # 11i324p1xxsio74go1d21fd2vuh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11i324p1xxsio74go1d21fd2vuh|03|org"; nocase; ) # s1jwyuooc57b97klbb1w2d6wr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s1jwyuooc57b97klbb1w2d6wr|03|org"; nocase; ) # 5w8i3818fq43ts45e4ivp6xs4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5w8i3818fq43ts45e4ivp6xs4|03|org"; nocase; ) # 17fu2fw1mjpn8c1fy4bvanpn2yx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17fu2fw1mjpn8c1fy4bvanpn2yx|03|org"; nocase; ) # 1iq7gy91o36d351kwfixmr5lxpd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iq7gy91o36d351kwfixmr5lxpd|03|net"; nocase; ) # kntc1e10cv8gtrirgz8kt5itz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kntc1e10cv8gtrirgz8kt5itz|03|net"; nocase; ) # w3rymlpslszlg1f08b349m5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w3rymlpslszlg1f08b349m5j|03|org"; nocase; ) # kymuno1i6znit1nvsoz9dtzfdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kymuno1i6znit1nvsoz9dtzfdi|03|com"; nocase; ) # 1c8sgx01ygpd83hh0uy0ll9emr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c8sgx01ygpd83hh0uy0ll9emr|03|biz"; nocase; ) # vfhm381waceia1ralw021hpnrcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vfhm381waceia1ralw021hpnrcr|03|org"; nocase; ) # p91xwq1gztjt41d1l2fn1vqe8cy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p91xwq1gztjt41d1l2fn1vqe8cy|03|net"; nocase; ) # 1c36fem1h1djxm617pgg17z2lwu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c36fem1h1djxm617pgg17z2lwu|03|biz"; nocase; ) # 1t1ta4wcprvdy1kob2cx15nqk3b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t1ta4wcprvdy1kob2cx15nqk3b|03|net"; nocase; ) # scbn0a16xdgo72xc49qzyji0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|scbn0a16xdgo72xc49qzyji0|03|org"; nocase; ) # ci4o7q11bf2zt1av05df1996zpq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ci4o7q11bf2zt1av05df1996zpq|03|com"; nocase; ) # 79j94r2dgo2fzjc5pfw5bapm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|79j94r2dgo2fzjc5pfw5bapm|03|org"; nocase; ) # nhvmg41aae8ih856735f9n1qz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nhvmg41aae8ih856735f9n1qz|03|com"; nocase; ) # 1bdo7y412663zx7rb9luoqjke2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bdo7y412663zx7rb9luoqjke2|03|org"; nocase; ) # 1gtqpe21w6p835xy4iaqyubl1i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gtqpe21w6p835xy4iaqyubl1i|03|com"; nocase; ) # 1sj6ckalhakogepdz3u6or98k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sj6ckalhakogepdz3u6or98k|03|biz"; nocase; ) # 1ln6gmo5rc0l78og5pd1fawu8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ln6gmo5rc0l78og5pd1fawu8n|03|net"; nocase; ) # cpux9rcmje111rdq0mia4mr70.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cpux9rcmje111rdq0mia4mr70|03|com"; nocase; ) # 5fncwg1gstdr5ar5yk91m83frm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fncwg1gstdr5ar5yk91m83frm|03|net"; nocase; ) # dhw2cwbkq9ce1kddhzn1mcyc2x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dhw2cwbkq9ce1kddhzn1mcyc2x|03|com"; nocase; ) # 1n9vjbq10en3t91gp8qsit5rdke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9vjbq10en3t91gp8qsit5rdke|03|org"; nocase; ) # 1274fi1100dgkg1kx4pgjl4le1h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1274fi1100dgkg1kx4pgjl4le1h|03|org"; nocase; ) # 1kd4e6e1t3eocskhqte4nzzp61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kd4e6e1t3eocskhqte4nzzp61|03|net"; nocase; ) # ptepou1ii8yb71stfdc51uzxj29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ptepou1ii8yb71stfdc51uzxj29|03|com"; nocase; ) # 9ivsy818c8i3a14b5frzvwjdld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ivsy818c8i3a14b5frzvwjdld|03|net"; nocase; ) # 14bofk81bhno1etpkd8ohj0v7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14bofk81bhno1etpkd8ohj0v7l|03|net"; nocase; ) # 1n24blyvxg2y2r5ot8l1frn55p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n24blyvxg2y2r5ot8l1frn55p|03|com"; nocase; ) # 19aitld86bg3ekirculp3dzhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19aitld86bg3ekirculp3dzhr|03|com"; nocase; ) # 16ud99ydhm0gur7uofxx7zno1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ud99ydhm0gur7uofxx7zno1|03|org"; nocase; ) # dkwqx0rseyrdf8gxxz16l4ms2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dkwqx0rseyrdf8gxxz16l4ms2|03|org"; nocase; ) # 1pjpbbx11skzmq1nau1mqwtq0rc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pjpbbx11skzmq1nau1mqwtq0rc|03|net"; nocase; ) # jxwu517702av1wnkgpb3jb6m2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxwu517702av1wnkgpb3jb6m2|03|org"; nocase; ) # 1ufvvlj3vwov01typsqf7xaepu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ufvvlj3vwov01typsqf7xaepu|03|biz"; nocase; ) # ve7xq15c53unjmqnn71hrbfew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ve7xq15c53unjmqnn71hrbfew|03|net"; nocase; ) # o0qp2corb8y012fyjt8x0xmjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o0qp2corb8y012fyjt8x0xmjo|03|org"; nocase; ) # 1n5eors1bo0g82scz5u014hkgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n5eors1bo0g82scz5u014hkgb|03|org"; nocase; ) # 1xf5cyw6jwbbh7xmnbh6w7e72.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xf5cyw6jwbbh7xmnbh6w7e72|03|com"; nocase; ) # 1mthkdkigmmrd1727kn366dk5s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mthkdkigmmrd1727kn366dk5s|03|com"; nocase; ) # bb391qm34q1063oyszbg54h2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bb391qm34q1063oyszbg54h2|03|net"; nocase; ) # 18smb6asla9m21w5fj72xlmsym.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18smb6asla9m21w5fj72xlmsym|03|biz"; nocase; ) # d1liaq2loomm9y4g2rf9ljz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|d1liaq2loomm9y4g2rf9ljz|03|biz"; nocase; ) # 154ow70crixl2qoj8dnmuqh4w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|154ow70crixl2qoj8dnmuqh4w|03|org"; nocase; ) # 3yt74h7gdwxywb84qcqffuws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3yt74h7gdwxywb84qcqffuws|03|com"; nocase; ) # 1njwver63xvve151or0a2s674s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1njwver63xvve151or0a2s674s|03|com"; nocase; ) # 11q2itl1wuribr1gkhyv1hcb82r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11q2itl1wuribr1gkhyv1hcb82r|03|org"; nocase; ) # 1gek400r4llw314561r0n5heen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gek400r4llw314561r0n5heen|03|com"; nocase; ) # 17j13ay1jf1cu4ge47t7r694xl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17j13ay1jf1cu4ge47t7r694xl|03|org"; nocase; ) # 2lla991ebp10096ebhtt0fymx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2lla991ebp10096ebhtt0fymx|03|biz"; nocase; ) # lxg56b1aqx0qa1o4azie1v4wsp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lxg56b1aqx0qa1o4azie1v4wsp5|03|net"; nocase; ) # ma39kymr4q9z1g96h3riqkj6p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ma39kymr4q9z1g96h3riqkj6p|03|org"; nocase; ) # 1ddg5qqlq4tqqhm67kndhpqfz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ddg5qqlq4tqqhm67kndhpqfz|03|org"; nocase; ) # 99saj1hruo2v1kfnrgf6bta0n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|99saj1hruo2v1kfnrgf6bta0n|03|com"; nocase; ) # 1sxftg31q347bj1j9v2m5up3pyg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sxftg31q347bj1j9v2m5up3pyg|03|net"; nocase; ) # jij9kaq3e8cg1jt25bxj626cc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jij9kaq3e8cg1jt25bxj626cc|03|net"; nocase; ) # 1kuh8tl1hsumq7lilgci1bzk7i6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kuh8tl1hsumq7lilgci1bzk7i6|03|net"; nocase; ) # 1hpeyi61ce0sg21ry709yiem9tj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpeyi61ce0sg21ry709yiem9tj|03|com"; nocase; ) # a7q48dievumrmv5nj9yd7jic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a7q48dievumrmv5nj9yd7jic|03|org"; nocase; ) # iz2qr1w94rcbqd8yq1hn06ot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iz2qr1w94rcbqd8yq1hn06ot|03|org"; nocase; ) # 19jpu027xd8epv39i9t1i1t3dg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19jpu027xd8epv39i9t1i1t3dg|03|net"; nocase; ) # ozva91wc6hhvd8hfceo1qkyw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ozva91wc6hhvd8hfceo1qkyw|03|org"; nocase; ) # 1qfovn91giu4k37vub82ulc3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfovn91giu4k37vub82ulc3k|03|net"; nocase; ) # 1yrd37j13evan922gaed11p9l9w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yrd37j13evan922gaed11p9l9w|03|com"; nocase; ) # 1bdnnkv3015da7ui48obu7ct3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bdnnkv3015da7ui48obu7ct3|03|org"; nocase; ) # 28yqo01t6h26d1gdiq9ueqbhkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|28yqo01t6h26d1gdiq9ueqbhkk|03|net"; nocase; ) # 1w8dhpalkihhzodjar53k877g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w8dhpalkihhzodjar53k877g|03|biz"; nocase; ) # ecpd0h11it03w1p093rr7p628f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecpd0h11it03w1p093rr7p628f|03|net"; nocase; ) # ss37t11drkqmz1fhgk8f91jvei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ss37t11drkqmz1fhgk8f91jvei|03|net"; nocase; ) # 1l5ua4p12blwsc1env5n4vg4c57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5ua4p12blwsc1env5n4vg4c57|03|com"; nocase; ) # 14xea481j8bbbdrh41y4hj0m7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14xea481j8bbbdrh41y4hj0m7|03|org"; nocase; ) # 1ou1bcfg4jbt68yivt7lpmfdz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ou1bcfg4jbt68yivt7lpmfdz|03|net"; nocase; ) # 1a4h3ua4jplajm5ispdn7n95z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a4h3ua4jplajm5ispdn7n95z|03|org"; nocase; ) # ch2fdj1arch5e1d5n0bv1k6p0yg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ch2fdj1arch5e1d5n0bv1k6p0yg|03|com"; nocase; ) # t4mnrc1cbqa73ayhxw9ltcl5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4mnrc1cbqa73ayhxw9ltcl5t|03|com"; nocase; ) # 1l0gymy1qk8xad1kqinrg1n85ro2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l0gymy1qk8xad1kqinrg1n85ro2|03|net"; nocase; ) # wvkqm51eobe4o1xpyk0mmi7oyw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wvkqm51eobe4o1xpyk0mmi7oyw|03|net"; nocase; ) # e2b6tycb2kpw1m7dqpe4kelf8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e2b6tycb2kpw1m7dqpe4kelf8|03|com"; nocase; ) # 1lgbcs7hkm62i1shom2y1rgiejo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lgbcs7hkm62i1shom2y1rgiejo|03|org"; nocase; ) # 64owjp124n08liem0jw1t5xk16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64owjp124n08liem0jw1t5xk16|03|com"; nocase; ) # 1cwyr651d3id6b1xxh8y01gfdjsg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cwyr651d3id6b1xxh8y01gfdjsg|03|com"; nocase; ) # 1lopxkk13h77c7j6z3msscvsht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lopxkk13h77c7j6z3msscvsht|03|net"; nocase; ) # 1ktrdihk4v7m9gzubp61kajqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ktrdihk4v7m9gzubp61kajqv|03|org"; nocase; ) # 6zsuv71o5j9ml1n77mue1ovmpg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6zsuv71o5j9ml1n77mue1ovmpg1|03|com"; nocase; ) # 1fwqmgn1k51pq31scw7sk1nz8bop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fwqmgn1k51pq31scw7sk1nz8bop|03|net"; nocase; ) # 1bn404m1tsm2olebe7rd1pjsbu7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bn404m1tsm2olebe7rd1pjsbu7|03|org"; nocase; ) # 1ricaa7rq08iv1qjaac5nd71cr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ricaa7rq08iv1qjaac5nd71cr|03|net"; nocase; ) # xt89yq1jo4r6k16h9x51uitli6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xt89yq1jo4r6k16h9x51uitli6|03|com"; nocase; ) # n6a13t1su9dce1bjzyh518ofbn0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n6a13t1su9dce1bjzyh518ofbn0|03|biz"; nocase; ) # 1b5bndhckvhuvkctpq0aiqaf0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b5bndhckvhuvkctpq0aiqaf0|03|net"; nocase; ) # xgj0z31n49yysw7ugqq9wiqd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xgj0z31n49yysw7ugqq9wiqd1|03|net"; nocase; ) # 1t2d6mj1tcjy2163ckhslt5lde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t2d6mj1tcjy2163ckhslt5lde|03|com"; nocase; ) # rmkgb813fxn7c1m5wdyoeivikr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rmkgb813fxn7c1m5wdyoeivikr|03|org"; nocase; ) # 1rmdxjt1fp1apw1hf4rvs1u344hq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rmdxjt1fp1apw1hf4rvs1u344hq|03|net"; nocase; ) # twplb5189pd7z1mmmvq31t9ixpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|twplb5189pd7z1mmmvq31t9ixpw|03|org"; nocase; ) # 1mn22c01m0s0ijri4tj2148z50m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mn22c01m0s0ijri4tj2148z50m|03|org"; nocase; ) # 1icv2eb1lyf6xb1t65h1w1uc21ds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1icv2eb1lyf6xb1t65h1w1uc21ds|03|com"; nocase; ) # 1ylr6ap19u9e4x1nlp5qaie3k37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ylr6ap19u9e4x1nlp5qaie3k37|03|net"; nocase; ) # 701s2215fcflf1jgm9pr3xaybd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|701s2215fcflf1jgm9pr3xaybd|03|biz"; nocase; ) # 1mwa21totaqiszng8n21t6dbsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mwa21totaqiszng8n21t6dbsr|03|net"; nocase; ) # 1ugp8vl6lrfpp2e7libukbnsb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ugp8vl6lrfpp2e7libukbnsb|03|net"; nocase; ) # 1y0vgrm19dpfcl1tixpdz1r7gvf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y0vgrm19dpfcl1tixpdz1r7gvf1|03|org"; nocase; ) # 1po102c8cab1uzjnhdfq33ih7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1po102c8cab1uzjnhdfq33ih7|03|biz"; nocase; ) # gq5gttvua0py1u9t3gygvn6z8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gq5gttvua0py1u9t3gygvn6z8|03|com"; nocase; ) # 158898n1bblvsx1ievsoe121p4eg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|158898n1bblvsx1ievsoe121p4eg|03|net"; nocase; ) # 8rfwycp5qt7yy8zu61xvyc3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8rfwycp5qt7yy8zu61xvyc3a|03|net"; nocase; ) # 114r3dw1tlrf7e449njy1nwnlj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|114r3dw1tlrf7e449njy1nwnlj|03|net"; nocase; ) # 4p5pc9liu2vov0hqgy1rldk5g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4p5pc9liu2vov0hqgy1rldk5g|03|biz"; nocase; ) # 105sy9b11gc1ry1e83onw6nbl6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|105sy9b11gc1ry1e83onw6nbl6h|03|net"; nocase; ) # 4t2pe213cnw501unasq01oze9oo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4t2pe213cnw501unasq01oze9oo|03|net"; nocase; ) # 1hnbbrkrv7w3hasgjit1mw3d0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hnbbrkrv7w3hasgjit1mw3d0n|03|biz"; nocase; ) # sz16xw81qfe1ih03ix1v2mn6w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sz16xw81qfe1ih03ix1v2mn6w|03|com"; nocase; ) # 97t149jvz73mu5lyrr1f95onp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|97t149jvz73mu5lyrr1f95onp|03|net"; nocase; ) # uwgsl6dby321wmz9yt1gy0pfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uwgsl6dby321wmz9yt1gy0pfb|03|net"; nocase; ) # i92v61adzo2dwp1k351ky5w46.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i92v61adzo2dwp1k351ky5w46|03|net"; nocase; ) # v8xqs31fz4usuglx8xr1g7icy6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8xqs31fz4usuglx8xr1g7icy6|03|com"; nocase; ) # 15qjvfs13jrb9x10q3hhrrlhmgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15qjvfs13jrb9x10q3hhrrlhmgh|03|net"; nocase; ) # 7pp2191wx9bae3g5lde34obit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7pp2191wx9bae3g5lde34obit|03|net"; nocase; ) # y3sdfx1bxn0t31rapx4g4n54yx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y3sdfx1bxn0t31rapx4g4n54yx|03|biz"; nocase; ) # b89u4zv6fyx31l5bcnu14iy6cq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b89u4zv6fyx31l5bcnu14iy6cq|03|net"; nocase; ) # 1rsdgb2anz5k86hxzbp1hzzfqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rsdgb2anz5k86hxzbp1hzzfqy|03|org"; nocase; ) # s0geod1y7elzhk804gfpxcc0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s0geod1y7elzhk804gfpxcc0|03|com"; nocase; ) # 1hzrdpu1p3yxmp1z00ye34u8d1z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hzrdpu1p3yxmp1z00ye34u8d1z|03|org"; nocase; ) # 2hocyb72p6so1syjtvuc9zdmd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2hocyb72p6so1syjtvuc9zdmd|03|biz"; nocase; ) # znq4uo1mskmfg17pll02rcur7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znq4uo1mskmfg17pll02rcur7l|03|org"; nocase; ) # s22wgw1dhh6c514q713412ir1h0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s22wgw1dhh6c514q713412ir1h0|03|org"; nocase; ) # 1yjq9so1ldicsy17pc5jm1x5fobv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yjq9so1ldicsy17pc5jm1x5fobv|03|net"; nocase; ) # 1f3wicyw6nkhx1ynsmytfi4ei4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3wicyw6nkhx1ynsmytfi4ei4|03|com"; nocase; ) # jdh49113g1fcfx835qpld38dv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jdh49113g1fcfx835qpld38dv|03|net"; nocase; ) # 1fs5uz01tqyxz8c7gtjf1wgu68m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fs5uz01tqyxz8c7gtjf1wgu68m|03|com"; nocase; ) # rc0or31p643u9a0dx0tsjegla.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rc0or31p643u9a0dx0tsjegla|03|net"; nocase; ) # 7efmo9npsizwp02dcp1m44vsv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7efmo9npsizwp02dcp1m44vsv|03|org"; nocase; ) # aeos3p10tyxr71ogfn8xgw8rnf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aeos3p10tyxr71ogfn8xgw8rnf|03|net"; nocase; ) # kvt22ulc1mqmfrqvxg17whv2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kvt22ulc1mqmfrqvxg17whv2a|03|org"; nocase; ) # 1h8khy1ghp02j1sbuz1eiogf6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h8khy1ghp02j1sbuz1eiogf6c|03|biz"; nocase; ) # 16gtxb41qreztev2konq1wwpt2x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16gtxb41qreztev2konq1wwpt2x|03|org"; nocase; ) # p26racrkvrlxk18tmimalyay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p26racrkvrlxk18tmimalyay|03|net"; nocase; ) # zskhcizev0bb1xytgay1ymhz93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zskhcizev0bb1xytgay1ymhz93|03|com"; nocase; ) # v4qnfaqtzbjodawm72gqqtbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v4qnfaqtzbjodawm72gqqtbx|03|org"; nocase; ) # vijcc5ub1wbf1drpms51omobqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vijcc5ub1wbf1drpms51omobqi|03|net"; nocase; ) # 1ds4tx617ryd55s3vff3f7mr0m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ds4tx617ryd55s3vff3f7mr0m|03|biz"; nocase; ) # 1jnw12tjgx31x1d0joyw1pat69j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jnw12tjgx31x1d0joyw1pat69j|03|com"; nocase; ) # 1sdh7f617207ae7m8h2r1bj3i4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sdh7f617207ae7m8h2r1bj3i4e|03|biz"; nocase; ) # k5ofrk1rybnz23sj8yjufn7ul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5ofrk1rybnz23sj8yjufn7ul|03|com"; nocase; ) # 1tr1e041w2xnsc1suhgdz12dt4us.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tr1e041w2xnsc1suhgdz12dt4us|03|biz"; nocase; ) # 1sonwtn1jrn6kthol9p91qfpj4m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sonwtn1jrn6kthol9p91qfpj4m|03|org"; nocase; ) # 1o9tk48847dzgrvwss9uvzubv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o9tk48847dzgrvwss9uvzubv|03|com"; nocase; ) # 1gn8vifw6v4q11g8miw9i4cosv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gn8vifw6v4q11g8miw9i4cosv|03|com"; nocase; ) # 2hvyv113aoapx1e5wlo81ghdhf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2hvyv113aoapx1e5wlo81ghdhf4|03|com"; nocase; ) # 158loydbt32j6zlstkfy2hxp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|158loydbt32j6zlstkfy2hxp2|03|org"; nocase; ) # qwa2qk8j6tgi18ycxbuz5wi3w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qwa2qk8j6tgi18ycxbuz5wi3w|03|com"; nocase; ) # sybp5p8kymj95732bwofoyzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sybp5p8kymj95732bwofoyzu|03|org"; nocase; ) # 10h8uox1m9x7kcngv4vwq84obf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10h8uox1m9x7kcngv4vwq84obf|03|net"; nocase; ) # mvzgodoll0gx1lbszoyuuaf4l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mvzgodoll0gx1lbszoyuuaf4l|03|biz"; nocase; ) # ugqsag1hsg2z719tppju1rz0bbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ugqsag1hsg2z719tppju1rz0bbj|03|org"; nocase; ) # rhovg113qm8691tbq8zr1rctask.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rhovg113qm8691tbq8zr1rctask|03|biz"; nocase; ) # 4i50s31jhfc4hivon28nmgds5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4i50s31jhfc4hivon28nmgds5|03|org"; nocase; ) # x7qe7m804yrf1edvuw4rhtglx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7qe7m804yrf1edvuw4rhtglx|03|net"; nocase; ) # 1tpyyp91ynlfcmojpmvhflorb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tpyyp91ynlfcmojpmvhflorb|03|org"; nocase; ) # 1j55plb1jrlyeuaaqits1g0nduk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j55plb1jrlyeuaaqits1g0nduk|03|net"; nocase; ) # iewhei1hmcpo01yjyunlzypgma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iewhei1hmcpo01yjyunlzypgma|03|org"; nocase; ) # 1sqqvjumru7on2tqxpt7j0miw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sqqvjumru7on2tqxpt7j0miw|03|net"; nocase; ) # 1mfu2d1daffyk12h55981bh3uyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mfu2d1daffyk12h55981bh3uyi|03|net"; nocase; ) # q3fgoa12m29ypte06516tbs1i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q3fgoa12m29ypte06516tbs1i|03|biz"; nocase; ) # 80z0x53mwhrqzf8v97te68r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|80z0x53mwhrqzf8v97te68r|03|org"; nocase; ) # 7p5sj01qekwz61k70z1s1n6m1xz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7p5sj01qekwz61k70z1s1n6m1xz|03|com"; nocase; ) # 1nphiim1sf67zjy3y6ybfzcvpk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nphiim1sf67zjy3y6ybfzcvpk|03|org"; nocase; ) # 1651jc41gm38sg0cmmb73dexr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1651jc41gm38sg0cmmb73dexr|03|biz"; nocase; ) # 17e61q614or79z1bkcy5dhq3qzc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17e61q614or79z1bkcy5dhq3qzc|03|com"; nocase; ) # 14wtgmbonh62c1x28wc9gkf17m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14wtgmbonh62c1x28wc9gkf17m|03|com"; nocase; ) # 1wfg3wm1aa72ok15n8t0l1wv9u7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wfg3wm1aa72ok15n8t0l1wv9u7y|03|org"; nocase; ) # 1tx51gw19zwmnrr8lfa4u6mf88.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tx51gw19zwmnrr8lfa4u6mf88|03|biz"; nocase; ) # 1evioxq1tx3elz1nij3o719lxvx7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1evioxq1tx3elz1nij3o719lxvx7|03|com"; nocase; ) # v46dgv1agb6tm818s3d3eff94.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v46dgv1agb6tm818s3d3eff94|03|org"; nocase; ) # t90wzl2ewxvyy6l9ko1u23s9f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t90wzl2ewxvyy6l9ko1u23s9f|03|org"; nocase; ) # 4rfr72dgnfymnhsl5o1qu1zw4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rfr72dgnfymnhsl5o1qu1zw4|03|net"; nocase; ) # eeh8dwdpvin31v1u43513iuta0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eeh8dwdpvin31v1u43513iuta0|03|net"; nocase; ) # 17vagc1k2zmka17xffhn13401j2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17vagc1k2zmka17xffhn13401j2|03|org"; nocase; ) # 9srd931uvfisha9bfqm16qa4r6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9srd931uvfisha9bfqm16qa4r6|03|biz"; nocase; ) # 19bxpj81wx2pk3br7kx21gek2zs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19bxpj81wx2pk3br7kx21gek2zs|03|biz"; nocase; ) # 1df1w99cs3i431kps4a97e924u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1df1w99cs3i431kps4a97e924u|03|org"; nocase; ) # 1xnxl8brrmycrcyzulh1ad7m5v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnxl8brrmycrcyzulh1ad7m5v|03|net"; nocase; ) # 6vg5uompglkf104ayeq1g90iiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6vg5uompglkf104ayeq1g90iiv|03|com"; nocase; ) # 1lb5wikctyaqh15bbjw51ru1nzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lb5wikctyaqh15bbjw51ru1nzm|03|net"; nocase; ) # 1i9exusjbkg812k31x01s9b8uf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i9exusjbkg812k31x01s9b8uf|03|org"; nocase; ) # pqthpe17u6patoepld71dxf0zc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pqthpe17u6patoepld71dxf0zc|03|com"; nocase; ) # p3t9awu8zz1z18xvdbvn4k5gh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p3t9awu8zz1z18xvdbvn4k5gh|03|com"; nocase; ) # z0ck1j8eitlw11nlawvhx6ddn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z0ck1j8eitlw11nlawvhx6ddn|03|net"; nocase; ) # 9kidhb1ysxqfnvozdwh1p0gg81.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9kidhb1ysxqfnvozdwh1p0gg81|03|org"; nocase; ) # iwm3xm1g9wbouglcvqfcurqjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwm3xm1g9wbouglcvqfcurqjy|03|com"; nocase; ) # 18g1xg21jvsotvl6zhrl1243pgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18g1xg21jvsotvl6zhrl1243pgr|03|com"; nocase; ) # b4awr19i0l3q12zow3b1joc6eq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4awr19i0l3q12zow3b1joc6eq|03|net"; nocase; ) # 1lzt0m517j8on4grjrv17povtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lzt0m517j8on4grjrv17povtj|03|org"; nocase; ) # 2lisnkdbi2rs82rmcc1qa76wa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2lisnkdbi2rs82rmcc1qa76wa|03|org"; nocase; ) # q6zbuucik18f1ckbiof7irpch.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6zbuucik18f1ckbiof7irpch|03|biz"; nocase; ) # 4lwaed1pf92aau4psr01guumz1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4lwaed1pf92aau4psr01guumz1|03|net"; nocase; ) # qyg02g10fzha14wqv2s1vrzkb6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qyg02g10fzha14wqv2s1vrzkb6|03|com"; nocase; ) # 1v85kw3bzzpox1hn0j5x17zmrby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v85kw3bzzpox1hn0j5x17zmrby|03|org"; nocase; ) # veiuff14x3q0f2bpionabts5f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|veiuff14x3q0f2bpionabts5f|03|net"; nocase; ) # 1539h9n1s2iral1pxmvgw1k8avjp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1539h9n1s2iral1pxmvgw1k8avjp|03|biz"; nocase; ) # 1uvk4qx10gtcj11fgakig1buhphq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uvk4qx10gtcj11fgakig1buhphq|03|com"; nocase; ) # 4g5na9wanihf16gapb71yrsmct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4g5na9wanihf16gapb71yrsmct|03|com"; nocase; ) # dtbgaehb49pnx7zuz718c5od1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dtbgaehb49pnx7zuz718c5od1|03|org"; nocase; ) # khvzawu7txj460kxo6i8gegg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|khvzawu7txj460kxo6i8gegg|03|com"; nocase; ) # 6uhsov1qnfsm15jm3iz1dvrt5a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6uhsov1qnfsm15jm3iz1dvrt5a|03|org"; nocase; ) # tl2c6c1akdcrstqnnuvgbzp94.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tl2c6c1akdcrstqnnuvgbzp94|03|biz"; nocase; ) # 1ohvztk19dcl2j1ysrsnl1o27ib0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ohvztk19dcl2j1ysrsnl1o27ib0|03|net"; nocase; ) # 94ykf9yxkj417hhmmym59ljo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|94ykf9yxkj417hhmmym59ljo|03|biz"; nocase; ) # 1rf97u11j8biu1405rat33a0dt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rf97u11j8biu1405rat33a0dt|03|com"; nocase; ) # 1m0p92n196t1d31t4p2tm11k1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m0p92n196t1d31t4p2tm11k1u|03|com"; nocase; ) # 17ycg54tvlznwti35r6jpbbzh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17ycg54tvlznwti35r6jpbbzh|03|biz"; nocase; ) # 1m7nn23qvtxm81bwlkycw8lahu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7nn23qvtxm81bwlkycw8lahu|03|net"; nocase; ) # 11bf7k1cd72nzfdro84zben7e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bf7k1cd72nzfdro84zben7e|03|net"; nocase; ) # 6pk5ac1vbop1kfpg3p1e3awsf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6pk5ac1vbop1kfpg3p1e3awsf|03|biz"; nocase; ) # vpi9vw4rglgewtrdv71mf7rj5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vpi9vw4rglgewtrdv71mf7rj5|03|org"; nocase; ) # 18zy1x1rg5g95186qi6m1tly7nt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18zy1x1rg5g95186qi6m1tly7nt|03|org"; nocase; ) # 1e9jvbso4oi5eddwtlso4ir0i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e9jvbso4oi5eddwtlso4ir0i|03|org"; nocase; ) # pxcrc618kisbrll6a9w1fkf7jv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pxcrc618kisbrll6a9w1fkf7jv|03|com"; nocase; ) # 22z03yvaetp3ul04sf95vagy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|22z03yvaetp3ul04sf95vagy|03|net"; nocase; ) # lfi5ofzpykap1tgw5sr14ely85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lfi5ofzpykap1tgw5sr14ely85|03|net"; nocase; ) # 1is0j3j1vjvntoy8sqth1f867wn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1is0j3j1vjvntoy8sqth1f867wn|03|com"; nocase; ) # wtnbji1ykhovs15jmppfufzzqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wtnbji1ykhovs15jmppfufzzqh|03|org"; nocase; ) # vf49v51ghtcpessf2v11pi52cj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vf49v51ghtcpessf2v11pi52cj|03|com"; nocase; ) # 1j8r2bl1rrirjv13oq2a0fpim6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j8r2bl1rrirjv13oq2a0fpim6e|03|net"; nocase; ) # 6yya4r1g13967ozmb451f0gc1o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6yya4r1g13967ozmb451f0gc1o|03|org"; nocase; ) # cctwwojps59l1pthjo31b9dayt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cctwwojps59l1pthjo31b9dayt|03|biz"; nocase; ) # 1f8twb21h28mah1oul54u1qeqy5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f8twb21h28mah1oul54u1qeqy5j|03|com"; nocase; ) # 1nqedrz1qnv5v6181xzhv149nzri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nqedrz1qnv5v6181xzhv149nzri|03|org"; nocase; ) # 1f9elr68pt7jm1iuqs0g1ickolh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9elr68pt7jm1iuqs0g1ickolh|03|biz"; nocase; ) # 16vi5t917q83f11ov6miu16gznbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16vi5t917q83f11ov6miu16gznbf|03|com"; nocase; ) # 4qf3bd1it2ot3m5nj33yrr80b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4qf3bd1it2ot3m5nj33yrr80b|03|net"; nocase; ) # qca2ryfw9lnn1m9l4od1q89y1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qca2ryfw9lnn1m9l4od1q89y1t|03|org"; nocase; ) # 1ihdjd2bqpnwp1qclmx51f3125e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ihdjd2bqpnwp1qclmx51f3125e|03|org"; nocase; ) # mjeilkzkvley11vu6x19cq8bm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mjeilkzkvley11vu6x19cq8bm|03|com"; nocase; ) # 19otiuzhbnmcw1sy235hr8aaq2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19otiuzhbnmcw1sy235hr8aaq2|03|com"; nocase; ) # sm09rcm1qusj10km8nn10jgutz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sm09rcm1qusj10km8nn10jgutz|03|biz"; nocase; ) # 1q9xbbvjpo9h31kmqi7m1ds5z33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q9xbbvjpo9h31kmqi7m1ds5z33|03|net"; nocase; ) # qi0vo7pcbr7zq7g9s11m9dj42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qi0vo7pcbr7zq7g9s11m9dj42|03|net"; nocase; ) # gtkpih1ufuvsc0lzqo147n751.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gtkpih1ufuvsc0lzqo147n751|03|com"; nocase; ) # jb5k8m7ncp06mia9t61jeh2zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jb5k8m7ncp06mia9t61jeh2zw|03|org"; nocase; ) # ntsoy2xbfnew1phwi4t1q6n57y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ntsoy2xbfnew1phwi4t1q6n57y|03|biz"; nocase; ) # v0aiong285or1aeshwm16wdcdz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v0aiong285or1aeshwm16wdcdz|03|org"; nocase; ) # 1lw5zn01i1yyzm4ubf711x7a4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lw5zn01i1yyzm4ubf711x7a4t|03|net"; nocase; ) # 1fkmnuyr7xf9v10jzgfw1e6x289.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fkmnuyr7xf9v10jzgfw1e6x289|03|org"; nocase; ) # 3k8yby1vlbub081yugx5vdnnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3k8yby1vlbub081yugx5vdnnn|03|com"; nocase; ) # 1xkfuofg8lh0q1jwuxr4tbx1pw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xkfuofg8lh0q1jwuxr4tbx1pw|03|org"; nocase; ) # fzq6bextzyba5ni5f116vhhfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzq6bextzyba5ni5f116vhhfx|03|net"; nocase; ) # xs1r6n1cghye61ivq6un19vb1fr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xs1r6n1cghye61ivq6un19vb1fr|03|net"; nocase; ) # ztio402rhmaoxijoe61r8v70q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ztio402rhmaoxijoe61r8v70q|03|org"; nocase; ) # 1mcxgfi8jwrfn1j2573x1kokomm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mcxgfi8jwrfn1j2573x1kokomm|03|com"; nocase; ) # 1mguo3n1p6k664wptms1nrwmcj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mguo3n1p6k664wptms1nrwmcj|03|biz"; nocase; ) # 4kbo5db673v3bsxojoeorr70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4kbo5db673v3bsxojoeorr70|03|net"; nocase; ) # 1mryt10as8v8l1lut1581sl81d1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mryt10as8v8l1lut1581sl81d1|03|biz"; nocase; ) # 1jwsmcky8zadcpqfas1jwq9m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jwsmcky8zadcpqfas1jwq9m7|03|com"; nocase; ) # 1si9ctc96k387ei0p522uzhnv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1si9ctc96k387ei0p522uzhnv|03|net"; nocase; ) # 141xandurgyssva1xukk70yvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|141xandurgyssva1xukk70yvb|03|biz"; nocase; ) # slsaxq3icyg1dumovo1l225sj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|slsaxq3icyg1dumovo1l225sj|03|com"; nocase; ) # h846fm1mni1bwjbszj81p6qyzt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h846fm1mni1bwjbszj81p6qyzt|03|biz"; nocase; ) # bfv3jdfcmo8p13em2n61jbihm5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bfv3jdfcmo8p13em2n61jbihm5|03|com"; nocase; ) # 1b6rkuib4kbx1zgxmeu1g4j8o9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b6rkuib4kbx1zgxmeu1g4j8o9|03|net"; nocase; ) # 3l208bui1ot91qarywun1uqu4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3l208bui1ot91qarywun1uqu4|03|org"; nocase; ) # 1u3ry1w1k3zxj81ty3l0949rc95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3ry1w1k3zxj81ty3l0949rc95|03|net"; nocase; ) # jpzasm18zkx6c1klw8e98ctewj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jpzasm18zkx6c1klw8e98ctewj|03|net"; nocase; ) # klpko2nyo2o510t7qio1vaw7x1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|klpko2nyo2o510t7qio1vaw7x1|03|org"; nocase; ) # jkartnuma9wgasopxd1zighg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jkartnuma9wgasopxd1zighg|03|org"; nocase; ) # raxwvopl6tdz1h2236313yps5v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|raxwvopl6tdz1h2236313yps5v|03|org"; nocase; ) # 16drmez1hko5lw1i1wwrv1e3k1he.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16drmez1hko5lw1i1wwrv1e3k1he|03|biz"; nocase; ) # xptg2hmxyeugkqcdq61woq5oy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xptg2hmxyeugkqcdq61woq5oy|03|net"; nocase; ) # 19p5sdb7c32r2myey0v2qo0nx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19p5sdb7c32r2myey0v2qo0nx|03|net"; nocase; ) # yp96y9197w8eb18cdyze1c84eko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yp96y9197w8eb18cdyze1c84eko|03|net"; nocase; ) # 1m9plxo1mlsmizaq149a14xelrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9plxo1mlsmizaq149a14xelrv|03|org"; nocase; ) # 9uboi0uahggs12jdyjaik8er3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9uboi0uahggs12jdyjaik8er3|03|net"; nocase; ) # 1hpgc85108vuo29e01iz1wt6xlg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpgc85108vuo29e01iz1wt6xlg|03|com"; nocase; ) # 1tkch3nty85jz1mdg5ccd6cdho.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tkch3nty85jz1mdg5ccd6cdho|03|org"; nocase; ) # npbuur15xwysiy470w519k9dsx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|npbuur15xwysiy470w519k9dsx|03|com"; nocase; ) # 9uouhgdace0iavxfpl1aj5tlx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9uouhgdace0iavxfpl1aj5tlx|03|com"; nocase; ) # udbgo71djscty1b2hwlcc1ke8q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|udbgo71djscty1b2hwlcc1ke8q|03|biz"; nocase; ) # 1vi43pk1dtj1cqwf773p1jkqonu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vi43pk1dtj1cqwf773p1jkqonu|03|net"; nocase; ) # 7nbbae1hp1tb56zrl3jbjzttf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7nbbae1hp1tb56zrl3jbjzttf|03|biz"; nocase; ) # xz2l3t1io3v3r92u25nch0rsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xz2l3t1io3v3r92u25nch0rsv|03|net"; nocase; ) # 4d5lblwqm9r6168otlf16gjj7r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4d5lblwqm9r6168otlf16gjj7r|03|biz"; nocase; ) # 1u5elp521x8k3w6lbzjtlwkrc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u5elp521x8k3w6lbzjtlwkrc|03|com"; nocase; ) # yh34r1an4mvp1m2lusj1k7pwma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yh34r1an4mvp1m2lusj1k7pwma|03|org"; nocase; ) # mvpyf6fixcx2yc7kcjdd21r9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mvpyf6fixcx2yc7kcjdd21r9|03|org"; nocase; ) # lfphc81mjo8nv1tbem37b7hyro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lfphc81mjo8nv1tbem37b7hyro|03|net"; nocase; ) # ujv3r81dewuzs3uixnh1yn34rz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ujv3r81dewuzs3uixnh1yn34rz|03|org"; nocase; ) # 29wjriotyyi16jjlpt1kfnlsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|29wjriotyyi16jjlpt1kfnlsy|03|com"; nocase; ) # 1jorkncdddb2tp14d4ml1n3vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jorkncdddb2tp14d4ml1n3vi|03|net"; nocase; ) # 1oiheeq1kh26a71i5jsz070tuls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oiheeq1kh26a71i5jsz070tuls|03|com"; nocase; ) # 1kui4j9i913p19iw33v1kux9ng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kui4j9i913p19iw33v1kux9ng|03|org"; nocase; ) # 1xmf9m21t4ykkd9uumx12aye2c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmf9m21t4ykkd9uumx12aye2c|03|net"; nocase; ) # kj0rv91ut2lf56d28hgodhfoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kj0rv91ut2lf56d28hgodhfoq|03|com"; nocase; ) # 102e8ye5nbtf9dmsf097c7unj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|102e8ye5nbtf9dmsf097c7unj|03|net"; nocase; ) # 1hn2dn4wkkihg179ma51cnf6oo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hn2dn4wkkihg179ma51cnf6oo|03|com"; nocase; ) # 1uw5cgn1jj9k5ej2gw3h1p3xb07.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uw5cgn1jj9k5ej2gw3h1p3xb07|03|net"; nocase; ) # 1vi0lbj85wdmul5ve1op9usj9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vi0lbj85wdmul5ve1op9usj9|03|com"; nocase; ) # kdhbae1f7iys149ouzj13wyr1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kdhbae1f7iys149ouzj13wyr1l|03|com"; nocase; ) # w4jw12146dke1shblt016od57o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w4jw12146dke1shblt016od57o|03|com"; nocase; ) # 105h6ydpb6yd71031td1561kqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|105h6ydpb6yd71031td1561kqk|03|com"; nocase; ) # 11br5ar9893udc7ejl3um9w3j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11br5ar9893udc7ejl3um9w3j|03|com"; nocase; ) # y9hlw01x317a9yzg6hro3y63x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y9hlw01x317a9yzg6hro3y63x|03|biz"; nocase; ) # 1uzsrlc1u4osctxx8yd21ti1rz5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uzsrlc1u4osctxx8yd21ti1rz5|03|org"; nocase; ) # xmfcye1xnghlm71flkvjud0o7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xmfcye1xnghlm71flkvjud0o7|03|biz"; nocase; ) # 1bkkzs71f0ps731l6c0et1ca7x9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bkkzs71f0ps731l6c0et1ca7x9v|03|net"; nocase; ) # 1o2s70y1b4f0k1e6d3831bn3diz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2s70y1b4f0k1e6d3831bn3diz|03|org"; nocase; ) # 1r189zf3tgx471vkanyt1ojz5yk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r189zf3tgx471vkanyt1ojz5yk|03|biz"; nocase; ) # fjlqpd1oern6engnkj01g098l2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjlqpd1oern6engnkj01g098l2|03|net"; nocase; ) # 1ohc8sf1om11wyfv7ad01whgx4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohc8sf1om11wyfv7ad01whgx4j|03|org"; nocase; ) # c9z0o8w9uee4t9pjj718f5i5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c9z0o8w9uee4t9pjj718f5i5s|03|net"; nocase; ) # uo774319z6pz41l5qqoba6x1jj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uo774319z6pz41l5qqoba6x1jj|03|net"; nocase; ) # 44qrxv68m2jm1au753c29ybg5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|44qrxv68m2jm1au753c29ybg5|03|net"; nocase; ) # mt39wi1pf8ec110ilmqz15fiw0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mt39wi1pf8ec110ilmqz15fiw0g|03|net"; nocase; ) # 1hp6lay1wj1vdk17i7x9u1b8iek4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hp6lay1wj1vdk17i7x9u1b8iek4|03|com"; nocase; ) # rlhnok1r5e61n1b7bnkfxewdu7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rlhnok1r5e61n1b7bnkfxewdu7|03|com"; nocase; ) # 1ivrepp53kq3nxtyl5gq3i9yn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ivrepp53kq3nxtyl5gq3i9yn|03|org"; nocase; ) # 3lpjdkbmkwe617nqhoaot0xya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3lpjdkbmkwe617nqhoaot0xya|03|biz"; nocase; ) # 1vxnsxamu3qextm637bv9xx34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vxnsxamu3qextm637bv9xx34|03|com"; nocase; ) # dv11emulirgjkqau8o1nl6pj4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dv11emulirgjkqau8o1nl6pj4|03|biz"; nocase; ) # 1pknwtg91eubp1anangv1ue05tw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pknwtg91eubp1anangv1ue05tw|03|org"; nocase; ) # 488hjx10ayrrl155ozkl14zqj5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|488hjx10ayrrl155ozkl14zqj5c|03|net"; nocase; ) # 493zbn123wzke1jrgeir1xcq9f2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|493zbn123wzke1jrgeir1xcq9f2|03|com"; nocase; ) # dhicli166khqbxmizsv7saro0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dhicli166khqbxmizsv7saro0|03|net"; nocase; ) # 8pw5ghtxj9tojkrii31l6orum.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8pw5ghtxj9tojkrii31l6orum|03|biz"; nocase; ) # 1c7un1y11z396w5mro088ple9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c7un1y11z396w5mro088ple9b|03|com"; nocase; ) # 1mnyhi1v32sdq1axfyk93fegsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnyhi1v32sdq1axfyk93fegsw|03|net"; nocase; ) # 1bi699zavq2mscamsvbmlxaec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bi699zavq2mscamsvbmlxaec|03|com"; nocase; ) # 1mjod34rnthta4xsj5hqvnxma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mjod34rnthta4xsj5hqvnxma|03|net"; nocase; ) # 1izodxmk3evs51pp1r6xa4pbhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1izodxmk3evs51pp1r6xa4pbhi|03|net"; nocase; ) # 1ujngr81ak97vqukghbv2oolyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujngr81ak97vqukghbv2oolyv|03|com"; nocase; ) # 1y9mrwy7cq0bd1rcbecl26ft7f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y9mrwy7cq0bd1rcbecl26ft7f|03|com"; nocase; ) # ry70xy85n3n611od01d1kslo4z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ry70xy85n3n611od01d1kslo4z|03|org"; nocase; ) # 1m6lzsmarzqe9sruwhn15o0a2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m6lzsmarzqe9sruwhn15o0a2r|03|net"; nocase; ) # 1jcl01xsjbj0e1kv9842jwi9v1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcl01xsjbj0e1kv9842jwi9v1|03|com"; nocase; ) # i3fz881k38z16k51dt81c6cjcc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i3fz881k38z16k51dt81c6cjcc|03|net"; nocase; ) # 1lj38mtjciw0ek574tf12eciye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lj38mtjciw0ek574tf12eciye|03|com"; nocase; ) # qg1p745sxf9lk9rnlt19g4u7t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qg1p745sxf9lk9rnlt19g4u7t|03|biz"; nocase; ) # vdn9w110b3p85u6s8d11s9o0dn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vdn9w110b3p85u6s8d11s9o0dn|03|net"; nocase; ) # g2ne601gdvlia1k9cnyg1kih520.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g2ne601gdvlia1k9cnyg1kih520|03|org"; nocase; ) # 52twwp1im94rozcds9z1snc45f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52twwp1im94rozcds9z1snc45f|03|net"; nocase; ) # d88mcorou3607iczcf7ht9sc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d88mcorou3607iczcf7ht9sc|03|net"; nocase; ) # q57omplggw761p9645okqef4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q57omplggw761p9645okqef4p|03|net"; nocase; ) # 1kdvk20kjjuvkeqbcrj1la68yf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kdvk20kjjuvkeqbcrj1la68yf|03|biz"; nocase; ) # 1dnr1ieygyc5j1oelvj2r90zdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dnr1ieygyc5j1oelvj2r90zdw|03|net"; nocase; ) # 15ab06h1e7qfb7hrowoj1tzqgz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ab06h1e7qfb7hrowoj1tzqgz7|03|com"; nocase; ) # ae0ppwtcyxz1192cohr89je7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ae0ppwtcyxz1192cohr89je7r|03|com"; nocase; ) # 1gg0dwiwvv06e1mkp8anqarrq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gg0dwiwvv06e1mkp8anqarrq4|03|org"; nocase; ) # 14blxjm11scx6l1vgux1j4ywdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14blxjm11scx6l1vgux1j4ywdt|03|com"; nocase; ) # 1q9fvu05lm3n11fcsckllo0xs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q9fvu05lm3n11fcsckllo0xs|03|org"; nocase; ) # 1bann7qasvku7miaqll2vtpt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bann7qasvku7miaqll2vtpt|03|com"; nocase; ) # oi0qosaoj1uvf5xe17mt1u08.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oi0qosaoj1uvf5xe17mt1u08|03|com"; nocase; ) # 39pxx619hsgm311ijmdlpuadd9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39pxx619hsgm311ijmdlpuadd9|03|com"; nocase; ) # igv2rh15ncfjk11gevqj1qdb40l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|igv2rh15ncfjk11gevqj1qdb40l|03|org"; nocase; ) # gpzz1m1aekjeoyr9a1hy2eaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gpzz1m1aekjeoyr9a1hy2eaw|03|net"; nocase; ) # 1ndg0bc17bgxmpd5yihq1gruf2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ndg0bc17bgxmpd5yihq1gruf2o|03|net"; nocase; ) # i4a50p2rt8iv1sbua8v3wihq0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i4a50p2rt8iv1sbua8v3wihq0|03|org"; nocase; ) # ns03kfk9fh4v1je75etzd5dni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ns03kfk9fh4v1je75etzd5dni|03|net"; nocase; ) # 1udnxn81ion07bre6tdga9p48m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1udnxn81ion07bre6tdga9p48m|03|biz"; nocase; ) # 10t49wyk1t9xw18by6cz1i6i00u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10t49wyk1t9xw18by6cz1i6i00u|03|com"; nocase; ) # 1he2id1pwjh0a1795b23v5knac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1he2id1pwjh0a1795b23v5knac|03|com"; nocase; ) # 1odftq6vp7uxa121hdve1mpvxn4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1odftq6vp7uxa121hdve1mpvxn4|03|com"; nocase; ) # ytpuwb1mx8ycayo5j4rdzhdgh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ytpuwb1mx8ycayo5j4rdzhdgh|03|org"; nocase; ) # 1tqp75014z42wb6n2n2gm27i1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqp75014z42wb6n2n2gm27i1s|03|biz"; nocase; ) # 1dwtrdmyqfdm91iyd865hikdps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwtrdmyqfdm91iyd865hikdps|03|com"; nocase; ) # 107c0a5p3sc3s10nnxe31jkou2x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107c0a5p3sc3s10nnxe31jkou2x|03|biz"; nocase; ) # 15b5rvhbl2jlu84956bbuzi0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15b5rvhbl2jlu84956bbuzi0r|03|com"; nocase; ) # 2cq77a5uvcb8wanrlcntu9i6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2cq77a5uvcb8wanrlcntu9i6|03|net"; nocase; ) # 1n4odj616xy7t4mgdsess5q6wt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n4odj616xy7t4mgdsess5q6wt|03|com"; nocase; ) # p8hs9p1622gmw1kxzxo156hbx8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8hs9p1622gmw1kxzxo156hbx8|03|org"; nocase; ) # nwrx1g1ppgnu01dfiv63fpfyy9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nwrx1g1ppgnu01dfiv63fpfyy9|03|com"; nocase; ) # dqmgi1105o85r65yf5vb0zir5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dqmgi1105o85r65yf5vb0zir5|03|net"; nocase; ) # fxbo6n124vd3b1773pro19uj4uw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fxbo6n124vd3b1773pro19uj4uw|03|org"; nocase; ) # 167vgljlplh5hx2bkax1q4ip28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|167vgljlplh5hx2bkax1q4ip28|03|org"; nocase; ) # qxg5gi1g64zi11kb000zywppl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qxg5gi1g64zi11kb000zywppl|03|com"; nocase; ) # 12sgc9vute3hu1rxw3w7r06b6f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12sgc9vute3hu1rxw3w7r06b6f|03|org"; nocase; ) # 5qhz9912svex292jooo3zq7gs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5qhz9912svex292jooo3zq7gs|03|biz"; nocase; ) # ewdfq69d1ib51f56rnruxqef0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ewdfq69d1ib51f56rnruxqef0|03|net"; nocase; ) # 15e930q1nrblm212epes9y1szis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15e930q1nrblm212epes9y1szis|03|com"; nocase; ) # y4e5ro0s4m6k1u7pyfsbv3b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y4e5ro0s4m6k1u7pyfsbv3b|03|net"; nocase; ) # 1b9v1rfs9878l14pq15e1jeqyqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b9v1rfs9878l14pq15e1jeqyqy|03|biz"; nocase; ) # eu6g38ttpjofjbtvvb1yiar1x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eu6g38ttpjofjbtvvb1yiar1x|03|net"; nocase; ) # 1psai8313g20hd1hdb8zn106anmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1psai8313g20hd1hdb8zn106anmj|03|org"; nocase; ) # 70nmxyd3wu1r1yxqiq3d8ivcu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|70nmxyd3wu1r1yxqiq3d8ivcu|03|biz"; nocase; ) # 1j8unx1m6bxngv6m1cy11myu4f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j8unx1m6bxngv6m1cy11myu4f|03|com"; nocase; ) # 1gnmxgt4c7jpuwndg4f3b4eb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gnmxgt4c7jpuwndg4f3b4eb|03|biz"; nocase; ) # 16p21yt12t8r3m1u08tmv1r25yju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16p21yt12t8r3m1u08tmv1r25yju|03|net"; nocase; ) # 17y68qactnpy173kzpu1df8od0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17y68qactnpy173kzpu1df8od0|03|org"; nocase; ) # rkop8m18whk1cpkgp3l1pj6plv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rkop8m18whk1cpkgp3l1pj6plv|03|com"; nocase; ) # hrzoht12m98361pwgubn1obdg3s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hrzoht12m98361pwgubn1obdg3s|03|net"; nocase; ) # hpbgy31dmm1i7u7paquc3uuu8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hpbgy31dmm1i7u7paquc3uuu8|03|com"; nocase; ) # 1gr13ouggc39i15gu7xgz7qqrk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gr13ouggc39i15gu7xgz7qqrk|03|biz"; nocase; ) # 15iom0q14zr3gt1ca7t821w2xo7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15iom0q14zr3gt1ca7t821w2xo7f|03|net"; nocase; ) # 52n9fz141p4zd1j0785xfm0ply.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52n9fz141p4zd1j0785xfm0ply|03|org"; nocase; ) # 19p7is571jfq8fikg4115g83kd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19p7is571jfq8fikg4115g83kd|03|com"; nocase; ) # 1xy3s4wl374l012l24fbu8b5mb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xy3s4wl374l012l24fbu8b5mb|03|com"; nocase; ) # mpgr3k1lye8ar24xbn8pu3lnz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mpgr3k1lye8ar24xbn8pu3lnz|03|biz"; nocase; ) # pldf98oicx18nii54qgtdd0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pldf98oicx18nii54qgtdd0s|03|org"; nocase; ) # 2i7u706fo1w24odc8qgt9fly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2i7u706fo1w24odc8qgt9fly|03|org"; nocase; ) # 1ke4jf21p6jnv61x20pks1in76et.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ke4jf21p6jnv61x20pks1in76et|03|com"; nocase; ) # jpf97oe4xo754gkiyu1mmcz3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jpf97oe4xo754gkiyu1mmcz3d|03|com"; nocase; ) # 1p1s8vs1gycz0g1ya5v6e1g46exn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p1s8vs1gycz0g1ya5v6e1g46exn|03|com"; nocase; ) # uy4g1uxsefyqe5yq1a1epe0ke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uy4g1uxsefyqe5yq1a1epe0ke|03|net"; nocase; ) # 1d536gd1het1mg1pk0nzi1deevcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d536gd1het1mg1pk0nzi1deevcc|03|com"; nocase; ) # u19dqt1vr11bqi870yeypwute.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u19dqt1vr11bqi870yeypwute|03|org"; nocase; ) # 1bk7y7qfb7xns3xmrro100t1lu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bk7y7qfb7xns3xmrro100t1lu|03|net"; nocase; ) # 10vn08nzgq08bru9kibwax787.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10vn08nzgq08bru9kibwax787|03|com"; nocase; ) # ihvgtg14r67cl1glaglm1qyg7pz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ihvgtg14r67cl1glaglm1qyg7pz|03|biz"; nocase; ) # anb77ealw5rp1p3x7voz9parr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|anb77ealw5rp1p3x7voz9parr|03|biz"; nocase; ) # nvf0a9zatl3s1aicweg11l3o5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nvf0a9zatl3s1aicweg11l3o5c|03|net"; nocase; ) # 3ibcykwh1oiz4i49901str3t4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ibcykwh1oiz4i49901str3t4|03|org"; nocase; ) # 1sx9ku311f5dgaz3w7rfbnok0s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sx9ku311f5dgaz3w7rfbnok0s|03|com"; nocase; ) # idrh8zruoxqikpcjhm1mg3ohk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|idrh8zruoxqikpcjhm1mg3ohk|03|net"; nocase; ) # 1thmaj81ag0osw1uf0ofp183d59e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1thmaj81ag0osw1uf0ofp183d59e|03|com"; nocase; ) # 1kuf8dg1lkz50v1eb5wgjyd3mqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kuf8dg1lkz50v1eb5wgjyd3mqc|03|net"; nocase; ) # mph22z1f5gx6isliztd1ueo2xn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mph22z1f5gx6isliztd1ueo2xn|03|biz"; nocase; ) # 1ehmgtcrqw2i315llrj311jydzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ehmgtcrqw2i315llrj311jydzo|03|net"; nocase; ) # ttnz8astqso31jbudlv1k5xxk4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ttnz8astqso31jbudlv1k5xxk4|03|biz"; nocase; ) # 1cxkbqdblci7hoxikbx13kb8et.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cxkbqdblci7hoxikbx13kb8et|03|com"; nocase; ) # 1lfdd36pls07g1isout7mgqtmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfdd36pls07g1isout7mgqtmj|03|net"; nocase; ) # bo5jmt946s0y1ikongmzgg2g0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bo5jmt946s0y1ikongmzgg2g0|03|biz"; nocase; ) # vq6atm6ra5v9v51f5bsc4l7e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vq6atm6ra5v9v51f5bsc4l7e|03|com"; nocase; ) # 1xz56dd146skeqgqglw2x7a57y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xz56dd146skeqgqglw2x7a57y|03|net"; nocase; ) # vlbqlh64xbxbdh34l1jia1nr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vlbqlh64xbxbdh34l1jia1nr|03|net"; nocase; ) # coqfplo4c26oaq8e57jk8m65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|coqfplo4c26oaq8e57jk8m65|03|org"; nocase; ) # 1yfy4p96lv5hq9cm8oo1qihgwm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yfy4p96lv5hq9cm8oo1qihgwm|03|com"; nocase; ) # xspwbj27u6nse804ncz5t3n5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xspwbj27u6nse804ncz5t3n5|03|net"; nocase; ) # 7xsu6csm2gk4103ta57tm7qq7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7xsu6csm2gk4103ta57tm7qq7|03|net"; nocase; ) # 8qxolo2zk8o51ngv3dl7cemg3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8qxolo2zk8o51ngv3dl7cemg3|03|com"; nocase; ) # 1e228uv1won0domqev5hsw7c88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e228uv1won0domqev5hsw7c88|03|org"; nocase; ) # 1hfqumzbypgy71k0rkzv1elgo60.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hfqumzbypgy71k0rkzv1elgo60|03|org"; nocase; ) # 9g71xu1ck77gh53bd0d1n5ppl1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9g71xu1ck77gh53bd0d1n5ppl1|03|com"; nocase; ) # 4en8btdrce3p81had0o39e1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4en8btdrce3p81had0o39e1q|03|org"; nocase; ) # 1by52acxt4ajvkxm1bk1bap4u2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1by52acxt4ajvkxm1bk1bap4u2|03|net"; nocase; ) # yoq2rzsp12avjuo0qtxb1fdv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yoq2rzsp12avjuo0qtxb1fdv|03|biz"; nocase; ) # 7w4rqcdvwev5drwxv96a2c35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7w4rqcdvwev5drwxv96a2c35|03|net"; nocase; ) # 1hrkbmnuuhr2rlneg84sy65g1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hrkbmnuuhr2rlneg84sy65g1|03|org"; nocase; ) # xx0x2fo5ingg57eg5wc8768v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xx0x2fo5ingg57eg5wc8768v|03|biz"; nocase; ) # z6w8yaqcsnbt1skf4z5kdww8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z6w8yaqcsnbt1skf4z5kdww8n|03|net"; nocase; ) # 1f4dywl2emmzhb4mh4v2npot6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f4dywl2emmzhb4mh4v2npot6|03|net"; nocase; ) # yeljr5jznbay1giblr31f2t8ct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yeljr5jznbay1giblr31f2t8ct|03|com"; nocase; ) # 1gdguzd1n0u5bo14qmt1k1gphn1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gdguzd1n0u5bo14qmt1k1gphn1z|03|com"; nocase; ) # whn7qipytxufuw7h5d1lkr0br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|whn7qipytxufuw7h5d1lkr0br|03|com"; nocase; ) # 1kfyq9t1oyiyy012equskkts6rk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kfyq9t1oyiyy012equskkts6rk|03|org"; nocase; ) # 3lny30tsodyj897p8kx8473l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3lny30tsodyj897p8kx8473l|03|net"; nocase; ) # nr813q1g5adpxqkcoxk1y2xkwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nr813q1g5adpxqkcoxk1y2xkwe|03|com"; nocase; ) # 4nkrt2jzed51lmi7fd1a1ctb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4nkrt2jzed51lmi7fd1a1ctb7|03|net"; nocase; ) # 1di039pu7kxmq52yu3e1f6pvzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1di039pu7kxmq52yu3e1f6pvzu|03|com"; nocase; ) # 3k95bu99my1ctucbw78vrb5q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3k95bu99my1ctucbw78vrb5q|03|biz"; nocase; ) # 181gbblx248e3g0wrz61wuekrb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|181gbblx248e3g0wrz61wuekrb|03|org"; nocase; ) # 145tuiw1pxnb2t10xwf6a14zwyr1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|145tuiw1pxnb2t10xwf6a14zwyr1|03|net"; nocase; ) # 1hszmh3zjhuph1dxx54l1y643sp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hszmh3zjhuph1dxx54l1y643sp|03|biz"; nocase; ) # 78ghkf1um8tmt15czb1o133e9sr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|78ghkf1um8tmt15czb1o133e9sr|03|com"; nocase; ) # q1ix0q1dttnp73rvm616qhr1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q1ix0q1dttnp73rvm616qhr1s|03|biz"; nocase; ) # vhrda61inj7dhciqh94zuyjlo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vhrda61inj7dhciqh94zuyjlo|03|biz"; nocase; ) # smnbumh52h3gpd5149eft8s3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|smnbumh52h3gpd5149eft8s3|03|com"; nocase; ) # knj9xi1hzn5z81c5pvahoe9bxl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|knj9xi1hzn5z81c5pvahoe9bxl|03|biz"; nocase; ) # 2q8fs61m563tf1jf5od3qxz6kg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2q8fs61m563tf1jf5od3qxz6kg|03|net"; nocase; ) # 8ekzh1ie3i2m2l45ol1mp0wav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ekzh1ie3i2m2l45ol1mp0wav|03|org"; nocase; ) # bz9mdbu50co0b4ee0b1uoqkyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bz9mdbu50co0b4ee0b1uoqkyq|03|com"; nocase; ) # kx718t1myk4sh1913y9s1ajseef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kx718t1myk4sh1913y9s1ajseef|03|com"; nocase; ) # vn86on1unahqphj60he2whm8u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vn86on1unahqphj60he2whm8u|03|biz"; nocase; ) # kxilhd13tp1351t5umol7ttj2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kxilhd13tp1351t5umol7ttj2g|03|net"; nocase; ) # dot4lw10v4sqj12kqgxf1dlaz7z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dot4lw10v4sqj12kqgxf1dlaz7z|03|com"; nocase; ) # jigk8vlpq5813cmk2x1kmo11j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jigk8vlpq5813cmk2x1kmo11j|03|biz"; nocase; ) # 17mk66cuny23c11sbhyyp2royp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17mk66cuny23c11sbhyyp2royp|03|org"; nocase; ) # zozd4i6z8hhg11g4oxt1c9sp1k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zozd4i6z8hhg11g4oxt1c9sp1k|03|com"; nocase; ) # 1w23ws3omqfowr0gw6j1v14r0m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w23ws3omqfowr0gw6j1v14r0m|03|org"; nocase; ) # q7a5m11mk7w1zeiisvo1oi6owl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q7a5m11mk7w1zeiisvo1oi6owl|03|net"; nocase; ) # uihzov1hsm78ers5ytt7jr8sh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uihzov1hsm78ers5ytt7jr8sh|03|com"; nocase; ) # 18o0oy8otml326yhz3y6jsgh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18o0oy8otml326yhz3y6jsgh|03|biz"; nocase; ) # yhrgz56jqyfu1shh3r3dgf40w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yhrgz56jqyfu1shh3r3dgf40w|03|org"; nocase; ) # gbdefu10ndsav16srviz1py2jjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gbdefu10ndsav16srviz1py2jjx|03|org"; nocase; ) # 1j9kttl9ncj661opcknz1mj5m9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j9kttl9ncj661opcknz1mj5m9k|03|net"; nocase; ) # 1dyi8n6jgzvd31gn9jol15hwztt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dyi8n6jgzvd31gn9jol15hwztt|03|biz"; nocase; ) # 1bjd1f91puswj2k436ysdljrhn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjd1f91puswj2k436ysdljrhn|03|biz"; nocase; ) # dz6ihg1sex47a1pnnuci1xjg11c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dz6ihg1sex47a1pnnuci1xjg11c|03|net"; nocase; ) # gpsos613vjwzf152o3gl1pdqwt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gpsos613vjwzf152o3gl1pdqwt8|03|net"; nocase; ) # 9h5e9pnpxvzl1ut21ff1nqtt3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9h5e9pnpxvzl1ut21ff1nqtt3c|03|com"; nocase; ) # hp5ysm18vlsr318xd9g9ukj3qv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp5ysm18vlsr318xd9g9ukj3qv|03|biz"; nocase; ) # fgfgma1q64g2yfh23wh7xvv9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fgfgma1q64g2yfh23wh7xvv9|03|com"; nocase; ) # 12nvx5avmpg6e1twmigg11196yo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12nvx5avmpg6e1twmigg11196yo|03|biz"; nocase; ) # w78ert2aw8us1qoz74q1a724fv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w78ert2aw8us1qoz74q1a724fv|03|com"; nocase; ) # 15l5835rnftflqrmjjz17u3hi1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15l5835rnftflqrmjjz17u3hi1|03|org"; nocase; ) # 1azpzm31kh89s81qod9mka9gvok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1azpzm31kh89s81qod9mka9gvok|03|com"; nocase; ) # ps32a81lfl8wgt9vzde16243yv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ps32a81lfl8wgt9vzde16243yv|03|org"; nocase; ) # 137hivl11i8u8z1jlexxdy2z848.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137hivl11i8u8z1jlexxdy2z848|03|biz"; nocase; ) # 1ejkol6vngt4w16lqzbr1svmlq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ejkol6vngt4w16lqzbr1svmlq7|03|biz"; nocase; ) # 1f6dt9a1mkinhw1wa9fwmz4saja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6dt9a1mkinhw1wa9fwmz4saja|03|net"; nocase; ) # v0t28i17hepfw1kgzmtay8kbcw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v0t28i17hepfw1kgzmtay8kbcw|03|com"; nocase; ) # zslnuc15qpdxb163t5osppmu8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zslnuc15qpdxb163t5osppmu8a|03|org"; nocase; ) # wxvt4zmtg8z1ov6oai1voi4iz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxvt4zmtg8z1ov6oai1voi4iz|03|net"; nocase; ) # g154ch7cf46u13lvqkce06p5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g154ch7cf46u13lvqkce06p5i|03|biz"; nocase; ) # bpfecbho88fsqonlqf164uqc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpfecbho88fsqonlqf164uqc6|03|org"; nocase; ) # onw718fan2xajz89lql7cp1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|onw718fan2xajz89lql7cp1|03|com"; nocase; ) # 3lumh71m2g5jjr0ods8k49caj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3lumh71m2g5jjr0ods8k49caj|03|org"; nocase; ) # yntw0s15rl42mfqhnx11e2ip0n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yntw0s15rl42mfqhnx11e2ip0n|03|com"; nocase; ) # 1jcr0291c7sb9g1mnsb6fuq623b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jcr0291c7sb9g1mnsb6fuq623b|03|net"; nocase; ) # 2r96an7dmiu79fd0h91efdqqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2r96an7dmiu79fd0h91efdqqv|03|com"; nocase; ) # 9dvti41wdh3a11fkbn8517oqzj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9dvti41wdh3a11fkbn8517oqzj8|03|com"; nocase; ) # 1gmdauuv4kg7bkkof89yy4vj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gmdauuv4kg7bkkof89yy4vj|03|com"; nocase; ) # 1lktrrwakk1xx1w40ddrckab1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lktrrwakk1xx1w40ddrckab1d|03|com"; nocase; ) # lyt0ii1gh40q4muwn0aimfnpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lyt0ii1gh40q4muwn0aimfnpa|03|org"; nocase; ) # 1f3jo4zo8rp23uh4wrg1b9q9du.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3jo4zo8rp23uh4wrg1b9q9du|03|biz"; nocase; ) # 18hqogo1wf07821x7sfri1we2b26.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18hqogo1wf07821x7sfri1we2b26|03|com"; nocase; ) # wblthpp4w8smi2nur1ke8rjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wblthpp4w8smi2nur1ke8rjv|03|org"; nocase; ) # 1lu2ggz4qzdlkem4yav677ncl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lu2ggz4qzdlkem4yav677ncl|03|net"; nocase; ) # x533an201pa36m91zexd53lh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x533an201pa36m91zexd53lh|03|org"; nocase; ) # 17wjew1voscni975xez2qoouy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17wjew1voscni975xez2qoouy|03|biz"; nocase; ) # 9j7o0w1yg215611xtwmm3eef8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9j7o0w1yg215611xtwmm3eef8|03|com"; nocase; ) # yb1yxt24sxdtiswqnc1isjzf0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yb1yxt24sxdtiswqnc1isjzf0|03|biz"; nocase; ) # eyca1n13goo54alwvbc1nly0dy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eyca1n13goo54alwvbc1nly0dy|03|com"; nocase; ) # u5ehjt9w8pk91esvcp0rf1sdt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u5ehjt9w8pk91esvcp0rf1sdt|03|net"; nocase; ) # 1n2tqjqoydv1d1kmqhqp1je9i82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n2tqjqoydv1d1kmqhqp1je9i82|03|org"; nocase; ) # 1wgbzhjn3wamg1r6s29f1cujn1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wgbzhjn3wamg1r6s29f1cujn1x|03|org"; nocase; ) # 1iugmkm1ikz5ei7rt31h1ts5sj8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iugmkm1ikz5ei7rt31h1ts5sj8|03|net"; nocase; ) # 1lr32gm44c87uj57urh1tw852w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lr32gm44c87uj57urh1tw852w|03|biz"; nocase; ) # 3q0ev21s9itf0fkxjarcr2w7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3q0ev21s9itf0fkxjarcr2w7v|03|org"; nocase; ) # y4nzkx1qxijzsf29p936cv6n3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y4nzkx1qxijzsf29p936cv6n3|03|net"; nocase; ) # ww02j819dlv1zzjza7715xf6j7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ww02j819dlv1zzjza7715xf6j7|03|com"; nocase; ) # hui2avh74j7n1697uj81r51dys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hui2avh74j7n1697uj81r51dys|03|org"; nocase; ) # 1imdox7udun6o6pqm94xrfem5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1imdox7udun6o6pqm94xrfem5|03|com"; nocase; ) # rmtrzr6oxmxz13srhlw1ef50bu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rmtrzr6oxmxz13srhlw1ef50bu|03|org"; nocase; ) # 17afit0w7hcwo4httag73ne48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17afit0w7hcwo4httag73ne48|03|net"; nocase; ) # 1y7lv863n3qwzoijxj5njptlz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y7lv863n3qwzoijxj5njptlz|03|com"; nocase; ) # 9ka5lffip3yo1akg84tw67hz4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ka5lffip3yo1akg84tw67hz4|03|org"; nocase; ) # souv5o2j6kwkt603lfd907qf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|souv5o2j6kwkt603lfd907qf|03|net"; nocase; ) # 3q7z9fx5zy5sk7j9q11yygwcn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3q7z9fx5zy5sk7j9q11yygwcn|03|biz"; nocase; ) # 7ba0bwn5sn31qvdgz4ntlvd7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7ba0bwn5sn31qvdgz4ntlvd7|03|com"; nocase; ) # cc6otz1pftv07169rjnm150d634.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cc6otz1pftv07169rjnm150d634|03|com"; nocase; ) # rq88gg4xkkr0117bd1t1xu84ll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rq88gg4xkkr0117bd1t1xu84ll|03|org"; nocase; ) # 1b7n9p05sv3xyim1236dk1523.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b7n9p05sv3xyim1236dk1523|03|net"; nocase; ) # df0guz1kbwfpdygvvcek3i1fj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|df0guz1kbwfpdygvvcek3i1fj|03|biz"; nocase; ) # 1sz6bo51mzvfuppovm4u1xuby99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sz6bo51mzvfuppovm4u1xuby99|03|org"; nocase; ) # nz54libomwxy104y11a1unk0m3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nz54libomwxy104y11a1unk0m3|03|org"; nocase; ) # 1lovpt8fnb3t1r6demjtjr8xq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lovpt8fnb3t1r6demjtjr8xq|03|com"; nocase; ) # 1ki8r2o1kznppxdr3f8p1h35i9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ki8r2o1kznppxdr3f8p1h35i9t|03|net"; nocase; ) # npr30f1q58nf019ix06l1d24arf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|npr30f1q58nf019ix06l1d24arf|03|biz"; nocase; ) # 1tlcz4g1cyez991w53wrkqvkotu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tlcz4g1cyez991w53wrkqvkotu|03|net"; nocase; ) # bbsz2g186mgk91mqqg95dbqqj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bbsz2g186mgk91mqqg95dbqqj1|03|biz"; nocase; ) # vvqzsm9qh2h719ag3r21e5fu9g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vvqzsm9qh2h719ag3r21e5fu9g|03|net"; nocase; ) # jpq3mtpl9kq1q1lae6oiaske.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jpq3mtpl9kq1q1lae6oiaske|03|net"; nocase; ) # v72ajg12ghhq1485hiw1vc2ybp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v72ajg12ghhq1485hiw1vc2ybp|03|org"; nocase; ) # 1rnhsx9wikz6fbqfdl213xhhiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rnhsx9wikz6fbqfdl213xhhiv|03|net"; nocase; ) # 3so1sq35z5mo15z8ybb1c4msi3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3so1sq35z5mo15z8ybb1c4msi3|03|net"; nocase; ) # 17f1iwb1ne18zxmyvszx1x50ovq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17f1iwb1ne18zxmyvszx1x50ovq|03|net"; nocase; ) # e0rhfi19ylw8c1e634lw1t8ij9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e0rhfi19ylw8c1e634lw1t8ij9e|03|com"; nocase; ) # 16y6b8z1nnlx8lfo5kir13w4izp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16y6b8z1nnlx8lfo5kir13w4izp|03|net"; nocase; ) # a1vf7612ki4z8pm5wwp156n6zb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a1vf7612ki4z8pm5wwp156n6zb|03|net"; nocase; ) # 120tege1j8ji1t1gu405kcdua1m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|120tege1j8ji1t1gu405kcdua1m|03|org"; nocase; ) # m4c8ek2ivwsaap7dl212fw4bo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m4c8ek2ivwsaap7dl212fw4bo|03|com"; nocase; ) # 1c12g3mjlsps912am5nl1c0xaej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c12g3mjlsps912am5nl1c0xaej|03|com"; nocase; ) # 14mbqv318tfogz1qsh6dkwk9h88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14mbqv318tfogz1qsh6dkwk9h88|03|org"; nocase; ) # z6p21rdsq48s1ys6zdh13vs2wy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z6p21rdsq48s1ys6zdh13vs2wy|03|com"; nocase; ) # ac064r1k5o6we1atbvhl1eznsm7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ac064r1k5o6we1atbvhl1eznsm7|03|org"; nocase; ) # 1cjj7m11ay3jidysi7p3hmcf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cjj7m11ay3jidysi7p3hmcf2|03|org"; nocase; ) # k4fp4x160xm7w19uehuo1jlrm3i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k4fp4x160xm7w19uehuo1jlrm3i|03|org"; nocase; ) # 140eefg5fpuel1wp90nagz5y9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|140eefg5fpuel1wp90nagz5y9d|03|org"; nocase; ) # lnv83jeb7b8ni5fmfj1y3nr1i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lnv83jeb7b8ni5fmfj1y3nr1i|03|com"; nocase; ) # 7c2qpn10r2ii91x2gllq19u9olm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7c2qpn10r2ii91x2gllq19u9olm|03|net"; nocase; ) # 8lneyohc9hqsii1auu1bofhu2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8lneyohc9hqsii1auu1bofhu2|03|com"; nocase; ) # ya8juj5iatwgswh2jn13w1bgm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ya8juj5iatwgswh2jn13w1bgm|03|org"; nocase; ) # 1yxdnta1s61kpg14ytiu9hjn8e3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxdnta1s61kpg14ytiu9hjn8e3|03|net"; nocase; ) # 1j128zu1k8bdzx19q4dwfwtlz1e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j128zu1k8bdzx19q4dwfwtlz1e|03|biz"; nocase; ) # b0cbgk1q70w4ewekx7it4ne50.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b0cbgk1q70w4ewekx7it4ne50|03|org"; nocase; ) # 409v7o1kvheq9gc8s2h130uois.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|409v7o1kvheq9gc8s2h130uois|03|net"; nocase; ) # 96wuim1addj6i1pvqkhe6j0mcw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|96wuim1addj6i1pvqkhe6j0mcw|03|org"; nocase; ) # k3rrz719e6hev1f66iqbxtqtxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3rrz719e6hev1f66iqbxtqtxw|03|com"; nocase; ) # 1j60ae11dc0d83j784q140uvpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j60ae11dc0d83j784q140uvpw|03|net"; nocase; ) # 1o1gp0zkzvkyfj5pfuyfu12di.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o1gp0zkzvkyfj5pfuyfu12di|03|biz"; nocase; ) # z0gnbl16wszqh1q31s6j1e9h8tc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z0gnbl16wszqh1q31s6j1e9h8tc|03|org"; nocase; ) # jrbrjeycsi7lqhe5pr1kokbc7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jrbrjeycsi7lqhe5pr1kokbc7|03|com"; nocase; ) # 1cp04gqtu6you8xx43wiz2kv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1cp04gqtu6you8xx43wiz2kv|03|org"; nocase; ) # 1se529xkwibgf5qzdec1ki44il.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1se529xkwibgf5qzdec1ki44il|03|biz"; nocase; ) # 1afn5i612q51o74yimn5l2b1cn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1afn5i612q51o74yimn5l2b1cn|03|com"; nocase; ) # 1mc5a4t7lisn91aejjbv1oke22o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mc5a4t7lisn91aejjbv1oke22o|03|net"; nocase; ) # rzrt5k11zr1kmvjs3i3oqo1xc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rzrt5k11zr1kmvjs3i3oqo1xc|03|org"; nocase; ) # 2eood1bc4zn2fn9ar81kfof.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|2eood1bc4zn2fn9ar81kfof|03|net"; nocase; ) # 1m6l8w41qx1xqdlsi8rd1q402lp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m6l8w41qx1xqdlsi8rd1q402lp|03|org"; nocase; ) # 1aq8njy18ocghj1xfipv410f5e8y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aq8njy18ocghj1xfipv410f5e8y|03|net"; nocase; ) # 1wjbvb6hhuau3hdbrwv181j1nu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjbvb6hhuau3hdbrwv181j1nu|03|org"; nocase; ) # 1avbqfw1u3h6p1lwv3rbfwfh8t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1avbqfw1u3h6p1lwv3rbfwfh8t|03|net"; nocase; ) # 1irpvfs1n300c412qt36g1uxmqgj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1irpvfs1n300c412qt36g1uxmqgj|03|biz"; nocase; ) # 1chje5f19svcqn1662fx51mtso4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1chje5f19svcqn1662fx51mtso4p|03|net"; nocase; ) # 1g5skfew0ut81upejirp826jt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g5skfew0ut81upejirp826jt|03|org"; nocase; ) # 1l3iutho19jn0ofccw1m2zk9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l3iutho19jn0ofccw1m2zk9x|03|org"; nocase; ) # xb828nvgjpyz17jewz8vq6rhj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xb828nvgjpyz17jewz8vq6rhj|03|net"; nocase; ) # sawveo1y2e5iq1r0mj02peolk1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sawveo1y2e5iq1r0mj02peolk1|03|org"; nocase; ) # 1v3keh41bbc9y1hm6xuyy6u0jm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v3keh41bbc9y1hm6xuyy6u0jm|03|com"; nocase; ) # 144stcb1qymudp3pnh7ry7rtru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144stcb1qymudp3pnh7ry7rtru|03|net"; nocase; ) # 7xf8dm126ljyi1rrzf6r165zuuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7xf8dm126ljyi1rrzf6r165zuuw|03|org"; nocase; ) # y3bb032346bl3uucwy1fpypmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y3bb032346bl3uucwy1fpypmp|03|com"; nocase; ) # v9bz4wpyyrrt1dl3ui2bdexzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9bz4wpyyrrt1dl3ui2bdexzu|03|org"; nocase; ) # 1uul5rw1w0sq3l13rv3831rrtwb0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uul5rw1w0sq3l13rv3831rrtwb0|03|net"; nocase; ) # fsmidfcifzvbbrqz0t1sfxsfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fsmidfcifzvbbrqz0t1sfxsfs|03|com"; nocase; ) # 12b2p2xgfqenbxn7yc019bult.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12b2p2xgfqenbxn7yc019bult|03|biz"; nocase; ) # ppf4b8qdxnxb97zsh9exrd5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ppf4b8qdxnxb97zsh9exrd5i|03|biz"; nocase; ) # bqdn68u4eie41b9d98oy71par.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bqdn68u4eie41b9d98oy71par|03|biz"; nocase; ) # lbnpm4ny7xu61180trq1nsb4hp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lbnpm4ny7xu61180trq1nsb4hp|03|org"; nocase; ) # e6ho1fjo1bf8kewbucax76e2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e6ho1fjo1bf8kewbucax76e2|03|org"; nocase; ) # w5d20i124d3gx19rekt6d92td1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w5d20i124d3gx19rekt6d92td1|03|com"; nocase; ) # 1j9imvzpp3e5kwu4njx1vjk5jq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9imvzpp3e5kwu4njx1vjk5jq|03|org"; nocase; ) # 10x74gwgss6y419fz8wm1hjeh4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10x74gwgss6y419fz8wm1hjeh4z|03|com"; nocase; ) # 18sexmq1yjeyico52mn71gann38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18sexmq1yjeyico52mn71gann38|03|org"; nocase; ) # pxhg711pq5v7o19ae2xpc7y32c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pxhg711pq5v7o19ae2xpc7y32c|03|org"; nocase; ) # bwhdkbszu2ng1rrenhb18fmf4r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwhdkbszu2ng1rrenhb18fmf4r|03|net"; nocase; ) # r4894r1wydhs316mplrqg7rupg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4894r1wydhs316mplrqg7rupg|03|biz"; nocase; ) # wnb30x1epkc315oezes1kv5v31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wnb30x1epkc315oezes1kv5v31|03|net"; nocase; ) # k22gclm9mior10h0bua5n6565.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k22gclm9mior10h0bua5n6565|03|net"; nocase; ) # c0oetbacy54luth2m2sml98p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c0oetbacy54luth2m2sml98p|03|org"; nocase; ) # 1y0ioyj16mknx6pteu9raf29k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y0ioyj16mknx6pteu9raf29k|03|biz"; nocase; ) # m9u4961ytsniz110xguth6imvl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m9u4961ytsniz110xguth6imvl|03|biz"; nocase; ) # ik9aec2wyl0p1qdoehe11u6du6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ik9aec2wyl0p1qdoehe11u6du6|03|com"; nocase; ) # 1429l45r00zt1yze6a7x4al8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1429l45r00zt1yze6a7x4al8|03|net"; nocase; ) # cs1geo14g7mv7wbp44ezi8c5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs1geo14g7mv7wbp44ezi8c5u|03|net"; nocase; ) # xgcw47ynua461nk9mbh1gisbee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xgcw47ynua461nk9mbh1gisbee|03|biz"; nocase; ) # y2yfg61ee47do5aft731y9jgez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y2yfg61ee47do5aft731y9jgez|03|net"; nocase; ) # 1dkqscy4hnjb21eflnot12ncj4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dkqscy4hnjb21eflnot12ncj4j|03|biz"; nocase; ) # 1eycbed1em4xw0rfagdycie3uu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eycbed1em4xw0rfagdycie3uu|03|com"; nocase; ) # 5pvfhtlkl38jfyt7m1ssjt0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5pvfhtlkl38jfyt7m1ssjt0|03|biz"; nocase; ) # bkgmyq1gp4owey972b41xl01ow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bkgmyq1gp4owey972b41xl01ow|03|com"; nocase; ) # 1y2ehszk3fanh75fooi1cm6wnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2ehszk3fanh75fooi1cm6wnp|03|net"; nocase; ) # 1jr19bd2wzrvs8b9f0y6yeept.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jr19bd2wzrvs8b9f0y6yeept|03|net"; nocase; ) # 7jp8up1a3d2cv7nxub4155ifzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7jp8up1a3d2cv7nxub4155ifzj|03|com"; nocase; ) # 15mcjreq05qqtt141zc1ftj9ws.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mcjreq05qqtt141zc1ftj9ws|03|biz"; nocase; ) # idvxx41jfi46a1gdykvm1wbsgul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|idvxx41jfi46a1gdykvm1wbsgul|03|net"; nocase; ) # 1by091v54tamvfbhvox1wxpvza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1by091v54tamvfbhvox1wxpvza|03|net"; nocase; ) # 1sso6ul8eyxv81nr4dqy14ai28u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sso6ul8eyxv81nr4dqy14ai28u|03|com"; nocase; ) # 1l62yp61s5ek5pa0xjxwzrothg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l62yp61s5ek5pa0xjxwzrothg|03|com"; nocase; ) # v17erh18tgx101ty8z9x1mqx6l3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v17erh18tgx101ty8z9x1mqx6l3|03|org"; nocase; ) # z3uq4916efk4r12rj5lxg2lvw7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z3uq4916efk4r12rj5lxg2lvw7|03|com"; nocase; ) # eg3zxmq0owt18mrffeo0n3c8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eg3zxmq0owt18mrffeo0n3c8|03|net"; nocase; ) # 1bckle71wp17bym4uz710ofxgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bckle71wp17bym4uz710ofxgz|03|com"; nocase; ) # id6rwfl0w55w14lmrqs1x5jac4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|id6rwfl0w55w14lmrqs1x5jac4|03|com"; nocase; ) # 9pglhv16ly2fibstj6lc9mdut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pglhv16ly2fibstj6lc9mdut|03|net"; nocase; ) # 4g61m6dfzlta1onmdarmqgvc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4g61m6dfzlta1onmdarmqgvc8|03|net"; nocase; ) # isngbliop6401l0o4obtj8bn2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|isngbliop6401l0o4obtj8bn2|03|com"; nocase; ) # 1fip5x0a4chyjbsylpztfeckj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fip5x0a4chyjbsylpztfeckj|03|org"; nocase; ) # 1htl7r41qrtvnj98f2gjaucpd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1htl7r41qrtvnj98f2gjaucpd|03|net"; nocase; ) # 1kfex461gd8sxj1mxt2nl17vup4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kfex461gd8sxj1mxt2nl17vup4e|03|net"; nocase; ) # 1vjwrr41epf8ej86ii171uom9nx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vjwrr41epf8ej86ii171uom9nx|03|biz"; nocase; ) # uxcbtwls20461ued9jilklj7q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uxcbtwls20461ued9jilklj7q|03|com"; nocase; ) # zji4ny8wbkz10d67qeq6uy3p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zji4ny8wbkz10d67qeq6uy3p|03|org"; nocase; ) # 19njaim6pq9c31qn0wk11lh941g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19njaim6pq9c31qn0wk11lh941g|03|biz"; nocase; ) # faf1frp1we821sp0x4eb0ta9u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|faf1frp1we821sp0x4eb0ta9u|03|net"; nocase; ) # xgeka51clqs3uvfvax3bd7xdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xgeka51clqs3uvfvax3bd7xdb|03|com"; nocase; ) # xbpi7892wr1f1k0ht5m46373d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xbpi7892wr1f1k0ht5m46373d|03|net"; nocase; ) # 1vamfyi1qkqpi31rgpy0u1kht6ky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vamfyi1qkqpi31rgpy0u1kht6ky|03|com"; nocase; ) # b0za4j9lv15e1269y9b1n2c8im.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0za4j9lv15e1269y9b1n2c8im|03|biz"; nocase; ) # tq84ao17tt9va16y599p10hrdx7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tq84ao17tt9va16y599p10hrdx7|03|net"; nocase; ) # n7jceam78wwcrylcth104jwu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n7jceam78wwcrylcth104jwu|03|org"; nocase; ) # tszy87m0hw10x400ryo0wl4a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tszy87m0hw10x400ryo0wl4a|03|biz"; nocase; ) # auatyeu1hy2r7tjl4q1kup3w2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|auatyeu1hy2r7tjl4q1kup3w2|03|net"; nocase; ) # 1go59qcpt0vw11q5iwtf1ld1e04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1go59qcpt0vw11q5iwtf1ld1e04|03|net"; nocase; ) # a1yjvg1o0fv4314dtu631p35030.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a1yjvg1o0fv4314dtu631p35030|03|org"; nocase; ) # 1q5imo7gutw8282k9m9ugruku.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q5imo7gutw8282k9m9ugruku|03|net"; nocase; ) # 19wscus1290em6zrmrcqsbtiis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19wscus1290em6zrmrcqsbtiis|03|com"; nocase; ) # cuoy0o1f349d71vxl184dezz1i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cuoy0o1f349d71vxl184dezz1i|03|net"; nocase; ) # 1a11h4x31jphe8wrece1n1qpwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a11h4x31jphe8wrece1n1qpwg|03|org"; nocase; ) # ol4y85jjdtof1irxdo61muc3fy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ol4y85jjdtof1irxdo61muc3fy|03|biz"; nocase; ) # b3aw64r1hln41sbd349107xb3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b3aw64r1hln41sbd349107xb3o|03|net"; nocase; ) # 11xvoa71cqx5kv1mqixtuze29z6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11xvoa71cqx5kv1mqixtuze29z6|03|com"; nocase; ) # 1nbbtuxalfi3c82p73zs7aqqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nbbtuxalfi3c82p73zs7aqqv|03|org"; nocase; ) # 1rvb2qj6paqstpflxn5uam3dj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rvb2qj6paqstpflxn5uam3dj|03|net"; nocase; ) # 1g2iwul8jn0st12zucmkkfrsj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g2iwul8jn0st12zucmkkfrsj3|03|net"; nocase; ) # 1fiuivd1jb5wz7it8yim1rvpziz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fiuivd1jb5wz7it8yim1rvpziz|03|com"; nocase; ) # 1ivb3u01p229cs1p5lppfufdl7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ivb3u01p229cs1p5lppfufdl7l|03|net"; nocase; ) # eecvaludnfubgfeq5mg1ugr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|eecvaludnfubgfeq5mg1ugr|03|biz"; nocase; ) # 1qet3gq412rwke2m3n712ive24.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qet3gq412rwke2m3n712ive24|03|org"; nocase; ) # xq4wi0yalbt81h3f7wk7ow80d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xq4wi0yalbt81h3f7wk7ow80d|03|net"; nocase; ) # 6coe2s1qyq6vg19wca8xrn35bl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6coe2s1qyq6vg19wca8xrn35bl|03|net"; nocase; ) # 1vefnu81p3iy2go3tyoztc8h4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vefnu81p3iy2go3tyoztc8h4|03|org"; nocase; ) # 119b24n160o4nb1p8g9wu69ra5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|119b24n160o4nb1p8g9wu69ra5y|03|com"; nocase; ) # 90d8hn1gs9mfj1srjddo121nyjz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|90d8hn1gs9mfj1srjddo121nyjz|03|biz"; nocase; ) # 1yi31csp8cnjgryiq8ma4yp6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yi31csp8cnjgryiq8ma4yp6a|03|org"; nocase; ) # mqy1cu1q88tq887dsit1qjt66.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqy1cu1q88tq887dsit1qjt66|03|biz"; nocase; ) # 103giwk1arulbn14frvu71q7pdi2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|103giwk1arulbn14frvu71q7pdi2|03|org"; nocase; ) # oc6leik2u7rr2tz7zi1kumttx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oc6leik2u7rr2tz7zi1kumttx|03|org"; nocase; ) # 1m2oqyicgxbo51d3tpbc15qqu7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2oqyicgxbo51d3tpbc15qqu7f|03|net"; nocase; ) # 89qi9yfiltf61bvjfx6li9xx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89qi9yfiltf61bvjfx6li9xx1|03|biz"; nocase; ) # 4tyzxl1nfd16f1c8fkol1y1l9ed.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4tyzxl1nfd16f1c8fkol1y1l9ed|03|biz"; nocase; ) # k5xb061m86althdz5le1m4pbv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5xb061m86althdz5le1m4pbv|03|biz"; nocase; ) # jd7eji1h80lh41tywp241rzooje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jd7eji1h80lh41tywp241rzooje|03|org"; nocase; ) # oq26excophwwfvpgz2nwoeew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oq26excophwwfvpgz2nwoeew|03|biz"; nocase; ) # 11l7a1s19n32nbnavvjs11vfswk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11l7a1s19n32nbnavvjs11vfswk|03|net"; nocase; ) # 17o3lfi19x3edulhz344173dm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17o3lfi19x3edulhz344173dm|03|org"; nocase; ) # 5kuh3m1mba48f1ofacvwwgt7nq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5kuh3m1mba48f1ofacvwwgt7nq|03|biz"; nocase; ) # 5ygoddnylihvq0dd2mb57ff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5ygoddnylihvq0dd2mb57ff|03|com"; nocase; ) # 14et5byoew2u13p84gxarpzwj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14et5byoew2u13p84gxarpzwj|03|org"; nocase; ) # 1xmlun31e96kfjzkkcct1iemiyw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xmlun31e96kfjzkkcct1iemiyw|03|net"; nocase; ) # i7vzqy1l7l993u457gh1h2y7c8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7vzqy1l7l993u457gh1h2y7c8|03|com"; nocase; ) # 9bes6lz83neazlnyrr1vip4dy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bes6lz83neazlnyrr1vip4dy|03|org"; nocase; ) # 1jabo476qwn191c9pj8669ahqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jabo476qwn191c9pj8669ahqw|03|biz"; nocase; ) # 62b9l3142pirx102e8e2dmfhgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|62b9l3142pirx102e8e2dmfhgb|03|org"; nocase; ) # 1303bk8htwoiaq96x3719bbfwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1303bk8htwoiaq96x3719bbfwt|03|com"; nocase; ) # 1r7rfzz1alsom71yer6yv1cmil5u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r7rfzz1alsom71yer6yv1cmil5u|03|com"; nocase; ) # 174ma7v8xnhfi59vstb1vplhhj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|174ma7v8xnhfi59vstb1vplhhj|03|net"; nocase; ) # fzfhun3iw0vwpa8qe4gmdla0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fzfhun3iw0vwpa8qe4gmdla0|03|biz"; nocase; ) # 9b2lob1qjm93x80lgp8u0xn3q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9b2lob1qjm93x80lgp8u0xn3q|03|biz"; nocase; ) # 3lfmh6lrfhvym2y63fupuql5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3lfmh6lrfhvym2y63fupuql5|03|net"; nocase; ) # q36yix1p9m1aed6w3eu1lja7lu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q36yix1p9m1aed6w3eu1lja7lu|03|biz"; nocase; ) # 3o1g43kofixj3z4uo2tvkbv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3o1g43kofixj3z4uo2tvkbv3|03|org"; nocase; ) # 1a9dvbg139vu2z1qjah1t1egzxw3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a9dvbg139vu2z1qjah1t1egzxw3|03|org"; nocase; ) # 4e7jw71igzucz1d65okppm25ke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4e7jw71igzucz1d65okppm25ke|03|net"; nocase; ) # cbrpob1p9kt4o2edim711qca0i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cbrpob1p9kt4o2edim711qca0i|03|org"; nocase; ) # xb0yuo1n2i94s1aidr0o18tv6f7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xb0yuo1n2i94s1aidr0o18tv6f7|03|biz"; nocase; ) # k5ci7d1vxmhmj19nxwjhwkuivu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k5ci7d1vxmhmj19nxwjhwkuivu|03|net"; nocase; ) # 1xcjjq1wgmazft2hnjv7x3uy4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xcjjq1wgmazft2hnjv7x3uy4|03|com"; nocase; ) # dsnntc1c95o4pj0xxcd1mfti7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsnntc1c95o4pj0xxcd1mfti7k|03|net"; nocase; ) # 1noscuc1kgnnhi1ykpaaydi5jsb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1noscuc1kgnnhi1ykpaaydi5jsb|03|com"; nocase; ) # xszg5m1jj0ituvprf6m16fiw0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xszg5m1jj0ituvprf6m16fiw0e|03|com"; nocase; ) # n6xrpxp31r1o1awdi5q1odkd5k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6xrpxp31r1o1awdi5q1odkd5k|03|org"; nocase; ) # 14msa1fyt1ugaytithaftk7v4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14msa1fyt1ugaytithaftk7v4|03|net"; nocase; ) # 1pw5llwxjkhsw10tkbzl13t4nbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pw5llwxjkhsw10tkbzl13t4nbj|03|org"; nocase; ) # r46u1nm2zu1st92nw14gwzmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r46u1nm2zu1st92nw14gwzmu|03|net"; nocase; ) # 18ib1kfgyi7dt37bj8f1vbxgrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ib1kfgyi7dt37bj8f1vbxgrv|03|org"; nocase; ) # 5hgzo6v1069h196kdswns6ids.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5hgzo6v1069h196kdswns6ids|03|net"; nocase; ) # 864jgdq4gi6bqx31yofztpwz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|864jgdq4gi6bqx31yofztpwz|03|org"; nocase; ) # 106b02iqe0p46ugc0ig1vwudi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|106b02iqe0p46ugc0ig1vwudi7|03|net"; nocase; ) # 1u465g7lx0zkm1lxix69k3jdhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u465g7lx0zkm1lxix69k3jdhr|03|com"; nocase; ) # 1003uiqcsdrn2c31ms32diaxc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1003uiqcsdrn2c31ms32diaxc|03|org"; nocase; ) # 1sr1samb80nrl2bn8ws1uxnpso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sr1samb80nrl2bn8ws1uxnpso|03|com"; nocase; ) # fp08cx17jl2lnaj8pjf1phle3n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fp08cx17jl2lnaj8pjf1phle3n|03|com"; nocase; ) # t4w2q15lbdutxwlap83t73a1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t4w2q15lbdutxwlap83t73a1|03|net"; nocase; ) # 1az2lx914acjxe1vnuqwc1phcl9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1az2lx914acjxe1vnuqwc1phcl9b|03|com"; nocase; ) # 8jkand1v4s6qk1gdc0kcoav2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8jkand1v4s6qk1gdc0kcoav2z|03|net"; nocase; ) # 1tsw9xtbbso7fc51jfr1x7h3n2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tsw9xtbbso7fc51jfr1x7h3n2|03|com"; nocase; ) # 620qe51rgulnmu8eq00m0uhql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|620qe51rgulnmu8eq00m0uhql|03|net"; nocase; ) # 42qiye19h8v94jr4e7ycmqg0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42qiye19h8v94jr4e7ycmqg0x|03|org"; nocase; ) # i7iqrb1m512lh1rmp4z2eypw39.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7iqrb1m512lh1rmp4z2eypw39|03|com"; nocase; ) # r4zzr1gslxn21rnbkl1idfjor.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4zzr1gslxn21rnbkl1idfjor|03|org"; nocase; ) # 1ioc8elscbw3u15ba8a71vqk3cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ioc8elscbw3u15ba8a71vqk3cj|03|net"; nocase; ) # q1jn9t1nfgju0me58fs1d9aswe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q1jn9t1nfgju0me58fs1d9aswe|03|org"; nocase; ) # 1k8o4bs1vi72r91p0x5ph14td7hl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k8o4bs1vi72r91p0x5ph14td7hl|03|biz"; nocase; ) # lpl6vovwii501oe2r7s7laglf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lpl6vovwii501oe2r7s7laglf|03|net"; nocase; ) # b2exj791l2bolfk7251fl7df7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b2exj791l2bolfk7251fl7df7|03|net"; nocase; ) # h23j18aq9m321apj7ogrj0v5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h23j18aq9m321apj7ogrj0v5z|03|org"; nocase; ) # zjpl9g17yepyzqugipeqlqb1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjpl9g17yepyzqugipeqlqb1f|03|biz"; nocase; ) # dpy7zhygaguk15al29e1ragqhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpy7zhygaguk15al29e1ragqhw|03|net"; nocase; ) # mu6kjxj0x7z1zfa8cz1xr14nm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mu6kjxj0x7z1zfa8cz1xr14nm|03|net"; nocase; ) # 1apeka01oh2as16ld3wv8cde0f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1apeka01oh2as16ld3wv8cde0f|03|org"; nocase; ) # csnlemaklv9q1mqvx0l1qrwl8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csnlemaklv9q1mqvx0l1qrwl8o|03|org"; nocase; ) # o6bixk6kleumh08lq41emqcf6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o6bixk6kleumh08lq41emqcf6|03|net"; nocase; ) # 104jufu1p4fjqsqw34cv1b0d3yg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|104jufu1p4fjqsqw34cv1b0d3yg|03|org"; nocase; ) # xf05yjwbkeg2izn5p0abvzrh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xf05yjwbkeg2izn5p0abvzrh|03|biz"; nocase; ) # 1wew9cfivt3cv1nvwzq9hgcga8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wew9cfivt3cv1nvwzq9hgcga8|03|net"; nocase; ) # 6g45uzu80dqxi7v38bzt3lge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6g45uzu80dqxi7v38bzt3lge|03|com"; nocase; ) # wr4zto6ga6cv1ls5lengygu3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wr4zto6ga6cv1ls5lengygu3o|03|net"; nocase; ) # exaeh01cl86wl1ytvfbwecrxpx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exaeh01cl86wl1ytvfbwecrxpx|03|com"; nocase; ) # la0pds1dwd54stumtf51kgvinc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|la0pds1dwd54stumtf51kgvinc|03|net"; nocase; ) # 7iunba1xzxs3izci81a1ehtn3b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7iunba1xzxs3izci81a1ehtn3b|03|com"; nocase; ) # it24hu1b7ue8szo220uxlte5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|it24hu1b7ue8szo220uxlte5z|03|com"; nocase; ) # 163g97xalgt3gl090gdiptf5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|163g97xalgt3gl090gdiptf5p|03|net"; nocase; ) # 14nxd8z2jfstoed9osi3pmur4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14nxd8z2jfstoed9osi3pmur4|03|net"; nocase; ) # 1om2nrtx80lgf17mj2jn2yt12v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1om2nrtx80lgf17mj2jn2yt12v|03|org"; nocase; ) # dgwhnm1fp6iyo1e2u5k2a1gle6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dgwhnm1fp6iyo1e2u5k2a1gle6|03|org"; nocase; ) # 1nkcoc81u4khdn1h5mz651bz09sk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nkcoc81u4khdn1h5mz651bz09sk|03|net"; nocase; ) # avbdkadxzsx6plnpsd1cp7fxb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|avbdkadxzsx6plnpsd1cp7fxb|03|net"; nocase; ) # xtmvz01r10cirhee4dcsfxsfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtmvz01r10cirhee4dcsfxsfa|03|org"; nocase; ) # 18y1huwhu1up81oi3duv1eek1xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18y1huwhu1up81oi3duv1eek1xh|03|net"; nocase; ) # 17xf624lroonyihn7341er3xno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17xf624lroonyihn7341er3xno|03|com"; nocase; ) # a2r8yr9k55xs1vv0jlkzv1sn8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a2r8yr9k55xs1vv0jlkzv1sn8|03|org"; nocase; ) # 1bzv9b71kvx4ff1kwqsvk1urd3l3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bzv9b71kvx4ff1kwqsvk1urd3l3|03|net"; nocase; ) # 8oa6o9zwhc0r1fvsf3ucqhzsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8oa6o9zwhc0r1fvsf3ucqhzsi|03|net"; nocase; ) # l8vdg7163bcb8v94ett1s6zd95.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l8vdg7163bcb8v94ett1s6zd95|03|biz"; nocase; ) # 1h7yb6atzhh4x9fvvsd1fmfqp1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h7yb6atzhh4x9fvvsd1fmfqp1|03|com"; nocase; ) # 7bodu01fotjy3d7qb10rz090w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7bodu01fotjy3d7qb10rz090w|03|net"; nocase; ) # rony4g1biwt8m1it0outws3qes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rony4g1biwt8m1it0outws3qes|03|com"; nocase; ) # 1vbh2z6uvdlwy1cyxws02uylcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbh2z6uvdlwy1cyxws02uylcg|03|com"; nocase; ) # 1kpi9yonsnmi3g7otzl19c42it.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpi9yonsnmi3g7otzl19c42it|03|net"; nocase; ) # 1nt80wuz6zd8ovaju131ov7qsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nt80wuz6zd8ovaju131ov7qsy|03|com"; nocase; ) # 1aa8d4e1ypadeqfdztto0lcwj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aa8d4e1ypadeqfdztto0lcwj|03|org"; nocase; ) # 9toexqhb7d3r1kcdr8gs7r0ao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9toexqhb7d3r1kcdr8gs7r0ao|03|net"; nocase; ) # 11av9vlsqopil1jsxk0z433q0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11av9vlsqopil1jsxk0z433q0g|03|net"; nocase; ) # 10657vdzhrcdf1599euqxlybdz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10657vdzhrcdf1599euqxlybdz|03|biz"; nocase; ) # 5t723thugjnm8qbark5n48qz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5t723thugjnm8qbark5n48qz|03|com"; nocase; ) # p2dp55ir1a5y1err6xuozsvcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p2dp55ir1a5y1err6xuozsvcm|03|net"; nocase; ) # 1i878q61bn1x4qhm1in6oay8jz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i878q61bn1x4qhm1in6oay8jz|03|biz"; nocase; ) # 548izytcnax71m7l4b0e4f28v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|548izytcnax71m7l4b0e4f28v|03|org"; nocase; ) # 1txd9ohukmu3h48rl9v1t7ok0k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1txd9ohukmu3h48rl9v1t7ok0k|03|biz"; nocase; ) # hkyvoj13bq20818nae5y12l0is4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hkyvoj13bq20818nae5y12l0is4|03|net"; nocase; ) # 14a5q9l3p9dtg19315np1fm6rwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14a5q9l3p9dtg19315np1fm6rwq|03|biz"; nocase; ) # pktkhm1i137y0vmwom44mcxoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pktkhm1i137y0vmwom44mcxoj|03|org"; nocase; ) # fccl3c18pyd581d4hbbj1t0v42p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fccl3c18pyd581d4hbbj1t0v42p|03|net"; nocase; ) # 1x08vo296lh2x10q9wuowmx6rc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x08vo296lh2x10q9wuowmx6rc|03|org"; nocase; ) # 7h9s7t1qcg0wl1nmqk511lm4f64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7h9s7t1qcg0wl1nmqk511lm4f64|03|net"; nocase; ) # kj0ksmnu36zl1mk06pl1x0ndtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kj0ksmnu36zl1mk06pl1x0ndtm|03|net"; nocase; ) # 1m0xl8d19z14ne1qrml7t1bs7i2d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m0xl8d19z14ne1qrml7t1bs7i2d|03|biz"; nocase; ) # jfd6exc3evw11omdjvh1ew7whc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jfd6exc3evw11omdjvh1ew7whc|03|net"; nocase; ) # 1j5vtxl55gqgzq0yzo6vslfz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1j5vtxl55gqgzq0yzo6vslfz|03|biz"; nocase; ) # ih4479k4gp8o1cevyeox3i6ot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ih4479k4gp8o1cevyeox3i6ot|03|net"; nocase; ) # 1sia7jn388yvf1gpvrkr7himpv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sia7jn388yvf1gpvrkr7himpv|03|net"; nocase; ) # nzofntwx616152j5p4b6kprj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nzofntwx616152j5p4b6kprj|03|com"; nocase; ) # ccsgt515jukpu1awkdyn2mhdf9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ccsgt515jukpu1awkdyn2mhdf9|03|net"; nocase; ) # lq7ve1ohllf1txx9tq1sxtos1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lq7ve1ohllf1txx9tq1sxtos1|03|biz"; nocase; ) # qptf5yoklxtqktr3gyv0dojg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qptf5yoklxtqktr3gyv0dojg|03|org"; nocase; ) # 14n7moom6p06uhd7ykqedm7x9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14n7moom6p06uhd7ykqedm7x9|03|net"; nocase; ) # i7vyx92ncadu6lyfn219qxsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i7vyx92ncadu6lyfn219qxsq|03|org"; nocase; ) # gurk8d1jvlyt714pc49s14sk8ca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gurk8d1jvlyt714pc49s14sk8ca|03|com"; nocase; ) # 1d47xtk1ql231l16c5kpj5djg1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d47xtk1ql231l16c5kpj5djg1x|03|com"; nocase; ) # nbzj801b09mwidkliw91jb39b8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000016999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nbzj801b09mwidkliw91jb39b8|03|com"; nocase; ) # 1vzr3me126vwir1o19kkq106211f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vzr3me126vwir1o19kkq106211f|03|org"; nocase; ) # 11dj5dxe4d4w7113ewswgu6c2k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11dj5dxe4d4w7113ewswgu6c2k|03|biz"; nocase; ) # 1fb73vp1efsowqhdodgf54od24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fb73vp1efsowqhdodgf54od24|03|com"; nocase; ) # 1cr5oen1zjs9g1oiw5xxxc8v7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cr5oen1zjs9g1oiw5xxxc8v7s|03|com"; nocase; ) # 2p3q10qorhgn1ercuo4wkpmx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2p3q10qorhgn1ercuo4wkpmx0|03|net"; nocase; ) # 1168cgw1vzr4tc1stn5oz1jn4fnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1168cgw1vzr4tc1stn5oz1jn4fnp|03|net"; nocase; ) # 1hwpqnk13g2qlf13dyp3h1x4fjsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hwpqnk13g2qlf13dyp3h1x4fjsh|03|net"; nocase; ) # zbsufhwrttlbj5tesyndnaqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zbsufhwrttlbj5tesyndnaqh|03|com"; nocase; ) # 1puk1alqaf78lvjoqqi1uti5n4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1puk1alqaf78lvjoqqi1uti5n4|03|org"; nocase; ) # 1aiqvar10e1ggjl26g65vd0l72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aiqvar10e1ggjl26g65vd0l72|03|org"; nocase; ) # 16uxvx08wi8jq4yg6r41rmntuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16uxvx08wi8jq4yg6r41rmntuy|03|net"; nocase; ) # 9ml6aclcj02ttzvt26bfmw6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9ml6aclcj02ttzvt26bfmw6m|03|org"; nocase; ) # jnlwno16cpgkv14tyalrqghttf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnlwno16cpgkv14tyalrqghttf|03|biz"; nocase; ) # a3719si3may3f6au4n1ukbq9z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3719si3may3f6au4n1ukbq9z|03|biz"; nocase; ) # 1xc1llom5kosrjudtk52vaaj5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xc1llom5kosrjudtk52vaaj5|03|net"; nocase; ) # 1pym8xn16q3ocm1k8b492a4msjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pym8xn16q3ocm1k8b492a4msjq|03|com"; nocase; ) # 1p6w29s6nmwq41e360of16unwv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p6w29s6nmwq41e360of16unwv0|03|net"; nocase; ) # mlv269bn6xy6ami6g6ez30jx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mlv269bn6xy6ami6g6ez30jx|03|net"; nocase; ) # lwuc3itfeq9b1nswnlfl56pn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lwuc3itfeq9b1nswnlfl56pn|03|org"; nocase; ) # 17d2wowyv7l961swk0p9rcvqmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17d2wowyv7l961swk0p9rcvqmh|03|com"; nocase; ) # w528mg1jvmgkfjnwj151dln8sm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w528mg1jvmgkfjnwj151dln8sm|03|net"; nocase; ) # qm16w918geuri1vsho561cnh7qr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qm16w918geuri1vsho561cnh7qr|03|org"; nocase; ) # 3amu2k7de4gg1dwy8vlmav58z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3amu2k7de4gg1dwy8vlmav58z|03|com"; nocase; ) # 1iaefvrlkigk1opoc8cbnyzn4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iaefvrlkigk1opoc8cbnyzn4|03|net"; nocase; ) # 1xgech5tvmax3jl83ol1i5gxpm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xgech5tvmax3jl83ol1i5gxpm|03|biz"; nocase; ) # 4h4zwmsi4gm1r17bha8m3mpg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4h4zwmsi4gm1r17bha8m3mpg|03|net"; nocase; ) # 18k9avd1yj3w0lch66mfjpudm1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18k9avd1yj3w0lch66mfjpudm1|03|org"; nocase; ) # 1qwbvn85rj9j28cecar1tkqnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qwbvn85rj9j28cecar1tkqnx|03|biz"; nocase; ) # glnai61mprj661mtj7t91vd8hrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|glnai61mprj661mtj7t91vd8hrv|03|com"; nocase; ) # 1xqxll315djai61ns86r31qexij0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xqxll315djai61ns86r31qexij0|03|org"; nocase; ) # 1kkfowudcp0ay1eelbc4txm5jg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkfowudcp0ay1eelbc4txm5jg|03|biz"; nocase; ) # svb9x2gtzajqxmv1e2bxpefk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|svb9x2gtzajqxmv1e2bxpefk|03|biz"; nocase; ) # uxaf0v4i4x9y1mv76w0rk5eyd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uxaf0v4i4x9y1mv76w0rk5eyd|03|net"; nocase; ) # r9oeqp3t1zk43snpm71t5tu84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r9oeqp3t1zk43snpm71t5tu84|03|net"; nocase; ) # 10bh7r9itv0cw1p0w44v1xie7m1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10bh7r9itv0cw1p0w44v1xie7m1|03|org"; nocase; ) # 1elrw91io2h7ht75zdxjlgycz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1elrw91io2h7ht75zdxjlgycz|03|net"; nocase; ) # 1mubbd12wcdh4ldai4ychsmh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mubbd12wcdh4ldai4ychsmh6|03|biz"; nocase; ) # 1o4v0oj11e4h2yjrv6ao1tiod4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4v0oj11e4h2yjrv6ao1tiod4t|03|com"; nocase; ) # 1xu63y51mprx7t6ytqy817orpxg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xu63y51mprx7t6ytqy817orpxg|03|org"; nocase; ) # 1am2hpd1nkjigg1p0gnfliezkik.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1am2hpd1nkjigg1p0gnfliezkik|03|org"; nocase; ) # 6xhgnsdfi6068g2cc0zr1r3o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6xhgnsdfi6068g2cc0zr1r3o|03|com"; nocase; ) # 1rqp54r7a09j8xn2l9f14hlsfo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqp54r7a09j8xn2l9f14hlsfo|03|biz"; nocase; ) # 1poum13w0o40t13mgryc1c8flop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1poum13w0o40t13mgryc1c8flop|03|org"; nocase; ) # 11ulhkp14vnbsm1iyipoi1do11ei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11ulhkp14vnbsm1iyipoi1do11ei|03|biz"; nocase; ) # 1q24aefe2mneh8mnq13zhof9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1q24aefe2mneh8mnq13zhof9|03|net"; nocase; ) # drrtva1yf9hwd1g4repu1eduwoq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|drrtva1yf9hwd1g4repu1eduwoq|03|net"; nocase; ) # 2hw2ra5umdv2l9uq4sgl844i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2hw2ra5umdv2l9uq4sgl844i|03|com"; nocase; ) # 16j2sfm161y8k112njmo4a6sle9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16j2sfm161y8k112njmo4a6sle9|03|com"; nocase; ) # 1v5sme6mdoc9o1tuf4zmi8qfpx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5sme6mdoc9o1tuf4zmi8qfpx|03|net"; nocase; ) # 129joncjfeofscfuo0u1qh5gfn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|129joncjfeofscfuo0u1qh5gfn|03|org"; nocase; ) # 1b91qsa1vngw6c44woveg6sd9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b91qsa1vngw6c44woveg6sd9t|03|net"; nocase; ) # 11343wf5vt8m91ld57bt17qtv76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11343wf5vt8m91ld57bt17qtv76|03|org"; nocase; ) # 1xytlp31kduc5g1bo9pdn1kcgk6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xytlp31kduc5g1bo9pdn1kcgk6n|03|net"; nocase; ) # 164lnos1k339sy188gm721klh9g3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|164lnos1k339sy188gm721klh9g3|03|biz"; nocase; ) # lmi1vg1hu2a7p10qoitr5aqfo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmi1vg1hu2a7p10qoitr5aqfo8|03|net"; nocase; ) # 10ayfsf1nyqx36yc2auaun1vb2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ayfsf1nyqx36yc2auaun1vb2|03|biz"; nocase; ) # 1v50x7ncxz5ab1pkj1t219al4kb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v50x7ncxz5ab1pkj1t219al4kb|03|org"; nocase; ) # 1d0v9xn11h36cn7rlnw79vk93s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0v9xn11h36cn7rlnw79vk93s|03|net"; nocase; ) # 1enb05138szrw1k3a19e11ejyuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1enb05138szrw1k3a19e11ejyuw|03|org"; nocase; ) # 1ksmmo41s5da1uewu97c1lwhl34.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ksmmo41s5da1uewu97c1lwhl34|03|biz"; nocase; ) # 1m50iq3lg22mw1234tzr1yog5v1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m50iq3lg22mw1234tzr1yog5v1|03|com"; nocase; ) # kp2aha19nbw7230j43x1ka3hb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kp2aha19nbw7230j43x1ka3hb1|03|net"; nocase; ) # 1vt5vc2zqy5f61p8o5cs1ga9kce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vt5vc2zqy5f61p8o5cs1ga9kce|03|biz"; nocase; ) # 1ley9433q0fhl1q321bajc52vt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ley9433q0fhl1q321bajc52vt|03|net"; nocase; ) # 193tv6no630bi8ad43ndtzs5l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|193tv6no630bi8ad43ndtzs5l|03|biz"; nocase; ) # bytom5lllfmvlvgyfbmekvi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|bytom5lllfmvlvgyfbmekvi|03|org"; nocase; ) # jk5a1qnpc1jvlhltjcwjbg4b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jk5a1qnpc1jvlhltjcwjbg4b|03|com"; nocase; ) # 1paj85p1o9q1cseob1qb61psel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1paj85p1o9q1cseob1qb61psel|03|com"; nocase; ) # 1xh75la9f5l9q722gqieo9j90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xh75la9f5l9q722gqieo9j90|03|com"; nocase; ) # 1ef152xoz204p50clm7972ix8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ef152xoz204p50clm7972ix8|03|net"; nocase; ) # 1oabua11eoiq8u1davl48340x3z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oabua11eoiq8u1davl48340x3z|03|com"; nocase; ) # 1qrof1gqxii619bhnhz1polj8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qrof1gqxii619bhnhz1polj8i|03|com"; nocase; ) # 16yfitqrd7it1ln88fz112jzzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16yfitqrd7it1ln88fz112jzzo|03|net"; nocase; ) # p5r6z91gjxg0a43k1q3xl4kkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5r6z91gjxg0a43k1q3xl4kkt|03|org"; nocase; ) # 1179ss8ssfdjt1psj7d3iw2uls.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1179ss8ssfdjt1psj7d3iw2uls|03|biz"; nocase; ) # 10wblc8xsc55r1y43ong1ijb664.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wblc8xsc55r1y43ong1ijb664|03|net"; nocase; ) # 1d5hjkl23qogv24kxc5t316mn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d5hjkl23qogv24kxc5t316mn|03|biz"; nocase; ) # aojfc7133wq3p1lz6viyit3p2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aojfc7133wq3p1lz6viyit3p2h|03|org"; nocase; ) # 112wdin7yoqaehakdla191x62h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112wdin7yoqaehakdla191x62h|03|com"; nocase; ) # 1u308t6lctcr41hg1ck01m9ghk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u308t6lctcr41hg1ck01m9ghk0|03|net"; nocase; ) # zu61bs1mdhfjiqc9ibe1o4czqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zu61bs1mdhfjiqc9ibe1o4czqj|03|com"; nocase; ) # 1oeu58r1fb1xbo27az7yfjqa1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oeu58r1fb1xbo27az7yfjqa1g|03|biz"; nocase; ) # is519vkdroms16qs64g3kxjk2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|is519vkdroms16qs64g3kxjk2|03|org"; nocase; ) # mx4f9g1wx99xnzjwx8dldno3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mx4f9g1wx99xnzjwx8dldno3m|03|org"; nocase; ) # g48sxi9hsmzj1htsyk5ty4a3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g48sxi9hsmzj1htsyk5ty4a3w|03|net"; nocase; ) # 15584u48bjzcq4zleph4qymds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15584u48bjzcq4zleph4qymds|03|biz"; nocase; ) # 1rkt2xm2xw20g6pus9e1se5et0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rkt2xm2xw20g6pus9e1se5et0|03|net"; nocase; ) # 164u8f1i3nnuc114k82fsmpgra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|164u8f1i3nnuc114k82fsmpgra|03|org"; nocase; ) # tsxe9z14sqt3imb2heg14tfzct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tsxe9z14sqt3imb2heg14tfzct|03|com"; nocase; ) # kay0jb1w0kz31adsahn1novaog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kay0jb1w0kz31adsahn1novaog|03|org"; nocase; ) # 4r9ge719v9l2v1bmpuffiqjgda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4r9ge719v9l2v1bmpuffiqjgda|03|net"; nocase; ) # qodwoclqfbeq377i6e1t5z8q1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qodwoclqfbeq377i6e1t5z8q1|03|org"; nocase; ) # 1hs8q9ptr38w91siovmk1vfkylp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hs8q9ptr38w91siovmk1vfkylp|03|net"; nocase; ) # ixhpcmm47yksgsahcq2xavx5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ixhpcmm47yksgsahcq2xavx5|03|org"; nocase; ) # 1wmh71jveq4cc1yaqd2x1din7eh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wmh71jveq4cc1yaqd2x1din7eh|03|com"; nocase; ) # jjhievwicq3eh5e9ey1t9pzse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jjhievwicq3eh5e9ey1t9pzse|03|org"; nocase; ) # 1xy1tyw19nrchtvqzcrimgjxiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xy1tyw19nrchtvqzcrimgjxiz|03|com"; nocase; ) # q2zxvle4nlix1iq9hxu12mnmf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q2zxvle4nlix1iq9hxu12mnmf5|03|net"; nocase; ) # 1566l671ot9qux1sf06tm1t1mcyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1566l671ot9qux1sf06tm1t1mcyf|03|net"; nocase; ) # c6y1yd8vvu12fxhsa894bpnw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c6y1yd8vvu12fxhsa894bpnw|03|net"; nocase; ) # 1xaowlkzr13wpna50pseapd5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xaowlkzr13wpna50pseapd5q|03|com"; nocase; ) # 1j3ofor1r7keja1krdccoos7v3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3ofor1r7keja1krdccoos7v3c|03|net"; nocase; ) # nlx83slo11c38rmw91q1o69u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nlx83slo11c38rmw91q1o69u|03|com"; nocase; ) # 6x0a8t1b51baj1wa00641sab4jo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6x0a8t1b51baj1wa00641sab4jo|03|net"; nocase; ) # 176ktb6cyivv78gzbcc1c9qn0v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|176ktb6cyivv78gzbcc1c9qn0v|03|com"; nocase; ) # hmzp721ezulrc1f07iwu1wwrrsw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hmzp721ezulrc1f07iwu1wwrrsw|03|com"; nocase; ) # 119tgl51ccyjxxua0u8k7wq66l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119tgl51ccyjxxua0u8k7wq66l|03|com"; nocase; ) # 1xtiwi3l5jw9dap6czc1i6on0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xtiwi3l5jw9dap6czc1i6on0f|03|net"; nocase; ) # yzh22t1sls0f3178ifa3m7jz6k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yzh22t1sls0f3178ifa3m7jz6k|03|net"; nocase; ) # izziw2g5oroztrgl105q8kk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|izziw2g5oroztrgl105q8kk5|03|com"; nocase; ) # zria2t1go69mo3s7sog17cn99w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zria2t1go69mo3s7sog17cn99w|03|biz"; nocase; ) # wud6ql1q0vqhqsno63lq4yp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wud6ql1q0vqhqsno63lq4yp6|03|com"; nocase; ) # 1618y62jxizyo6nwvzgtpuak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1618y62jxizyo6nwvzgtpuak|03|net"; nocase; ) # 1xmyai9qdqer31hdknbarkhw9r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmyai9qdqer31hdknbarkhw9r|03|biz"; nocase; ) # m0yfuxwhhp7qc8b55a1ls3da.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m0yfuxwhhp7qc8b55a1ls3da|03|com"; nocase; ) # 1orq7xuet7qtk1klyh2yhtvhhz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1orq7xuet7qtk1klyh2yhtvhhz|03|org"; nocase; ) # 1jbw9wg73o105139pdnm12316x8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jbw9wg73o105139pdnm12316x8|03|org"; nocase; ) # 1trfwidat9tll1jgx5jw1i26vri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1trfwidat9tll1jgx5jw1i26vri|03|com"; nocase; ) # 5se382y7li3h1vzfhou131vpr3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5se382y7li3h1vzfhou131vpr3|03|com"; nocase; ) # ysevom1l5nedf1i78i8uzicgv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ysevom1l5nedf1i78i8uzicgv|03|org"; nocase; ) # 1k4mttopm8g1dulndn8u4ls85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k4mttopm8g1dulndn8u4ls85|03|net"; nocase; ) # t9i1imawbqm71upriejrk48gr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t9i1imawbqm71upriejrk48gr|03|biz"; nocase; ) # 10ybrgs2mt2qb1okn1bw1mlo05c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ybrgs2mt2qb1okn1bw1mlo05c|03|com"; nocase; ) # i521dr1xb3rl7mg9272qawmul.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i521dr1xb3rl7mg9272qawmul|03|org"; nocase; ) # 83cksb9bi9dwttiwfv1swlu29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|83cksb9bi9dwttiwfv1swlu29|03|com"; nocase; ) # 16slqkc1g7lxi2juu1lu1m4c7u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16slqkc1g7lxi2juu1lu1m4c7u|03|biz"; nocase; ) # 20vbte169zzcc12vyad51dus4z7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|20vbte169zzcc12vyad51dus4z7|03|org"; nocase; ) # 16l33ml8i129ky5hhhpqgym9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16l33ml8i129ky5hhhpqgym9j|03|net"; nocase; ) # hq8584vdotwi1yiuzwy2aj8a9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hq8584vdotwi1yiuzwy2aj8a9|03|net"; nocase; ) # 1gl3q091nfiowjx4e1qduvmqyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gl3q091nfiowjx4e1qduvmqyd|03|org"; nocase; ) # 1nvoluw7doybv1dkhi1ro3cqbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nvoluw7doybv1dkhi1ro3cqbl|03|net"; nocase; ) # 1i1my7f3n0qu617m0z681leeof0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i1my7f3n0qu617m0z681leeof0|03|org"; nocase; ) # 1hdzzkma974wz18d1l51usuqd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hdzzkma974wz18d1l51usuqd4|03|net"; nocase; ) # izz2xk1p992n11oaifpj14se4xu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|izz2xk1p992n11oaifpj14se4xu|03|org"; nocase; ) # 1po23wf2x54y45w1n7h13yzo33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1po23wf2x54y45w1n7h13yzo33|03|net"; nocase; ) # 1ph8pz71t2w68156kxeb1xqam52.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ph8pz71t2w68156kxeb1xqam52|03|net"; nocase; ) # 2f6xt4tftffaqmw5671hsfp6f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2f6xt4tftffaqmw5671hsfp6f|03|net"; nocase; ) # 18e9ucc4m1krgp21ik241p9vg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18e9ucc4m1krgp21ik241p9vg|03|biz"; nocase; ) # 4o02fj6ag2uv17piaw41l7syzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4o02fj6ag2uv17piaw41l7syzu|03|net"; nocase; ) # 16ls9gv1m2jj0w5w4uwdz2oji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ls9gv1m2jj0w5w4uwdz2oji|03|net"; nocase; ) # 1w764g6lf577lhv4g4r1vd9wk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w764g6lf577lhv4g4r1vd9wk6|03|org"; nocase; ) # 12m86x1kjd45r16bkh944fb5ck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12m86x1kjd45r16bkh944fb5ck|03|net"; nocase; ) # 1pd8h2prnsojhu7e4b61t8esbj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pd8h2prnsojhu7e4b61t8esbj|03|biz"; nocase; ) # q1xqzc158oaix1v5loku1t3rr5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q1xqzc158oaix1v5loku1t3rr5s|03|net"; nocase; ) # 9q3nw813n6uxp1w7s3f7f970wp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9q3nw813n6uxp1w7s3f7f970wp|03|net"; nocase; ) # 1qsxn14tojejtchfvak15skfqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qsxn14tojejtchfvak15skfqh|03|biz"; nocase; ) # 1x2kjugsym9zoskl4yip3vrdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x2kjugsym9zoskl4yip3vrdi|03|net"; nocase; ) # uoah63c0y26jrxzn0dszznbe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uoah63c0y26jrxzn0dszznbe|03|biz"; nocase; ) # ivm9combvij11s2mgq99mpvcd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ivm9combvij11s2mgq99mpvcd|03|org"; nocase; ) # ts5id715plgzkv7r2cp1wacx1o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ts5id715plgzkv7r2cp1wacx1o|03|org"; nocase; ) # 5hquzwo66d76pvhjp4tjx9la.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5hquzwo66d76pvhjp4tjx9la|03|com"; nocase; ) # pyup06166qdou101paqt1mxvggd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pyup06166qdou101paqt1mxvggd|03|com"; nocase; ) # vo6p6bdesjkfho73y9uwqilq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vo6p6bdesjkfho73y9uwqilq|03|net"; nocase; ) # 1kqr6vbn5bephajeuon4tdijy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kqr6vbn5bephajeuon4tdijy|03|com"; nocase; ) # 10q206z17vgc1yursxxx16sg4sr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10q206z17vgc1yursxxx16sg4sr|03|net"; nocase; ) # 1qnd29wyd1iq31776xej19rg7t7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qnd29wyd1iq31776xej19rg7t7|03|com"; nocase; ) # kw6eekubo24zob1e351dsmzvl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kw6eekubo24zob1e351dsmzvl|03|com"; nocase; ) # ycxm7b1ko2165eyy3sl1dkysxn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycxm7b1ko2165eyy3sl1dkysxn|03|biz"; nocase; ) # 1bvzeg7n1s3ytgk7vds5792g8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bvzeg7n1s3ytgk7vds5792g8|03|com"; nocase; ) # 1yxdz5grc856gopefns2azzph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yxdz5grc856gopefns2azzph|03|net"; nocase; ) # mlnkl75kwv5urgb302c3njcv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mlnkl75kwv5urgb302c3njcv|03|biz"; nocase; ) # iv3jf4zww9cv16i2r02pkzu4m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iv3jf4zww9cv16i2r02pkzu4m|03|net"; nocase; ) # fmn7jq1hechu51gm06001gnbhga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fmn7jq1hechu51gm06001gnbhga|03|net"; nocase; ) # d6l97hwahcfqy8i38jlksl4d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d6l97hwahcfqy8i38jlksl4d|03|biz"; nocase; ) # 9v3dk3hvqbgj45nqju2aiqtc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9v3dk3hvqbgj45nqju2aiqtc|03|org"; nocase; ) # cdc437y0gjsodpyhr11hxdxev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cdc437y0gjsodpyhr11hxdxev|03|biz"; nocase; ) # tkem2f431a7q51lfp816malea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkem2f431a7q51lfp816malea|03|net"; nocase; ) # 1aaarcq1kd1fn2h558kkwnqy8c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aaarcq1kd1fn2h558kkwnqy8c|03|org"; nocase; ) # 19gmkq28yf7e0ki75tz3f0o6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19gmkq28yf7e0ki75tz3f0o6x|03|org"; nocase; ) # 121xldrc7b2hr1v8zt3515bycxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|121xldrc7b2hr1v8zt3515bycxn|03|com"; nocase; ) # 19zacfm1dsdv1w1wjlq72r09m2g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19zacfm1dsdv1w1wjlq72r09m2g|03|biz"; nocase; ) # p6dx3a1t6ki7o12l6o3krtnopx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p6dx3a1t6ki7o12l6o3krtnopx|03|biz"; nocase; ) # 6yzxji1qv3dgm1bf8drx1mk2ias.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6yzxji1qv3dgm1bf8drx1mk2ias|03|com"; nocase; ) # 10yu1xf12wd5hdcft6gc1skjauq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10yu1xf12wd5hdcft6gc1skjauq|03|com"; nocase; ) # 1h8ao4q2dnjr6tyxlju18pxcoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h8ao4q2dnjr6tyxlju18pxcoe|03|biz"; nocase; ) # 5pl7l1mw8gj818t786p124c6um.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5pl7l1mw8gj818t786p124c6um|03|net"; nocase; ) # 5w8ulf1n5js9a1ct0jy8hgjzt3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5w8ulf1n5js9a1ct0jy8hgjzt3|03|biz"; nocase; ) # ygog8w1yrrwas1ptyn1h1w4ybam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ygog8w1yrrwas1ptyn1h1w4ybam|03|com"; nocase; ) # zd30jb13lj0k712y0gfegdphjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zd30jb13lj0k712y0gfegdphjv|03|com"; nocase; ) # 1nsv7eyotksis1dqkkob8mpgn0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nsv7eyotksis1dqkkob8mpgn0|03|biz"; nocase; ) # 199jog5k2op271ghayj1wo9sar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|199jog5k2op271ghayj1wo9sar|03|net"; nocase; ) # 14bz79qr4zov7xtxdttycwop5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14bz79qr4zov7xtxdttycwop5|03|com"; nocase; ) # must291c3jlq0u5ztmohg46jg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|must291c3jlq0u5ztmohg46jg|03|com"; nocase; ) # 1mmrsitovquwj1yyoyup3on3qn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mmrsitovquwj1yyoyup3on3qn|03|net"; nocase; ) # t3jem4115fdyr1nfgiyg1h2z4ef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t3jem4115fdyr1nfgiyg1h2z4ef|03|com"; nocase; ) # jciai1lt3q0uxxbld7nxg7fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jciai1lt3q0uxxbld7nxg7fp|03|net"; nocase; ) # 1nm5cbiwsarjj1ffs5ua1j7qbep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nm5cbiwsarjj1ffs5ua1j7qbep|03|org"; nocase; ) # p0u0je1djti4efrcunf1do6j5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0u0je1djti4efrcunf1do6j5r|03|net"; nocase; ) # 1rmn8mn10yh9zy1181s5n1ftyc8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rmn8mn10yh9zy1181s5n1ftyc8i|03|org"; nocase; ) # 9d46zmkbnzy01tafcwe1uvzwz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9d46zmkbnzy01tafcwe1uvzwz3|03|com"; nocase; ) # 10ye2kv1e6rccscqmgyz1x66s8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ye2kv1e6rccscqmgyz1x66s8n|03|net"; nocase; ) # 1qkkuun1vijccq1cnw0uz1a8fpjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qkkuun1vijccq1cnw0uz1a8fpjt|03|net"; nocase; ) # 1ntqx921lbou571npdji2o2dzic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ntqx921lbou571npdji2o2dzic|03|org"; nocase; ) # 1604qofhqb1z215pv30qdijx1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1604qofhqb1z215pv30qdijx1s|03|biz"; nocase; ) # 1qk4ofv1wc3n0mpgeteeqwmvuu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qk4ofv1wc3n0mpgeteeqwmvuu|03|biz"; nocase; ) # 1g9ufgo1ov2lju1ql2hyc1g7p00n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g9ufgo1ov2lju1ql2hyc1g7p00n|03|com"; nocase; ) # 1e19gm01fn8rek1fdyi9t19s1s0b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e19gm01fn8rek1fdyi9t19s1s0b|03|biz"; nocase; ) # j2h8xg1ygoga819tpa8iughi4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2h8xg1ygoga819tpa8iughi4u|03|com"; nocase; ) # 1wti1cyx39i7n13p4rxj1xaxmqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wti1cyx39i7n13p4rxj1xaxmqa|03|net"; nocase; ) # 1hddc71b29ufyy3ztjx35v5aj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hddc71b29ufyy3ztjx35v5aj|03|com"; nocase; ) # kph973gznsxuf3pn5rb0koz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kph973gznsxuf3pn5rb0koz6|03|net"; nocase; ) # 1nv441w1mlhenmdf6l6x1s7lbcr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nv441w1mlhenmdf6l6x1s7lbcr|03|biz"; nocase; ) # ccz7nidjvdmgk62ibv8hu3mi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ccz7nidjvdmgk62ibv8hu3mi|03|com"; nocase; ) # 59s20tahlza815d4800h2jjjs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|59s20tahlza815d4800h2jjjs|03|biz"; nocase; ) # 1rlmjjl1so3icbo2o49fsf5rqz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rlmjjl1so3icbo2o49fsf5rqz|03|com"; nocase; ) # 12jgutt19y1xpz765shx3r90uj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12jgutt19y1xpz765shx3r90uj|03|com"; nocase; ) # 3cp7en1ixau4u13h88c21wxzyaz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3cp7en1ixau4u13h88c21wxzyaz|03|org"; nocase; ) # fsnzlpyw0i9d13zsrmt1d41zh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fsnzlpyw0i9d13zsrmt1d41zh9|03|com"; nocase; ) # 1gidf4z1f5m87ub84jkrwvnlap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gidf4z1f5m87ub84jkrwvnlap|03|net"; nocase; ) # hmzdgg1k0y6tb1n6ckdu1n1q0fe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hmzdgg1k0y6tb1n6ckdu1n1q0fe|03|org"; nocase; ) # 15c02qh14gqz1q64lfsn1lffxmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15c02qh14gqz1q64lfsn1lffxmp|03|net"; nocase; ) # 183euc5n4y7tcd4ilosud7cqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|183euc5n4y7tcd4ilosud7cqo|03|net"; nocase; ) # 1qguztyuz0qkb1cj4xbgo4hmla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qguztyuz0qkb1cj4xbgo4hmla|03|com"; nocase; ) # 1oj1fyh4450gz1xfgr8pml6nfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oj1fyh4450gz1xfgr8pml6nfo|03|com"; nocase; ) # 1ydeqf8g2t3idz2ax37olg4tw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ydeqf8g2t3idz2ax37olg4tw|03|net"; nocase; ) # kp4epimrn7ni145vqx61p150xl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kp4epimrn7ni145vqx61p150xl|03|org"; nocase; ) # 14t3nd71mmvez2jetjbl1wcxxwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14t3nd71mmvez2jetjbl1wcxxwa|03|org"; nocase; ) # yxvhgt1rj36slzoj3p61g9lxf0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yxvhgt1rj36slzoj3p61g9lxf0|03|com"; nocase; ) # 174zib3xg3usv1k7kbz13mpnc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|174zib3xg3usv1k7kbz13mpnc3|03|net"; nocase; ) # 188rt286rbcx8g5au5e1yhlmv0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|188rt286rbcx8g5au5e1yhlmv0|03|org"; nocase; ) # xcppim1rc0aihyexyagntmety.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xcppim1rc0aihyexyagntmety|03|net"; nocase; ) # 1gjxpzv13i3tn06bovmw6zs56l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gjxpzv13i3tn06bovmw6zs56l|03|org"; nocase; ) # u1c6l3bjxzd71at0mwj1gzj5ox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u1c6l3bjxzd71at0mwj1gzj5ox|03|biz"; nocase; ) # exewx7c00rff1jea85dbmp8qf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exewx7c00rff1jea85dbmp8qf|03|com"; nocase; ) # 1y7140csqnyf0tsmseq15g552a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y7140csqnyf0tsmseq15g552a|03|org"; nocase; ) # 1c7nyge1li3ua71m0j1ym6r7wuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c7nyge1li3ua71m0j1ym6r7wuk|03|net"; nocase; ) # 19pm54g1v0lur91ixvys21u0rqpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19pm54g1v0lur91ixvys21u0rqpz|03|net"; nocase; ) # z9gf3314hery71w34hgf8mlayp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z9gf3314hery71w34hgf8mlayp|03|com"; nocase; ) # 1k4spvm1ygykuivw6ipgy8mtyl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4spvm1ygykuivw6ipgy8mtyl|03|org"; nocase; ) # ume5ir1r1lm81rowzr711rjyyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ume5ir1r1lm81rowzr711rjyyu|03|com"; nocase; ) # 1oe2exo1lubzorrejfic51t8ev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oe2exo1lubzorrejfic51t8ev|03|net"; nocase; ) # 17z798r2i053mhfyeh410cp9aa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17z798r2i053mhfyeh410cp9aa|03|com"; nocase; ) # 1omw51218c78x13v9xz917d83mc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1omw51218c78x13v9xz917d83mc|03|org"; nocase; ) # 1cu75vx16jjhkr14om0zz1nejgca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cu75vx16jjhkr14om0zz1nejgca|03|com"; nocase; ) # 1nq1cs8r1me7c7k9eyf11jr07r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nq1cs8r1me7c7k9eyf11jr07r|03|com"; nocase; ) # q5a7ozoulo6f1dxekhz1qop8p7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q5a7ozoulo6f1dxekhz1qop8p7|03|org"; nocase; ) # 1onaigbcjpiyi1p1tdg1yhuqa1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1onaigbcjpiyi1p1tdg1yhuqa1|03|net"; nocase; ) # 1jueion6mzbwgzcen4b1eg2fsg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jueion6mzbwgzcen4b1eg2fsg|03|biz"; nocase; ) # rrmlc21rtlt5td37d191a8ka42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rrmlc21rtlt5td37d191a8ka42|03|net"; nocase; ) # xrn0762u73gf1kd4a60ev3twu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrn0762u73gf1kd4a60ev3twu|03|com"; nocase; ) # 7tf0f5kf8tu810wg1co4rkew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7tf0f5kf8tu810wg1co4rkew|03|com"; nocase; ) # 1amy1reuw5jgo1wmya6t5c1rgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1amy1reuw5jgo1wmya6t5c1rgx|03|net"; nocase; ) # y925h21d3sy1s11y56ue1bz9ijn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y925h21d3sy1s11y56ue1bz9ijn|03|com"; nocase; ) # 1w5trgr1yibxys1bb1jtg1rvl8m8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w5trgr1yibxys1bb1jtg1rvl8m8|03|net"; nocase; ) # envhjmcyognjagkm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017244; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|envhjmcyognjagkm|02|eu"; nocase; ) # rxygvejvwjrpoekm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017245; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rxygvejvwjrpoekm|02|eu"; nocase; ) # rtqtqgvjdbvjgihy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017246; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rtqtqgvjdbvjgihy|02|eu"; nocase; ) # rbwpchvbbpwlynol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017247; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rbwpchvbbpwlynol|02|eu"; nocase; ) # riplnuislqxnrgjl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017248; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|riplnuislqxnrgjl|02|eu"; nocase; ) # fjqtgpcixmhdeobx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017249; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fjqtgpcixmhdeobx|02|eu"; nocase; ) # fxcldecrgpwhpmdk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017250; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fxcldecrgpwhpmdk|02|eu"; nocase; ) # fmbdasonofmybxfw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017251; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fmbdasonofmybxfw|02|eu"; nocase; ) # yevinrsedhpfcxqe.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017252; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yevinrsedhpfcxqe|02|eu"; nocase; ) # sldtvlitflgwohuj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017253; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|sldtvlitflgwohuj|02|eu"; nocase; ) # mmpmramlarawtxpd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017254; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mmpmramlarawtxpd|02|eu"; nocase; ) # mwsejqliolguwacp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017255; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mwsejqliolguwacp|02|eu"; nocase; ) # gxfkffpajraucekj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017256; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gxfkffpajraucekj|02|eu"; nocase; ) # gbdtluofakfqmnoi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017257; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gbdtluofakfqmnoi|02|eu"; nocase; ) # gpoxuvboiauuxlqu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017258; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gpoxuvboiauuxlqu|02|eu"; nocase; ) # gwhtgwbggovwqelu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017259; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|gwhtgwbggovwqelu|02|eu"; nocase; ) # afavnyrclvqyonbo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017260; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|afavnyrclvqyonbo|02|eu"; nocase; ) # thxssoidoraqsplu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017261; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|thxssoidoraqsplu|02|eu"; nocase; ) # c568da0631a22efd88993c2cce0f4dc2ad.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017262; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c568da0631a22efd88993c2cce0f4dc2ad|02|to"; nocase; ) # f85dd4cf4cd7b6cfd8da63aa671af9c907.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017263; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f85dd4cf4cd7b6cfd8da63aa671af9c907|02|cn"; nocase; ) # pbde34ea9aade377c237df2ef264e456eb.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017264; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbde34ea9aade377c237df2ef264e456eb|02|so"; nocase; ) # r3ad628ee73097f038744f88146a28cc39.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017265; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3ad628ee73097f038744f88146a28cc39|02|ws"; nocase; ) # af0ff0d6eed39ab04b213e2d1525c3ae1b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017266; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af0ff0d6eed39ab04b213e2d1525c3ae1b|02|to"; nocase; ) # f7f797692d68bef9317c51db23c4d02b3d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017267; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7f797692d68bef9317c51db23c4d02b3d|02|so"; nocase; ) # gefd8a0b36fe05fa7cdd6ea707f633cf90.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017268; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gefd8a0b36fe05fa7cdd6ea707f633cf90|02|cc"; nocase; ) # k0c8e97b420f2dc7725ee6db17e18bf5d1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017269; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k0c8e97b420f2dc7725ee6db17e18bf5d1|02|hk"; nocase; ) # n3f18e8193103a2dcd5210c1b59d03d48b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017270; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3f18e8193103a2dcd5210c1b59d03d48b|02|so"; nocase; ) # tee51cac17b28bbd9f3ea2c12c77b2a8ab.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017271; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tee51cac17b28bbd9f3ea2c12c77b2a8ab|02|cn"; nocase; ) # ub3923e4610112cfc960e5816823e242b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017272; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub3923e4610112cfc960e5816823e242b7|02|tk"; nocase; ) # v2860bad20c66b01297a0039d754c01e46.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017273; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2860bad20c66b01297a0039d754c01e46|02|so"; nocase; ) # yaa3d82db27c21454c27c5ffe5dac446d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017274; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yaa3d82db27c21454c27c5ffe5dac446d2|02|to"; nocase; ) # wee1df89f8a2aabe8cd0bea5e6a1d4fdef.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017275; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wee1df89f8a2aabe8cd0bea5e6a1d4fdef|02|to"; nocase; ) # zddb9d0ec9bedbfbd1ddbcaf9128e8a899.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017276; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zddb9d0ec9bedbfbd1ddbcaf9128e8a899|02|cn"; nocase; ) # md573f83868ad224e69e98faace104687a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017277; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md573f83868ad224e69e98faace104687a|02|to"; nocase; ) # tfce4a8f452e67d10127e0d73573f1d4b5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017278; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tfce4a8f452e67d10127e0d73573f1d4b5|02|ws"; nocase; ) # geeb6b529da2da1cafd25309db11fb879f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017279; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|geeb6b529da2da1cafd25309db11fb879f|02|tk"; nocase; ) # hd02c95264a68c21cac3b6b95eab3a751d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017280; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd02c95264a68c21cac3b6b95eab3a751d|02|so"; nocase; ) # r2ef6fe199994a296d52d558a247281ec0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017281; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2ef6fe199994a296d52d558a247281ec0|02|ws"; nocase; ) # uc099b476aa4dadf364164499818da54e7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017282; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc099b476aa4dadf364164499818da54e7|02|hk"; nocase; ) # v42a579f5f52f9f95a0ec52ab7746aaede.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017283; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v42a579f5f52f9f95a0ec52ab7746aaede|02|cn"; nocase; ) # y4afa7343b148bad7c3cbc3107cd6bf58d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017284; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4afa7343b148bad7c3cbc3107cd6bf58d|02|cc"; nocase; ) # c4c2cacd7060e919e48c7895ebebb81522.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017285; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4c2cacd7060e919e48c7895ebebb81522|02|hk"; nocase; ) # j0464382f5b1c5b901de0741f8f7a8b032.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017286; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0464382f5b1c5b901de0741f8f7a8b032|02|in"; nocase; ) # oe33bc10d96c9fa4de33c26bd45b7a4f4e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017287; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe33bc10d96c9fa4de33c26bd45b7a4f4e|02|cc"; nocase; ) # s0164fb25e103d7407be1cae756d966911.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017288; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0164fb25e103d7407be1cae756d966911|02|hk"; nocase; ) # ue147460bc5a50fa0b21d69964b9bc470e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017289; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue147460bc5a50fa0b21d69964b9bc470e|02|tk"; nocase; ) # x49d13d24c1d3067511fa15a8a217e3ed8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017290; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x49d13d24c1d3067511fa15a8a217e3ed8|02|ws"; nocase; ) # z131568fd5a3f1ec65923ba8f6d1e43d04.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017291; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z131568fd5a3f1ec65923ba8f6d1e43d04|02|in"; nocase; ) # a05c323e8db80d8c40721d317d39ae4c10.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017292; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a05c323e8db80d8c40721d317d39ae4c10|02|hk"; nocase; ) # je6dbc282c4b1ced2866363fefaa5b7cfa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017293; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|je6dbc282c4b1ced2866363fefaa5b7cfa|02|cn"; nocase; ) # bb963c5915fe679032b3a285e9507a9ac3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017294; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb963c5915fe679032b3a285e9507a9ac3|02|so"; nocase; ) # e56eab4154e275f98db430662a213b7bf1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017295; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e56eab4154e275f98db430662a213b7bf1|02|to"; nocase; ) # ga38c3027408e0af6df37d5d1d6885d0ab.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017296; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga38c3027408e0af6df37d5d1d6885d0ab|02|hk"; nocase; ) # iaf483048ff3e68ea1f2303299ecee4eb8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017297; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iaf483048ff3e68ea1f2303299ecee4eb8|02|tk"; nocase; ) # j6c158bc05a741ace92d80119ce17abdc0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017298; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j6c158bc05a741ace92d80119ce17abdc0|02|so"; nocase; ) # l6ded9f8b3d736aa146c90c0d9d36b9add.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017299; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6ded9f8b3d736aa146c90c0d9d36b9add|02|ws"; nocase; ) # n5a7b8bd520e88c22dc783df093e8daa15.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017300; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5a7b8bd520e88c22dc783df093e8daa15|02|in"; nocase; ) # pc64dfefe3d8e27af37205feb1ae34b286.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017301; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc64dfefe3d8e27af37205feb1ae34b286|02|cn"; nocase; ) # u05c686da6a784316f48b433b104bcf124.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017302; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u05c686da6a784316f48b433b104bcf124|02|to"; nocase; ) # z3e941c5c7410d3b69410ff16269cc5a52.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017303; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3e941c5c7410d3b69410ff16269cc5a52|02|so"; nocase; ) # bd0face4f5556d4fc463b4caa0cc709933.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017304; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd0face4f5556d4fc463b4caa0cc709933|02|ws"; nocase; ) # c83ce57a6f031b5b08aba0d074a5613970.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017305; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c83ce57a6f031b5b08aba0d074a5613970|02|to"; nocase; ) # dd90a7f89564f77e55f748e50211103f8e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd90a7f89564f77e55f748e50211103f8e|02|in"; nocase; ) # f8827d083e4389e390de2e19120ca5d0f4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8827d083e4389e390de2e19120ca5d0f4|02|cn"; nocase; ) # p0910debc950de7daeda6e75445c9f3057.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0910debc950de7daeda6e75445c9f3057|02|so"; nocase; ) # s2d4148788e486ed9512b04fd1dd3b6450.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2d4148788e486ed9512b04fd1dd3b6450|02|to"; nocase; ) # z3f34ad10ff4d291b78aa5206f795dfcbd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3f34ad10ff4d291b78aa5206f795dfcbd|02|ws"; nocase; ) # s91e985ae626721bfacc7e3ebd578ef665.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s91e985ae626721bfacc7e3ebd578ef665|02|hk"; nocase; ) # i2736b8697ddf5906d821404b001d1a804.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2736b8697ddf5906d821404b001d1a804|02|hk"; nocase; ) # l771ee1dc8d4ac56d3b24cd86a48278f9c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l771ee1dc8d4ac56d3b24cd86a48278f9c|02|so"; nocase; ) # raf0fafc73cc06f88b03af38be1f798e2e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|raf0fafc73cc06f88b03af38be1f798e2e|02|cn"; nocase; ) # t4ecbdf25dcc73cecee2956986a9db81ce.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t4ecbdf25dcc73cecee2956986a9db81ce|02|so"; nocase; ) # v6134cddefbc6403037c72eb2ba803b23b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v6134cddefbc6403037c72eb2ba803b23b|02|ws"; nocase; ) # xca05d20bd81baafee2f1ed3b9469c2a63.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xca05d20bd81baafee2f1ed3b9469c2a63|02|in"; nocase; ) # cb468c1f7ed0dc6c48e0e6614b391763a0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb468c1f7ed0dc6c48e0e6614b391763a0|02|cc"; nocase; ) # ra7fb1434af223fdf36fdc586751d4941e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra7fb1434af223fdf36fdc586751d4941e|02|so"; nocase; ) # tf56a1d1a0dd2d3d5132ab82f128db818d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf56a1d1a0dd2d3d5132ab82f128db818d|02|ws"; nocase; ) # w962781154fa8ebc2bde45d59a07831f67.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w962781154fa8ebc2bde45d59a07831f67|02|hk"; nocase; ) # x84ce1f397058951063638c2d895e02579.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x84ce1f397058951063638c2d895e02579|02|cn"; nocase; ) # b8492114b3e0228ff0a6d8afa73293e238.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8492114b3e0228ff0a6d8afa73293e238|02|ws"; nocase; ) # d41971c3f1e2d828396c4e08af84c5cfe9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d41971c3f1e2d828396c4e08af84c5cfe9|02|in"; nocase; ) # i2822c8e391553a303f0a5bc36986dfe57.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2822c8e391553a303f0a5bc36986dfe57|02|cc"; nocase; ) # p08bf303b7265638add8755a1ad04bb3b1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p08bf303b7265638add8755a1ad04bb3b1|02|so"; nocase; ) # u18cb30b62b3cf2894aa9a92ecfe396168.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u18cb30b62b3cf2894aa9a92ecfe396168|02|hk"; nocase; ) # z34f1fd2284246fdef079e3e0640508e2c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z34f1fd2284246fdef079e3e0640508e2c|02|ws"; nocase; ) # cd4f6f6009020a2c0db26ebf0f4e940316.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd4f6f6009020a2c0db26ebf0f4e940316|02|hk"; nocase; ) # f2860d338d9d8b0d2d258fc57982f1977a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2860d338d9d8b0d2d258fc57982f1977a|02|so"; nocase; ) # gd2b211f53e434153df35f713a1c51de35.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd2b211f53e434153df35f713a1c51de35|02|cc"; nocase; ) # mb5528c8943006e5dc8983e2c18eef68ae.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb5528c8943006e5dc8983e2c18eef68ae|02|tk"; nocase; ) # p0cc20460f7683cafc7725061a1c123f8d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0cc20460f7683cafc7725061a1c123f8d|02|ws"; nocase; ) # s19ff21b3cceb3705b40a92f12b82d2ab8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s19ff21b3cceb3705b40a92f12b82d2ab8|02|hk"; nocase; ) # b2f8918df502dc44cac768a36935ea179e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b2f8918df502dc44cac768a36935ea179e|02|cn"; nocase; ) # e2574171ec550e0ddfa5a6b1403ce8c820.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e2574171ec550e0ddfa5a6b1403ce8c820|02|cc"; nocase; ) # o8ab3f1031e78800fbad6e1cc54a6a8447.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8ab3f1031e78800fbad6e1cc54a6a8447|02|to"; nocase; ) # s41eb9d2225cbf14f2b6fefe8a94b63ac4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s41eb9d2225cbf14f2b6fefe8a94b63ac4|02|tk"; nocase; ) # t434b9df206fbe808e19314f8a40da6f6e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t434b9df206fbe808e19314f8a40da6f6e|02|so"; nocase; ) # u963c7c93e38ac36cf6a87631f36de2b49.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u963c7c93e38ac36cf6a87631f36de2b49|02|cc"; nocase; ) # wdd5e87059c483aa43a2061213fba9469d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wdd5e87059c483aa43a2061213fba9469d|02|to"; nocase; ) # a174ec8ce0b99bce72602ba2863c5670b3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a174ec8ce0b99bce72602ba2863c5670b3|02|tk"; nocase; ) # g7d6e64dedecc06f7a4c51a711a48b74f6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g7d6e64dedecc06f7a4c51a711a48b74f6|02|hk"; nocase; ) # kf86ec0535172903de6f129829d89bce78.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf86ec0535172903de6f129829d89bce78|02|cc"; nocase; ) # n5a4aa7c3b1d0bd13ff12a308ebaabeb98.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5a4aa7c3b1d0bd13ff12a308ebaabeb98|02|in"; nocase; ) # o2a85e33d6bb54cbbef1eed17e7dbe392b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2a85e33d6bb54cbbef1eed17e7dbe392b|02|hk"; nocase; ) # s133fd43d12a2f4bf353f7e0e653e8cafb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s133fd43d12a2f4bf353f7e0e653e8cafb|02|cc"; nocase; ) # u560d2c9c0d441210ba8ed81c02eb5997f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u560d2c9c0d441210ba8ed81c02eb5997f|02|to"; nocase; ) # c7ffdf4092e6df4b477d9e79ca5f7c46c4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c7ffdf4092e6df4b477d9e79ca5f7c46c4|02|to"; nocase; ) # d93f0c61105a9b658065c31f7d1752ccd4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d93f0c61105a9b658065c31f7d1752ccd4|02|in"; nocase; ) # f03af4c93653184f9df18c8deaae36d7d8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f03af4c93653184f9df18c8deaae36d7d8|02|cn"; nocase; ) # n2b8cc835c7edebab01d70d0445a01c5d4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2b8cc835c7edebab01d70d0445a01c5d4|02|cn"; nocase; ) # e20c05f66364e153848c2c8714d821f830.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e20c05f66364e153848c2c8714d821f830|02|tk"; nocase; ) # fb0438af4091c84ee6d96cceb650360aa4.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb0438af4091c84ee6d96cceb650360aa4|02|so"; nocase; ) # j262953b4d91d967dbc4df2ce6c17585dd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j262953b4d91d967dbc4df2ce6c17585dd|02|in"; nocase; ) # wc071de21409f17f6360d1d1ec0aabf7bd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc071de21409f17f6360d1d1ec0aabf7bd|02|cc"; nocase; ) # c02b07e5a5b5f1f25fffdaadddeec83fdc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c02b07e5a5b5f1f25fffdaadddeec83fdc|02|tk"; nocase; ) # m43bd9f1ed288a1479e10c915981217097.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m43bd9f1ed288a1479e10c915981217097|02|cc"; nocase; ) # v26c490f099ba16c1971faa2038f90322b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v26c490f099ba16c1971faa2038f90322b|02|ws"; nocase; ) # a2dec470e914c0a2efe113d579d9cb534b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a2dec470e914c0a2efe113d579d9cb534b|02|tk"; nocase; ) # e39b50132c0a48fb2eb2780e21499c2cb1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e39b50132c0a48fb2eb2780e21499c2cb1|02|to"; nocase; ) # ib29f9c5e5a2eef0382fea12398bf62a52.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib29f9c5e5a2eef0382fea12398bf62a52|02|tk"; nocase; ) # tc99f5d7eeea067578a765b51981c477c0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc99f5d7eeea067578a765b51981c477c0|02|ws"; nocase; ) # xdd5d5120e030a48f42161c17043dae6ac.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xdd5d5120e030a48f42161c17043dae6ac|02|cn"; nocase; ) # y9ad6e65a7d3cdcf279a25438acad82977.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9ad6e65a7d3cdcf279a25438acad82977|02|tk"; nocase; ) # ib58ddffc0a35d86d8e9599b52905aaad9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib58ddffc0a35d86d8e9599b52905aaad9|02|cc"; nocase; ) # j383e1394dfe3b6e07885f1a8fac0c1bb4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j383e1394dfe3b6e07885f1a8fac0c1bb4|02|ws"; nocase; ) # k475a1f33c202dae90dfe393a5ba8b947c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k475a1f33c202dae90dfe393a5ba8b947c|02|to"; nocase; ) # l652e5c1fc85c2c42d7ed5f21acbc15ba6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l652e5c1fc85c2c42d7ed5f21acbc15ba6|02|in"; nocase; ) # nd421993cb5479ad6aa0713807981f4f5c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd421993cb5479ad6aa0713807981f4f5c|02|cn"; nocase; ) # y707f1c478f7e19937bf57627563a5cd31.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y707f1c478f7e19937bf57627563a5cd31|02|cc"; nocase; ) # be55c45ed94a3d1fbb3276bb0a4cfaf64c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be55c45ed94a3d1fbb3276bb0a4cfaf64c|02|in"; nocase; ) # f3baf2a46a672a7f5f885ded7ed146d8a7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f3baf2a46a672a7f5f885ded7ed146d8a7|02|so"; nocase; ) # kf7a05e29c25cd777e58b8af1afe12264a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf7a05e29c25cd777e58b8af1afe12264a|02|hk"; nocase; ) # nd8965bb4a834dbb24cbf94a7043611d29.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd8965bb4a834dbb24cbf94a7043611d29|02|so"; nocase; ) # pf04dae84314be5a6b28841a1af088a196.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf04dae84314be5a6b28841a1af088a196|02|ws"; nocase; ) # ueda756059812abd6425f633510d0e9e16.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ueda756059812abd6425f633510d0e9e16|02|tk"; nocase; ) # c94953899778aa272cee69df0729da4669.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c94953899778aa272cee69df0729da4669|02|tk"; nocase; ) # df4348f7a22e8cd8fadcb24278fb7264e3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df4348f7a22e8cd8fadcb24278fb7264e3|02|so"; nocase; ) # nca0ba0d38c65f2eb2a8c9492fceb6878f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nca0ba0d38c65f2eb2a8c9492fceb6878f|02|ws"; nocase; ) # o998105704bc86dbe8d53fcdd95bccba04.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o998105704bc86dbe8d53fcdd95bccba04|02|to"; nocase; ) # q2c2de7d9eabf0da8f86f20185372e20bc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2c2de7d9eabf0da8f86f20185372e20bc|02|hk"; nocase; ) # t3e63648eeec750d8359b649616c44c426.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t3e63648eeec750d8359b649616c44c426|02|so"; nocase; ) # xf5c25ca2cdbe98167a8493ee4d249d4d0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf5c25ca2cdbe98167a8493ee4d249d4d0|02|in"; nocase; ) # afc3e3615ea1ff3f5ba9aab0c4f86cec2d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|afc3e3615ea1ff3f5ba9aab0c4f86cec2d|02|tk"; nocase; ) # p1a90e8b29f50e26e9cc10166c7800038b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p1a90e8b29f50e26e9cc10166c7800038b|02|cn"; nocase; ) # q1cfac69ff1007aeb3140581a107e55f82.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1cfac69ff1007aeb3140581a107e55f82|02|tk"; nocase; ) # e86f83da94da8b7e5e216191fa4d53749e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e86f83da94da8b7e5e216191fa4d53749e|02|hk"; nocase; ) # fbed841606c397ffaa6a1eac5d842de8a3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fbed841606c397ffaa6a1eac5d842de8a3|02|cn"; nocase; ) # hb59bb046d6c8d271c73ab2aed6a936b77.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hb59bb046d6c8d271c73ab2aed6a936b77|02|so"; nocase; ) # j12210863aa50abfb3f1a5be4a828d7496.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j12210863aa50abfb3f1a5be4a828d7496|02|ws"; nocase; ) # l9064d05c3537afd5471857d9c5be294af.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9064d05c3537afd5471857d9c5be294af|02|in"; nocase; ) # oe92c0a304539ed4eaaaf0df57dc51cb54.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe92c0a304539ed4eaaaf0df57dc51cb54|02|tk"; nocase; ) # x02f9bfefcbaaf5ea8b5e87883ef8fe7ee.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x02f9bfefcbaaf5ea8b5e87883ef8fe7ee|02|so"; nocase; ) # z2e97150ef6641ed3d4e1ceea5801f1609.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z2e97150ef6641ed3d4e1ceea5801f1609|02|ws"; nocase; ) # b2c2a947990ee03c72d51f8861cf4abd6a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b2c2a947990ee03c72d51f8861cf4abd6a|02|in"; nocase; ) # k5ffba93f3001ea925a0dffe0559b1a1f6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5ffba93f3001ea925a0dffe0559b1a1f6|02|hk"; nocase; ) # n0fa5d34958fbeaf4dddb16c70cccf5e87.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n0fa5d34958fbeaf4dddb16c70cccf5e87|02|so"; nocase; ) # o451e7e44c3a516d4e27ba1fefc404cf14.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o451e7e44c3a516d4e27ba1fefc404cf14|02|cc"; nocase; ) # p72511a029439d1a6d0845144c2aacfc95.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p72511a029439d1a6d0845144c2aacfc95|02|ws"; nocase; ) # sb12c49b457edb556126b8cf13b2380666.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb12c49b457edb556126b8cf13b2380666|02|hk"; nocase; ) # y46d6ea56dc75a3e0b6881453aaf6de9df.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y46d6ea56dc75a3e0b6881453aaf6de9df|02|to"; nocase; ) # ib91b96bc53547c47952b1c370a68f8885.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib91b96bc53547c47952b1c370a68f8885|02|hk"; nocase; ) # r9bbbdc3c48feddb81a764b50440f40a30.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9bbbdc3c48feddb81a764b50440f40a30|02|cn"; nocase; ) # a7f0cd4f55af4ea1aa2da7635b86611f9c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a7f0cd4f55af4ea1aa2da7635b86611f9c|02|tk"; nocase; ) # f4243d9315304f58f5ac2b71b7df8b847b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f4243d9315304f58f5ac2b71b7df8b847b|02|in"; nocase; ) # mc00c68401cb33714cd7fb7425171d528f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc00c68401cb33714cd7fb7425171d528f|02|to"; nocase; ) # o9f76470f03f3a851d4ab749927bb4cc5f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9f76470f03f3a851d4ab749927bb4cc5f|02|hk"; nocase; ) # r654f5510c90a960574782fd2094a2dd7d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r654f5510c90a960574782fd2094a2dd7d|02|so"; nocase; ) # s7b86d56b2efca846bc0cd778be464ad55.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s7b86d56b2efca846bc0cd778be464ad55|02|cc"; nocase; ) # u009f7ccca9493185e38ffb4c37d5efef9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u009f7ccca9493185e38ffb4c37d5efef9|02|to"; nocase; ) # y7cf870052b113d4afef801a40654ada3b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y7cf870052b113d4afef801a40654ada3b|02|tk"; nocase; ) # b0d8bef315bcc94b8d092cc21da1f22947.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0d8bef315bcc94b8d092cc21da1f22947|02|ws"; nocase; ) # d7762b2394a0d826632f93439c1e0d179d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d7762b2394a0d826632f93439c1e0d179d|02|in"; nocase; ) # k8ab24b26dcc4796cd4ffca9bb83586bca.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k8ab24b26dcc4796cd4ffca9bb83586bca|02|to"; nocase; ) # o48e08c61d0eea279878d7647df06d952f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o48e08c61d0eea279878d7647df06d952f|02|tk"; nocase; ) # r3534c083b153806bb1fff3df4b3f1e525.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3534c083b153806bb1fff3df4b3f1e525|02|ws"; nocase; ) # te5bc42dd67ef0e56a327178617c1a1b57.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te5bc42dd67ef0e56a327178617c1a1b57|02|in"; nocase; ) # e545bd06a4b2c1d3146686e67b9688bc2b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e545bd06a4b2c1d3146686e67b9688bc2b|02|tk"; nocase; ) # g02d0994a982c3292c42f42e229a34116c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g02d0994a982c3292c42f42e229a34116c|02|cc"; nocase; ) # jf14fb1483fd83d63768b704d9257ebd2f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jf14fb1483fd83d63768b704d9257ebd2f|02|in"; nocase; ) # kd47d2da0c9412b79891163608857e87fc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd47d2da0c9412b79891163608857e87fc|02|hk"; nocase; ) # lae3ea4bdff4706b28484b16231fea7eaf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lae3ea4bdff4706b28484b16231fea7eaf|02|cn"; nocase; ) # r0f616326ec300786426bf76ba37388824.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r0f616326ec300786426bf76ba37388824|02|in"; nocase; ) # o477d5048b2803653eef8281c003f3b2c2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o477d5048b2803653eef8281c003f3b2c2|02|to"; nocase; ) # q05435b3362c82749b9baa89f557c78d7e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q05435b3362c82749b9baa89f557c78d7e|02|hk"; nocase; ) # x27156bf5e2c48662296dd4dd93cf94222.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x27156bf5e2c48662296dd4dd93cf94222|02|in"; nocase; ) # a40c5c83315955689a21b9fbaaa1d1dca9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a40c5c83315955689a21b9fbaaa1d1dca9|02|tk"; nocase; ) # fef15ee7defe7dca0485c38dfa9af112ff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fef15ee7defe7dca0485c38dfa9af112ff|02|in"; nocase; ) # i33ce21d7542e8c37c0428f3b5f682c9f7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i33ce21d7542e8c37c0428f3b5f682c9f7|02|tk"; nocase; ) # pa20ceb85c8acf104c4fc331f93a5fe2b9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pa20ceb85c8acf104c4fc331f93a5fe2b9|02|cn"; nocase; ) # a1b40a9eb15f2cb9a2977344eaa3eca4bc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1b40a9eb15f2cb9a2977344eaa3eca4bc|02|cc"; nocase; ) # ec978b2f2a891406bfccc4e99a23fe74f8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec978b2f2a891406bfccc4e99a23fe74f8|02|hk"; nocase; ) # o872edac2a89b56911263b4aeec0bfaaab.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o872edac2a89b56911263b4aeec0bfaaab|02|tk"; nocase; ) # q4215e960f4f2c7d35ace6eba9feb41271.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4215e960f4f2c7d35ace6eba9feb41271|02|cc"; nocase; ) # uab98cb9ab3673510a2c81f420c42a57b4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uab98cb9ab3673510a2c81f420c42a57b4|02|hk"; nocase; ) # w133f92f297f97c424856839e4e2a84b99.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w133f92f297f97c424856839e4e2a84b99|02|tk"; nocase; ) # fba9e4eea21f7ac8a69b9a0c0be335c4f7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fba9e4eea21f7ac8a69b9a0c0be335c4f7|02|so"; nocase; ) # q703c015e3c4784c4010cde37912d1a9b2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q703c015e3c4784c4010cde37912d1a9b2|02|to"; nocase; ) # t4815dd918f1d332108dda28b8047903ff.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t4815dd918f1d332108dda28b8047903ff|02|cn"; nocase; ) # va8a19f01c1130c01a78ba3d3044b9ad8d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va8a19f01c1130c01a78ba3d3044b9ad8d|02|so"; nocase; ) # cd1eb2a301bbf534e60603f1015c98e4ea.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd1eb2a301bbf534e60603f1015c98e4ea|02|tk"; nocase; ) # g9ecd1316ddee1f24a2a2757671b58a5b7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g9ecd1316ddee1f24a2a2757671b58a5b7|02|to"; nocase; ) # hda74b6e07180066a1f279733d30323eda.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hda74b6e07180066a1f279733d30323eda|02|in"; nocase; ) # i445a449d0fe184d8aaa819c2d28dbd006.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i445a449d0fe184d8aaa819c2d28dbd006|02|hk"; nocase; ) # kf0b316cb6ac1991c492e17851d8a29bf3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf0b316cb6ac1991c492e17851d8a29bf3|02|tk"; nocase; ) # z4d5009500d25f2bd97ca5aa6ef7b968fc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z4d5009500d25f2bd97ca5aa6ef7b968fc|02|cn"; nocase; ) # cd8b1f0ab7e49412f9879913aea476d7b9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd8b1f0ab7e49412f9879913aea476d7b9|02|cc"; nocase; ) # l10d5427cd90bec7663cd4003853e65dbf.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l10d5427cd90bec7663cd4003853e65dbf|02|in"; nocase; ) # na05bf0796b2349aec92fb74fa5b9f4f5c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|na05bf0796b2349aec92fb74fa5b9f4f5c|02|cn"; nocase; ) # qb6d10497b9eea975d56e51599fec6a4f0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb6d10497b9eea975d56e51599fec6a4f0|02|cc"; nocase; ) # a86bc93d337266b6568157c4aaf409b896.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a86bc93d337266b6568157c4aaf409b896|02|to"; nocase; ) # b5c47625d5bdbe44d00fa1ff1464543ead.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5c47625d5bdbe44d00fa1ff1464543ead|02|in"; nocase; ) # f30497c39d8104ba417eb1c552efb3b3e2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f30497c39d8104ba417eb1c552efb3b3e2|02|so"; nocase; ) # n48e7ee96a85026cbab92112da5e757d18.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n48e7ee96a85026cbab92112da5e757d18|02|so"; nocase; ) # t00390f2e9c523f191a45fdf3a6571cf6b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t00390f2e9c523f191a45fdf3a6571cf6b|02|cn"; nocase; ) # ee8fbac60a7cd1058209cbc4c9352ba420.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ee8fbac60a7cd1058209cbc4c9352ba420|02|cc"; nocase; ) # h4552c2ef7afd50d0d4860423674c47b66.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h4552c2ef7afd50d0d4860423674c47b66|02|so"; nocase; ) # rc0d7564737ad995d440c0a9fadb465bd1.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc0d7564737ad995d440c0a9fadb465bd1|02|ws"; nocase; ) # f79ec177403dac02b42f9cdf8cb1b9d327.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f79ec177403dac02b42f9cdf8cb1b9d327|02|so"; nocase; ) # g5c2110ee867f48cf64875ca9e65ef0fab.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g5c2110ee867f48cf64875ca9e65ef0fab|02|cc"; nocase; ) # j4dcb026d2e19c02cd02b1b6410da01242.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4dcb026d2e19c02cd02b1b6410da01242|02|in"; nocase; ) # pe74ff9bdc2a4cc3ed073b7a45c08b1b09.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe74ff9bdc2a4cc3ed073b7a45c08b1b09|02|ws"; nocase; ) # ada95133000c60965ae4524f4f32e42eb8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ada95133000c60965ae4524f4f32e42eb8|02|hk"; nocase; ) # bade73a01c574912a9cf1de72d5c4f0493.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bade73a01c574912a9cf1de72d5c4f0493|02|cn"; nocase; ) # o5fe5792cf72586607ec4afb16bfc62f89.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5fe5792cf72586607ec4afb16bfc62f89|02|to"; nocase; ) # r180fab2c81a7d36883fdd9beebe80151b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r180fab2c81a7d36883fdd9beebe80151b|02|cn"; nocase; ) # tffaf8e6ea84cfa4615f0fa4f3ffce9d3b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tffaf8e6ea84cfa4615f0fa4f3ffce9d3b|02|so"; nocase; ) # ybd8f652684fd0248c24fa50fd2adf37b8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybd8f652684fd0248c24fa50fd2adf37b8|02|hk"; nocase; ) # z81515b4f873ae7ff0a281f5c44fa87baf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z81515b4f873ae7ff0a281f5c44fa87baf|02|cn"; nocase; ) # b77fcf06660c15683525c57ac8fdc442ae.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b77fcf06660c15683525c57ac8fdc442ae|02|so"; nocase; ) # c68c312be4710ba76b543eedff9366f42b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c68c312be4710ba76b543eedff9366f42b|02|cc"; nocase; ) # gdc0a43373c58df2e3b09add32c36a4e8f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gdc0a43373c58df2e3b09add32c36a4e8f|02|hk"; nocase; ) # jc1627676346d343916fa55ac702cab367.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc1627676346d343916fa55ac702cab367|02|so"; nocase; ) # n2752cc458af38e2e336017cc220560b9f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2752cc458af38e2e336017cc220560b9f|02|in"; nocase; ) # b1738d0b1f78ce37b105f2eca43161da85.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1738d0b1f78ce37b105f2eca43161da85|02|ws"; nocase; ) # d49b98ebd14c35d7509d971e3c03be123e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d49b98ebd14c35d7509d971e3c03be123e|02|in"; nocase; ) # f088fb93d66e78a75675c70446b37104ff.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f088fb93d66e78a75675c70446b37104ff|02|cn"; nocase; ) # g60b31a1e88de7ee861b806465faae0bff.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g60b31a1e88de7ee861b806465faae0bff|02|tk"; nocase; ) # k051bb2f412912cff209fb1a3da63ceb0f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k051bb2f412912cff209fb1a3da63ceb0f|02|to"; nocase; ) # m6ebbe0b6ea9f397e3e9300948fc987400.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m6ebbe0b6ea9f397e3e9300948fc987400|02|hk"; nocase; ) # reb81d4fc279fd4ddbaf06501d9eb616ce.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|reb81d4fc279fd4ddbaf06501d9eb616ce|02|ws"; nocase; ) # tfcb22a6a505052c64f4dd68ccba1c71df.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tfcb22a6a505052c64f4dd68ccba1c71df|02|in"; nocase; ) # x9ce32b25c925d135116cc3c5af7ed265e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9ce32b25c925d135116cc3c5af7ed265e|02|so"; nocase; ) # z31a88125211e11eab673e71f4a959c74c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z31a88125211e11eab673e71f4a959c74c|02|ws"; nocase; ) # o0bedaa09965bc0cd138e93295801ef47a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0bedaa09965bc0cd138e93295801ef47a|02|cc"; nocase; ) # uf32a645af92bdbc026392a0b39750cb2d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf32a645af92bdbc026392a0b39750cb2d|02|tk"; nocase; ) # eace3c687b9bd7798fa2c9f45790b465c9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eace3c687b9bd7798fa2c9f45790b465c9|02|cc"; nocase; ) # g81dccf3dc1b977e51f3b057367dfd6d82.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g81dccf3dc1b977e51f3b057367dfd6d82|02|to"; nocase; ) # hfec0fe3d607f8d9594ea5a24d5897add6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hfec0fe3d607f8d9594ea5a24d5897add6|02|in"; nocase; ) # rdb6ef16808daef0235d9357848f421d28.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rdb6ef16808daef0235d9357848f421d28|02|cn"; nocase; ) # v71393ddb1c975967ab45fcc0f0e4f9220.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v71393ddb1c975967ab45fcc0f0e4f9220|02|ws"; nocase; ) # x4369fe28feb56aa28ba40ee1f9ddfcfcd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4369fe28feb56aa28ba40ee1f9ddfcfcd|02|in"; nocase; ) # f9c2a7286abeed8cdcd255366f1b4070f3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9c2a7286abeed8cdcd255366f1b4070f3|02|in"; nocase; ) # i210495d0dbbbb8f727c113be0f7e2abd2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i210495d0dbbbb8f727c113be0f7e2abd2|02|tk"; nocase; ) # m0456fc7eb57b7d0b7eac6403ebc374bdc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0456fc7eb57b7d0b7eac6403ebc374bdc|02|to"; nocase; ) # q6baba402227323a3a60c415b75abac273.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q6baba402227323a3a60c415b75abac273|02|tk"; nocase; ) # u982e008ad245143215367cd9fa18992c1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u982e008ad245143215367cd9fa18992c1|02|to"; nocase; ) # v808348f2e507d7485b0a8dd41492a1142.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v808348f2e507d7485b0a8dd41492a1142|02|in"; nocase; ) # a4e6368d45589b63119d5d61068f6f8b12.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4e6368d45589b63119d5d61068f6f8b12|02|cc"; nocase; ) # bbdb9a46d09a35c40ab61d5e88eab38238.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bbdb9a46d09a35c40ab61d5e88eab38238|02|ws"; nocase; ) # h8d87fc2c0eecf1a5160ac62237bb4e65d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h8d87fc2c0eecf1a5160ac62237bb4e65d|02|so"; nocase; ) # j5b388fd86fa6ebb1236541a90bbca6f43.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5b388fd86fa6ebb1236541a90bbca6f43|02|ws"; nocase; ) # n604dec3876ded084b03ba27885591dc40.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n604dec3876ded084b03ba27885591dc40|02|cn"; nocase; ) # r6a7ac78b659bd5ffb75f2bf189acd3a59.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r6a7ac78b659bd5ffb75f2bf189acd3a59|02|ws"; nocase; ) # md946fb9f6a5bda46014727eb4a0cfd256.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md946fb9f6a5bda46014727eb4a0cfd256|02|tk"; nocase; ) # o314856aca531f402a919ecf20ac3d8bd1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o314856aca531f402a919ecf20ac3d8bd1|02|cc"; nocase; ) # q4c3fb1156d0897d2be6354aaae14fe617.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4c3fb1156d0897d2be6354aaae14fe617|02|to"; nocase; ) # r86a80553d53c7838076adeb70ce44694a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r86a80553d53c7838076adeb70ce44694a|02|in"; nocase; ) # z29fd9fc6fa89fcb8bcb29bd48d828a2ca.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z29fd9fc6fa89fcb8bcb29bd48d828a2ca|02|in"; nocase; ) # c56c3358f6d877cb613c3ab85c74c918e2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c56c3358f6d877cb613c3ab85c74c918e2|02|tk"; nocase; ) # ef7eca9ccf2dbe201074b8f3872348b2b1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef7eca9ccf2dbe201074b8f3872348b2b1|02|cc"; nocase; ) # f0c8f8b15f3d0f36fc095d99ff4206315d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0c8f8b15f3d0f36fc095d99ff4206315d|02|ws"; nocase; ) # m8da0f480188b418bc43973fd233d7db68.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8da0f480188b418bc43973fd233d7db68|02|cc"; nocase; ) # qec48928f9c406120ca1605b8eb27ccd2f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qec48928f9c406120ca1605b8eb27ccd2f|02|hk"; nocase; ) # ye4813431281c921fb158f22aa062b4b3d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ye4813431281c921fb158f22aa062b4b3d|02|hk"; nocase; ) # cde2c4ff92903b3b15a7b83248e3883883.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cde2c4ff92903b3b15a7b83248e3883883|02|cc"; nocase; ) # g2e796a96311ce934696206ed16c5b1959.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g2e796a96311ce934696206ed16c5b1959|02|hk"; nocase; ) # h819a90f3540ae22ad6f3015a37b142a8b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h819a90f3540ae22ad6f3015a37b142a8b|02|cn"; nocase; ) # i909ed3112d30c1e681d3c0592b2b5169d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i909ed3112d30c1e681d3c0592b2b5169d|02|tk"; nocase; ) # r657d5faaa9635eb5551ef470f262a981e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r657d5faaa9635eb5551ef470f262a981e|02|so"; nocase; ) # z05e0f7b63044d45451ff08a2c5079d08b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z05e0f7b63044d45451ff08a2c5079d08b|02|so"; nocase; ) # ge87a26ff1c155988bd3e4dca47b5e1a5d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge87a26ff1c155988bd3e4dca47b5e1a5d|02|tk"; nocase; ) # j912dd31ee7e5fafd5066b9cdf8043e6bc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j912dd31ee7e5fafd5066b9cdf8043e6bc|02|ws"; nocase; ) # l1cf5659cec9d5affd996a0b4c510711f1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1cf5659cec9d5affd996a0b4c510711f1|02|in"; nocase; ) # t12bc04c87c7309d4c04b5af8c33017a03.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t12bc04c87c7309d4c04b5af8c33017a03|02|in"; nocase; ) # 3tkdu4sdc6ipglshsb54gxw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017527; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|3tkdu4sdc6ipglshsb54gxw|04|ddns|03|net"; nocase; ) # 7n7l56m8ufq0ahgj10m.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017528; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|7n7l56m8ufq0ahgj10m|04|ddns|03|net"; nocase; ) # if54mx56yli0mfq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017529; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|if54mx56yli0mfq|04|ddns|03|net"; nocase; ) # g2sfyfu0eb7ho8k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017530; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|g2sfyfu0eb7ho8k|04|ddns|03|net"; nocase; ) # irejshmnexuj56y2wpcn5nq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017531; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|irejshmnexuj56y2wpcn5nq|04|ddns|03|net"; nocase; ) # qbgro656kfcra23.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017532; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|qbgro656kfcra23|04|ddns|03|net"; nocase; ) # 1bsn1lglcjc214yjkls.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017533; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|1bsn1lglcjc214yjkls|04|ddns|03|net"; nocase; ) # waeqseupqo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017534; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|waeqseupqo|04|ddns|03|net"; nocase; ) # cujxrsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017535; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cujxrsh|03|net"; nocase; ) # uprlbkdycg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017536; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uprlbkdycg|03|com"; nocase; ) # pbcrzqphdur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017537; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pbcrzqphdur|03|net"; nocase; ) # tshgbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017538; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tshgbr|03|com"; nocase; ) # hzcrjehimyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017539; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hzcrjehimyw|04|info"; nocase; ) # ktejnddi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017540; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ktejnddi|03|com"; nocase; ) # genpvdzyzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017541; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|genpvdzyzb|04|info"; nocase; ) # uofncpivz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017542; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uofncpivz|04|info"; nocase; ) # rmuodru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017543; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rmuodru|03|net"; nocase; ) # jcguallld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017544; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jcguallld|03|org"; nocase; ) # cceest.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017545; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cceest|03|net"; nocase; ) # mvzsli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017546; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mvzsli|03|org"; nocase; ) # jbcggrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017547; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jbcggrf|03|net"; nocase; ) # awkrsopiycq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017548; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|awkrsopiycq|03|com"; nocase; ) # dxmjcdlz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017549; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dxmjcdlz|03|org"; nocase; ) # lvtntqdwsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017550; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lvtntqdwsj|03|net"; nocase; ) # tpayiwgeytf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017551; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tpayiwgeytf|03|net"; nocase; ) # zjqfxagv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017552; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zjqfxagv|03|com"; nocase; ) # txqtbtek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017553; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|txqtbtek|03|com"; nocase; ) # vcgekhniozr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017554; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vcgekhniozr|04|info"; nocase; ) # wjzpbqdhcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017555; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wjzpbqdhcu|03|com"; nocase; ) # gqdwhuhx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017556; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gqdwhuhx|03|com"; nocase; ) # ambcayq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017557; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ambcayq|04|info"; nocase; ) # iptyyjypmko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017558; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|iptyyjypmko|03|org"; nocase; ) # ildtfyclkq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017559; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ildtfyclkq|03|org"; nocase; ) # siexrlfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017560; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|siexrlfq|03|com"; nocase; ) # rrggxnoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017561; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rrggxnoq|03|biz"; nocase; ) # jeyzjsoot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017562; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jeyzjsoot|03|biz"; nocase; ) # uxcvtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017563; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uxcvtl|03|net"; nocase; ) # pgqzupvd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017564; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pgqzupvd|04|info"; nocase; ) # mgbdkidjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017565; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mgbdkidjn|03|org"; nocase; ) # ovfkdpneq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017566; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ovfkdpneq|03|com"; nocase; ) # gqqyilt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017567; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gqqyilt|03|org"; nocase; ) # wydknncsvf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017568; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wydknncsvf|04|info"; nocase; ) # ddtaagips.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017569; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ddtaagips|03|biz"; nocase; ) # hvfqxnupxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017570; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hvfqxnupxg|04|info"; nocase; ) # spvnbmftdh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017571; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|spvnbmftdh|03|com"; nocase; ) # bfxgsnzxzzy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017572; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bfxgsnzxzzy|04|info"; nocase; ) # zxbcxur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017573; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zxbcxur|03|net"; nocase; ) # qzfmtmjvovd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017574; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qzfmtmjvovd|04|info"; nocase; ) # lccmtucmgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017575; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lccmtucmgc|03|com"; nocase; ) # tmazesebfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017576; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tmazesebfa|03|com"; nocase; ) # ulutdfiqgzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017577; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ulutdfiqgzb|04|info"; nocase; ) # evhmglk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017578; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|evhmglk|03|org"; nocase; ) # kxaipqaciy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017579; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kxaipqaciy|03|com"; nocase; ) # bwlhlpioev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017580; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bwlhlpioev|03|com"; nocase; ) # ijsqsdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017581; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ijsqsdw|03|com"; nocase; ) # bjwaywdsxm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017582; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bjwaywdsxm|04|info"; nocase; ) # ipgoiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017583; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ipgoiq|03|com"; nocase; ) # riuckib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017584; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|riuckib|03|com"; nocase; ) # ooiphii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017585; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ooiphii|03|com"; nocase; ) # lwlyfetcaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017586; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lwlyfetcaz|03|com"; nocase; ) # jyudswbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017587; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jyudswbj|03|com"; nocase; ) # vjjyybiprob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017588; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vjjyybiprob|03|biz"; nocase; ) # mfpwcqzgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017589; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mfpwcqzgn|03|com"; nocase; ) # zffilcklo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017590; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zffilcklo|03|org"; nocase; ) # ykpdquyfyda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017591; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ykpdquyfyda|03|com"; nocase; ) # oadjyjhdl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017592; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|oadjyjhdl|03|com"; nocase; ) # uxnuizsksu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017593; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uxnuizsksu|03|net"; nocase; ) # hazvekm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hazvekm|03|org"; nocase; ) # ezcqjny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ezcqjny|03|biz"; nocase; ) # ouhdngetsbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ouhdngetsbw|03|com"; nocase; ) # snmnnbtxz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|snmnnbtxz|04|info"; nocase; ) # kvydmtwgxuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kvydmtwgxuc|03|net"; nocase; ) # ofzvtnljh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ofzvtnljh|03|org"; nocase; ) # qmuqjnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qmuqjnv|03|biz"; nocase; ) # atnrdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|atnrdi|03|com"; nocase; ) # lohzyubp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lohzyubp|03|com"; nocase; ) # bgyxdiztams.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bgyxdiztams|03|org"; nocase; ) # ecfflzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ecfflzj|04|info"; nocase; ) # thxwzzpgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|thxwzzpgt|03|com"; nocase; ) # painetu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|painetu|03|net"; nocase; ) # hfcehugn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hfcehugn|03|com"; nocase; ) # cglqapoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cglqapoz|03|biz"; nocase; ) # enwxiqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|enwxiqa|03|biz"; nocase; ) # cglmvhnymjr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cglmvhnymjr|03|org"; nocase; ) # ngijzerpfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ngijzerpfx|03|com"; nocase; ) # fhdyszfzih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fhdyszfzih|03|com"; nocase; ) # ooznhk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ooznhk|03|com"; nocase; ) # fvixciwogm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fvixciwogm|03|com"; nocase; ) # gtcolwupl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gtcolwupl|03|biz"; nocase; ) # kbtdmwlvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kbtdmwlvs|04|info"; nocase; ) # ibgvtjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ibgvtjt|03|org"; nocase; ) # abyfwa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|abyfwa|04|info"; nocase; ) # doitbpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|doitbpk|03|biz"; nocase; ) # wujohfencx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wujohfencx|03|com"; nocase; ) # jqoxzqevd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jqoxzqevd|04|info"; nocase; ) # uafbjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uafbjm|03|org"; nocase; ) # cvjphjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cvjphjl|03|org"; nocase; ) # otausjogdaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|otausjogdaw|03|com"; nocase; ) # lplgfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lplgfn|03|com"; nocase; ) # zsjzxmjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zsjzxmjd|03|org"; nocase; ) # qnczaaeodl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qnczaaeodl|03|com"; nocase; ) # edmhbosy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|edmhbosy|03|net"; nocase; ) # hgspnj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hgspnj|03|biz"; nocase; ) # iascqnvnpf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iascqnvnpf|03|biz"; nocase; ) # apvjthkxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|apvjthkxa|04|info"; nocase; ) # otllqausgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|otllqausgb|03|com"; nocase; ) # nducfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nducfe|03|com"; nocase; ) # scyxiihx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|scyxiihx|03|com"; nocase; ) # tgmcjdkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tgmcjdkr|03|org"; nocase; ) # larnijqdnwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|larnijqdnwp|04|info"; nocase; ) # twadxfinz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|twadxfinz|03|biz"; nocase; ) # rnrzfinjlr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rnrzfinjlr|03|org"; nocase; ) # gdexsuhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gdexsuhm|03|com"; nocase; ) # mavmibvdxgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mavmibvdxgx|03|com"; nocase; ) # grqiwnjkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|grqiwnjkb|03|org"; nocase; ) # bcznhhwjutj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bcznhhwjutj|03|net"; nocase; ) # veisfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|veisfg|03|com"; nocase; ) # bpveswoqvyx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bpveswoqvyx|04|info"; nocase; ) # dcwscruhpd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dcwscruhpd|03|biz"; nocase; ) # fflkivdaeiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fflkivdaeiv|03|com"; nocase; ) # ytmncvsrazs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ytmncvsrazs|04|info"; nocase; ) # oosxldi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oosxldi|03|com"; nocase; ) # wzjbavuyrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wzjbavuyrl|03|net"; nocase; ) # aynpzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aynpzj|04|info"; nocase; ) # bhxerbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bhxerbs|03|com"; nocase; ) # cwhmduig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cwhmduig|03|com"; nocase; ) # kllzkwpjhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kllzkwpjhc|03|com"; nocase; ) # ayaylgcdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ayaylgcdb|03|com"; nocase; ) # tmqplna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tmqplna|03|biz"; nocase; ) # mfynbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mfynbr|03|com"; nocase; ) # ihfkbwqvjkc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ihfkbwqvjkc|03|org"; nocase; ) # djmaxnpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|djmaxnpj|03|biz"; nocase; ) # fvoevxe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fvoevxe|04|info"; nocase; ) # fuzvqsy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fuzvqsy|03|net"; nocase; ) # faigsvhjnic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|faigsvhjnic|03|com"; nocase; ) # fjiilvlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fjiilvlx|03|org"; nocase; ) # vykzxvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vykzxvu|04|info"; nocase; ) # prxrfwsvbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|prxrfwsvbi|03|com"; nocase; ) # berquqxzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|berquqxzb|04|info"; nocase; ) # mfqwiqihamt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mfqwiqihamt|03|org"; nocase; ) # vcukdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vcukdi|03|com"; nocase; ) # swffcwslw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|swffcwslw|03|org"; nocase; ) # fwmuitylth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fwmuitylth|03|net"; nocase; ) # jzpmauijvii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jzpmauijvii|03|com"; nocase; ) # yzqfvhxmdej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yzqfvhxmdej|03|com"; nocase; ) # zpoixcmbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zpoixcmbw|03|com"; nocase; ) # qsdkekgkiqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qsdkekgkiqc|03|biz"; nocase; ) # guzysvby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|guzysvby|03|com"; nocase; ) # cvnnhwrgmds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cvnnhwrgmds|03|com"; nocase; ) # jwwmsdvjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jwwmsdvjm|03|org"; nocase; ) # vzvtjmuvrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vzvtjmuvrf|03|net"; nocase; ) # gfzqke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gfzqke|03|org"; nocase; ) # pwnpytly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pwnpytly|03|org"; nocase; ) # ipwgwyqie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ipwgwyqie|03|com"; nocase; ) # efylmqctt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|efylmqctt|03|net"; nocase; ) # ckmcoazzul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ckmcoazzul|03|net"; nocase; ) # iadtlnhwsee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|iadtlnhwsee|03|com"; nocase; ) # nuxdzmdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nuxdzmdi|03|com"; nocase; ) # dkjpmsk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dkjpmsk|03|net"; nocase; ) # putwzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|putwzx|04|info"; nocase; ) # kekwyokftjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kekwyokftjl|03|org"; nocase; ) # odmggs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|odmggs|03|com"; nocase; ) # bxucgiwvyj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bxucgiwvyj|04|info"; nocase; ) # kndtop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kndtop|03|biz"; nocase; ) # vficsjprwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vficsjprwo|04|info"; nocase; ) # hyvakpfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hyvakpfl|03|com"; nocase; ) # ezwqtfxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ezwqtfxw|04|info"; nocase; ) # gjhwuwv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gjhwuwv|04|info"; nocase; ) # wceyvji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wceyvji|03|org"; nocase; ) # lvaqfopvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lvaqfopvx|04|info"; nocase; ) # mincxily.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mincxily|03|org"; nocase; ) # zyahbvsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zyahbvsi|03|net"; nocase; ) # ngftjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ngftjb|03|org"; nocase; ) # jkxfcktoey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jkxfcktoey|03|com"; nocase; ) # wuesitk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wuesitk|03|net"; nocase; ) # lovshjhmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lovshjhmi|03|org"; nocase; ) # tndcvwpnfwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tndcvwpnfwm|04|info"; nocase; ) # abwppfcfgfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|abwppfcfgfw|03|com"; nocase; ) # oqxsemek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|oqxsemek|03|com"; nocase; ) # qpchywdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qpchywdf|03|com"; nocase; ) # cqauhhbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cqauhhbi|03|com"; nocase; ) # alywzla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|alywzla|03|org"; nocase; ) # lyicquszfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lyicquszfu|03|com"; nocase; ) # savrcgxz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|savrcgxz|04|info"; nocase; ) # ghkwtqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ghkwtqd|03|biz"; nocase; ) # zqrgfieg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zqrgfieg|03|com"; nocase; ) # qvjlzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qvjlzf|04|info"; nocase; ) # otvsalgsefb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|otvsalgsefb|03|com"; nocase; ) # jgkzhbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jgkzhbs|03|com"; nocase; ) # dkebkld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dkebkld|03|org"; nocase; ) # mdtyrglvikr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mdtyrglvikr|03|org"; nocase; ) # vqwnzfyxwnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vqwnzfyxwnx|03|biz"; nocase; ) # ewujinyteh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ewujinyteh|03|com"; nocase; ) # qyecoruqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qyecoruqu|03|biz"; nocase; ) # dvmili.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dvmili|03|org"; nocase; ) # hcrbwlrrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hcrbwlrrh|03|net"; nocase; ) # xgoifhgrro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xgoifhgrro|03|net"; nocase; ) # ahctpphvl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ahctpphvl|04|info"; nocase; ) # tltnihagzjj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tltnihagzjj|03|org"; nocase; ) # nfyzfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nfyzfb|03|com"; nocase; ) # zhketg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zhketg|03|net"; nocase; ) # bgfsqkuxcio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bgfsqkuxcio|03|com"; nocase; ) # wmzyilnln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wmzyilnln|03|org"; nocase; ) # uvnpvy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uvnpvy|04|info"; nocase; ) # oxfyvkhec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|oxfyvkhec|03|com"; nocase; ) # cejmfoppas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cejmfoppas|03|com"; nocase; ) # drzusg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|drzusg|03|net"; nocase; ) # xtgxiufze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xtgxiufze|04|info"; nocase; ) # mqiatmg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mqiatmg|03|org"; nocase; ) # kgewnqtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kgewnqtg|03|net"; nocase; ) # kvunhly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kvunhly|03|org"; nocase; ) # mcneofbfecedcbmf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017738; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mcneofbfecedcbmf|02|eu"; nocase; ) # bmdldacbloacaffo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017739; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmdldacbloacaffo|03|com"; nocase; ) # blbffbafcdcffbek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017740; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|blbffbafcdcffbek|03|com"; nocase; ) # fcfdoblloebcdfof.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017741; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcfdoblloebcdfof|02|co|02|uk"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # dbcokbdkmckflmdn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017742; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbcokbdkmckflmdn|03|com"; nocase; ) # anakabekefbbfffb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017743; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|anakabekefbbfffb|03|com"; nocase; ) # ofmdcfafcckcelll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017744; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ofmdcfafcckcelll|03|org"; nocase; ) # bfccdoacebambofd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017745; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bfccdoacebambofd|03|com"; nocase; ) # cmafcbabdbbnmkmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017746; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cmafcbabdbbnmkmc|03|com"; nocase; ) # bomldandfdfccbbc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017747; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bomldandfdfccbbc|02|eu"; nocase; ) # febnaaonnfolalde.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017748; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|febnaaonnfolalde|02|cc"; nocase; ) # oakbnckldfdfbabb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017749; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|oakbnckldfdfbabb|03|com"; nocase; ) # nlnafbmdffbfmfcf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017750; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nlnafbmdffbfmfcf|03|org"; nocase; ) # bbbcmkcbodfladek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017751; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bbbcmkcbodfladek|02|eu"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # clnbndffaobfccmd.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017752; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|clnbndffaobfccmd|02|de"; nocase; ) # bebcleaofmkdnfdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017753; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bebcleaofmkdnfdo|03|com"; nocase; ) # meacdfofdfeoanbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017754; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|meacdfofdfeoanbc|03|com"; nocase; ) # dcaokcmfcbobfbbf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017755; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dcaokcmfcbobfbbf|02|cc"; nocase; ) # ajnzgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017756; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ajnzgp|03|com"; nocase; ) # hbcyhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017757; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hbcyhn|03|com"; nocase; ) # lyeotr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017758; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|lyeotr|03|com"; nocase; ) # olnwou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017759; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|olnwou|03|com"; nocase; ) # iyktqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017760; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iyktqp|03|com"; nocase; ) # nelour.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017761; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nelour|03|com"; nocase; ) # aonogd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017762; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aonogd|03|com"; nocase; ) # mhnhhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017763; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mhnhhc|03|com"; nocase; ) # ojrtxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017764; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ojrtxm|03|com"; nocase; ) # xaucvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017765; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xaucvi|03|com"; nocase; ) # qkuogm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017766; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qkuogm|03|com"; nocase; ) # rzufzh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017767; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rzufzh|03|com"; nocase; ) # ojevae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017768; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ojevae|03|com"; nocase; ) # aouyui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017769; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aouyui|03|com"; nocase; ) # zejece.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017770; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zejece|03|com"; nocase; ) # olwsly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017771; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|olwsly|03|com"; nocase; ) # 23b82u7ownwp10nfwoiqixq0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|23b82u7ownwp10nfwoiqixq0r|03|com"; nocase; ) # 14cye54sl0nwa1pk9wkbrplw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14cye54sl0nwa1pk9wkbrplw3|03|net"; nocase; ) # tdpj1i1d9pt7i19iwyae1221xad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tdpj1i1d9pt7i19iwyae1221xad|03|biz"; nocase; ) # 1qb7be24iy7sjqtuvayw6jg7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qb7be24iy7sjqtuvayw6jg7|03|com"; nocase; ) # 1jfx5vf7utii539irn21pswm1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jfx5vf7utii539irn21pswm1s|03|net"; nocase; ) # 8kxlj7xbcxvlgd72g2z413c9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8kxlj7xbcxvlgd72g2z413c9|03|org"; nocase; ) # 19a19eorpwp0gz57wjmi4xoea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19a19eorpwp0gz57wjmi4xoea|03|biz"; nocase; ) # fn6dgw1lj0ij612t9ox41hcpr9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fn6dgw1lj0ij612t9ox41hcpr9|03|biz"; nocase; ) # 1nnu5yw7a7m5svogttq2bpdbs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nnu5yw7a7m5svogttq2bpdbs|03|org"; nocase; ) # lg4xg11m4oq2eovttzofkcp9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lg4xg11m4oq2eovttzofkcp9r|03|org"; nocase; ) # czf2rt17ttt4e1tyofjf68s6a0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|czf2rt17ttt4e1tyofjf68s6a0|03|com"; nocase; ) # 1dzt89f1mqyekj1dcdvqte1te08.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dzt89f1mqyekj1dcdvqte1te08|03|biz"; nocase; ) # hzvh3w1cy7dic197m46q1t5npmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hzvh3w1cy7dic197m46q1t5npmr|03|net"; nocase; ) # evp9bx5v95iiz1l3wd9ad2kg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|evp9bx5v95iiz1l3wd9ad2kg|03|biz"; nocase; ) # 1j4m99pgsv1hkw42ysyikcwc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j4m99pgsv1hkw42ysyikcwc9|03|net"; nocase; ) # 1opqu8y17244ka164guode2440z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1opqu8y17244ka164guode2440z|03|net"; nocase; ) # 1wuh2de1189i3tom1qz9b7t2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wuh2de1189i3tom1qz9b7t2f|03|com"; nocase; ) # x1wheo1atvh4au6w3t811mi3qf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1wheo1atvh4au6w3t811mi3qf|03|net"; nocase; ) # 1wvprxzp7ao48h33dzgiryvwf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wvprxzp7ao48h33dzgiryvwf|03|com"; nocase; ) # 12lt3ys1kwq90lv1367p3uckxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12lt3ys1kwq90lv1367p3uckxh|03|biz"; nocase; ) # 9kq5kc3wygfs1lua8cj1dt5qs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9kq5kc3wygfs1lua8cj1dt5qs2|03|net"; nocase; ) # 1nm8nr01rcqlrm110c7dnvodcac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nm8nr01rcqlrm110c7dnvodcac|03|org"; nocase; ) # o9w7n6161xw691bk71yi10kj9ni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o9w7n6161xw691bk71yi10kj9ni|03|biz"; nocase; ) # ud5mtcegiuzy1l14tx41roja8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ud5mtcegiuzy1l14tx41roja8|03|net"; nocase; ) # 108hjq11viserdu3jyn1inwei9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|108hjq11viserdu3jyn1inwei9|03|biz"; nocase; ) # 17e3f418sgogi1gr9gmh4ovyc2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e3f418sgogi1gr9gmh4ovyc2|03|biz"; nocase; ) # wk7i3qfz6ge8159yf3b1hxc38o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wk7i3qfz6ge8159yf3b1hxc38o|03|com"; nocase; ) # 1kxv4sh1rlwoan9v78rz1qi9wge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kxv4sh1rlwoan9v78rz1qi9wge|03|net"; nocase; ) # 24p6gji2ahed1jmy9ul1ex1r3j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24p6gji2ahed1jmy9ul1ex1r3j|03|biz"; nocase; ) # 8i5uqpaghd7tbcjklu1rmyvla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8i5uqpaghd7tbcjklu1rmyvla|03|com"; nocase; ) # u187mq17x246414fa77tpz2t1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u187mq17x246414fa77tpz2t1|03|net"; nocase; ) # 1uuhbcu1phvpj2uxrz7c2gtbvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uuhbcu1phvpj2uxrz7c2gtbvn|03|com"; nocase; ) # 1n3t6r417tfazksi802v19s8vhr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n3t6r417tfazksi802v19s8vhr|03|net"; nocase; ) # 1yftavj1mv4re78y87whupb35c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yftavj1mv4re78y87whupb35c|03|org"; nocase; ) # 1vvm4d618nrmkxr5pspm18zye8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vvm4d618nrmkxr5pspm18zye8|03|net"; nocase; ) # dd35n21j96lav1q8vbn3o3c3k5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dd35n21j96lav1q8vbn3o3c3k5|03|net"; nocase; ) # 1pzzs9bdwtm616dp6ul1wufcns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pzzs9bdwtm616dp6ul1wufcns|03|com"; nocase; ) # 14dxzdt1yoe9521uw8l4qrd8wj5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14dxzdt1yoe9521uw8l4qrd8wj5|03|org"; nocase; ) # jl97yg1th3mxvqjd2ud1dijqrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jl97yg1th3mxvqjd2ud1dijqrn|03|net"; nocase; ) # 1wrj8awz3888gvq3olu1klbau2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wrj8awz3888gvq3olu1klbau2|03|org"; nocase; ) # gpjomu1vew9avosq7d6utidwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gpjomu1vew9avosq7d6utidwv|03|net"; nocase; ) # 1y3dk3b1nj9dnqclmj9j1es96tk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y3dk3b1nj9dnqclmj9j1es96tk|03|biz"; nocase; ) # 1ezdg001bc4k1a153olfv1oywlil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ezdg001bc4k1a153olfv1oywlil|03|net"; nocase; ) # ftytoi1miqcngjk2zih1a5dfau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ftytoi1miqcngjk2zih1a5dfau|03|com"; nocase; ) # 1i4nvq5qw3dvb1lutmfz1ujatch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4nvq5qw3dvb1lutmfz1ujatch|03|org"; nocase; ) # 78eoak1omh3ze98e7lho8sx81.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|78eoak1omh3ze98e7lho8sx81|03|com"; nocase; ) # 1ldd15c1ed04q78okp6l1oijbtl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ldd15c1ed04q78okp6l1oijbtl|03|biz"; nocase; ) # 1wc3ycc4dv7wx91fx5t1j0w3sv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wc3ycc4dv7wx91fx5t1j0w3sv|03|org"; nocase; ) # 1jtrkrz1489r0foeww3vzfhk8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jtrkrz1489r0foeww3vzfhk8w|03|org"; nocase; ) # efpjov116ckvi13y9g3jld3rs8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|efpjov116ckvi13y9g3jld3rs8|03|net"; nocase; ) # 1rvlcly1obaph31nj58uo14d17an.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rvlcly1obaph31nj58uo14d17an|03|org"; nocase; ) # 1hduty1svss5w1w1otxgp6com5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hduty1svss5w1w1otxgp6com5|03|net"; nocase; ) # 605j391v0zf0a1bk1ovrr2c6yk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|605j391v0zf0a1bk1ovrr2c6yk|03|org"; nocase; ) # 1yi3bcz1c6gnbzuaxele1rzkhiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yi3bcz1c6gnbzuaxele1rzkhiv|03|org"; nocase; ) # 13yewvl7jxiakmf00izvh3n1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13yewvl7jxiakmf00izvh3n1w|03|com"; nocase; ) # vzlyuwg4ispdpg6hj81p445bn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzlyuwg4ispdpg6hj81p445bn|03|net"; nocase; ) # 15a67ngiqlqai198ryumdk7s62.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15a67ngiqlqai198ryumdk7s62|03|biz"; nocase; ) # 1yz28bv7a8t9j148kd7h1jao53u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yz28bv7a8t9j148kd7h1jao53u|03|net"; nocase; ) # y2vsapxqkk7r1g6zkmusa3b2c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2vsapxqkk7r1g6zkmusa3b2c|03|net"; nocase; ) # maejhh1mn7xgr3v0z5e8xg2yc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|maejhh1mn7xgr3v0z5e8xg2yc|03|com"; nocase; ) # 1ec7zuf17cmbahoafmxfb6ar2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ec7zuf17cmbahoafmxfb6ar2z|03|com"; nocase; ) # 14fhnnhah2iorgtcxjh1mimyd7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14fhnnhah2iorgtcxjh1mimyd7|03|biz"; nocase; ) # s3ldi719vtzqlvr2gs71e9j2ei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s3ldi719vtzqlvr2gs71e9j2ei|03|net"; nocase; ) # jmohvp1w05i2i1o9pxkp1ixrso5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jmohvp1w05i2i1o9pxkp1ixrso5|03|com"; nocase; ) # 9bwkobk2fjvnh6vopj1xkuhtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bwkobk2fjvnh6vopj1xkuhtb|03|net"; nocase; ) # 1l4n8w71rmr6l14ewt58eztc35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l4n8w71rmr6l14ewt58eztc35|03|org"; nocase; ) # 1wxgqsshb9ff916qjcd51pupn6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wxgqsshb9ff916qjcd51pupn6j|03|com"; nocase; ) # 48vrw315hkd58sexpmt1as7nzr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|48vrw315hkd58sexpmt1as7nzr|03|org"; nocase; ) # 1um3smcktxst71wgt3yw1ut5kwd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1um3smcktxst71wgt3yw1ut5kwd|03|net"; nocase; ) # rxggxq1agqrjwvkq8tql5fvk2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxggxq1agqrjwvkq8tql5fvk2|03|com"; nocase; ) # mqqahbqd9ly21ym68k914azat6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mqqahbqd9ly21ym68k914azat6|03|net"; nocase; ) # 1o5uzrwi1n2z4tanrog1ddx1jo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o5uzrwi1n2z4tanrog1ddx1jo|03|net"; nocase; ) # 1ud9b5ezzfubh5s9yjf10pcm8p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ud9b5ezzfubh5s9yjf10pcm8p|03|com"; nocase; ) # kf0470q99iwsvsa0xo1s4mg6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kf0470q99iwsvsa0xo1s4mg6s|03|com"; nocase; ) # 1ubixkitpadmk1iwwp0z8ui9ai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ubixkitpadmk1iwwp0z8ui9ai|03|net"; nocase; ) # 12vvm8y64rhe1rs8ngm12y3iql.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vvm8y64rhe1rs8ngm12y3iql|03|org"; nocase; ) # 72cuub12cdhn6etbbaqpdccb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|72cuub12cdhn6etbbaqpdccb|03|com"; nocase; ) # y1z4gxz71xc15tqb5011aso7z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y1z4gxz71xc15tqb5011aso7z|03|biz"; nocase; ) # o3c02y1n2hdiv5tad9i1dnps5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3c02y1n2hdiv5tad9i1dnps5|03|net"; nocase; ) # vncvdljqrczg2jawjobmzcqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vncvdljqrczg2jawjobmzcqt|03|biz"; nocase; ) # jacplw1nim0pe1mwnyo4177vu2d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jacplw1nim0pe1mwnyo4177vu2d|03|org"; nocase; ) # u9k2az1mianabzvjsgpc4u6uq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u9k2az1mianabzvjsgpc4u6uq|03|net"; nocase; ) # 1b1g98011roiic1ykot3h1a384fv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b1g98011roiic1ykot3h1a384fv|03|com"; nocase; ) # 1hznn1vyzjsql1dyei511sqidvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hznn1vyzjsql1dyei511sqidvq|03|org"; nocase; ) # hp5fum1198cdi6ivvhd14rqiqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp5fum1198cdi6ivvhd14rqiqj|03|net"; nocase; ) # kmnp181j6e5ofgjs2k7xnxs9c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmnp181j6e5ofgjs2k7xnxs9c|03|com"; nocase; ) # erfu208kq8oh5cuknu2tdxxz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|erfu208kq8oh5cuknu2tdxxz|03|net"; nocase; ) # v8bdtr17vfq3n1854g071pl2r73.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v8bdtr17vfq3n1854g071pl2r73|03|biz"; nocase; ) # 1aa4nihpjjaoq1abyjml1b7cv6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa4nihpjjaoq1abyjml1b7cv6h|03|org"; nocase; ) # 1cqukoi1tcwegmdb3mycvr1ms6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqukoi1tcwegmdb3mycvr1ms6|03|org"; nocase; ) # et7bfw1gj6pxosgv5yw8czyjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|et7bfw1gj6pxosgv5yw8czyjc|03|com"; nocase; ) # 1brb3pq1lopvlm3xpfmh1hcmab1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1brb3pq1lopvlm3xpfmh1hcmab1|03|com"; nocase; ) # f5x1d11hfv5fngnjuan1kxpmrl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f5x1d11hfv5fngnjuan1kxpmrl|03|com"; nocase; ) # 9bjc7y3qhrjeq7byb1ud1igt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9bjc7y3qhrjeq7byb1ud1igt|03|biz"; nocase; ) # wl5uik1p4ul0t1jfubww59aa6q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wl5uik1p4ul0t1jfubww59aa6q|03|org"; nocase; ) # 1vpz7zh1x2lcqbv9ss751ih27wl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vpz7zh1x2lcqbv9ss751ih27wl|03|com"; nocase; ) # 1u9d8ca1kc21899utjyz18roibh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9d8ca1kc21899utjyz18roibh|03|org"; nocase; ) # wdnj8dp7o7d81gqixov113m08h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wdnj8dp7o7d81gqixov113m08h|03|biz"; nocase; ) # 2dfial1m1gs32sl43je1v5o8ei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2dfial1m1gs32sl43je1v5o8ei|03|net"; nocase; ) # wh4w261tepew7gjmw6j1l16htr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wh4w261tepew7gjmw6j1l16htr|03|biz"; nocase; ) # 77kr0zxglf0vpvl7dw10n8jdk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|77kr0zxglf0vpvl7dw10n8jdk|03|org"; nocase; ) # xof2p615yopmp1hpuhag6d8c1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xof2p615yopmp1hpuhag6d8c1d|03|net"; nocase; ) # ia1fsk1q4877852n5g31fkhkq6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ia1fsk1q4877852n5g31fkhkq6|03|com"; nocase; ) # zkeo872mvssp6nasak1oou1z0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zkeo872mvssp6nasak1oou1z0|03|net"; nocase; ) # 1wdqyuq129lx6d10awcjegy8zps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wdqyuq129lx6d10awcjegy8zps|03|com"; nocase; ) # 1ac00dg1tgnx8s1bch1hr1gw0czu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ac00dg1tgnx8s1bch1hr1gw0czu|03|net"; nocase; ) # jfdf902o4fn21kcci8uwr2jln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jfdf902o4fn21kcci8uwr2jln|03|org"; nocase; ) # 1mnok2o1ljnqvb10jgnq4zb047w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnok2o1ljnqvb10jgnq4zb047w|03|org"; nocase; ) # 1hg54wk1ru0a85q8mepq4tcjq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hg54wk1ru0a85q8mepq4tcjq9|03|net"; nocase; ) # pddajr174xdr019e3egn954ape.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pddajr174xdr019e3egn954ape|03|org"; nocase; ) # wb2q4z1a1vt3e1a2jltg1v3jldg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wb2q4z1a1vt3e1a2jltg1v3jldg|03|biz"; nocase; ) # vaou79agucpew4bq4elf3fha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vaou79agucpew4bq4elf3fha|03|com"; nocase; ) # 12q1t9lsbjyhj5e5ca51gxg6vk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12q1t9lsbjyhj5e5ca51gxg6vk|03|com"; nocase; ) # 1m3kq0g8243bd1rztupc1dyt6d1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m3kq0g8243bd1rztupc1dyt6d1|03|com"; nocase; ) # 1ot3ywxsojp69wypntsuc2rb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ot3ywxsojp69wypntsuc2rb4|03|org"; nocase; ) # v8ykhr1thoy7vxitl1o1b35fhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8ykhr1thoy7vxitl1o1b35fhc|03|com"; nocase; ) # s868d2sxk6tc69q1of1kwocjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s868d2sxk6tc69q1of1kwocjq|03|com"; nocase; ) # g4x9dh1wo0a2f51u6bo10mwheh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4x9dh1wo0a2f51u6bo10mwheh|03|net"; nocase; ) # 1ivx7f11wuplt947d6o2g2vyju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivx7f11wuplt947d6o2g2vyju|03|biz"; nocase; ) # 1ig6x3b1n4bf4s1qasbnmqagmug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ig6x3b1n4bf4s1qasbnmqagmug|03|com"; nocase; ) # eni9oou1r6fc14mffpfvxevge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eni9oou1r6fc14mffpfvxevge|03|com"; nocase; ) # ziscgw1k6ugzzjir3jyiqwfnl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ziscgw1k6ugzzjir3jyiqwfnl|03|com"; nocase; ) # 6ly44o1pmxf0lwilxrx1hil77l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ly44o1pmxf0lwilxrx1hil77l|03|net"; nocase; ) # jrd5r0teq2m88eu4srwb1bxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jrd5r0teq2m88eu4srwb1bxo|03|org"; nocase; ) # 1mv0itkj73s2117s0tsg1qcjelv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mv0itkj73s2117s0tsg1qcjelv|03|net"; nocase; ) # 18k1k941ulzwnx8ah4h6112yfbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k1k941ulzwnx8ah4h6112yfbh|03|com"; nocase; ) # 2b58m41obyndftu6l6n1kkzgtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2b58m41obyndftu6l6n1kkzgtj|03|net"; nocase; ) # 1akgfb1s4cg2cbgxdioj3qo9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1akgfb1s4cg2cbgxdioj3qo9b|03|com"; nocase; ) # 10fi6841h7g4vj1guaplq18mufhs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10fi6841h7g4vj1guaplq18mufhs|03|biz"; nocase; ) # 1teizfvkff1l64f7zlg1y9rpqu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1teizfvkff1l64f7zlg1y9rpqu|03|org"; nocase; ) # 7kkixd1dvuhjf1y746w49wj3vp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7kkixd1dvuhjf1y746w49wj3vp|03|net"; nocase; ) # vs6scamv5d336g6zqvdqpyh1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vs6scamv5d336g6zqvdqpyh1|03|com"; nocase; ) # 1jw3jpm17szayzg5uwka307i9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jw3jpm17szayzg5uwka307i9o|03|net"; nocase; ) # a4tj7z1wd5xu58sywpn1hbwadz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a4tj7z1wd5xu58sywpn1hbwadz|03|com"; nocase; ) # x5tfld1pa5yqi7z2bc18b4x2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5tfld1pa5yqi7z2bc18b4x2p|03|biz"; nocase; ) # 8llby010bnj6v1cs55x01b1fg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8llby010bnj6v1cs55x01b1fg9|03|net"; nocase; ) # 1jui8xh15xpgnu1j2aixxlkqny5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jui8xh15xpgnu1j2aixxlkqny5|03|com"; nocase; ) # 1g2q97z1nxoy091i3jbzgjxn1z3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g2q97z1nxoy091i3jbzgjxn1z3|03|com"; nocase; ) # tkoda16hjt42wy2yt7tbnx4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tkoda16hjt42wy2yt7tbnx4|03|org"; nocase; ) # 1yhvyx31ls4u6lnhd56pinembg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhvyx31ls4u6lnhd56pinembg|03|net"; nocase; ) # y2i28d15ala02ayurl4uvtgow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2i28d15ala02ayurl4uvtgow|03|biz"; nocase; ) # 1734q6s1bicw15n8wanlla1gj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1734q6s1bicw15n8wanlla1gj|03|com"; nocase; ) # 1f50jsvmgbtb0g5c1owrbdx8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f50jsvmgbtb0g5c1owrbdx8f|03|net"; nocase; ) # 1rvf89o1vggwjt1r2sjdh18lqfgn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rvf89o1vggwjt1r2sjdh18lqfgn|03|org"; nocase; ) # 2xxevzr5efmk11pq2m81c0ak0v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xxevzr5efmk11pq2m81c0ak0v|03|com"; nocase; ) # 12sg8ty1oy74ig1nsgogzhgf51f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12sg8ty1oy74ig1nsgogzhgf51f|03|net"; nocase; ) # 4n37o6sohdbp10b63624lx1xc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4n37o6sohdbp10b63624lx1xc|03|com"; nocase; ) # 359qlm1550yr4114ykcho160q6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|359qlm1550yr4114ykcho160q6|03|net"; nocase; ) # 1or1bh8hy22hpzdn5q01pkrb8b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1or1bh8hy22hpzdn5q01pkrb8b|03|biz"; nocase; ) # 146avpp14lg2mhtrr4721gst7lt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|146avpp14lg2mhtrr4721gst7lt|03|org"; nocase; ) # jj2ntr1pe67ax3ytgp71hks0hc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jj2ntr1pe67ax3ytgp71hks0hc|03|net"; nocase; ) # 90pt9b1ot3sah1ehjfh7qdvkij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|90pt9b1ot3sah1ehjfh7qdvkij|03|net"; nocase; ) # hfzyq980anpj3qpba77z5pd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hfzyq980anpj3qpba77z5pd1|03|net"; nocase; ) # 1hlv1yz1e167q31yknogs105ec4b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hlv1yz1e167q31yknogs105ec4b|03|biz"; nocase; ) # 1hg8cw855ukg91o22fuspwbs32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hg8cw855ukg91o22fuspwbs32|03|org"; nocase; ) # 1kl6l9oc0zmuf70qnd7jha0kl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kl6l9oc0zmuf70qnd7jha0kl|03|net"; nocase; ) # 1mclz1xfvp6g91tz3aso14pqxba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mclz1xfvp6g91tz3aso14pqxba|03|com"; nocase; ) # 131v61p1qjulqa1poxcmh1gcy461.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|131v61p1qjulqa1poxcmh1gcy461|03|net"; nocase; ) # 19gmqyafayayj1xmpmcvl3smnm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19gmqyafayayj1xmpmcvl3smnm|03|org"; nocase; ) # ohacr1pglame1w5s3rh3z81zm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ohacr1pglame1w5s3rh3z81zm|03|org"; nocase; ) # yozurdjg9jiq1ki3ye19ha8ak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yozurdjg9jiq1ki3ye19ha8ak|03|net"; nocase; ) # 8bbj08fubtm31vbamapvtcm7m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8bbj08fubtm31vbamapvtcm7m|03|com"; nocase; ) # dmbum0z6skj61wmvvir3lqu9u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmbum0z6skj61wmvvir3lqu9u|03|net"; nocase; ) # 1gkdlnrirqme51vmq1na56gryz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gkdlnrirqme51vmq1na56gryz|03|biz"; nocase; ) # 1ph26n88afjf911pqvkt1aarswg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ph26n88afjf911pqvkt1aarswg|03|com"; nocase; ) # 190fj3mojcs7g1nkcqfw170gbiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|190fj3mojcs7g1nkcqfw170gbiz|03|com"; nocase; ) # oj6ligl7cg0u157tarw135htxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oj6ligl7cg0u157tarw135htxs|03|biz"; nocase; ) # 4xz0klj3csnder9sg158v0ld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4xz0klj3csnder9sg158v0ld|03|com"; nocase; ) # 144nedp1gv1qlkiuttacue5s4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144nedp1gv1qlkiuttacue5s4e|03|net"; nocase; ) # 494dfv1wcqldi1c1b5i7116ma8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|494dfv1wcqldi1c1b5i7116ma8b|03|com"; nocase; ) # 1sqtx5iyo4yys1ov0bd41nb5gxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sqtx5iyo4yys1ov0bd41nb5gxo|03|org"; nocase; ) # 4em78a1362s6zjroxekk920js.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4em78a1362s6zjroxekk920js|03|com"; nocase; ) # ibny8ktz2er07sy1qp1ohhm02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ibny8ktz2er07sy1qp1ohhm02|03|net"; nocase; ) # c9cogj1u15i861lygybu17vkcok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c9cogj1u15i861lygybu17vkcok|03|org"; nocase; ) # g1376t1jgegtt1is4atlmcaaoe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g1376t1jgegtt1is4atlmcaaoe|03|com"; nocase; ) # 1r7kafi11b97r1iobxab1iyag49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r7kafi11b97r1iobxab1iyag49|03|net"; nocase; ) # 1szw8ew15ryucq9p1jpv95jgtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1szw8ew15ryucq9p1jpv95jgtg|03|net"; nocase; ) # mxy5xq1jgd0msi1u4497dxbbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mxy5xq1jgd0msi1u4497dxbbt|03|org"; nocase; ) # 1q3ixxsw3ceacjhg0h9gc9ae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1q3ixxsw3ceacjhg0h9gc9ae|03|net"; nocase; ) # am8gfv10qn2ik1cwlxql14ehinf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|am8gfv10qn2ik1cwlxql14ehinf|03|com"; nocase; ) # 15hu7yf1bmw681155ntbfy3wjko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15hu7yf1bmw681155ntbfy3wjko|03|biz"; nocase; ) # 13frd1q1m1t5of11f3g9gdv1jxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13frd1q1m1t5of11f3g9gdv1jxv|03|net"; nocase; ) # 1t6vn9ux8p58nq57bdqno6f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1t6vn9ux8p58nq57bdqno6f6|03|net"; nocase; ) # b6vk451v9h7u1a0209imzpglt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b6vk451v9h7u1a0209imzpglt|03|biz"; nocase; ) # 9m4fn1oao9tvs8995h138145m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9m4fn1oao9tvs8995h138145m|03|net"; nocase; ) # sizbed73y6ao14dk1x8rr1cgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sizbed73y6ao14dk1x8rr1cgg|03|biz"; nocase; ) # o54r2ua5fu3mxsz2cndgjgtw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o54r2ua5fu3mxsz2cndgjgtw|03|com"; nocase; ) # 1ew9gnl1so7bk1o0dphx1j2v941.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ew9gnl1so7bk1o0dphx1j2v941|03|biz"; nocase; ) # 6a94ol1jdo8n71p0xcke1s3a2qo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6a94ol1jdo8n71p0xcke1s3a2qo|03|net"; nocase; ) # 13yk8331ed9kiykkkn4b1xibxex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13yk8331ed9kiykkkn4b1xibxex|03|biz"; nocase; ) # i7q0xrrgh1ub1ntwl7d1vdoz89.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7q0xrrgh1ub1ntwl7d1vdoz89|03|net"; nocase; ) # mejj2sg9fyit19plu4d6zao98.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mejj2sg9fyit19plu4d6zao98|03|biz"; nocase; ) # 1kwn5jp1p9mvcx1vgysoc15crmf7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kwn5jp1p9mvcx1vgysoc15crmf7|03|net"; nocase; ) # 1qg46l51bihglq10cw98f8pv4yp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qg46l51bihglq10cw98f8pv4yp|03|org"; nocase; ) # 8u4t31aztmxsrp91si4nmx3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8u4t31aztmxsrp91si4nmx3w|03|net"; nocase; ) # hty736zb3ssvbzv8jsex92hr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hty736zb3ssvbzv8jsex92hr|03|biz"; nocase; ) # l0thc934owguvaonqpf5org3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l0thc934owguvaonqpf5org3|03|org"; nocase; ) # wvjhw643stydn391zy1dmkbc6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvjhw643stydn391zy1dmkbc6|03|biz"; nocase; ) # l5bcs6mopzcd161kj2v14w7pot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l5bcs6mopzcd161kj2v14w7pot|03|org"; nocase; ) # 8whwde16xnf4i8im21sptf6hx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8whwde16xnf4i8im21sptf6hx|03|biz"; nocase; ) # 5qmy1c5nomjcqdm4ax1fa02q6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5qmy1c5nomjcqdm4ax1fa02q6|03|net"; nocase; ) # 1bwigs0550t7816vn7r18i7izn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bwigs0550t7816vn7r18i7izn|03|org"; nocase; ) # n1o9ym1qoh8yi1jy9lb91q2iaq9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n1o9ym1qoh8yi1jy9lb91q2iaq9|03|biz"; nocase; ) # rl8ia41nrfq46q8x0fpcj0jrt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rl8ia41nrfq46q8x0fpcj0jrt|03|com"; nocase; ) # yym00qepdzwcke84fppeggx6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yym00qepdzwcke84fppeggx6|03|net"; nocase; ) # 1ma5xilfh02igov8494mj93b4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ma5xilfh02igov8494mj93b4|03|biz"; nocase; ) # 7hasnw433ldwjv5t7b1hqrt44.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7hasnw433ldwjv5t7b1hqrt44|03|biz"; nocase; ) # 7y5f4817awlgiawaq7p1m409wv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7y5f4817awlgiawaq7p1m409wv|03|org"; nocase; ) # 1epaunw1reinkqbgl9fq1g9521m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epaunw1reinkqbgl9fq1g9521m|03|biz"; nocase; ) # wt3u201qo2l9s13lm36tvbyvvj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wt3u201qo2l9s13lm36tvbyvvj|03|org"; nocase; ) # 18tqxvk1ojaq0nwxct9f15xsmkt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tqxvk1ojaq0nwxct9f15xsmkt|03|net"; nocase; ) # u329do1c1lm3h1ou95zntgwgog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u329do1c1lm3h1ou95zntgwgog|03|net"; nocase; ) # 1pnatcpjcxwr111iqzji1ppvi9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnatcpjcxwr111iqzji1ppvi9y|03|net"; nocase; ) # afa8e58zh0sv1ixfmisu3j1hb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|afa8e58zh0sv1ixfmisu3j1hb|03|com"; nocase; ) # 1wt5qbvxl1m8gbv5jwau9ue3m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wt5qbvxl1m8gbv5jwau9ue3m|03|biz"; nocase; ) # 1p5jnja4sua9u1aai3a417bbvdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p5jnja4sua9u1aai3a417bbvdy|03|net"; nocase; ) # 7zouzyj2mnc71lbo059tmke17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7zouzyj2mnc71lbo059tmke17|03|com"; nocase; ) # zu89qqeat0je1xzmu168kzkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zu89qqeat0je1xzmu168kzkc|03|com"; nocase; ) # 16959yqktcexsxgevzzgl6azd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16959yqktcexsxgevzzgl6azd|03|org"; nocase; ) # 1x5pxfe1qcb5bx17wq7qci9jqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5pxfe1qcb5bx17wq7qci9jqz|03|net"; nocase; ) # 180rpcb19ulzopxz8mi8osbuvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|180rpcb19ulzopxz8mi8osbuvg|03|net"; nocase; ) # tdunih1cdfirw1tjtivc1b6tt72.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tdunih1cdfirw1tjtivc1b6tt72|03|com"; nocase; ) # c2a2wt1ozh1amum484esluoj4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c2a2wt1ozh1amum484esluoj4|03|net"; nocase; ) # 13kooky1it739orjebq8hbih8j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13kooky1it739orjebq8hbih8j|03|net"; nocase; ) # 1qzkzja4y7ysf1you49xqrkrhn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qzkzja4y7ysf1you49xqrkrhn|03|biz"; nocase; ) # 1fiktd1o0drr4abu2wrk9m0fo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fiktd1o0drr4abu2wrk9m0fo|03|biz"; nocase; ) # 1s75832val0ptm5zemcalwgh5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s75832val0ptm5zemcalwgh5|03|biz"; nocase; ) # b8qx2t1nsao8d1dydi2e1cxemye.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000017999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b8qx2t1nsao8d1dydi2e1cxemye|03|biz"; nocase; ) # 1vjj8cd1jcvalc1gpt8y21hk3yoy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vjj8cd1jcvalc1gpt8y21hk3yoy|03|com"; nocase; ) # 1fbe8l410v99041tetdu5fgegnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbe8l410v99041tetdu5fgegnm|03|net"; nocase; ) # 3g0wpfj9trkt1kbwfyghknrp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3g0wpfj9trkt1kbwfyghknrp|03|com"; nocase; ) # 4zm9zp1ruh5hitulm1g4enouf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4zm9zp1ruh5hitulm1g4enouf|03|com"; nocase; ) # 46m0xh1y02gvekskg1plm0su4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|46m0xh1y02gvekskg1plm0su4|03|net"; nocase; ) # 4hb2rgok79eu1ka3apk3m2fft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4hb2rgok79eu1ka3apk3m2fft|03|com"; nocase; ) # 19suj7anivmnsoolwm146v9kq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19suj7anivmnsoolwm146v9kq|03|org"; nocase; ) # 1ir6d3cyctrps14xho7k1es6q58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ir6d3cyctrps14xho7k1es6q58|03|net"; nocase; ) # 1ewt2u41sgr6av11wwq101wdjh3i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ewt2u41sgr6av11wwq101wdjh3i|03|biz"; nocase; ) # 1sogx3i1qmoaubbn6vy9ngogr0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sogx3i1qmoaubbn6vy9ngogr0|03|org"; nocase; ) # 1vrzeqw18oay751eiklhfx9i1vc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vrzeqw18oay751eiklhfx9i1vc|03|net"; nocase; ) # b889hc1ptdl9h1fwjd9v1qweb47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b889hc1ptdl9h1fwjd9v1qweb47|03|org"; nocase; ) # 1bfsscq1pkq7bs1eehe513espjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bfsscq1pkq7bs1eehe513espjd|03|biz"; nocase; ) # 80ws39monzugr8hsz11bxxdsg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|80ws39monzugr8hsz11bxxdsg|03|net"; nocase; ) # 93norlmct4s1msxyme1p4iby3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93norlmct4s1msxyme1p4iby3|03|biz"; nocase; ) # 1sn0m0o17w9vamgwyo5qfmre2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sn0m0o17w9vamgwyo5qfmre2|03|net"; nocase; ) # h0pigd1ob8w8w1d0u0ygcn0176.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0pigd1ob8w8w1d0u0ygcn0176|03|com"; nocase; ) # ocutpd6gld3qtru5yl94udrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ocutpd6gld3qtru5yl94udrn|03|net"; nocase; ) # xsopkpt6ixgt1wfsto61849v0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsopkpt6ixgt1wfsto61849v0m|03|com"; nocase; ) # 2ly1k8evudn11tbeqej1r9hqpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ly1k8evudn11tbeqej1r9hqpp|03|net"; nocase; ) # 18houde1l7msnf10gv8l6mg8327.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18houde1l7msnf10gv8l6mg8327|03|org"; nocase; ) # 1pjr0ui58c8261ggv50nwan4w7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pjr0ui58c8261ggv50nwan4w7|03|net"; nocase; ) # 1ywb1kdnfk1or2wa9rvtmjr7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ywb1kdnfk1or2wa9rvtmjr7b|03|com"; nocase; ) # 9q3qegqr8m7n15vevf96pfq3a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9q3qegqr8m7n15vevf96pfq3a|03|org"; nocase; ) # 1tgh3qa10nag1bvj8n7gkeelqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tgh3qa10nag1bvj8n7gkeelqq|03|biz"; nocase; ) # 1sfngire7948r1hbnmz238i16j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sfngire7948r1hbnmz238i16j|03|biz"; nocase; ) # vtz6kl1qp29hrndye2qzrjc2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vtz6kl1qp29hrndye2qzrjc2c|03|com"; nocase; ) # 1cfeguu1yked1r1n0po69336wx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cfeguu1yked1r1n0po69336wx9|03|biz"; nocase; ) # 1tuitv51ezxju9w1gx5rhfug0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tuitv51ezxju9w1gx5rhfug0i|03|net"; nocase; ) # gbwwse1a8cljk1dhh2i5ttr36m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gbwwse1a8cljk1dhh2i5ttr36m|03|biz"; nocase; ) # 1f50sxb19cmpi1v4spqb4i1bu1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f50sxb19cmpi1v4spqb4i1bu1|03|net"; nocase; ) # 9ivl1ajlc24k13vlvm6q65hpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ivl1ajlc24k13vlvm6q65hpm|03|net"; nocase; ) # 1e07khs3uh5isb5ksgm5apiek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e07khs3uh5isb5ksgm5apiek|03|com"; nocase; ) # dhs0by1kqqz5c1ev4pqxfozyqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dhs0by1kqqz5c1ev4pqxfozyqj|03|com"; nocase; ) # fk8h991rs70rzbwgk3wixs1c7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fk8h991rs70rzbwgk3wixs1c7|03|net"; nocase; ) # 14eg4fi14ixsap1shg1tqzqmtgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14eg4fi14ixsap1shg1tqzqmtgd|03|com"; nocase; ) # 1r5q0i21iotu14cj8ni9xsrsjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r5q0i21iotu14cj8ni9xsrsjl|03|net"; nocase; ) # 1r90pgfo1c391mmfvrxbut9wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r90pgfo1c391mmfvrxbut9wz|03|com"; nocase; ) # 1skrjpb1t2pcl8xrib94z2rfc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1skrjpb1t2pcl8xrib94z2rfc2|03|net"; nocase; ) # epjmsa1g02p91k497gilu3pmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epjmsa1g02p91k497gilu3pmc|03|com"; nocase; ) # 1rfjb8i1sft7mw1abh4zfsrqu2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rfjb8i1sft7mw1abh4zfsrqu2z|03|com"; nocase; ) # aw5q9a1hc4gx71op9upk1s4juw4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aw5q9a1hc4gx71op9upk1s4juw4|03|com"; nocase; ) # 1x06jle1izufs2gv1saarugp56.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x06jle1izufs2gv1saarugp56|03|biz"; nocase; ) # gj6dljpocyjo12fze97l0y5yk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gj6dljpocyjo12fze97l0y5yk|03|com"; nocase; ) # 12mzshqgqxymm12dhstjc9y5bi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12mzshqgqxymm12dhstjc9y5bi|03|com"; nocase; ) # r4dfxpvums7pywa3au1d8efgh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4dfxpvums7pywa3au1d8efgh|03|com"; nocase; ) # l1lxnz1uam3on3l5s316m3cix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l1lxnz1uam3on3l5s316m3cix|03|net"; nocase; ) # 19qj1iv624arox3dixr1obuu4m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19qj1iv624arox3dixr1obuu4m|03|com"; nocase; ) # 1hg6s781owzdvpzjxseh1tcxahc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hg6s781owzdvpzjxseh1tcxahc|03|net"; nocase; ) # 11dywfix2p712446y2khwy1l5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11dywfix2p712446y2khwy1l5|03|net"; nocase; ) # 1rw4l6qlfy3z51q5561csamtst.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rw4l6qlfy3z51q5561csamtst|03|com"; nocase; ) # bvd8yw128zf1g1dbe5a19syykx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bvd8yw128zf1g1dbe5a19syykx|03|org"; nocase; ) # 10j0xea9ugkfcgv07ec14a419q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10j0xea9ugkfcgv07ec14a419q|03|com"; nocase; ) # pu5i5nrgzjqyfvb5cp1ythwey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pu5i5nrgzjqyfvb5cp1ythwey|03|com"; nocase; ) # 1pmq6z11u6f5fplcb7ux1alzjuw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pmq6z11u6f5fplcb7ux1alzjuw|03|com"; nocase; ) # 2mqgtkm1saq310ofkj5nscdvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2mqgtkm1saq310ofkj5nscdvh|03|org"; nocase; ) # plfe71aecdv7tvluydfbyuuz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|plfe71aecdv7tvluydfbyuuz|03|biz"; nocase; ) # 5s8iqrc6qsud3hjvi3gddagp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5s8iqrc6qsud3hjvi3gddagp|03|net"; nocase; ) # 10lud9b9fhatd1stqcdr18rc1sj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10lud9b9fhatd1stqcdr18rc1sj|03|biz"; nocase; ) # 1f42y5811x1fvn1hhxubi109c3ey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f42y5811x1fvn1hhxubi109c3ey|03|org"; nocase; ) # 1b6htlc1jsuwdspfi9ov129lktc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b6htlc1jsuwdspfi9ov129lktc|03|com"; nocase; ) # 1j23u9y19x9k741bsb2fw10dog0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j23u9y19x9k741bsb2fw10dog0e|03|org"; nocase; ) # 5w8xkvtriv86c2dnz11jo77hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5w8xkvtriv86c2dnz11jo77hd|03|com"; nocase; ) # 1tbht041ntfn6d1isirjbdv5i5f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbht041ntfn6d1isirjbdv5i5f|03|biz"; nocase; ) # csw6rgi7usecp4zyay64f741.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|csw6rgi7usecp4zyay64f741|03|net"; nocase; ) # 196bji81op9bgv1w49z0o1g3lhcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|196bji81op9bgv1w49z0o1g3lhcs|03|com"; nocase; ) # 1i3chyo14u6gdh9ez854137sv62.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i3chyo14u6gdh9ez854137sv62|03|biz"; nocase; ) # 119lmdx74gvaw1dwqwzb1wmm6ub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|119lmdx74gvaw1dwqwzb1wmm6ub|03|net"; nocase; ) # 43spzz3d1rondjm86717qlh21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|43spzz3d1rondjm86717qlh21|03|biz"; nocase; ) # ai4hjq11cfjc5k8lh8x1wnl1q1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ai4hjq11cfjc5k8lh8x1wnl1q1|03|net"; nocase; ) # 1m4oyu11jvt8x9v5b5mx11i3vzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4oyu11jvt8x9v5b5mx11i3vzn|03|com"; nocase; ) # 180mi9c7a6j4mc511p91p5x7ml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|180mi9c7a6j4mc511p91p5x7ml|03|com"; nocase; ) # 1i7fosoyis85q1e3wtiq1e0wnfx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i7fosoyis85q1e3wtiq1e0wnfx|03|biz"; nocase; ) # 1kdmpkf6lzjkfnhlk83qcf1yu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kdmpkf6lzjkfnhlk83qcf1yu|03|biz"; nocase; ) # aupst8ldmtqqr6013z1ylms3q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aupst8ldmtqqr6013z1ylms3q|03|com"; nocase; ) # 13ii2xc1k2eh8c3eovv31itabui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ii2xc1k2eh8c3eovv31itabui|03|net"; nocase; ) # uwzi3z1jnaf7l1674kan4k0h98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uwzi3z1jnaf7l1674kan4k0h98|03|com"; nocase; ) # u0nzj71795u7q1wmzx3g7o8f5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u0nzj71795u7q1wmzx3g7o8f5t|03|com"; nocase; ) # 1ubfe0sb79rim1xoo1ec6h9t2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ubfe0sb79rim1xoo1ec6h9t2|03|org"; nocase; ) # jtlzxd1tbkhjlaejnfcn7vff3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtlzxd1tbkhjlaejnfcn7vff3|03|org"; nocase; ) # 1mhbsem1vil9fo1dnt1bk1jbcg45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mhbsem1vil9fo1dnt1bk1jbcg45|03|com"; nocase; ) # 1calumb1d7bdzjnccu9ps2ix5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1calumb1d7bdzjnccu9ps2ix5p|03|org"; nocase; ) # quhujgfdjbmc4ntuio1d3klox.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|quhujgfdjbmc4ntuio1d3klox|03|net"; nocase; ) # 1cjrojmd7v7rm1n83w711lf09a8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjrojmd7v7rm1n83w711lf09a8|03|org"; nocase; ) # 1p5lpj11uswk2bh7kawadme9st.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p5lpj11uswk2bh7kawadme9st|03|org"; nocase; ) # i9ohip101lbry1k1j2ot1a3sz25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i9ohip101lbry1k1j2ot1a3sz25|03|org"; nocase; ) # 1t1pqp91gpq4zv1d9z9luzexcls.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t1pqp91gpq4zv1d9z9luzexcls|03|net"; nocase; ) # kkhmzj1hq0xj814ls84f1aswcc8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kkhmzj1hq0xj814ls84f1aswcc8|03|com"; nocase; ) # 2bemmo6zn33u2cwbkpfcf1sg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2bemmo6zn33u2cwbkpfcf1sg|03|com"; nocase; ) # iw7pod1r2r2tv4oewur15419lo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iw7pod1r2r2tv4oewur15419lo|03|org"; nocase; ) # j4ie3pxj08hc1s5psq61j45aao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4ie3pxj08hc1s5psq61j45aao|03|biz"; nocase; ) # os39701su5ig2gd7kes6rfubk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|os39701su5ig2gd7kes6rfubk|03|net"; nocase; ) # pim0vh3mbf1v1vurox194zee7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pim0vh3mbf1v1vurox194zee7|03|org"; nocase; ) # 1dz35t5stxjjx1xv2ja11tnn1re.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dz35t5stxjjx1xv2ja11tnn1re|03|biz"; nocase; ) # 1v2r02d1og6jwk1urq3xms1c672.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v2r02d1og6jwk1urq3xms1c672|03|com"; nocase; ) # 8nan6s12sge9u1t1ol3b14mybi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8nan6s12sge9u1t1ol3b14mybi|03|com"; nocase; ) # 15ecnq3hav1pz16gx9rsms72o6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ecnq3hav1pz16gx9rsms72o6|03|biz"; nocase; ) # 16lh4jvy1i57f9by7a11yy3qa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16lh4jvy1i57f9by7a11yy3qa|03|org"; nocase; ) # rgd5tm165gr51qcld81nyoi4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rgd5tm165gr51qcld81nyoi4|03|net"; nocase; ) # t93wlq1ywdek597nff19jnhf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t93wlq1ywdek597nff19jnhf1|03|org"; nocase; ) # utcq8au5nbv9365qk918f3h4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|utcq8au5nbv9365qk918f3h4z|03|com"; nocase; ) # 7exxxlcuvt8ssazqwcmh9hdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7exxxlcuvt8ssazqwcmh9hdt|03|org"; nocase; ) # 2u6u1fycefir1gr6b5qtxqaqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2u6u1fycefir1gr6b5qtxqaqq|03|com"; nocase; ) # 1v8thic6g5whaylc9jp8e6u6h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v8thic6g5whaylc9jp8e6u6h|03|com"; nocase; ) # 1wi9bp35ef3a8120bwxm1mgvghe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi9bp35ef3a8120bwxm1mgvghe|03|com"; nocase; ) # 1cxajr4yfbwfwv660ztjyeor7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cxajr4yfbwfwv660ztjyeor7|03|org"; nocase; ) # oyimi3yl0i0f1osl6p0jl0khm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oyimi3yl0i0f1osl6p0jl0khm|03|org"; nocase; ) # qtfwhd8r96pl1xabi4w1i6qa0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qtfwhd8r96pl1xabi4w1i6qa0x|03|org"; nocase; ) # 1lf50ch2dp2nuefy7mq1pzkwg2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lf50ch2dp2nuefy7mq1pzkwg2|03|com"; nocase; ) # 8yg1pw19crxla1bd0foyduqa2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8yg1pw19crxla1bd0foyduqa2m|03|net"; nocase; ) # x5y48x106lkxi1g8tz4x1ipwtcc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x5y48x106lkxi1g8tz4x1ipwtcc|03|org"; nocase; ) # 138q2wcdmdjyom91i1rb43qtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|138q2wcdmdjyom91i1rb43qtv|03|net"; nocase; ) # 1pih8yx15xigwb1ge1rol1882rea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pih8yx15xigwb1ge1rol1882rea|03|net"; nocase; ) # j34lcx1c728t913zxuzvijjpsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j34lcx1c728t913zxuzvijjpsz|03|net"; nocase; ) # c8ue0q1wk9l671en1t6t132vgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c8ue0q1wk9l671en1t6t132vgo|03|net"; nocase; ) # 1m0lui713wmut21ghm3h29zwypx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m0lui713wmut21ghm3h29zwypx|03|net"; nocase; ) # 1t82l2d1xdpt3zmd0z9b1g1l3oj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t82l2d1xdpt3zmd0z9b1g1l3oj|03|biz"; nocase; ) # 1u16wkl1e3987i1laan30xq30k8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u16wkl1e3987i1laan30xq30k8|03|net"; nocase; ) # tf04r219hejp4y3h26j1h3mc1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tf04r219hejp4y3h26j1h3mc1x|03|org"; nocase; ) # 15ilngg2c5bzn1shdtwzl9cgo3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ilngg2c5bzn1shdtwzl9cgo3|03|com"; nocase; ) # 960k1zgay7opzcpx0833i292.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|960k1zgay7opzcpx0833i292|03|com"; nocase; ) # 1rg57kq1etsca611qhh8s7r0dds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rg57kq1etsca611qhh8s7r0dds|03|net"; nocase; ) # 1yc8e1m1e5yho319c331s1gb7s55.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yc8e1m1e5yho319c331s1gb7s55|03|org"; nocase; ) # n24ic42cqus7f17m9v11b3vks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n24ic42cqus7f17m9v11b3vks|03|com"; nocase; ) # m10aiq86qz701ix2nm41jdbte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m10aiq86qz701ix2nm41jdbte|03|com"; nocase; ) # jggxm01kckl6m13zc26d19l5etc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jggxm01kckl6m13zc26d19l5etc|03|net"; nocase; ) # 1xtfmeercfn6g1dlfgex1e19q27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xtfmeercfn6g1dlfgex1e19q27|03|com"; nocase; ) # 1fp3qnu16fdkxrq6yqynjme4u4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fp3qnu16fdkxrq6yqynjme4u4|03|biz"; nocase; ) # 1ky7rtrc1614ivwrvub1ubhs4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ky7rtrc1614ivwrvub1ubhs4u|03|biz"; nocase; ) # 1ib88lkmz6pcll2cr7mzrjhiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ib88lkmz6pcll2cr7mzrjhiw|03|net"; nocase; ) # 1sczgoa1sjj7zv1e6qc1jlob5w2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sczgoa1sjj7zv1e6qc1jlob5w2|03|net"; nocase; ) # o1k9kv1d25lid20q9efyog14d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1k9kv1d25lid20q9efyog14d|03|com"; nocase; ) # 1d1h2q7139w64z1i2oukd1bhy1gp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d1h2q7139w64z1i2oukd1bhy1gp|03|biz"; nocase; ) # 1v0b9ja156f0nq18ah6y0auwrui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v0b9ja156f0nq18ah6y0auwrui|03|com"; nocase; ) # y238od12o8sg11vxlgmm1whom7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y238od12o8sg11vxlgmm1whom7q|03|net"; nocase; ) # 1innalf10c54avppcygi1wegg8w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1innalf10c54avppcygi1wegg8w|03|net"; nocase; ) # 4jji0h1qnng2r1holit6d3n6wu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4jji0h1qnng2r1holit6d3n6wu|03|org"; nocase; ) # 4vxnto1atbzecuu16cm1yb5x4z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4vxnto1atbzecuu16cm1yb5x4z|03|org"; nocase; ) # 1rek5ll1ycowbw1q96kmb18x82xj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rek5ll1ycowbw1q96kmb18x82xj|03|com"; nocase; ) # 7qysium6xrpd9wh54fpdhwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|7qysium6xrpd9wh54fpdhwq|03|com"; nocase; ) # 1wwwj3yzwhhc0a1wphm1qsj2mi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwwj3yzwhhc0a1wphm1qsj2mi|03|org"; nocase; ) # g13yl0qoxums1xhzfw3ahhib0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g13yl0qoxums1xhzfw3ahhib0|03|net"; nocase; ) # 10vclud1uagy08mstzic46ddex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10vclud1uagy08mstzic46ddex|03|com"; nocase; ) # 143s7suto9vko15nhrblyfzyyy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|143s7suto9vko15nhrblyfzyyy|03|biz"; nocase; ) # 1jyr9qyfwz62s1rciw2egce16c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jyr9qyfwz62s1rciw2egce16c|03|net"; nocase; ) # nlpvgv17h6ybfshq1cd1ag4nxw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nlpvgv17h6ybfshq1cd1ag4nxw|03|org"; nocase; ) # 1g889k41fduuyw4iepua1cu32bo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g889k41fduuyw4iepua1cu32bo|03|com"; nocase; ) # d67vrm1rstxmle9uobk9mpf6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d67vrm1rstxmle9uobk9mpf6o|03|org"; nocase; ) # 1lj5fe01xt12q0srxnws15qu8fz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lj5fe01xt12q0srxnws15qu8fz|03|org"; nocase; ) # n0rziy1123dcy1fmzymn1hyanzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n0rziy1123dcy1fmzymn1hyanzd|03|com"; nocase; ) # 1cidi707lhp9o6sdal61vo46lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cidi707lhp9o6sdal61vo46lr|03|net"; nocase; ) # t5xzcb1t454ip1pl88xa1sg2bg9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t5xzcb1t454ip1pl88xa1sg2bg9|03|biz"; nocase; ) # 162vhla1j96nhc197zhqohco0va.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|162vhla1j96nhc197zhqohco0va|03|org"; nocase; ) # sn8qn61fjlc7u1qzrl5upirj9l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sn8qn61fjlc7u1qzrl5upirj9l|03|biz"; nocase; ) # wzsn5prteqxx13cca421cpszpx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzsn5prteqxx13cca421cpszpx|03|com"; nocase; ) # 4zev8w5j5cr1qbuqfq9hjba9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4zev8w5j5cr1qbuqfq9hjba9|03|biz"; nocase; ) # oe1hso12w92gj18wnscgbpwq34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oe1hso12w92gj18wnscgbpwq34|03|org"; nocase; ) # 1v8upb81vsvs0sr6u2e7lhncrx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v8upb81vsvs0sr6u2e7lhncrx|03|com"; nocase; ) # 1kbhuoe1i7ae2x3psu1g9vszs7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kbhuoe1i7ae2x3psu1g9vszs7|03|biz"; nocase; ) # 1gzbe9pf5e8i01nu78vy53z3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gzbe9pf5e8i01nu78vy53z3d|03|net"; nocase; ) # 4siz5l1ml1e1wqq4yjdstyah7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4siz5l1ml1e1wqq4yjdstyah7|03|com"; nocase; ) # 1lwgrpe1herzsyblhr0t19z887m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lwgrpe1herzsyblhr0t19z887m|03|net"; nocase; ) # aavshbs85nnsf39c2532tnwj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aavshbs85nnsf39c2532tnwj|03|biz"; nocase; ) # siga7a1kzovrh1kqt4s01h92cl0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|siga7a1kzovrh1kqt4s01h92cl0|03|net"; nocase; ) # 5cxi801occz6doval407grixi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5cxi801occz6doval407grixi|03|org"; nocase; ) # 1ujoyz31uzx93212ripgnm7k04b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujoyz31uzx93212ripgnm7k04b|03|com"; nocase; ) # i65s5vntweol6bdw0b1ac277t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i65s5vntweol6bdw0b1ac277t|03|net"; nocase; ) # c8gpm52lkbxma6xwl18wv3k5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c8gpm52lkbxma6xwl18wv3k5|03|com"; nocase; ) # qfofba4l395b1mgcmca122idy6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qfofba4l395b1mgcmca122idy6|03|org"; nocase; ) # domnv8pa124g1lb9y2j4yhr3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|domnv8pa124g1lb9y2j4yhr3w|03|net"; nocase; ) # xls5ebseuv51t9enhu5sfpv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xls5ebseuv51t9enhu5sfpv4|03|net"; nocase; ) # 1nifguw1nc8cu3bu8lt315gl7w3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nifguw1nc8cu3bu8lt315gl7w3|03|com"; nocase; ) # 1y21vaa19ullymdkazpg1b099st.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y21vaa19ullymdkazpg1b099st|03|com"; nocase; ) # jdxxlab4svrsbtgxaaceng0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jdxxlab4svrsbtgxaaceng0s|03|org"; nocase; ) # pehhtzrvxfax9gdkhs180m4y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pehhtzrvxfax9gdkhs180m4y|03|com"; nocase; ) # 1cxqefq19bxvyq1e26wx41wj7rbs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cxqefq19bxvyq1e26wx41wj7rbs|03|org"; nocase; ) # 114iwpllmkp1rofgkmz1n1rb3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|114iwpllmkp1rofgkmz1n1rb3t|03|com"; nocase; ) # yzm8yv1h3adj71xz0oex11liynh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yzm8yv1h3adj71xz0oex11liynh|03|org"; nocase; ) # 1pin3q31wyf9j31bw19tf1vyybh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pin3q31wyf9j31bw19tf1vyybh6|03|net"; nocase; ) # ek6fobc7hrpamork1nfzwslt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ek6fobc7hrpamork1nfzwslt|03|net"; nocase; ) # ahlcpagtwmk9yd4hx5146b618.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ahlcpagtwmk9yd4hx5146b618|03|com"; nocase; ) # h5a4l197r4fw1wax8idyr9o93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h5a4l197r4fw1wax8idyr9o93|03|net"; nocase; ) # 1lbrz841a6ucw7b5pk9v1qlvlmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lbrz841a6ucw7b5pk9v1qlvlmk|03|com"; nocase; ) # 157gd891um1goi8rnecqd2eaxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157gd891um1goi8rnecqd2eaxr|03|com"; nocase; ) # 67v9yl1rey7jd1x1bijnim27c7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|67v9yl1rey7jd1x1bijnim27c7|03|biz"; nocase; ) # mx5rbw11inj0dzn3cdf1pj1et2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mx5rbw11inj0dzn3cdf1pj1et2|03|com"; nocase; ) # u91coj18skrb01kditeiavudj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u91coj18skrb01kditeiavudj6|03|org"; nocase; ) # 1g98zez10xqteg7gy661yzyh81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g98zez10xqteg7gy661yzyh81|03|net"; nocase; ) # 102lq1k1feq65d1s9requ184jk5f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|102lq1k1feq65d1s9requ184jk5f|03|net"; nocase; ) # 8v6zf31u3l7l3day95m23wuip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8v6zf31u3l7l3day95m23wuip|03|net"; nocase; ) # 3tckxl3twvkmojty3o16yhzkj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3tckxl3twvkmojty3o16yhzkj|03|biz"; nocase; ) # yefn1514avjh91ngubh6qs2hug.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yefn1514avjh91ngubh6qs2hug|03|org"; nocase; ) # ig5d2y44lhrpiyp8p41ecmm8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ig5d2y44lhrpiyp8p41ecmm8z|03|org"; nocase; ) # 10se4lvmtax8i18hj4o8vhosyr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10se4lvmtax8i18hj4o8vhosyr|03|org"; nocase; ) # vuqjtvziy0kx1qc2cwt1776bc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vuqjtvziy0kx1qc2cwt1776bc2|03|net"; nocase; ) # g8iuzf1fwf6btp6ioco10bmpnu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g8iuzf1fwf6btp6ioco10bmpnu|03|org"; nocase; ) # 8usnsl1yacyws1xmdi94xze41d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8usnsl1yacyws1xmdi94xze41d|03|com"; nocase; ) # vzq4akgrg2qadtv6fz1s2yhul.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzq4akgrg2qadtv6fz1s2yhul|03|org"; nocase; ) # 134is8018jem1k1cydeul1gy3jjo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|134is8018jem1k1cydeul1gy3jjo|03|biz"; nocase; ) # oix9my1064vmy1g37tj61abdln5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oix9my1064vmy1g37tj61abdln5|03|com"; nocase; ) # 1kmuwc816jjtv514k9kf118eqxt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kmuwc816jjtv514k9kf118eqxt9|03|org"; nocase; ) # riybez1xpjstm1g5k96g1380v6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|riybez1xpjstm1g5k96g1380v6c|03|biz"; nocase; ) # xjw4ht12hw1xe166zr0x162r9ov.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xjw4ht12hw1xe166zr0x162r9ov|03|net"; nocase; ) # 2vns381iuvxvwei3pai1fje4au.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2vns381iuvxvwei3pai1fje4au|03|net"; nocase; ) # 1dyj65o1yu0vi2twnnmc1q6baex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dyj65o1yu0vi2twnnmc1q6baex|03|net"; nocase; ) # 1lr63vt1jkj2hzkvezcx1otkovy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lr63vt1jkj2hzkvezcx1otkovy|03|net"; nocase; ) # 1kfkiah96kiaf1bb54eo1g6dy42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kfkiah96kiaf1bb54eo1g6dy42|03|com"; nocase; ) # c396lq2mlyt41m2gn2o1u1pnli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c396lq2mlyt41m2gn2o1u1pnli|03|com"; nocase; ) # c93zmtu41kuwnckn8qd9ky2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c93zmtu41kuwnckn8qd9ky2r|03|net"; nocase; ) # cjdgfl17yuwyk97cb2q1sj3thr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cjdgfl17yuwyk97cb2q1sj3thr|03|biz"; nocase; ) # 6g9yup1w3azznk0if4w1kzvksj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6g9yup1w3azznk0if4w1kzvksj|03|com"; nocase; ) # 1abu5qyitk2e51ycg5et4p4c83.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1abu5qyitk2e51ycg5et4p4c83|03|biz"; nocase; ) # bt5xdj1cpyg98fc3ckyjq0qi4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bt5xdj1cpyg98fc3ckyjq0qi4|03|com"; nocase; ) # 1djclv11anu3ne12u8y5y2ogme.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1djclv11anu3ne12u8y5y2ogme|03|net"; nocase; ) # 12gdtu21rh9jxu7p0uft1jzagyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12gdtu21rh9jxu7p0uft1jzagyj|03|com"; nocase; ) # 18hrazi38l5m10qzmqg1f0lsqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18hrazi38l5m10qzmqg1f0lsqc|03|biz"; nocase; ) # rh9d0k7z2an5xo68sjjy8mdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rh9d0k7z2an5xo68sjjy8mdo|03|com"; nocase; ) # 6zrhmc1udgpyf1p117lj1silrpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6zrhmc1udgpyf1p117lj1silrpx|03|biz"; nocase; ) # 1ws6k51we2gkre1blju1u8gbqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ws6k51we2gkre1blju1u8gbqh|03|com"; nocase; ) # 1qh8g9d1pcj1khi6q7s30g4s3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qh8g9d1pcj1khi6q7s30g4s3|03|com"; nocase; ) # km10813uu91adjv6qc1mopl19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|km10813uu91adjv6qc1mopl19|03|com"; nocase; ) # pqxmbtqujvdeu9x23od9u86a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pqxmbtqujvdeu9x23od9u86a|03|biz"; nocase; ) # 1b6m35u1pgwrg921spliyna0fj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b6m35u1pgwrg921spliyna0fj|03|org"; nocase; ) # l0iz57vjmtja8w5ja18luze0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l0iz57vjmtja8w5ja18luze0|03|org"; nocase; ) # l59edp1v4o43c1y16ugv17g8vp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l59edp1v4o43c1y16ugv17g8vp6|03|net"; nocase; ) # y27caw1g8pgnq13bmifu1yurivb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y27caw1g8pgnq13bmifu1yurivb|03|biz"; nocase; ) # ax8ra11ks3ljj427k7h160zo3h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ax8ra11ks3ljj427k7h160zo3h|03|com"; nocase; ) # gdv9jt1jkcmas11gb1jp1of8fkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gdv9jt1jkcmas11gb1jp1of8fkp|03|org"; nocase; ) # q6q58nptnazld7o0qii5grdw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q6q58nptnazld7o0qii5grdw|03|biz"; nocase; ) # feu7df1aqdszg1l3uq7m1pjadu6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|feu7df1aqdszg1l3uq7m1pjadu6|03|net"; nocase; ) # 150iy9o96sd2edsh8z1oe283s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|150iy9o96sd2edsh8z1oe283s|03|com"; nocase; ) # 1rsv8t387ei3u152jid4o3kbwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rsv8t387ei3u152jid4o3kbwt|03|org"; nocase; ) # 10z89vt1444w8h24qzwa1vg1s8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10z89vt1444w8h24qzwa1vg1s8r|03|net"; nocase; ) # 1n1fdaq1r2zvk8rj5tff3yh6ar.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1fdaq1r2zvk8rj5tff3yh6ar|03|org"; nocase; ) # 6t5v1719ndzrkn85ygvxc4nbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6t5v1719ndzrkn85ygvxc4nbq|03|biz"; nocase; ) # 1v3o4d3gf4n2jw12uccztcwxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v3o4d3gf4n2jw12uccztcwxs|03|net"; nocase; ) # i24r23tkud7g1sxp1b21cjvc4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i24r23tkud7g1sxp1b21cjvc4f|03|net"; nocase; ) # 1mlwbi31w5l9nyyimlhstnojo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mlwbi31w5l9nyyimlhstnojo|03|org"; nocase; ) # ji1q12j93v3qypqv731fa0ufv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ji1q12j93v3qypqv731fa0ufv|03|org"; nocase; ) # 11noghcdm9skp1i0arg71qegf7p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11noghcdm9skp1i0arg71qegf7p|03|net"; nocase; ) # 1chx8q311742skp57ersmgiujo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1chx8q311742skp57ersmgiujo|03|net"; nocase; ) # 1cmku9s345pjfdmc97ahu25d1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cmku9s345pjfdmc97ahu25d1|03|net"; nocase; ) # 125cvep1h1jubq1dvupqv1an44zt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|125cvep1h1jubq1dvupqv1an44zt|03|net"; nocase; ) # 1hckcbp9bcfmb1ena35bfkmynb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hckcbp9bcfmb1ena35bfkmynb|03|biz"; nocase; ) # 1y4d1n81mzbrfr1usnlqti11ukh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4d1n81mzbrfr1usnlqti11ukh|03|com"; nocase; ) # 1ebx5cmradik7gwhbq3hj5puj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ebx5cmradik7gwhbq3hj5puj|03|net"; nocase; ) # 1haxygc9c1tq312qzj4g1f1mbtd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1haxygc9c1tq312qzj4g1f1mbtd|03|com"; nocase; ) # 1nd6at8ay0tu8s8mnqz71aqip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nd6at8ay0tu8s8mnqz71aqip|03|net"; nocase; ) # 18terly1rl6uey5jbbxt1rs5aqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18terly1rl6uey5jbbxt1rs5aqj|03|net"; nocase; ) # dwpr1v1c3yr631yu23401hzypat.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dwpr1v1c3yr631yu23401hzypat|03|org"; nocase; ) # 2k2okb1rcb1xdaemrh51biilii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2k2okb1rcb1xdaemrh51biilii|03|net"; nocase; ) # 1uq1sbjp94bzh5c17dw9ojzln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uq1sbjp94bzh5c17dw9ojzln|03|org"; nocase; ) # y97vpre6088s16y30sh18g4tzx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y97vpre6088s16y30sh18g4tzx|03|com"; nocase; ) # 1njf5021uziia6hk8thhqhqvst.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1njf5021uziia6hk8thhqhqvst|03|org"; nocase; ) # 15q1pn0n497s24owlxw148q885.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15q1pn0n497s24owlxw148q885|03|net"; nocase; ) # 4919hiz8v17q1yeeygf1ee3icy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4919hiz8v17q1yeeygf1ee3icy|03|com"; nocase; ) # 76omu516ocrb5newj1w8v4s5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|76omu516ocrb5newj1w8v4s5|03|biz"; nocase; ) # d60j08g90qej57q4je3uzzbd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d60j08g90qej57q4je3uzzbd|03|biz"; nocase; ) # 1lt1pw3hp56im144ypa41pptgvl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lt1pw3hp56im144ypa41pptgvl|03|org"; nocase; ) # 1j2ld1i9xd2lq164k9n41sliyx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j2ld1i9xd2lq164k9n41sliyx6|03|biz"; nocase; ) # 1mdlq7ve3pbgt1u6xuso1sk3eyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mdlq7ve3pbgt1u6xuso1sk3eyp|03|com"; nocase; ) # 1vwswylg7cjlxh2yj4vqq64af.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vwswylg7cjlxh2yj4vqq64af|03|net"; nocase; ) # 1mnf9lh5ud4e6a0exeob4vxz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1mnf9lh5ud4e6a0exeob4vxz|03|org"; nocase; ) # 1i2owga1qi382d6pfahwiy35he.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i2owga1qi382d6pfahwiy35he|03|com"; nocase; ) # 1s9s6e3spijsny2c6071cy0a0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s9s6e3spijsny2c6071cy0a0i|03|net"; nocase; ) # 1ioe0qt1yivdoj5s4mud4foevs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ioe0qt1yivdoj5s4mud4foevs|03|org"; nocase; ) # mov6ec1qns09wrdf5841bmrpq3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mov6ec1qns09wrdf5841bmrpq3|03|biz"; nocase; ) # vhwob4t29dyw12y849r16jlk88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vhwob4t29dyw12y849r16jlk88|03|org"; nocase; ) # ze57591b08g4xaaaatxj945j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ze57591b08g4xaaaatxj945j|03|com"; nocase; ) # eww9jx1yz8g1x1247v94ptejgw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eww9jx1yz8g1x1247v94ptejgw|03|org"; nocase; ) # 43gwpl1botop2e4vkof1jzkdle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|43gwpl1botop2e4vkof1jzkdle|03|net"; nocase; ) # 1d2ivojizray2wpisbcxt1xfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d2ivojizray2wpisbcxt1xfj|03|com"; nocase; ) # a1utzi1emyh6v1aw1o3i1vczhav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a1utzi1emyh6v1aw1o3i1vczhav|03|com"; nocase; ) # prvl26pqgn9m1yxvz21jz2v3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|prvl26pqgn9m1yxvz21jz2v3m|03|org"; nocase; ) # 18xxwuq1o5z3cs13rs4wnpaup3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18xxwuq1o5z3cs13rs4wnpaup3f|03|com"; nocase; ) # 1cg9luy1v0dx28qs2tusntg8nv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cg9luy1v0dx28qs2tusntg8nv|03|biz"; nocase; ) # 15bfkda1m784xjg9e5qxo81rhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15bfkda1m784xjg9e5qxo81rhi|03|org"; nocase; ) # 92yfjpcv8mr5wxwkpt1e833p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|92yfjpcv8mr5wxwkpt1e833p|03|net"; nocase; ) # mmkzmd1r16ejw1r4ykkjw0p7tf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mmkzmd1r16ejw1r4ykkjw0p7tf|03|com"; nocase; ) # uw6ne26y2xq1ja3rzr1qnwr7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uw6ne26y2xq1ja3rzr1qnwr7h|03|com"; nocase; ) # 1ata57z9ghhxfwsab3i1qhsk9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ata57z9ghhxfwsab3i1qhsk9r|03|net"; nocase; ) # 1g66j51z2f5jd1stjcttv5z9mw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g66j51z2f5jd1stjcttv5z9mw|03|net"; nocase; ) # 8cldgi1sxvcsr10y8zadqtohc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8cldgi1sxvcsr10y8zadqtohc6|03|org"; nocase; ) # 1lhtmu71b51mwl1o2w69m1ut2i7h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lhtmu71b51mwl1o2w69m1ut2i7h|03|net"; nocase; ) # 1295bjz1j2o988k1kwfu3jgw8j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1295bjz1j2o988k1kwfu3jgw8j|03|com"; nocase; ) # yrfthebtm6i71tz0bif1mevhy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yrfthebtm6i71tz0bif1mevhy|03|net"; nocase; ) # 13qyzpa1blprd51345c1m1bfmxqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13qyzpa1blprd51345c1m1bfmxqn|03|org"; nocase; ) # bqmlbwyo08ac17u59kx1k8inpr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bqmlbwyo08ac17u59kx1k8inpr|03|net"; nocase; ) # 5fhhoiac1ket1ilkxxx9w16ai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fhhoiac1ket1ilkxxx9w16ai|03|com"; nocase; ) # 1jfaer91gf9m07147tszoqmjcxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfaer91gf9m07147tszoqmjcxq|03|net"; nocase; ) # dpfmm7sjb28y1765ojjn0p4wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dpfmm7sjb28y1765ojjn0p4wz|03|com"; nocase; ) # 1x2pp4uc9xt4no77pwh18ezik7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x2pp4uc9xt4no77pwh18ezik7|03|net"; nocase; ) # 1pyfgb61hcbkkwycvh001p3q4nc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pyfgb61hcbkkwycvh001p3q4nc|03|org"; nocase; ) # 17l6c7n1rra4tbjk5u0ty4hwho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17l6c7n1rra4tbjk5u0ty4hwho|03|net"; nocase; ) # 12uhnvpd81p0r4h2b7ktahp70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12uhnvpd81p0r4h2b7ktahp70|03|org"; nocase; ) # 1hdzp6w1na8nte1roofe9bcs0em.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hdzp6w1na8nte1roofe9bcs0em|03|com"; nocase; ) # z7i5bv1mfqyg319ok0xjp7cj9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7i5bv1mfqyg319ok0xjp7cj9e|03|biz"; nocase; ) # m2gmm510xgv271292fud1lac5sz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m2gmm510xgv271292fud1lac5sz|03|com"; nocase; ) # clzi0w16yi1mh1conb7cud1ztv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|clzi0w16yi1mh1conb7cud1ztv|03|org"; nocase; ) # y7jlou1866thf1h2su08v1vr5w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y7jlou1866thf1h2su08v1vr5w|03|org"; nocase; ) # av8sl812qr29xro8j7z1p4w1nr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|av8sl812qr29xro8j7z1p4w1nr|03|com"; nocase; ) # 16y8vj51ufvp702qan2y1w1lvu0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16y8vj51ufvp702qan2y1w1lvu0|03|org"; nocase; ) # 1n8t1o3yc4jyqbbw1r1kelqdr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n8t1o3yc4jyqbbw1r1kelqdr|03|org"; nocase; ) # sn83tv1ckidb31p1piva1cp8bp5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sn83tv1ckidb31p1piva1cp8bp5|03|com"; nocase; ) # 1mxz6muu3q688j024wm9sd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|1mxz6muu3q688j024wm9sd|03|org"; nocase; ) # blcarw158wbtr1j9xwor1g82kik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|blcarw158wbtr1j9xwor1g82kik|03|net"; nocase; ) # 1ttkin3fw5u0z58iia11qepi66.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttkin3fw5u0z58iia11qepi66|03|com"; nocase; ) # qabicf2fvb87tmlguxyf8okx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qabicf2fvb87tmlguxyf8okx|03|biz"; nocase; ) # 12lb5sv86h4ui1mxah28cp5gge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12lb5sv86h4ui1mxah28cp5gge|03|com"; nocase; ) # 1boyhfv1u7ho1j8v6gel1e8x6fs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1boyhfv1u7ho1j8v6gel1e8x6fs|03|org"; nocase; ) # fznsos18atlqx5eeggjacmk49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fznsos18atlqx5eeggjacmk49|03|net"; nocase; ) # hcucf8plo6f95azsqncppt9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hcucf8plo6f95azsqncppt9f|03|net"; nocase; ) # v0vi362j5duajhf47s16ja120.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0vi362j5duajhf47s16ja120|03|net"; nocase; ) # 1ojazqx1cswceq1rb0lmm1tthxry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ojazqx1cswceq1rb0lmm1tthxry|03|org"; nocase; ) # quxtfl1vcotvxeesviti7ld4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|quxtfl1vcotvxeesviti7ld4a|03|net"; nocase; ) # abw9ti1qhn63ek8xluhjbn3q2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abw9ti1qhn63ek8xluhjbn3q2|03|com"; nocase; ) # 1u7h6pp13gdqvtynj32v273mkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u7h6pp13gdqvtynj32v273mkm|03|com"; nocase; ) # 1o9d8kflksp7i1e6vtxb1ptc8pc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o9d8kflksp7i1e6vtxb1ptc8pc|03|biz"; nocase; ) # 1o7be66t2ybctrizizb15xrz2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7be66t2ybctrizizb15xrz2z|03|net"; nocase; ) # fkcmnn1see2mxq7uium1lc2rti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fkcmnn1see2mxq7uium1lc2rti|03|net"; nocase; ) # 1da1p3311q1tj313sy6wi5j8iyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1da1p3311q1tj313sy6wi5j8iyi|03|com"; nocase; ) # 6nnp78xo9eclqbd8w61ul8c1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6nnp78xo9eclqbd8w61ul8c1g|03|com"; nocase; ) # 1ky1ied1umew201pyknidhhs2m5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ky1ied1umew201pyknidhhs2m5|03|net"; nocase; ) # 1y3dszme4hwq341su4u1fl0y97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y3dszme4hwq341su4u1fl0y97|03|org"; nocase; ) # 1j17h34kkk0b9150sh4217qh317.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j17h34kkk0b9150sh4217qh317|03|com"; nocase; ) # 1nfp4ucaoj6g04p6xwc123cili.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nfp4ucaoj6g04p6xwc123cili|03|biz"; nocase; ) # 12vd0ep56k3kz1od3yog1bke1gp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12vd0ep56k3kz1od3yog1bke1gp|03|net"; nocase; ) # calf5l1o5p09rsu1xm51ar7d71.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|calf5l1o5p09rsu1xm51ar7d71|03|org"; nocase; ) # rp9sbsnshz3u1enickx1gd74t5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rp9sbsnshz3u1enickx1gd74t5|03|biz"; nocase; ) # uv21gs1nxbcp6grl99ujxq1v7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uv21gs1nxbcp6grl99ujxq1v7|03|net"; nocase; ) # 1gqtsen1x4cqgv1k4lcll1hvn6dl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gqtsen1x4cqgv1k4lcll1hvn6dl|03|net"; nocase; ) # 1niw1v416x5cn676dnalpij78k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1niw1v416x5cn676dnalpij78k|03|net"; nocase; ) # 1xo0wm2m26pj21u8btuf1mic8mz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xo0wm2m26pj21u8btuf1mic8mz|03|com"; nocase; ) # 1ikybqr5263731rvinlmn2rfo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ikybqr5263731rvinlmn2rfo|03|biz"; nocase; ) # 5odtuj137w2guzobxoi1xgcwlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5odtuj137w2guzobxoi1xgcwlx|03|org"; nocase; ) # 1qwwab01x73p641skos072r09if.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwwab01x73p641skos072r09if|03|net"; nocase; ) # po3vbfo4nl7614lefvluztgtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|po3vbfo4nl7614lefvluztgtt|03|net"; nocase; ) # 177naoy1v1xkb1a8w4rfmvs1sl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|177naoy1v1xkb1a8w4rfmvs1sl|03|biz"; nocase; ) # z285231ykf00hpxom7q816btq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z285231ykf00hpxom7q816btq|03|com"; nocase; ) # tl2bwzza5vbgsrwfc9cefd59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tl2bwzza5vbgsrwfc9cefd59|03|com"; nocase; ) # 1jdbugz19nu0jktaciyr4izz8o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jdbugz19nu0jktaciyr4izz8o|03|biz"; nocase; ) # 15ubb4m18f0g2fgyln72l3k4zq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ubb4m18f0g2fgyln72l3k4zq|03|net"; nocase; ) # 10etus7jalumd12iqcazb78w52.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10etus7jalumd12iqcazb78w52|03|com"; nocase; ) # zgk0u61szdjq81tfx8693gnnsd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zgk0u61szdjq81tfx8693gnnsd|03|com"; nocase; ) # 11341ud3yyrxs3o01vgky8dc2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11341ud3yyrxs3o01vgky8dc2|03|org"; nocase; ) # 1i9egb51015cif1xs856xzhjn9n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i9egb51015cif1xs856xzhjn9n|03|net"; nocase; ) # 11lg44qndqd03u3g1u5117vhdy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11lg44qndqd03u3g1u5117vhdy|03|org"; nocase; ) # 1xfcqii1pull2u17czuc0gojkb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xfcqii1pull2u17czuc0gojkb|03|net"; nocase; ) # nvyr0o1ec475b3s9g001gsqq4i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nvyr0o1ec475b3s9g001gsqq4i|03|biz"; nocase; ) # 1otjcnj8vgory1snkhnd14tisb7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1otjcnj8vgory1snkhnd14tisb7|03|com"; nocase; ) # bxzh4r1vaoolq5ov1tpu8fjgv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bxzh4r1vaoolq5ov1tpu8fjgv|03|net"; nocase; ) # fplpl31d1ebg9ahws4b12ypndt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fplpl31d1ebg9ahws4b12ypndt|03|org"; nocase; ) # 4lchaa1klbei211i78142z2hud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4lchaa1klbei211i78142z2hud|03|com"; nocase; ) # 1qd1cei16irown1yvh0x1zb0ovv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qd1cei16irown1yvh0x1zb0ovv|03|net"; nocase; ) # 179w7z1162kkscdm759m1q4srm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|179w7z1162kkscdm759m1q4srm6|03|net"; nocase; ) # j1gq371xlumb719u3c2z1sje5gh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j1gq371xlumb719u3c2z1sje5gh|03|com"; nocase; ) # 1rxbxlt1po82i912l8t7p1yuh0ga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rxbxlt1po82i912l8t7p1yuh0ga|03|com"; nocase; ) # ysrk7k1crea5oz4zmg51f95dyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ysrk7k1crea5oz4zmg51f95dyz|03|com"; nocase; ) # 1sc4acwif2e7h11lwpin1ji11mk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sc4acwif2e7h11lwpin1ji11mk|03|com"; nocase; ) # 1ylewme1gmqzjt18wb39o16cfo9k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ylewme1gmqzjt18wb39o16cfo9k|03|com"; nocase; ) # vk9jarevmfijt8enad1e0c23v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vk9jarevmfijt8enad1e0c23v|03|biz"; nocase; ) # 19gzihx1arkjwt166bvq61eh3kny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19gzihx1arkjwt166bvq61eh3kny|03|biz"; nocase; ) # 5ey05f1al4xxab7x1sx1vtdudo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ey05f1al4xxab7x1sx1vtdudo|03|net"; nocase; ) # q4jgbxrotaov1o7ovv717epifu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q4jgbxrotaov1o7ovv717epifu|03|org"; nocase; ) # 10yx0l8khe0ot15hql4a1p8gbp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10yx0l8khe0ot15hql4a1p8gbp|03|biz"; nocase; ) # 1ctk1m314eu3iieehfp71daozet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ctk1m314eu3iieehfp71daozet|03|biz"; nocase; ) # uoko6i147fbgx1jvsjif1qeuynf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uoko6i147fbgx1jvsjif1qeuynf|03|biz"; nocase; ) # vp5902p5gkxwqqptx316zoxwo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vp5902p5gkxwqqptx316zoxwo|03|net"; nocase; ) # fxkfl3axue0ddbzjdjn5lr8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fxkfl3axue0ddbzjdjn5lr8d|03|biz"; nocase; ) # q3uwhq1hf5w82wap5ftyg7b9a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q3uwhq1hf5w82wap5ftyg7b9a|03|biz"; nocase; ) # 1d8idymscz3aa165hfg2tzvei8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d8idymscz3aa165hfg2tzvei8|03|net"; nocase; ) # 143xiy15vaj1u73vmnl1cylcdl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|143xiy15vaj1u73vmnl1cylcdl|03|net"; nocase; ) # 1t4f850cvyo3f19h54bj9mnlge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t4f850cvyo3f19h54bj9mnlge|03|biz"; nocase; ) # 1qqgdv3zm2vzx1h6lhh510b24ne.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qqgdv3zm2vzx1h6lhh510b24ne|03|net"; nocase; ) # e2m1bo1uwr5861sv2xu21prb519.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e2m1bo1uwr5861sv2xu21prb519|03|biz"; nocase; ) # 1nq8ewt1nu7lp71ivmiu21emp53g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nq8ewt1nu7lp71ivmiu21emp53g|03|org"; nocase; ) # 1r9xkob1j45ezv1iwd1tj7b2jcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9xkob1j45ezv1iwd1tj7b2jcx|03|org"; nocase; ) # 13e4ee81yqt2bj1cc7mvd1ylfd1z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13e4ee81yqt2bj1cc7mvd1ylfd1z|03|biz"; nocase; ) # 13xr7iflcysr81vbvfi1m0ieca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13xr7iflcysr81vbvfi1m0ieca|03|net"; nocase; ) # 7ywac012swcmhczximh1cu7nub.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ywac012swcmhczximh1cu7nub|03|biz"; nocase; ) # 16ey3ftyfy4s57ya7vwllsxv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|16ey3ftyfy4s57ya7vwllsxv|03|org"; nocase; ) # noqbd0si68jmv0e8uq1xk4eus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|noqbd0si68jmv0e8uq1xk4eus|03|net"; nocase; ) # 13j9tnb1hwebb5y8i47k1c4sw3b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13j9tnb1hwebb5y8i47k1c4sw3b|03|net"; nocase; ) # 1qdviqy1pagk3j1pqoz385e1l7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdviqy1pagk3j1pqoz385e1l7y|03|org"; nocase; ) # 4tinji1djq1w1ksqbeoevozaa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4tinji1djq1w1ksqbeoevozaa|03|biz"; nocase; ) # lovx761u14l27spfzep10ooq3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lovx761u14l27spfzep10ooq3i|03|com"; nocase; ) # ki6oaujvxa46aeo1u314dk71b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ki6oaujvxa46aeo1u314dk71b|03|com"; nocase; ) # tbr78kvvz3cm16ii4eab1nst3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tbr78kvvz3cm16ii4eab1nst3|03|biz"; nocase; ) # 1t4mtfkb0himh1pp93vrfglxya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t4mtfkb0himh1pp93vrfglxya|03|net"; nocase; ) # nur2rg1xyevn7q5pwbp1wlmivs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nur2rg1xyevn7q5pwbp1wlmivs|03|org"; nocase; ) # khp40mcdzmi5kwze93153stmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|khp40mcdzmi5kwze93153stmk|03|org"; nocase; ) # 3g1gayb2ys94852jobylhrz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3g1gayb2ys94852jobylhrz3|03|com"; nocase; ) # gchupfkcmoo1sk0zxt1nqyhf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gchupfkcmoo1sk0zxt1nqyhf|03|org"; nocase; ) # 1deinl91rp8i3yf2pc39rtd0wa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1deinl91rp8i3yf2pc39rtd0wa|03|net"; nocase; ) # 1fjpe4ijeg64jy6mo6m1oe3wtv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fjpe4ijeg64jy6mo6m1oe3wtv|03|com"; nocase; ) # 1o5grpj1nzuimvkmupdb1hij7ly.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o5grpj1nzuimvkmupdb1hij7ly|03|biz"; nocase; ) # rlbd0h1r6h97r918jr8pu8rld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rlbd0h1r6h97r918jr8pu8rld|03|org"; nocase; ) # 14rlzjqj7hzmdj2pdt3hkxnb9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14rlzjqj7hzmdj2pdt3hkxnb9|03|com"; nocase; ) # p42q78d1ym1t19ume9r1an0ziv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p42q78d1ym1t19ume9r1an0ziv|03|biz"; nocase; ) # 82oy5o9m5uujcd91mw1pxesm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|82oy5o9m5uujcd91mw1pxesm|03|net"; nocase; ) # 1y0nt9199tod41neic3wpmwvxb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y0nt9199tod41neic3wpmwvxb|03|net"; nocase; ) # fzlgy16j2axb1saweaht9l9dz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzlgy16j2axb1saweaht9l9dz|03|com"; nocase; ) # zh9deo1ie80eu5ofi3mevs1nb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zh9deo1ie80eu5ofi3mevs1nb|03|net"; nocase; ) # hqvrda1l54w1s8cbne613c38p4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hqvrda1l54w1s8cbne613c38p4|03|net"; nocase; ) # 14y52af7j7aiu1dfjzvs1do9ob7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14y52af7j7aiu1dfjzvs1do9ob7|03|org"; nocase; ) # 113wulr1nq9lm3ce6fx8qq189h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|113wulr1nq9lm3ce6fx8qq189h|03|biz"; nocase; ) # 1vh3t9q1etemwb1o22oc11ktvu1j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vh3t9q1etemwb1o22oc11ktvu1j|03|org"; nocase; ) # 1m09u9117iinjzj3jq516ql8eg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m09u9117iinjzj3jq516ql8eg|03|net"; nocase; ) # 1lekhveuaqcli9yti1d1fw82oa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lekhveuaqcli9yti1d1fw82oa|03|org"; nocase; ) # cnhzqq11igg8y87lma417uown9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cnhzqq11igg8y87lma417uown9|03|net"; nocase; ) # 1nn4kd81t6bi1k4hnelh4yjqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nn4kd81t6bi1k4hnelh4yjqu|03|com"; nocase; ) # 11c7d2r1krp6mt1el508k5qst6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11c7d2r1krp6mt1el508k5qst6x|03|org"; nocase; ) # 1ys5kpt9q87a4fxfb121iarg9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ys5kpt9q87a4fxfb121iarg9|03|com"; nocase; ) # 1bicxrk1vclff61favli9hu1qqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bicxrk1vclff61favli9hu1qqb|03|net"; nocase; ) # q5byer1bu02p7183h2trl6ngp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q5byer1bu02p7183h2trl6ngp|03|net"; nocase; ) # 12rvgz31ygd9mi100v4meq2u0ir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12rvgz31ygd9mi100v4meq2u0ir|03|org"; nocase; ) # 10jvrfq139pbbt5yc9um1s3mriz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10jvrfq139pbbt5yc9um1s3mriz|03|net"; nocase; ) # ak1qy5e9ol07rwc42u19mhzkd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ak1qy5e9ol07rwc42u19mhzkd|03|biz"; nocase; ) # piq63g1inwnm13t7v701qjnyrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|piq63g1inwnm13t7v701qjnyrk|03|net"; nocase; ) # 1amiqyggcrlv1r9qcpv1g6oc5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1amiqyggcrlv1r9qcpv1g6oc5b|03|biz"; nocase; ) # f1916r6o6olw1lblh8h1wb99x8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1916r6o6olw1lblh8h1wb99x8|03|com"; nocase; ) # 1jq6i6luiir3h1iklvy41klbd9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jq6i6luiir3h1iklvy41klbd9r|03|org"; nocase; ) # bd7in51e91e5boqj4bdltuh3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bd7in51e91e5boqj4bdltuh3m|03|net"; nocase; ) # 164rcxjuzgkbq9yxuaj2wsort.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|164rcxjuzgkbq9yxuaj2wsort|03|org"; nocase; ) # 10xruwd1cpl2yo1npadse4wkea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xruwd1cpl2yo1npadse4wkea|03|org"; nocase; ) # 1juwbz119dzuzjg5dc5k1vap23d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1juwbz119dzuzjg5dc5k1vap23d|03|net"; nocase; ) # 1u4rcn11yr9fo71fiyilawrg8nr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u4rcn11yr9fo71fiyilawrg8nr|03|org"; nocase; ) # 1ing6gz11zlkr91iuwl9c1e4vfud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ing6gz11zlkr91iuwl9c1e4vfud|03|biz"; nocase; ) # 1vh7hyv18xmm1t1ta7p7j4rqtwm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vh7hyv18xmm1t1ta7p7j4rqtwm|03|com"; nocase; ) # 1h0w3wohf6gouhrtxfs1kecpie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h0w3wohf6gouhrtxfs1kecpie|03|org"; nocase; ) # 18n82rw1ygmwc014vxuz1srek98.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18n82rw1ygmwc014vxuz1srek98|03|org"; nocase; ) # 1dassm513af6ou19jq0ozl7ekiv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dassm513af6ou19jq0ozl7ekiv|03|biz"; nocase; ) # 2i29ufgtpel9190y5px6xos0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2i29ufgtpel9190y5px6xos0d|03|org"; nocase; ) # 14u52aub8vu1qztomn51k5558x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14u52aub8vu1qztomn51k5558x|03|net"; nocase; ) # hpfrm7ruujx1107st8yv74vto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hpfrm7ruujx1107st8yv74vto|03|biz"; nocase; ) # i0efdxjmkjphig72cf1xhxhz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i0efdxjmkjphig72cf1xhxhz0|03|org"; nocase; ) # e351ge107452apk6b15119qbq0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e351ge107452apk6b15119qbq0|03|org"; nocase; ) # 1n34jb5al1isu10ktrxcrkwl0a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n34jb5al1isu10ktrxcrkwl0a|03|com"; nocase; ) # dk7tc31t2wm3cphb3udi1uuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dk7tc31t2wm3cphb3udi1uuz|03|com"; nocase; ) # blhrln17emuc51r7pxqodtl537.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|blhrln17emuc51r7pxqodtl537|03|biz"; nocase; ) # 7rzh9b1dtg22rmd8bjarqkldc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rzh9b1dtg22rmd8bjarqkldc|03|net"; nocase; ) # 1ozzidh1bwkornb0u3781g33x2s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ozzidh1bwkornb0u3781g33x2s|03|org"; nocase; ) # 1jypadr1r1k8zkt2evzh1ej07y2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jypadr1r1k8zkt2evzh1ej07y2|03|net"; nocase; ) # ssapkmp8sg1wcr0pxc1ms65j9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssapkmp8sg1wcr0pxc1ms65j9|03|biz"; nocase; ) # 1wxcxvr2nxz2e3tb0jq24nli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wxcxvr2nxz2e3tb0jq24nli|03|org"; nocase; ) # 1nir62i1j09nd7uoske01pota1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nir62i1j09nd7uoske01pota1g|03|biz"; nocase; ) # 8m728v55ox516qmjr1i7fzto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8m728v55ox516qmjr1i7fzto|03|com"; nocase; ) # 1t3eo67khrt9cy01w3uawigta.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t3eo67khrt9cy01w3uawigta|03|biz"; nocase; ) # zphqr9i4uvm7xd4vwu1bcidn8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zphqr9i4uvm7xd4vwu1bcidn8|03|biz"; nocase; ) # f7vu881fnymn0dugddp1dlslbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7vu881fnymn0dugddp1dlslbv|03|net"; nocase; ) # c62zv31qe39po73gg3q1gmkpg8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c62zv31qe39po73gg3q1gmkpg8|03|biz"; nocase; ) # 1bzxfkvseqn7nsuoujn3jblwv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bzxfkvseqn7nsuoujn3jblwv|03|com"; nocase; ) # w1fy2154detc1hh9zhu1vewxfk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w1fy2154detc1hh9zhu1vewxfk|03|biz"; nocase; ) # 167urxs1ts37i5s5bdjjw5hvoj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|167urxs1ts37i5s5bdjjw5hvoj|03|com"; nocase; ) # 1rsk4qy1llfver11f2x6p1sg7qea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rsk4qy1llfver11f2x6p1sg7qea|03|biz"; nocase; ) # 1fsdd0i143r98yp4haf45i6laj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fsdd0i143r98yp4haf45i6laj|03|org"; nocase; ) # 17ezux41mblwn3xqvkr31tpxygu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ezux41mblwn3xqvkr31tpxygu|03|com"; nocase; ) # w4ktofdl2flu80dqpf3xkj0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w4ktofdl2flu80dqpf3xkj0p|03|net"; nocase; ) # kwnb8j3tb3k3jvmi2owrispa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kwnb8j3tb3k3jvmi2owrispa|03|net"; nocase; ) # 1ar2iul1y96son6d85zqpvfqid.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ar2iul1y96son6d85zqpvfqid|03|org"; nocase; ) # n46uqh130ere4143f08o1ae804g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n46uqh130ere4143f08o1ae804g|03|com"; nocase; ) # k5lfet1i8w9ux1jpy9yt1pj2fyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k5lfet1i8w9ux1jpy9yt1pj2fyq|03|com"; nocase; ) # 1updiz5ldled8xxqb2vwtbrb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1updiz5ldled8xxqb2vwtbrb4|03|net"; nocase; ) # 129tou36g9wgl1hezmrz14itxeo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129tou36g9wgl1hezmrz14itxeo|03|biz"; nocase; ) # 1e3xqw91v031ofpivb9n1fea2jv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3xqw91v031ofpivb9n1fea2jv|03|net"; nocase; ) # 2jecul17yts4f1amveun19iuuts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2jecul17yts4f1amveun19iuuts|03|org"; nocase; ) # zql7xaosr5wxukuqm61riua3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zql7xaosr5wxukuqm61riua3|03|com"; nocase; ) # vrqp9j12sg0dcwj3e4l12jut4u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vrqp9j12sg0dcwj3e4l12jut4u|03|org"; nocase; ) # 505i9s4alei4srys1e14qcizg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|505i9s4alei4srys1e14qcizg|03|net"; nocase; ) # 5mzpaz1du4lbj1gja110snz2fs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5mzpaz1du4lbj1gja110snz2fs|03|com"; nocase; ) # 1k2jn7w1zedlba2fhttlgbspp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k2jn7w1zedlba2fhttlgbspp|03|org"; nocase; ) # 60wtp18kb3cv1nfctrw1tguya5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|60wtp18kb3cv1nfctrw1tguya5|03|com"; nocase; ) # wgcaum16emsuo7xcft8faro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|wgcaum16emsuo7xcft8faro|03|org"; nocase; ) # pcaxp21gnc1daihc1hm7d2uqa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pcaxp21gnc1daihc1hm7d2uqa|03|com"; nocase; ) # 11q3vyu1ozx14k71qn11yz026.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11q3vyu1ozx14k71qn11yz026|03|com"; nocase; ) # 155u8s311zgtpyk6q4i51ypdij6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|155u8s311zgtpyk6q4i51ypdij6|03|biz"; nocase; ) # a21qtp1iypv2e15uqmiu1x68yco.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a21qtp1iypv2e15uqmiu1x68yco|03|biz"; nocase; ) # 9le4ltifb5veyvgdcmyuktyu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9le4ltifb5veyvgdcmyuktyu|03|org"; nocase; ) # iqmynol15fsq6x21me111qtn1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iqmynol15fsq6x21me111qtn1|03|com"; nocase; ) # 10zy8xxvj87vr1uqhqnj7o95mk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10zy8xxvj87vr1uqhqnj7o95mk|03|org"; nocase; ) # 1ncyx8bdz25231ho3ogv66irpd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ncyx8bdz25231ho3ogv66irpd|03|net"; nocase; ) # 34x4v8oqvmpo12ju4yy1xnqgg5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|34x4v8oqvmpo12ju4yy1xnqgg5|03|com"; nocase; ) # 12agwcyxyemld9nfjypayrsqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12agwcyxyemld9nfjypayrsqk|03|org"; nocase; ) # 1mqply31kbupffbwvw2qet9172.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqply31kbupffbwvw2qet9172|03|org"; nocase; ) # me0j731doccqc1gorkgm16omg92.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|me0j731doccqc1gorkgm16omg92|03|biz"; nocase; ) # 1ld4pkjt08pcbuy1tfvt30xp0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ld4pkjt08pcbuy1tfvt30xp0|03|com"; nocase; ) # wggoy0kdr4449iuxon1m13apv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wggoy0kdr4449iuxon1m13apv|03|net"; nocase; ) # 2s0eq91ypq2phvbil6zetvp8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2s0eq91ypq2phvbil6zetvp8v|03|com"; nocase; ) # rlw1ura2kin91qnk8br1s1az1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rlw1ura2kin91qnk8br1s1az1u|03|org"; nocase; ) # vi3jfzmh19yt1xfrnx2ulr8vk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vi3jfzmh19yt1xfrnx2ulr8vk|03|net"; nocase; ) # 8cgehj1wpzwny18khzu57d14fh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8cgehj1wpzwny18khzu57d14fh|03|org"; nocase; ) # 1l0sqo1jjru97ui3pjg1043cts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0sqo1jjru97ui3pjg1043cts|03|net"; nocase; ) # 1w2u3g31pkstbbo1ryam2jq7u9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w2u3g31pkstbbo1ryam2jq7u9|03|biz"; nocase; ) # uo3e3q1vpqojv14mqlfu1kot44q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uo3e3q1vpqojv14mqlfu1kot44q|03|com"; nocase; ) # 3lnkz7hqfxd61ntfdfd1ofji4d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3lnkz7hqfxd61ntfdfd1ofji4d|03|biz"; nocase; ) # 1libtnm2id6hx1uym5ez9ke8jq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1libtnm2id6hx1uym5ez9ke8jq|03|net"; nocase; ) # 7g15bgrq7tv6prfjudvd8om1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7g15bgrq7tv6prfjudvd8om1|03|com"; nocase; ) # 1kpj1577z35dz5aewws1lne4eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpj1577z35dz5aewws1lne4eb|03|net"; nocase; ) # 166cv4e1g1sffw15h9rf3d98s6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|166cv4e1g1sffw15h9rf3d98s6u|03|org"; nocase; ) # oz9b3s1bf7tzlj6kydm54zrxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oz9b3s1bf7tzlj6kydm54zrxv|03|net"; nocase; ) # 1up5jks1627uf01kza80j1abgs40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1up5jks1627uf01kza80j1abgs40|03|org"; nocase; ) # kfi69ms1rkcar7k1kyud8jyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kfi69ms1rkcar7k1kyud8jyc|03|net"; nocase; ) # 1twi780j4vyql2pr14f1y096to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1twi780j4vyql2pr14f1y096to|03|com"; nocase; ) # 1dyeg6e1cbt1lp160qs7vqjf2gy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dyeg6e1cbt1lp160qs7vqjf2gy|03|org"; nocase; ) # 1v40861jsxnqd1n6ncd91wxj8dw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v40861jsxnqd1n6ncd91wxj8dw|03|com"; nocase; ) # 1savn0414gc1s41vkj1vqj2blor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1savn0414gc1s41vkj1vqj2blor|03|net"; nocase; ) # 1ro2jc01up7fb4jii5jo1ykgpzf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ro2jc01up7fb4jii5jo1ykgpzf|03|net"; nocase; ) # 1eulkctrasfenbulhisk79dm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1eulkctrasfenbulhisk79dm|03|net"; nocase; ) # 1st26d2nn30xdhrwiq2z1b99h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1st26d2nn30xdhrwiq2z1b99h|03|biz"; nocase; ) # 1e2qmti1u95d95agm09g9y1cnf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e2qmti1u95d95agm09g9y1cnf|03|net"; nocase; ) # 17hqlk2192cji2ykas1dq54zes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17hqlk2192cji2ykas1dq54zes|03|com"; nocase; ) # 1bukvkycbcpclhrc9oh13fgzrw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bukvkycbcpclhrc9oh13fgzrw|03|org"; nocase; ) # cobm9xn549u1ak2ohz1qaroi4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cobm9xn549u1ak2ohz1qaroi4|03|biz"; nocase; ) # 1ityq2w13wvf7z10zst6r1sg4ghn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ityq2w13wvf7z10zst6r1sg4ghn|03|com"; nocase; ) # ytouek9w7rjls995euhyyhfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ytouek9w7rjls995euhyyhfe|03|biz"; nocase; ) # 5iuiesbyu8u01spl8ic1x7lffr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5iuiesbyu8u01spl8ic1x7lffr|03|net"; nocase; ) # 1rdp1sn9qezg2g46kp314aovdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdp1sn9qezg2g46kp314aovdr|03|com"; nocase; ) # 1gupapcav36qv1ak02a5145cn5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gupapcav36qv1ak02a5145cn5c|03|net"; nocase; ) # rk6qimje7xmfgzsuaspgrxo2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rk6qimje7xmfgzsuaspgrxo2|03|org"; nocase; ) # 1jodmgg1quuuhzen3emqxczqc8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jodmgg1quuuhzen3emqxczqc8|03|biz"; nocase; ) # 4y5rdot68bzu127wak7881826.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4y5rdot68bzu127wak7881826|03|net"; nocase; ) # 17rqavb7s6rji17z99or1sehvye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rqavb7s6rji17z99or1sehvye|03|com"; nocase; ) # 1esnpt23ewolb1u94orh16l1awj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1esnpt23ewolb1u94orh16l1awj|03|net"; nocase; ) # 1pksfqx18wxwv21py1q4u10c2kpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pksfqx18wxwv21py1q4u10c2kpk|03|net"; nocase; ) # vgfdwn775xne3lhgdspyftvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vgfdwn775xne3lhgdspyftvq|03|org"; nocase; ) # 1k5pild1bgwah8oeim0i1x104yh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k5pild1bgwah8oeim0i1x104yh|03|net"; nocase; ) # q2qqa1j31q2u8x22iz1lodyq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2qqa1j31q2u8x22iz1lodyq1|03|net"; nocase; ) # dshr5p4rzqv1m46xwa6i4axh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dshr5p4rzqv1m46xwa6i4axh|03|biz"; nocase; ) # ytw3h5qgfrzb1n6nqkw1ppphkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ytw3h5qgfrzb1n6nqkw1ppphkf|03|net"; nocase; ) # 12srli1y4zj4k1bnkc7n1dzaam6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12srli1y4zj4k1bnkc7n1dzaam6|03|net"; nocase; ) # je57y01n3bczrd67jlgciy1aw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|je57y01n3bczrd67jlgciy1aw|03|org"; nocase; ) # 17xtfk0amq5r51yjmcag1onbfjb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17xtfk0amq5r51yjmcag1onbfjb|03|com"; nocase; ) # 1vhvlwh1gfze8b474rozxas4zh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vhvlwh1gfze8b474rozxas4zh|03|org"; nocase; ) # 1b3cil31isd1irilo9fube09eo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3cil31isd1irilo9fube09eo|03|net"; nocase; ) # 19gjo7n6ygfor18ewbywpwnuz9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19gjo7n6ygfor18ewbywpwnuz9|03|biz"; nocase; ) # 9dbd651rx6u34nd7grpxcvykv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9dbd651rx6u34nd7grpxcvykv|03|net"; nocase; ) # 14otwkmtd17o59f2gi518kem5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14otwkmtd17o59f2gi518kem5i|03|biz"; nocase; ) # 1yokk401o075z71nddrxox5qjtr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yokk401o075z71nddrxox5qjtr|03|biz"; nocase; ) # 1ef57ks7rgt98gyddp1dux431.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ef57ks7rgt98gyddp1dux431|03|org"; nocase; ) # 1p2ruq380ooh19nujvl733dz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p2ruq380ooh19nujvl733dz3|03|com"; nocase; ) # yl83hn137kg8zpdvoj9jleooo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yl83hn137kg8zpdvoj9jleooo|03|org"; nocase; ) # 1whimnh1rq9c5g1ffjmj21pd9jgp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1whimnh1rq9c5g1ffjmj21pd9jgp|03|net"; nocase; ) # xjzrhl1vswxc414u7eqezqhbqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xjzrhl1vswxc414u7eqezqhbqi|03|com"; nocase; ) # pkomfcd0y5d599i1b9mc5wu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pkomfcd0y5d599i1b9mc5wu0|03|net"; nocase; ) # 14k9pg812qgml0cqwd1419u89sx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14k9pg812qgml0cqwd1419u89sx|03|com"; nocase; ) # ds9xmx1gt2lyqtscjpr9o87zt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ds9xmx1gt2lyqtscjpr9o87zt|03|biz"; nocase; ) # 1vzna3u1v5nwzt80hys316bdxxu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vzna3u1v5nwzt80hys316bdxxu|03|org"; nocase; ) # ln0r4bc6bd8y1ok54wp2pf31e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ln0r4bc6bd8y1ok54wp2pf31e|03|net"; nocase; ) # ojkha24rh1z12qg3igow5yad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ojkha24rh1z12qg3igow5yad|03|org"; nocase; ) # 1mzrbvkw2rfzz1sborei1v01mgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mzrbvkw2rfzz1sborei1v01mgh|03|net"; nocase; ) # qqvtrblp516n1cjiy21hun382.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qqvtrblp516n1cjiy21hun382|03|net"; nocase; ) # 1esd8161md7y6kzg0ao11yp2p0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1esd8161md7y6kzg0ao11yp2p0i|03|net"; nocase; ) # 1cwgqbu4khuciz1un3xdgxo21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cwgqbu4khuciz1un3xdgxo21|03|net"; nocase; ) # 6lcguw68okux1ir1zk4o0p9gk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6lcguw68okux1ir1zk4o0p9gk|03|biz"; nocase; ) # 1y0ybgptwi3gtbb6ineidyzzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y0ybgptwi3gtbb6ineidyzzy|03|net"; nocase; ) # phgawu1qv5243tjfqpxyningp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|phgawu1qv5243tjfqpxyningp|03|net"; nocase; ) # fbfpkwzkumqg1x2ttwi1puuubv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fbfpkwzkumqg1x2ttwi1puuubv|03|org"; nocase; ) # 1l5ydgwh5qt47kxegay4pf652.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l5ydgwh5qt47kxegay4pf652|03|net"; nocase; ) # 1ckotlyacya5muvz3ck1tphke9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ckotlyacya5muvz3ck1tphke9|03|net"; nocase; ) # ycqolg1lpogc81or3yzxt4ppdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycqolg1lpogc81or3yzxt4ppdk|03|net"; nocase; ) # 54n6571gh4by311vf4gkllzhk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|54n6571gh4by311vf4gkllzhk9|03|com"; nocase; ) # zl4zydyfm1yyage4qq11k1jcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zl4zydyfm1yyage4qq11k1jcy|03|net"; nocase; ) # 1pv90q11n8rs741r8n77zk2g0xu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pv90q11n8rs741r8n77zk2g0xu|03|biz"; nocase; ) # 11q9z171qrzk9adl6h3ki8p9c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11q9z171qrzk9adl6h3ki8p9c|03|com"; nocase; ) # 1ngqmd5zjr5wnqww0yc1hmjyf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ngqmd5zjr5wnqww0yc1hmjyf2|03|net"; nocase; ) # 146gs6h10g9s7fd5sfbi4ic2vt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146gs6h10g9s7fd5sfbi4ic2vt|03|com"; nocase; ) # i22t7w1dnpri282syvh1xzj252.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i22t7w1dnpri282syvh1xzj252|03|net"; nocase; ) # 4kng6112xezoy373cdm5jliyp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4kng6112xezoy373cdm5jliyp|03|biz"; nocase; ) # ieywxh7itw8h1wugutcioowlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ieywxh7itw8h1wugutcioowlc|03|net"; nocase; ) # 1w9no951jco7ms1h65sb1ihv6nx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w9no951jco7ms1h65sb1ihv6nx|03|net"; nocase; ) # 1nuxu4z10z3j9s1h3chmqz3dj1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nuxu4z10z3j9s1h3chmqz3dj1u|03|org"; nocase; ) # e2w8eb1n9jb9s1awz05fukqm43.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e2w8eb1n9jb9s1awz05fukqm43|03|org"; nocase; ) # 42ofwm1wy2xwll0krnp1ne13kg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|42ofwm1wy2xwll0krnp1ne13kg|03|biz"; nocase; ) # oaq1ot3zy1ui1mldh0wrvnxaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oaq1ot3zy1ui1mldh0wrvnxaq|03|net"; nocase; ) # 11ighln1ozch3q2j94amdpfymh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ighln1ozch3q2j94amdpfymh|03|biz"; nocase; ) # o3ve7mghz4wt1i40p3xfc6nsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3ve7mghz4wt1i40p3xfc6nsv|03|net"; nocase; ) # d2wj28lxah4g14wz6ml1xtjypv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d2wj28lxah4g14wz6ml1xtjypv|03|biz"; nocase; ) # zeu1zq16gcuhc1smmndd1sk67qm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zeu1zq16gcuhc1smmndd1sk67qm|03|com"; nocase; ) # b5s5ahyd7qex1ylov8c1ne5jll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b5s5ahyd7qex1ylov8c1ne5jll|03|net"; nocase; ) # 16s3tqu1k2h103bte0181o8alu8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16s3tqu1k2h103bte0181o8alu8|03|net"; nocase; ) # u2c85n9ocedc1do4iegra0uzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u2c85n9ocedc1do4iegra0uzu|03|com"; nocase; ) # 1wjg2kc1fapun6135n29vybkgmi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wjg2kc1fapun6135n29vybkgmi|03|net"; nocase; ) # x5d6dj83d5g51a5vmirvhbcnc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5d6dj83d5g51a5vmirvhbcnc|03|biz"; nocase; ) # 1x9i59f1vqsknws238ni1shdbc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x9i59f1vqsknws238ni1shdbc7|03|net"; nocase; ) # 1qllxnbkbzfuz1260qdl1pkv88u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qllxnbkbzfuz1260qdl1pkv88u|03|com"; nocase; ) # 1as8ife15mjyyvus63gin0fnr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1as8ife15mjyyvus63gin0fnr0|03|net"; nocase; ) # 1l4l5ij1an2m6d1vnwi1ppyi0mx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4l5ij1an2m6d1vnwi1ppyi0mx|03|biz"; nocase; ) # 1gzszr1drg6xgqa9yp71ug9jtg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gzszr1drg6xgqa9yp71ug9jtg|03|org"; nocase; ) # haa3u41raa623ta5spqzreopi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|haa3u41raa623ta5spqzreopi|03|net"; nocase; ) # vs1rgx17y5qc3ert38z1tay0p9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vs1rgx17y5qc3ert38z1tay0p9|03|com"; nocase; ) # 1dut9hlqyeg3gkpno8tgg1b4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dut9hlqyeg3gkpno8tgg1b4q|03|net"; nocase; ) # 1ogwivz1ysrlep1dyrbb711dxhl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ogwivz1ysrlep1dyrbb711dxhl9|03|net"; nocase; ) # 1o0id421e2oxcnbe7tq6bn5pyh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o0id421e2oxcnbe7tq6bn5pyh|03|biz"; nocase; ) # 4mm6jv1nc1mq4yoi24qjb2p0i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4mm6jv1nc1mq4yoi24qjb2p0i|03|biz"; nocase; ) # 14leggxv4xvm61a1faez1k7vlui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14leggxv4xvm61a1faez1k7vlui|03|org"; nocase; ) # 1vsj7bl1lew15n19wuk371ju51kj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vsj7bl1lew15n19wuk371ju51kj|03|net"; nocase; ) # 1d9o6wc1vtu5dx14u089y1vegnw9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d9o6wc1vtu5dx14u089y1vegnw9|03|org"; nocase; ) # 1wl6isy1x8ixww1l7wcasy0ouky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wl6isy1x8ixww1l7wcasy0ouky|03|net"; nocase; ) # vfbabhxp893mf4f9h7jgveji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vfbabhxp893mf4f9h7jgveji|03|com"; nocase; ) # 1vjw11e1bvc5deswoqo1lmi1cz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vjw11e1bvc5deswoqo1lmi1cz|03|net"; nocase; ) # 3g97po13sw2oohlisgh9iq5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3g97po13sw2oohlisgh9iq5p|03|net"; nocase; ) # 1hakrqs16lxvu2ras4tg1rbrieb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hakrqs16lxvu2ras4tg1rbrieb|03|net"; nocase; ) # q1e8w1aag94oy12q8p1e41wc3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q1e8w1aag94oy12q8p1e41wc3|03|biz"; nocase; ) # 10asn3zdkpv2a1piu8r917zn25n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10asn3zdkpv2a1piu8r917zn25n|03|net"; nocase; ) # we5tre1uqhm7y1hwslbi1mtdx5e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|we5tre1uqhm7y1hwslbi1mtdx5e|03|biz"; nocase; ) # 1nu6k2i1uw6k0jhnhabv1j95nb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nu6k2i1uw6k0jhnhabv1j95nb7|03|net"; nocase; ) # 1ef39k41msrcgw1ezymah1xp3r3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ef39k41msrcgw1ezymah1xp3r3t|03|org"; nocase; ) # 1fnb5gl1e4mvtl1qg3hr61qhdurd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fnb5gl1e4mvtl1qg3hr61qhdurd|03|com"; nocase; ) # 1707sff1x1h1p1wddtrx1wm2v44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1707sff1x1h1p1wddtrx1wm2v44|03|com"; nocase; ) # 1hc3xv41nntzb11oe5py41mig2o6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hc3xv41nntzb11oe5py41mig2o6|03|net"; nocase; ) # j1vl10bpfh0qs0sb3a1dx6eu6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j1vl10bpfh0qs0sb3a1dx6eu6|03|biz"; nocase; ) # 1n1o8ho17c9q0r5w7xtp1mpc3be.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n1o8ho17c9q0r5w7xtp1mpc3be|03|net"; nocase; ) # k2dbbc1chim5w18vb6txbbjw9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k2dbbc1chim5w18vb6txbbjw9r|03|org"; nocase; ) # bzbk4b1ez4o9a11ddrqmvgpmgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bzbk4b1ez4o9a11ddrqmvgpmgx|03|com"; nocase; ) # ulcy041cfakt7129oxs91u3qdtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ulcy041cfakt7129oxs91u3qdtn|03|net"; nocase; ) # 16jmi3f1k6ffeo1vkvvmy1ef2mjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16jmi3f1k6ffeo1vkvvmy1ef2mjl|03|org"; nocase; ) # 1wa97mtdcob8cnxxxbgfvx7i6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wa97mtdcob8cnxxxbgfvx7i6|03|com"; nocase; ) # pe6qlolupm381oha33wjfkar1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pe6qlolupm381oha33wjfkar1|03|net"; nocase; ) # j3sj3wjc5kdn1pzqdqs1m6577y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j3sj3wjc5kdn1pzqdqs1m6577y|03|biz"; nocase; ) # 1fbv9g1avpryo3t8shs5hdii7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fbv9g1avpryo3t8shs5hdii7|03|org"; nocase; ) # 1sk71k4kigx5t99a9z3dwssrc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sk71k4kigx5t99a9z3dwssrc|03|org"; nocase; ) # 2a0bs86ewvz813v6lj1oi54us.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2a0bs86ewvz813v6lj1oi54us|03|com"; nocase; ) # 18cnkrn1ozl7g4d611d646xq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18cnkrn1ozl7g4d611d646xq0|03|biz"; nocase; ) # 9z95761cm8be45k5c5v7870kz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9z95761cm8be45k5c5v7870kz|03|net"; nocase; ) # 1u4fdxd1wxifca1bfxx731hh0k09.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u4fdxd1wxifca1bfxx731hh0k09|03|com"; nocase; ) # 1eogif9qhpaj61wqunlt1ysmjd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eogif9qhpaj61wqunlt1ysmjd6|03|net"; nocase; ) # 1mjyzvp1x98nk91puah33h961td.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mjyzvp1x98nk91puah33h961td|03|org"; nocase; ) # 1h033i21vfvhv91ej6rx8vmxvr0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h033i21vfvhv91ej6rx8vmxvr0|03|org"; nocase; ) # 5xrzs1x5r8w6qxp2mij1vvo6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5xrzs1x5r8w6qxp2mij1vvo6|03|org"; nocase; ) # 16hia6q1f17qdmp0uqofn8vso0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16hia6q1f17qdmp0uqofn8vso0|03|com"; nocase; ) # tz07xq1pz5g111qaxzxr1aspq8m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tz07xq1pz5g111qaxzxr1aspq8m|03|biz"; nocase; ) # 1v6siht1axn5zke6dkbcdvvccc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v6siht1axn5zke6dkbcdvvccc|03|org"; nocase; ) # 1287pvt1p9kr3bu45gqf1cf5ghn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1287pvt1p9kr3bu45gqf1cf5ghn|03|com"; nocase; ) # 768tx170wevmxd755xynwis5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|768tx170wevmxd755xynwis5|03|org"; nocase; ) # aer55xovftpj1yk9i0p1lswee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aer55xovftpj1yk9i0p1lswee|03|biz"; nocase; ) # eoc2lcd8syykc2ui2knod65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|eoc2lcd8syykc2ui2knod65|03|org"; nocase; ) # 1g9yv201t8pbk91p13d7m17f0wz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g9yv201t8pbk91p13d7m17f0wz3|03|com"; nocase; ) # 1to6qks1nma1xm1uzvtw2125lwn0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1to6qks1nma1xm1uzvtw2125lwn0|03|com"; nocase; ) # 1e954ks6njzleub8i6ekrgk7p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e954ks6njzleub8i6ekrgk7p|03|biz"; nocase; ) # 1vzw64c1b17johuq4m641d6ur54.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vzw64c1b17johuq4m641d6ur54|03|org"; nocase; ) # e1fcjy6uhplb13gepxxq6wom0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1fcjy6uhplb13gepxxq6wom0|03|net"; nocase; ) # 1rkdyk9hp4p1b1jayahj10l3gmw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkdyk9hp4p1b1jayahj10l3gmw|03|biz"; nocase; ) # 1wovshp1wkytb1guspw5yuowu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wovshp1wkytb1guspw5yuowu|03|com"; nocase; ) # fgek578oh4u5s4n5mpa0cali.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fgek578oh4u5s4n5mpa0cali|03|net"; nocase; ) # 1m4rxhv15ozelsmsb25j1qmd88i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4rxhv15ozelsmsb25j1qmd88i|03|com"; nocase; ) # 1mhfi4z1oiahbo9yyctndt3hzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mhfi4z1oiahbo9yyctndt3hzm|03|org"; nocase; ) # z3cjv42gdsw1ul148qy5ow4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z3cjv42gdsw1ul148qy5ow4z|03|com"; nocase; ) # 75ezth8upoly1uz966e8gesx1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|75ezth8upoly1uz966e8gesx1|03|net"; nocase; ) # 3leck81dga8frr1j9mo1ffzgqx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3leck81dga8frr1j9mo1ffzgqx|03|net"; nocase; ) # s3s1m7p683sd94l4491d9dyka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s3s1m7p683sd94l4491d9dyka|03|org"; nocase; ) # 1jnfjof5541dv1thagcw1344c5e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jnfjof5541dv1thagcw1344c5e|03|com"; nocase; ) # 7d4rfs1m52rz811pgamcwnk9ga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7d4rfs1m52rz811pgamcwnk9ga|03|net"; nocase; ) # 1tzr9l24ssfal1h1m8okzt8ocj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzr9l24ssfal1h1m8okzt8ocj|03|net"; nocase; ) # fmbug0lx57en1qedazttpbdqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fmbug0lx57en1qedazttpbdqh|03|org"; nocase; ) # hhbpr61echso81kfmdgnhvqsvz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhbpr61echso81kfmdgnhvqsvz|03|net"; nocase; ) # 1h1xh4l15n12i71t3szprh4mcu7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h1xh4l15n12i71t3szprh4mcu7|03|com"; nocase; ) # 1lbryfr1ygvmzfokxroyn2tw4r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lbryfr1ygvmzfokxroyn2tw4r|03|net"; nocase; ) # 1g12qi7ymo9aw1wgv2xc1qtz9ea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g12qi7ymo9aw1wgv2xc1qtz9ea|03|net"; nocase; ) # 1yy8qtg1wyqzn6na1gwfzkw5vq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yy8qtg1wyqzn6na1gwfzkw5vq|03|com"; nocase; ) # 4uczgp56gbgz1h6k3ys1q7zg8l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4uczgp56gbgz1h6k3ys1q7zg8l|03|org"; nocase; ) # 18tpq6nr3u8mwdc04hf1kkkhzw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18tpq6nr3u8mwdc04hf1kkkhzw|03|org"; nocase; ) # 3u4vf5yg8yh61s36jnacroiqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3u4vf5yg8yh61s36jnacroiqb|03|com"; nocase; ) # ojvjji21t3wud8uan2jw86lu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ojvjji21t3wud8uan2jw86lu|03|net"; nocase; ) # ctex7l1vo8eagbn91nvc8b7sf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctex7l1vo8eagbn91nvc8b7sf|03|biz"; nocase; ) # 1i7e6dz1satpot18i5eq0mcvn5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i7e6dz1satpot18i5eq0mcvn5i|03|org"; nocase; ) # svmrup1nyf2bwv6lz9d1tztr0z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|svmrup1nyf2bwv6lz9d1tztr0z|03|net"; nocase; ) # tikosd1ey2vl1cgmtza17wo1js.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tikosd1ey2vl1cgmtza17wo1js|03|org"; nocase; ) # kwy9x7jqb4a6kcsice1j2lc6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kwy9x7jqb4a6kcsice1j2lc6j|03|org"; nocase; ) # 1d4hgz3cnhx0kpncbp41k5csa6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4hgz3cnhx0kpncbp41k5csa6|03|biz"; nocase; ) # sok9zf13gbu2c1fnbtbfopoey6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sok9zf13gbu2c1fnbtbfopoey6|03|net"; nocase; ) # 1t39us3eso0pd5j6u4f6tzmhu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t39us3eso0pd5j6u4f6tzmhu|03|org"; nocase; ) # yesk72at6n1ojqk3s115tupsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yesk72at6n1ojqk3s115tupsz|03|net"; nocase; ) # bcce0z1uk2e2u1gm57dk1slkoab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bcce0z1uk2e2u1gm57dk1slkoab|03|com"; nocase; ) # 1ecwh1hoze4ab1c7h2nf11zoypd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ecwh1hoze4ab1c7h2nf11zoypd|03|net"; nocase; ) # 1gth0tu18b2vtqt7i9no2919ft.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gth0tu18b2vtqt7i9no2919ft|03|biz"; nocase; ) # 1x4ux3jo2k0y41s67ue911egjdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4ux3jo2k0y41s67ue911egjdz|03|com"; nocase; ) # 10jpmsa1cckq0b54t6o91k3rt60.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10jpmsa1cckq0b54t6o91k3rt60|03|org"; nocase; ) # hgvrqp16nk5d41jmus7kj1hdw8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hgvrqp16nk5d41jmus7kj1hdw8|03|biz"; nocase; ) # 11bsda5w1hzjsbg36qzsr354n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bsda5w1hzjsbg36qzsr354n|03|biz"; nocase; ) # 1v508681dvtm3u1kje5fv140s7zd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v508681dvtm3u1kje5fv140s7zd|03|net"; nocase; ) # 1700hwetc2im1d22q521f56pwj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1700hwetc2im1d22q521f56pwj|03|biz"; nocase; ) # 102xsx51p39gmm1aqf1b0ln97i5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|102xsx51p39gmm1aqf1b0ln97i5|03|net"; nocase; ) # 10sggiw1q60w225ooir1drmbxz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10sggiw1q60w225ooir1drmbxz|03|com"; nocase; ) # 1qaz75935dlefa78c6fx0yl7w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qaz75935dlefa78c6fx0yl7w|03|biz"; nocase; ) # ppkkys16ac6xksmo1bepvc6zs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ppkkys16ac6xksmo1bepvc6zs|03|org"; nocase; ) # 9jvzzm9yc2n51j73o257i0948.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9jvzzm9yc2n51j73o257i0948|03|com"; nocase; ) # 1mwtku111316zz6yuefq1be4yb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mwtku111316zz6yuefq1be4yb|03|biz"; nocase; ) # 8ngzgk11b812hx3fxto1mkjgms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ngzgk11b812hx3fxto1mkjgms|03|org"; nocase; ) # 7zpl6u1n8mva41unwgm01h68you.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7zpl6u1n8mva41unwgm01h68you|03|org"; nocase; ) # 1r6y2nz2mf1x81jrtx5r1t2ltey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r6y2nz2mf1x81jrtx5r1t2ltey|03|biz"; nocase; ) # 1thjt8b1rzlon1gh47up8bnsg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1thjt8b1rzlon1gh47up8bnsg6|03|net"; nocase; ) # avp58gaevsre1mj92eihkqsx1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|avp58gaevsre1mj92eihkqsx1|03|org"; nocase; ) # 12kq0p8brjwq21utq6xlep8tqc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12kq0p8brjwq21utq6xlep8tqc|03|com"; nocase; ) # 1mi5pl3tklz4je4m615100wwfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mi5pl3tklz4je4m615100wwfw|03|net"; nocase; ) # 4ruhtr1pxyx8etcjujkqmug42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ruhtr1pxyx8etcjujkqmug42|03|org"; nocase; ) # nbiwhsujh8va1bf31ttb4aor4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nbiwhsujh8va1bf31ttb4aor4|03|biz"; nocase; ) # 3a8wiv100fdml1mx7rfno79gwn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3a8wiv100fdml1mx7rfno79gwn|03|net"; nocase; ) # uhe7mqelgct3am49bv2ukenx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uhe7mqelgct3am49bv2ukenx|03|org"; nocase; ) # 1wiwz5wxmg81q1crd57a14iw9uv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wiwz5wxmg81q1crd57a14iw9uv|03|biz"; nocase; ) # pyzlo71469lmkfei8cq1hjg9x1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pyzlo71469lmkfei8cq1hjg9x1|03|biz"; nocase; ) # 1buuux8g0s0891grgmxi1ln31cm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1buuux8g0s0891grgmxi1ln31cm|03|org"; nocase; ) # 1r7rcls686hn01lvzbf5it9pmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r7rcls686hn01lvzbf5it9pmp|03|net"; nocase; ) # 1m38575so2li019fhbeypckw39.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m38575so2li019fhbeypckw39|03|biz"; nocase; ) # 171xo8z18jnsh6nc04pn1pqnwme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|171xo8z18jnsh6nc04pn1pqnwme|03|org"; nocase; ) # rdksy68qiuypp1hvs8acmsp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdksy68qiuypp1hvs8acmsp4|03|net"; nocase; ) # g6eklo1iyo2buznl3opfww7wj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6eklo1iyo2buznl3opfww7wj|03|com"; nocase; ) # 12w2ev418082ij18bdxhxheq1lx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12w2ev418082ij18bdxhxheq1lx|03|net"; nocase; ) # 6rxu4wnv42xctv52p31u51zl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rxu4wnv42xctv52p31u51zl6|03|org"; nocase; ) # 1xkbypu11dvgnxtph5x412egvww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xkbypu11dvgnxtph5x412egvww|03|net"; nocase; ) # 1gpbgv9lhnr4g3hyzmo1fp951n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gpbgv9lhnr4g3hyzmo1fp951n|03|biz"; nocase; ) # mvbklup344b21u36ywysjept8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mvbklup344b21u36ywysjept8|03|net"; nocase; ) # 1r29fbh1eo41j0ses4mcfaiviv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r29fbh1eo41j0ses4mcfaiviv|03|biz"; nocase; ) # 1xk7s1tk8zej41mq8wxsutm5ge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xk7s1tk8zej41mq8wxsutm5ge|03|com"; nocase; ) # 457ptojnz19b1v04kieubp9et.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|457ptojnz19b1v04kieubp9et|03|net"; nocase; ) # l9vcdczs0qbziij23y1252lth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l9vcdczs0qbziij23y1252lth|03|net"; nocase; ) # 1c36yha1ppyto91x1awr71eab120.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c36yha1ppyto91x1awr71eab120|03|org"; nocase; ) # ynca0414qyvs510gg2gx155ski1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ynca0414qyvs510gg2gx155ski1|03|net"; nocase; ) # fit7flq1qg6sm5qguyjer569.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fit7flq1qg6sm5qguyjer569|03|org"; nocase; ) # 9tuweaujugzvzazo851ozuy9w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9tuweaujugzvzazo851ozuy9w|03|com"; nocase; ) # 4qxuig1d8moed10zlj9815dlo1z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4qxuig1d8moed10zlj9815dlo1z|03|org"; nocase; ) # 1bqnwdt1ju825o45afoy1eflih4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bqnwdt1ju825o45afoy1eflih4|03|org"; nocase; ) # 172gtam1ghj63c1yy5paz18tcohs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|172gtam1ghj63c1yy5paz18tcohs|03|net"; nocase; ) # 963h3915pfjmd9umy3518mue91.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|963h3915pfjmd9umy3518mue91|03|org"; nocase; ) # oz9lrc149m1771bi2k8sgblmdg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oz9lrc149m1771bi2k8sgblmdg|03|net"; nocase; ) # 18tr8j07up0u9wavavvm3yv9w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18tr8j07up0u9wavavvm3yv9w|03|com"; nocase; ) # 14w2regvvj0yl1wxe0lwpe1scx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14w2regvvj0yl1wxe0lwpe1scx|03|org"; nocase; ) # 1is10phmxi8mc1j4ti68abvtk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1is10phmxi8mc1j4ti68abvtk4|03|org"; nocase; ) # bwz2h911qxfl01tqxjwi6qgrra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwz2h911qxfl01tqxjwi6qgrra|03|com"; nocase; ) # 8qq3ub9qy89ekmz8x052oiof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8qq3ub9qy89ekmz8x052oiof|03|com"; nocase; ) # hkskog1ck67hfeckpl41kqbl2x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hkskog1ck67hfeckpl41kqbl2x|03|com"; nocase; ) # i6mrjk1rbvoj3jmsjea1snlcyy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6mrjk1rbvoj3jmsjea1snlcyy|03|com"; nocase; ) # 1ausurf1e97cu2af06qmogjo15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ausurf1e97cu2af06qmogjo15|03|net"; nocase; ) # 1pqbdv4cthfzw15disjfo7zpg0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pqbdv4cthfzw15disjfo7zpg0|03|biz"; nocase; ) # wc5x6n1pt023a10zy6b8xip3rs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wc5x6n1pt023a10zy6b8xip3rs|03|org"; nocase; ) # 14hf9lowk7due11qlqz714wq2kl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hf9lowk7due11qlqz714wq2kl|03|net"; nocase; ) # 3qf85oqtseai8970lxqxvrri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3qf85oqtseai8970lxqxvrri|03|net"; nocase; ) # 7qhrn91aaum361ccm6crd9cho5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7qhrn91aaum361ccm6crd9cho5|03|org"; nocase; ) # 1acn27etnkzymc6nsoc1m87b9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1acn27etnkzymc6nsoc1m87b9v|03|net"; nocase; ) # 15uam7f1qdoxj417zs7xq1gj01h3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15uam7f1qdoxj417zs7xq1gj01h3|03|com"; nocase; ) # 4631gjdwfpot1mi5hyst5tvc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4631gjdwfpot1mi5hyst5tvc4|03|net"; nocase; ) # 18lw65qtkpb12e4ailyp3doik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18lw65qtkpb12e4ailyp3doik|03|net"; nocase; ) # 1dijyje1def13oe48b2v17hdoqs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dijyje1def13oe48b2v17hdoqs|03|com"; nocase; ) # sfkfa35qot291woq03z1n49dxz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sfkfa35qot291woq03z1n49dxz|03|com"; nocase; ) # 1wwvmac1ibj69nu29cjlngdupi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwvmac1ibj69nu29cjlngdupi|03|net"; nocase; ) # 15n5gpr12jlrym1ihcuat10ddzgw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15n5gpr12jlrym1ihcuat10ddzgw|03|org"; nocase; ) # rno2sgvqcbhzyip9lw1rzl5bc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rno2sgvqcbhzyip9lw1rzl5bc|03|net"; nocase; ) # 1ylrbzcjc8cqo1dzx8151taf38u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ylrbzcjc8cqo1dzx8151taf38u|03|net"; nocase; ) # 1tu8g131z0uybq98g21a1xf5koj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tu8g131z0uybq98g21a1xf5koj|03|net"; nocase; ) # iuv2u610uygmd7db9d3cjjnkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iuv2u610uygmd7db9d3cjjnkp|03|net"; nocase; ) # 48wj1k11oabtbw5fu8l1a3siiv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|48wj1k11oabtbw5fu8l1a3siiv|03|biz"; nocase; ) # 1305rryq328zk6dmw8k11hu26u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1305rryq328zk6dmw8k11hu26u|03|net"; nocase; ) # 1aw9343vq4ye7f5vn4s90de1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aw9343vq4ye7f5vn4s90de1e|03|com"; nocase; ) # kokh0qtw4i4enbvk8gbvhnwp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kokh0qtw4i4enbvk8gbvhnwp|03|org"; nocase; ) # um1jhaoip6r51gpz7ooa0wrf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|um1jhaoip6r51gpz7ooa0wrf|03|com"; nocase; ) # 1aipxt2nehyus11lukd7xyix3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aipxt2nehyus11lukd7xyix3x|03|biz"; nocase; ) # 1iskysv1prjxk0trkl7y1soopi2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iskysv1prjxk0trkl7y1soopi2|03|com"; nocase; ) # 114gbzixar1o71qmz0ly16l03i0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|114gbzixar1o71qmz0ly16l03i0|03|com"; nocase; ) # wcy0ek10ifqvy5xw02pvgu9mx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wcy0ek10ifqvy5xw02pvgu9mx|03|net"; nocase; ) # 92jcukujxwqc8uxiyy1u8gvxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92jcukujxwqc8uxiyy1u8gvxw|03|com"; nocase; ) # 1gpk5pysgeskuih9kg7zfn7xo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpk5pysgeskuih9kg7zfn7xo|03|biz"; nocase; ) # zcwgkdcjsfyl4d89lf1eb5ocb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zcwgkdcjsfyl4d89lf1eb5ocb|03|org"; nocase; ) # 1kfliognd3m0krutg3fqwgbqr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kfliognd3m0krutg3fqwgbqr|03|com"; nocase; ) # 21o1i61dldxrw4og2mcjmwrgs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21o1i61dldxrw4og2mcjmwrgs|03|org"; nocase; ) # dt6xlu1kblo5p10ik71g1ek67kj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dt6xlu1kblo5p10ik71g1ek67kj|03|biz"; nocase; ) # 16zqh4tm3it2n1dpdrk31egr5kz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16zqh4tm3it2n1dpdrk31egr5kz|03|net"; nocase; ) # q8qwy51o4f8nm1vnqels14eyd9g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q8qwy51o4f8nm1vnqels14eyd9g|03|biz"; nocase; ) # 5zeu9v1h2efsz18j0im6175vxwr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5zeu9v1h2efsz18j0im6175vxwr|03|biz"; nocase; ) # 1tyxydwlyriyt15v71gy1yus1t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tyxydwlyriyt15v71gy1yus1t9|03|com"; nocase; ) # tkizns1bwtd0a1xie0nleqpgma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tkizns1bwtd0a1xie0nleqpgma|03|org"; nocase; ) # j1i7p28ohkzhmix8qz7agrau.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j1i7p28ohkzhmix8qz7agrau|03|biz"; nocase; ) # 1l29o4d1yo4l961e3k7l71rdqf4o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l29o4d1yo4l961e3k7l71rdqf4o|03|org"; nocase; ) # 1ue502w1c0hdr71k6anni16jxwnc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ue502w1c0hdr71k6anni16jxwnc|03|org"; nocase; ) # 1w63bmp1ivkc3g1waowp01upeg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w63bmp1ivkc3g1waowp01upeg|03|org"; nocase; ) # 6vaiwwoqxsbs1ffw9z5fr6din.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6vaiwwoqxsbs1ffw9z5fr6din|03|net"; nocase; ) # jcvldhcndd0p16rilvu1hmacpw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jcvldhcndd0p16rilvu1hmacpw|03|com"; nocase; ) # 1yjvfya1qcc50l1vxrm9p13gx484.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yjvfya1qcc50l1vxrm9p13gx484|03|org"; nocase; ) # 38dgwdzkrz1zro81gv19lpmqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|38dgwdzkrz1zro81gv19lpmqo|03|net"; nocase; ) # gwzc0j1lq3s9o6psqg9a7si7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gwzc0j1lq3s9o6psqg9a7si7b|03|com"; nocase; ) # 7o9q00leb7hb1tcgaq41ozy9w3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7o9q00leb7hb1tcgaq41ozy9w3|03|biz"; nocase; ) # 1vcl3xn1nh6gpu1wbu0b7fxmbl3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vcl3xn1nh6gpu1wbu0b7fxmbl3|03|biz"; nocase; ) # 21qaus1y4ilx7tyf8891mlae5q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21qaus1y4ilx7tyf8891mlae5q|03|org"; nocase; ) # 1nbhmku133hsd19mjiqu1k7pc7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nbhmku133hsd19mjiqu1k7pc7j|03|com"; nocase; ) # 1jhrxdb1i6fm6095c64q8fgp06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhrxdb1i6fm6095c64q8fgp06|03|net"; nocase; ) # 1w27epjh2l61j1hshxc21l064ud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w27epjh2l61j1hshxc21l064ud|03|net"; nocase; ) # 1sxzh7ibnwy6e2b7jaa1dc7bb0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sxzh7ibnwy6e2b7jaa1dc7bb0|03|org"; nocase; ) # 1wxdp45074a716frqp21fbcfa5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wxdp45074a716frqp21fbcfa5|03|net"; nocase; ) # 38369f4f52g164e61pdcknmw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|38369f4f52g164e61pdcknmw|03|org"; nocase; ) # 16wflw1jnenwx8g9owu186c41w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wflw1jnenwx8g9owu186c41w|03|net"; nocase; ) # tp2gbf1ss7zxio6wvsg13561u9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tp2gbf1ss7zxio6wvsg13561u9|03|org"; nocase; ) # riv8x02tcm2zh7nmrd11lk6vx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|riv8x02tcm2zh7nmrd11lk6vx|03|org"; nocase; ) # 1xrisln1j26fz61j356rw1zc0gz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xrisln1j26fz61j356rw1zc0gz|03|com"; nocase; ) # 1goy8ax1rkczsp1u8l6vt1eur4e8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1goy8ax1rkczsp1u8l6vt1eur4e8|03|org"; nocase; ) # fhgoxj15fvwa51ot2r0sd31dtg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fhgoxj15fvwa51ot2r0sd31dtg|03|biz"; nocase; ) # 8khzykqvnqs6sjuh88sfmec1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8khzykqvnqs6sjuh88sfmec1|03|net"; nocase; ) # 1furnavzfpdoe1t2p2rj31omhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1furnavzfpdoe1t2p2rj31omhl|03|net"; nocase; ) # 165oqr98edfz21b1bnc51ybstro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165oqr98edfz21b1bnc51ybstro|03|biz"; nocase; ) # 1p0hnnerayw1k1s1u0w019ybr9x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0hnnerayw1k1s1u0w019ybr9x|03|biz"; nocase; ) # tlbx1zjw4b85129yaw712d2djt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tlbx1zjw4b85129yaw712d2djt|03|biz"; nocase; ) # 15s3c6iq0tx2qh6hgip1sdmhh1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15s3c6iq0tx2qh6hgip1sdmhh1|03|net"; nocase; ) # 1boyd763abpkx24algn1cuaocp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1boyd763abpkx24algn1cuaocp|03|com"; nocase; ) # 1xx6xbbjvla691olx8ph1k8gdy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xx6xbbjvla691olx8ph1k8gdy2|03|net"; nocase; ) # 1kdl9qb1ui8k3tunu0pa19gw2r0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdl9qb1ui8k3tunu0pa19gw2r0|03|net"; nocase; ) # l9vu4210qfps3qt5m2l6w0j8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l9vu4210qfps3qt5m2l6w0j8|03|org"; nocase; ) # 1u9fe1x6ps071vhujqs13p01ml.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u9fe1x6ps071vhujqs13p01ml|03|biz"; nocase; ) # 1wann4kegeaa7e7ziaa1wexgfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wann4kegeaa7e7ziaa1wexgfq|03|net"; nocase; ) # uhjwe9j1kefj18hc4lb1nii4ly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uhjwe9j1kefj18hc4lb1nii4ly|03|com"; nocase; ) # 7fnawp2rp2qx1uexoug18okeb3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7fnawp2rp2qx1uexoug18okeb3|03|org"; nocase; ) # 75sgcfabgj8m1x9dotp1ldj3o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|75sgcfabgj8m1x9dotp1ldj3o3|03|net"; nocase; ) # jy6ob81aya7fvrnpf3i77j49z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jy6ob81aya7fvrnpf3i77j49z|03|biz"; nocase; ) # gn4txmtop34j3evvjf15uxhj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gn4txmtop34j3evvjf15uxhj3|03|com"; nocase; ) # rnk5bi1ay1tvvdt5iukocp2f6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rnk5bi1ay1tvvdt5iukocp2f6|03|biz"; nocase; ) # 1e5b0oj3lnr6n11lirwnyve3rb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5b0oj3lnr6n11lirwnyve3rb|03|org"; nocase; ) # 12uv0yc959c2h1mv4lbzhl9o02.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12uv0yc959c2h1mv4lbzhl9o02|03|com"; nocase; ) # 1rlyvw3aacx8w14d9f7zq7fb03.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rlyvw3aacx8w14d9f7zq7fb03|03|org"; nocase; ) # 1vrsqovbaoubx1r4rdc6uc056x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vrsqovbaoubx1r4rdc6uc056x|03|org"; nocase; ) # 3ev76y13jyn1s1wiwsz61tkq3dh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3ev76y13jyn1s1wiwsz61tkq3dh|03|net"; nocase; ) # mbsu0h1kucw7e1v9ulfmzn9deh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mbsu0h1kucw7e1v9ulfmzn9deh|03|com"; nocase; ) # gjpgc01gm7qplm71tzk1gilu14.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gjpgc01gm7qplm71tzk1gilu14|03|biz"; nocase; ) # 1cjhxkphbdpp61bq9zox6atsel.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cjhxkphbdpp61bq9zox6atsel|03|org"; nocase; ) # 6fjwo5791fjfeyn1vzvs5bxm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6fjwo5791fjfeyn1vzvs5bxm|03|biz"; nocase; ) # is8347m0oule5v2swyj09w0d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|is8347m0oule5v2swyj09w0d|03|com"; nocase; ) # pi5e57ml0ave7awtor14y4w1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pi5e57ml0ave7awtor14y4w1d|03|net"; nocase; ) # 1i2pr3f1x3r7ot1hrtk0q1rcaxjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i2pr3f1x3r7ot1hrtk0q1rcaxjm|03|org"; nocase; ) # 5y0ob5x7o3ev9xhg3o1k6dvub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5y0ob5x7o3ev9xhg3o1k6dvub|03|org"; nocase; ) # xq2u6e1210x8e138bsyk1ighanj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xq2u6e1210x8e138bsyk1ighanj|03|biz"; nocase; ) # 1yleief1v798e354jme41awdoue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yleief1v798e354jme41awdoue|03|com"; nocase; ) # 1f3hmyel4o508uxs71t1prjd4e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3hmyel4o508uxs71t1prjd4e|03|org"; nocase; ) # 1ag2hqp1ija4ij52slxrrj5ecx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ag2hqp1ija4ij52slxrrj5ecx|03|net"; nocase; ) # ud5ok61bnsvb4f7no5kjelmba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ud5ok61bnsvb4f7no5kjelmba|03|com"; nocase; ) # 1xivrfndakdqn6nmb6q2fojky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xivrfndakdqn6nmb6q2fojky|03|net"; nocase; ) # 19uasxf1f3eqkwz1nc6d38p8w4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19uasxf1f3eqkwz1nc6d38p8w4|03|com"; nocase; ) # 1ej3j6s4rq08w1o6tcaxov0aa2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ej3j6s4rq08w1o6tcaxov0aa2|03|biz"; nocase; ) # 12nlu801rh1wxr9z3a1krk9wae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12nlu801rh1wxr9z3a1krk9wae|03|com"; nocase; ) # 1ocuvzh8un4lzeqm4301n5xyo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ocuvzh8un4lzeqm4301n5xyo8|03|net"; nocase; ) # t1rusj1m7tqzho6d03r597o6q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t1rusj1m7tqzho6d03r597o6q|03|com"; nocase; ) # 1kdjt679ine14xv50c01otmw2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kdjt679ine14xv50c01otmw2f|03|net"; nocase; ) # drrjofqzgyhwsmnf5719pcsmz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|drrjofqzgyhwsmnf5719pcsmz|03|net"; nocase; ) # 6zw3rky9jox911tf1mq1vy8ggj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6zw3rky9jox911tf1mq1vy8ggj|03|net"; nocase; ) # lfxxho2knmul1ua4gc2fy6kzt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lfxxho2knmul1ua4gc2fy6kzt|03|biz"; nocase; ) # 1u52e2x1hkg1fp1hb49vbhgt8r1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u52e2x1hkg1fp1hb49vbhgt8r1|03|com"; nocase; ) # 2cer1w100tw6e1en3r9qmyupp2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cer1w100tw6e1en3r9qmyupp2|03|biz"; nocase; ) # 5ngmxethxq4ioqtodtmqjsbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5ngmxethxq4ioqtodtmqjsbo|03|org"; nocase; ) # vpqsv1p3v9ch1iskx9e1yvx7y2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vpqsv1p3v9ch1iskx9e1yvx7y2|03|com"; nocase; ) # 7wr99hw2w9q5xrjfo3iqimoh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7wr99hw2w9q5xrjfo3iqimoh|03|com"; nocase; ) # 1yx2jlrnpcz61elp7un7wrp1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yx2jlrnpcz61elp7un7wrp1w|03|net"; nocase; ) # fynsbj5ybiau11huusd1e6xakw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fynsbj5ybiau11huusd1e6xakw|03|org"; nocase; ) # 1udgu9bjtrbcznsmedysrrsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1udgu9bjtrbcznsmedysrrsl|03|org"; nocase; ) # vyenf91fep85pntrscba5tow2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vyenf91fep85pntrscba5tow2|03|net"; nocase; ) # is87xj1gv957ke0tui01m94a46.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|is87xj1gv957ke0tui01m94a46|03|biz"; nocase; ) # i9u0ep173rnd71tiqgem1hqtw0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i9u0ep173rnd71tiqgem1hqtw0m|03|net"; nocase; ) # hmmf7t1xx7l79r5do17y9xq93.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hmmf7t1xx7l79r5do17y9xq93|03|org"; nocase; ) # 1qsdrqjq6m2ky33nw951gz4l52.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qsdrqjq6m2ky33nw951gz4l52|03|org"; nocase; ) # 4z1n3vgypc6p1a5vt739gg424.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4z1n3vgypc6p1a5vt739gg424|03|biz"; nocase; ) # ud4g6nl6hh77tz3dhbsxqzpq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ud4g6nl6hh77tz3dhbsxqzpq|03|net"; nocase; ) # 1i2crk41si7lc211sdxh01w348y9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i2crk41si7lc211sdxh01w348y9|03|com"; nocase; ) # svy9p91vqssba1699wsit4q5k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|svy9p91vqssba1699wsit4q5k|03|biz"; nocase; ) # 10d79f11wz92n4abr2yavsvka7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10d79f11wz92n4abr2yavsvka7|03|org"; nocase; ) # 18svktq1cdb6hn117znmtpbmdr6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18svktq1cdb6hn117znmtpbmdr6|03|net"; nocase; ) # 17920mn8ilgcr1coogdv2k6kny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17920mn8ilgcr1coogdv2k6kny|03|com"; nocase; ) # 1hiup3ewghi5pc1d1z91m1io0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hiup3ewghi5pc1d1z91m1io0y|03|net"; nocase; ) # 1691ahdbb9ib17tsf0b9f0ih3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1691ahdbb9ib17tsf0b9f0ih3|03|org"; nocase; ) # wp5m861050oacvxius819lfnn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wp5m861050oacvxius819lfnn8|03|com"; nocase; ) # 13ctvg61vbzmfi1uwt1j7pcqs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ctvg61vbzmfi1uwt1j7pcqs4|03|net"; nocase; ) # rcgomu1xb1bxj112bjzg8srjzl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rcgomu1xb1bxj112bjzg8srjzl|03|biz"; nocase; ) # 8sgf481c1jfxeksr6ek1s03dky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8sgf481c1jfxeksr6ek1s03dky|03|net"; nocase; ) # 5umepw1hgp3g977oq9b1pquw7s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5umepw1hgp3g977oq9b1pquw7s|03|org"; nocase; ) # 13z4na01cbaic0ow6lldq543e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13z4na01cbaic0ow6lldq543e0|03|biz"; nocase; ) # xmgfuy6rtbrpcpe17p17mhg3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xmgfuy6rtbrpcpe17p17mhg3t|03|com"; nocase; ) # 1fdtj4f1htjy8c1ixzwfhny4amu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fdtj4f1htjy8c1ixzwfhny4amu|03|biz"; nocase; ) # w3ys4u12nb04d6j9lpf2s121e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w3ys4u12nb04d6j9lpf2s121e|03|org"; nocase; ) # 1k8hue2dy4mmf108lzov9vh6bq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k8hue2dy4mmf108lzov9vh6bq|03|com"; nocase; ) # ojhr1i1g0wmyy10d9qjnih52iy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ojhr1i1g0wmyy10d9qjnih52iy|03|org"; nocase; ) # r8q5et1b3r9s6w56ajbkhjatv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r8q5et1b3r9s6w56ajbkhjatv|03|net"; nocase; ) # 171z21k1ek2y5f16tzzru1n023nv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|171z21k1ek2y5f16tzzru1n023nv|03|com"; nocase; ) # nqwn92eduwignlo9xr1099o1z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nqwn92eduwignlo9xr1099o1z|03|org"; nocase; ) # 1sg2tyq174wkwl1p3meqct4adyy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sg2tyq174wkwl1p3meqct4adyy|03|biz"; nocase; ) # 18m78mnldjj4m3me65c1vy5vz6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18m78mnldjj4m3me65c1vy5vz6|03|org"; nocase; ) # 1r4c72f144e1vjrlzofr1c87s6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4c72f144e1vjrlzofr1c87s6|03|com"; nocase; ) # nrf1d215818x61v42v6b1gag3pu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nrf1d215818x61v42v6b1gag3pu|03|com"; nocase; ) # 8n3aeg1pclut310quowd14o54gl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8n3aeg1pclut310quowd14o54gl|03|com"; nocase; ) # 7ioe328zgoa11s1i3gx1pfbir8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ioe328zgoa11s1i3gx1pfbir8|03|com"; nocase; ) # 1iws0ym1yh4ey715at25u13fx0c7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iws0ym1yh4ey715at25u13fx0c7|03|net"; nocase; ) # 1u6pdx3j8nocngwwjmt11dc1kc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u6pdx3j8nocngwwjmt11dc1kc|03|org"; nocase; ) # bhl1ic1qzw8d1u6inp4eqa1jk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bhl1ic1qzw8d1u6inp4eqa1jk|03|net"; nocase; ) # kmk2jr1vtldbt1lao9qd1mfs3sv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kmk2jr1vtldbt1lao9qd1mfs3sv|03|com"; nocase; ) # 1xu0chd17589enfn99kkr91rh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xu0chd17589enfn99kkr91rh9|03|net"; nocase; ) # 1lhpq8ke2jiwg1fa9rox19e9a63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lhpq8ke2jiwg1fa9rox19e9a63|03|com"; nocase; ) # 79lt2aa741x716qmh3j1wn3xjz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79lt2aa741x716qmh3j1wn3xjz|03|net"; nocase; ) # 102wctvgpircbl70xad19jy8w8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|102wctvgpircbl70xad19jy8w8|03|biz"; nocase; ) # 864m37jz3wr96e6s8w162rg3n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|864m37jz3wr96e6s8w162rg3n|03|com"; nocase; ) # stthu61o5lec610isv15ahkm8e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|stthu61o5lec610isv15ahkm8e|03|net"; nocase; ) # rvy29n16rnqq1bkzlcb3p2w1t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rvy29n16rnqq1bkzlcb3p2w1t|03|biz"; nocase; ) # 1j59f65xed1mgkzay7r1m17bds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j59f65xed1mgkzay7r1m17bds|03|biz"; nocase; ) # 1ej3qzkwwllmgnpohhoeosv3h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ej3qzkwwllmgnpohhoeosv3h|03|com"; nocase; ) # nd94b22tx9tkc517oo1f81du5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nd94b22tx9tkc517oo1f81du5|03|com"; nocase; ) # o4v14i1w7oibqbbsdq7w37xve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o4v14i1w7oibqbbsdq7w37xve|03|com"; nocase; ) # 1cu5wkw1eqolzp1821hqt1ut7rb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cu5wkw1eqolzp1821hqt1ut7rb3|03|net"; nocase; ) # uoo9qlpp74q11sf8yvb1ks3wif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uoo9qlpp74q11sf8yvb1ks3wif|03|com"; nocase; ) # yow0skc9zwzu1lfdqoxmc7xri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yow0skc9zwzu1lfdqoxmc7xri|03|com"; nocase; ) # mxmmtf1ew4mzy103ukx0p9lmjs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mxmmtf1ew4mzy103ukx0p9lmjs|03|biz"; nocase; ) # kekc9b10d9hyh101adsw47ul6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kekc9b10d9hyh101adsw47ul6o|03|net"; nocase; ) # 1lo2sdvxofjf719qh9q1do8sc7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lo2sdvxofjf719qh9q1do8sc7|03|com"; nocase; ) # 1qls0hapaq7116a98gf18iio31.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qls0hapaq7116a98gf18iio31|03|biz"; nocase; ) # 17a6djf1ejce3wpor8w1mx2hjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17a6djf1ejce3wpor8w1mx2hjn|03|org"; nocase; ) # xdfq711t1j768awjpfv1c5czfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xdfq711t1j768awjpfv1c5czfh|03|net"; nocase; ) # 13pmi47nnvxkxevbsmi193c37g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13pmi47nnvxkxevbsmi193c37g|03|com"; nocase; ) # 1ek973v1hc2fpf5kvp4h1wyj4ls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ek973v1hc2fpf5kvp4h1wyj4ls|03|org"; nocase; ) # gj3m621fbf9hdb77lneg67bo2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gj3m621fbf9hdb77lneg67bo2|03|net"; nocase; ) # 16fqzyxdi23cu9pcwsc1iihcxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16fqzyxdi23cu9pcwsc1iihcxu|03|com"; nocase; ) # 1hjs6k514l0h9814c28f41jbj7yn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hjs6k514l0h9814c28f41jbj7yn|03|org"; nocase; ) # 17e0ual1w4ajg7yc0grvam90tg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e0ual1w4ajg7yc0grvam90tg|03|net"; nocase; ) # 1tn51il1njpj0o1pkd1h91pflur4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tn51il1njpj0o1pkd1h91pflur4|03|net"; nocase; ) # 1vfjj3r15zujj513vg9lc1ho0ihh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vfjj3r15zujj513vg9lc1ho0ihh|03|org"; nocase; ) # 16nneyqihvh3t1cp47xx18ntd7y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16nneyqihvh3t1cp47xx18ntd7y|03|biz"; nocase; ) # 19zeqiu4jcq2d1kzvujon2w1sp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19zeqiu4jcq2d1kzvujon2w1sp|03|net"; nocase; ) # 17h5qu01qtmwmkeaysbmeq47ux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17h5qu01qtmwmkeaysbmeq47ux|03|com"; nocase; ) # 1898sp91gv6twa1lp5qir1hqm9ve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1898sp91gv6twa1lp5qir1hqm9ve|03|com"; nocase; ) # hg49pp1ekyk9vk1ufm419597l4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hg49pp1ekyk9vk1ufm419597l4|03|net"; nocase; ) # 1ko1xvo0hdg13mrzx4114i36a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ko1xvo0hdg13mrzx4114i36a|03|net"; nocase; ) # 15efflb1d0kmmgn6llk7qc7uu2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15efflb1d0kmmgn6llk7qc7uu2|03|biz"; nocase; ) # gx5fzkdlkmbq1elem9rlixkro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gx5fzkdlkmbq1elem9rlixkro|03|biz"; nocase; ) # 1axwos41qbnyuog5v1251yb447t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1axwos41qbnyuog5v1251yb447t|03|net"; nocase; ) # yj4ni71j4bgl61lk3e8712fx4de.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yj4ni71j4bgl61lk3e8712fx4de|03|org"; nocase; ) # 1a4npx91eqlcgc3ghqdqzdje70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a4npx91eqlcgc3ghqdqzdje70|03|org"; nocase; ) # fo1ejo13mzxbk17ey1h5crhved.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fo1ejo13mzxbk17ey1h5crhved|03|net"; nocase; ) # 1sfqc3z1q8mc0wwjnvpi1cvypwk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sfqc3z1q8mc0wwjnvpi1cvypwk|03|biz"; nocase; ) # 17b9tjl1lealxf8iw4oea1so9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17b9tjl1lealxf8iw4oea1so9e|03|org"; nocase; ) # kkdxpge8r2nr1m63u7b4ki6hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkdxpge8r2nr1m63u7b4ki6hd|03|com"; nocase; ) # wkg8wu6hl81f1d81q7lgel5xq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wkg8wu6hl81f1d81q7lgel5xq|03|org"; nocase; ) # 1ot8rcy133f5kr1x8g7cv1si8qot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ot8rcy133f5kr1x8g7cv1si8qot|03|net"; nocase; ) # vow0kz1v4gzip1fd8omlyntlva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vow0kz1v4gzip1fd8omlyntlva|03|com"; nocase; ) # n2vnpg1vmaoug7x4av1libjp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n2vnpg1vmaoug7x4av1libjp5|03|net"; nocase; ) # 1jmv1iy1rgvssmdnas9y1h46uux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmv1iy1rgvssmdnas9y1h46uux|03|net"; nocase; ) # 1xpofa44oyhhrsyg6t41l5zomp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xpofa44oyhhrsyg6t41l5zomp|03|org"; nocase; ) # 1s5x3ull2c1k11lwc848zti6tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s5x3ull2c1k11lwc848zti6tm|03|net"; nocase; ) # yffkc0763x2bmfeuerzybc7u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yffkc0763x2bmfeuerzybc7u|03|org"; nocase; ) # m0jvua18dcnpgoyfzg81q7i3p5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0jvua18dcnpgoyfzg81q7i3p5|03|net"; nocase; ) # b26v3blxv7re1p7x31r1frfnqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b26v3blxv7re1p7x31r1frfnqv|03|biz"; nocase; ) # 1gq6voq1pomagwf6n7zl24pxrz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gq6voq1pomagwf6n7zl24pxrz|03|biz"; nocase; ) # 1692zzk1jhzc621wsef4ytdoiu4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1692zzk1jhzc621wsef4ytdoiu4|03|net"; nocase; ) # 7akaya11ueq9g1h2v65flr6d4o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7akaya11ueq9g1h2v65flr6d4o|03|biz"; nocase; ) # 1k4r5ae24uhmtxuadrn1fvbczq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4r5ae24uhmtxuadrn1fvbczq|03|net"; nocase; ) # 17uqfse1lj2ttvyq8uen11eumsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uqfse1lj2ttvyq8uen11eumsq|03|org"; nocase; ) # 1rdug8i5laqer48yaj1kett83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rdug8i5laqer48yaj1kett83|03|net"; nocase; ) # 17vmzfv1ujnpd91t1uza61y2xe53.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17vmzfv1ujnpd91t1uza61y2xe53|03|com"; nocase; ) # t4vfs81p5cu0r1poozak42hg0i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t4vfs81p5cu0r1poozak42hg0i|03|org"; nocase; ) # 1yi1cyi1omaos1vghglfe8dzjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yi1cyi1omaos1vghglfe8dzjx|03|net"; nocase; ) # g818511tdaz7qrw1sv6jy2o5k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g818511tdaz7qrw1sv6jy2o5k|03|net"; nocase; ) # 17c8fv8aiinj0r9vkgee2tlyt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17c8fv8aiinj0r9vkgee2tlyt|03|net"; nocase; ) # b1efcx1gg65eel8bennk6x7ce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1efcx1gg65eel8bennk6x7ce|03|org"; nocase; ) # j91ajo1eknxazs72bnoi9ktyl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j91ajo1eknxazs72bnoi9ktyl|03|net"; nocase; ) # iv3b2f1j60b441jmqd0cy5uu2g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iv3b2f1j60b441jmqd0cy5uu2g|03|org"; nocase; ) # 3df3qt1ay5js7zforqgeqxxp2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3df3qt1ay5js7zforqgeqxxp2|03|net"; nocase; ) # y9wjw6jvm0qzpipcbizrhahi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y9wjw6jvm0qzpipcbizrhahi|03|com"; nocase; ) # 1n9ogi3n4atze12ajzdx1n15o97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9ogi3n4atze12ajzdx1n15o97|03|org"; nocase; ) # pmzhxs1n58yj68hliaapyifqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pmzhxs1n58yj68hliaapyifqi|03|com"; nocase; ) # 19vkvnw1crplbomj81ir1lnyk88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19vkvnw1crplbomj81ir1lnyk88|03|org"; nocase; ) # 8t9m1p26hurtxx8ov71wzneu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8t9m1p26hurtxx8ov71wzneu|03|biz"; nocase; ) # fc7tj81wupjfo4g8k056rzoq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fc7tj81wupjfo4g8k056rzoq7|03|biz"; nocase; ) # 1fqdu4xtm9qwzgr1dqq1ltft19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fqdu4xtm9qwzgr1dqq1ltft19|03|org"; nocase; ) # blrdle9zra0w13w0prp15pj33a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|blrdle9zra0w13w0prp15pj33a|03|net"; nocase; ) # 1o2n0hfsk5ool2feo1g1raa24o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o2n0hfsk5ool2feo1g1raa24o|03|org"; nocase; ) # 1hlxbi21yugvwak3s18p8jlrvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hlxbi21yugvwak3s18p8jlrvm|03|net"; nocase; ) # yymy7em1p0i53bsl291wsieju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yymy7em1p0i53bsl291wsieju|03|org"; nocase; ) # 11gfiho11dep3e1cov09hjzdey7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11gfiho11dep3e1cov09hjzdey7|03|org"; nocase; ) # 7c3cfo1nmrjhsasmvgm7li92s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7c3cfo1nmrjhsasmvgm7li92s|03|com"; nocase; ) # 1uvwdjg8qj3pe540trh1e4t55k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvwdjg8qj3pe540trh1e4t55k|03|com"; nocase; ) # 1hdxulz1d9twvcxmapbe33epsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hdxulz1d9twvcxmapbe33epsk|03|org"; nocase; ) # 1166ski13ip2ulq9pvjg17gry7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1166ski13ip2ulq9pvjg17gry7y|03|net"; nocase; ) # bgzhs9gntnmi14izzqvkuekk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bgzhs9gntnmi14izzqvkuekk|03|org"; nocase; ) # f6xc2ikm9hn5a024tv4y5ip4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f6xc2ikm9hn5a024tv4y5ip4|03|net"; nocase; ) # 2e6lih1ezwh0j1u2c83i131oiq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2e6lih1ezwh0j1u2c83i131oiq8|03|net"; nocase; ) # 1jz44fh19js2kq1tunwz67tbpqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jz44fh19js2kq1tunwz67tbpqw|03|com"; nocase; ) # hspboc15xws7lnjw2s07w0esu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hspboc15xws7lnjw2s07w0esu|03|net"; nocase; ) # 1b7vqin18j6uur195cxyy1a6ns0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b7vqin18j6uur195cxyy1a6ns0e|03|com"; nocase; ) # 10pyfqp1wszupel0eyiha0g6pb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10pyfqp1wszupel0eyiha0g6pb|03|net"; nocase; ) # 1ld93kk1s6arg3anl3qh15lgcir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ld93kk1s6arg3anl3qh15lgcir|03|org"; nocase; ) # 1p5ytl31pch87mh34u9j7gd07h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p5ytl31pch87mh34u9j7gd07h|03|net"; nocase; ) # tyj54t1vt0g1p126nc4uv4i0n8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tyj54t1vt0g1p126nc4uv4i0n8|03|org"; nocase; ) # 4rzkpg5x89gx1ulk4aemras37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rzkpg5x89gx1ulk4aemras37|03|net"; nocase; ) # dqspuk2ntk9kx037lju9342h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dqspuk2ntk9kx037lju9342h|03|com"; nocase; ) # 1xc7ial1e52zarsdxm6r15y27u2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xc7ial1e52zarsdxm6r15y27u2|03|org"; nocase; ) # 1tlsqmhwqlcap1qgs4v71vo4v67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tlsqmhwqlcap1qgs4v71vo4v67|03|com"; nocase; ) # 1b1cpuj1tkg3ug9mgqu411mrb5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1cpuj1tkg3ug9mgqu411mrb5i|03|org"; nocase; ) # su6csoaou8as79w6w95tklv2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|su6csoaou8as79w6w95tklv2|03|biz"; nocase; ) # 1unrz8g86hxh910rskrp1meqxlo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1unrz8g86hxh910rskrp1meqxlo|03|com"; nocase; ) # m27jqbygfrw6126g5xya4eos7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m27jqbygfrw6126g5xya4eos7|03|net"; nocase; ) # abjt3qo18ysuska3f816iw288.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abjt3qo18ysuska3f816iw288|03|net"; nocase; ) # bcu8xy1i5fkdzvv2qj9siiwm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bcu8xy1i5fkdzvv2qj9siiwm3|03|org"; nocase; ) # 32ipws1hoizl4oijmsvwbydsh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32ipws1hoizl4oijmsvwbydsh|03|com"; nocase; ) # 1nwv4uyl3g2o01nzl5ziukfpir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nwv4uyl3g2o01nzl5ziukfpir|03|net"; nocase; ) # bofwb7171pypn12z8f1uilqudx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bofwb7171pypn12z8f1uilqudx|03|com"; nocase; ) # wbsjof1whlbro1xp2yma157bd3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wbsjof1whlbro1xp2yma157bd3t|03|org"; nocase; ) # dmjsulsd0kjn1sb3pt6cyzaj5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmjsulsd0kjn1sb3pt6cyzaj5|03|biz"; nocase; ) # 1aawc3lm1290xipxbq8rvuzpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aawc3lm1290xipxbq8rvuzpj|03|com"; nocase; ) # 3ad3xk1rmv3qq1cffv1rhgyz2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ad3xk1rmv3qq1cffv1rhgyz2v|03|biz"; nocase; ) # 5ish201bezrsx8mtfs81wg0xgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ish201bezrsx8mtfs81wg0xgp|03|com"; nocase; ) # b92dp216eid031xmxpn51rz3luj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b92dp216eid031xmxpn51rz3luj|03|biz"; nocase; ) # 1jd6huq1hf10qb159vj271i3tvd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jd6huq1hf10qb159vj271i3tvd0|03|org"; nocase; ) # 1nqojdbm32zxxuo29ce4d68z4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000018999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nqojdbm32zxxuo29ce4d68z4|03|net"; nocase; ) # 17kit0x1p3h59f1huq1m51ls7d68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17kit0x1p3h59f1huq1m51ls7d68|03|com"; nocase; ) # ulw3v5134h50tnkyemijuu8tr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ulw3v5134h50tnkyemijuu8tr|03|net"; nocase; ) # udumwp1rdm8m11osr9h11ctykc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|udumwp1rdm8m11osr9h11ctykc|03|net"; nocase; ) # rk5jt61pal3dmp1ffv36b25o0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rk5jt61pal3dmp1ffv36b25o0|03|org"; nocase; ) # dn4f48soaa7wwlegbysnrib7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dn4f48soaa7wwlegbysnrib7|03|net"; nocase; ) # balqpz6onulc1jek929rl2y5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|balqpz6onulc1jek929rl2y5f|03|org"; nocase; ) # 4mvc2i1774hdo13xsygu1ep8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4mvc2i1774hdo13xsygu1ep8g|03|com"; nocase; ) # iw1a0gc1xqxg4k2abiir5zha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iw1a0gc1xqxg4k2abiir5zha|03|com"; nocase; ) # 39dp411qxnla8ax34u11rswa3i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39dp411qxnla8ax34u11rswa3i|03|org"; nocase; ) # 10npbmka5tv9cl26zde140k54g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10npbmka5tv9cl26zde140k54g|03|biz"; nocase; ) # 10krf891b473rcpml5vl1m638o9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10krf891b473rcpml5vl1m638o9|03|com"; nocase; ) # a8he30morqqvqu8ecy1gqenl3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8he30morqqvqu8ecy1gqenl3|03|biz"; nocase; ) # 1mxw1bz1v6ehi9shqo281v8qg3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mxw1bz1v6ehi9shqo281v8qg3g|03|org"; nocase; ) # ugccat1wf0hg81g96oi4bpkih8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ugccat1wf0hg81g96oi4bpkih8|03|biz"; nocase; ) # 15sq6vr12htrra1jggyof16g3bxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15sq6vr12htrra1jggyof16g3bxe|03|net"; nocase; ) # 80rnd01jmwlxoaf0e131qccmzq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|80rnd01jmwlxoaf0e131qccmzq|03|net"; nocase; ) # nphjs311k7hd71q9dz061pqh16n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nphjs311k7hd71q9dz061pqh16n|03|biz"; nocase; ) # 1btsdxs1r04trl1nh95eaclpjgk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1btsdxs1r04trl1nh95eaclpjgk|03|org"; nocase; ) # jwx4bi1v5kt5t23cgy31ii9fyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jwx4bi1v5kt5t23cgy31ii9fyb|03|org"; nocase; ) # 1lzm1pkjsxvfc153w3u91uf7e9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lzm1pkjsxvfc153w3u91uf7e9x|03|net"; nocase; ) # 12vmjnj1yokigf3sae1naeqvx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vmjnj1yokigf3sae1naeqvx9|03|biz"; nocase; ) # cdobtuwf7jfzi7gw1yd9s2qr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cdobtuwf7jfzi7gw1yd9s2qr|03|com"; nocase; ) # 1fbp1k41olvnlu9oeceg1s83z0z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbp1k41olvnlu9oeceg1s83z0z|03|com"; nocase; ) # j4kr9q146w9udhxbrxw140206v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4kr9q146w9udhxbrxw140206v|03|net"; nocase; ) # rd4h358hh4tn1ikq0t01csa2to.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rd4h358hh4tn1ikq0t01csa2to|03|net"; nocase; ) # 5k91s314l7acd1kjpog81ywrgqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5k91s314l7acd1kjpog81ywrgqx|03|com"; nocase; ) # 1yldwzf1b3d8891g44ujc10k9zua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yldwzf1b3d8891g44ujc10k9zua|03|net"; nocase; ) # 1bly7rk1c4h5fi93ep4leacjo0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bly7rk1c4h5fi93ep4leacjo0|03|biz"; nocase; ) # g6todmw2iiud1fmb5t1lgzhye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6todmw2iiud1fmb5t1lgzhye|03|com"; nocase; ) # y26pr1hwsjsj89tsca4q4t8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y26pr1hwsjsj89tsca4q4t8u|03|net"; nocase; ) # lj7b189wqvqnxiws561hvttc5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lj7b189wqvqnxiws561hvttc5|03|biz"; nocase; ) # 1yj2tr11gllwvj19lsjr91oaxgut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yj2tr11gllwvj19lsjr91oaxgut|03|org"; nocase; ) # 1084q0c1a9fdnv1u5b97h1b1ro2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1084q0c1a9fdnv1u5b97h1b1ro2e|03|net"; nocase; ) # 187rf7y15d524xwc4l87jj2wtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|187rf7y15d524xwc4l87jj2wtj|03|net"; nocase; ) # 14ix0pd1tf233l1sk14581kbkelu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14ix0pd1tf233l1sk14581kbkelu|03|net"; nocase; ) # qjnayq6mwixgplatd11ib0vzz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qjnayq6mwixgplatd11ib0vzz|03|com"; nocase; ) # c1fcun1sncbte1yfzh3i1bkbh0a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c1fcun1sncbte1yfzh3i1bkbh0a|03|com"; nocase; ) # 2ynrx7q4rnxh1leelej1glssck.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ynrx7q4rnxh1leelej1glssck|03|biz"; nocase; ) # 1tl6m0n1onx44818wq68a2piyp7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tl6m0n1onx44818wq68a2piyp7|03|org"; nocase; ) # 1opmtybr2d3bf17pg9dzpxq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1opmtybr2d3bf17pg9dzpxq8|03|org"; nocase; ) # 15vhz6kzmo7sm1tc7ym8cepd2o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15vhz6kzmo7sm1tc7ym8cepd2o|03|com"; nocase; ) # un04hn8m270u1tr31lnk53v3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|un04hn8m270u1tr31lnk53v3y|03|net"; nocase; ) # 5r0dlefoossfn2uqh9c64sgg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5r0dlefoossfn2uqh9c64sgg|03|net"; nocase; ) # z3tmwa1akyk4m1i7sg6qmjmsa3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z3tmwa1akyk4m1i7sg6qmjmsa3|03|net"; nocase; ) # xsjrai1sc4xn7186rms7dh4fah.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsjrai1sc4xn7186rms7dh4fah|03|net"; nocase; ) # 1mf43kf161mrzn178n1w21qid6i7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mf43kf161mrzn178n1w21qid6i7|03|net"; nocase; ) # fabpo0nvpwtp1vklva31y4md62.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fabpo0nvpwtp1vklva31y4md62|03|com"; nocase; ) # tzjlk9fv2tii1lhyvis14jl86l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tzjlk9fv2tii1lhyvis14jl86l|03|org"; nocase; ) # 1jnhuqdynphwm45p6y71u32w70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jnhuqdynphwm45p6y71u32w70|03|org"; nocase; ) # 14ri1ld3plqx3i0uef54i0cw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14ri1ld3plqx3i0uef54i0cw|03|net"; nocase; ) # o4acayf0152l1ye49phtz1m6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o4acayf0152l1ye49phtz1m6c|03|biz"; nocase; ) # 1qq9k791ktp0481wkbaqzbwz77z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qq9k791ktp0481wkbaqzbwz77z|03|com"; nocase; ) # btn8d91308ri6l5vq2qrt6ni8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|btn8d91308ri6l5vq2qrt6ni8|03|org"; nocase; ) # wqo5x1d5uwiosdk25v1hdiuqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqo5x1d5uwiosdk25v1hdiuqq|03|org"; nocase; ) # x457ji1kzdbkcvg1ca51nm94i9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x457ji1kzdbkcvg1ca51nm94i9|03|net"; nocase; ) # 1esckia1hgteysbgtryx1skt7dk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1esckia1hgteysbgtryx1skt7dk|03|net"; nocase; ) # 3n0gyc1mkvfa8eu838xlys6v5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3n0gyc1mkvfa8eu838xlys6v5|03|org"; nocase; ) # 1hb9e8b1g2evtv1bhen78t8x012.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hb9e8b1g2evtv1bhen78t8x012|03|net"; nocase; ) # yds66z9uade3xo52sn1olcbo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yds66z9uade3xo52sn1olcbo7|03|net"; nocase; ) # reqhjlwi6ppa1n2ec701e2nwuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|reqhjlwi6ppa1n2ec701e2nwuz|03|com"; nocase; ) # 9irzbyzozngg7mud95iys9px.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9irzbyzozngg7mud95iys9px|03|biz"; nocase; ) # 16q54pw1b5cqpt1ci8tj71mxr4wc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16q54pw1b5cqpt1ci8tj71mxr4wc|03|org"; nocase; ) # 7y10cl2pn5c3v7hhga8tz9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|7y10cl2pn5c3v7hhga8tz9y|03|org"; nocase; ) # 1xkfj5qsov4qk1vii6qu1vl68u8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xkfj5qsov4qk1vii6qu1vl68u8|03|net"; nocase; ) # lb9qa51nhc9021kya0reh4r43z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lb9qa51nhc9021kya0reh4r43z|03|net"; nocase; ) # xqr0m01xm8nzc1cmg2r0wkggns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xqr0m01xm8nzc1cmg2r0wkggns|03|net"; nocase; ) # 1mzel9p18k1fh413u1h2b191gbyw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mzel9p18k1fh413u1h2b191gbyw|03|biz"; nocase; ) # m5p0bauwgtri1uch0mh2vt1oi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5p0bauwgtri1uch0mh2vt1oi|03|net"; nocase; ) # i77quw1uro9w315pcuj7819ji6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i77quw1uro9w315pcuj7819ji6|03|org"; nocase; ) # ys9nkx19e27a219jqq38m9ig9t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ys9nkx19e27a219jqq38m9ig9t|03|com"; nocase; ) # hjqluq1m668s86g6q1j19fjdry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hjqluq1m668s86g6q1j19fjdry|03|net"; nocase; ) # z1wiv31fpuwl56i2l8g1ohdnav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z1wiv31fpuwl56i2l8g1ohdnav|03|org"; nocase; ) # ddebnnrarkiq1ahcasa1f596ez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ddebnnrarkiq1ahcasa1f596ez|03|net"; nocase; ) # 1oon0ws5v70i81iyima21k73phi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oon0ws5v70i81iyima21k73phi|03|net"; nocase; ) # 1oc7x3z4llypt1w0lx1r8q76be.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oc7x3z4llypt1w0lx1r8q76be|03|com"; nocase; ) # 1enobk815m4a31eyjzit17vfq8z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1enobk815m4a31eyjzit17vfq8z|03|net"; nocase; ) # 18efcyw1kzgjpjpxd1v7141gqxd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18efcyw1kzgjpjpxd1v7141gqxd|03|com"; nocase; ) # 1ffq375wcj6mxinuzi81sel5sj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ffq375wcj6mxinuzi81sel5sj|03|net"; nocase; ) # 1wdtr0z880ctrj32j8e1k05amd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wdtr0z880ctrj32j8e1k05amd|03|net"; nocase; ) # 62ivtq15ntswu2x9qtfqa5043.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|62ivtq15ntswu2x9qtfqa5043|03|biz"; nocase; ) # 9qe28j1iqndzn1j2wwtk1r4umpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9qe28j1iqndzn1j2wwtk1r4umpt|03|biz"; nocase; ) # 1qfvjyyjspgiskadk911pgqe7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfvjyyjspgiskadk911pgqe7|03|biz"; nocase; ) # 1j7yrbn1o36l1y12gk7zt16g2ypq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j7yrbn1o36l1y12gk7zt16g2ypq|03|com"; nocase; ) # v7ggzy1ofb1gv9jr9t19u9d6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v7ggzy1ofb1gv9jr9t19u9d6n|03|org"; nocase; ) # 1v8bhqa1taxslb15c89jy5hzy6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8bhqa1taxslb15c89jy5hzy6r|03|net"; nocase; ) # 16xaj60lgvyvr16z4zlh16ws8x0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xaj60lgvyvr16z4zlh16ws8x0|03|biz"; nocase; ) # 64dgez4zzat31wd6kw81jtxfji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64dgez4zzat31wd6kw81jtxfji|03|net"; nocase; ) # f9j9r0d1vjibzkoxab8p90vl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f9j9r0d1vjibzkoxab8p90vl|03|biz"; nocase; ) # 1ruuwo1m2wl6flp1fyu12pwtxu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ruuwo1m2wl6flp1fyu12pwtxu|03|org"; nocase; ) # dg8f93ubqoppknujrxfqeq59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dg8f93ubqoppknujrxfqeq59|03|org"; nocase; ) # eur5m41cfhfb100em065q1lz7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eur5m41cfhfb100em065q1lz7|03|org"; nocase; ) # 1ws9arc150kn1z1vhlcrd1lkdpi2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ws9arc150kn1z1vhlcrd1lkdpi2|03|com"; nocase; ) # 5fqidliun7yn1djos1z1iviw82.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fqidliun7yn1djos1z1iviw82|03|net"; nocase; ) # 1ao83q81vcwbbe1bmfa361p3n7ip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ao83q81vcwbbe1bmfa361p3n7ip|03|com"; nocase; ) # ppokpq16t90ko1mqeyarx579t6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ppokpq16t90ko1mqeyarx579t6|03|net"; nocase; ) # 1tbumyp1i3mibc1wvloay3wlj99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbumyp1i3mibc1wvloay3wlj99|03|com"; nocase; ) # 1mipqpvrmyqec88fxn712sjq3e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mipqpvrmyqec88fxn712sjq3e|03|biz"; nocase; ) # 1hxbwoz1naa6slkfohxr1dtlins.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hxbwoz1naa6slkfohxr1dtlins|03|net"; nocase; ) # 11uiqmx1iesvq111vqpbnuujac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11uiqmx1iesvq111vqpbnuujac|03|com"; nocase; ) # judf481j0sxyn1xz8ubq170s2jb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|judf481j0sxyn1xz8ubq170s2jb|03|net"; nocase; ) # 7mdals1gwswiqogpn79l744vj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7mdals1gwswiqogpn79l744vj|03|net"; nocase; ) # a5ryr01d4owqe1k5hu9fykx18c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a5ryr01d4owqe1k5hu9fykx18c|03|biz"; nocase; ) # tb6wgi1x2q3o1eu9phajnz4mj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tb6wgi1x2q3o1eu9phajnz4mj|03|biz"; nocase; ) # 10em00r1szpkxmk03rj61dje8uz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10em00r1szpkxmk03rj61dje8uz|03|org"; nocase; ) # 50u6491j58yk8iyywib1lu9v50.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|50u6491j58yk8iyywib1lu9v50|03|org"; nocase; ) # 13cby0436utw1167rhon1qiuv3z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13cby0436utw1167rhon1qiuv3z|03|biz"; nocase; ) # 1dlqg9hye1hwzni10hx8gcvg0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dlqg9hye1hwzni10hx8gcvg0|03|net"; nocase; ) # 6s1a2u1w1boqj2fa7y284fwu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6s1a2u1w1boqj2fa7y284fwu0|03|net"; nocase; ) # boxe7x1fvoj2zeefbv4x7po03.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|boxe7x1fvoj2zeefbv4x7po03|03|biz"; nocase; ) # e30kx16cblkfdav6xvevxq0g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e30kx16cblkfdav6xvevxq0g|03|org"; nocase; ) # 2wdx501a2zklr8iln6k14q7tnh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2wdx501a2zklr8iln6k14q7tnh|03|net"; nocase; ) # oeypkd13060yts6jxk21b1iupp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oeypkd13060yts6jxk21b1iupp|03|net"; nocase; ) # fu9by1y9bvc11k5eql6vf7by3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fu9by1y9bvc11k5eql6vf7by3|03|com"; nocase; ) # 1tykch2oop47lywnyqg1ljokx7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tykch2oop47lywnyqg1ljokx7|03|net"; nocase; ) # 1vg9v8915v6eby1pg9s6y1tkqc97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vg9v8915v6eby1pg9s6y1tkqc97|03|net"; nocase; ) # 10ueomt14u8kntm9z33x1mfl611.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ueomt14u8kntm9z33x1mfl611|03|com"; nocase; ) # 5bjzgcjh2wdm1auk4tmc1mix7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5bjzgcjh2wdm1auk4tmc1mix7|03|org"; nocase; ) # 12g7qcr1x4um6sdmwrk71ji5cmb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12g7qcr1x4um6sdmwrk71ji5cmb|03|com"; nocase; ) # vajsge1oxldll2n70021p49zjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vajsge1oxldll2n70021p49zjo|03|com"; nocase; ) # 1o9t3lm1uhj8xoomah4y1misklb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o9t3lm1uhj8xoomah4y1misklb|03|biz"; nocase; ) # 15pk89qmvq29o11fa0gr1oq3wzo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15pk89qmvq29o11fa0gr1oq3wzo|03|biz"; nocase; ) # 150uhnd1wn2eva12a7ic51xcb9j3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|150uhnd1wn2eva12a7ic51xcb9j3|03|org"; nocase; ) # m88rnv1ax55f41p731kp1c5fqol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m88rnv1ax55f41p731kp1c5fqol|03|biz"; nocase; ) # 8454y01083iz71vz98d01aa1pua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8454y01083iz71vz98d01aa1pua|03|net"; nocase; ) # 1f37o3ef9m06hhimo7z5avt6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f37o3ef9m06hhimo7z5avt6s|03|net"; nocase; ) # kw34ib1agru4w1r9n4hj1aphp4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kw34ib1agru4w1r9n4hj1aphp4b|03|net"; nocase; ) # 1t23nyejzhard1brphcg1apb6f3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t23nyejzhard1brphcg1apb6f3|03|biz"; nocase; ) # 1dlnbx515qe3lk1ay37wfc1j0x6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dlnbx515qe3lk1ay37wfc1j0x6|03|net"; nocase; ) # ngqdfps6kkdp1nxa1g1dq1ob1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ngqdfps6kkdp1nxa1g1dq1ob1|03|org"; nocase; ) # 16gvhg91vkx97wc55w27vf4bgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16gvhg91vkx97wc55w27vf4bgq|03|com"; nocase; ) # v172k66azkxu1wez1z516q565u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v172k66azkxu1wez1z516q565u|03|biz"; nocase; ) # 1gtls3eopiij61ujasie15es9ps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gtls3eopiij61ujasie15es9ps|03|net"; nocase; ) # 62w3u3bdwehy1pqj955lf0fiy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|62w3u3bdwehy1pqj955lf0fiy|03|org"; nocase; ) # 1rn0ipd1g8u9y01t0aao3nsgbf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rn0ipd1g8u9y01t0aao3nsgbf1|03|org"; nocase; ) # 1h1gt4z84cvq0b41tgajq71sk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h1gt4z84cvq0b41tgajq71sk|03|net"; nocase; ) # 6yg4zy1h5r6hoha12zguhx9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6yg4zy1h5r6hoha12zguhx9k|03|net"; nocase; ) # rfl354lkq1fhpwj3vnk4ftsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rfl354lkq1fhpwj3vnk4ftsd|03|org"; nocase; ) # 123yivqlmfouv1lu8jnzb8emfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|123yivqlmfouv1lu8jnzb8emfs|03|org"; nocase; ) # 175y5m21cakwdeggx1sb1jrlunq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|175y5m21cakwdeggx1sb1jrlunq|03|com"; nocase; ) # 82ig5p18k6ugk1tdvpr31fqk635.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|82ig5p18k6ugk1tdvpr31fqk635|03|com"; nocase; ) # 2cerb91uwi6kp17ub8h85mx1gc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cerb91uwi6kp17ub8h85mx1gc|03|biz"; nocase; ) # hbgsnvcbdmiqyrih.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019141; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hbgsnvcbdmiqyrih|02|eu"; nocase; ) # hljkfmoxegoochug.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019142; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hljkfmoxegoochug|02|eu"; nocase; ) # bfdupasxbxtybfin.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019143; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bfdupasxbxtybfin|02|eu"; nocase; ) # bmvdbbspyyubhxpa.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019144; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bmvdbbspyyubhxpa|02|eu"; nocase; ) # binqvprdfqyulomm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019145; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|binqvprdfqyulomm|02|eu"; nocase; ) # bwyufermngomkacm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019146; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bwyufermngomkacm|02|eu"; nocase; ) # uvmjrevumjsuqfug.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019147; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|uvmjrevumjsuqfug|02|eu"; nocase; ) # urewmgivsnjoijrs.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019148; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|urewmgivsnjoijrs|02|eu"; nocase; ) # ugdojuurbqysthtf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019149; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ugdojuurbqysthtf|02|eu"; nocase; ) # odhuallkcbwmqcyl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019150; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|odhuallkcbwmqcyl|02|eu"; nocase; ) # isffsbclfwsqhejf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019151; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|isffsbclfwsqhejf|02|eu"; nocase; ) # csthphrvjmigoisk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019152; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|csthphrvjmigoisk|02|eu"; nocase; ) # colukjewpqymsycw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019153; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|colukjewpqymsycw|02|eu"; nocase; ) # pdktcmysrpmmdtsk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019154; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pdktcmysrpmmdtsk|02|eu"; nocase; ) # pyotwbltxtdgukpw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019155; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pyotwbltxtdgukpw|02|eu"; nocase; ) # pnnltpxpgwskgvrj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019156; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pnnltpxpgwskgvrj|02|eu"; nocase; ) # jhhveqcdqolistfq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019157; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jhhveqcdqolistfq|02|eu"; nocase; ) # jkrrkgoihhqedqwp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019158; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jkrrkgoihhqedqwp|02|eu"; nocase; ) # jydjhubrpwsiooyc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019159; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jydjhubrpwsiooyc|02|eu"; nocase; ) # jncbejbblavanaoc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019160; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jncbejbblavanaoc|02|eu"; nocase; ) # dadpdjfjkdavtfhj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019161; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dadpdjfjkdavtfhj|02|eu"; nocase; ) # a2edfc3f7adeb90f3d9854e701407b10ed.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019162; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a2edfc3f7adeb90f3d9854e701407b10ed|02|cc"; nocase; ) # b44a4b905f533b977c8d4eb6c04de2a299.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019163; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b44a4b905f533b977c8d4eb6c04de2a299|02|ws"; nocase; ) # d70196763752fbcbbd3ee58ddc52667bd5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019164; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d70196763752fbcbbd3ee58ddc52667bd5|02|in"; nocase; ) # k6b952a8d155c9f9bb540877992dba52ff.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019165; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k6b952a8d155c9f9bb540877992dba52ff|02|to"; nocase; ) # naa65fcdbf45de1642ec7a9c30749407c6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019166; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|naa65fcdbf45de1642ec7a9c30749407c6|02|cn"; nocase; ) # oeb72c3b487c529642ace2021e558ffa7e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019167; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oeb72c3b487c529642ace2021e558ffa7e|02|tk"; nocase; ) # x376eb2781f9dac5499966d92d0a2a4d9a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019168; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x376eb2781f9dac5499966d92d0a2a4d9a|02|so"; nocase; ) # y9fd66623045dc6ca7a5645d64f4e83246.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019169; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9fd66623045dc6ca7a5645d64f4e83246|02|cc"; nocase; ) # a86e0a731cef5ae0dfd6a3764d5070c949.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019170; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a86e0a731cef5ae0dfd6a3764d5070c949|02|to"; nocase; ) # ffc05b073a8d78e63fdc4c9e735a30c6c7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019171; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ffc05b073a8d78e63fdc4c9e735a30c6c7|02|so"; nocase; ) # h902dbae11634e74b68a1756cce0c97a49.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019172; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h902dbae11634e74b68a1756cce0c97a49|02|ws"; nocase; ) # k2c642d65a651ab2ccf7a652e5144297d0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019173; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k2c642d65a651ab2ccf7a652e5144297d0|02|tk"; nocase; ) # l17a753125cb8b3ae36904195ba41602f7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019174; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l17a753125cb8b3ae36904195ba41602f7|02|so"; nocase; ) # sdb770f9bb96a69f6ba618fe61254b837c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019175; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sdb770f9bb96a69f6ba618fe61254b837c|02|tk"; nocase; ) # t4b62a993e7fd3e3a5d3c90c151144f49f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019176; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t4b62a993e7fd3e3a5d3c90c151144f49f|02|so"; nocase; ) # wb45f6e7ccb5930e244554369e59ba6607.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019177; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb45f6e7ccb5930e244554369e59ba6607|02|to"; nocase; ) # y49b0f2d5387c6282139dfe8a17349dea0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019178; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y49b0f2d5387c6282139dfe8a17349dea0|02|hk"; nocase; ) # z461f9ff8fcc564e5ffadce9ad175d6327.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019179; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z461f9ff8fcc564e5ffadce9ad175d6327|02|cn"; nocase; ) # a409558767010a7b9206cb70571ea5bda6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019180; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a409558767010a7b9206cb70571ea5bda6|02|tk"; nocase; ) # r77f1909279c2b41eace88490b82bd4ef2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019181; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r77f1909279c2b41eace88490b82bd4ef2|02|so"; nocase; ) # u62d4d86a0e07ff08d366f671de425a83b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019182; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u62d4d86a0e07ff08d366f671de425a83b|02|to"; nocase; ) # za53bd8a9c73cf431069b8ff751dd21026.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019183; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za53bd8a9c73cf431069b8ff751dd21026|02|so"; nocase; ) # ae33089a28a3ce1db268251b97198fe3e9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019184; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ae33089a28a3ce1db268251b97198fe3e9|02|cc"; nocase; ) # b448255e3a4b8c4ad6664b83d8013c3e33.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019185; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b448255e3a4b8c4ad6664b83d8013c3e33|02|ws"; nocase; ) # c4f32ba0cbfc0347dfbd08b294f652fd82.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019186; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4f32ba0cbfc0347dfbd08b294f652fd82|02|to"; nocase; ) # m3701758382800e6f4532ed5f25547554c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019187; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m3701758382800e6f4532ed5f25547554c|02|hk"; nocase; ) # q979ebb73fbd20865a18c3060e6edf6098.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019188; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q979ebb73fbd20865a18c3060e6edf6098|02|cc"; nocase; ) # r99e304c39b95d6df6623af36162390c6f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019189; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r99e304c39b95d6df6623af36162390c6f|02|ws"; nocase; ) # w7e2318143a69bbfc99a56d52ba9f54420.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019190; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w7e2318143a69bbfc99a56d52ba9f54420|02|tk"; nocase; ) # ab882eca0d2c482edb847de3d57e36d8e7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019191; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab882eca0d2c482edb847de3d57e36d8e7|02|to"; nocase; ) # e9f7fb8fd52ff7a3174fef7d3b0c589a01.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019192; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9f7fb8fd52ff7a3174fef7d3b0c589a01|02|tk"; nocase; ) # ga3679944efa08175848ffda4063facd99.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019193; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga3679944efa08175848ffda4063facd99|02|cc"; nocase; ) # pf88fc48a138f4a7fb898ff80ef5ddbb11.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019194; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf88fc48a138f4a7fb898ff80ef5ddbb11|02|ws"; nocase; ) # a345a588f23d55d13b755c5f0d9e60d959.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019195; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a345a588f23d55d13b755c5f0d9e60d959|02|hk"; nocase; ) # ccea03bd39ad22ed10396bc53a829e74e5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019196; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ccea03bd39ad22ed10396bc53a829e74e5|02|tk"; nocase; ) # v731110f47f0b830d68710db542c05541a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019197; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v731110f47f0b830d68710db542c05541a|02|ws"; nocase; ) # ya3be9480809eb48e2376f84f484133762.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019198; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ya3be9480809eb48e2376f84f484133762|02|hk"; nocase; ) # ceeba89b949c48dc6d3d365f710c103001.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019199; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ceeba89b949c48dc6d3d365f710c103001|02|cc"; nocase; ) # d167df6b70a30facc03ccd3fee133c16b7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019200; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d167df6b70a30facc03ccd3fee133c16b7|02|ws"; nocase; ) # jbf6880e5304f829859768adfc6f7e7565.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019201; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jbf6880e5304f829859768adfc6f7e7565|02|so"; nocase; ) # o2cdbc4aa997dcf67c769ae39c4ca5d361.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019202; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2cdbc4aa997dcf67c769ae39c4ca5d361|02|hk"; nocase; ) # pab7c77b767d14443813eb2d441c1c5181.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019203; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pab7c77b767d14443813eb2d441c1c5181|02|cn"; nocase; ) # rb655faf1f223314b78420b0401d3ec1f3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019204; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb655faf1f223314b78420b0401d3ec1f3|02|so"; nocase; ) # t09524249d050818e2cae6aac9bc5f3ab2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019205; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t09524249d050818e2cae6aac9bc5f3ab2|02|ws"; nocase; ) # yc6e2af564887a1fe2cda7446697b87dfa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019206; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc6e2af564887a1fe2cda7446697b87dfa|02|tk"; nocase; ) # f6933806e0c078eb878c50716661a9de29.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019207; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6933806e0c078eb878c50716661a9de29|02|cn"; nocase; ) # gc0947d2dc3aac3ddc3d33a5e11f320322.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019208; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc0947d2dc3aac3ddc3d33a5e11f320322|02|tk"; nocase; ) # r4f60b40667319d0bbe71386fc52c75f58.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019209; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4f60b40667319d0bbe71386fc52c75f58|02|ws"; nocase; ) # v17aafda912212afd9052edfd0c2a7227d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019210; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v17aafda912212afd9052edfd0c2a7227d|02|cn"; nocase; ) # c200bbccfa2e33d0912bb3da8eeb8a0998.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019211; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c200bbccfa2e33d0912bb3da8eeb8a0998|02|hk"; nocase; ) # g32857efbcd0a202313a65291266139bd7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019212; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g32857efbcd0a202313a65291266139bd7|02|cc"; nocase; ) # i78a794fa19b42d4233ff7e445b61f0094.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019213; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i78a794fa19b42d4233ff7e445b61f0094|02|to"; nocase; ) # k52e525f67819013392df5a7befc6ffc9c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019214; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k52e525f67819013392df5a7befc6ffc9c|02|hk"; nocase; ) # f8491b048dcb236f1313895698546f4781.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019215; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8491b048dcb236f1313895698546f4781|02|ws"; nocase; ) # h5f7b020689481cab73e722992d2d135d3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019216; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h5f7b020689481cab73e722992d2d135d3|02|in"; nocase; ) # m5309cedd338486321e77630217548d752.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019217; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5309cedd338486321e77630217548d752|02|cc"; nocase; ) # u23e67338ab24129e87957acb4e80722da.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019218; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u23e67338ab24129e87957acb4e80722da|02|cc"; nocase; ) # g374675b131bdcad0edef74228f989015d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019219; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g374675b131bdcad0edef74228f989015d|02|hk"; nocase; ) # mb06e5b706135bc3504225d75696f2256d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019220; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb06e5b706135bc3504225d75696f2256d|02|to"; nocase; ) # o2792df10aa12b15b6b857bdba2ffea6d1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019221; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2792df10aa12b15b6b857bdba2ffea6d1|02|hk"; nocase; ) # q1d1817917090b750b606d9576b0f21b53.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019222; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1d1817917090b750b606d9576b0f21b53|02|tk"; nocase; ) # ve1cf7f9a6f27a5cc0b2022d257cb1691e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019223; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ve1cf7f9a6f27a5cc0b2022d257cb1691e|02|in"; nocase; ) # f04ae498f41683d58d4be3040dcf8f1647.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019224; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f04ae498f41683d58d4be3040dcf8f1647|02|cn"; nocase; ) # mc6960f73032987b84ebd47e17593b7ce5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019225; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc6960f73032987b84ebd47e17593b7ce5|02|hk"; nocase; ) # r894bb8c700b835a8e066575d5bdd270ac.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019226; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r894bb8c700b835a8e066575d5bdd270ac|02|ws"; nocase; ) # tca0069397636cf9d00704e0567e93004b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019227; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tca0069397636cf9d00704e0567e93004b|02|in"; nocase; ) # u033642f2cb0fd94eb5b2f3c98bb838f89.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019228; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u033642f2cb0fd94eb5b2f3c98bb838f89|02|hk"; nocase; ) # v80ae63a87acfcb5a2ef409c19c34ee6d7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019229; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v80ae63a87acfcb5a2ef409c19c34ee6d7|02|cn"; nocase; ) # ycec66a93eb36da811af4ba0e191f93c11.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019230; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ycec66a93eb36da811af4ba0e191f93c11|02|cc"; nocase; ) # dbbd772fb48a2d0af7b9f299d19bbe2522.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019231; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dbbd772fb48a2d0af7b9f299d19bbe2522|02|cn"; nocase; ) # q1d829aa1dabbb7895027a7061deb5a271.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019232; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1d829aa1dabbb7895027a7061deb5a271|02|to"; nocase; ) # va49311eb18ddabfe7b1999589558f6b0e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019233; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va49311eb18ddabfe7b1999589558f6b0e|02|so"; nocase; ) # wda87f68be11c6be620014f3d81c50e44c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019234; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wda87f68be11c6be620014f3d81c50e44c|02|cc"; nocase; ) # yccde1c4e6b4f52bbd2f94e1ccfa1b474a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019235; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yccde1c4e6b4f52bbd2f94e1ccfa1b474a|02|to"; nocase; ) # z3bda47eea78df465ce2d4e3fc1738499a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019236; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3bda47eea78df465ce2d4e3fc1738499a|02|in"; nocase; ) # a853c3a0399cbbe4827fa7aeac388733c9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019237; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a853c3a0399cbbe4827fa7aeac388733c9|02|hk"; nocase; ) # f023e51fd243767830e7549bcfa3f8f232.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019238; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f023e51fd243767830e7549bcfa3f8f232|02|ws"; nocase; ) # le291650b9e81e300a5def4300edb4eb8a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019239; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le291650b9e81e300a5def4300edb4eb8a|02|so"; nocase; ) # n5d964d2a5cd70d84ad6d1bd50c88172c6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019240; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5d964d2a5cd70d84ad6d1bd50c88172c6|02|ws"; nocase; ) # s7bd67962ddb0a4b64d304153d27f81d5a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019241; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s7bd67962ddb0a4b64d304153d27f81d5a|02|tk"; nocase; ) # wff282831c41d36e567fe09983fe54dc96.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019242; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wff282831c41d36e567fe09983fe54dc96|02|to"; nocase; ) # cc93482fa4c410e6f56b0ad62680062571.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019243; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc93482fa4c410e6f56b0ad62680062571|02|cc"; nocase; ) # ia014fc876f2b2991f50ae3d244ac25756.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019244; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia014fc876f2b2991f50ae3d244ac25756|02|tk"; nocase; ) # jaf07ccadb84d5217dcc1186a4412026e8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019245; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jaf07ccadb84d5217dcc1186a4412026e8|02|so"; nocase; ) # k73772ddb8bc056a5d0139144fb9f266aa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019246; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k73772ddb8bc056a5d0139144fb9f266aa|02|cc"; nocase; ) # q1302e623ad594af2c5fcc7df0bb827a80.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019247; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1302e623ad594af2c5fcc7df0bb827a80|02|tk"; nocase; ) # uc69904c645bf36a0029d70ff7df516098.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019248; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc69904c645bf36a0029d70ff7df516098|02|to"; nocase; ) # v26f4f76d40684b1a03550c8c23edaa04d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019249; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v26f4f76d40684b1a03550c8c23edaa04d|02|in"; nocase; ) # c1f1c3a9aa43e8f79f2abb3ad1383705c9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019250; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c1f1c3a9aa43e8f79f2abb3ad1383705c9|02|to"; nocase; ) # f18fde42f5f9dd82c965d0b19a54b6eb72.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019251; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f18fde42f5f9dd82c965d0b19a54b6eb72|02|cn"; nocase; ) # b84e653c7f76947f4250330c0a6c72f77b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019252; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b84e653c7f76947f4250330c0a6c72f77b|02|in"; nocase; ) # o49cb98dae9b4cd7936b49807295c7f92a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019253; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o49cb98dae9b4cd7936b49807295c7f92a|02|cc"; nocase; ) # w15acb521db719495ee11e323d3db5a732.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019254; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w15acb521db719495ee11e323d3db5a732|02|cc"; nocase; ) # y1b702337c8711e8214dcb3844a6f5623b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019255; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1b702337c8711e8214dcb3844a6f5623b|02|to"; nocase; ) # i5a518e2af8621587c833cbdb7d4debc00.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019256; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5a518e2af8621587c833cbdb7d4debc00|02|hk"; nocase; ) # l4267190d9270782d3fc864a71288b5e13.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019257; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4267190d9270782d3fc864a71288b5e13|02|so"; nocase; ) # m40db7a8de491b604cf9403ee71a8e4eff.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019258; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m40db7a8de491b604cf9403ee71a8e4eff|02|cc"; nocase; ) # n3d9b409812fdac3c77b9533f4eee5163d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019259; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3d9b409812fdac3c77b9533f4eee5163d|02|ws"; nocase; ) # u37a8474a76a904530c464a99679d276c6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019260; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u37a8474a76a904530c464a99679d276c6|02|cc"; nocase; ) # w25c8e7a92b4620e1caeefff4a644e12c5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019261; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w25c8e7a92b4620e1caeefff4a644e12c5|02|to"; nocase; ) # za70c1a2e080ed7e4f34eb788b2c5ad118.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019262; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za70c1a2e080ed7e4f34eb788b2c5ad118|02|cn"; nocase; ) # f3b03b80257405e97dc138cfeee33bd655.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019263; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f3b03b80257405e97dc138cfeee33bd655|02|in"; nocase; ) # kd70ed7ae2d1e73b189848ead38453b828.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019264; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd70ed7ae2d1e73b189848ead38453b828|02|cc"; nocase; ) # vba0c0ef3971bfd5c0647f97780cc7b16c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019265; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vba0c0ef3971bfd5c0647f97780cc7b16c|02|in"; nocase; ) # w58d8e053836b57b236398e82a12d95574.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019266; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w58d8e053836b57b236398e82a12d95574|02|hk"; nocase; ) # xe0924ce8badd263216f533aac33426a19.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019267; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe0924ce8badd263216f533aac33426a19|02|cn"; nocase; ) # z6815a266d79fad1da3bd69e769eb75a67.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019268; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6815a266d79fad1da3bd69e769eb75a67|02|so"; nocase; ) # eb252aceadd62d97622bbd78e749956fdd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019269; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eb252aceadd62d97622bbd78e749956fdd|02|hk"; nocase; ) # g6570c8a1a031b0dc928bea102372b1853.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019270; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6570c8a1a031b0dc928bea102372b1853|02|tk"; nocase; ) # h8f88aebc6732ffc6256fbe683eb09a13b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019271; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h8f88aebc6732ffc6256fbe683eb09a13b|02|so"; nocase; ) # rcbe696eb686a494b15b593161dce3ec5c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019272; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rcbe696eb686a494b15b593161dce3ec5c|02|ws"; nocase; ) # s1db4c60c1ccba44aa43e47ce1b629e7f8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019273; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s1db4c60c1ccba44aa43e47ce1b629e7f8|02|to"; nocase; ) # f3379681e2f510f6786ea655f686629148.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019274; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f3379681e2f510f6786ea655f686629148|02|so"; nocase; ) # gb8c5c689c3eaaa6cb210b536c3cf3103e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019275; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gb8c5c689c3eaaa6cb210b536c3cf3103e|02|cc"; nocase; ) # iad4f1440f2d833c0e96d1a3f5c07920bd.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019276; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|iad4f1440f2d833c0e96d1a3f5c07920bd|02|to"; nocase; ) # j2d6721e358bb734ff83f194ac8b7e8d31.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019277; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2d6721e358bb734ff83f194ac8b7e8d31|02|in"; nocase; ) # ncf03f1f1c8aebd96f82104d584d2967ff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019278; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ncf03f1f1c8aebd96f82104d584d2967ff|02|so"; nocase; ) # raffadd1e2cd23ecbeb5bfa278d5a54fe7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019279; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|raffadd1e2cd23ecbeb5bfa278d5a54fe7|02|in"; nocase; ) # sdaeede37473693038403e29d41386ec93.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019280; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sdaeede37473693038403e29d41386ec93|02|hk"; nocase; ) # u8683728afafd6032fb15f01176f0e37eb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019281; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8683728afafd6032fb15f01176f0e37eb|02|tk"; nocase; ) # vf1442693c8447a606fa08f94325bb2a94.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019282; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vf1442693c8447a606fa08f94325bb2a94|02|so"; nocase; ) # wca563a2bb864dc571dda24d35f288440c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019283; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wca563a2bb864dc571dda24d35f288440c|02|cc"; nocase; ) # aadd1d5492c37f0097c5a6f784eec27407.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019284; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aadd1d5492c37f0097c5a6f784eec27407|02|hk"; nocase; ) # cd2341052b32317710f4c9b9d8321e1788.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019285; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd2341052b32317710f4c9b9d8321e1788|02|tk"; nocase; ) # ga2a71bfe02956764aed1d3e74fba40052.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019286; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga2a71bfe02956764aed1d3e74fba40052|02|to"; nocase; ) # i5386d91fced37b05b62903830399c9ca6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019287; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5386d91fced37b05b62903830399c9ca6|02|hk"; nocase; ) # n37b981e89bc3317a8eeb0e26c5146b536.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019288; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n37b981e89bc3317a8eeb0e26c5146b536|02|ws"; nocase; ) # p0538e36eee0ce178f06bccff9cacd16ff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019289; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0538e36eee0ce178f06bccff9cacd16ff|02|in"; nocase; ) # s7afca42ec38ccfbc330f5262e98182799.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019290; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s7afca42ec38ccfbc330f5262e98182799|02|tk"; nocase; ) # u1da7d05b3d8a8dbc16e7f64f10c3b4898.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019291; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u1da7d05b3d8a8dbc16e7f64f10c3b4898|02|cc"; nocase; ) # z8cf471e43cd0122b33ccb28a3328bec67.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019292; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z8cf471e43cd0122b33ccb28a3328bec67|02|cn"; nocase; ) # n3810144f265f6a6896e901422182df571.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019293; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3810144f265f6a6896e901422182df571|02|in"; nocase; ) # f77c392bf32b0e88d7f19db3df2dd400db.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019294; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f77c392bf32b0e88d7f19db3df2dd400db|02|cn"; nocase; ) # md0e16eeecb24e3a342f801d9e237cb069.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019295; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md0e16eeecb24e3a342f801d9e237cb069|02|hk"; nocase; ) # q281de631ea505bda06fbcd6bae5a8fc3b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019296; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q281de631ea505bda06fbcd6bae5a8fc3b|02|cc"; nocase; ) # t6320420270995fd859b9a8ffd457ab1af.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019297; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6320420270995fd859b9a8ffd457ab1af|02|in"; nocase; ) # vaf7e6ceed1a6abc7402e53a96a7d66f9a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019298; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vaf7e6ceed1a6abc7402e53a96a7d66f9a|02|cn"; nocase; ) # h9cfc19745b60dc29f39e761fd555b4346.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019299; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h9cfc19745b60dc29f39e761fd555b4346|02|ws"; nocase; ) # ie370986a4816284854a64cb5fb6860799.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019300; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ie370986a4816284854a64cb5fb6860799|02|to"; nocase; ) # o66c35ad2df16ba6254e3b3538f23b4076.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019301; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o66c35ad2df16ba6254e3b3538f23b4076|02|cc"; nocase; ) # y3b58df8e5aac7825708115a05f6364912.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019302; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3b58df8e5aac7825708115a05f6364912|02|to"; nocase; ) # c513f88d2bc0f003f3272edb5ff3a61974.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019303; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c513f88d2bc0f003f3272edb5ff3a61974|02|tk"; nocase; ) # d46421cddad69df438fa289008d4e79a16.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019304; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d46421cddad69df438fa289008d4e79a16|02|so"; nocase; ) # fd5e23b55c11dc10b7c83f7cc656c974de.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019305; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fd5e23b55c11dc10b7c83f7cc656c974de|02|ws"; nocase; ) # m40cfafa93c6f6dbbbfe4f76eac4f93e48.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m40cfafa93c6f6dbbbfe4f76eac4f93e48|02|cc"; nocase; ) # n609445bb32023f03abae8358c05b071c3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n609445bb32023f03abae8358c05b071c3|02|ws"; nocase; ) # scfdf4b18a6d4d284e9d6a69420db3fb11.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|scfdf4b18a6d4d284e9d6a69420db3fb11|02|tk"; nocase; ) # e2d1965e44c9a0b467f9c8abc4e03c4ca7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e2d1965e44c9a0b467f9c8abc4e03c4ca7|02|to"; nocase; ) # i578640844f0b3c492924ae8447a78d8f4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i578640844f0b3c492924ae8447a78d8f4|02|tk"; nocase; ) # m899a263ec192bdcf9f96d90ddb60d1200.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m899a263ec192bdcf9f96d90ddb60d1200|02|to"; nocase; ) # o9b1ee8547c719bbfbabac2f3abc31188d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9b1ee8547c719bbfbabac2f3abc31188d|02|hk"; nocase; ) # y93d1f006530e6183f6b30b6689decd86e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y93d1f006530e6183f6b30b6689decd86e|02|tk"; nocase; ) # f6dcbe75df55b5c6201b55b3cf4b2f12af.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6dcbe75df55b5c6201b55b3cf4b2f12af|02|cn"; nocase; ) # g8728775cdeeade8dd97a83e7cc07d080e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g8728775cdeeade8dd97a83e7cc07d080e|02|tk"; nocase; ) # l9fbed313ff276ab18948b101822206b4a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9fbed313ff276ab18948b101822206b4a|02|in"; nocase; ) # m778f120dd266dd8cb62896fd3dbaac59b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m778f120dd266dd8cb62896fd3dbaac59b|02|hk"; nocase; ) # o5d38a4ffb6709b47405512bd5e91575cc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5d38a4ffb6709b47405512bd5e91575cc|02|tk"; nocase; ) # p6446602a3c5d8258c8320bcebd2435f33.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6446602a3c5d8258c8320bcebd2435f33|02|so"; nocase; ) # r88d4450a443336104e56237654b824dc8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r88d4450a443336104e56237654b824dc8|02|ws"; nocase; ) # jfa5aa121e028ea39773fb6c39ac8b3d29.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jfa5aa121e028ea39773fb6c39ac8b3d29|02|in"; nocase; ) # ncd3d78ddb60764c0d237da0c71e3c585f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ncd3d78ddb60764c0d237da0c71e3c585f|02|so"; nocase; ) # wd0df5619addeb32033514c4b471e6a33c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd0df5619addeb32033514c4b471e6a33c|02|cc"; nocase; ) # c3319365519062bcc7bb4bda58807581fd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3319365519062bcc7bb4bda58807581fd|02|tk"; nocase; ) # e011fece14999992e877b16a47c8de964f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e011fece14999992e877b16a47c8de964f|02|cc"; nocase; ) # hccfec97c53b1f305b40286623ee3120db.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hccfec97c53b1f305b40286623ee3120db|02|in"; nocase; ) # mc9e48b1e93e49b37d70418d440081486f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc9e48b1e93e49b37d70418d440081486f|02|cc"; nocase; ) # w5e68dacfebf63b0d25b15c82cb65789b2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5e68dacfebf63b0d25b15c82cb65789b2|02|to"; nocase; ) # y02ffa81dea4f3664ce537f68ccba4f34a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y02ffa81dea4f3664ce537f68ccba4f34a|02|hk"; nocase; ) # idfe5fecd6d8df3e1f5fbc3d5bfff6959b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|idfe5fecd6d8df3e1f5fbc3d5bfff6959b|02|tk"; nocase; ) # q301ab3734cbe1956b50e4d0cf86eae2cb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q301ab3734cbe1956b50e4d0cf86eae2cb|02|tk"; nocase; ) # vbc3a408d06fbaa3312855a23669815c2a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vbc3a408d06fbaa3312855a23669815c2a|02|in"; nocase; ) # e1fb328e4611e8fd72cdd37d2ea3e9ee41.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1fb328e4611e8fd72cdd37d2ea3e9ee41|02|hk"; nocase; ) # gb308f619b7fe3de8825f72ad05339aa0d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gb308f619b7fe3de8825f72ad05339aa0d|02|tk"; nocase; ) # oe4f778308003d5db35abe6b78d7d48c28.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe4f778308003d5db35abe6b78d7d48c28|02|tk"; nocase; ) # wb7ae9dfdc6edc32d08f04fd475a7642f9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb7ae9dfdc6edc32d08f04fd475a7642f9|02|tk"; nocase; ) # ec3ff5f0f8104534a49f741984d8f0b13b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec3ff5f0f8104534a49f741984d8f0b13b|02|tk"; nocase; ) # jd59863f450a96072f515870440a5906b5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd59863f450a96072f515870440a5906b5|02|in"; nocase; ) # qac898b95203f54fafe3d2cf76a22ef102.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qac898b95203f54fafe3d2cf76a22ef102|02|to"; nocase; ) # af54aa88596fa3377dff6ee774228809eb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af54aa88596fa3377dff6ee774228809eb|02|hk"; nocase; ) # b930ec6562d9c7cb1083722dfe405d0d35.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b930ec6562d9c7cb1083722dfe405d0d35|02|cn"; nocase; ) # h6676741d286d4f291e8f6f449b08ae1e1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h6676741d286d4f291e8f6f449b08ae1e1|02|in"; nocase; ) # l05858939c69b43aa9daa2e98225abe464.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l05858939c69b43aa9daa2e98225abe464|02|so"; nocase; ) # m93a653f618b1cb251c709c1b032896bbf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m93a653f618b1cb251c709c1b032896bbf|02|cc"; nocase; ) # yadde018f6911874c9720d347d8809d3e2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yadde018f6911874c9720d347d8809d3e2|02|hk"; nocase; ) # d6a3893f854674be9c761a5b4682bc7b01.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6a3893f854674be9c761a5b4682bc7b01|02|ws"; nocase; ) # r05e4d2b7542e4a7aea72e78bfa7b6ec2a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r05e4d2b7542e4a7aea72e78bfa7b6ec2a|02|so"; nocase; ) # t25ae0edfbbe4bedd346794a53b22bceb3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t25ae0edfbbe4bedd346794a53b22bceb3|02|ws"; nocase; ) # u977dcc8a89631d60164310f91a1958a75.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u977dcc8a89631d60164310f91a1958a75|02|to"; nocase; ) # bb1c93f6e74546d62a8521a33709a795f9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb1c93f6e74546d62a8521a33709a795f9|02|ws"; nocase; ) # e0fe6ffb09fa59af23b7d3d1a78417f287.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0fe6ffb09fa59af23b7d3d1a78417f287|02|hk"; nocase; ) # l1ecd0991994af725dcebb714778a69b73.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1ecd0991994af725dcebb714778a69b73|02|in"; nocase; ) # m0ea1a954d5d3bea70e36ed0dc23fd6afb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0ea1a954d5d3bea70e36ed0dc23fd6afb|02|hk"; nocase; ) # q898a743d54a179374daaf3220eaddcd31.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q898a743d54a179374daaf3220eaddcd31|02|cc"; nocase; ) # sb4eb5ea2916822358b693f312c1682c41.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb4eb5ea2916822358b693f312c1682c41|02|to"; nocase; ) # v8e329d6188bc61351b299ba13c0659eaa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8e329d6188bc61351b299ba13c0659eaa|02|cn"; nocase; ) # v87cafbb5cb03adc79bdb3f0498705b95d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v87cafbb5cb03adc79bdb3f0498705b95d|02|so"; nocase; ) # fda345503c9f54b8bb301d4f1463d113b5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fda345503c9f54b8bb301d4f1463d113b5|02|ws"; nocase; ) # g6a2c27b02f50af0f4f3a0dc0c2ac2ef61.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6a2c27b02f50af0f4f3a0dc0c2ac2ef61|02|to"; nocase; ) # j18238a859e38617d395352122f00b7143.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j18238a859e38617d395352122f00b7143|02|ws"; nocase; ) # n2a0029e1ddec525a45289691038938106.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2a0029e1ddec525a45289691038938106|02|cn"; nocase; ) # o66d734eea14b685056d08183c2288f165.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o66d734eea14b685056d08183c2288f165|02|tk"; nocase; ) # rd78ce537e29e36eceb1759bf47d92c927.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rd78ce537e29e36eceb1759bf47d92c927|02|ws"; nocase; ) # sb4c56453b2ceaf5442975ae3ec768e12a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb4c56453b2ceaf5442975ae3ec768e12a|02|to"; nocase; ) # x76ea2f73f79cc74e5fb3ddecb421266fe.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x76ea2f73f79cc74e5fb3ddecb421266fe|02|so"; nocase; ) # bcb07756148bc8e86fc103bc5ee7f17a98.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bcb07756148bc8e86fc103bc5ee7f17a98|02|in"; nocase; ) # nfc8a6af557e0bb3d11f254ad1c6ee43a9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfc8a6af557e0bb3d11f254ad1c6ee43a9|02|so"; nocase; ) # o7e11792d7a035bece123579247df04b93.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o7e11792d7a035bece123579247df04b93|02|cc"; nocase; ) # pebe606fe6dc371fd55e7210ab5fd53d9b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pebe606fe6dc371fd55e7210ab5fd53d9b|02|ws"; nocase; ) # x7b60d6f4214dcefa4ad67b80156c7e252.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7b60d6f4214dcefa4ad67b80156c7e252|02|ws"; nocase; ) # z23a945475552b4a670413d5bc58e075ca.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z23a945475552b4a670413d5bc58e075ca|02|in"; nocase; ) # d4d93a6823870e8700f96a24a15f8643b3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d4d93a6823870e8700f96a24a15f8643b3|02|so"; nocase; ) # jff828afdec093ccd4d16ffe51a4c34f3b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jff828afdec093ccd4d16ffe51a4c34f3b|02|cn"; nocase; ) # md99c96adb709efde74102622c20392c4a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md99c96adb709efde74102622c20392c4a|02|cc"; nocase; ) # o98913ef9ffb106f73b1e615d6f7af37d7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o98913ef9ffb106f73b1e615d6f7af37d7|02|to"; nocase; ) # qb540200b2ac96f24f5ad2d448be2d8dc5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb540200b2ac96f24f5ad2d448be2d8dc5|02|hk"; nocase; ) # x1cba07290d50f41dac23943ca420f5178.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1cba07290d50f41dac23943ca420f5178|02|in"; nocase; ) # za847140aa4a3a330a6892d22ec47391fa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za847140aa4a3a330a6892d22ec47391fa|02|cn"; nocase; ) # cce1eaea3cf2f40fe6348cf878658c3c00.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cce1eaea3cf2f40fe6348cf878658c3c00|02|cc"; nocase; ) # ddf8b283b72624379e9e474f543ed54726.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ddf8b283b72624379e9e474f543ed54726|02|ws"; nocase; ) # e2aa8f98863e293e9fb90c16e4142841a1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e2aa8f98863e293e9fb90c16e4142841a1|02|to"; nocase; ) # f29e1caab0d9d52c670643d6bb2e6cb96c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f29e1caab0d9d52c670643d6bb2e6cb96c|02|in"; nocase; ) # w627d8266ed17d42191448bfd9912f0e59.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w627d8266ed17d42191448bfd9912f0e59|02|hk"; nocase; ) # d456d44599a6290096399c812005d76785.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d456d44599a6290096399c812005d76785|02|in"; nocase; ) # j4162e156f4f9c6b28ec30c93123072051.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4162e156f4f9c6b28ec30c93123072051|02|ws"; nocase; ) # obcac4a851ce7282e8edc1824d64f8b539.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obcac4a851ce7282e8edc1824d64f8b539|02|tk"; nocase; ) # p3a1914472033a76782b84e504e11ea6a2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p3a1914472033a76782b84e504e11ea6a2|02|so"; nocase; ) # ra4c8406ffc571d4f8b05553f4116799cf.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra4c8406ffc571d4f8b05553f4116799cf|02|ws"; nocase; ) # s9f7e11d37f0dcfb404aa77c45390cfa20.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9f7e11d37f0dcfb404aa77c45390cfa20|02|to"; nocase; ) # te2565c52d471878dfb35644f6aa95a68e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te2565c52d471878dfb35644f6aa95a68e|02|in"; nocase; ) # cd4ae3b3a85f7e007dd7212eb32008fd73.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd4ae3b3a85f7e007dd7212eb32008fd73|02|hk"; nocase; ) # g0b70a50421c9dfb2cb0ccf285fc53b61f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g0b70a50421c9dfb2cb0ccf285fc53b61f|02|cc"; nocase; ) # h2db2ae261e334ca316cd350f042b2a1a9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2db2ae261e334ca316cd350f042b2a1a9|02|ws"; nocase; ) # lc4d2c21af9e31e2cdae49fa453fee6af6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc4d2c21af9e31e2cdae49fa453fee6af6|02|cn"; nocase; ) # m865043ec64661a9f9ba8dea767d138b43.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m865043ec64661a9f9ba8dea767d138b43|02|tk"; nocase; ) # rd492d914028c31b1aa537c64972dffa0f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rd492d914028c31b1aa537c64972dffa0f|02|in"; nocase; ) # s76a37c3d83ccc8b8ba65df7ff702bc2b4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s76a37c3d83ccc8b8ba65df7ff702bc2b4|02|hk"; nocase; ) # c6a44d67e722b5c32728922bea0e207b76.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6a44d67e722b5c32728922bea0e207b76|02|tk"; nocase; ) # g995b1845ad86132e8e9ceea78771f3c91.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g995b1845ad86132e8e9ceea78771f3c91|02|to"; nocase; ) # x00ccebdb02b3bc56d52c8d97332165776.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x00ccebdb02b3bc56d52c8d97332165776|02|in"; nocase; ) # z7ea80d1e871f1d2061ffffb763220e1b5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z7ea80d1e871f1d2061ffffb763220e1b5|02|cn"; nocase; ) # hd3d7f3dbaab990390cb7d69fce9daa4e8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd3d7f3dbaab990390cb7d69fce9daa4e8|02|cn"; nocase; ) # s2349136579f2b288d4399fdb4fca04ba5.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2349136579f2b288d4399fdb4fca04ba5|02|cc"; nocase; ) # ad509c723e8bde2e17e89ff4b79f83cd20.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad509c723e8bde2e17e89ff4b79f83cd20|02|cc"; nocase; ) # c4868b8ded60e45cead80ca6aaa6457f1a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4868b8ded60e45cead80ca6aaa6457f1a|02|to"; nocase; ) # x6cd81cbb5aaa4b85c8ee5b216b6760e75.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6cd81cbb5aaa4b85c8ee5b216b6760e75|02|so"; nocase; ) # df1521a0fb3e870e3945cd4b5305a53325.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df1521a0fb3e870e3945cd4b5305a53325|02|cn"; nocase; ) # j48d056f9eec499baa722ba620ee1da646.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j48d056f9eec499baa722ba620ee1da646|02|in"; nocase; ) # r93cec5445bb0414bdebc88f2ba72c5e8d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r93cec5445bb0414bdebc88f2ba72c5e8d|02|in"; nocase; ) # s7388c85ae04d4c3378d8ea391f8808831.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s7388c85ae04d4c3378d8ea391f8808831|02|hk"; nocase; ) # t68ada9852e0047c9fe7971d863abed219.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t68ada9852e0047c9fe7971d863abed219|02|cn"; nocase; ) # b48c9718c8d549e1d00b45c6a4efcc0a8e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b48c9718c8d549e1d00b45c6a4efcc0a8e|02|cn"; nocase; ) # ifc0ed982acec2fbd8aefe312144da0d24.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifc0ed982acec2fbd8aefe312144da0d24|02|hk"; nocase; ) # y8f7ebf64dea65d0933487c4907b621b87.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8f7ebf64dea65d0933487c4907b621b87|02|hk"; nocase; ) # c4006bbe6dc2d1c74aa931d41f15f023ce.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4006bbe6dc2d1c74aa931d41f15f023ce|02|cc"; nocase; ) # e8bb676da2b9ae452cbfda275481d1641d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8bb676da2b9ae452cbfda275481d1641d|02|to"; nocase; ) # pffc70bb471fd9783cb4e99aa341ff62d8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pffc70bb471fd9783cb4e99aa341ff62d8|02|cn"; nocase; ) # rd11d4c7f9973e5cce4fced02c2a506721.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rd11d4c7f9973e5cce4fced02c2a506721|02|so"; nocase; ) # v0219516b8e890508ba1bb35dc26ce67bd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v0219516b8e890508ba1bb35dc26ce67bd|02|in"; nocase; ) # ad9d12c3136bed854b89fc96a2ded76986.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad9d12c3136bed854b89fc96a2ded76986|02|cc"; nocase; ) # d535c84a0b3299df10fd08d4b1fee57aa8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d535c84a0b3299df10fd08d4b1fee57aa8|02|in"; nocase; ) # ib5a7b0b1bd661eedfe93cd5c5e82e550c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib5a7b0b1bd661eedfe93cd5c5e82e550c|02|cc"; nocase; ) # 5n7v74kjk2gtul34gfy4iha.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019423; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|5n7v74kjk2gtul34gfy4iha|04|ddns|03|net"; nocase; ) # iv167rq4m2yx70o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019424; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|iv167rq4m2yx70o|04|ddns|03|net"; nocase; ) # ijqvejwv7fcjib3pmbopob5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019425; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|ijqvejwv7fcjib3pmbopob5|04|ddns|03|net"; nocase; ) # itahwj5jw6wd7rmbexu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019426; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|itahwj5jw6wd7rmbexu|04|ddns|03|net"; nocase; ) # cv5pejixy4cvob3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019427; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|cv5pejixy4cvob3|04|ddns|03|net"; nocase; ) # 7x3bqnsrwripi4c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019428; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7x3bqnsrwripi4c|04|ddns|03|net"; nocase; ) # 52ud3x3f5nmhwr7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019429; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|52ud3x3f5nmhwr7|04|ddns|03|net"; nocase; ) # ruheoqehmukua.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019430; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|ruheoqehmukua|04|ddns|03|net"; nocase; ) # adgaepapdoawh.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019431; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|adgaepapdoawh|04|ddns|03|net"; nocase; ) # qewuorif.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019432; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|qewuorif|04|ddns|03|net"; nocase; ) # ikadokokdaekw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019433; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|ikadokokdaekw|04|ddns|03|net"; nocase; ) # ixgoetiqif.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019434; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|ixgoetiqif|04|ddns|03|net"; nocase; ) # uxqopiacagebkal.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019435; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0f|uxqopiacagebkal|04|ddns|03|net"; nocase; ) # taulecqi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019436; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|taulecqi|04|ddns|03|net"; nocase; ) # puritauqhog.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019437; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|puritauqhog|04|ddns|03|net"; nocase; ) # erviarivbiabbu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019438; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|erviarivbiabbu|04|ddns|03|net"; nocase; ) # raulpuan.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019439; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|raulpuan|04|ddns|03|net"; nocase; ) # bioxokrub.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019440; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|bioxokrub|04|ddns|03|net"; nocase; ) # quiguxqavano.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019441; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|quiguxqavano|04|ddns|03|net"; nocase; ) # ikumeglobu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019442; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|ikumeglobu|04|ddns|03|net"; nocase; ) # noafedniabt.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019443; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|noafedniabt|04|ddns|03|net"; nocase; ) # ixqeipreohusfae.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019444; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0f|ixqeipreohusfae|04|ddns|03|net"; nocase; ) # cisiutnuwo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019445; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|cisiutnuwo|04|ddns|03|net"; nocase; ) # habaututuwowut.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019446; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|habaututuwowut|04|ddns|03|net"; nocase; ) # quvouhmaurcu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019447; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|quvouhmaurcu|04|ddns|03|net"; nocase; ) # gaoparsuloi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019448; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|gaoparsuloi|04|ddns|03|net"; nocase; ) # vhapgqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019449; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vhapgqx|03|biz"; nocase; ) # iamgmkzojn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019450; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iamgmkzojn|03|org"; nocase; ) # wsmxenovaox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019451; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wsmxenovaox|03|biz"; nocase; ) # kvzyhlehh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019452; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kvzyhlehh|03|com"; nocase; ) # myzahr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019453; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|myzahr|03|com"; nocase; ) # dmpdqdpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019454; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dmpdqdpx|03|biz"; nocase; ) # xamzewgal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019455; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xamzewgal|03|com"; nocase; ) # kzrldfdrwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019456; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kzrldfdrwb|04|info"; nocase; ) # itklavqnze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019457; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|itklavqnze|04|info"; nocase; ) # jsarpwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019458; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jsarpwo|04|info"; nocase; ) # qhgznhby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019459; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qhgznhby|03|com"; nocase; ) # rsjsiisdyib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019460; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rsjsiisdyib|03|com"; nocase; ) # lkwula.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019461; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lkwula|03|org"; nocase; ) # kfzlfckid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019462; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kfzlfckid|03|com"; nocase; ) # cshfjwhxc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019463; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cshfjwhxc|04|info"; nocase; ) # frnefhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019464; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|frnefhn|03|com"; nocase; ) # rcbdtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019465; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rcbdtv|03|net"; nocase; ) # ugjhapsfqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019466; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ugjhapsfqc|03|biz"; nocase; ) # ugotbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019467; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ugotbs|03|com"; nocase; ) # otgahthph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019468; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|otgahthph|03|biz"; nocase; ) # hloukz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019469; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hloukz|03|org"; nocase; ) # dpdxoyvutcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019470; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dpdxoyvutcc|03|com"; nocase; ) # pjievn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019471; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pjievn|04|info"; nocase; ) # wtdsspai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019472; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wtdsspai|03|com"; nocase; ) # wqsdriqbgqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019473; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wqsdriqbgqf|03|biz"; nocase; ) # gjljkij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019474; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gjljkij|03|com"; nocase; ) # aseozojlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019475; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aseozojlx|03|org"; nocase; ) # nyjiqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019476; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nyjiqk|03|biz"; nocase; ) # skggfslpgfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019477; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|skggfslpgfj|03|com"; nocase; ) # arwmaamkofe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019478; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|arwmaamkofe|03|com"; nocase; ) # fsujprp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019479; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fsujprp|03|net"; nocase; ) # aovktmxbyh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019480; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aovktmxbyh|04|info"; nocase; ) # rzgmyuziag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019481; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rzgmyuziag|03|com"; nocase; ) # eeadnznzz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019482; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eeadnznzz|04|info"; nocase; ) # thnhpipq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019483; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|thnhpipq|03|biz"; nocase; ) # thohvnjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019484; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|thohvnjc|03|org"; nocase; ) # hephkdlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019485; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hephkdlh|03|org"; nocase; ) # dvbmwnrbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019486; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dvbmwnrbv|03|com"; nocase; ) # lcvolbvpm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019487; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lcvolbvpm|03|biz"; nocase; ) # yxrravzt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019488; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yxrravzt|04|info"; nocase; ) # fgrjqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019489; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fgrjqx|03|biz"; nocase; ) # arlsfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019490; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|arlsfx|03|com"; nocase; ) # modmusr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019491; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|modmusr|03|net"; nocase; ) # ounuhieblwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019492; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ounuhieblwh|04|info"; nocase; ) # gqujfntr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019493; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gqujfntr|03|net"; nocase; ) # omxvqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019494; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|omxvqh|03|biz"; nocase; ) # ojrinupwt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019495; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ojrinupwt|04|info"; nocase; ) # otullu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019496; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|otullu|03|org"; nocase; ) # ysgdqto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019497; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ysgdqto|03|net"; nocase; ) # weohlir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019498; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|weohlir|03|com"; nocase; ) # prlokuqlfcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019499; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|prlokuqlfcu|03|com"; nocase; ) # osldsgdssz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019500; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|osldsgdssz|03|net"; nocase; ) # xjavfywyi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019501; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xjavfywyi|04|info"; nocase; ) # tkgogs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019502; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tkgogs|03|com"; nocase; ) # npmtpghclku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019503; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|npmtpghclku|03|org"; nocase; ) # zipack.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019504; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zipack|03|com"; nocase; ) # lbgrnyugmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019505; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lbgrnyugmj|03|org"; nocase; ) # ffjvclp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019506; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ffjvclp|03|org"; nocase; ) # ljppqatkik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019507; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ljppqatkik|03|com"; nocase; ) # hyrpkqbylfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019508; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hyrpkqbylfk|03|com"; nocase; ) # tqjnoyhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019509; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tqjnoyhq|03|com"; nocase; ) # foofhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019510; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|foofhe|03|com"; nocase; ) # yzzqts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019511; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yzzqts|03|net"; nocase; ) # ouxvni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019512; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ouxvni|03|biz"; nocase; ) # ngyyhnu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019513; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ngyyhnu|03|biz"; nocase; ) # ehkvhoyjlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019514; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ehkvhoyjlu|03|org"; nocase; ) # llgiaut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019515; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|llgiaut|03|net"; nocase; ) # sycnzqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019516; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sycnzqg|03|biz"; nocase; ) # ouhtyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019517; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ouhtyu|04|info"; nocase; ) # tlfobool.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019518; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tlfobool|03|biz"; nocase; ) # bkktxxzqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019519; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bkktxxzqw|03|biz"; nocase; ) # qecuosux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019520; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qecuosux|03|net"; nocase; ) # grkohdaxpgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019521; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|grkohdaxpgz|03|com"; nocase; ) # vylwzjepu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019522; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vylwzjepu|03|biz"; nocase; ) # gwkbaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019523; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gwkbaa|03|com"; nocase; ) # sebgktqag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019524; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sebgktqag|03|com"; nocase; ) # mlcmlaguuum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019525; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mlcmlaguuum|03|net"; nocase; ) # mkghupbfvz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019526; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mkghupbfvz|04|info"; nocase; ) # rolxmvwlblw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019527; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rolxmvwlblw|03|org"; nocase; ) # ncgmfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019528; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ncgmfl|03|com"; nocase; ) # plsffuzdiuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019529; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|plsffuzdiuh|03|net"; nocase; ) # jrtimlvsajx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019530; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jrtimlvsajx|03|org"; nocase; ) # jicqzwafeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019531; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jicqzwafeh|03|com"; nocase; ) # auqqgdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019532; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|auqqgdg|03|com"; nocase; ) # zfpvbxtfvul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019533; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zfpvbxtfvul|03|net"; nocase; ) # gbpeykgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019534; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gbpeykgp|03|com"; nocase; ) # ozgmtwwe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019535; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ozgmtwwe|04|info"; nocase; ) # dbicyybsdrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019536; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dbicyybsdrx|03|net"; nocase; ) # bkyhhgbjj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019537; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bkyhhgbjj|03|org"; nocase; ) # phjjaypoo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019538; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|phjjaypoo|03|biz"; nocase; ) # cefiizkniwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019539; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cefiizkniwi|04|info"; nocase; ) # ttvoyemlmwu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019540; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ttvoyemlmwu|04|info"; nocase; ) # gmnjtbec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019541; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gmnjtbec|03|com"; nocase; ) # mljsliuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019542; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mljsliuh|03|net"; nocase; ) # szrpoqokxfv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019543; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|szrpoqokxfv|03|com"; nocase; ) # ipycqjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019544; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ipycqjp|03|org"; nocase; ) # yjtsrmdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019545; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yjtsrmdz|03|com"; nocase; ) # tppdvrgwn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019546; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tppdvrgwn|04|info"; nocase; ) # hbpxlhubtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019547; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hbpxlhubtt|03|net"; nocase; ) # ubxeavofr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019548; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ubxeavofr|03|com"; nocase; ) # chswbnmufrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019549; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|chswbnmufrc|03|net"; nocase; ) # bmbtlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019550; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bmbtlt|03|org"; nocase; ) # uaitie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019551; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uaitie|03|com"; nocase; ) # ffiwiexdic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019552; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ffiwiexdic|03|com"; nocase; ) # fupvlhlma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019553; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fupvlhlma|03|org"; nocase; ) # ejkcrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019554; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ejkcrz|03|net"; nocase; ) # vbmdgupkgvr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019555; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vbmdgupkgvr|04|info"; nocase; ) # ojvrxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019556; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ojvrxr|04|info"; nocase; ) # iplipqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019557; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|iplipqc|03|biz"; nocase; ) # hfixoo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019558; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hfixoo|03|biz"; nocase; ) # ousgkmsknd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019559; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ousgkmsknd|03|biz"; nocase; ) # ciwuskfxpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019560; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ciwuskfxpu|03|biz"; nocase; ) # ezgjzqax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019561; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ezgjzqax|03|com"; nocase; ) # lcehhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019562; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lcehhq|03|com"; nocase; ) # fkkzex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019563; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fkkzex|03|com"; nocase; ) # jermgukt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019564; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jermgukt|03|org"; nocase; ) # ifcrodj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019565; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ifcrodj|03|com"; nocase; ) # rxtnkoqtte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019566; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rxtnkoqtte|03|net"; nocase; ) # aeapzgmla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019567; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aeapzgmla|03|org"; nocase; ) # lgfivcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019568; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lgfivcs|03|com"; nocase; ) # xpzxpyy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019569; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xpzxpyy|04|info"; nocase; ) # cpqlhaoxuae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019570; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cpqlhaoxuae|03|com"; nocase; ) # nkkpgoiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019571; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nkkpgoiv|03|com"; nocase; ) # kktbzrqgtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019572; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kktbzrqgtk|03|net"; nocase; ) # kdruzwwhqsb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019573; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kdruzwwhqsb|03|net"; nocase; ) # slajuso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019574; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|slajuso|03|net"; nocase; ) # owsfca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019575; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|owsfca|03|com"; nocase; ) # blokxncik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019576; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|blokxncik|03|com"; nocase; ) # pbnelpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019577; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pbnelpj|03|biz"; nocase; ) # appzpxqan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019578; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|appzpxqan|03|com"; nocase; ) # vsxotdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019579; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vsxotdc|03|com"; nocase; ) # qftxail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019580; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qftxail|03|com"; nocase; ) # wblahyzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019581; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wblahyzi|04|info"; nocase; ) # wosguzgrvb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019582; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wosguzgrvb|04|info"; nocase; ) # cxfwiahl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019583; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cxfwiahl|03|com"; nocase; ) # wjrimlfnnpi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019584; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wjrimlfnnpi|03|biz"; nocase; ) # sjunqmrofme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019585; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|sjunqmrofme|03|org"; nocase; ) # yukklcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019586; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yukklcg|03|com"; nocase; ) # cwgkuvckxwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019587; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cwgkuvckxwo|04|info"; nocase; ) # ihfzlkx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019588; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ihfzlkx|03|org"; nocase; ) # dvbtozwlmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019589; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dvbtozwlmd|03|org"; nocase; ) # czijxrewyd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019590; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|czijxrewyd|04|info"; nocase; ) # thxpyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019591; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|thxpyu|04|info"; nocase; ) # lribts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019592; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lribts|03|net"; nocase; ) # ngurqdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019593; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ngurqdy|03|com"; nocase; ) # wzxjokhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wzxjokhp|03|com"; nocase; ) # wrnjxxvvms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wrnjxxvvms|03|org"; nocase; ) # ytvartrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ytvartrg|03|net"; nocase; ) # uwqqmhljzkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uwqqmhljzkz|03|org"; nocase; ) # zmneqzs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zmneqzs|04|info"; nocase; ) # bqtujyhogu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bqtujyhogu|03|com"; nocase; ) # simpdad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|simpdad|03|com"; nocase; ) # hqqgokaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hqqgokaj|03|com"; nocase; ) # bivorymfig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bivorymfig|03|com"; nocase; ) # ddfshl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ddfshl|03|com"; nocase; ) # uzekcumt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uzekcumt|03|org"; nocase; ) # bkcbfrhk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bkcbfrhk|03|com"; nocase; ) # qyzbbmhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qyzbbmhi|03|com"; nocase; ) # xnjkbkdndj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xnjkbkdndj|03|com"; nocase; ) # ytdmlumnhoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ytdmlumnhoy|03|biz"; nocase; ) # vndbfxvmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vndbfxvmz|03|org"; nocase; ) # vtdcbgh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vtdcbgh|03|com"; nocase; ) # rqifodbavde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rqifodbavde|03|com"; nocase; ) # eyyqfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|eyyqfo|03|com"; nocase; ) # voczjdn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|voczjdn|03|com"; nocase; ) # loygoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|loygoc|03|biz"; nocase; ) # faetzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|faetzi|04|info"; nocase; ) # fghybccuun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fghybccuun|03|net"; nocase; ) # wtnwdian.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wtnwdian|03|com"; nocase; ) # gdnlghespe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gdnlghespe|03|biz"; nocase; ) # wxuyzjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wxuyzjb|03|org"; nocase; ) # fyjkffps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fyjkffps|03|biz"; nocase; ) # igbcrpzhmfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|igbcrpzhmfq|03|com"; nocase; ) # bdsneimbe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bdsneimbe|03|com"; nocase; ) # wewgtcuzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wewgtcuzx|04|info"; nocase; ) # tvrsix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tvrsix|03|com"; nocase; ) # gyjulzzqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gyjulzzqv|03|biz"; nocase; ) # cohbiqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cohbiqi|03|biz"; nocase; ) # jstsovpdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jstsovpdc|03|com"; nocase; ) # hlexqdlwa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hlexqdlwa|04|info"; nocase; ) # susvtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|susvtl|03|net"; nocase; ) # lhiwkif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lhiwkif|03|com"; nocase; ) # wbdpkby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wbdpkby|03|com"; nocase; ) # cimdbppraki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cimdbppraki|03|org"; nocase; ) # klfcicscrzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|klfcicscrzb|04|info"; nocase; ) # gcennfurl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gcennfurl|03|net"; nocase; ) # zvyuruzv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zvyuruzv|04|info"; nocase; ) # fyaiergd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fyaiergd|03|com"; nocase; ) # zhcayfbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zhcayfbx|03|com"; nocase; ) # anahngbfgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|anahngbfgq|03|com"; nocase; ) # jfbtth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jfbtth|03|net"; nocase; ) # ejpneb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ejpneb|03|com"; nocase; ) # khdddt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|khdddt|03|com"; nocase; ) # ccamxvzo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ccamxvzo|04|info"; nocase; ) # ofecaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ofecaz|03|com"; nocase; ) # ftdoct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ftdoct|03|com"; nocase; ) # gxjfatpyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gxjfatpyu|04|info"; nocase; ) # incqldelww.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|incqldelww|04|info"; nocase; ) # etmqrqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|etmqrqu|03|biz"; nocase; ) # xezitqhhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xezitqhhl|03|com"; nocase; ) # ryswmtr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ryswmtr|03|net"; nocase; ) # jwcvigxq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jwcvigxq|04|info"; nocase; ) # axymyr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|axymyr|04|info"; nocase; ) # btdkqmzqek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|btdkqmzqek|03|com"; nocase; ) # kyrpsdwvhun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kyrpsdwvhun|03|net"; nocase; ) # bdkofel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bdkofel|03|com"; nocase; ) # uszdkgbdkwj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uszdkgbdkwj|04|info"; nocase; ) # mnvpachp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mnvpachp|03|com"; nocase; ) # qzwvinlnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qzwvinlnt|03|biz"; nocase; ) # mlejgwzzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mlejgwzzf|04|info"; nocase; ) # qehgpkfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qehgpkfb|03|com"; nocase; ) # tpshzxdixd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tpshzxdixd|04|info"; nocase; ) # kpbgjil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kpbgjil|03|com"; nocase; ) # dupsebcpd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dupsebcpd|03|biz"; nocase; ) # ocyyhdgeas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ocyyhdgeas|03|com"; nocase; ) # qecxbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qecxbh|03|com"; nocase; ) # nfcdeadfncamdnnm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019665; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nfcdeadfncamdnnm|03|com"; nocase; ) # bmmeeakmboddmfnf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019666; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmmeeakmboddmfnf|04|info"; nocase; ) # ffofkadlbonabdmm.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019667; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ffofkadlbonabdmm|02|co"; nocase; ) # lkdbebbcffkcadel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019668; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lkdbebbcffkcadel|03|com"; nocase; ) # ecfkfnakmbfkalco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019669; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ecfkfnakmbfkalco|03|net"; nocase; ) # mckaeabccdcdeafn.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019670; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mckaeabccdcdeafn|02|de"; nocase; ) # ocbffdcbfdfmdcke.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019671; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ocbffdcbfdfmdcke|02|de"; nocase; ) # labencoccdddackc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019672; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|labencoccdddackc|03|com"; nocase; ) # fodbofncabfbecbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019673; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fodbofncabfbecbk|03|com"; nocase; ) # fanabfccdlfdddab.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019674; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fanabfccdlfdddab|04|info"; nocase; ) # beakbfdanldcmadl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019675; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|beakbfdanldcmadl|04|info"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # bmbbdlbnbkdaacam.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019676; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmbbdlbnbkdaacam|02|co"; nocase; ) # fdackeaddadcocca.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019677; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdackeaddadcocca|02|cc"; nocase; ) # mcfcndkocbokdbcf.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019678; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mcfcndkocbokdbcf|06|online"; nocase; ) # qwpoor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019679; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qwpoor|03|com"; nocase; ) # ovebef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019680; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ovebef|03|com"; nocase; ) # nwyznk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019681; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nwyznk|03|com"; nocase; ) # oyqfwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019682; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oyqfwe|03|com"; nocase; ) # zqtfay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019683; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zqtfay|03|com"; nocase; ) # lfyjoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019684; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|lfyjoq|03|com"; nocase; ) # ovcagg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019685; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ovcagg|03|com"; nocase; ) # qrcrzy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019686; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qrcrzy|03|com"; nocase; ) # tscmps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019687; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tscmps|03|com"; nocase; ) # fawigb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019688; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fawigb|03|com"; nocase; ) # satwqz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019689; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|satwqz|03|com"; nocase; ) # uygcny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019690; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uygcny|03|com"; nocase; ) # beilwz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019691; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|beilwz|03|com"; nocase; ) # eduogd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019692; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eduogd|03|com"; nocase; ) # oaroeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019693; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oaroeq|03|com"; nocase; ) # gssyad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019694; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gssyad|03|com"; nocase; ) # ritqvvn.pm [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019695; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ritqvvn|02|pm"; nocase; ) # fxqdpadknk.tf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019696; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|fxqdpadknk|02|tf"; nocase; ) # jprfvkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019697; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|jprfvkm|03|biz"; nocase; ) # mescbkjrocn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019698; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|mescbkjrocn|03|biz"; nocase; ) # hcgfhqvgxlnr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019699; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|hcgfhqvgxlnr|04|info"; nocase; ) # pcuqsugojtrnsaynw.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019700; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|pcuqsugojtrnsaynw|05|click"; nocase; ) # ehtrwlxdftkx.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019701; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ehtrwlxdftkx|02|su"; nocase; ) # arbieabv.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019702; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|arbieabv|05|click"; nocase; ) # iliilttcp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019703; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|iliilttcp|02|su"; nocase; ) # afrgjtepstbes.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019704; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|afrgjtepstbes|02|pl"; nocase; ) # uygwqvxy.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019705; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|uygwqvxy|02|su"; nocase; ) # loowamy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019706; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|loowamy|03|org"; nocase; ) # mhmckoallo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019707; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|mhmckoallo|02|ru"; nocase; ) # xlaeiqadgouwnqvat.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019708; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|xlaeiqadgouwnqvat|03|xyz"; nocase; ) # xsagqkwlls.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019709; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|xsagqkwlls|02|ru"; nocase; ) # hyhlnnf.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019710; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hyhlnnf|02|pl"; nocase; ) # djqlvxlqtrdg.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019711; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|djqlvxlqtrdg|02|pl"; nocase; ) # chypaoyhsiopmlom.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019712; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|chypaoyhsiopmlom|02|ru"; nocase; ) # oucdagtydrm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019713; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|oucdagtydrm|02|ru"; nocase; ) # xdljpuscyddr.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019714; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|xdljpuscyddr|02|pw"; nocase; ) # hcuejerxn.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019715; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|hcuejerxn|04|work"; nocase; ) # htjmghfjlqdgxheh.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019716; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|htjmghfjlqdgxheh|03|xyz"; nocase; ) # ywabrrcfroukptflj.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019717; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ywabrrcfroukptflj|02|pw"; nocase; ) # fsupjpmai.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019718; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|fsupjpmai|02|pl"; nocase; ) # plwrwjcfdp.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019719; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|plwrwjcfdp|02|pl"; nocase; ) # xxhnfqi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019720; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|xxhnfqi|04|info"; nocase; ) # efghbghektcpb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019721; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|efghbghektcpb|02|ru"; nocase; ) # grgbtgkqdkbvonejq.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019722; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|grgbtgkqdkbvonejq|03|xyz"; nocase; ) # tntsutovhmgb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019723; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|tntsutovhmgb|03|biz"; nocase; ) # ijxsoomelwrhldc.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019724; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|ijxsoomelwrhldc|04|work"; nocase; ) # jpmsraeqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019725; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|jpmsraeqa|03|org"; nocase; ) # hngyoypjcskrk.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019726; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|hngyoypjcskrk|05|click"; nocase; ) # ryioxemipy.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019727; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|ryioxemipy|03|xyz"; nocase; ) # wxmtuncqqasxcfqb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019728; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|wxmtuncqqasxcfqb|04|info"; nocase; ) # dpuvwejdwyuwuhyv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019729; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|dpuvwejdwyuwuhyv|04|info"; nocase; ) # ggetawx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019730; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ggetawx|03|xyz"; nocase; ) # fbweuwj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019731; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|fbweuwj|02|ru"; nocase; ) # yoxkwdaqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019732; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|yoxkwdaqy|03|biz"; nocase; ) # ikishrgrwhf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019733; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ikishrgrwhf|02|ru"; nocase; ) # wqhaidmongubale.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019734; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|wqhaidmongubale|02|pl"; nocase; ) # hcxfkme.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019735; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hcxfkme|03|xyz"; nocase; ) # bisyqnkct.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019736; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|bisyqnkct|05|click"; nocase; ) # euxjkrgcpiachh.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019737; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|euxjkrgcpiachh|02|su"; nocase; ) # ilwouluyl.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019738; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ilwouluyl|02|su"; nocase; ) # gvyngoilcmvyncy.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019739; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|gvyngoilcmvyncy|04|work"; nocase; ) # hwystnjopwl.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019740; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|hwystnjopwl|05|click"; nocase; ) # loyyuou.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019741; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|loyyuou|03|xyz"; nocase; ) # gwavqtqronfdbkv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019742; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|gwavqtqronfdbkv|03|biz"; nocase; ) # gpxkxfdrdgrqwbtv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019743; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|gpxkxfdrdgrqwbtv|03|biz"; nocase; ) # lhjwstaip.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019744; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|lhjwstaip|02|pw"; nocase; ) # hdwwdbpavbe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019745; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|hdwwdbpavbe|03|biz"; nocase; ) # cuhiydjkqbr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019746; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|cuhiydjkqbr|04|info"; nocase; ) # mrjmhbdxhs.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019747; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|mrjmhbdxhs|02|su"; nocase; ) # wpcncakrvuxutqubq.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019748; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|wpcncakrvuxutqubq|02|su"; nocase; ) # dcqkrumfyw.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019749; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|dcqkrumfyw|02|pl"; nocase; ) # bblhxgdmubxlsnfq.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019750; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|bblhxgdmubxlsnfq|02|pl"; nocase; ) # axbttkqvlshgqpk.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019751; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|axbttkqvlshgqpk|04|work"; nocase; ) # egarhvil.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019752; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|egarhvil|04|work"; nocase; ) # lyghaoususpvrvtim.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019753; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|lyghaoususpvrvtim|02|su"; nocase; ) # rwukejolcloo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019754; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|rwukejolcloo|02|ru"; nocase; ) # tvsahngcjmhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019755; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|tvsahngcjmhb|03|biz"; nocase; ) # regqlxkg.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019756; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|regqlxkg|04|work"; nocase; ) # jspdcopltcadogis.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019757; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|jspdcopltcadogis|04|work"; nocase; ) # sjyrgwunerjcg.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019758; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|sjyrgwunerjcg|03|xyz"; nocase; ) # codxjyicmaxb.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019759; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|codxjyicmaxb|02|pw"; nocase; ) # cebdimhpancwpbcq.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019760; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|cebdimhpancwpbcq|02|su"; nocase; ) # nokrnturktwak.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019761; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|nokrnturktwak|02|ru"; nocase; ) # oxwepccr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019762; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|oxwepccr|03|biz"; nocase; ) # kvheaakxiyb.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019763; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|kvheaakxiyb|02|su"; nocase; ) # icgqtcmuv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019764; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|icgqtcmuv|03|org"; nocase; ) # pnklohbtqgenpryg.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019765; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|pnklohbtqgenpryg|02|su"; nocase; ) # vsvofihfts.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019766; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|vsvofihfts|05|click"; nocase; ) # ifgybfnds.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019767; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ifgybfnds|02|ru"; nocase; ) # gimjhyjoiper.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019768; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|gimjhyjoiper|02|su"; nocase; ) # soqmaqkupr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019769; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|soqmaqkupr|04|info"; nocase; ) # boqvjqtqeyt.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019770; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|boqvjqtqeyt|04|work"; nocase; ) # kyqmdsurnnktvilm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019771; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|kyqmdsurnnktvilm|03|biz"; nocase; ) # voarlockdvwibtud.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019772; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|voarlockdvwibtud|05|click"; nocase; ) # lscvsrfojgqp.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019773; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|lscvsrfojgqp|04|work"; nocase; ) # whsnpuxniam.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019774; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|whsnpuxniam|03|org"; nocase; ) # yiprvediyrlb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019775; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|yiprvediyrlb|03|biz"; nocase; ) # cdatghtniarl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019776; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|cdatghtniarl|02|ru"; nocase; ) # atiscjfsilfd.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019777; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|atiscjfsilfd|02|pw"; nocase; ) # vrwnjwcclrptvfw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019778; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|vrwnjwcclrptvfw|04|work"; nocase; ) # yepdkorrq.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019779; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|yepdkorrq|02|pl"; nocase; ) # lcbxocxwxp.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019780; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|lcbxocxwxp|04|work"; nocase; ) # ywjqegyjnrxyjtv.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019781; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|ywjqegyjnrxyjtv|03|xyz"; nocase; ) # kwbnbmdmmyitxu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019782; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|kwbnbmdmmyitxu|04|info"; nocase; ) # fyrmoadrsjruep.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019783; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|fyrmoadrsjruep|04|info"; nocase; ) # dcdoljvskcwjuab.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019784; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|dcdoljvskcwjuab|02|su"; nocase; ) # olobcarqdjsl.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019785; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|olobcarqdjsl|02|pl"; nocase; ) # ponlwdxeddjf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019786; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ponlwdxeddjf|03|biz"; nocase; ) # wjiduwwipbmpb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019787; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|wjiduwwipbmpb|02|ru"; nocase; ) # jvanpfklnwdwf.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019788; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|jvanpfklnwdwf|02|pl"; nocase; ) # lyqsynusxy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019789; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|lyqsynusxy|03|biz"; nocase; ) # uxajyjm.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019790; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|uxajyjm|04|work"; nocase; ) # drvviutpoonqdtr.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019791; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|drvviutpoonqdtr|02|pl"; nocase; ) # dcauypfufqybot.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019792; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|dcauypfufqybot|02|pl"; nocase; ) # sulqqgmffrqiakjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019793; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|sulqqgmffrqiakjh|03|org"; nocase; ) # hlgaoyplwfxrfchq.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019794; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|hlgaoyplwfxrfchq|04|work"; nocase; ) # skkdjsyvxjfyay.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019795; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|skkdjsyvxjfyay|02|pw"; nocase; ) # sairjwgo.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019796; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|sairjwgo|02|su"; nocase; ) # vbgeewoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019797; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|vbgeewoq|03|biz"; nocase; ) # wowsbcfsfjfenxc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019798; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|wowsbcfsfjfenxc|02|ru"; nocase; ) # yywvkthf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019799; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|yywvkthf|02|su"; nocase; ) # vlxolmh.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019800; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|vlxolmh|02|pl"; nocase; ) # oressfn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019801; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|oressfn|03|org"; nocase; ) # fxhcpuer.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019802; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|fxhcpuer|03|biz"; nocase; ) # ttucrjkr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019803; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ttucrjkr|02|ru"; nocase; ) # tadwmyuxxuh.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019804; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|tadwmyuxxuh|04|work"; nocase; ) # kkulnkm.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019805; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|kkulnkm|03|xyz"; nocase; ) # oetkxnydtbfl.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019806; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|oetkxnydtbfl|02|pw"; nocase; ) # fhnxcmfreox.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019807; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|fhnxcmfreox|05|click"; nocase; ) # jlkxbbv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019808; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|jlkxbbv|02|ru"; nocase; ) # aucqvqub.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019809; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|aucqvqub|02|pw"; nocase; ) # svvsiiwwpqeiy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019810; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|svvsiiwwpqeiy|03|biz"; nocase; ) # hfayvsrf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019811; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|hfayvsrf|02|su"; nocase; ) # sevpedpykehwef.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019812; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|sevpedpykehwef|02|pw"; nocase; ) # fxkrmbhkveauil.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019813; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|fxkrmbhkveauil|05|click"; nocase; ) # dandukt.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019814; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|dandukt|04|work"; nocase; ) # dnegldcwsoj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019815; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|dnegldcwsoj|04|info"; nocase; ) # jcesrxgmllbdn.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019816; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|jcesrxgmllbdn|03|xyz"; nocase; ) # loeojievccs.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019817; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|loeojievccs|05|click"; nocase; ) # owrbnkpbkiwskmuo.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019818; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|owrbnkpbkiwskmuo|02|pl"; nocase; ) # qivyhglp.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019819; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|qivyhglp|03|xyz"; nocase; ) # medocmvsqwfts.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019820; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|medocmvsqwfts|02|pw"; nocase; ) # sinddsqtqdbk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019821; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sinddsqtqdbk|03|net"; nocase; ) # gekeuevetblv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019822; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gekeuevetblv|03|biz"; nocase; ) # onvqbdxrvpae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019823; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|onvqbdxrvpae|03|biz"; nocase; ) # tlrrhkwhmjae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019824; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tlrrhkwhmjae|03|biz"; nocase; ) # hhwqnssojwrx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019825; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hhwqnssojwrx|02|ru"; nocase; ) # aoxbgifwciim.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019826; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aoxbgifwciim|03|net"; nocase; ) # gkexhcweucis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019827; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gkexhcweucis|03|com"; nocase; ) # ifgbosoohsyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019828; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ifgbosoohsyg|03|biz"; nocase; ) # jplnkbiqeikv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019829; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jplnkbiqeikv|02|ru"; nocase; ) # qrygihomaxlcue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019830; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qrygihomaxlcue|03|com"; nocase; ) # ibjhnsowajupuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019831; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ibjhnsowajupuk|03|net"; nocase; ) # vtdbyhcwveeqxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019832; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vtdbyhcwveeqxm|03|com"; nocase; ) # kuggejybdfouws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019833; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kuggejybdfouws|03|net"; nocase; ) # kgnhntnvsfyjgs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019834; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kgnhntnvsfyjgs|02|ru"; nocase; ) # qavwspcyrxcowq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019835; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qavwspcyrxcowq|04|info"; nocase; ) # hinubjhondbumv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019836; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hinubjhondbumv|03|net"; nocase; ) # xvatfecsfnhudd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019837; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xvatfecsfnhudd|03|com"; nocase; ) # bluuwlraqmmumn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019838; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bluuwlraqmmumn|03|biz"; nocase; ) # ojpsvthuihliuq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019839; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ojpsvthuihliuq|02|ru"; nocase; ) # yqccpllwrnmkab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019840; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yqccpllwrnmkab|03|org"; nocase; ) # fxydpygtvuldkg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019841; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fxydpygtvuldkg|04|info"; nocase; ) # irpbxtowlfnotw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019842; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|irpbxtowlfnotw|02|co|02|uk"; nocase; ) # ismvdcousbnjdc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019843; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ismvdcousbnjdc|04|info"; nocase; ) # vonrihujgljblb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019844; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vonrihujgljblb|03|com"; nocase; ) # jokxestbbcqwky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019845; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jokxestbbcqwky|03|net"; nocase; ) # mjrmhgfeenxvlh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019846; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjrmhgfeenxvlh|02|ru"; nocase; ) # qpmvyakbbsdqjb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019847; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qpmvyakbbsdqjb|02|ru"; nocase; ) # ugrmdebymfyynd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019848; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ugrmdebymfyynd|03|com"; nocase; ) # vjablcgrahgmbd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019849; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vjablcgrahgmbd|04|info"; nocase; ) # cipmjcgqopktkx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019850; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cipmjcgqopktkx|02|ru"; nocase; ) # coprahqdjsumir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019851; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|coprahqdjsumir|03|org"; nocase; ) # aaaxjevbsbyyse.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019852; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aaaxjevbsbyyse|04|info"; nocase; ) # pyfubtcfysrmlb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019853; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pyfubtcfysrmlb|02|ru"; nocase; ) # rtppgeoeewvvsd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019854; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rtppgeoeewvvsd|02|co|02|uk"; nocase; ) # rjkyoodynolshe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019855; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rjkyoodynolshe|03|com"; nocase; ) # teuttypxsspchy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019856; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|teuttypxsspchy|03|biz"; nocase; ) # vhensijinnvibb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019857; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vhensijinnvibb|03|org"; nocase; ) # bptawtrjtuosyv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019858; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bptawtrjtuosyv|02|ru"; nocase; ) # syebceysoimiqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019859; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|syebceysoimiqq|03|org"; nocase; ) # ymtbwsheucbbso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019860; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ymtbwsheucbbso|03|com"; nocase; ) # cyohpuyvaqrcbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019861; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cyohpuyvaqrcbd|03|com"; nocase; ) # fdyuwhopwlvmyg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019862; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fdyuwhopwlvmyg|02|ru"; nocase; ) # lnrcneoyaevegs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019863; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lnrcneoyaevegs|03|com"; nocase; ) # clioabyjjupbbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019864; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|clioabyjjupbbl|03|com"; nocase; ) # tucuvotrdenqgc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019865; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tucuvotrdenqgc|03|net"; nocase; ) # ummfvygekonvnm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019866; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ummfvygekonvnm|02|ru"; nocase; ) # wwrjjgxydfqbnl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019867; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wwrjjgxydfqbnl|03|com"; nocase; ) # pmdnjvpnasvrxf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019868; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pmdnjvpnasvrxf|02|co|02|uk"; nocase; ) # cgwyskfdhvtjnj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019869; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cgwyskfdhvtjnj|04|info"; nocase; ) # yflycvsmoufvse.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019870; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yflycvsmoufvse|04|info"; nocase; ) # ldbtonnnogpgac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019871; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ldbtonnnogpgac|03|org"; nocase; ) # mvbhtemspyaocf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019872; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mvbhtemspyaocf|04|info"; nocase; ) # oqlcyurfbnnpso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019873; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oqlcyurfbnnpso|03|net"; nocase; ) # udlacorwsycsyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019874; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|udlacorwsycsyh|03|com"; nocase; ) # opoxmavnvluaify.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019875; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|opoxmavnvluaify|02|ru"; nocase; ) # dtplkpqgvinhqnb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019876; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dtplkpqgvinhqnb|04|info"; nocase; ) # udampbqqvtwufob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019877; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|udampbqqvtwufob|03|com"; nocase; ) # vqqvhjooivwaisa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019878; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vqqvhjooivwaisa|02|co|02|uk"; nocase; ) # jrriccshlfhmqjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019879; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jrriccshlfhmqjb|03|net"; nocase; ) # lqphsmfdcuolqhy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019880; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lqphsmfdcuolqhy|02|ru"; nocase; ) # yyxvusrjjmnkmxp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019881; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yyxvusrjjmnkmxp|02|co|02|uk"; nocase; ) # qdcitppsbmrqqle.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019882; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qdcitppsbmrqqle|02|co|02|uk"; nocase; ) # fwueglbkimlhptm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019883; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fwueglbkimlhptm|03|net"; nocase; ) # vheymbxqxlkqxwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019884; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vheymbxqxlkqxwg|03|org"; nocase; ) # uxmuubribjbmyym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019885; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uxmuubribjbmyym|04|info"; nocase; ) # wgfflwbuixuupgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019886; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wgfflwbuixuupgu|03|biz"; nocase; ) # acolnmagxitmusy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019887; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|acolnmagxitmusy|02|co|02|uk"; nocase; ) # ohdvpcbannehbtk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019888; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ohdvpcbannehbtk|02|co|02|uk"; nocase; ) # dumqdbpeedcsevq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019889; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dumqdbpeedcsevq|02|ru"; nocase; ) # etgyocahusacvyi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019890; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|etgyocahusacvyi|03|org"; nocase; ) # trligoxqqqvqjey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019891; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|trligoxqqqvqjey|03|biz"; nocase; ) # tfyentennrvefui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019892; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tfyentennrvefui|03|biz"; nocase; ) # vewdeeqjehddvug.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019893; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vewdeeqjehddvug|03|org"; nocase; ) # pkcarthbyhmsvoi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019894; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pkcarthbyhmsvoi|03|biz"; nocase; ) # swiujkrguknevai.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019895; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|swiujkrguknevai|03|org"; nocase; ) # abwcsjeswoxwjnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019896; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|abwcsjeswoxwjnw|03|biz"; nocase; ) # umgyvmuedhfpkkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019897; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|umgyvmuedhfpkkr|03|biz"; nocase; ) # vwhnsuiqfyihbou.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019898; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vwhnsuiqfyihbou|02|ru"; nocase; ) # yukrbtkmpvlvkai.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019899; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yukrbtkmpvlvkai|04|info"; nocase; ) # vupbhpuxgwudogc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019900; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vupbhpuxgwudogc|04|info"; nocase; ) # lauhdklwpxlxtym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019901; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lauhdklwpxlxtym|03|org"; nocase; ) # mmpvapprcgugtwu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019902; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mmpvapprcgugtwu|02|co|02|uk"; nocase; ) # mrfnpuxmocjkbms.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019903; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mrfnpuxmocjkbms|04|info"; nocase; ) # neacmachbkssrbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019904; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|neacmachbkssrbs|03|com"; nocase; ) # xpobgvnkxjblalu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019905; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xpobgvnkxjblalu|03|biz"; nocase; ) # akyrxgaguvikqls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019906; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|akyrxgaguvikqls|03|org"; nocase; ) # aiuaulvtquodbip.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019907; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aiuaulvtquodbip|04|info"; nocase; ) # dpafjevqjutoypl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019908; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dpafjevqjutoypl|03|biz"; nocase; ) # xmqdpfodsgupglu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xmqdpfodsgupglu|03|net"; nocase; ) # lggjjqndciegxfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lggjjqndciegxfu|03|biz"; nocase; ) # ojgpxkrrbljwjas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ojgpxkrrbljwjas|03|net"; nocase; ) # pvbeupvmntsfjxb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pvbeupvmntsfjxb|03|biz"; nocase; ) # muqvhjiodgpnjeh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|muqvhjiodgpnjeh|02|ru"; nocase; ) # opbmyanewffvjtg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|opbmyanewffvjtg|02|co|02|uk"; nocase; ) # dfaotvvdnelkkuc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dfaotvvdnelkkuc|04|info"; nocase; ) # gylnekucrsrpjiu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gylnekucrsrpjiu|04|info"; nocase; ) # xbmcqmwcscfiush.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xbmcqmwcscfiush|04|info"; nocase; ) # nyrncyuakfvrijg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nyrncyuakfvrijg|03|org"; nocase; ) # fqmommpfwxyinao.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fqmommpfwxyinao|02|co|02|uk"; nocase; ) # gbnfdrtagqfmnfb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gbnfdrtagqfmnfb|04|info"; nocase; ) # hsxlpcgpfudyljy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hsxlpcgpfudyljy|03|net"; nocase; ) # ntgcikmsjbmetts.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ntgcikmsjbmetts|02|ru"; nocase; ) # tymhenacenoluvu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tymhenacenoluvu|03|com"; nocase; ) # wexomgayhmrwsku.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wexomgayhmrwsku|02|ru"; nocase; ) # bkxklsxebccsxtg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bkxklsxebccsxtg|02|ru"; nocase; ) # ebrwejijresvmln.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ebrwejijresvmln|02|co|02|uk"; nocase; ) # oknmppwaajgpvdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oknmppwaajgpvdr|03|biz"; nocase; ) # uecgnbxhsqfiwrx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uecgnbxhsqfiwrx|03|biz"; nocase; ) # ydigqendjcbgxcy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ydigqendjcbgxcy|04|info"; nocase; ) # ueghqgkmsjva.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ueghqgkmsjva|02|co|02|uk"; nocase; ) # icbgmlwtjigt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|icbgmlwtjigt|04|info"; nocase; ) # bstycmpppqpp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bstycmpppqpp|02|ru"; nocase; ) # cfokirargjpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cfokirargjpb|03|org"; nocase; ) # corbdwccqebm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|corbdwccqebm|02|co|02|uk"; nocase; ) # bcieinbdowst.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bcieinbdowst|03|com"; nocase; ) # oaddevwqgchf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oaddevwqgchf|03|net"; nocase; ) # dmnauieqmjqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dmnauieqmjqw|03|org"; nocase; ) # vxiucyxfarkr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vxiucyxfarkr|02|co|02|uk"; nocase; ) # luunixhsdnse.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|luunixhsdnse|04|info"; nocase; ) # nqqdlkxpygvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nqqdlkxpygvv|04|info"; nocase; ) # rhvwofyqbcrp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rhvwofyqbcrp|02|ru"; nocase; ) # ncrqwkwlwdls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ncrqwkwlwdls|03|org"; nocase; ) # rswkafxmyyhm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rswkafxmyyhm|03|net"; nocase; ) # swrseqvvrgxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|swrseqvvrgxp|03|net"; nocase; ) # tlympnykaeru.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tlympnykaeru|02|ru"; nocase; ) # arcanrpbxuim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|arcanrpbxuim|03|com"; nocase; ) # bcdphwadlboc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bcdphwadlboc|03|net"; nocase; ) # cchvayfchgno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cchvayfchgno|03|org"; nocase; ) # ntulhgimtqnr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ntulhgimtqnr|03|org"; nocase; ) # nfcepdloegjc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nfcepdloegjc|04|info"; nocase; ) # iocajjsfywmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iocajjsfywmr|03|org"; nocase; ) # ebddrdduyfug.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ebddrdduyfug|02|ru"; nocase; ) # rwexaipcmgra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rwexaipcmgra|03|org"; nocase; ) # wjhtegmkitji.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjhtegmkitji|02|ru"; nocase; ) # rsrvyblqhalk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rsrvyblqhalk|03|biz"; nocase; ) # taoynetakmrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|taoynetakmrv|03|com"; nocase; ) # phkmtbhfttsi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|phkmtbhfttsi|03|biz"; nocase; ) # hdpldujoxiyn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hdpldujoxiyn|03|net"; nocase; ) # jwslpkpepgvq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jwslpkpepgvq|02|co|02|uk"; nocase; ) # bpjoinqxiehr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bpjoinqxiehr|03|org"; nocase; ) # chtyievevdxf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|chtyievevdxf|04|info"; nocase; ) # xswwcraoiusv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xswwcraoiusv|03|org"; nocase; ) # lmnlgqxdkkql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lmnlgqxdkkql|03|net"; nocase; ) # nwshsxnetvvn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nwshsxnetvvn|02|co|02|uk"; nocase; ) # tdvuqbdvisfh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tdvuqbdvisfh|03|biz"; nocase; ) # wxciqndkbpep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wxciqndkbpep|03|com"; nocase; ) # eaduphymnbxw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eaduphymnbxw|03|biz"; nocase; ) # ilvniacqwthy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ilvniacqwthy|03|org"; nocase; ) # jvwfvivkdywn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jvwfvivkdywn|02|co|02|uk"; nocase; ) # mqleareqljqk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mqleareqljqk|02|ru"; nocase; ) # lixuwsekpgir.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lixuwsekpgir|04|info"; nocase; ) # yehiuewutidq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yehiuewutidq|03|com"; nocase; ) # pydoaavmdswm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pydoaavmdswm|02|ru"; nocase; ) # qqnyaqbsqrna.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qqnyaqbsqrna|02|co|02|uk"; nocase; ) # hngysdhunduf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hngysdhunduf|03|com"; nocase; ) # huprfocnrqrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|huprfocnrqrm|03|net"; nocase; ) # muwqmmqbumbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|muwqmmqbumbj|03|com"; nocase; ) # aqxnoumabdbp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aqxnoumabdbp|03|net"; nocase; ) # qlckptidiype.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qlckptidiype|03|org"; nocase; ) # sgmfuknptndf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sgmfuknptndf|04|info"; nocase; ) # vvgrkfpyyajl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vvgrkfpyyajl|03|biz"; nocase; ) # amllnmhbmmxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|amllnmhbmmxg|04|info"; nocase; ) # txladjteeqgfe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|txladjteeqgfe|02|ru"; nocase; ) # jxsegjwarfwsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jxsegjwarfwsd|03|net"; nocase; ) # keywgpjmmmrxe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|keywgpjmmmrxe|02|ru"; nocase; ) # mmrgafgevbgvc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mmrgafgevbgvc|04|info"; nocase; ) # owqwpxmnsxpxd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|owqwpxmnsxpxd|04|info"; nocase; ) # qcbtxycvbdidq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qcbtxycvbdidq|02|co|02|uk"; nocase; ) # sefyjtfjmuuxm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sefyjtfjmuuxm|03|biz"; nocase; ) # whwixfguwjmnq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|whwixfguwjmnq|03|com"; nocase; ) # xduglvlxnurih.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xduglvlxnurih|03|biz"; nocase; ) # clyqpqmydyjko.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|clyqpqmydyjko|04|info"; nocase; ) # dfyfprismitds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dfyfprismitds|03|biz"; nocase; ) # feweginibjkts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|feweginibjkts|03|org"; nocase; ) # tlmcsuojtxfvf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tlmcsuojtxfvf|03|biz"; nocase; ) # uxhnydiolwbpv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxhnydiolwbpv|02|ru"; nocase; ) # vkkbjltyiyvmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vkkbjltyiyvmv|03|org"; nocase; ) # mxnjxuwnfknnb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mxnjxuwnfknnb|02|co|02|uk"; nocase; ) # ntlhlfjdxgcay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000019999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ntlhlfjdxgcay|03|com"; nocase; ) # lwkmwuopeaajj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lwkmwuopeaajj|03|biz"; nocase; ) # wwrkrybwesjrl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wwrkrybwesjrl|04|info"; nocase; ) # ggpsoaqqdqbpv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ggpsoaqqdqbpv|03|com"; nocase; ) # lkrbgxnvwlonr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lkrbgxnvwlonr|04|info"; nocase; ) # owxcylwikswjs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|owxcylwikswjs|03|net"; nocase; ) # phyrsqhkxydys.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|phyrsqhkxydys|03|biz"; nocase; ) # ghutjpcnrixuc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ghutjpcnrixuc|03|biz"; nocase; ) # uuayqupofexbh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uuayqupofexbh|02|ru"; nocase; ) # xeynbtojvgdlx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xeynbtojvgdlx|04|info"; nocase; ) # bccilsmgwowuf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bccilsmgwowuf|03|biz"; nocase; ) # obpdmeypsheyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|obpdmeypsheyj|03|com"; nocase; ) # epsrjyjvwjlmo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|epsrjyjvwjlmo|02|co|02|uk"; nocase; ) # herkuywwupwnk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|herkuywwupwnk|02|ru"; nocase; ) # qouftawlfiekl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qouftawlfiekl|03|net"; nocase; ) # empgjiskbrtqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|empgjiskbrtqt|03|biz"; nocase; ) # etjudsjcpwymt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|etjudsjcpwymt|03|org"; nocase; ) # uawpmuwgjxemr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uawpmuwgjxemr|03|org"; nocase; ) # ubupykarpqqsx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ubupykarpqqsx|04|info"; nocase; ) # vsfvlbfuldgvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vsfvlbfuldgvv|03|net"; nocase; ) # hyeaeuvmdseqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hyeaeuvmdseqb|03|biz"; nocase; ) # jdjtqqldltsar.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jdjtqqldltsar|02|co|02|uk"; nocase; ) # lhikipwnswvsp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lhikipwnswvsp|04|info"; nocase; ) # jjuiqotdaqoqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jjuiqotdaqoqb|03|net"; nocase; ) # xgkxswdtxgosa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xgkxswdtxgosa|03|biz"; nocase; ) # vhesvvggencok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vhesvvggencok|03|org"; nocase; ) # xcojnmlvxmrwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xcojnmlvxmrwb|04|info"; nocase; ) # yojwnufptgyhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yojwnufptgyhb|03|com"; nocase; ) # apidaqhhtrtqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|apidaqhhtrtqy|03|net"; nocase; ) # ckstrhmwnqjyw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ckstrhmwnqjyw|02|ru"; nocase; ) # 13oym9e1218p60lrqk8110qwvk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13oym9e1218p60lrqk8110qwvk9|03|com"; nocase; ) # p8ut4b170zjnnlp955gmq7cyy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p8ut4b170zjnnlp955gmq7cyy|03|org"; nocase; ) # 1erz5ue1mfnyjc1uvy7b1qx616x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1erz5ue1mfnyjc1uvy7b1qx616x|03|net"; nocase; ) # uguvviylbn7l4vdk4o05mms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|uguvviylbn7l4vdk4o05mms|03|biz"; nocase; ) # rhj2l6dtlvhd160kmht6rje6d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhj2l6dtlvhd160kmht6rje6d|03|org"; nocase; ) # llpwfp1d7b20vp0h29m1d2zm3b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|llpwfp1d7b20vp0h29m1d2zm3b|03|net"; nocase; ) # mudo5z1pe83k61tpnxtr1g5sxni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mudo5z1pe83k61tpnxtr1g5sxni|03|com"; nocase; ) # 1c1pepn16rsg6u5ji46w1efmcgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c1pepn16rsg6u5ji46w1efmcgr|03|org"; nocase; ) # 161viqa1j6ryinuipsmrn1esp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|161viqa1j6ryinuipsmrn1esp0|03|org"; nocase; ) # i94r4g1lxh5mpi2ek1z1wf27lc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i94r4g1lxh5mpi2ek1z1wf27lc|03|biz"; nocase; ) # 1hckkon1e9u2fm1ash1ul1b9zpeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hckkon1e9u2fm1ash1ul1b9zpeq|03|net"; nocase; ) # 1ric8731cyhgbyehs36713ee6hs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ric8731cyhgbyehs36713ee6hs|03|net"; nocase; ) # 14fo17ia966yowmkfmg1ap4lq3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14fo17ia966yowmkfmg1ap4lq3|03|net"; nocase; ) # 6xmfga16k76061c79zp7kbthsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xmfga16k76061c79zp7kbthsd|03|net"; nocase; ) # r7xlb71x1yhnrn5i3pmktl5ai.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r7xlb71x1yhnrn5i3pmktl5ai|03|org"; nocase; ) # 1875ca11hzv7vy1p9a4vhf8e56s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1875ca11hzv7vy1p9a4vhf8e56s|03|org"; nocase; ) # ooif1ofvaod344806u1kinxai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ooif1ofvaod344806u1kinxai|03|com"; nocase; ) # 1kz4r2h3kq0hquo4u791czlyil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kz4r2h3kq0hquo4u791czlyil|03|net"; nocase; ) # 1yz586w1rzdwpagphg2yf2s4i8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yz586w1rzdwpagphg2yf2s4i8|03|com"; nocase; ) # 15rezj615b368w16s4oizbm6mh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15rezj615b368w16s4oizbm6mh0|03|org"; nocase; ) # nx4xer1h122ay1s5msasx0cxjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nx4xer1h122ay1s5msasx0cxjq|03|net"; nocase; ) # 1pywps1i74993i5na261f7ebkf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pywps1i74993i5na261f7ebkf|03|biz"; nocase; ) # xr6fwdsvgubx15z518v31q2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xr6fwdsvgubx15z518v31q2|03|com"; nocase; ) # 1j92w5w1cerr2vaaadqg1sn6zrx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j92w5w1cerr2vaaadqg1sn6zrx|03|biz"; nocase; ) # npifqljuxv4invmcjk1vsgp2y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|npifqljuxv4invmcjk1vsgp2y|03|net"; nocase; ) # 18mtqjm14j0g4m1o4y5qa6nigxt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18mtqjm14j0g4m1o4y5qa6nigxt|03|biz"; nocase; ) # 1yetgo41s86cc1w23c3umajbl3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yetgo41s86cc1w23c3umajbl3|03|com"; nocase; ) # 12s755r179afzk2tlvh919d314.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12s755r179afzk2tlvh919d314|03|org"; nocase; ) # 12y1e3r1ro0ze411y8piw1h1lq9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12y1e3r1ro0ze411y8piw1h1lq9h|03|net"; nocase; ) # 9nwijw1ca0pjn1f4bau4kp0dzs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9nwijw1ca0pjn1f4bau4kp0dzs|03|org"; nocase; ) # iviom61xxzlp61pay71y9lxttp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iviom61xxzlp61pay71y9lxttp|03|net"; nocase; ) # 16ap3p93wknau15uqrdh1cf4jn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ap3p93wknau15uqrdh1cf4jn0|03|net"; nocase; ) # xnmnv7h12gacakp2a219mbtdd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xnmnv7h12gacakp2a219mbtdd|03|biz"; nocase; ) # 1kdpztx1r1yzanjedwa6195731a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdpztx1r1yzanjedwa6195731a|03|org"; nocase; ) # 1qtx1dbrkhuaezw0qpz1xuayy3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtx1dbrkhuaezw0qpz1xuayy3|03|org"; nocase; ) # 11wudtw1uple1nl2xot21wpx8fc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11wudtw1uple1nl2xot21wpx8fc|03|com"; nocase; ) # t6rrwb6y93j11m5vy3r6ezwed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6rrwb6y93j11m5vy3r6ezwed|03|net"; nocase; ) # 6459ph1xfjkxj196wwno1dp7565.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6459ph1xfjkxj196wwno1dp7565|03|net"; nocase; ) # 18rhi85cqcu1s19w0kat12ctunt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18rhi85cqcu1s19w0kat12ctunt|03|com"; nocase; ) # 1swbk991wyhp4xqr68bu19e51w0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1swbk991wyhp4xqr68bu19e51w0|03|net"; nocase; ) # 1v6qxla1jvs1xu1lyn02xgypsvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6qxla1jvs1xu1lyn02xgypsvg|03|net"; nocase; ) # i6vq65z7cd345vv361b2glqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i6vq65z7cd345vv361b2glqj|03|org"; nocase; ) # 5izar6bmynjz56ovei17ztboh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5izar6bmynjz56ovei17ztboh|03|biz"; nocase; ) # kkcvdn11kkm4j1bjmy561f24u19.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kkcvdn11kkm4j1bjmy561f24u19|03|biz"; nocase; ) # g01k6excigbk18qhtlr1794tkq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g01k6excigbk18qhtlr1794tkq|03|org"; nocase; ) # 5w8iqbgvlq001nuy2wk12dh2fo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5w8iqbgvlq001nuy2wk12dh2fo|03|com"; nocase; ) # xok2ac1q028j815vtadh1m9c1wh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xok2ac1q028j815vtadh1m9c1wh|03|biz"; nocase; ) # 1k74buk53aoca16e0gxy2m6avi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k74buk53aoca16e0gxy2m6avi|03|org"; nocase; ) # 1f15dqq1ni2kctcg8h0d18h78sr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f15dqq1ni2kctcg8h0d18h78sr|03|com"; nocase; ) # v1kbhzovn2zz10veu1h1vvi769.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1kbhzovn2zz10veu1h1vvi769|03|org"; nocase; ) # 1dmwh2on3bzfi1iyvdb7q63w5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dmwh2on3bzfi1iyvdb7q63w5c|03|net"; nocase; ) # n91g501pfdfea1ph2zbn1ipii83.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n91g501pfdfea1ph2zbn1ipii83|03|biz"; nocase; ) # 1tx5m64rvb3jwe1n6jv1h4z2q4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tx5m64rvb3jwe1n6jv1h4z2q4|03|com"; nocase; ) # 1oxth8lem7r0mgraw7r14cw6hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oxth8lem7r0mgraw7r14cw6hk|03|net"; nocase; ) # 17zdk6y2i6fdi1qgrxwn15co9ma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17zdk6y2i6fdi1qgrxwn15co9ma|03|com"; nocase; ) # 3igj9vchxxclxk8ufp1ysb6hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3igj9vchxxclxk8ufp1ysb6hr|03|net"; nocase; ) # 1vinyw31o65a8qfoftdlccjc8h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vinyw31o65a8qfoftdlccjc8h|03|biz"; nocase; ) # 8cnjeq1qdxx1wzghp4kof90xp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8cnjeq1qdxx1wzghp4kof90xp|03|net"; nocase; ) # 45x60biynlse1wr6qk111r8y72.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|45x60biynlse1wr6qk111r8y72|03|org"; nocase; ) # 1hkbok2m4y1wh1pqxyyxbfrtaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkbok2m4y1wh1pqxyyxbfrtaa|03|net"; nocase; ) # 1bedadich0f3vi92v6fwayds3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bedadich0f3vi92v6fwayds3|03|com"; nocase; ) # hnkmtl16m2wrxr3snab11yu68e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnkmtl16m2wrxr3snab11yu68e|03|net"; nocase; ) # 1q5e9tc111q64kja6h7pyqfcln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q5e9tc111q64kja6h7pyqfcln|03|com"; nocase; ) # 1yzh68o37savf1fypey14h2bua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yzh68o37savf1fypey14h2bua|03|com"; nocase; ) # 1bz4jtl1y4s6p61mroyk113wrcwn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bz4jtl1y4s6p61mroyk113wrcwn|03|org"; nocase; ) # 1mmbuyuon3heemr2inkgn179t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mmbuyuon3heemr2inkgn179t|03|org"; nocase; ) # 1hpstptp4p14k1ur95om1xdu4jo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpstptp4p14k1ur95om1xdu4jo|03|net"; nocase; ) # ajzq8vr97x7y1l83yfygqkp8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ajzq8vr97x7y1l83yfygqkp8w|03|org"; nocase; ) # jrksu6qk85qn295pktlueqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|jrksu6qk85qn295pktlueqd|03|net"; nocase; ) # 1r234pk1t02awv1io5uhz17nsvb0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r234pk1t02awv1io5uhz17nsvb0|03|net"; nocase; ) # l73eog1nfznvwynrx8o14ptm57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l73eog1nfznvwynrx8o14ptm57|03|com"; nocase; ) # 36j4j3mfzisy82uhojn4l3sw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|36j4j3mfzisy82uhojn4l3sw|03|org"; nocase; ) # 1fqg37k1yfax8s1xgw2a111kc1tw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fqg37k1yfax8s1xgw2a111kc1tw|03|net"; nocase; ) # 1acsmfq15zz2ec1bng23n1d901jm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1acsmfq15zz2ec1bng23n1d901jm|03|com"; nocase; ) # 1xrlu85yvgsqch6p221h121c6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xrlu85yvgsqch6p221h121c6|03|com"; nocase; ) # 4jjxhn5pnc9n6ugeycrt8yyh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4jjxhn5pnc9n6ugeycrt8yyh|03|biz"; nocase; ) # sqaoxr1z0qsewqfmjd8c6dmx8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sqaoxr1z0qsewqfmjd8c6dmx8|03|net"; nocase; ) # 1nhwe0c12puexl1p9x08u1uwhghx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nhwe0c12puexl1p9x08u1uwhghx|03|biz"; nocase; ) # w6p37f1p5lvpg1ns812a138m8dj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w6p37f1p5lvpg1ns812a138m8dj|03|com"; nocase; ) # 15spjux1xfv4go17u37e31c55fby.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15spjux1xfv4go17u37e31c55fby|03|biz"; nocase; ) # 1xnuharf4lfp0f6g03bzniv6m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xnuharf4lfp0f6g03bzniv6m|03|biz"; nocase; ) # 1rqx2bv6bnrch1ecdhbtgrhme3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqx2bv6bnrch1ecdhbtgrhme3|03|org"; nocase; ) # 1bd6njfdhume1e3hk5gdlv6sc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bd6njfdhume1e3hk5gdlv6sc|03|net"; nocase; ) # hrhz57cmkyz418k7txn1ajor8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hrhz57cmkyz418k7txn1ajor8p|03|net"; nocase; ) # 1lsk2ouqm5q8ywqjhytjn47eg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lsk2ouqm5q8ywqjhytjn47eg|03|com"; nocase; ) # 1y8e4jf11tse0u1pagsgiko0h8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8e4jf11tse0u1pagsgiko0h8x|03|biz"; nocase; ) # vjkweg18gc5zy1g3okbs74maox.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vjkweg18gc5zy1g3okbs74maox|03|net"; nocase; ) # 1t5k90f1khq100hwaf5n1rjy8gr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5k90f1khq100hwaf5n1rjy8gr|03|com"; nocase; ) # 4lass31soz4k21bi8vu26e6bq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4lass31soz4k21bi8vu26e6bq4|03|org"; nocase; ) # e8xsfy1fzzmko6dw7mr1x7t3ak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e8xsfy1fzzmko6dw7mr1x7t3ak|03|org"; nocase; ) # 1sciebj1pson5kfcoyet1lnm0si.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sciebj1pson5kfcoyet1lnm0si|03|net"; nocase; ) # j82ps91ds8kvd1a0ielgs7s18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j82ps91ds8kvd1a0ielgs7s18|03|org"; nocase; ) # 1543yttk3j8eapu5xsvnd8z5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1543yttk3j8eapu5xsvnd8z5w|03|net"; nocase; ) # 1ehj1e6xu9gye8i4zgnkboiy7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ehj1e6xu9gye8i4zgnkboiy7|03|biz"; nocase; ) # 5agua51idth5nwg549pyml0e2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5agua51idth5nwg549pyml0e2|03|net"; nocase; ) # jtuuhivdg5yl1o4z43d7s3xti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtuuhivdg5yl1o4z43d7s3xti|03|net"; nocase; ) # kas4hh1fswjfrc1ye5eddgl10.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kas4hh1fswjfrc1ye5eddgl10|03|biz"; nocase; ) # 10dgasb1h7lbwc19lqzbm1g6tzrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10dgasb1h7lbwc19lqzbm1g6tzrt|03|org"; nocase; ) # 19latmc1cu4elyngsffx1fal1n9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19latmc1cu4elyngsffx1fal1n9|03|com"; nocase; ) # 1c8wj0y1o86xa31dbqpgh1kx1aqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c8wj0y1o86xa31dbqpgh1kx1aqa|03|biz"; nocase; ) # bmxzf9s3ofpn1ol897zwwt4d8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bmxzf9s3ofpn1ol897zwwt4d8|03|net"; nocase; ) # 1wmcq0vupuwjbwgupoqh6icmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wmcq0vupuwjbwgupoqh6icmn|03|com"; nocase; ) # 6s5huw1hoa7r6krgkre1njrp9u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6s5huw1hoa7r6krgkre1njrp9u|03|org"; nocase; ) # bbyb0k1rst8jfd7ef3z1ftemcn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bbyb0k1rst8jfd7ef3z1ftemcn|03|net"; nocase; ) # 1ld20zy1ru4kr9joxapns6bmgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ld20zy1ru4kr9joxapns6bmgz|03|org"; nocase; ) # 1o7cm7vf7zbcc1aew1qu10c0th6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o7cm7vf7zbcc1aew1qu10c0th6|03|net"; nocase; ) # 14gnjyp1acxdk1xfnvhscdf36c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14gnjyp1acxdk1xfnvhscdf36c|03|com"; nocase; ) # bvmguu7v8fkt1nomstc1fxnlbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bvmguu7v8fkt1nomstc1fxnlbc|03|net"; nocase; ) # foopnoj8fbh26o3s0icwlhnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|foopnoj8fbh26o3s0icwlhnx|03|net"; nocase; ) # k0keohy3ma1k7pjndy4q6fnn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k0keohy3ma1k7pjndy4q6fnn|03|org"; nocase; ) # vol5yo1ql0l9o949975121jq4s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vol5yo1ql0l9o949975121jq4s|03|org"; nocase; ) # io92n21ku95qij5evpl13yt1dz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io92n21ku95qij5evpl13yt1dz|03|com"; nocase; ) # 5e568g181ly8wi45lr7uu2yuc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5e568g181ly8wi45lr7uu2yuc|03|org"; nocase; ) # 1s1bor0qkgk4vmws7cpju8hzt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s1bor0qkgk4vmws7cpju8hzt|03|com"; nocase; ) # 1pzkxtg1hwe6uyei0cxt16vkuc1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pzkxtg1hwe6uyei0cxt16vkuc1|03|org"; nocase; ) # p5q9en1o6xhhhw7t6zaq153ol.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5q9en1o6xhhhw7t6zaq153ol|03|net"; nocase; ) # 16z0kh11c26c8u1n9e5011xqs0pb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16z0kh11c26c8u1n9e5011xqs0pb|03|net"; nocase; ) # lepf6li3weautz2urwro6uli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lepf6li3weautz2urwro6uli|03|net"; nocase; ) # jwwqlr1axqi4i1i6iej718mx9mo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jwwqlr1axqi4i1i6iej718mx9mo|03|com"; nocase; ) # 1e8ef0y6gwen1oeaxev1yx23q2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e8ef0y6gwen1oeaxev1yx23q2|03|org"; nocase; ) # 8olw8t6kz6t71p8rbyd17kr3t6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8olw8t6kz6t71p8rbyd17kr3t6|03|net"; nocase; ) # 1iovps0z5uiasrb0gvyhidwoz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iovps0z5uiasrb0gvyhidwoz|03|org"; nocase; ) # 1x5ngg11550ehq10tpxuj12qz5mf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x5ngg11550ehq10tpxuj12qz5mf|03|net"; nocase; ) # tg0whu1eyllc211ivrjc1yfz6bl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tg0whu1eyllc211ivrjc1yfz6bl|03|net"; nocase; ) # 1chxkp31hkbw52fqhdz1uybb3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1chxkp31hkbw52fqhdz1uybb3t|03|com"; nocase; ) # 1i4snmf99lh441ww5dot1774hrh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4snmf99lh441ww5dot1774hrh|03|org"; nocase; ) # 1xlmw5ubdyavx162l94mg9idvp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xlmw5ubdyavx162l94mg9idvp|03|net"; nocase; ) # l7cs3kk5z5a117qvwelai4o7v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l7cs3kk5z5a117qvwelai4o7v|03|net"; nocase; ) # 7bck3b19iygzb2qy1s46y60p0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7bck3b19iygzb2qy1s46y60p0|03|biz"; nocase; ) # s7y1yn1o3icsc147irrv1izs11s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s7y1yn1o3icsc147irrv1izs11s|03|net"; nocase; ) # hsiqkr102c6881kddo1219otqn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hsiqkr102c6881kddo1219otqn2|03|net"; nocase; ) # et9x557zgpse4zxyng1edye0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|et9x557zgpse4zxyng1edye0q|03|net"; nocase; ) # 7hrhmn1d86b6tvn5ri85bvcp1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7hrhmn1d86b6tvn5ri85bvcp1|03|com"; nocase; ) # 1kp25lg1bp3jaj6r602auock3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kp25lg1bp3jaj6r602auock3l|03|net"; nocase; ) # 1nb142q4h0gbctf62t416q4yui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nb142q4h0gbctf62t416q4yui|03|net"; nocase; ) # 1wk40wbkqt2j62i7y4518sdori.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wk40wbkqt2j62i7y4518sdori|03|org"; nocase; ) # dyz7gff235zuzm6tm065m3s6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dyz7gff235zuzm6tm065m3s6|03|com"; nocase; ) # g6kezs1xiqeelmpocfmjztmny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6kezs1xiqeelmpocfmjztmny|03|org"; nocase; ) # 11b51uj1qkza14xbve7ifcrjka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11b51uj1qkza14xbve7ifcrjka|03|biz"; nocase; ) # 1y0env5132ij101s8qiac6j5qtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y0env5132ij101s8qiac6j5qtj|03|net"; nocase; ) # 1kca388a3tvayu4zuxn1gtfop7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kca388a3tvayu4zuxn1gtfop7|03|com"; nocase; ) # 159aqq61mxy2ay10i5xp9b2zcwo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|159aqq61mxy2ay10i5xp9b2zcwo|03|net"; nocase; ) # 1gr82ga122bcdt1n42hvr109umnr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gr82ga122bcdt1n42hvr109umnr|03|org"; nocase; ) # 13wvbox1u8x48txhn4dakbpjt2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13wvbox1u8x48txhn4dakbpjt2|03|biz"; nocase; ) # 8kinp1hu5toxj8zlns148maoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8kinp1hu5toxj8zlns148maoj|03|net"; nocase; ) # 16b440x1j28shm1yr14x814i06bz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16b440x1j28shm1yr14x814i06bz|03|net"; nocase; ) # 6okb183zxil94fqhq120s28j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6okb183zxil94fqhq120s28j|03|biz"; nocase; ) # rgw566lv6ofu19d0hmr7vdji6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rgw566lv6ofu19d0hmr7vdji6|03|net"; nocase; ) # 1jgzlp81u624uxzqjo5s19lz4pw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jgzlp81u624uxzqjo5s19lz4pw|03|com"; nocase; ) # rtogmt1m1gfa81ojd70coeczfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rtogmt1m1gfa81ojd70coeczfq|03|net"; nocase; ) # 1mhbl3nfkj3fd1ogcog61l0d0i5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mhbl3nfkj3fd1ogcog61l0d0i5|03|net"; nocase; ) # 1img73ocd2yi1so4yvlz4ukut.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1img73ocd2yi1so4yvlz4ukut|03|biz"; nocase; ) # 190rixo1a6b5fk1b59zkd4jb143.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|190rixo1a6b5fk1b59zkd4jb143|03|com"; nocase; ) # 1ttplxu9ari41cqtr3z1jyhvrm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttplxu9ari41cqtr3z1jyhvrm|03|org"; nocase; ) # 1bpu0652i99eu1wfbq186locff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpu0652i99eu1wfbq186locff|03|net"; nocase; ) # 19t4w69hhi21ey59z416aa72e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19t4w69hhi21ey59z416aa72e|03|biz"; nocase; ) # ofu6zn18jlbb1pzb041l1y41y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ofu6zn18jlbb1pzb041l1y41y|03|net"; nocase; ) # wpp15y14elvjj1h0pr6u1ij9ekm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wpp15y14elvjj1h0pr6u1ij9ekm|03|net"; nocase; ) # ew0n814djhecbic1k37tduuk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ew0n814djhecbic1k37tduuk|03|biz"; nocase; ) # fz1v7jtsxv31v03eyy7trf3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fz1v7jtsxv31v03eyy7trf3t|03|com"; nocase; ) # 1yf4zgh19yixmq181g18cf4sssz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yf4zgh19yixmq181g18cf4sssz|03|com"; nocase; ) # 1cpxs7h1sgjevx1dc4oms1racpnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cpxs7h1sgjevx1dc4oms1racpnn|03|biz"; nocase; ) # 2ymjrtx6456krpltkg1n6iuw1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ymjrtx6456krpltkg1n6iuw1|03|net"; nocase; ) # m9gfuw18ie4m71jouz101pr62su.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m9gfuw18ie4m71jouz101pr62su|03|com"; nocase; ) # paox97xfmrryru2rvz11hom5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|paox97xfmrryru2rvz11hom5d|03|net"; nocase; ) # 18osh0u1bklw1xyyw4zh3urnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18osh0u1bklw1xyyw4zh3urnp|03|net"; nocase; ) # 15tlvc3fbl303hftejv19k1nqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tlvc3fbl303hftejv19k1nqc|03|biz"; nocase; ) # 1eop91s1gz6i7v15jfs0vdo8lsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eop91s1gz6i7v15jfs0vdo8lsd|03|net"; nocase; ) # 1edeufyp9j6p2hj312wvu8rvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1edeufyp9j6p2hj312wvu8rvi|03|com"; nocase; ) # qkk26komoi3b1pir5sb1yx9lzb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qkk26komoi3b1pir5sb1yx9lzb|03|biz"; nocase; ) # ehihgz1fxxrlr1u3bow31s86zv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehihgz1fxxrlr1u3bow31s86zv|03|com"; nocase; ) # a0tyfgs3mn9bfqvn6r8qi2lt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a0tyfgs3mn9bfqvn6r8qi2lt|03|net"; nocase; ) # l89qi5da2lmpu0a1gj1ub4epf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l89qi5da2lmpu0a1gj1ub4epf|03|net"; nocase; ) # a7iqw8rzvac51jvv2s8biraf0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a7iqw8rzvac51jvv2s8biraf0|03|biz"; nocase; ) # fya5981uwbp87e39tqknxxg3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fya5981uwbp87e39tqknxxg3|03|net"; nocase; ) # 44glu4ofm31i1kk6eoiq20t0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|44glu4ofm31i1kk6eoiq20t0|03|org"; nocase; ) # 17w5era10phsmmmjxu081pahfn0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17w5era10phsmmmjxu081pahfn0|03|com"; nocase; ) # tdkejvs73zg61oa8tj31dfv3bz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdkejvs73zg61oa8tj31dfv3bz|03|net"; nocase; ) # 112o3av9dt5zvd30btp1fi8lrz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112o3av9dt5zvd30btp1fi8lrz|03|com"; nocase; ) # 1afydkcswfk6i1jw2ofw1r7jnh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1afydkcswfk6i1jw2ofw1r7jnh5|03|net"; nocase; ) # 1addjkpwmdrf1uqnp1l1pah45e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1addjkpwmdrf1uqnp1l1pah45e|03|net"; nocase; ) # gh6qmh1svswoa1iptq511v5t0ij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gh6qmh1svswoa1iptq511v5t0ij|03|net"; nocase; ) # 13d5xk13oiisyln3lez9gcci0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13d5xk13oiisyln3lez9gcci0|03|com"; nocase; ) # 1jeiq281ibnm5jh2z7obn8co5y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jeiq281ibnm5jh2z7obn8co5y|03|org"; nocase; ) # 1ekz0kr1577lnt1l899u0399rw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ekz0kr1577lnt1l899u0399rw3|03|biz"; nocase; ) # 1nhexbo1c2elv5ncnn6w2vbfp8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nhexbo1c2elv5ncnn6w2vbfp8|03|org"; nocase; ) # 770n3h1plvi4r1n3ita42vuto9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|770n3h1plvi4r1n3ita42vuto9|03|biz"; nocase; ) # 32z8qm13q73k15tn5v8o74kpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32z8qm13q73k15tn5v8o74kpz|03|net"; nocase; ) # stvig83h187dpkns141skl64k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|stvig83h187dpkns141skl64k|03|biz"; nocase; ) # un1ode19cf39roffkrr1j2c4x5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|un1ode19cf39roffkrr1j2c4x5|03|net"; nocase; ) # 1y22nvo121fxkq1ychpxc1e1rrji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y22nvo121fxkq1ychpxc1e1rrji|03|com"; nocase; ) # 1oizxd7g3p3umdsgamhz4fk6v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oizxd7g3p3umdsgamhz4fk6v|03|org"; nocase; ) # kk0ba8gprdql1r3wdfg1ubf5s7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kk0ba8gprdql1r3wdfg1ubf5s7|03|biz"; nocase; ) # lvnjzx1m6wdw515sj8fdfjp2hi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lvnjzx1m6wdw515sj8fdfjp2hi|03|biz"; nocase; ) # 9s3lqhsd7w6r15x1dco11j5cqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9s3lqhsd7w6r15x1dco11j5cqu|03|com"; nocase; ) # y6lmu3em7xg3mz8351fmsj0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y6lmu3em7xg3mz8351fmsj0o|03|net"; nocase; ) # 1cao3h917ufe0sqq13bx15s3tet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cao3h917ufe0sqq13bx15s3tet|03|com"; nocase; ) # v7quy3ifkdtjx0rdpo16omlfz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v7quy3ifkdtjx0rdpo16omlfz|03|biz"; nocase; ) # 155xj2l1tlki9e1nbbqhpgi9l6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|155xj2l1tlki9e1nbbqhpgi9l6w|03|net"; nocase; ) # 12e90vkkzogql2z78751joqo5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12e90vkkzogql2z78751joqo5|03|net"; nocase; ) # 184xu7gseqj766amc0f1up5cbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184xu7gseqj766amc0f1up5cbq|03|org"; nocase; ) # 1vqaaokzkpr6h1g6bh3gbljjta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vqaaokzkpr6h1g6bh3gbljjta|03|com"; nocase; ) # 2gdybs1dkj7t5yhylvs1jghz9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2gdybs1dkj7t5yhylvs1jghz9|03|org"; nocase; ) # 11ymsha529jztmmhz1c1kwgvzg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ymsha529jztmmhz1c1kwgvzg|03|com"; nocase; ) # 1aph81azv47nj1blwk6pb7a4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aph81azv47nj1blwk6pb7a4p|03|org"; nocase; ) # 1d8h2lmdfstcfto4my219hy5iz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d8h2lmdfstcfto4my219hy5iz|03|org"; nocase; ) # 1qbb6w2zpyj1q1q62re1piq9a3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qbb6w2zpyj1q1q62re1piq9a3|03|biz"; nocase; ) # 1al5jja1bet9p3lmbl561cxq2f8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1al5jja1bet9p3lmbl561cxq2f8|03|org"; nocase; ) # 18zf41n9nvj2u1vb2v691wdyqgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18zf41n9nvj2u1vb2v691wdyqgo|03|net"; nocase; ) # 1oh9sxz1mj7g56ech1651ihposa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oh9sxz1mj7g56ech1651ihposa|03|biz"; nocase; ) # 1asds21u0c8xeoezvsh15uxyt6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1asds21u0c8xeoezvsh15uxyt6|03|com"; nocase; ) # l3zwwbkmjgx012dakq0zxa1cz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l3zwwbkmjgx012dakq0zxa1cz|03|biz"; nocase; ) # fwjx041lzsw5vd7dwk33uhhlv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fwjx041lzsw5vd7dwk33uhhlv|03|net"; nocase; ) # szb5ws1uk5o111bqze87cqdzuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|szb5ws1uk5o111bqze87cqdzuc|03|net"; nocase; ) # 2vwdce12h4olg1bc8s6915bgvy1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2vwdce12h4olg1bc8s6915bgvy1|03|net"; nocase; ) # 5lh82c4ibohi83gsmrdj0v7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5lh82c4ibohi83gsmrdj0v7l|03|org"; nocase; ) # 1xyinvg1fkjo4akow4kbboc0sk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xyinvg1fkjo4akow4kbboc0sk|03|com"; nocase; ) # 1xvagte1ub7q1j1y7jyupeajp6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvagte1ub7q1j1y7jyupeajp6n|03|org"; nocase; ) # k69a6qo7n9d51pcrlkhg1qfc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k69a6qo7n9d51pcrlkhg1qfc8|03|net"; nocase; ) # qiq03z1eajjs91ph34u019ubmdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qiq03z1eajjs91ph34u019ubmdq|03|com"; nocase; ) # vvgrkp1rye5xw1gxshg11w7ta13.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vvgrkp1rye5xw1gxshg11w7ta13|03|com"; nocase; ) # u9n7lo1fmeo921ictfg8jkwstw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u9n7lo1fmeo921ictfg8jkwstw|03|net"; nocase; ) # 1jd9xur1070moo1s7e5751p2wqdk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jd9xur1070moo1s7e5751p2wqdk|03|com"; nocase; ) # 1my3ayby9vkgh8j1s0e5adj0l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1my3ayby9vkgh8j1s0e5adj0l|03|org"; nocase; ) # 72xlbg18f1p3814afjay19pnm40.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|72xlbg18f1p3814afjay19pnm40|03|biz"; nocase; ) # 1dou2vrkkp8rh185sm9i1q6f94v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dou2vrkkp8rh185sm9i1q6f94v|03|biz"; nocase; ) # va4du81pmgapwd8h9561f8xfve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|va4du81pmgapwd8h9561f8xfve|03|net"; nocase; ) # 1lltzh1tkayfh1q3wlo87wkh2v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lltzh1tkayfh1q3wlo87wkh2v|03|net"; nocase; ) # 1pi8o501ni40y2c1suhnpr3f6y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pi8o501ni40y2c1suhnpr3f6y|03|net"; nocase; ) # 105x66i1g5gcnt1572yaf1iap6q4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|105x66i1g5gcnt1572yaf1iap6q4|03|com"; nocase; ) # sw8c0jt9qq9ea2k21h1wxegkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sw8c0jt9qq9ea2k21h1wxegkv|03|org"; nocase; ) # 1p42rmj71bx4f15m5qxasm686.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p42rmj71bx4f15m5qxasm686|03|biz"; nocase; ) # 4s8tqd1okx7ne1s28pc21rocz39.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4s8tqd1okx7ne1s28pc21rocz39|03|net"; nocase; ) # 1qd0q7yzdsn3c13rchup1kmqjrm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qd0q7yzdsn3c13rchup1kmqjrm|03|biz"; nocase; ) # dhv8681de0rg06ya1o938tnhm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dhv8681de0rg06ya1o938tnhm|03|org"; nocase; ) # 1n6y1tzzfds021detzp511xc143.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n6y1tzzfds021detzp511xc143|03|net"; nocase; ) # ufwbl5u96zi21tyr88b4gmjq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ufwbl5u96zi21tyr88b4gmjq|03|biz"; nocase; ) # 1f323yl1g9klv21sg176j1e4j6gx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f323yl1g9klv21sg176j1e4j6gx|03|com"; nocase; ) # 1a2xcto1b8gqegyt4ycc139yeyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a2xcto1b8gqegyt4ycc139yeyc|03|net"; nocase; ) # 11jc2tc5totne1l9mwzkoui5v2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11jc2tc5totne1l9mwzkoui5v2|03|org"; nocase; ) # 1qm2of259vt351owsoj0pm35e0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qm2of259vt351owsoj0pm35e0|03|org"; nocase; ) # fu9jh1sma1kyowbfwi02cjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|fu9jh1sma1kyowbfwi02cjl|03|net"; nocase; ) # iy56qkw1mp93s3o3k71x91hkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iy56qkw1mp93s3o3k71x91hkr|03|org"; nocase; ) # 1evz95s1gkko5013uy97idf7nl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evz95s1gkko5013uy97idf7nl|03|com"; nocase; ) # 18nzn0d15do7y3w9mcb11yik7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18nzn0d15do7y3w9mcb11yik7v|03|com"; nocase; ) # 1t9qs644p8ipi79gsddu9kitq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t9qs644p8ipi79gsddu9kitq|03|com"; nocase; ) # 8mkqybal1vb5127z0l10o56ud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8mkqybal1vb5127z0l10o56ud|03|net"; nocase; ) # 72ujr3a8qybkh06pwi14mx2y7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72ujr3a8qybkh06pwi14mx2y7|03|org"; nocase; ) # 1xef7oq1ltzskqygzixzwonmvi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xef7oq1ltzskqygzixzwonmvi|03|org"; nocase; ) # 10iano31alfsqr4jgay1i9wgrq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10iano31alfsqr4jgay1i9wgrq|03|com"; nocase; ) # 2rbwy015pzwwl98w8knwusnbb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2rbwy015pzwwl98w8knwusnbb|03|net"; nocase; ) # 1anp1mo1reuvp5cr4kor3x8u0r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1anp1mo1reuvp5cr4kor3x8u0r|03|biz"; nocase; ) # 1wsafl51rz2v3b1dv0cxw12kgk69.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wsafl51rz2v3b1dv0cxw12kgk69|03|org"; nocase; ) # 1gzos7fpkq9nap79if147vyed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gzos7fpkq9nap79if147vyed|03|com"; nocase; ) # 1chbsz7198n9kj1i9chbg1pfel3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1chbsz7198n9kj1i9chbg1pfel3m|03|net"; nocase; ) # skgzvy3vra5kt81lxb17hssmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|skgzvy3vra5kt81lxb17hssmf|03|net"; nocase; ) # 1ok6d371p3ueyw17fo5uuao296n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ok6d371p3ueyw17fo5uuao296n|03|org"; nocase; ) # 775vqkhgvuxso2ydjon03p71.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|775vqkhgvuxso2ydjon03p71|03|com"; nocase; ) # u6jwvtgjt41l14f72o1136pctd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u6jwvtgjt41l14f72o1136pctd|03|biz"; nocase; ) # 1kpmh2iwu786l1f24k5r1gqramu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kpmh2iwu786l1f24k5r1gqramu|03|org"; nocase; ) # 17rd63y13toaj3ugior2161j1c0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rd63y13toaj3ugior2161j1c0|03|net"; nocase; ) # pj17vt1dxp1149qjmtgn0e07g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pj17vt1dxp1149qjmtgn0e07g|03|org"; nocase; ) # dgo4m6q2luke11dct88jkq77o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dgo4m6q2luke11dct88jkq77o|03|com"; nocase; ) # 15qg0ipem93fh1q3gkvfjf022s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15qg0ipem93fh1q3gkvfjf022s|03|biz"; nocase; ) # l1i13xrawet618q5hav5oltnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l1i13xrawet618q5hav5oltnt|03|net"; nocase; ) # 134u4hr1dxyuhgkqfvfv43k9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|134u4hr1dxyuhgkqfvfv43k9|03|net"; nocase; ) # 1w1712v1m4zfni1pry5orm2joiv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w1712v1m4zfni1pry5orm2joiv|03|biz"; nocase; ) # l2uxg118oiq6o1b47gr01hgmvsr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l2uxg118oiq6o1b47gr01hgmvsr|03|biz"; nocase; ) # s1pnuobukvyj1s0v1151kpv8f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s1pnuobukvyj1s0v1151kpv8f6|03|net"; nocase; ) # m0bqy21wfalp33gh280g7hpey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m0bqy21wfalp33gh280g7hpey|03|net"; nocase; ) # 1oqxefl7xegp1atfiea9cewag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oqxefl7xegp1atfiea9cewag|03|biz"; nocase; ) # 1sjjcaf49ohkk1y5na3k16sky20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sjjcaf49ohkk1y5na3k16sky20|03|net"; nocase; ) # lbsjrz1sqe9uf1psqqw51ii9bqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lbsjrz1sqe9uf1psqqw51ii9bqx|03|biz"; nocase; ) # 1pt1rzbo0mqma1kgf2fi1fjlelv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pt1rzbo0mqma1kgf2fi1fjlelv|03|com"; nocase; ) # 1vhtitndj805i1qujnwe1sb8yz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vhtitndj805i1qujnwe1sb8yz7|03|com"; nocase; ) # n4nvli1ayifxllwq31y17nqwhr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4nvli1ayifxllwq31y17nqwhr|03|biz"; nocase; ) # k6tx8g14cgfe2tw4n3s5b1rp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k6tx8g14cgfe2tw4n3s5b1rp|03|org"; nocase; ) # 1l5yohychbul410m2e1419t5prc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5yohychbul410m2e1419t5prc|03|biz"; nocase; ) # 1i82wbkwn2ypr1seqy7w1gmidoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i82wbkwn2ypr1seqy7w1gmidoy|03|biz"; nocase; ) # lwzffh1eip5mh13cbjkofrcmq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lwzffh1eip5mh13cbjkofrcmq4|03|org"; nocase; ) # jl8vpi2l9z3zb6dng11mrbzps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jl8vpi2l9z3zb6dng11mrbzps|03|net"; nocase; ) # 14a3xaz1303beqrz9ngfc4i7o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14a3xaz1303beqrz9ngfc4i7o|03|biz"; nocase; ) # lh790034phf156gpsv20zxc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|lh790034phf156gpsv20zxc|03|com"; nocase; ) # 1riz4tl1hpaahr1t5kd0gr6iyqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1riz4tl1hpaahr1t5kd0gr6iyqg|03|org"; nocase; ) # 1qodftq1umhyi656bmgydjpz38.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qodftq1umhyi656bmgydjpz38|03|net"; nocase; ) # 1a76qgjy9l4cn1i3oi391hcqp8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a76qgjy9l4cn1i3oi391hcqp8m|03|com"; nocase; ) # 1h0ahia1pplgcz1p95xait1qpth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h0ahia1pplgcz1p95xait1qpth|03|org"; nocase; ) # 14d2akvwwcfhvg1i9m21in37qz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14d2akvwwcfhvg1i9m21in37qz|03|net"; nocase; ) # 1xux9cg16yuvck1z0v6ig1rr08xj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xux9cg16yuvck1z0v6ig1rr08xj|03|com"; nocase; ) # pke2ui6go6wz1qhcms2a1lllt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pke2ui6go6wz1qhcms2a1lllt|03|net"; nocase; ) # 17ehq7dnfqgob13xqc0ho7ykr5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ehq7dnfqgob13xqc0ho7ykr5|03|net"; nocase; ) # 1wwhxag1291jwasz6w68vc72jq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwhxag1291jwasz6w68vc72jq|03|org"; nocase; ) # 1041y765uv76kwccfphd91g3j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1041y765uv76kwccfphd91g3j|03|net"; nocase; ) # bhb5cm5nml4q18iywxn12zefkg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bhb5cm5nml4q18iywxn12zefkg|03|com"; nocase; ) # 1hbxu0urly7ok1sl3plj1khuhxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hbxu0urly7ok1sl3plj1khuhxk|03|net"; nocase; ) # 9m17id1r2ctgd1ixgek94xvjts.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9m17id1r2ctgd1ixgek94xvjts|03|biz"; nocase; ) # 1wz1pji1qlblk7c8muth1ls76q5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wz1pji1qlblk7c8muth1ls76q5|03|net"; nocase; ) # 474f7517api43128fxb516xxrtl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|474f7517api43128fxb516xxrtl|03|org"; nocase; ) # 1piszc1182gq2o1gd437q11bpx99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1piszc1182gq2o1gd437q11bpx99|03|net"; nocase; ) # 1gn2wk2medtw7mwz0c71aqq12g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gn2wk2medtw7mwz0c71aqq12g|03|com"; nocase; ) # n45an7z41g261yhyhmv1uq9rdp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n45an7z41g261yhyhmv1uq9rdp|03|net"; nocase; ) # 2948m8qoowtx1dnvhu91oolevb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2948m8qoowtx1dnvhu91oolevb|03|biz"; nocase; ) # 1oz0sgirhszsa197tnch1728n6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oz0sgirhszsa197tnch1728n6e|03|org"; nocase; ) # 7hhozyx9k53tjc34hl186vh2n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7hhozyx9k53tjc34hl186vh2n|03|biz"; nocase; ) # 1dclbb81ukohe41ockyoo186jzuj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dclbb81ukohe41ockyoo186jzuj|03|org"; nocase; ) # 1e2998itin46s59g7pk1qxlui8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e2998itin46s59g7pk1qxlui8|03|com"; nocase; ) # hbvxx819348k91p38mllqd9xja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hbvxx819348k91p38mllqd9xja|03|net"; nocase; ) # 1a0i9647st4701ls47os1i8zk5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a0i9647st4701ls47os1i8zk5n|03|net"; nocase; ) # 11sjq8wcgc0149ofl9t2cs7zp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11sjq8wcgc0149ofl9t2cs7zp|03|com"; nocase; ) # 1h60col1bc3kl2xjadcocs15nr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h60col1bc3kl2xjadcocs15nr|03|com"; nocase; ) # 1vnh1ouizqocha1r1n81vii4lv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vnh1ouizqocha1r1n81vii4lv|03|com"; nocase; ) # 1yqpexd4eq468bljlra3pgl21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yqpexd4eq468bljlra3pgl21|03|biz"; nocase; ) # 1ta8l871b1tx0b7lbm56t1kwjy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ta8l871b1tx0b7lbm56t1kwjy|03|net"; nocase; ) # 1hawe05gorh5z1s8fd4wjlsgh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hawe05gorh5z1s8fd4wjlsgh4|03|org"; nocase; ) # 2m046udnqg8c1le293aa69772.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2m046udnqg8c1le293aa69772|03|net"; nocase; ) # 189xm7wnz6ymn8wjbuhscl6gj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|189xm7wnz6ymn8wjbuhscl6gj|03|biz"; nocase; ) # 6d2q4w1us2uy3sl6t6k10tlhw8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6d2q4w1us2uy3sl6t6k10tlhw8|03|com"; nocase; ) # 4i8plbx0hyc8jq372kjwl1p5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4i8plbx0hyc8jq372kjwl1p5|03|biz"; nocase; ) # 1sxzwwun7ecou1jigyu41jkmkld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sxzwwun7ecou1jigyu41jkmkld|03|com"; nocase; ) # 1eau6vr135wqhipfi90b2bnwyr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eau6vr135wqhipfi90b2bnwyr|03|com"; nocase; ) # p8t2rx7l42e81qaz0lqwuczjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p8t2rx7l42e81qaz0lqwuczjl|03|org"; nocase; ) # 2ylew71n7vnyf1kkm1klkmoz73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ylew71n7vnyf1kkm1klkmoz73|03|net"; nocase; ) # o2ogna1lhc8hh3n9vhl1nsuhun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o2ogna1lhc8hh3n9vhl1nsuhun|03|net"; nocase; ) # 18paatu1ig5g75mzd0bv811reg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18paatu1ig5g75mzd0bv811reg|03|org"; nocase; ) # bbd9j8ye4567xh5vqkmv9i1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bbd9j8ye4567xh5vqkmv9i1q|03|net"; nocase; ) # 13o0fwvts989z1nwjzt1mh6q2o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13o0fwvts989z1nwjzt1mh6q2o|03|com"; nocase; ) # pil85b1oqz7jr1s0k38mxkeg21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pil85b1oqz7jr1s0k38mxkeg21|03|biz"; nocase; ) # 1sz79ql1agtetixuqpow186tbjm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sz79ql1agtetixuqpow186tbjm|03|net"; nocase; ) # 1kltdi61xur9949salbiy169qi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kltdi61xur9949salbiy169qi|03|org"; nocase; ) # 19rd9kme7zrfw1svojkd13wtsqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19rd9kme7zrfw1svojkd13wtsqx|03|biz"; nocase; ) # 1ps4xepifg1f1161iua39maxhk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ps4xepifg1f1161iua39maxhk|03|org"; nocase; ) # 1o2m383osvj3714riiq5e87tmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o2m383osvj3714riiq5e87tmo|03|net"; nocase; ) # 1hhu5wh84xzand78el0jvpm78.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hhu5wh84xzand78el0jvpm78|03|com"; nocase; ) # 11cbduy1420eqhr28ysd12kgx42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11cbduy1420eqhr28ysd12kgx42|03|net"; nocase; ) # nxgqgl1j3utyp1m3z8a61ew1twd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nxgqgl1j3utyp1m3z8a61ew1twd|03|net"; nocase; ) # 4239zb6dzeoi1b5nbsqh3fms2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4239zb6dzeoi1b5nbsqh3fms2|03|net"; nocase; ) # 1mqdpt41rx0y5wa76cic14a1el6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqdpt41rx0y5wa76cic14a1el6|03|biz"; nocase; ) # ks9grc18qnjcbcetobot2i9o5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ks9grc18qnjcbcetobot2i9o5|03|org"; nocase; ) # 149vsgqmulkkc1eexmzg1a3xcuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|149vsgqmulkkc1eexmzg1a3xcuz|03|com"; nocase; ) # vyniggaltvlf79zlja20mxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|vyniggaltvlf79zlja20mxq|03|biz"; nocase; ) # xz82oc1oo8eso9djqwu1mzaopn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xz82oc1oo8eso9djqwu1mzaopn|03|org"; nocase; ) # 1dr3qlxez7qwi79x0pe42br4l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dr3qlxez7qwi79x0pe42br4l|03|org"; nocase; ) # j1wzi183gd1l1hs9v8yi26g29.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j1wzi183gd1l1hs9v8yi26g29|03|net"; nocase; ) # b462qlfrnxka176t72m20985u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b462qlfrnxka176t72m20985u|03|com"; nocase; ) # 1a188lq1exw98tex6i3qopkda3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a188lq1exw98tex6i3qopkda3|03|org"; nocase; ) # 13wmax916emo5gz692yh31fjv6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13wmax916emo5gz692yh31fjv6|03|org"; nocase; ) # 4yamj1pu19lw4ioaydyvxc1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4yamj1pu19lw4ioaydyvxc1n|03|net"; nocase; ) # 1mdw87nwwg9l1bi3e741ildtcz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mdw87nwwg9l1bi3e741ildtcz|03|com"; nocase; ) # yufpx132bn4h164zdm41nqohrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yufpx132bn4h164zdm41nqohrg|03|net"; nocase; ) # i0vmaf1axu3u61q9xyy1w8revj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i0vmaf1axu3u61q9xyy1w8revj|03|org"; nocase; ) # dfd7v51w2jynva51pm7z32qj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfd7v51w2jynva51pm7z32qj6|03|net"; nocase; ) # 1o2l8uu3yxgiv1piupid18miu6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2l8uu3yxgiv1piupid18miu6u|03|com"; nocase; ) # 1hup3sdzdf2fu8o41nnciz272.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hup3sdzdf2fu8o41nnciz272|03|net"; nocase; ) # grdnsaaiwk801h4hm0marcmro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|grdnsaaiwk801h4hm0marcmro|03|net"; nocase; ) # 1vt7nkf1fqxcc4120737o1q50qc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vt7nkf1fqxcc4120737o1q50qc6|03|com"; nocase; ) # 3xgfwea9gmaz1je5wyo8cz73l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3xgfwea9gmaz1je5wyo8cz73l|03|com"; nocase; ) # pjaacy1j0mmw064lavshubk9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pjaacy1j0mmw064lavshubk9m|03|com"; nocase; ) # 1eksq0pwyt1qz3enutz1d3ga8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eksq0pwyt1qz3enutz1d3ga8g|03|com"; nocase; ) # h22lxbcsxzftq7w5298phys9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h22lxbcsxzftq7w5298phys9|03|com"; nocase; ) # 1mwehb1lb741wmks1z0ecwpb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mwehb1lb741wmks1z0ecwpb1|03|net"; nocase; ) # 1ltw1zj1i1j83b1c8adt6176hntc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ltw1zj1i1j83b1c8adt6176hntc|03|org"; nocase; ) # 1ks0qit1cr7emtvgufve2rumam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ks0qit1cr7emtvgufve2rumam|03|net"; nocase; ) # 1nd63jd1pj9mxy1x1zp4yz9s3fr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nd63jd1pj9mxy1x1zp4yz9s3fr|03|com"; nocase; ) # r5eromc2gdn1bo7hyy13eytxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r5eromc2gdn1bo7hyy13eytxo|03|org"; nocase; ) # 5uqq8mqcegix1tsk271czhigt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5uqq8mqcegix1tsk271czhigt|03|net"; nocase; ) # 1kpytdl11qdi896l19gkvh6yyp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpytdl11qdi896l19gkvh6yyp|03|org"; nocase; ) # 1qblu631rpd08h2oth3peg1lhc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qblu631rpd08h2oth3peg1lhc|03|net"; nocase; ) # 87wqk1oq4utw2pt8ci693fr9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|87wqk1oq4utw2pt8ci693fr9|03|com"; nocase; ) # 1m3yqk0t9yntok085x31hldvtu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m3yqk0t9yntok085x31hldvtu|03|com"; nocase; ) # q6ymake3qrao18d1cdqyxxinr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6ymake3qrao18d1cdqyxxinr|03|org"; nocase; ) # 1pnofap6ro9kkb4qncoj68him.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pnofap6ro9kkb4qncoj68him|03|net"; nocase; ) # 1ls36qz1nf81tp18hec4s1m8q9on.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ls36qz1nf81tp18hec4s1m8q9on|03|com"; nocase; ) # olggro1iiidj7v7ad081643yx9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|olggro1iiidj7v7ad081643yx9|03|com"; nocase; ) # 7u8dbk173g35yqhlg96n4bq7w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7u8dbk173g35yqhlg96n4bq7w|03|biz"; nocase; ) # 1yz7qx45ry5s8eix8l68hpn5u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yz7qx45ry5s8eix8l68hpn5u|03|com"; nocase; ) # 1nhqq681uxcj0eunvcbxhux01c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nhqq681uxcj0eunvcbxhux01c|03|biz"; nocase; ) # 1am203x1rv9ziypsv8olvuxwg6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1am203x1rv9ziypsv8olvuxwg6|03|biz"; nocase; ) # 1surzszb8dfoy1epkel42sjpwr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1surzszb8dfoy1epkel42sjpwr|03|com"; nocase; ) # 1hawx8u16280dp8iysvciob1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hawx8u16280dp8iysvciob1d|03|net"; nocase; ) # nxluppaijija1ef84l91pmux5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nxluppaijija1ef84l91pmux5|03|biz"; nocase; ) # 1ts09kd3u0ighjq49uxmqhesu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ts09kd3u0ighjq49uxmqhesu|03|net"; nocase; ) # 8stmw1o057tv1po3yxo10g8od0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8stmw1o057tv1po3yxo10g8od0|03|org"; nocase; ) # 1jo5zj65bi84ylz2sfexisziv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jo5zj65bi84ylz2sfexisziv|03|org"; nocase; ) # zuhivehbwhy117lnl9z264gjm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zuhivehbwhy117lnl9z264gjm|03|biz"; nocase; ) # 1g2uabuguklosbdlxeot8k87e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g2uabuguklosbdlxeot8k87e|03|net"; nocase; ) # 1n9hge44uibw1xqqv1h11vacfo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n9hge44uibw1xqqv1h11vacfo|03|org"; nocase; ) # 1ew54pok1vpyg1fjf1kq9wxv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ew54pok1vpyg1fjf1kq9wxv8|03|com"; nocase; ) # 7sldb01ijb8koctpx435dinsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7sldb01ijb8koctpx435dinsy|03|org"; nocase; ) # 1d1sz54ipglf7bfwh58sveeia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d1sz54ipglf7bfwh58sveeia|03|com"; nocase; ) # x3280b8klgrn151fof5qf193d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x3280b8klgrn151fof5qf193d|03|biz"; nocase; ) # m90jn0g955y3139xiibvhh6rd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m90jn0g955y3139xiibvhh6rd|03|org"; nocase; ) # 19sltni22exo1krp8051amrh33.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19sltni22exo1krp8051amrh33|03|biz"; nocase; ) # gegn5titefsd1s7tdxok5tukt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gegn5titefsd1s7tdxok5tukt|03|com"; nocase; ) # 1qgssobf1ehrogw6vb6k44xe0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qgssobf1ehrogw6vb6k44xe0|03|biz"; nocase; ) # 1gm81svbwpdlh7s0ej71gabhm6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gm81svbwpdlh7s0ej71gabhm6|03|com"; nocase; ) # 11fb75s1bc2z8x9ieb24a3o78n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11fb75s1bc2z8x9ieb24a3o78n|03|net"; nocase; ) # 1icjkgt10t8ur21kgb8mh10fiwv0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1icjkgt10t8ur21kgb8mh10fiwv0|03|biz"; nocase; ) # 1bgrma215wew5nib2ljdm3q8xg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bgrma215wew5nib2ljdm3q8xg|03|org"; nocase; ) # 5zsfyx3z6ogs1i4b09udlwp0e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5zsfyx3z6ogs1i4b09udlwp0e|03|net"; nocase; ) # 1579dip1i95fpsmfc1b21wh5c1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1579dip1i95fpsmfc1b21wh5c1|03|com"; nocase; ) # 19ka2eq1gn5duxh022dm1gwblf8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ka2eq1gn5duxh022dm1gwblf8|03|biz"; nocase; ) # 10kx46d1t4x03d2ar7oa12l9z7n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10kx46d1t4x03d2ar7oa12l9z7n|03|net"; nocase; ) # 1dsalhhsbh09z1h0qbebx4m42q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dsalhhsbh09z1h0qbebx4m42q|03|org"; nocase; ) # ur5dii1h78nbzubtfekhte6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ur5dii1h78nbzubtfekhte6e|03|net"; nocase; ) # 13p0yjl13p6p5te8me6yd04sdz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13p0yjl13p6p5te8me6yd04sdz|03|biz"; nocase; ) # t78fin1avzajl1shnho2icbchh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t78fin1avzajl1shnho2icbchh|03|org"; nocase; ) # bhn4tokop3wsze0ydi6f6ob6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bhn4tokop3wsze0ydi6f6ob6|03|org"; nocase; ) # 1ng4enm1yks7wu1vgo28qipdidi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ng4enm1yks7wu1vgo28qipdidi|03|com"; nocase; ) # 1ss5gghl1dtxr189fja2w08f9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ss5gghl1dtxr189fja2w08f9v|03|net"; nocase; ) # wdlw7i1wrl83h2vq6sn137zke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wdlw7i1wrl83h2vq6sn137zke|03|org"; nocase; ) # fieos612zqe9u2yi2b39vcm6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fieos612zqe9u2yi2b39vcm6v|03|com"; nocase; ) # 10uq4uovjz5kt1wo0oa5bstw67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10uq4uovjz5kt1wo0oa5bstw67|03|com"; nocase; ) # 1lavfh2z0a8yd132m8vcm2fbnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lavfh2z0a8yd132m8vcm2fbnv|03|org"; nocase; ) # 1wfog2cqqix125r3cke1oc7j9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wfog2cqqix125r3cke1oc7j9j|03|net"; nocase; ) # 17uy7o84v510g18m588m1is3aui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uy7o84v510g18m588m1is3aui|03|biz"; nocase; ) # 1nc80r1syexnm1k39z9lwr53go.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nc80r1syexnm1k39z9lwr53go|03|net"; nocase; ) # 1m5jl8c1nc4l0y1878zc5o4vcyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m5jl8c1nc4l0y1878zc5o4vcyu|03|net"; nocase; ) # 4pg8lm58ez45yzkrsugyl2xn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4pg8lm58ez45yzkrsugyl2xn|03|org"; nocase; ) # 65mb1g3q5o13vs2jb11hx7ikz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|65mb1g3q5o13vs2jb11hx7ikz|03|biz"; nocase; ) # 776jocos1v431098vkf3vd5fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|776jocos1v431098vkf3vd5fp|03|net"; nocase; ) # 1a0f03fc3u9t25a5dqep8gi9g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a0f03fc3u9t25a5dqep8gi9g|03|net"; nocase; ) # ifneenahr1yr1ifrjawhc9w9w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ifneenahr1yr1ifrjawhc9w9w|03|biz"; nocase; ) # 1hpv6kav4s22a1ctn848luboi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hpv6kav4s22a1ctn848luboi|03|com"; nocase; ) # 1sqbo7d1nejz7p96iesmfk93l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sqbo7d1nejz7p96iesmfk93l|03|net"; nocase; ) # shn4bn1bb9jf0ba68zk14e0834.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shn4bn1bb9jf0ba68zk14e0834|03|org"; nocase; ) # b67m2n1vutxts18u70qxut0ln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b67m2n1vutxts18u70qxut0ln|03|org"; nocase; ) # 18krtx21bh6uc114ioqp3y70d7p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18krtx21bh6uc114ioqp3y70d7p|03|net"; nocase; ) # j97ztk4rueb9841u8fajkkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|j97ztk4rueb9841u8fajkkm|03|org"; nocase; ) # 1ygdo1gegx2i31h4eqxw1017v21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ygdo1gegx2i31h4eqxw1017v21|03|net"; nocase; ) # pa97ji18c6pc72ehx2ghgab8l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pa97ji18c6pc72ehx2ghgab8l|03|biz"; nocase; ) # 1rxktvf5g5tcl1glfxnq73an6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rxktvf5g5tcl1glfxnq73an6h|03|net"; nocase; ) # jt94uh1dpbouqzcer4mjkygo7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jt94uh1dpbouqzcer4mjkygo7|03|org"; nocase; ) # bol4le183jq1v1u0kzki11pnlea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bol4le183jq1v1u0kzki11pnlea|03|biz"; nocase; ) # bljvkpn4nf201ccljhwshof9s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bljvkpn4nf201ccljhwshof9s|03|net"; nocase; ) # r2nvchmesrha14e80mkgv1yi1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r2nvchmesrha14e80mkgv1yi1|03|com"; nocase; ) # 1mh7afpbas0yz5fnsqg31o9xy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mh7afpbas0yz5fnsqg31o9xy|03|com"; nocase; ) # ucf9do18i9kdb1qjcfm317x0r3n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ucf9do18i9kdb1qjcfm317x0r3n|03|biz"; nocase; ) # ew1tjt3j0d8uqdtdnp1klj6g6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ew1tjt3j0d8uqdtdnp1klj6g6|03|net"; nocase; ) # 9khn7j1ch3fkrnvubdr59iuj7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9khn7j1ch3fkrnvubdr59iuj7|03|biz"; nocase; ) # ksis261k99en216cfxlwu5xgdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ksis261k99en216cfxlwu5xgdf|03|com"; nocase; ) # 1lnmxg81uqgayv16p1adn1v83fw0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lnmxg81uqgayv16p1adn1v83fw0|03|biz"; nocase; ) # 9ygj6q16720778p79vw1c4ylkf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ygj6q16720778p79vw1c4ylkf|03|biz"; nocase; ) # ks6o5hsdi0dh1b6c65nreu7wz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ks6o5hsdi0dh1b6c65nreu7wz|03|net"; nocase; ) # 1eapapv1o7vu5m1ldoqv71l67v6b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eapapv1o7vu5m1ldoqv71l67v6b|03|org"; nocase; ) # 3gygb3gpjzs6z709pg1ikyfrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3gygb3gpjzs6z709pg1ikyfrd|03|com"; nocase; ) # kgeysu1yoy2nu1cdwqmjmqnns6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kgeysu1yoy2nu1cdwqmjmqnns6|03|biz"; nocase; ) # 1ghl7y0azp8ux1jpv4ix17g5tzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghl7y0azp8ux1jpv4ix17g5tzv|03|net"; nocase; ) # 16w2eoo1mihbuj1tb9z7q1kbi907.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16w2eoo1mihbuj1tb9z7q1kbi907|03|org"; nocase; ) # 16hg0qeqc5v3v734rx31txq4c7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16hg0qeqc5v3v734rx31txq4c7|03|net"; nocase; ) # 1qj85gxjotpnblv78jj1c9wzca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qj85gxjotpnblv78jj1c9wzca|03|com"; nocase; ) # ay1gvy1bay3151hlf5zfavx7tj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ay1gvy1bay3151hlf5zfavx7tj|03|net"; nocase; ) # 1xc4lxn9l1sav1afvyqjzopvyd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xc4lxn9l1sav1afvyqjzopvyd|03|net"; nocase; ) # 1iqsqmz1x4ad6o1i0oa6n18ys7oo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iqsqmz1x4ad6o1i0oa6n18ys7oo|03|org"; nocase; ) # 1842xnu1kwd1ph1q4ff06w7fev3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1842xnu1kwd1ph1q4ff06w7fev3|03|com"; nocase; ) # 8nfvj51pgad8vp1gq4p6vaj7s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8nfvj51pgad8vp1gq4p6vaj7s|03|net"; nocase; ) # 1081kzrwf2xy43nurzxnw3mk1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1081kzrwf2xy43nurzxnw3mk1|03|biz"; nocase; ) # 148gkcv1w2cq67ecimp616efjm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|148gkcv1w2cq67ecimp616efjm4|03|com"; nocase; ) # 1sco60s11nxk2m1i5oy9fsgauqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sco60s11nxk2m1i5oy9fsgauqr|03|net"; nocase; ) # mjerkrlpbc421agsm9nsmmtwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mjerkrlpbc421agsm9nsmmtwc|03|com"; nocase; ) # 8ck2gcq2suug1f13nvcge0e21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ck2gcq2suug1f13nvcge0e21|03|net"; nocase; ) # 1jd2m8m12onatc1k2983w1fgqwhz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jd2m8m12onatc1k2983w1fgqwhz|03|org"; nocase; ) # gs6imx19bejeqfh3ffr1s3gje1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gs6imx19bejeqfh3ffr1s3gje1|03|net"; nocase; ) # 1oo1hva1t9seak1cuq4lr2i0cm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oo1hva1t9seak1cuq4lr2i0cm8|03|net"; nocase; ) # 7j3b3afnmnly7td5xm19t1857.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7j3b3afnmnly7td5xm19t1857|03|net"; nocase; ) # w8469o15l3qli36mgftkm03nj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8469o15l3qli36mgftkm03nj|03|biz"; nocase; ) # cx3f81lvmnjgjtzk7c17sznqb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cx3f81lvmnjgjtzk7c17sznqb|03|org"; nocase; ) # 1ygl28q9zmunf1eih5e9r92y6b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygl28q9zmunf1eih5e9r92y6b|03|net"; nocase; ) # 14n1etc1xd0rkq1rk00vst0duzp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14n1etc1xd0rkq1rk00vst0duzp|03|biz"; nocase; ) # 1lb5egp1lxl9xc1wrctvy1sv2qwf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lb5egp1lxl9xc1wrctvy1sv2qwf|03|org"; nocase; ) # w8wafl18pjz6bdk8i6nweu5sv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8wafl18pjz6bdk8i6nweu5sv|03|biz"; nocase; ) # 1jr9j74b18guki349xp7sb1jx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jr9j74b18guki349xp7sb1jx|03|net"; nocase; ) # uuwwi9k12g6pxfgd103atws1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uuwwi9k12g6pxfgd103atws1|03|net"; nocase; ) # x3mfix139sgqwd9s6cujchg1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x3mfix139sgqwd9s6cujchg1k|03|net"; nocase; ) # rz2uih1kxdyakdgsw458dbzwl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rz2uih1kxdyakdgsw458dbzwl|03|org"; nocase; ) # 1ewe8wpl4njrv1d84i8i1x88kko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ewe8wpl4njrv1d84i8i1x88kko|03|net"; nocase; ) # 1apsr1d10asiq61h3kexu1o2k7u5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1apsr1d10asiq61h3kexu1o2k7u5|03|org"; nocase; ) # 1nd2xxf1oq61lkyauoekz3d5z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nd2xxf1oq61lkyauoekz3d5z4|03|org"; nocase; ) # 6t5j941hqwz38qmnsj51xhcdom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6t5j941hqwz38qmnsj51xhcdom|03|com"; nocase; ) # u9i8s1ot0abuqxmkybwwmiqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u9i8s1ot0abuqxmkybwwmiqv|03|com"; nocase; ) # tsbkp3m3byvoqrhs3xzrer7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tsbkp3m3byvoqrhs3xzrer7t|03|net"; nocase; ) # 1d9lzpzdw8jjm1sz0674v0810y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d9lzpzdw8jjm1sz0674v0810y|03|org"; nocase; ) # icv0wk1rx4dh418i3h6h14pqtn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|icv0wk1rx4dh418i3h6h14pqtn|03|org"; nocase; ) # 9cm55i1d7p9371qwf4wi13rxscn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9cm55i1d7p9371qwf4wi13rxscn|03|net"; nocase; ) # bjwuit64grjg1diqtrdg97xez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjwuit64grjg1diqtrdg97xez|03|org"; nocase; ) # 1s80hxslc972rd2g7jtsx4oqg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s80hxslc972rd2g7jtsx4oqg|03|com"; nocase; ) # 14xoxwu14n33l414ckerk1597z8o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14xoxwu14n33l414ckerk1597z8o|03|net"; nocase; ) # qe4kw9b1zuvh1480rboc3l8cy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qe4kw9b1zuvh1480rboc3l8cy|03|com"; nocase; ) # 1t3u19d3zi9z9g9nupx1gyfiz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t3u19d3zi9z9g9nupx1gyfiz0|03|org"; nocase; ) # uaukgvxc7fy81sfaybwq0td9b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uaukgvxc7fy81sfaybwq0td9b|03|net"; nocase; ) # q8n42ulfswuzrqm9k714j3a82.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q8n42ulfswuzrqm9k714j3a82|03|net"; nocase; ) # 7p50yvu6uw0g1su9sei1moq1hz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7p50yvu6uw0g1su9sei1moq1hz|03|com"; nocase; ) # 1owdednqo4am8apz66kvvi5ho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1owdednqo4am8apz66kvvi5ho|03|net"; nocase; ) # 13zmhyc1mbxp8qddlequ4qzdxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13zmhyc1mbxp8qddlequ4qzdxs|03|net"; nocase; ) # 1yfjwsle5oin1ks5nci1ywwtur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yfjwsle5oin1ks5nci1ywwtur|03|net"; nocase; ) # 8l0w4g1blxhm11atvngq9uyb57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8l0w4g1blxhm11atvngq9uyb57|03|com"; nocase; ) # zpfuficwlz1eu3h5cv1vsofar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zpfuficwlz1eu3h5cv1vsofar|03|com"; nocase; ) # 1vel4zk19oh0s8rn6sc15cuxbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vel4zk19oh0s8rn6sc15cuxbl|03|net"; nocase; ) # jt6ob7vrw8vvst5h251c8gmoe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jt6ob7vrw8vvst5h251c8gmoe|03|net"; nocase; ) # 1qiq5m91q024w4fhsg3x1bktupq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qiq5m91q024w4fhsg3x1bktupq|03|org"; nocase; ) # v4j8vmm34akm1jg6t5r15ow39j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4j8vmm34akm1jg6t5r15ow39j|03|com"; nocase; ) # a17dwavlegy61pu29sy1jpuid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a17dwavlegy61pu29sy1jpuid|03|net"; nocase; ) # zbqtqqgabfns1r271pl1g8jsrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zbqtqqgabfns1r271pl1g8jsrd|03|com"; nocase; ) # mz39zhqcaljs1vtndfgp9zf7k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mz39zhqcaljs1vtndfgp9zf7k|03|org"; nocase; ) # 1ns56cwi0gpwjgb52hu1g5rba3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ns56cwi0gpwjgb52hu1g5rba3|03|net"; nocase; ) # 8l79efqo3m416nkizm1qvespt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8l79efqo3m416nkizm1qvespt|03|org"; nocase; ) # 1hwyinb19st2vi1mvr9la80ngw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwyinb19st2vi1mvr9la80ngw4|03|org"; nocase; ) # 1seaw3qqof2ze47gyfvx5uky5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1seaw3qqof2ze47gyfvx5uky5|03|com"; nocase; ) # inmkt1vv1bjv1h3sdr0v1u8ib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|inmkt1vv1bjv1h3sdr0v1u8ib|03|net"; nocase; ) # qq3l8wzx8lso1l2gzrdrkj48j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qq3l8wzx8lso1l2gzrdrkj48j|03|net"; nocase; ) # tmhtwinzz2ez4sa5b2d4z6nl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tmhtwinzz2ez4sa5b2d4z6nl|03|biz"; nocase; ) # qte6g11e36t3l1dthrbf59pvdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qte6g11e36t3l1dthrbf59pvdd|03|com"; nocase; ) # 1ix2bjlvnu9w01hxion01jjo3va.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ix2bjlvnu9w01hxion01jjo3va|03|net"; nocase; ) # r6fs28eenbiyaa60x6y19vuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r6fs28eenbiyaa60x6y19vuy|03|net"; nocase; ) # 4taq861kkexw4xkautbxuieue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4taq861kkexw4xkautbxuieue|03|com"; nocase; ) # 10es7orxbhau1lyeyys1rixcs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10es7orxbhau1lyeyys1rixcs4|03|net"; nocase; ) # rft5r11djkmnzj0nf0j5ubufj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rft5r11djkmnzj0nf0j5ubufj|03|com"; nocase; ) # 1v4qx6d1a9evus18npsiznbtgmk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4qx6d1a9evus18npsiznbtgmk|03|net"; nocase; ) # 1lw5ciw1eepgqb103zv2p1wporb5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lw5ciw1eepgqb103zv2p1wporb5|03|net"; nocase; ) # 1ehfdtmbfp0dh19j4bt311zz37i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ehfdtmbfp0dh19j4bt311zz37i|03|biz"; nocase; ) # k92qbr1u9dqkxnnkyq11wi8ubo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k92qbr1u9dqkxnnkyq11wi8ubo|03|com"; nocase; ) # q067kwea0tb91kyk64i1l2lk9s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q067kwea0tb91kyk64i1l2lk9s|03|net"; nocase; ) # 1uyrngrq9t50uzo8kvldliy9z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uyrngrq9t50uzo8kvldliy9z|03|org"; nocase; ) # 12rtf1asejb4b11bx0in1sdj1s0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12rtf1asejb4b11bx0in1sdj1s0|03|org"; nocase; ) # 1pcuighfvyf08tsrr96iqqrjp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pcuighfvyf08tsrr96iqqrjp|03|com"; nocase; ) # 1h3kxbb12b84scyjze5s1myadb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3kxbb12b84scyjze5s1myadb4|03|org"; nocase; ) # 17isjavhgd0g8lwqy5owlo96p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17isjavhgd0g8lwqy5owlo96p|03|net"; nocase; ) # ye5zu6fucwtd1zwlv0l1kmbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ye5zu6fucwtd1zwlv0l1kmbe|03|net"; nocase; ) # uhoo3712iaim91piml8evjyarq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uhoo3712iaim91piml8evjyarq|03|com"; nocase; ) # 16x3uhv1szykrl1nuib7j11aamay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16x3uhv1szykrl1nuib7j11aamay|03|com"; nocase; ) # o53ftn1bgm05brhl6ntr8zwwa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o53ftn1bgm05brhl6ntr8zwwa|03|net"; nocase; ) # 1ays06i1cnrrfdyknbd81qglxms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ays06i1cnrrfdyknbd81qglxms|03|org"; nocase; ) # d4ql7kaxavxf1qobidu6ckf7r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d4ql7kaxavxf1qobidu6ckf7r|03|org"; nocase; ) # vlx4pm1uidms36cfq1xqzf031.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vlx4pm1uidms36cfq1xqzf031|03|net"; nocase; ) # 1moi47l1qy58mu1yjytaqvvaf7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1moi47l1qy58mu1yjytaqvvaf7m|03|net"; nocase; ) # 1rx66ope6si5i1hl4c0ic6ffxa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rx66ope6si5i1hl4c0ic6ffxa|03|net"; nocase; ) # 11uk1y1yyy8x21fd5npujs6zje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11uk1y1yyy8x21fd5npujs6zje|03|org"; nocase; ) # 182af7q15ast6tnngcc9v4up2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|182af7q15ast6tnngcc9v4up2t|03|com"; nocase; ) # 18i93cydm3b3ruku92svtf6d9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18i93cydm3b3ruku92svtf6d9|03|com"; nocase; ) # 11bo66pfqthw19pt5d2c37y2j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bo66pfqthw19pt5d2c37y2j|03|biz"; nocase; ) # 16cj8p11i6uh9v128rny21f519ka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16cj8p11i6uh9v128rny21f519ka|03|org"; nocase; ) # 1qqea6kim09v12afgqzuipaph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qqea6kim09v12afgqzuipaph|03|net"; nocase; ) # imwmsejgz00es9ni0hvj5w9x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|imwmsejgz00es9ni0hvj5w9x|03|biz"; nocase; ) # 1dkdn5n1svl6qrq228l32ejozb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dkdn5n1svl6qrq228l32ejozb|03|net"; nocase; ) # 1pvavekc9oxb017kzkaq1ctrcir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pvavekc9oxb017kzkaq1ctrcir|03|org"; nocase; ) # 1o0j1fxnowjme1x45dwz1mvw2gp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o0j1fxnowjme1x45dwz1mvw2gp|03|org"; nocase; ) # 9i0hkisjynf04ktkg1wxccco.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9i0hkisjynf04ktkg1wxccco|03|biz"; nocase; ) # 17zps4a11vubd61bkst9uoebaka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17zps4a11vubd61bkst9uoebaka|03|org"; nocase; ) # 1pzxa9a1eq5t4817vqak313klf2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pzxa9a1eq5t4817vqak313klf2z|03|net"; nocase; ) # 1jk5k42tp6j3ebj6wzo1548bvk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jk5k42tp6j3ebj6wzo1548bvk|03|com"; nocase; ) # 1tua3zqymtthh1mvtxhrad9x11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tua3zqymtthh1mvtxhrad9x11|03|net"; nocase; ) # 1y1uiz3oznfug18hf3iw1jry4g9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y1uiz3oznfug18hf3iw1jry4g9|03|biz"; nocase; ) # 3s85v71l75hkk6wa3a2103x1qa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3s85v71l75hkk6wa3a2103x1qa|03|org"; nocase; ) # 1r0yyia8hvqmw13spl1o1n4jfie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r0yyia8hvqmw13spl1o1n4jfie|03|org"; nocase; ) # v17g4j14b4jua1p8k5811384wme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v17g4j14b4jua1p8k5811384wme|03|org"; nocase; ) # 1jdvpjbtja0401x68z71i98u68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jdvpjbtja0401x68z71i98u68|03|net"; nocase; ) # 2zrkm4182h9byy49nwulxvfgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2zrkm4182h9byy49nwulxvfgj|03|net"; nocase; ) # yy6f9w10robl21azej88n1y2u0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yy6f9w10robl21azej88n1y2u0|03|com"; nocase; ) # 3zg1kfgiainp1ev32n4q1y6jf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3zg1kfgiainp1ev32n4q1y6jf|03|biz"; nocase; ) # juhpmsx4xhl7vhbr7c1d0gbej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|juhpmsx4xhl7vhbr7c1d0gbej|03|org"; nocase; ) # 1poiy86o8dtnvvzk36un2a0wp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1poiy86o8dtnvvzk36un2a0wp|03|com"; nocase; ) # 1j1xf2o17wbcb043f9o61nf9xtm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j1xf2o17wbcb043f9o61nf9xtm|03|biz"; nocase; ) # 10tu5b21xao0xv1sm6dvigdycf3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10tu5b21xao0xv1sm6dvigdycf3|03|net"; nocase; ) # 1f3mtp61qxtgioukebfo6u09qt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3mtp61qxtgioukebfo6u09qt|03|net"; nocase; ) # h2a1lo192olcj163gbwv1q1xbdj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h2a1lo192olcj163gbwv1q1xbdj|03|org"; nocase; ) # 8ts8fs1fcnmmy1mzuv11fy88sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ts8fs1fcnmmy1mzuv11fy88sq|03|net"; nocase; ) # 1yjamqa160oisf14xpchc1c1cfvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yjamqa160oisf14xpchc1c1cfvh|03|org"; nocase; ) # 1v5a33u1a7z3ua1d7jn6af28d4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v5a33u1a7z3ua1d7jn6af28d4p|03|biz"; nocase; ) # 1ta2j49fyvr25cmxpnexpe0h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ta2j49fyvr25cmxpnexpe0h|03|com"; nocase; ) # n1xlmm1xdn5gy9e70ri14yh18w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1xlmm1xdn5gy9e70ri14yh18w|03|net"; nocase; ) # 9w67vz1tw425m1emsurw1vzhug7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9w67vz1tw425m1emsurw1vzhug7|03|org"; nocase; ) # 1i9hagy1cj71d7x3qgc9ij0rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i9hagy1cj71d7x3qgc9ij0rd|03|net"; nocase; ) # 1aog4fr1oq6vjh1si1ts218jzuh8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aog4fr1oq6vjh1si1ts218jzuh8|03|biz"; nocase; ) # k3a8na30mr71xd4bwgdkjckd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k3a8na30mr71xd4bwgdkjckd|03|org"; nocase; ) # 1u787jgays2qd10ht4hq1hyft68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u787jgays2qd10ht4hq1hyft68|03|net"; nocase; ) # e7mxjhf5120u4rwtni12cvnqm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e7mxjhf5120u4rwtni12cvnqm|03|com"; nocase; ) # 14evp7pl4b6ku15oz12b1kfcgcg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14evp7pl4b6ku15oz12b1kfcgcg|03|biz"; nocase; ) # 14j319s1ij407d1xrjw29tph8z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14j319s1ij407d1xrjw29tph8z7|03|net"; nocase; ) # 122tdf92mngf81t5fc2csbngy9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|122tdf92mngf81t5fc2csbngy9|03|biz"; nocase; ) # mi5rwh1f65cez10tdtuhs2slqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mi5rwh1f65cez10tdtuhs2slqw|03|com"; nocase; ) # 10xlt3hpdd6lc1nj0dyv1eouwha.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10xlt3hpdd6lc1nj0dyv1eouwha|03|org"; nocase; ) # 1e6igrycqnpul1syf07511dhu4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6igrycqnpul1syf07511dhu4k|03|com"; nocase; ) # 1ahea7bylqvlt72w0v57u14ce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ahea7bylqvlt72w0v57u14ce|03|net"; nocase; ) # tp2a9815uk9n61jcnqzaxg5dr3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tp2a9815uk9n61jcnqzaxg5dr3|03|com"; nocase; ) # m38lgp11bqck55slj2nz1qxxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m38lgp11bqck55slj2nz1qxxb|03|org"; nocase; ) # 16mjie14efito1tokrcv1jjpiih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mjie14efito1tokrcv1jjpiih|03|net"; nocase; ) # sc2s34wjc9q28wd5mx1xrwrw7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sc2s34wjc9q28wd5mx1xrwrw7|03|org"; nocase; ) # gx5l1khklgz813afuwx1ic5hov.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gx5l1khklgz813afuwx1ic5hov|03|net"; nocase; ) # 189ciaa1uiqjpr2ax23s1kn0ehk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|189ciaa1uiqjpr2ax23s1kn0ehk|03|org"; nocase; ) # c6owhs1ph2qss1vn1rcn12rjral.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c6owhs1ph2qss1vn1rcn12rjral|03|net"; nocase; ) # 1621s8rue6tso13mfc6c1ax7hv7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1621s8rue6tso13mfc6c1ax7hv7|03|biz"; nocase; ) # 19vywdh15yw3wdkyuk361f138j7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19vywdh15yw3wdkyuk361f138j7|03|net"; nocase; ) # 1flqzh5rzfnes14ouaypww049.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1flqzh5rzfnes14ouaypww049|03|net"; nocase; ) # jhyjrtx9fzvrwl1wdicfiv99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jhyjrtx9fzvrwl1wdicfiv99|03|org"; nocase; ) # 9mvmuii188ocytxywiwx7ec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9mvmuii188ocytxywiwx7ec|03|net"; nocase; ) # x5iwfp1xvb0jq1l0tjqq4x59fr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x5iwfp1xvb0jq1l0tjqq4x59fr|03|net"; nocase; ) # uvwu8frcwt671sdghnzl7lxvi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvwu8frcwt671sdghnzl7lxvi|03|net"; nocase; ) # jg2b6s1hy7rf91vo9gjr1xw5b5u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jg2b6s1hy7rf91vo9gjr1xw5b5u|03|com"; nocase; ) # 1k998jv1kdq7ns10paj5l3l56eq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k998jv1kdq7ns10paj5l3l56eq|03|org"; nocase; ) # 1sqc3bolzr6ka17201ped66f5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sqc3bolzr6ka17201ped66f5t|03|org"; nocase; ) # 1kdednp1xks3841rpqtp4z36pzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdednp1xks3841rpqtp4z36pzy|03|net"; nocase; ) # 1rcj60o1ft4gx1yr9x2s7qf85w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rcj60o1ft4gx1yr9x2s7qf85w|03|net"; nocase; ) # 13pcgri1fqcmpxvpbclq14u8v42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13pcgri1fqcmpxvpbclq14u8v42|03|org"; nocase; ) # 1q9wsbg14jo3tc14exjftiuipi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q9wsbg14jo3tc14exjftiuipi|03|biz"; nocase; ) # em4jw91646b0649y57g6wswsj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|em4jw91646b0649y57g6wswsj|03|com"; nocase; ) # lmpduk10tjuxiv8e9h91owm46p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmpduk10tjuxiv8e9h91owm46p|03|org"; nocase; ) # 1240ace15nap0wes130z1i1f6d6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1240ace15nap0wes130z1i1f6d6|03|biz"; nocase; ) # k47q2j1ds5yfz1p8h0t417apxzl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k47q2j1ds5yfz1p8h0t417apxzl|03|org"; nocase; ) # wk4mf4zlob7q14po0i6br9g21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wk4mf4zlob7q14po0i6br9g21|03|com"; nocase; ) # 1vmlu401w1p91r1ixk8ekvoopsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vmlu401w1p91r1ixk8ekvoopsc|03|net"; nocase; ) # y8ee4c3mhsd7l133i218gh61o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y8ee4c3mhsd7l133i218gh61o|03|com"; nocase; ) # 161ayuo1chvjxq1df7wlz2uhffj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161ayuo1chvjxq1df7wlz2uhffj|03|net"; nocase; ) # v0lpz1f5xidm1uvmgv7rseav2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0lpz1f5xidm1uvmgv7rseav2|03|net"; nocase; ) # grte1xfo3apm126birufbprbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|grte1xfo3apm126birufbprbd|03|org"; nocase; ) # g837ob1ee7zee1pb6u2yksghiw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g837ob1ee7zee1pb6u2yksghiw|03|biz"; nocase; ) # 1ojhlux6weeq71b05hhr1e33jy9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ojhlux6weeq71b05hhr1e33jy9|03|org"; nocase; ) # 1dl7nof1eohcbm1hee3gczzzl18.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dl7nof1eohcbm1hee3gczzzl18|03|net"; nocase; ) # 1t14umdgzttgi1mt6nznczwge0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t14umdgzttgi1mt6nznczwge0|03|net"; nocase; ) # 1jbc6jiscdlvinbq1rz1k79rbn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbc6jiscdlvinbq1rz1k79rbn|03|net"; nocase; ) # ehq64x1noxyxv1bkk8a5i84el9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehq64x1noxyxv1bkk8a5i84el9|03|com"; nocase; ) # 8g15qmghqg5qppdhmz1l3vhwu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8g15qmghqg5qppdhmz1l3vhwu|03|biz"; nocase; ) # 6rbuaqoe3wltofz0i2ftba04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6rbuaqoe3wltofz0i2ftba04|03|net"; nocase; ) # 19phlbklvga41sy8m151upbyz3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19phlbklvga41sy8m151upbyz3|03|net"; nocase; ) # 12puqqw1cko8oe1q88euo1hgfo5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12puqqw1cko8oe1q88euo1hgfo5n|03|biz"; nocase; ) # 1gbhpjh109e237fx9gi3erexz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gbhpjh109e237fx9gi3erexz|03|org"; nocase; ) # va769pshn0yqjon4b82zi1xs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|va769pshn0yqjon4b82zi1xs|03|org"; nocase; ) # gi89oq18rnohbz9g1y31wgouxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gi89oq18rnohbz9g1y31wgouxg|03|com"; nocase; ) # 1ryfi67krlrza4smi6r1jt2ehw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ryfi67krlrza4smi6r1jt2ehw|03|org"; nocase; ) # 16fowed10s4rvk1kqasgrf59ae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16fowed10s4rvk1kqasgrf59ae|03|net"; nocase; ) # ndnqir1rou0elmuz6x8mup31a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ndnqir1rou0elmuz6x8mup31a|03|net"; nocase; ) # ccnvg51minsw76mar7mxur3l7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccnvg51minsw76mar7mxur3l7|03|biz"; nocase; ) # 19ans3tqna1r61ycbv62zclvhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ans3tqna1r61ycbv62zclvhb|03|biz"; nocase; ) # zpwl9j13hm5io38f19a1uqp1n6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zpwl9j13hm5io38f19a1uqp1n6|03|net"; nocase; ) # y1zli41uqhfq5df9epx53p7xn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y1zli41uqhfq5df9epx53p7xn|03|com"; nocase; ) # stmqs41kwyvyivqatcr11lt3oa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|stmqs41kwyvyivqatcr11lt3oa|03|com"; nocase; ) # ead9md4rvv1t1xjtv1c1wj326b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ead9md4rvv1t1xjtv1c1wj326b|03|com"; nocase; ) # 1azqkqxzboal3gi6nk1im9saz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1azqkqxzboal3gi6nk1im9saz|03|net"; nocase; ) # zxwhd0jlukiz1qdmo6t1slk7ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zxwhd0jlukiz1qdmo6t1slk7ob|03|net"; nocase; ) # o59ynrsqd36z1fjp7ha1kirpht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o59ynrsqd36z1fjp7ha1kirpht|03|org"; nocase; ) # 9ki8gr16cfpzrr57dfq1f9h50v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ki8gr16cfpzrr57dfq1f9h50v|03|net"; nocase; ) # qk44zk1qvejayybpvll1dro8ew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qk44zk1qvejayybpvll1dro8ew|03|com"; nocase; ) # ktrsvq5pgbha1vl1tfo1ujre4a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktrsvq5pgbha1vl1tfo1ujre4a|03|biz"; nocase; ) # 1l1x49d12h65nw2ow69brm5l6t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l1x49d12h65nw2ow69brm5l6t|03|org"; nocase; ) # fe2vxf1v06lxo1qbnh419pm94a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fe2vxf1v06lxo1qbnh419pm94a|03|net"; nocase; ) # 1xs85um26j5wp141hpho16hbkce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xs85um26j5wp141hpho16hbkce|03|org"; nocase; ) # 1psses6i59mza1yy0zxe1msd0fe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1psses6i59mza1yy0zxe1msd0fe|03|biz"; nocase; ) # 1tsy3vch37imippaikz1kj33oc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tsy3vch37imippaikz1kj33oc|03|net"; nocase; ) # 18wrbi81lvq0g71hqf49zxbcrv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18wrbi81lvq0g71hqf49zxbcrv2|03|net"; nocase; ) # 1jqteyf1554rvu1kd5qen2kcwsv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jqteyf1554rvu1kd5qen2kcwsv|03|biz"; nocase; ) # 1jf9ozz1linjk41ccyemw1lbdcvq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jf9ozz1linjk41ccyemw1lbdcvq|03|com"; nocase; ) # 1aa13hc34trkceze2ta1qg5kd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aa13hc34trkceze2ta1qg5kd1|03|net"; nocase; ) # 17gef6c1vlw775xbul641nczrxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17gef6c1vlw775xbul641nczrxx|03|com"; nocase; ) # 4vjkjdwgv7q51x63fsdi9td1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vjkjdwgv7q51x63fsdi9td1d|03|org"; nocase; ) # 1ctdyrxa9j8ww1oqlyu4hmxp9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ctdyrxa9j8ww1oqlyu4hmxp9k|03|net"; nocase; ) # 34qswz1vun2rowsp1cvms9lw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|34qswz1vun2rowsp1cvms9lw2|03|net"; nocase; ) # 18k302t1iech5x4d04t31fw97ti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k302t1iech5x4d04t31fw97ti|03|org"; nocase; ) # 1b08gyhcv0m1r1h6npey1el8d5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b08gyhcv0m1r1h6npey1el8d5r|03|net"; nocase; ) # 698i3h1a523ci1a064sq1hsbb57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|698i3h1a523ci1a064sq1hsbb57|03|org"; nocase; ) # 1d0rdorgu2gpy15p1a6jvfyuqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0rdorgu2gpy15p1a6jvfyuqg|03|biz"; nocase; ) # untj221czytrr1ip5xxl1pkpk0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|untj221czytrr1ip5xxl1pkpk0v|03|net"; nocase; ) # 1jodaqd1bwc1n2jrjkth1qbe7d8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jodaqd1bwc1n2jrjkth1qbe7d8|03|net"; nocase; ) # 1t4bzxgr08w2c1t38w7d11lvn4z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4bzxgr08w2c1t38w7d11lvn4z|03|biz"; nocase; ) # 1hc1q638pkb271rkocb61236jri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hc1q638pkb271rkocb61236jri|03|org"; nocase; ) # 172w05tmlwo041txie9lti5t04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|172w05tmlwo041txie9lti5t04|03|com"; nocase; ) # 15z6onf1j05sirb0id2qlse6re.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15z6onf1j05sirb0id2qlse6re|03|com"; nocase; ) # cp5t81cn1qtfoy1ox5bp7tjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cp5t81cn1qtfoy1ox5bp7tjk|03|net"; nocase; ) # 1hjhs611hssqu41kahyel1bfgi1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hjhs611hssqu41kahyel1bfgi1a|03|com"; nocase; ) # b1x5oa7ifa19exdam6awir6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|b1x5oa7ifa19exdam6awir6|03|org"; nocase; ) # 2yol3co6bizw1byrx7n1em5riv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2yol3co6bizw1byrx7n1em5riv|03|net"; nocase; ) # ryx26iwdew8f1x5c4yio0d3ke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ryx26iwdew8f1x5c4yio0d3ke|03|com"; nocase; ) # ry6hs23sskjm1svep84sxj033.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ry6hs23sskjm1svep84sxj033|03|net"; nocase; ) # 90qkmqbvm35j1gm864a1sa5gn8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|90qkmqbvm35j1gm864a1sa5gn8|03|biz"; nocase; ) # 1vgp38l8fr94umw6s7n57q3z8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgp38l8fr94umw6s7n57q3z8|03|com"; nocase; ) # pad9uc1ab0cg116kaf9t1uipmg3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pad9uc1ab0cg116kaf9t1uipmg3|03|net"; nocase; ) # 1l4jzps8xr6ltmbyrl21hui68c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l4jzps8xr6ltmbyrl21hui68c|03|org"; nocase; ) # 1s0y69n1hc9nng1xkwmq1e7uyle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s0y69n1hc9nng1xkwmq1e7uyle|03|com"; nocase; ) # 1aikvgp1hsdri4dsq0vb16zqzwy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aikvgp1hsdri4dsq0vb16zqzwy|03|com"; nocase; ) # 83a399pvbfhj1wibnc6olieuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|83a399pvbfhj1wibnc6olieuk|03|net"; nocase; ) # d05uft1kalborvxh8us33kevi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d05uft1kalborvxh8us33kevi|03|biz"; nocase; ) # 1l6dpmw1s1hecorknsx81v0n92q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l6dpmw1s1hecorknsx81v0n92q|03|net"; nocase; ) # 10blrkbfl1hr18uc3yt17ln420.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10blrkbfl1hr18uc3yt17ln420|03|com"; nocase; ) # 1cdfsp2a8ulhm1g4fb98e02k1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cdfsp2a8ulhm1g4fb98e02k1t|03|net"; nocase; ) # xx749zxkc11umnrvat1ueojqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xx749zxkc11umnrvat1ueojqt|03|org"; nocase; ) # cd9l2i133csug1n94dnw1gljmxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cd9l2i133csug1n94dnw1gljmxs|03|biz"; nocase; ) # xcev4amvxvs0ja6keq1x3vunj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xcev4amvxvs0ja6keq1x3vunj|03|net"; nocase; ) # 9f2mlk1qxaurgi8r1p3tewx0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f2mlk1qxaurgi8r1p3tewx0w|03|net"; nocase; ) # 1auyj68n7q5te7mrqr81s7thn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1auyj68n7q5te7mrqr81s7thn8|03|com"; nocase; ) # btwzf21md4hrd1ssekb1178qzft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|btwzf21md4hrd1ssekb1178qzft|03|net"; nocase; ) # 17lzmle1xfsau3y8i41919y2ue3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17lzmle1xfsau3y8i41919y2ue3|03|org"; nocase; ) # 1o3tv7u9bpwp310sz4z91v9gqk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3tv7u9bpwp310sz4z91v9gqk7|03|net"; nocase; ) # 1g1gh9e8xa63ju1tt94y58k2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g1gh9e8xa63ju1tt94y58k2f|03|com"; nocase; ) # 1kj5kltd0u13111qzq801j7ay8t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kj5kltd0u13111qzq801j7ay8t|03|org"; nocase; ) # 94tioqpjxlh822t6tklb97f8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|94tioqpjxlh822t6tklb97f8|03|net"; nocase; ) # 1mvj2lyu7odpm8wuycg119l33y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvj2lyu7odpm8wuycg119l33y|03|com"; nocase; ) # clml12gtq491bkxer41q5t9gi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|clml12gtq491bkxer41q5t9gi|03|org"; nocase; ) # 1d0gulnp93c4w1ibtjpd1m4rmm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d0gulnp93c4w1ibtjpd1m4rmm8|03|net"; nocase; ) # tts66peviaca1b4ox2ompyam2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tts66peviaca1b4ox2ompyam2|03|org"; nocase; ) # rt5l9u10kj0fc75f9clnt42v2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rt5l9u10kj0fc75f9clnt42v2|03|net"; nocase; ) # 3yyio95ty5phsn28ne7wlc2b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3yyio95ty5phsn28ne7wlc2b|03|biz"; nocase; ) # 10jpv8b1kprv0d150z2kr12r4d6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10jpv8b1kprv0d150z2kr12r4d6j|03|com"; nocase; ) # y2aubd1qnng0qj8zsaswueh8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2aubd1qnng0qj8zsaswueh8q|03|com"; nocase; ) # 1hayf8m170dv7s79yhsx1f1bnpn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hayf8m170dv7s79yhsx1f1bnpn|03|org"; nocase; ) # lov6hn1izlxrva38oks12mx7zw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lov6hn1izlxrva38oks12mx7zw|03|net"; nocase; ) # 1tc3zlc8qf2qj31gv90h9vtw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tc3zlc8qf2qj31gv90h9vtw6|03|net"; nocase; ) # g48a4bapxy9nr4xh7v8c72a9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g48a4bapxy9nr4xh7v8c72a9|03|com"; nocase; ) # jsopmd1kxc8e3c0ky5jbu11sj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jsopmd1kxc8e3c0ky5jbu11sj|03|net"; nocase; ) # 163r36h9res8i1bbs0x7336lcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|163r36h9res8i1bbs0x7336lcp|03|com"; nocase; ) # jxtf2wpghcfz65lsid1hhmual.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxtf2wpghcfz65lsid1hhmual|03|org"; nocase; ) # 18ruuwy93mjr15miuhmthhwgg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18ruuwy93mjr15miuhmthhwgg|03|org"; nocase; ) # 1q2bzmz8sfu80wqdd5jerxp8o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q2bzmz8sfu80wqdd5jerxp8o|03|net"; nocase; ) # s8ajlfq5tssu623j1l1pq7o0z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s8ajlfq5tssu623j1l1pq7o0z|03|net"; nocase; ) # z75sdg1tcanx01c1tcem10cn910.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z75sdg1tcanx01c1tcem10cn910|03|com"; nocase; ) # q8fujf1lg30trj7v8eg118l0iy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8fujf1lg30trj7v8eg118l0iy|03|biz"; nocase; ) # 1wprm6wfrt66pbwrz9v17g9otn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wprm6wfrt66pbwrz9v17g9otn|03|net"; nocase; ) # 14r5y2f1bcznwac34epmtw652b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14r5y2f1bcznwac34epmtw652b|03|org"; nocase; ) # jyud064aq8ed1kn39d1ptgdo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jyud064aq8ed1kn39d1ptgdo0|03|net"; nocase; ) # fctzzikjlbm61pkvleo4ygjjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fctzzikjlbm61pkvleo4ygjjd|03|org"; nocase; ) # 15s8o0dk6j4h1gisq4r8e6ar.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15s8o0dk6j4h1gisq4r8e6ar|03|biz"; nocase; ) # 1b22vpu1iy8klb1jbnz2u1hom1xs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b22vpu1iy8klb1jbnz2u1hom1xs|03|net"; nocase; ) # 1gemue87zyb3g116x7jq1kyueni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gemue87zyb3g116x7jq1kyueni|03|net"; nocase; ) # jen9ot25q464hvcxov13ou3v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jen9ot25q464hvcxov13ou3v0|03|net"; nocase; ) # 1b3lnwohvr09l1y4yszg1gqcrpz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3lnwohvr09l1y4yszg1gqcrpz|03|com"; nocase; ) # 1nb8bhm19sogvm1g3smt1zdka24.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nb8bhm19sogvm1g3smt1zdka24|03|biz"; nocase; ) # 10xd78mzrlw851w6rh8g6nqiqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xd78mzrlw851w6rh8g6nqiqi|03|net"; nocase; ) # 10fjusudrd9gmb1k6qr1a6gzqe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10fjusudrd9gmb1k6qr1a6gzqe|03|org"; nocase; ) # 9dsrbmduuqe31e53u86oto2nw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9dsrbmduuqe31e53u86oto2nw|03|com"; nocase; ) # daqosq1f4c4x3nn8wev1vsavkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|daqosq1f4c4x3nn8wev1vsavkk|03|net"; nocase; ) # 10zko4o5ate5m1eno6d01cg022c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zko4o5ate5m1eno6d01cg022c|03|com"; nocase; ) # npryfm1rs1a7yfehzmod76yid.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|npryfm1rs1a7yfehzmod76yid|03|org"; nocase; ) # d9qac1t1gjd41l7ek5p6ufzhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d9qac1t1gjd41l7ek5p6ufzhi|03|com"; nocase; ) # 1h68j9911ogynq3u21re143e36u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h68j9911ogynq3u21re143e36u|03|net"; nocase; ) # 6m3as8zvnj9q1ysr65zf17igl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6m3as8zvnj9q1ysr65zf17igl|03|org"; nocase; ) # 163luwysz9ms21knqn6nnwv1c8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|163luwysz9ms21knqn6nnwv1c8|03|com"; nocase; ) # 156atm8v2kaxwpmo8xazj6k3p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|156atm8v2kaxwpmo8xazj6k3p|03|org"; nocase; ) # 14v963yrphzhiv4tnif1lbp0cc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14v963yrphzhiv4tnif1lbp0cc|03|com"; nocase; ) # 8vqgzgywlekoi032o9zk8gpa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8vqgzgywlekoi032o9zk8gpa|03|com"; nocase; ) # 14n0f6lgf35ca13u1kig1bglnrc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14n0f6lgf35ca13u1kig1bglnrc|03|com"; nocase; ) # 19z77oqraua7r1xlwkgr1i9wlvg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19z77oqraua7r1xlwkgr1i9wlvg|03|biz"; nocase; ) # 13ravx1ri9a2plr6bna5q2slf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ravx1ri9a2plr6bna5q2slf|03|org"; nocase; ) # 1351rfm1bk3vvd2r9i7w113w7ca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1351rfm1bk3vvd2r9i7w113w7ca|03|net"; nocase; ) # 1224lu919acvik15o2mx5lfexgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1224lu919acvik15o2mx5lfexgc|03|com"; nocase; ) # 1ukriq6z5id821d1stnc1draax9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ukriq6z5id821d1stnc1draax9|03|com"; nocase; ) # xvhil2etwi061ii832u1374gaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xvhil2etwi061ii832u1374gaq|03|net"; nocase; ) # 136csad41adrc16b4zfb1g4fy2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|136csad41adrc16b4zfb1g4fy2a|03|com"; nocase; ) # 1mgrjs5gul0p41y66sxb1lqftus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mgrjs5gul0p41y66sxb1lqftus|03|com"; nocase; ) # r9kue21j23pui1e3iuy1nen51r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r9kue21j23pui1e3iuy1nen51r|03|org"; nocase; ) # 1y20mvb1btpdgsggcpiv24sagz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y20mvb1btpdgsggcpiv24sagz|03|com"; nocase; ) # rqrntyvvfzstdz5ecv1ysbo4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rqrntyvvfzstdz5ecv1ysbo4p|03|biz"; nocase; ) # 1bg1rkblah6j81ltlmuuwmmvdd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bg1rkblah6j81ltlmuuwmmvdd|03|net"; nocase; ) # 1f5qkuupa4mrpn4qmhmoy8ppe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f5qkuupa4mrpn4qmhmoy8ppe|03|net"; nocase; ) # ekl0jjx4q3zzon80kuki7b0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ekl0jjx4q3zzon80kuki7b0a|03|org"; nocase; ) # 17239ot12p050w1sd9ssaqo8w0h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17239ot12p050w1sd9ssaqo8w0h|03|com"; nocase; ) # vrgqu81val9qiupatja16w7xfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vrgqu81val9qiupatja16w7xfc|03|com"; nocase; ) # 45ozzb1ribpze1rjtwew1ubf160.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|45ozzb1ribpze1rjtwew1ubf160|03|com"; nocase; ) # 1v38wx219rtduu103x049rn5muv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v38wx219rtduu103x049rn5muv|03|net"; nocase; ) # 1sgomr0u41twhxvo2zd1cjm4fj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sgomr0u41twhxvo2zd1cjm4fj|03|com"; nocase; ) # r00m7ta1bt2b7k8f3tw2l2g1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r00m7ta1bt2b7k8f3tw2l2g1|03|org"; nocase; ) # brppmw1vltrxr61gbsg7zjoaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|brppmw1vltrxr61gbsg7zjoaj|03|com"; nocase; ) # ci54yc1aoje0gnwri1c13d0y5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ci54yc1aoje0gnwri1c13d0y5c|03|org"; nocase; ) # 17zna5i1sh3eizfuud0a1lv3oey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17zna5i1sh3eizfuud0a1lv3oey|03|biz"; nocase; ) # ojjuqjxf37jq1hzqqpbsyaiz2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ojjuqjxf37jq1hzqqpbsyaiz2|03|net"; nocase; ) # v5txtbzv1jq713kfyze10soll9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5txtbzv1jq713kfyze10soll9|03|net"; nocase; ) # y9g0kv1yozdy71y5g22rgyvh12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y9g0kv1yozdy71y5g22rgyvh12|03|com"; nocase; ) # g6orrtwtz61s14gxeby7w0x1k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6orrtwtz61s14gxeby7w0x1k|03|org"; nocase; ) # 2pi6md1tknb3qlqsj0tbn9tjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2pi6md1tknb3qlqsj0tbn9tjy|03|com"; nocase; ) # 15yjf2d14y39w3y64jdw118oyny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15yjf2d14y39w3y64jdw118oyny|03|net"; nocase; ) # h0tzkmtjh8rc1if8psa60zb5l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0tzkmtjh8rc1if8psa60zb5l|03|com"; nocase; ) # 1y9begg3ad9511pagsog1b5p3su.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y9begg3ad9511pagsog1b5p3su|03|com"; nocase; ) # od4qp51jgtaln2l1ci1uc6xij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|od4qp51jgtaln2l1ci1uc6xij|03|net"; nocase; ) # gcxvk6xku8b71mphjckzkkll8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gcxvk6xku8b71mphjckzkkll8|03|com"; nocase; ) # mj2tvz1bfk5cr163h43e1jaqxvq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mj2tvz1bfk5cr163h43e1jaqxvq|03|biz"; nocase; ) # hec2fd1g2d6fhpjwkbg525hy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hec2fd1g2d6fhpjwkbg525hy|03|net"; nocase; ) # dsbeqc9jyud76umdct1nss0xr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dsbeqc9jyud76umdct1nss0xr|03|biz"; nocase; ) # ktpabmzhtinwckcgrk1c6q02y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ktpabmzhtinwckcgrk1c6q02y|03|net"; nocase; ) # 1s3tt1sevnc1i1aqjwh2tpi9su.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s3tt1sevnc1i1aqjwh2tpi9su|03|net"; nocase; ) # 8kprfu7tdows1952uvvawvxeg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8kprfu7tdows1952uvvawvxeg|03|net"; nocase; ) # 19p7qq61swzg9v1nj75251n7xmdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19p7qq61swzg9v1nj75251n7xmdb|03|net"; nocase; ) # 1alsmel1qjuo4b1wo66crcuelqu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1alsmel1qjuo4b1wo66crcuelqu|03|org"; nocase; ) # 1kgak4w1p4jjfd1o68w1x10xkszt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kgak4w1p4jjfd1o68w1x10xkszt|03|net"; nocase; ) # jh4xi111jc0wo10twla1wrfm9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jh4xi111jc0wo10twla1wrfm9x|03|net"; nocase; ) # 1hpplec1x6fuh41dh3ehr1zsqyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpplec1x6fuh41dh3ehr1zsqyh|03|com"; nocase; ) # cu49a51d3lrl9dungv58e78cd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cu49a51d3lrl9dungv58e78cd|03|net"; nocase; ) # 137dcmn15gpj2vgvxch3kq1540.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|137dcmn15gpj2vgvxch3kq1540|03|net"; nocase; ) # 1wgbne6154986blbki4w1mkwhjk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wgbne6154986blbki4w1mkwhjk|03|com"; nocase; ) # ogtybg1gqwosd1pn24ye1k6m7jp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ogtybg1gqwosd1pn24ye1k6m7jp|03|net"; nocase; ) # 1a8eahcmerqpvqk82lw0hfto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1a8eahcmerqpvqk82lw0hfto|03|org"; nocase; ) # 2dngad1u5ea1b3b9whi1s5d4gq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2dngad1u5ea1b3b9whi1s5d4gq|03|biz"; nocase; ) # 1kydqcm18gjv3g91tcwviuk8ew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kydqcm18gjv3g91tcwviuk8ew|03|org"; nocase; ) # 1ygwuud1bo1x85me231dc512q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ygwuud1bo1x85me231dc512q|03|org"; nocase; ) # m2y1j4yl710i11ao3g913mni1g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m2y1j4yl710i11ao3g913mni1g|03|org"; nocase; ) # 15m9ama95myls1nfp6u614e72pl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15m9ama95myls1nfp6u614e72pl|03|net"; nocase; ) # 1q9viqo1856kgl1f6g0uabd3cbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q9viqo1856kgl1f6g0uabd3cbn|03|com"; nocase; ) # gb54grpizy9c299m51rbaqv9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gb54grpizy9c299m51rbaqv9|03|org"; nocase; ) # 1bmeztkn6nyn81m2ntts10lbwze.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bmeztkn6nyn81m2ntts10lbwze|03|com"; nocase; ) # eoiw925viqcw1hauaaqp6fn6x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eoiw925viqcw1hauaaqp6fn6x|03|biz"; nocase; ) # 2cx5iio0u90814qv359d6hfdv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2cx5iio0u90814qv359d6hfdv|03|net"; nocase; ) # 12t437611cb2afjh92gr13un5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12t437611cb2afjh92gr13un5p|03|org"; nocase; ) # 663vhb7imn2bkl6tzi1c6bjrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|663vhb7imn2bkl6tzi1c6bjrl|03|net"; nocase; ) # 2szx5a1wyo4v01qt8nah12363sc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2szx5a1wyo4v01qt8nah12363sc|03|org"; nocase; ) # n5ytn1c7cpy3153a6wb1wqt1rw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n5ytn1c7cpy3153a6wb1wqt1rw|03|biz"; nocase; ) # 1s2xpjlysev8nr4s2v2clh33d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s2xpjlysev8nr4s2v2clh33d|03|net"; nocase; ) # 1trtpa612eltho1ujbof91ig6s59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1trtpa612eltho1ujbof91ig6s59|03|com"; nocase; ) # 1losl0y1wkaboy17o2w2b4ctybv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1losl0y1wkaboy17o2w2b4ctybv|03|net"; nocase; ) # 12vc194fl97p2af2a2p1xo5zpb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vc194fl97p2af2a2p1xo5zpb|03|com"; nocase; ) # 2iipa41fch9ottkdcg21h8dva9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2iipa41fch9ottkdcg21h8dva9|03|net"; nocase; ) # 1p6nltn1h8k8vz1f8nas6fmenbu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p6nltn1h8k8vz1f8nas6fmenbu|03|org"; nocase; ) # 18kynsbec2ap3uhs50zboxzp8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18kynsbec2ap3uhs50zboxzp8|03|com"; nocase; ) # 1juq0zs1huixqm1228cyb1js0tg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1juq0zs1huixqm1228cyb1js0tg|03|biz"; nocase; ) # l3ne3uah837r1gcrxoq19x0w60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l3ne3uah837r1gcrxoq19x0w60|03|net"; nocase; ) # ft9s7913axd0x1bughfpw2za3u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ft9s7913axd0x1bughfpw2za3u|03|biz"; nocase; ) # 1uq0wcvhrsvgw1dmze6w1ujoagx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uq0wcvhrsvgw1dmze6w1ujoagx|03|org"; nocase; ) # gy6ccp1k16vrj1kolgcv1r682zr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gy6ccp1k16vrj1kolgcv1r682zr|03|org"; nocase; ) # 8ydg4g1wxudok65xavt16p7x99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ydg4g1wxudok65xavt16p7x99|03|org"; nocase; ) # 5thukezwyl6lhh2dxspddefs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5thukezwyl6lhh2dxspddefs|03|net"; nocase; ) # t20aa41s5bvlk1yn0xikiiaer3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t20aa41s5bvlk1yn0xikiiaer3|03|com"; nocase; ) # 1lf3awt1quimpppj771w1hmfa1r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lf3awt1quimpppj771w1hmfa1r|03|org"; nocase; ) # shvl1bmp0avo1e20mtp5nwv7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|shvl1bmp0avo1e20mtp5nwv7z|03|net"; nocase; ) # gu0bze18xw6qbpomxvn14jju7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gu0bze18xw6qbpomxvn14jju7q|03|net"; nocase; ) # 1sepsqm1v7sp31atyhck1mtgiep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sepsqm1v7sp31atyhck1mtgiep|03|biz"; nocase; ) # ni3bsh123nzd5ykohrpikewed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ni3bsh123nzd5ykohrpikewed|03|net"; nocase; ) # xwan09yu0ftz1hh5gi8k5ie42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xwan09yu0ftz1hh5gi8k5ie42|03|com"; nocase; ) # 8dc6aurv610ce2ov0e1ef6v09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8dc6aurv610ce2ov0e1ef6v09|03|org"; nocase; ) # r09yxd1kxt2c21lx2ml3jdtqch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r09yxd1kxt2c21lx2ml3jdtqch|03|org"; nocase; ) # 1bztf001uwa5l11fgdk1a1o7mxfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bztf001uwa5l11fgdk1a1o7mxfl|03|net"; nocase; ) # 8ez8l5q0lqkxb357i11xcm6ot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ez8l5q0lqkxb357i11xcm6ot|03|com"; nocase; ) # 8edtu91mm5mp8icda721l8nkcz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8edtu91mm5mp8icda721l8nkcz|03|org"; nocase; ) # j625do1s5a24e1v1pv4a1h6s2es.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j625do1s5a24e1v1pv4a1h6s2es|03|net"; nocase; ) # b6vjjc1lup52c1cbja3alwvv6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b6vjjc1lup52c1cbja3alwvv6i|03|com"; nocase; ) # 12nqtxm1d2xl0x1ct7nrnly1mur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12nqtxm1d2xl0x1ct7nrnly1mur|03|net"; nocase; ) # o13khn1j0s3rb1vmlf4c90zs0h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o13khn1j0s3rb1vmlf4c90zs0h|03|com"; nocase; ) # q6srfv1nuups8xi8fvr1p1szrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q6srfv1nuups8xi8fvr1p1szrc|03|net"; nocase; ) # 1l6i2fi1hamlmj5q9tj6jvo4z0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l6i2fi1hamlmj5q9tj6jvo4z0|03|com"; nocase; ) # krgg56zsa781itk2qq1psmm5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|krgg56zsa781itk2qq1psmm5c|03|org"; nocase; ) # l7mic4xzv9bdaehblfifvze0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l7mic4xzv9bdaehblfifvze0|03|net"; nocase; ) # ms4s5i108l2t4oq02ice1l1kf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ms4s5i108l2t4oq02ice1l1kf|03|net"; nocase; ) # j14tngxmqaag1j4iima1tvcmq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j14tngxmqaag1j4iima1tvcmq|03|net"; nocase; ) # 17zoygs1tmr0qrrvywfmp0th9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zoygs1tmr0qrrvywfmp0th9c|03|net"; nocase; ) # 1etpzvjoc10bxy1f72us2qs9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1etpzvjoc10bxy1f72us2qs9f|03|com"; nocase; ) # 1dyxg9c1bdkzrq1072f5918lgphs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dyxg9c1bdkzrq1072f5918lgphs|03|net"; nocase; ) # 16t90bg5nlae31kr3tebwf248v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16t90bg5nlae31kr3tebwf248v|03|com"; nocase; ) # ku3fa8o8dfpz15cjn041nov9py.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ku3fa8o8dfpz15cjn041nov9py|03|biz"; nocase; ) # 13sytog85ss6z13j1plw1827kb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13sytog85ss6z13j1plw1827kb0|03|com"; nocase; ) # 49e7l4ycyujf1e4rdilpz80oe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|49e7l4ycyujf1e4rdilpz80oe|03|net"; nocase; ) # dlg6fln9faf21el19s89xq31w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dlg6fln9faf21el19s89xq31w|03|net"; nocase; ) # 1wu8e2n1iwyvk9o8i00i92nse5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wu8e2n1iwyvk9o8i00i92nse5|03|org"; nocase; ) # 15g8yfw14lzecog5u3c11910xo9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15g8yfw14lzecog5u3c11910xo9|03|com"; nocase; ) # x6ffde1mbqz9ron8e3gbovcz3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x6ffde1mbqz9ron8e3gbovcz3|03|net"; nocase; ) # 17thdso1vdo10lwgjjrt1vvywdh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17thdso1vdo10lwgjjrt1vvywdh|03|com"; nocase; ) # 18ox90km80du9110ykf4jb7v9x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ox90km80du9110ykf4jb7v9x|03|com"; nocase; ) # j3fkof1h5b00q1nwfg0t1cpe7ta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j3fkof1h5b00q1nwfg0t1cpe7ta|03|net"; nocase; ) # iulr8anvgdik1sp5d8sdxkzsl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iulr8anvgdik1sp5d8sdxkzsl|03|com"; nocase; ) # 8mhkxt1vrjczl3fkyu71nwi0wt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8mhkxt1vrjczl3fkyu71nwi0wt|03|com"; nocase; ) # 159k95u1hask2x1qbi5l115fdt61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|159k95u1hask2x1qbi5l115fdt61|03|net"; nocase; ) # 1e0nfqwkn8dsq1peav5vk6vycf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e0nfqwkn8dsq1peav5vk6vycf|03|com"; nocase; ) # 10n13hohhu0xa1u3p5f3tig322.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10n13hohhu0xa1u3p5f3tig322|03|com"; nocase; ) # 1kdc7of1q6tnh930rb8f9y0pim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kdc7of1q6tnh930rb8f9y0pim|03|com"; nocase; ) # 1bxnonrte985tx011g3hf5aws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bxnonrte985tx011g3hf5aws|03|net"; nocase; ) # 1y9szjojtrxg81nn9jdr1g42691.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y9szjojtrxg81nn9jdr1g42691|03|com"; nocase; ) # 1tpq6o7oe97211qj82tarruy9l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tpq6o7oe97211qj82tarruy9l|03|com"; nocase; ) # 183rzthbvsocx13mt2dzs7sb5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|183rzthbvsocx13mt2dzs7sb5c|03|net"; nocase; ) # gi7iqe1h78cdmctxw2zly0whf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gi7iqe1h78cdmctxw2zly0whf|03|com"; nocase; ) # ecxa9h12jvduj1tt0abk12khc0s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ecxa9h12jvduj1tt0abk12khc0s|03|biz"; nocase; ) # sd0m161nb68qz1frvlmsiwfno4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sd0m161nb68qz1frvlmsiwfno4|03|biz"; nocase; ) # 1t3v0xk1lcxdxt1qzhi8hga2lrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t3v0xk1lcxdxt1qzhi8hga2lrn|03|net"; nocase; ) # srhv9k1o6ov13wgabbycf2ud5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|srhv9k1o6ov13wgabbycf2ud5|03|biz"; nocase; ) # pho7g21r0yw9elvxfu51dkuf1v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pho7g21r0yw9elvxfu51dkuf1v|03|org"; nocase; ) # r5m8d0120yszwvfu4vk1a8eamh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r5m8d0120yszwvfu4vk1a8eamh|03|org"; nocase; ) # 157c9gr1r5dyoyps8j41iz0alo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157c9gr1r5dyoyps8j41iz0alo|03|biz"; nocase; ) # 11ahtyemfbn2k1o8ad0n1t84sfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ahtyemfbn2k1o8ad0n1t84sfj|03|com"; nocase; ) # 9vzdtt1thyaewfht8wx1h2cwgc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9vzdtt1thyaewfht8wx1h2cwgc|03|net"; nocase; ) # 16t4qpe1pxknxz1wpoaoh4mjb29.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16t4qpe1pxknxz1wpoaoh4mjb29|03|net"; nocase; ) # m6q6p01r4cg307zge2r4clakk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6q6p01r4cg307zge2r4clakk|03|net"; nocase; ) # qmfor82ferf5yolh6f7w22u4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qmfor82ferf5yolh6f7w22u4|03|net"; nocase; ) # dlo3f71ptteh0xq3xkmi1iasp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dlo3f71ptteh0xq3xkmi1iasp|03|net"; nocase; ) # 92z5wpgi2ru18n26yq1iclyum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92z5wpgi2ru18n26yq1iclyum|03|org"; nocase; ) # 1wxbi0xaq8nqi1yak07j16snmh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wxbi0xaq8nqi1yak07j16snmh5|03|com"; nocase; ) # 1tzwsv9uxtak911zltf377du12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzwsv9uxtak911zltf377du12|03|net"; nocase; ) # y82lz8t3imsr45i3cjmw2b1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y82lz8t3imsr45i3cjmw2b1|03|net"; nocase; ) # mytxca15oko2918ypyj81f1lxpr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mytxca15oko2918ypyj81f1lxpr|03|org"; nocase; ) # l0w9cg1py7d4r19dfj5116e5pam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l0w9cg1py7d4r19dfj5116e5pam|03|com"; nocase; ) # efgz2tcgzhtl2k2w05fr8x6v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|efgz2tcgzhtl2k2w05fr8x6v|03|net"; nocase; ) # usbgod75kdzopglsws129jn76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|usbgod75kdzopglsws129jn76|03|org"; nocase; ) # 19hfe1w1fcbspaplu8ycoixdp4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19hfe1w1fcbspaplu8ycoixdp4|03|com"; nocase; ) # 1eoyhbb1a685d516snkaozdluol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eoyhbb1a685d516snkaozdluol|03|com"; nocase; ) # 8uq6abdhwwchsv2mw9x2xki3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8uq6abdhwwchsv2mw9x2xki3|03|org"; nocase; ) # o242bb1mea74t11ajoqj4i8i8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o242bb1mea74t11ajoqj4i8i8n|03|biz"; nocase; ) # cwc2u01rny4s834jyg81hnym4s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cwc2u01rny4s834jyg81hnym4s|03|com"; nocase; ) # ekzvlusdauj4mg9s0q1v2xgpj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ekzvlusdauj4mg9s0q1v2xgpj|03|net"; nocase; ) # ymxnlsuh0wrq6lf1ghv7d1di.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ymxnlsuh0wrq6lf1ghv7d1di|03|net"; nocase; ) # fc17n1lo2kr4t8s4k26xf9ml.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fc17n1lo2kr4t8s4k26xf9ml|03|biz"; nocase; ) # gc3amb9lkt401eqx9d61kx6ge6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gc3amb9lkt401eqx9d61kx6ge6|03|org"; nocase; ) # rl1m32b6z0tu1pftru9il9m37.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rl1m32b6z0tu1pftru9il9m37|03|biz"; nocase; ) # 1j1izb5jd6p5q18dxob81vn64y7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j1izb5jd6p5q18dxob81vn64y7|03|net"; nocase; ) # titoox1yn2k11ibvqy91hu7pli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|titoox1yn2k11ibvqy91hu7pli|03|net"; nocase; ) # e7d8g9198fx0vd35t681va59tr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7d8g9198fx0vd35t681va59tr|03|com"; nocase; ) # zc0ovzuhq4um1133h048bnw24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zc0ovzuhq4um1133h048bnw24|03|net"; nocase; ) # m9laklww6mdwtb5suu2ecvf8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m9laklww6mdwtb5suu2ecvf8|03|org"; nocase; ) # 1s2jwps1q60w8if0jh5ecn5f42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s2jwps1q60w8if0jh5ecn5f42|03|net"; nocase; ) # jz5x2b1cmktd81twozfh1n44ogs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jz5x2b1cmktd81twozfh1n44ogs|03|org"; nocase; ) # 1y83pdjek7aazapwqds6n7ae3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y83pdjek7aazapwqds6n7ae3|03|biz"; nocase; ) # yxoiyyxjtl3p13hxp7a1yb5l9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yxoiyyxjtl3p13hxp7a1yb5l9c|03|net"; nocase; ) # 63fsk23t1mb4kpmri98w8gji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|63fsk23t1mb4kpmri98w8gji|03|biz"; nocase; ) # 1a6ejcm550khm3gv5cslb6n79.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a6ejcm550khm3gv5cslb6n79|03|com"; nocase; ) # 1nn2w251kze4kt6ppkq0nz2ygh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nn2w251kze4kt6ppkq0nz2ygh|03|net"; nocase; ) # mpfiu176a30l1elda8ccd8qfk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mpfiu176a30l1elda8ccd8qfk|03|biz"; nocase; ) # 1qp205z1gz1zj2rynisfoi58ut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qp205z1gz1zj2rynisfoi58ut|03|org"; nocase; ) # 1te9lur1ygf3nz3je5e1q23ui7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1te9lur1ygf3nz3je5e1q23ui7|03|net"; nocase; ) # 1g6jesm12pyd7c19ay4ln16rfjhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g6jesm12pyd7c19ay4ln16rfjhm|03|com"; nocase; ) # 1j6lrpd11vx4n779e3vk95f2we.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j6lrpd11vx4n779e3vk95f2we|03|biz"; nocase; ) # gguz0e1tgmthu1088b6k686sse.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gguz0e1tgmthu1088b6k686sse|03|biz"; nocase; ) # 1b5n80c15s09wi1bzqr1dnm8wov.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b5n80c15s09wi1bzqr1dnm8wov|03|net"; nocase; ) # 14a1ntb1xvc0mj3iurq311ykfbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14a1ntb1xvc0mj3iurq311ykfbq|03|com"; nocase; ) # 1093t1qunz49a1y4t0zmz2ogpm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1093t1qunz49a1y4t0zmz2ogpm|03|com"; nocase; ) # 1fu0kyb1kssv5x1y3tuxi16n3hhx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fu0kyb1kssv5x1y3tuxi16n3hhx|03|net"; nocase; ) # 7l82d51qvrs8h1v7hpt71ej3iui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7l82d51qvrs8h1v7hpt71ej3iui|03|org"; nocase; ) # 1dtx8ty8xneac1up8asybx0f5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dtx8ty8xneac1up8asybx0f5o|03|net"; nocase; ) # tuym221yr90ce1kwd9x11uqagdh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tuym221yr90ce1kwd9x11uqagdh|03|com"; nocase; ) # 1qcwvhb5mz2oo7se99o1ofvydn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qcwvhb5mz2oo7se99o1ofvydn|03|com"; nocase; ) # 1sfx3ek1sip6v1bmnu4q1qgg75r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sfx3ek1sip6v1bmnu4q1qgg75r|03|biz"; nocase; ) # 1ml7po2955fcg4mvtu6666qep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ml7po2955fcg4mvtu6666qep|03|com"; nocase; ) # aplc1wkmvavm6qzzpwp6j3d0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aplc1wkmvavm6qzzpwp6j3d0|03|biz"; nocase; ) # q3pztathsmhojvcju1ia1oqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q3pztathsmhojvcju1ia1oqh|03|biz"; nocase; ) # cc3f2u5evdxjihobcmzxqjxk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cc3f2u5evdxjihobcmzxqjxk|03|org"; nocase; ) # 17rv54y1eqcwly1dr93be1ebizzb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17rv54y1eqcwly1dr93be1ebizzb|03|net"; nocase; ) # lelxir1h0nk3i1656syfx6ni6y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lelxir1h0nk3i1656syfx6ni6y|03|com"; nocase; ) # 14gtn63o03fnxatgz6esrne9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14gtn63o03fnxatgz6esrne9|03|net"; nocase; ) # 9lofos1insmgy1y5m6ui105o15x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9lofos1insmgy1y5m6ui105o15x|03|biz"; nocase; ) # 1wpftkd1m4z1jq9q4il41r53xq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wpftkd1m4z1jq9q4il41r53xq8|03|org"; nocase; ) # leow496if38h1og0pid1qpr42p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|leow496if38h1og0pid1qpr42p|03|biz"; nocase; ) # 1vrfkactnucpe3chpof9lg8a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1vrfkactnucpe3chpof9lg8a|03|net"; nocase; ) # 1wpt6lxdc8uzc15yoxdv1rxhq9s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wpt6lxdc8uzc15yoxdv1rxhq9s|03|org"; nocase; ) # 1eennjst6bzr911ypkoyfiso1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eennjst6bzr911ypkoyfiso1b|03|org"; nocase; ) # zvx44eans5l294d3d81i7ulep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zvx44eans5l294d3d81i7ulep|03|biz"; nocase; ) # 1w4msg613mjj381ln2p5hflakkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w4msg613mjj381ln2p5hflakkz|03|com"; nocase; ) # 1p3aufs1mhee5ahip4ud15vp6x6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3aufs1mhee5ahip4ud15vp6x6|03|biz"; nocase; ) # zkabo818uqjdm1owjsshwlxdzp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zkabo818uqjdm1owjsshwlxdzp|03|net"; nocase; ) # gbla8a1quk4219jjlvx1jcxb2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gbla8a1quk4219jjlvx1jcxb2t|03|net"; nocase; ) # 124jxva1843r651z082iepjcn2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124jxva1843r651z082iepjcn2r|03|org"; nocase; ) # 15d1bo5ggyn5bm7o1kv8mplf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15d1bo5ggyn5bm7o1kv8mplf1|03|org"; nocase; ) # uph8oh13wzjv41naqvcd1rmb97t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uph8oh13wzjv41naqvcd1rmb97t|03|org"; nocase; ) # 5mq6k316ce6xz5fyxg1dqikya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5mq6k316ce6xz5fyxg1dqikya|03|biz"; nocase; ) # 19taej2jyzrsazypavrplcjo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19taej2jyzrsazypavrplcjo4|03|net"; nocase; ) # wahldy17p7o9t61cyl1mlibjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wahldy17p7o9t61cyl1mlibjm|03|org"; nocase; ) # 142xe631wr0mdahjakg09ikff2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|142xe631wr0mdahjakg09ikff2|03|biz"; nocase; ) # bi5gfinrf5fp1tfvtt3am9fxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bi5gfinrf5fp1tfvtt3am9fxr|03|com"; nocase; ) # 1gvc06g1jkk632vb3ezv1hpyqs4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gvc06g1jkk632vb3ezv1hpyqs4|03|com"; nocase; ) # ykrdcy1m9xpau183w6tg1p9u7mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ykrdcy1m9xpau183w6tg1p9u7mi|03|net"; nocase; ) # 1sw3d0pmducox1orseep1n73ul4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sw3d0pmducox1orseep1n73ul4|03|biz"; nocase; ) # 1bmtedu83ck3w193r082oh0emb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bmtedu83ck3w193r082oh0emb|03|net"; nocase; ) # 1828vry2magor15u4jez18mhpjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1828vry2magor15u4jez18mhpjw|03|net"; nocase; ) # ova0yx1avmoxn1u7ez4ockbgor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ova0yx1avmoxn1u7ez4ockbgor|03|net"; nocase; ) # 1liauqoe6n3257bem9ex2p4av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1liauqoe6n3257bem9ex2p4av|03|com"; nocase; ) # 1uy51yxnjg34xnaifp23bpq7b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uy51yxnjg34xnaifp23bpq7b|03|net"; nocase; ) # 1kmj0901optnhd1d624wmpzzw4r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kmj0901optnhd1d624wmpzzw4r|03|net"; nocase; ) # 1rrt7mx1vn99eg1jjjakm1yn0wh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rrt7mx1vn99eg1jjjakm1yn0wh5|03|net"; nocase; ) # 1a64uwl16o2opr16sgsts29vz34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a64uwl16o2opr16sgsts29vz34|03|com"; nocase; ) # oyrxdn1vxwawck0bczv1w4xgt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oyrxdn1vxwawck0bczv1w4xgt2|03|net"; nocase; ) # 3jji77yk8mhwvetwqwwhyi8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3jji77yk8mhwvetwqwwhyi8m|03|net"; nocase; ) # 1o2287g1uxue0n1i1j83seifroe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2287g1uxue0n1i1j83seifroe|03|net"; nocase; ) # 1cilpenlod33o1pq26wjvd210b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cilpenlod33o1pq26wjvd210b|03|org"; nocase; ) # aqu47b815fet18u1si11d4zrxl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aqu47b815fet18u1si11d4zrxl|03|com"; nocase; ) # 1r4t7d01iiels21c83ex0wwky1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r4t7d01iiels21c83ex0wwky1z|03|com"; nocase; ) # 16i36bw1fbg5s19jd3ndg9nzgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16i36bw1fbg5s19jd3ndg9nzgx|03|net"; nocase; ) # tda4ml1gd2of11sf12oz389e5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tda4ml1gd2of11sf12oz389e5j|03|net"; nocase; ) # eycni5qptdkhnv3zn319gkfus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eycni5qptdkhnv3zn319gkfus|03|net"; nocase; ) # 9pwr7h91hhd5jwdn3qt38d3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9pwr7h91hhd5jwdn3qt38d3|03|biz"; nocase; ) # uqsnu1xmeyymvh572b1lcdczw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uqsnu1xmeyymvh572b1lcdczw|03|org"; nocase; ) # 1wa82af14zyz4y1dug3c21wbnui4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wa82af14zyz4y1dug3c21wbnui4|03|net"; nocase; ) # qaldjt1m05lpy18vhmxe65bd59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qaldjt1m05lpy18vhmxe65bd59|03|org"; nocase; ) # le5pqe15zjp5e1cf2a43butq1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|le5pqe15zjp5e1cf2a43butq1v|03|com"; nocase; ) # auukwh1xje1jb1voy1d11itgfbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|auukwh1xje1jb1voy1d11itgfbe|03|net"; nocase; ) # 1ru4e9wmoeks31gi2t5s1xrcjt2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000020999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ru4e9wmoeks31gi2t5s1xrcjt2|03|com"; nocase; ) # lh61io1l4h6em1sph0nr199rhot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lh61io1l4h6em1sph0nr199rhot|03|org"; nocase; ) # w8wvsfondicq1ilfv4q1i7inor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w8wvsfondicq1ilfv4q1i7inor|03|net"; nocase; ) # 13769z91cmapgpf3zkp61ejmxai.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13769z91cmapgpf3zkp61ejmxai|03|org"; nocase; ) # xc9v69bwdpwmkg96rcho6f4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xc9v69bwdpwmkg96rcho6f4p|03|org"; nocase; ) # kkmka71fk7ca01ihym1lso37ur.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kkmka71fk7ca01ihym1lso37ur|03|biz"; nocase; ) # 1k4gd4r1u04wyradpocf47spot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4gd4r1u04wyradpocf47spot|03|net"; nocase; ) # 1iu1sys11c3r5pzxlqrt1xeeiei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iu1sys11c3r5pzxlqrt1xeeiei|03|com"; nocase; ) # xrz2tc17tyfpr11kael41std0b2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xrz2tc17tyfpr11kael41std0b2|03|org"; nocase; ) # 12dhv75kxwyd4a0k7jo1dc4fkk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12dhv75kxwyd4a0k7jo1dc4fkk|03|biz"; nocase; ) # tc0rr3idodo210az0pqkpcub7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tc0rr3idodo210az0pqkpcub7|03|com"; nocase; ) # 91ayg65n2fizpd334f16icnt3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91ayg65n2fizpd334f16icnt3|03|com"; nocase; ) # 12i6nk31411up321barso89tgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12i6nk31411up321barso89tgc|03|com"; nocase; ) # rdcj8rznvpqf1gbj3aj1t51lrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rdcj8rznvpqf1gbj3aj1t51lrd|03|org"; nocase; ) # lzrwvh1vrd1da125i71xuosk92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lzrwvh1vrd1da125i71xuosk92|03|net"; nocase; ) # 1buxzo22anbvj1ngzlq01ijabd0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1buxzo22anbvj1ngzlq01ijabd0|03|com"; nocase; ) # 1iqbk87uzudkr1i2u0ac107c51e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iqbk87uzudkr1i2u0ac107c51e|03|biz"; nocase; ) # zb4snb1ukv7po1baiq5g1nzf0og.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zb4snb1ukv7po1baiq5g1nzf0og|03|org"; nocase; ) # 1rq150zzqizyippcyc41uei7fc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rq150zzqizyippcyc41uei7fc|03|net"; nocase; ) # 1h4fvcsm4z06c1spqx6w141ra8i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h4fvcsm4z06c1spqx6w141ra8i|03|biz"; nocase; ) # gdjdrxbe6vinvxn11a1nk5tl6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gdjdrxbe6vinvxn11a1nk5tl6|03|com"; nocase; ) # 1s8pldlu54d5k1rt25mm1o1i4pb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s8pldlu54d5k1rt25mm1o1i4pb|03|net"; nocase; ) # 13xbrf013ot9fp1odwxqdnulzh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13xbrf013ot9fp1odwxqdnulzh|03|com"; nocase; ) # 1yq7xz91g7po2x1v8h9r4iq2ohk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yq7xz91g7po2x1v8h9r4iq2ohk|03|org"; nocase; ) # 9wicu51fp5va633wfn1mdwyvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9wicu51fp5va633wfn1mdwyvf|03|net"; nocase; ) # 1wum4mf769nah1h88h10n625u2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wum4mf769nah1h88h10n625u2|03|org"; nocase; ) # 112cmcn11jxim1139058ootfjpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|112cmcn11jxim1139058ootfjpj|03|com"; nocase; ) # 11tu5w1u76q3eac6we519w3ogv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11tu5w1u76q3eac6we519w3ogv|03|net"; nocase; ) # 1h8p4k0o8913o128iwo812ps2sq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h8p4k0o8913o128iwo812ps2sq|03|org"; nocase; ) # 1tqykt12egwf7uak2fa1msh3gf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqykt12egwf7uak2fa1msh3gf|03|net"; nocase; ) # 837v5h1egrywdmie23e8sor2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|837v5h1egrywdmie23e8sor2e|03|net"; nocase; ) # 17632p8n1xy731r7fn2lpgqp65.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17632p8n1xy731r7fn2lpgqp65|03|biz"; nocase; ) # 6w3lu9hnrrol17xb71i1eikhsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6w3lu9hnrrol17xb71i1eikhsp|03|org"; nocase; ) # 1ppbh031oumegpl6oquisqdp33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ppbh031oumegpl6oquisqdp33|03|net"; nocase; ) # ouo4ag1cegluy1dyq91a1bui2w7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ouo4ag1cegluy1dyq91a1bui2w7|03|org"; nocase; ) # 13fggcj1wg4ng6atzo5mtc0js3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13fggcj1wg4ng6atzo5mtc0js3|03|net"; nocase; ) # 1q8fl37nqeqk36x4hbdz8acup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q8fl37nqeqk36x4hbdz8acup|03|com"; nocase; ) # 1arxm8cw4ewx7vocumrgdhwrt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1arxm8cw4ewx7vocumrgdhwrt|03|biz"; nocase; ) # rrklsoz1fo3c17uo25m8qd49m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rrklsoz1fo3c17uo25m8qd49m|03|biz"; nocase; ) # a6x1201aqaugc1lk811418kfxpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a6x1201aqaugc1lk811418kfxpb|03|net"; nocase; ) # 1e38f2u1fovjnl1p8gtsh4n3qd8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e38f2u1fovjnl1p8gtsh4n3qd8|03|biz"; nocase; ) # 136eagf14e4rsl1n5shwc1oxzvp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|136eagf14e4rsl1n5shwc1oxzvp6|03|com"; nocase; ) # 1jqn1mbfsbwb9ggsriivegfuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jqn1mbfsbwb9ggsriivegfuz|03|net"; nocase; ) # 16bozll1bl3gkd6ietmexnf3w4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16bozll1bl3gkd6ietmexnf3w4|03|com"; nocase; ) # zrvzt61kuk4buoc0flfm8twey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zrvzt61kuk4buoc0flfm8twey|03|com"; nocase; ) # w8flgs1t4yxuejyr1hu1luo2nx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w8flgs1t4yxuejyr1hu1luo2nx|03|com"; nocase; ) # a4djzojkecobz4fe261kz8exo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a4djzojkecobz4fe261kz8exo|03|org"; nocase; ) # 1gc4oy2ts05js1e7yygvqfanwn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gc4oy2ts05js1e7yygvqfanwn|03|biz"; nocase; ) # ko3kwj8ngo3m10basks1g0tb92.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ko3kwj8ngo3m10basks1g0tb92|03|biz"; nocase; ) # tahdb112rec6olystkt1hjcxgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tahdb112rec6olystkt1hjcxgc|03|com"; nocase; ) # 1s3n42wwnm90bwchsoo8ee90o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s3n42wwnm90bwchsoo8ee90o|03|com"; nocase; ) # jx5duc18c69u2189clzfp70fkw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jx5duc18c69u2189clzfp70fkw|03|org"; nocase; ) # 5zj8qc1l9jr141x9h8a416kp34u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5zj8qc1l9jr141x9h8a416kp34u|03|biz"; nocase; ) # 8icd7s17xofl4m2eofslmhccj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8icd7s17xofl4m2eofslmhccj|03|com"; nocase; ) # wumx9g1sfaec81dnsq3v3xs34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wumx9g1sfaec81dnsq3v3xs34|03|com"; nocase; ) # 1iw5ljd1dav5lljxd7nqs8dvlk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iw5ljd1dav5lljxd7nqs8dvlk|03|net"; nocase; ) # c4tdk8xnauwmup2a0c10xbe49.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4tdk8xnauwmup2a0c10xbe49|03|biz"; nocase; ) # q6v2y9kavu5p1fjpabfy4fyuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6v2y9kavu5p1fjpabfy4fyuo|03|net"; nocase; ) # 1s19bzvmqzp8y10nx6441l2ebs1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s19bzvmqzp8y10nx6441l2ebs1|03|biz"; nocase; ) # dd548nq4934v1fvxv0ld51k7x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dd548nq4934v1fvxv0ld51k7x|03|net"; nocase; ) # 1ifg5b1kxsg941fack9yv5o95g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ifg5b1kxsg941fack9yv5o95g|03|org"; nocase; ) # 4yxtrz19qkmfox3itph108otes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4yxtrz19qkmfox3itph108otes|03|net"; nocase; ) # 15n1bn11o2ry61y6x2u28070go.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15n1bn11o2ry61y6x2u28070go|03|biz"; nocase; ) # p7fa9m1yuhluss9qabn1wuizhf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7fa9m1yuhluss9qabn1wuizhf|03|org"; nocase; ) # 1kgbx76ulnqiatxlwrdreav1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kgbx76ulnqiatxlwrdreav1i|03|org"; nocase; ) # 1x16rxv16otv5ttvn05w1ksgpiz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x16rxv16otv5ttvn05w1ksgpiz|03|net"; nocase; ) # 2f4fsn1r4ln2d1ebgmmm5ltp04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2f4fsn1r4ln2d1ebgmmm5ltp04|03|com"; nocase; ) # 198e4rtmluapl1hjar7goceedp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|198e4rtmluapl1hjar7goceedp|03|org"; nocase; ) # 1rxo1phqj9a8d1lmjm7c1rao6pm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rxo1phqj9a8d1lmjm7c1rao6pm|03|biz"; nocase; ) # 1db95pb152cxf51vy8d511cby996.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1db95pb152cxf51vy8d511cby996|03|net"; nocase; ) # 32sz2g1kqq8fp14lew78nkw29z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|32sz2g1kqq8fp14lew78nkw29z|03|biz"; nocase; ) # 157me21v32i9bgop5jo1elf4fu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157me21v32i9bgop5jo1elf4fu|03|net"; nocase; ) # 74axb8rdmphqevi4qm123qhjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74axb8rdmphqevi4qm123qhjv|03|com"; nocase; ) # 176qowdc905d4198g5p02auqnz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|176qowdc905d4198g5p02auqnz|03|org"; nocase; ) # n4ikt315ic9731oqg0953ke26p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4ikt315ic9731oqg0953ke26p|03|com"; nocase; ) # 10cf55w1txhhmla0d8dqbkg6fm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10cf55w1txhhmla0d8dqbkg6fm|03|com"; nocase; ) # 5gmmf71njli2ucz7y0f45sbrw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5gmmf71njli2ucz7y0f45sbrw|03|org"; nocase; ) # wa64przzenwa145shg91qjtgnj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wa64przzenwa145shg91qjtgnj|03|com"; nocase; ) # 4us6u71enyh2g9uyepttnj4l0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4us6u71enyh2g9uyepttnj4l0|03|net"; nocase; ) # 1phhn901e3u7qn1on1g8dw16pb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1phhn901e3u7qn1on1g8dw16pb2|03|net"; nocase; ) # 1f30ybvflh15a1f0mntytvtmxt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f30ybvflh15a1f0mntytvtmxt|03|biz"; nocase; ) # 1lfmustwc03kpe0zwx4tj7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1lfmustwc03kpe0zwx4tj7l|03|net"; nocase; ) # 1e5ffq1gidso1mg7qd61ny9t2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5ffq1gidso1mg7qd61ny9t2x|03|net"; nocase; ) # 1r2wkdv14s4jn3l5yuqyvziv7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r2wkdv14s4jn3l5yuqyvziv7v|03|org"; nocase; ) # jr0add1aaqxkq1roh2k71cx9dn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jr0add1aaqxkq1roh2k71cx9dn|03|net"; nocase; ) # elcyzruz1zph12j0vox2u05j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|elcyzruz1zph12j0vox2u05j6|03|net"; nocase; ) # irxpe11gauyl1mi88epi37bgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irxpe11gauyl1mi88epi37bgk|03|com"; nocase; ) # zhhg4k144fpdb1og4pnzvkxh5e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhhg4k144fpdb1og4pnzvkxh5e|03|org"; nocase; ) # qb7uhv55bbi10bj3v9eduhbj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qb7uhv55bbi10bj3v9eduhbj|03|net"; nocase; ) # 3rb2hmg8f94d1gsuu4m1twlfu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rb2hmg8f94d1gsuu4m1twlfu0|03|net"; nocase; ) # 6chastmzqi6g174w5kl34nxcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6chastmzqi6g174w5kl34nxcl|03|com"; nocase; ) # 15wd8y8peilxd9ve1jf1ftznd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15wd8y8peilxd9ve1jf1ftznd9|03|net"; nocase; ) # 9d1znus4gu3tvigzh61teh7ah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9d1znus4gu3tvigzh61teh7ah|03|org"; nocase; ) # 53gu9m1i2luf21mg396d1y5rg8x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|53gu9m1i2luf21mg396d1y5rg8x|03|org"; nocase; ) # 17cniaz17jx9hx2ojmae1p5q8bz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17cniaz17jx9hx2ojmae1p5q8bz|03|org"; nocase; ) # tul6qp6rzeyb1l42h3giqdwq4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tul6qp6rzeyb1l42h3giqdwq4|03|biz"; nocase; ) # 1ae1iuketamv1v0p7iq126lwoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ae1iuketamv1v0p7iq126lwoq|03|com"; nocase; ) # 1vfko0234timjxi9bfi1ree83r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vfko0234timjxi9bfi1ree83r|03|org"; nocase; ) # k5okrxivflo21n3accvhnbgb3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5okrxivflo21n3accvhnbgb3|03|com"; nocase; ) # yw1larx27ket1uhru4m8pkdmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yw1larx27ket1uhru4m8pkdmq|03|org"; nocase; ) # 1xap8j6dfn0qj1x4g9q61vmo34c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xap8j6dfn0qj1x4g9q61vmo34c|03|com"; nocase; ) # bahs7sid76abxikkdd13zbyaj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bahs7sid76abxikkdd13zbyaj|03|biz"; nocase; ) # 1gf9axz1i9sdz61v0d1txmz1y1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gf9axz1i9sdz61v0d1txmz1y1x|03|org"; nocase; ) # 1x5dbrgoblj2b1v2ddvtel2z12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5dbrgoblj2b1v2ddvtel2z12|03|net"; nocase; ) # ms656z8khqj1bhiq0bi83zzq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ms656z8khqj1bhiq0bi83zzq|03|com"; nocase; ) # 1b9mc17gpwdl51ity83bo5f2lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b9mc17gpwdl51ity83bo5f2lr|03|net"; nocase; ) # 1upzngx181qls0cpx9ki1yluir5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1upzngx181qls0cpx9ki1yluir5|03|biz"; nocase; ) # bt8ei61j67kga1170bna1bl2zti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bt8ei61j67kga1170bna1bl2zti|03|com"; nocase; ) # 1ucuykxgy2ybn97990y1r07r5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ucuykxgy2ybn97990y1r07r5c|03|org"; nocase; ) # 1821h4bgo4s2214til8vpck7sy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1821h4bgo4s2214til8vpck7sy|03|net"; nocase; ) # 12zflw41s45gbruykil61txeela.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12zflw41s45gbruykil61txeela|03|net"; nocase; ) # glgtu4xwpp1muztonr13yxr2u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glgtu4xwpp1muztonr13yxr2u|03|com"; nocase; ) # 1fplfug13bszwyvblloy9m2a9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fplfug13bszwyvblloy9m2a9q|03|com"; nocase; ) # 1bmspvy1to13xxbbkslgw7vb9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bmspvy1to13xxbbkslgw7vb9j|03|net"; nocase; ) # u43r93lngbzvyb8cbxaf2wyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u43r93lngbzvyb8cbxaf2wyn|03|biz"; nocase; ) # 1necujf1btqnp21banbaa13lotbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1necujf1btqnp21banbaa13lotbp|03|org"; nocase; ) # 1vaxhk2bixfmuripf11tr5myn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vaxhk2bixfmuripf11tr5myn|03|biz"; nocase; ) # tgh5k512lrrjyroja3s1e785i6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tgh5k512lrrjyroja3s1e785i6|03|net"; nocase; ) # 1mg7whg1r3cwp51egthuyltri5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mg7whg1r3cwp51egthuyltri5r|03|net"; nocase; ) # 1d2aocgoi4528yejqr9oqo93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1d2aocgoi4528yejqr9oqo93|03|net"; nocase; ) # g4odwdlzu3lu1a5mcrd102fp6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4odwdlzu3lu1a5mcrd102fp6r|03|net"; nocase; ) # 153c5kytdlqs37t0g0cbc6l1v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|153c5kytdlqs37t0g0cbc6l1v|03|net"; nocase; ) # 1rcsai01cmplocduly2ebyvkpi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rcsai01cmplocduly2ebyvkpi|03|org"; nocase; ) # yvfcssvpvbnbfhfjrgdomjsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yvfcssvpvbnbfhfjrgdomjsl|03|net"; nocase; ) # 19cqdz0v70vdp1a6ydm01nhtqyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19cqdz0v70vdp1a6ydm01nhtqyx|03|com"; nocase; ) # 13o0fdns8d374tcejythncmv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13o0fdns8d374tcejythncmv|03|biz"; nocase; ) # phz8zs1ex0gk14hkuzk1mm9601.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|phz8zs1ex0gk14hkuzk1mm9601|03|net"; nocase; ) # opnmw7tu5txu1ykupwbzb4j91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|opnmw7tu5txu1ykupwbzb4j91|03|com"; nocase; ) # 1iti3ns1f2px301rttp4g1lnetwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iti3ns1f2px301rttp4g1lnetwi|03|com"; nocase; ) # 129nxf113dci3qhbmuip8fsp9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|129nxf113dci3qhbmuip8fsp9v|03|org"; nocase; ) # 1ltki621o00i52557z081w80y9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ltki621o00i52557z081w80y9c|03|biz"; nocase; ) # 1xpoqtdp6zcc21u7pk3s1yvbwig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xpoqtdp6zcc21u7pk3s1yvbwig|03|net"; nocase; ) # 1gq03gdwjk1r913nodo176h74y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gq03gdwjk1r913nodo176h74y|03|biz"; nocase; ) # 3ra0qn15r9fb51wwrlnr1w98dwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3ra0qn15r9fb51wwrlnr1w98dwv|03|net"; nocase; ) # tpkpc129p27tmr098z9cd4pu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tpkpc129p27tmr098z9cd4pu|03|biz"; nocase; ) # 1jy0rqp16bqvr3jiggs71uzcown.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jy0rqp16bqvr3jiggs71uzcown|03|org"; nocase; ) # hsb34do74moa151uqjh184krtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hsb34do74moa151uqjh184krtu|03|net"; nocase; ) # 6mjzu0rsqo13ovu2ei13dle9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6mjzu0rsqo13ovu2ei13dle9o|03|net"; nocase; ) # 1uenf3saxp1hy2e9q8dhhrqzm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uenf3saxp1hy2e9q8dhhrqzm|03|biz"; nocase; ) # hi5c0i1qka86r1jogs5lye0zmm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hi5c0i1qka86r1jogs5lye0zmm|03|com"; nocase; ) # 1v4rgos5b5pwi13szyd7jwrgpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v4rgos5b5pwi13szyd7jwrgpk|03|net"; nocase; ) # yeuhfk1g53jvedarh493mc2ns.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yeuhfk1g53jvedarh493mc2ns|03|org"; nocase; ) # 1vbgq8wtdhnm9yb61a5s79e1j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vbgq8wtdhnm9yb61a5s79e1j|03|net"; nocase; ) # qr4rzr11emcdc1kgw82z16dykur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qr4rzr11emcdc1kgw82z16dykur|03|org"; nocase; ) # 4fwnatxbq37ogakr3fzncil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4fwnatxbq37ogakr3fzncil|03|biz"; nocase; ) # uqrp50134xveh13wa90p1jgqfgm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uqrp50134xveh13wa90p1jgqfgm|03|net"; nocase; ) # fp8mcr1fngno31j5gwh91byqdlx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fp8mcr1fngno31j5gwh91byqdlx|03|com"; nocase; ) # 1r1ecg7mb1kbu1xruqxf7nex5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r1ecg7mb1kbu1xruqxf7nex5y|03|com"; nocase; ) # br8pel1rh9x6d1evftog1ch4b3q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|br8pel1rh9x6d1evftog1ch4b3q|03|com"; nocase; ) # 1xo5cto1n39m1i1qara4iyokrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xo5cto1n39m1i1qara4iyokrr|03|com"; nocase; ) # 1743n2p1m0lp831ufaeao1nlrli8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1743n2p1m0lp831ufaeao1nlrli8|03|net"; nocase; ) # 1uxobol16q4n93djurev1ud55sd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uxobol16q4n93djurev1ud55sd|03|com"; nocase; ) # 1v4xp2f1b3fwbrx22zum1wsunp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4xp2f1b3fwbrx22zum1wsunp4|03|net"; nocase; ) # 13bch8m1kw4qz6c8gxskqg33k5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13bch8m1kw4qz6c8gxskqg33k5|03|com"; nocase; ) # s9e2bpveyxkq1vifzdp171jz4v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s9e2bpveyxkq1vifzdp171jz4v|03|org"; nocase; ) # irl7oxbtcla919gb95i1jg7biu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|irl7oxbtcla919gb95i1jg7biu|03|biz"; nocase; ) # 1exgmqalyyome1xprtpp18evtpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1exgmqalyyome1xprtpp18evtpb|03|net"; nocase; ) # 48oam81y46me8k8wk0pi1zb35.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|48oam81y46me8k8wk0pi1zb35|03|biz"; nocase; ) # hqqkkfggvqck11vjf9paqvh24.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hqqkkfggvqck11vjf9paqvh24|03|org"; nocase; ) # 66xke11xmt89ri9r815hqd8qd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66xke11xmt89ri9r815hqd8qd|03|org"; nocase; ) # p9t5kc1ovfw8g14ep4tvvc26ke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9t5kc1ovfw8g14ep4tvvc26ke|03|net"; nocase; ) # 7brlao1raowwtmgkzy21ea7m0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7brlao1raowwtmgkzy21ea7m0o|03|com"; nocase; ) # tesqw11ce1a801abrzqg4gaql4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tesqw11ce1a801abrzqg4gaql4|03|net"; nocase; ) # 1ba608b1d88zky4va7mbp78oki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ba608b1d88zky4va7mbp78oki|03|net"; nocase; ) # aophfradpuqp1v3cekjpcgzd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aophfradpuqp1v3cekjpcgzd2|03|com"; nocase; ) # 1awmkf51hvi7rh1mrbv925dd3u4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awmkf51hvi7rh1mrbv925dd3u4|03|com"; nocase; ) # 1oza2ri71588b1t00m9r8871rn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oza2ri71588b1t00m9r8871rn|03|net"; nocase; ) # og3taxs8o3heovjqw51d25mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|og3taxs8o3heovjqw51d25mi|03|net"; nocase; ) # pvygbo1sgxmv1cthfbvzh0fkh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pvygbo1sgxmv1cthfbvzh0fkh|03|net"; nocase; ) # 1ry7p351iwzqbj16jqaza9pk7du.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ry7p351iwzqbj16jqaza9pk7du|03|com"; nocase; ) # 3y2co3apy1j18we5yxhpotp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3y2co3apy1j18we5yxhpotp|03|biz"; nocase; ) # v29x3x1iwfv2u95pu8k16924ql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v29x3x1iwfv2u95pu8k16924ql|03|com"; nocase; ) # 1qdywhdkm0jy4defn921cs40t1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qdywhdkm0jy4defn921cs40t1|03|org"; nocase; ) # zqspchevv0mpbzu9235mhj1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zqspchevv0mpbzu9235mhj1e|03|com"; nocase; ) # v81tva1axx3isxdwzyf1b7m6gi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v81tva1axx3isxdwzyf1b7m6gi|03|net"; nocase; ) # y5o56d2bfxhbyimkeg1thplbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y5o56d2bfxhbyimkeg1thplbp|03|org"; nocase; ) # rrbe1fu9n22c1si4tqhh4li4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rrbe1fu9n22c1si4tqhh4li4a|03|net"; nocase; ) # s61kq313399dw374xhvldnzth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s61kq313399dw374xhvldnzth|03|org"; nocase; ) # m7vi2k1nkxan2updop92s2sc4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m7vi2k1nkxan2updop92s2sc4|03|com"; nocase; ) # 1r9i51l1are0dot0zlh71stpgkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9i51l1are0dot0zlh71stpgkp|03|org"; nocase; ) # 119kxf718z0l4o7zk2s569jluk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119kxf718z0l4o7zk2s569jluk|03|com"; nocase; ) # 131wb3e2xfkpl1gdt9841cz4v7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|131wb3e2xfkpl1gdt9841cz4v7t|03|org"; nocase; ) # 1k8hdhlcw3l5k8d7yxx5pk7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1k8hdhlcw3l5k8d7yxx5pk7i|03|org"; nocase; ) # 1yc0fha11d72f7i3aqdx1y5ohtn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yc0fha11d72f7i3aqdx1y5ohtn|03|org"; nocase; ) # ud78o175g89mv8iphj1iosp8c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ud78o175g89mv8iphj1iosp8c|03|org"; nocase; ) # 1u6x16o1rick92otlhazytwi1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u6x16o1rick92otlhazytwi1w|03|com"; nocase; ) # 1ey4crz91ptfo1ocsjy1289l9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ey4crz91ptfo1ocsjy1289l9x|03|org"; nocase; ) # rdhzrm1qozr8r1s69rkv1fjp3b9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rdhzrm1qozr8r1s69rkv1fjp3b9|03|com"; nocase; ) # 1istte25jooap1edpex01yom0vk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1istte25jooap1edpex01yom0vk|03|org"; nocase; ) # onx10l1v2w9461x23yp7im26ds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|onx10l1v2w9461x23yp7im26ds|03|biz"; nocase; ) # 1ylbh6ix31xbwzi5pv0ypomcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ylbh6ix31xbwzi5pv0ypomcs|03|com"; nocase; ) # 1cexmo0b9uqiszdwgrgf87ihb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cexmo0b9uqiszdwgrgf87ihb|03|net"; nocase; ) # 1op3xbe1l8euq8f6nt7lk0zu6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1op3xbe1l8euq8f6nt7lk0zu6p|03|net"; nocase; ) # p4db391ft0553qf14ae1tre40b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4db391ft0553qf14ae1tre40b|03|com"; nocase; ) # 14unbct1gtpym01xyacaz6qpiqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14unbct1gtpym01xyacaz6qpiqw|03|net"; nocase; ) # v0qw7ql2qm44ecxj291dvvsx3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0qw7ql2qm44ecxj291dvvsx3|03|biz"; nocase; ) # 3m1j2dvc3fkzuyejfy1a4nnws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3m1j2dvc3fkzuyejfy1a4nnws|03|com"; nocase; ) # 7gtnhq14oo5mb19l5pajsw8fsi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7gtnhq14oo5mb19l5pajsw8fsi|03|com"; nocase; ) # 1vdurzpyt5tt0igr7euypbgmi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vdurzpyt5tt0igr7euypbgmi|03|net"; nocase; ) # 133fbnq1hgzyn61qmizc51ki6aq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|133fbnq1hgzyn61qmizc51ki6aq1|03|net"; nocase; ) # vr8pts1r1m05n1apz3to130t9cm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vr8pts1r1m05n1apz3to130t9cm|03|org"; nocase; ) # 1trs0l012ods9xieipg84zv4i4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1trs0l012ods9xieipg84zv4i4|03|org"; nocase; ) # 1dymwso4dqpb31hbmkfj4qbx9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dymwso4dqpb31hbmkfj4qbx9b|03|com"; nocase; ) # q5ufmt1b4nvi1bxa48r1ga8owp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q5ufmt1b4nvi1bxa48r1ga8owp|03|com"; nocase; ) # 1cd6a6swj1yu8cfdlx3dkghzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cd6a6swj1yu8cfdlx3dkghzw|03|net"; nocase; ) # 516bk6g6mp5xl8yn2pc370cc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|516bk6g6mp5xl8yn2pc370cc|03|biz"; nocase; ) # 3oa9yg1ynzbgx1i3mb2r1af918y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3oa9yg1ynzbgx1i3mb2r1af918y|03|org"; nocase; ) # uww6njqu2n6ef8wd4bb0yc1o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uww6njqu2n6ef8wd4bb0yc1o|03|biz"; nocase; ) # eqafejgss8l02t6z3k1ex6u5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqafejgss8l02t6z3k1ex6u5m|03|com"; nocase; ) # 92ydvk16hduvuzr6zw1veaj0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92ydvk16hduvuzr6zw1veaj0l|03|com"; nocase; ) # 10q1o6ix5sv551amz00gfxudw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10q1o6ix5sv551amz00gfxudw3|03|net"; nocase; ) # hcdqwde3g2nzym0w2d6ix25n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hcdqwde3g2nzym0w2d6ix25n|03|org"; nocase; ) # 1qh589t31gh1a9tkru1wvf1yr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qh589t31gh1a9tkru1wvf1yr|03|biz"; nocase; ) # fxps7tqe67e3vmr8qc1liwgkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fxps7tqe67e3vmr8qc1liwgkv|03|org"; nocase; ) # obal42aqaj1z1r34ojed8xccs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|obal42aqaj1z1r34ojed8xccs|03|biz"; nocase; ) # 1573k0b9usom32udumo1c0jo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1573k0b9usom32udumo1c0jo4|03|net"; nocase; ) # 1a81zmkcz9w5gas8po1e7y6oj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a81zmkcz9w5gas8po1e7y6oj|03|com"; nocase; ) # la7x1v9c8ex3eqrjyahvuzrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|la7x1v9c8ex3eqrjyahvuzrw|03|net"; nocase; ) # b7m0ma10c6ro960rhz71obfkmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b7m0ma10c6ro960rhz71obfkmq|03|org"; nocase; ) # 1qfdrhuw45ckw6rbpv5hktik7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfdrhuw45ckw6rbpv5hktik7|03|net"; nocase; ) # 16k0qh11nlqtga8tk9xmgw3hom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16k0qh11nlqtga8tk9xmgw3hom|03|net"; nocase; ) # 7rvl2kjgm0t31ndfr3i17seluj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7rvl2kjgm0t31ndfr3i17seluj|03|org"; nocase; ) # p53rn73s6t9o1eebj521dt75tu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p53rn73s6t9o1eebj521dt75tu|03|com"; nocase; ) # 1hjzn66103q6ofb3dnk41tw1a1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hjzn66103q6ofb3dnk41tw1a1f|03|net"; nocase; ) # 1vdhs1x1tm38q019aixq710zgqc9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vdhs1x1tm38q019aixq710zgqc9|03|com"; nocase; ) # 3brarg1uy33zw1ne8i7y10h1mvp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3brarg1uy33zw1ne8i7y10h1mvp|03|net"; nocase; ) # ryghqttdceq6ox9i9wpsilgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ryghqttdceq6ox9i9wpsilgu|03|org"; nocase; ) # 14vpnnaxzjcit1pcr5b11shqex1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14vpnnaxzjcit1pcr5b11shqex1|03|org"; nocase; ) # xs3l9o1v2vdq4urfr2f1g653e0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xs3l9o1v2vdq4urfr2f1g653e0|03|org"; nocase; ) # dfpflquf3ye11p14vf6mmvssv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfpflquf3ye11p14vf6mmvssv|03|com"; nocase; ) # 1ujx0i61wxvregdkqvrs181p0q9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujx0i61wxvregdkqvrs181p0q9|03|net"; nocase; ) # 1teiixrldybcl1exoh8r17m93hx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1teiixrldybcl1exoh8r17m93hx|03|com"; nocase; ) # ivdt1a1558f8h9x91gk14pw2gd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ivdt1a1558f8h9x91gk14pw2gd|03|com"; nocase; ) # b9p04f9agw0h1iboeg11vn6jbd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9p04f9agw0h1iboeg11vn6jbd|03|biz"; nocase; ) # 1m4r0sm1bu15q79mppjh29a9l2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m4r0sm1bu15q79mppjh29a9l2|03|net"; nocase; ) # u2q02468l5dx1q6cftnovj7sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u2q02468l5dx1q6cftnovj7sq|03|net"; nocase; ) # j6ph9xwcmkt512jddfj1y8fn7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6ph9xwcmkt512jddfj1y8fn7|03|com"; nocase; ) # 14xvgqjumyjkh1osebfy4jhuuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14xvgqjumyjkh1osebfy4jhuuk|03|net"; nocase; ) # 131dln01t2ry1ca75nsd1w1vq98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|131dln01t2ry1ca75nsd1w1vq98|03|com"; nocase; ) # cgb9ge1lr2qr1nf8hguacdmr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cgb9ge1lr2qr1nf8hguacdmr2|03|org"; nocase; ) # 3mc0hq1qawk1woqpmpbagfv3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3mc0hq1qawk1woqpmpbagfv3k|03|net"; nocase; ) # xexjh3ni7ms8s4l6v3p4r8mw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xexjh3ni7ms8s4l6v3p4r8mw|03|org"; nocase; ) # 1kz2sagdpk71o9uv8gih5fjuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kz2sagdpk71o9uv8gih5fjuj|03|com"; nocase; ) # rhf9gs19ea84bw64o2kso15v3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhf9gs19ea84bw64o2kso15v3|03|com"; nocase; ) # pi4kqluig9pepj1kn13rs669.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pi4kqluig9pepj1kn13rs669|03|net"; nocase; ) # 1m2l3m219vmyn51is2skt6e8b55.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2l3m219vmyn51is2skt6e8b55|03|org"; nocase; ) # 1ay4s1k8wwrid1g1s7tuel16q9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ay4s1k8wwrid1g1s7tuel16q9|03|biz"; nocase; ) # t55bqn1o8mo1qf9r6g11gguqnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t55bqn1o8mo1qf9r6g11gguqnt|03|net"; nocase; ) # 14pu68r1ra945a1s2o8811kapf2o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14pu68r1ra945a1s2o8811kapf2o|03|org"; nocase; ) # 1kryaim11vbdp219w9nd81tuhgvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kryaim11vbdp219w9nd81tuhgvk|03|net"; nocase; ) # raivcf15m7njhw38p1ezfiyun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|raivcf15m7njhw38p1ezfiyun|03|net"; nocase; ) # runzic1yida9t1bifegk9g6gt8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|runzic1yida9t1bifegk9g6gt8|03|biz"; nocase; ) # 1ujerl8tn8bfe198g1mt1ka6n5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujerl8tn8bfe198g1mt1ka6n5i|03|org"; nocase; ) # 18yisez1qrj8bgnndrhusdme25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18yisez1qrj8bgnndrhusdme25|03|com"; nocase; ) # 1mepvi11eingge1uzwezx2kwfdo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mepvi11eingge1uzwezx2kwfdo|03|org"; nocase; ) # 1vfmz43queg0pmbcyz9twqscb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vfmz43queg0pmbcyz9twqscb|03|com"; nocase; ) # 1akra3y1fel7t71ebl5ydyebswr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1akra3y1fel7t71ebl5ydyebswr|03|org"; nocase; ) # yq5hzbn09pnj27k7hku8ohjo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yq5hzbn09pnj27k7hku8ohjo|03|biz"; nocase; ) # 1o6sf8g1q2xvij1h0v4voctpwaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o6sf8g1q2xvij1h0v4voctpwaa|03|net"; nocase; ) # w1lfoid2a4i8blzoefqxr2xa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w1lfoid2a4i8blzoefqxr2xa|03|org"; nocase; ) # 44v1in17gll7b1c3xx4i9syfmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|44v1in17gll7b1c3xx4i9syfmt|03|com"; nocase; ) # ooyoj41pl7xo13zc8by39aj51.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ooyoj41pl7xo13zc8by39aj51|03|net"; nocase; ) # a162bqiwkw8d4vvk3dn56ea7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a162bqiwkw8d4vvk3dn56ea7|03|com"; nocase; ) # cfn0zy1bumnoh1vftonigwt4zq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cfn0zy1bumnoh1vftonigwt4zq|03|com"; nocase; ) # 5lra321lmxqpu2bbnbc1ec636x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5lra321lmxqpu2bbnbc1ec636x|03|com"; nocase; ) # 13u0w3stojmdxzvsa9f35haw8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13u0w3stojmdxzvsa9f35haw8|03|com"; nocase; ) # qfp0g51e5uahci8mkc1t6u72r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qfp0g51e5uahci8mkc1t6u72r|03|biz"; nocase; ) # 173s4qkobx4cz1meioy01nyegxp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173s4qkobx4cz1meioy01nyegxp|03|biz"; nocase; ) # lvxb623e8pntz1qr2tshswa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|lvxb623e8pntz1qr2tshswa|03|net"; nocase; ) # 18pntnr8geuf5hv5md11uz48bo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pntnr8geuf5hv5md11uz48bo|03|com"; nocase; ) # hy22q6faus1pyhgqa4l7mdli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hy22q6faus1pyhgqa4l7mdli|03|org"; nocase; ) # 1d9ne85jp86tv1kjh0fe1ku8cs8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d9ne85jp86tv1kjh0fe1ku8cs8|03|biz"; nocase; ) # 1kf33r1pnsck91836jwu1mv42me.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kf33r1pnsck91836jwu1mv42me|03|org"; nocase; ) # xebxmt11j9s5hy4xori1dqqfe2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xebxmt11j9s5hy4xori1dqqfe2|03|net"; nocase; ) # 1dgq2il1kwwdyw13j3zrcvai5oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dgq2il1kwwdyw13j3zrcvai5oq|03|net"; nocase; ) # 16t5s771t1l95wkfkdin152d5kg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16t5s771t1l95wkfkdin152d5kg|03|biz"; nocase; ) # 6az9ez1rmhh6x13bdfz512t5l3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6az9ez1rmhh6x13bdfz512t5l3m|03|net"; nocase; ) # 10e5vdg130h5gxhjxaizzvw5yy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10e5vdg130h5gxhjxaizzvw5yy|03|org"; nocase; ) # rl93u4ucr25510mbm7wnnum81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rl93u4ucr25510mbm7wnnum81|03|net"; nocase; ) # 1fvw0xp1kqrho0eei037r2muo0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fvw0xp1kqrho0eei037r2muo0|03|biz"; nocase; ) # 13b2pm81wbc30cszmo9og3tbea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13b2pm81wbc30cszmo9og3tbea|03|net"; nocase; ) # a16s2k9pyc85zxhh65130v9bz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a16s2k9pyc85zxhh65130v9bz|03|org"; nocase; ) # 1z0qsz61v64e00ftj8pp10z78z9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1z0qsz61v64e00ftj8pp10z78z9|03|org"; nocase; ) # 4ua01n1gj55rsml8d7p1b74i0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ua01n1gj55rsml8d7p1b74i0e|03|org"; nocase; ) # 18vzlee1i4l92t11jr56a450gj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18vzlee1i4l92t11jr56a450gj3|03|net"; nocase; ) # g269by1xx9jyq1bvg59z179jmkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g269by1xx9jyq1bvg59z179jmkt|03|com"; nocase; ) # 1463l3y1jk7pzrgdvxjicv83r3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1463l3y1jk7pzrgdvxjicv83r3|03|biz"; nocase; ) # 1ixmmic1uysedw1fwxupa5vfv1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ixmmic1uysedw1fwxupa5vfv1v|03|com"; nocase; ) # k1w77xrstk9k1uop7ht8iwcwz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k1w77xrstk9k1uop7ht8iwcwz|03|net"; nocase; ) # gqswvzrgrwis1xhsxz51gd2kid.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gqswvzrgrwis1xhsxz51gd2kid|03|org"; nocase; ) # 8198x111hedhw1jg47kjjxlo8w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8198x111hedhw1jg47kjjxlo8w|03|net"; nocase; ) # 1i424nduoy3y07k6jmm144qdya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i424nduoy3y07k6jmm144qdya|03|org"; nocase; ) # 9chu1fkb05rd1issady1l5i1n5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9chu1fkb05rd1issady1l5i1n5|03|net"; nocase; ) # 1wg8yr9w5bnt11uk0uea1ihwx3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wg8yr9w5bnt11uk0uea1ihwx3l|03|net"; nocase; ) # 79z3an1cuecqx2mbm9ttfb6oc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79z3an1cuecqx2mbm9ttfb6oc|03|com"; nocase; ) # 1rtsf4033h9mt1qacodn1av2yu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rtsf4033h9mt1qacodn1av2yu0|03|net"; nocase; ) # 19rvu38ak9hfyz40z4gpzqbgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19rvu38ak9hfyz40z4gpzqbgt|03|com"; nocase; ) # 10bb1o318yodwz6dcizadlplpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10bb1o318yodwz6dcizadlplpj|03|com"; nocase; ) # 10bzvze1tgrkhj1ctpef7wcpds8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10bzvze1tgrkhj1ctpef7wcpds8|03|biz"; nocase; ) # 18ta14yjrjoee15wnf9u188gg49.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ta14yjrjoee15wnf9u188gg49|03|com"; nocase; ) # 6hg31513lfkey13q65vh1jq66sf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6hg31513lfkey13q65vh1jq66sf|03|net"; nocase; ) # bpq6i8ydiyennwuow65q6lhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bpq6i8ydiyennwuow65q6lhi|03|net"; nocase; ) # rskb7tc2k0j01eqpx5zqn9oj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rskb7tc2k0j01eqpx5zqn9oj7|03|com"; nocase; ) # tprdfhxjfx631lfdsfr1la0rm1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tprdfhxjfx631lfdsfr1la0rm1|03|biz"; nocase; ) # 1m191sg1l9bl1cxusref11mzb5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m191sg1l9bl1cxusref11mzb5|03|com"; nocase; ) # ny49eip4dr3z1lg4ulb51yc0j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ny49eip4dr3z1lg4ulb51yc0j|03|org"; nocase; ) # 1tr2ir7rh5ylyuqw6f71n6v47a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tr2ir7rh5ylyuqw6f71n6v47a|03|biz"; nocase; ) # p5a76j1v0dzmkdbsxuy1xx8jy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p5a76j1v0dzmkdbsxuy1xx8jy2|03|net"; nocase; ) # adu2v11nkfw8t1eibfca112m7o3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|adu2v11nkfw8t1eibfca112m7o3|03|com"; nocase; ) # ohbqbiicgb958lv10u1ouk2bz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ohbqbiicgb958lv10u1ouk2bz|03|com"; nocase; ) # jtgujd1mphdc9ftlcs315t58b6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jtgujd1mphdc9ftlcs315t58b6|03|biz"; nocase; ) # nh5kko1affnlq1copilh47otrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nh5kko1affnlq1copilh47otrk|03|com"; nocase; ) # qmjr5r1t1oarriv6q6fkf6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qmjr5r1t1oarriv6q6fkf6e|03|net"; nocase; ) # 141kfca11258ze1d9mqp7kw7rjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|141kfca11258ze1d9mqp7kw7rjz|03|org"; nocase; ) # 1u27jthzr9w59ual4mnm83k8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1u27jthzr9w59ual4mnm83k8|03|biz"; nocase; ) # vboc2p1i2adcrgkb32n1vnpxcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vboc2p1i2adcrgkb32n1vnpxcy|03|net"; nocase; ) # gdjxbj1tvqoqc17moug31y8t12s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gdjxbj1tvqoqc17moug31y8t12s|03|com"; nocase; ) # 1vgya3gexygp01ub9epoinryz4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vgya3gexygp01ub9epoinryz4|03|biz"; nocase; ) # 15c6xp71xfy3do15kbbfmglp0qp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15c6xp71xfy3do15kbbfmglp0qp|03|net"; nocase; ) # 11021ohriu2pw1w5686s63m7qk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11021ohriu2pw1w5686s63m7qk|03|biz"; nocase; ) # kl1h5091e7e71kan86j1tx9m1o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kl1h5091e7e71kan86j1tx9m1o|03|org"; nocase; ) # 1bo6wzj1q87qio98gm4wgiekoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bo6wzj1q87qio98gm4wgiekoo|03|com"; nocase; ) # ewqwlp3kh233eo24qovyv7hy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ewqwlp3kh233eo24qovyv7hy|03|net"; nocase; ) # iw3gzb1gr3hm9rqbyt10lw2ui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iw3gzb1gr3hm9rqbyt10lw2ui|03|org"; nocase; ) # y6ay7c1i8ewkg3a83z056ijgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y6ay7c1i8ewkg3a83z056ijgp|03|com"; nocase; ) # 1fasqabtoww2m2a59rlvnmq5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fasqabtoww2m2a59rlvnmq5q|03|net"; nocase; ) # 1o092n8p30m7doffmws106inzv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o092n8p30m7doffmws106inzv|03|biz"; nocase; ) # 1bxux8413edhmdu0ucq8avcikz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bxux8413edhmdu0ucq8avcikz|03|org"; nocase; ) # 1i8rxz817gqz24vl69ks5fahez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i8rxz817gqz24vl69ks5fahez|03|org"; nocase; ) # 1k89exx1phg89bdicfz01evm3g8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k89exx1phg89bdicfz01evm3g8|03|net"; nocase; ) # 64pl4zpdl2qbopz7vq15c7gf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|64pl4zpdl2qbopz7vq15c7gf|03|net"; nocase; ) # gba75a1ldug1b11gjqc9158n4t4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gba75a1ldug1b11gjqc9158n4t4|03|org"; nocase; ) # eu8mcb1l63k1gwhch1lhakemq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eu8mcb1l63k1gwhch1lhakemq|03|com"; nocase; ) # 1vndtzktq2co216nzysvo4wg4r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vndtzktq2co216nzysvo4wg4r|03|com"; nocase; ) # 18daftt1qop9fjnmlqslj0rzez.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18daftt1qop9fjnmlqslj0rzez|03|biz"; nocase; ) # 10a0t8329d07e1wot0yep3kqre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10a0t8329d07e1wot0yep3kqre|03|com"; nocase; ) # 1eiwj4t1hldlnbnc2yqb1vquawa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eiwj4t1hldlnbnc2yqb1vquawa|03|net"; nocase; ) # 1ffhyfs13xmt3gcxiqa91smbzod.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ffhyfs13xmt3gcxiqa91smbzod|03|net"; nocase; ) # 1031z7x1p7m8jpsemvtajzbc9u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1031z7x1p7m8jpsemvtajzbc9u|03|biz"; nocase; ) # 1ctmh078l51elbhjr7ueuvt40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ctmh078l51elbhjr7ueuvt40|03|net"; nocase; ) # 15glb5517bnjui1aiy78a1dnzax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15glb5517bnjui1aiy78a1dnzax|03|net"; nocase; ) # 1yezp7t14oxk5wsn29o6dhhsh2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yezp7t14oxk5wsn29o6dhhsh2|03|net"; nocase; ) # xrxopz1cs7hubvjshiheorf6d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrxopz1cs7hubvjshiheorf6d|03|org"; nocase; ) # z2jzwq116p0ce1d7614mi8xc67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z2jzwq116p0ce1d7614mi8xc67|03|org"; nocase; ) # nhmn7v1cidt7f1s2mdp28eatu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nhmn7v1cidt7f1s2mdp28eatu|03|com"; nocase; ) # 1mqqozp195pcipx6gq2r1ffoa9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqqozp195pcipx6gq2r1ffoa9j|03|org"; nocase; ) # 185gks6l0tj1v19u86zgvdvcj8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|185gks6l0tj1v19u86zgvdvcj8|03|biz"; nocase; ) # 1oralpihpry7850z9mg1dzokgh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oralpihpry7850z9mg1dzokgh|03|org"; nocase; ) # 1cn6wpd156j2i1v911di125gurv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cn6wpd156j2i1v911di125gurv|03|com"; nocase; ) # 5y8j3u1vb21wxb1qviq1d13z8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5y8j3u1vb21wxb1qviq1d13z8g|03|com"; nocase; ) # 1qc8mrq1v4qsxe1ew78s0826kih.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qc8mrq1v4qsxe1ew78s0826kih|03|biz"; nocase; ) # 63n915a905y8wxk5ry15lrek4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|63n915a905y8wxk5ry15lrek4|03|net"; nocase; ) # 1nkz0j71vsv2xba28uuq1h1hu2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nkz0j71vsv2xba28uuq1h1hu2|03|com"; nocase; ) # ju54topxuqbz1noqf2oq15txw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ju54topxuqbz1noqf2oq15txw|03|biz"; nocase; ) # owaoql1d7mcth1idxp9ykagxlt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|owaoql1d7mcth1idxp9ykagxlt|03|net"; nocase; ) # 1mfunsh1vben18l3tbn46idx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1mfunsh1vben18l3tbn46idx|03|org"; nocase; ) # iwtghq176w1x11ae1ujdd2on9e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iwtghq176w1x11ae1ujdd2on9e|03|net"; nocase; ) # o9hy3h10lf7g195ay1q175rf37.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o9hy3h10lf7g195ay1q175rf37|03|com"; nocase; ) # y4602817gt5yt1cqppz6m5p468.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4602817gt5yt1cqppz6m5p468|03|net"; nocase; ) # z3o6xm1jmk7tpuu7m84zn0m4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z3o6xm1jmk7tpuu7m84zn0m4|03|biz"; nocase; ) # 18t199u1qfqaj51fqznye3p2ri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18t199u1qfqaj51fqznye3p2ri|03|net"; nocase; ) # tcwu3o11w929a17e4e2xmyo0w8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tcwu3o11w929a17e4e2xmyo0w8|03|biz"; nocase; ) # 1y7gjptbfs2f9rrj3qy17m89ll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y7gjptbfs2f9rrj3qy17m89ll|03|com"; nocase; ) # 1fmcvnrljplzn1xp1kq71sxx0wx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fmcvnrljplzn1xp1kq71sxx0wx|03|net"; nocase; ) # 1018v83g8203eip48j51fvy2hg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1018v83g8203eip48j51fvy2hg|03|net"; nocase; ) # 1x0xva61535hdg1ivrp6319fauks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x0xva61535hdg1ivrp6319fauks|03|net"; nocase; ) # 1h8uw9sr5o2pv1nw2lun1haktc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h8uw9sr5o2pv1nw2lun1haktc7|03|net"; nocase; ) # 1g71i1hdabqsq5g1f1zrtp5kr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g71i1hdabqsq5g1f1zrtp5kr|03|com"; nocase; ) # y23jk11g0098t1pvzm06hk7qqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y23jk11g0098t1pvzm06hk7qqr|03|net"; nocase; ) # uxphlc18rcvfx1t8a27iuocswx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uxphlc18rcvfx1t8a27iuocswx|03|com"; nocase; ) # 5ytrh714jxlif1t4lx7j1dty2qi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5ytrh714jxlif1t4lx7j1dty2qi|03|net"; nocase; ) # 1sd5i4c858s2q9gsguzk2uvgy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sd5i4c858s2q9gsguzk2uvgy|03|org"; nocase; ) # 1h4f5gdzi9n0fn798hx1ar2ygv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h4f5gdzi9n0fn798hx1ar2ygv|03|com"; nocase; ) # 1kl1llxcy045x1ikt5e4ksirg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kl1llxcy045x1ikt5e4ksirg|03|biz"; nocase; ) # 1gtopk6dgrq2ys4vn47ayfwy7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gtopk6dgrq2ys4vn47ayfwy7|03|net"; nocase; ) # xhvgz8yjuvm91k2qvji1v9u0h1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xhvgz8yjuvm91k2qvji1v9u0h1|03|com"; nocase; ) # zcn6iz53lt8dvoev75923hj8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zcn6iz53lt8dvoev75923hj8|03|net"; nocase; ) # 11z5qt91ohs50t19cfbs4yqi2fn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11z5qt91ohs50t19cfbs4yqi2fn|03|biz"; nocase; ) # b607pq14plewo1n82ipn1jiu3lk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b607pq14plewo1n82ipn1jiu3lk|03|org"; nocase; ) # 1q88syn1nzgzfb1dibqnb8p9oxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q88syn1nzgzfb1dibqnb8p9oxv|03|net"; nocase; ) # 1cldrxtkrv7h9bror5b197hszz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cldrxtkrv7h9bror5b197hszz|03|com"; nocase; ) # qpdca114c5g6q18axml4yf0xyj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qpdca114c5g6q18axml4yf0xyj|03|biz"; nocase; ) # 1545aihl8z3ofev918y1iwl1s6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1545aihl8z3ofev918y1iwl1s6|03|com"; nocase; ) # 11kwrpn23toiu1sl87ksbj9976.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11kwrpn23toiu1sl87ksbj9976|03|com"; nocase; ) # 1ywrz0hs5mapcodpuc31n9wfsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ywrz0hs5mapcodpuc31n9wfsf|03|net"; nocase; ) # 1wwhbzmaqmivu5v0kbezfg8q5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wwhbzmaqmivu5v0kbezfg8q5|03|org"; nocase; ) # kmhv84lvjfq41qpep7b1aa2cut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kmhv84lvjfq41qpep7b1aa2cut|03|com"; nocase; ) # 6odscse1b79wvq8ytp1elg5a0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6odscse1b79wvq8ytp1elg5a0|03|org"; nocase; ) # cb6l1q8xfy6t1bm2nie1q5xnom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cb6l1q8xfy6t1bm2nie1q5xnom|03|net"; nocase; ) # 11n5vqp1v0nuxmqr3cgo1kx9k8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11n5vqp1v0nuxmqr3cgo1kx9k8d|03|biz"; nocase; ) # 4q61r2wp70vc1fh376t1ksmf9a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4q61r2wp70vc1fh376t1ksmf9a|03|com"; nocase; ) # 97qiotkajz851h8aftj2x1jt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|97qiotkajz851h8aftj2x1jt9|03|org"; nocase; ) # 1qdjdyzbez7m177zaq09nm3cz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qdjdyzbez7m177zaq09nm3cz|03|org"; nocase; ) # 1dqxiil1hqjm5jsdrgpn1ugpphq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqxiil1hqjm5jsdrgpn1ugpphq|03|net"; nocase; ) # rzn9tz1jmeoqi3fsl5d10jurbs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rzn9tz1jmeoqi3fsl5d10jurbs|03|org"; nocase; ) # 8owcy27vzewk53wrpiuubwyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8owcy27vzewk53wrpiuubwyw|03|com"; nocase; ) # iepi43bswcda1s129kd1nzdz3x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iepi43bswcda1s129kd1nzdz3x|03|org"; nocase; ) # r9zt47ot6uhz15yp8fj86rb58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r9zt47ot6uhz15yp8fj86rb58|03|net"; nocase; ) # 1jsf7ll1x1y4cjlzd3gi1bbnyte.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsf7ll1x1y4cjlzd3gi1bbnyte|03|biz"; nocase; ) # hlb5xj4umpnsd6s856hg78ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hlb5xj4umpnsd6s856hg78ia|03|net"; nocase; ) # 1jsf851wl0vx113brai2178h9wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsf851wl0vx113brai2178h9wz|03|com"; nocase; ) # 1e7b29yy9qppr7eboa21l9unqo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e7b29yy9qppr7eboa21l9unqo|03|com"; nocase; ) # 3irzft17ipll7rq1znf86pko5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3irzft17ipll7rq1znf86pko5|03|net"; nocase; ) # geinbo1ptoq1zqva4jaiall3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|geinbo1ptoq1zqva4jaiall3f|03|com"; nocase; ) # oitgid1g87mpkqnmijrsaqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|oitgid1g87mpkqnmijrsaqu|03|com"; nocase; ) # 1gf8p3ph3e5rl6fb7y213gdn4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gf8p3ph3e5rl6fb7y213gdn4j|03|biz"; nocase; ) # 1n4jnh6yec0oz1tc2fzs1ckfro9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n4jnh6yec0oz1tc2fzs1ckfro9|03|net"; nocase; ) # 1y4lk5i17vc6sn1stgm7u1n1ag6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y4lk5i17vc6sn1stgm7u1n1ag6u|03|com"; nocase; ) # 1l8ye2y1a7kvpj18cia4o1eutioi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l8ye2y1a7kvpj18cia4o1eutioi|03|net"; nocase; ) # 7pxso0752vkebuotg3152a1nn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7pxso0752vkebuotg3152a1nn|03|biz"; nocase; ) # x1268s1amoggx25wh0l1lsxea8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1268s1amoggx25wh0l1lsxea8|03|com"; nocase; ) # z759d4qs0n7i1po6ypx19umzc2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z759d4qs0n7i1po6ypx19umzc2|03|org"; nocase; ) # 7qrnt81ums3un94px2j9tb54l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7qrnt81ums3un94px2j9tb54l|03|org"; nocase; ) # bg13na6900z7t5ebktmd7u8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|bg13na6900z7t5ebktmd7u8|03|com"; nocase; ) # xbc6pqvgpx5e70ug3d1awpqzh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xbc6pqvgpx5e70ug3d1awpqzh|03|biz"; nocase; ) # 1479sli19aefti1y4q0221v13leu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1479sli19aefti1y4q0221v13leu|03|com"; nocase; ) # tngk891e99hdi1haztrhy7irbs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tngk891e99hdi1haztrhy7irbs|03|biz"; nocase; ) # x91qt71yav8l4r8lx1q1bfe5hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x91qt71yav8l4r8lx1q1bfe5hk|03|net"; nocase; ) # 1qpzc221dwgbyrjul7r1ifgvw0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qpzc221dwgbyrjul7r1ifgvw0|03|net"; nocase; ) # 1t8ay84wq1g1j196hp6wq86ciq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t8ay84wq1g1j196hp6wq86ciq|03|net"; nocase; ) # 18iwpls12pkf0mwsoy3i1sx5x9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18iwpls12pkf0mwsoy3i1sx5x9y|03|net"; nocase; ) # 1ydcecf1xcww85ar40vpqbhvst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ydcecf1xcww85ar40vpqbhvst|03|net"; nocase; ) # 1ymzxk12bo34318tt6v71cbjk9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ymzxk12bo34318tt6v71cbjk9e|03|org"; nocase; ) # 10gxqucnbfl9b10pnuod1idbedc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10gxqucnbfl9b10pnuod1idbedc|03|biz"; nocase; ) # q2bzenv5al21kcptgu1hkxo81.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2bzenv5al21kcptgu1hkxo81|03|com"; nocase; ) # 15ofhv71mz98nd1148qw4auas2e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ofhv71mz98nd1148qw4auas2e|03|org"; nocase; ) # 9wys761war9lgqqdg2e1vpqovg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wys761war9lgqqdg2e1vpqovg|03|biz"; nocase; ) # 1hslnf0rht5gdd9y9fm1d67qtt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hslnf0rht5gdd9y9fm1d67qtt|03|com"; nocase; ) # 4ve1df1idp7n1w3y6j88hnv1m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ve1df1idp7n1w3y6j88hnv1m|03|com"; nocase; ) # fegd43a05ah6sytazm17jcb8f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fegd43a05ah6sytazm17jcb8f|03|org"; nocase; ) # q5q5rq1gpsukb1vhd39b1uzeurk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q5q5rq1gpsukb1vhd39b1uzeurk|03|biz"; nocase; ) # hjg5c8yx2ir81k69ft414aakkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hjg5c8yx2ir81k69ft414aakkf|03|com"; nocase; ) # e9i3mv15o26rzts8cik1pffxiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e9i3mv15o26rzts8cik1pffxiv|03|net"; nocase; ) # 1o8rlq61wfx10i1f83q6rrwikoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o8rlq61wfx10i1f83q6rrwikoy|03|biz"; nocase; ) # 1lghq15482dcb1fobvtc1vzat3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lghq15482dcb1fobvtc1vzat3r|03|net"; nocase; ) # 1kdb9fn1l3b6pxfng2xo1ls8o6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdb9fn1l3b6pxfng2xo1ls8o6p|03|net"; nocase; ) # 3kc8oibkgxyb11li8unoyui0j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3kc8oibkgxyb11li8unoyui0j|03|com"; nocase; ) # 1a8s2bp1onp2i9pgxq1n1hcda7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a8s2bp1onp2i9pgxq1n1hcda7i|03|org"; nocase; ) # 1yqfa7aaxzx0fjkjr6yijituf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yqfa7aaxzx0fjkjr6yijituf|03|biz"; nocase; ) # 1ax9838u57g041jnj8z61psw9if.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ax9838u57g041jnj8z61psw9if|03|com"; nocase; ) # 1kzf7in1yd11y7175rr8s4bq021.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzf7in1yd11y7175rr8s4bq021|03|biz"; nocase; ) # vowepi1uatd6n1ep0keyfbnwam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vowepi1uatd6n1ep0keyfbnwam|03|biz"; nocase; ) # bpsxiz1mqwpjcwoctxe3zi5xi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpsxiz1mqwpjcwoctxe3zi5xi|03|org"; nocase; ) # 1e2xxrl1mf4oi716wibw71pw0u0b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e2xxrl1mf4oi716wibw71pw0u0b|03|biz"; nocase; ) # 1wtt6p3e581mq1ypcdx7fq5n8p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wtt6p3e581mq1ypcdx7fq5n8p|03|org"; nocase; ) # 1ulmtux1wpi6e9ji880o1tydahc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ulmtux1wpi6e9ji880o1tydahc|03|net"; nocase; ) # gyg75rru6u6sorngyf13zeeo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gyg75rru6u6sorngyf13zeeo0|03|net"; nocase; ) # 2af5yw10mj3h51auwiej5n445v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2af5yw10mj3h51auwiej5n445v|03|org"; nocase; ) # 1iani2ahtojje1cwzr1q1cakb63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iani2ahtojje1cwzr1q1cakb63|03|org"; nocase; ) # d5jlnyy4l70w17lgmsk10hsist.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d5jlnyy4l70w17lgmsk10hsist|03|net"; nocase; ) # g9v6zlgf94w9d7d9os1josd4o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g9v6zlgf94w9d7d9os1josd4o|03|org"; nocase; ) # 1zhh4bhwr1oc1es2kzt1fe71i7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1zhh4bhwr1oc1es2kzt1fe71i7|03|net"; nocase; ) # e11s2brlb4qx170u14h1jdlk5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e11s2brlb4qx170u14h1jdlk5c|03|org"; nocase; ) # 1vgrbxfpfkmz9tmgew02j6y5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgrbxfpfkmz9tmgew02j6y5i|03|net"; nocase; ) # 1kvbhv91w7tx7c7nb0qb1xf001.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kvbhv91w7tx7c7nb0qb1xf001|03|com"; nocase; ) # ul7dyv1tc1uzjiq3nu81o8zfd1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ul7dyv1tc1uzjiq3nu81o8zfd1|03|org"; nocase; ) # jbw9n16ociaj10d4tbtm9fo6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jbw9n16ociaj10d4tbtm9fo6h|03|net"; nocase; ) # 1hdr3sl1ajwak41f3frttmaef2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hdr3sl1ajwak41f3frttmaef2v|03|org"; nocase; ) # 1011a3c4l86p1y33n1xf8n7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1011a3c4l86p1y33n1xf8n7h|03|org"; nocase; ) # zloiuu8caqt6iem6r12s6rm8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zloiuu8caqt6iem6r12s6rm8|03|com"; nocase; ) # 1snj1mq16foufx178gwh11pxvrby.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1snj1mq16foufx178gwh11pxvrby|03|net"; nocase; ) # 1xquhwd1u67l01io94lo1oingzl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xquhwd1u67l01io94lo1oingzl|03|biz"; nocase; ) # uqi1ye1vwa0ofddhltoic10p9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uqi1ye1vwa0ofddhltoic10p9|03|biz"; nocase; ) # 1cb6l9o11oyj041wcvmik1hky9fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cb6l9o11oyj041wcvmik1hky9fp|03|net"; nocase; ) # 1hb9mqdicc2ut391uk3122jz00.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hb9mqdicc2ut391uk3122jz00|03|biz"; nocase; ) # 85cikl1b92t1m1h4qwxowqm6tn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|85cikl1b92t1m1h4qwxowqm6tn|03|net"; nocase; ) # sgq3qz16ihf441ck4wga1mtk7h5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sgq3qz16ihf441ck4wga1mtk7h5|03|com"; nocase; ) # fc10sj1iofcvfmfyfxg1dyjg4k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fc10sj1iofcvfmfyfxg1dyjg4k|03|org"; nocase; ) # 14yyx6c19mfp4zz76xecrj92fl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14yyx6c19mfp4zz76xecrj92fl|03|org"; nocase; ) # waj3av1fr0utl7gni3x1owqpv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|waj3av1fr0utl7gni3x1owqpv5|03|org"; nocase; ) # 146yzm8d5wcrtgpwvyqqie0i1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|146yzm8d5wcrtgpwvyqqie0i1|03|net"; nocase; ) # a13ryxuilvl35st5btj5yxcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a13ryxuilvl35st5btj5yxcg|03|com"; nocase; ) # cw2rl81bqjggs2vslb217nble8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cw2rl81bqjggs2vslb217nble8|03|net"; nocase; ) # 1v5bsbhen2ass1cl0bvsgbzsbs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5bsbhen2ass1cl0bvsgbzsbs|03|org"; nocase; ) # 1cza4bffumven1skrevd1f3ftl6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cza4bffumven1skrevd1f3ftl6|03|biz"; nocase; ) # 1o3xnk910mqypi1emssa3zeaia5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3xnk910mqypi1emssa3zeaia5|03|net"; nocase; ) # 94hkan1aswi0n1mdylws1mpicft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|94hkan1aswi0n1mdylws1mpicft|03|net"; nocase; ) # dzg67f28i0ma18m49yfc7ci63.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzg67f28i0ma18m49yfc7ci63|03|net"; nocase; ) # 1qtw4281mmb7x1b63wwhln46aq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtw4281mmb7x1b63wwhln46aq|03|org"; nocase; ) # 1aahf58a1bapfgboi2c1mvzm9m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aahf58a1bapfgboi2c1mvzm9m|03|org"; nocase; ) # cqbxxi6mh7dva667lk1l3rddb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cqbxxi6mh7dva667lk1l3rddb|03|net"; nocase; ) # 101s21l1278lv618ottvk2bmij3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|101s21l1278lv618ottvk2bmij3|03|biz"; nocase; ) # 136yem51krxt84n13xr08vl1ka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136yem51krxt84n13xr08vl1ka|03|net"; nocase; ) # 5qcrdwu5xut41nl57xs6knjdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5qcrdwu5xut41nl57xs6knjdf|03|com"; nocase; ) # 9tkdjybii9t1g025vs19up7qs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9tkdjybii9t1g025vs19up7qs|03|org"; nocase; ) # 1pjszxv13htqq51xrl6urnknga8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pjszxv13htqq51xrl6urnknga8|03|net"; nocase; ) # thlsxgie5x7n1013qhenq06dk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thlsxgie5x7n1013qhenq06dk|03|net"; nocase; ) # zglcmu11tiqv71188zxr127flgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zglcmu11tiqv71188zxr127flgx|03|com"; nocase; ) # 13sc93611c4jg8s1wkb61yc2kmf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13sc93611c4jg8s1wkb61yc2kmf|03|com"; nocase; ) # 1n91a7eywws56ospn8o18t54sg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n91a7eywws56ospn8o18t54sg|03|org"; nocase; ) # 14tzfh6rk51689c1q9l1uxpbja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14tzfh6rk51689c1q9l1uxpbja|03|net"; nocase; ) # 15ilbdeorf9c2w4dqid1is63b6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ilbdeorf9c2w4dqid1is63b6|03|net"; nocase; ) # 1sa77zntqevx51h2algf1e8hrji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sa77zntqevx51h2algf1e8hrji|03|com"; nocase; ) # 59arwy151py1p16ks7c9pvsxhs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59arwy151py1p16ks7c9pvsxhs|03|biz"; nocase; ) # 9o992mxl4gtflbe3oz6vrflf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9o992mxl4gtflbe3oz6vrflf|03|org"; nocase; ) # nprgpv1uh08lt1k5rd49g9l1yy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nprgpv1uh08lt1k5rd49g9l1yy|03|biz"; nocase; ) # 1xbjom85my1d11wmi42pvme983.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xbjom85my1d11wmi42pvme983|03|org"; nocase; ) # 1qm33z91h7to6x1raup79v4upm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qm33z91h7to6x1raup79v4upm|03|biz"; nocase; ) # 10q6al01yo70doe4eggn1hfwzes.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10q6al01yo70doe4eggn1hfwzes|03|org"; nocase; ) # 1d0koft113r6dj22iaglc6swp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0koft113r6dj22iaglc6swp2|03|org"; nocase; ) # 1pbwiuw3pizk7e71rfa7v9ndk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pbwiuw3pizk7e71rfa7v9ndk|03|biz"; nocase; ) # qwiann66qim8s7882dvomxyb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qwiann66qim8s7882dvomxyb|03|net"; nocase; ) # fd5v1fte2zeo17n19cvmg24sv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fd5v1fte2zeo17n19cvmg24sv|03|net"; nocase; ) # 195q5im1s3uh00ewr5mnyi430d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|195q5im1s3uh00ewr5mnyi430d|03|org"; nocase; ) # 1wv7xof1txsg7b1tva2gx1495fet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wv7xof1txsg7b1tva2gx1495fet|03|com"; nocase; ) # 1j5mfey1lyv6xc1509rzp1hyi0rb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j5mfey1lyv6xc1509rzp1hyi0rb|03|biz"; nocase; ) # n6s9x5d9r9lgmi082wl13tfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n6s9x5d9r9lgmi082wl13tfn|03|net"; nocase; ) # dlv5s9xunbnp1247acd1wodbe2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dlv5s9xunbnp1247acd1wodbe2|03|net"; nocase; ) # 1fyhpbxott6l78jzms5frmlqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fyhpbxott6l78jzms5frmlqw|03|biz"; nocase; ) # bc9qnar2p0rw1aywp7cf1cgrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bc9qnar2p0rw1aywp7cf1cgrz|03|net"; nocase; ) # eon0dhznh9tjmnahg51y229k0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eon0dhznh9tjmnahg51y229k0|03|biz"; nocase; ) # q8g42759c32m13kvdwfu97r73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q8g42759c32m13kvdwfu97r73|03|net"; nocase; ) # 4xbt8y1237kvo9s1lg01kd44tg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4xbt8y1237kvo9s1lg01kd44tg|03|biz"; nocase; ) # 1rickxe1myv5v71dbsdf9p324a9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rickxe1myv5v71dbsdf9p324a9|03|net"; nocase; ) # 1qtj5n32r03gl4c0ryq107o9n3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtj5n32r03gl4c0ryq107o9n3|03|com"; nocase; ) # 9pevja1kv5mvi19g22jk189gpuj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9pevja1kv5mvi19g22jk189gpuj|03|org"; nocase; ) # ibrmg811ebseccj17rq1bbhym9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ibrmg811ebseccj17rq1bbhym9|03|com"; nocase; ) # 1bapr6ndx44koa0xmex1x1z57v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bapr6ndx44koa0xmex1x1z57v|03|net"; nocase; ) # xt66d94w9wix19i7ncr1i8qb8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xt66d94w9wix19i7ncr1i8qb8y|03|org"; nocase; ) # 17z95461r6o402nkjo7uyfxbe8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17z95461r6o402nkjo7uyfxbe8|03|com"; nocase; ) # 16ui7ft1fynsedcsdkvn1l73lax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ui7ft1fynsedcsdkvn1l73lax|03|com"; nocase; ) # 3kmed51ymp6hh1rrg3831ngqwps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3kmed51ymp6hh1rrg3831ngqwps|03|net"; nocase; ) # 1lb4osef55y1mkof4e41w9ni8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lb4osef55y1mkof4e41w9ni8r|03|net"; nocase; ) # b7to49d8v73qiq9j4497999t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b7to49d8v73qiq9j4497999t|03|biz"; nocase; ) # tibtimswf7mtydnkbhwsx8is.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tibtimswf7mtydnkbhwsx8is|03|org"; nocase; ) # 1c5w4kt1dk8mwe1343o0wnngb2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c5w4kt1dk8mwe1343o0wnngb2t|03|com"; nocase; ) # 1qdilu61j2t86azzwlt31fslize.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdilu61j2t86azzwlt31fslize|03|biz"; nocase; ) # tyybvj7lanjq1dn33ji6mxjyz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tyybvj7lanjq1dn33ji6mxjyz|03|net"; nocase; ) # 1ee63b917giuzn17kx4lx1ti6h6a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ee63b917giuzn17kx4lx1ti6h6a|03|net"; nocase; ) # 1a2fg63frh9q91wosze4hfxgoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a2fg63frh9q91wosze4hfxgoc|03|com"; nocase; ) # xeywxix1azre14d8rzz16fv3nr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xeywxix1azre14d8rzz16fv3nr|03|com"; nocase; ) # a86x9q1i6fy5918z632s15p3wd5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a86x9q1i6fy5918z632s15p3wd5|03|org"; nocase; ) # 1ojql6m1edwnym1r69iuv1fyx3qh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ojql6m1edwnym1r69iuv1fyx3qh|03|biz"; nocase; ) # d7t591ltm2y71hpw4fk1y5h03s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d7t591ltm2y71hpw4fk1y5h03s|03|net"; nocase; ) # 10xdjmc11xzwa3nk88q06lphpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xdjmc11xzwa3nk88q06lphpy|03|com"; nocase; ) # s5cd00hf4b3de2byik6rqfyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s5cd00hf4b3de2byik6rqfyy|03|net"; nocase; ) # nx8sdg19wrn8qfm9h01f7bgid.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nx8sdg19wrn8qfm9h01f7bgid|03|biz"; nocase; ) # rjwuub90mpmp16ph18y13100l3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rjwuub90mpmp16ph18y13100l3|03|biz"; nocase; ) # 2t5ohf1ym10311g3ax98796ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2t5ohf1ym10311g3ax98796ob|03|net"; nocase; ) # rwthx1aorof519yai6elnsl9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rwthx1aorof519yai6elnsl9k|03|net"; nocase; ) # 2uevzm1k4yk9k1g50m9i1u1m6uo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2uevzm1k4yk9k1g50m9i1u1m6uo|03|net"; nocase; ) # 1t3w7mx11xvtj21boc421gd9cmx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t3w7mx11xvtj21boc421gd9cmx|03|com"; nocase; ) # 1wv03j365so311ktq0wi16aa1r2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wv03j365so311ktq0wi16aa1r2|03|net"; nocase; ) # w4i3bd1b5ocpq1995kxp1eh4x5s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w4i3bd1b5ocpq1995kxp1eh4x5s|03|biz"; nocase; ) # 1qfkbf2it3r4bqwlqjyfvgsb0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qfkbf2it3r4bqwlqjyfvgsb0|03|org"; nocase; ) # gtnbbw1axboiniee0lbt4tkxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gtnbbw1axboiniee0lbt4tkxv|03|biz"; nocase; ) # 1b3e52614989apirbxsesy3dlm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3e52614989apirbxsesy3dlm|03|org"; nocase; ) # 1fg036fcju38u84djmt10z36do.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fg036fcju38u84djmt10z36do|03|net"; nocase; ) # 1551ir71dqce2r6ik6aaeg9x9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1551ir71dqce2r6ik6aaeg9x9d|03|org"; nocase; ) # pvi41m10rt3kf17g8p5vjgqpo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvi41m10rt3kf17g8p5vjgqpo4|03|net"; nocase; ) # 1ushgvs1bmap4o6i6ebes7t7gc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ushgvs1bmap4o6i6ebes7t7gc|03|com"; nocase; ) # 907jvh1p1eq4h2szcic1w57v2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|907jvh1p1eq4h2szcic1w57v2f|03|net"; nocase; ) # 9tvn8h146zm4pj1uymn167pb8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9tvn8h146zm4pj1uymn167pb8o|03|com"; nocase; ) # 13lmrcajgmjk7iq130uzprco0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13lmrcajgmjk7iq130uzprco0|03|org"; nocase; ) # onnemb16e0rsvkg39bd1fwowl6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|onnemb16e0rsvkg39bd1fwowl6|03|biz"; nocase; ) # faijae1fhe7ry8tg4y41kqv91t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|faijae1fhe7ry8tg4y41kqv91t|03|net"; nocase; ) # sxzpbfpobke1a4ldubu1h80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|sxzpbfpobke1a4ldubu1h80|03|net"; nocase; ) # yjny1i1yr4n681943xay18gqzxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yjny1i1yr4n681943xay18gqzxi|03|org"; nocase; ) # 1kww4oq1kq2qb11kxnwkzyc7cye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kww4oq1kq2qb11kxnwkzyc7cye|03|net"; nocase; ) # 17h3e21w88q9818akgett5nzt2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17h3e21w88q9818akgett5nzt2|03|com"; nocase; ) # roa0w9khywez5zrl0ef71n8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|roa0w9khywez5zrl0ef71n8r|03|com"; nocase; ) # ne1x5a1mm72081ukvgma1ufkbyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ne1x5a1mm72081ukvgma1ufkbyi|03|net"; nocase; ) # 1qf8pt1om1h6g1j7vla215u24ko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qf8pt1om1h6g1j7vla215u24ko|03|biz"; nocase; ) # 1bt4nfnp6y6wb1c0opwk1bzpovd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bt4nfnp6y6wb1c0opwk1bzpovd|03|biz"; nocase; ) # cvxgku1dk879a1g23848z1yb8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cvxgku1dk879a1g23848z1yb8m|03|org"; nocase; ) # 7rnebkegkh314eec5y31bhuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7rnebkegkh314eec5y31bhuy|03|com"; nocase; ) # dlxbh910kgqmbir8xyvt6nf4x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dlxbh910kgqmbir8xyvt6nf4x|03|com"; nocase; ) # dndgg71bbgylw26evspgrdh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dndgg71bbgylw26evspgrdh6|03|net"; nocase; ) # 1wi7kkg1u9d6nlasmcci15oyiev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi7kkg1u9d6nlasmcci15oyiev|03|biz"; nocase; ) # 15auyed1oyzxbrp9ty4w19wt660.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15auyed1oyzxbrp9ty4w19wt660|03|net"; nocase; ) # oax4we1pxj6si10bww4c9oaotf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oax4we1pxj6si10bww4c9oaotf|03|net"; nocase; ) # jwqmx6eehkh1mir2771lhtlnc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jwqmx6eehkh1mir2771lhtlnc|03|org"; nocase; ) # bixujg12zz35u17ccy66107d4kd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bixujg12zz35u17ccy66107d4kd|03|com"; nocase; ) # 14jjuiudh6kh6p2r3u31q4gk9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14jjuiudh6kh6p2r3u31q4gk9e|03|biz"; nocase; ) # 15h5f2t1yiya60128n9h01p0395q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15h5f2t1yiya60128n9h01p0395q|03|net"; nocase; ) # 1hqngad7u1y4qbiu0hxoxiu18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hqngad7u1y4qbiu0hxoxiu18|03|com"; nocase; ) # 1gg3mm658yddk4yp05phcgx4s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gg3mm658yddk4yp05phcgx4s|03|org"; nocase; ) # jms0lm1mo1agq1q0efjo1szuv3s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jms0lm1mo1agq1q0efjo1szuv3s|03|net"; nocase; ) # 1macp2t1kv2drk111cbad144nksl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1macp2t1kv2drk111cbad144nksl|03|com"; nocase; ) # moly8ru3946a441x0az0847y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|moly8ru3946a441x0az0847y|03|net"; nocase; ) # 1sbwvsxpd22dwqb0cu2b6n2j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1sbwvsxpd22dwqb0cu2b6n2j|03|biz"; nocase; ) # 1wfswmh19izpuvb3b6bk1f2pmvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfswmh19izpuvb3b6bk1f2pmvs|03|org"; nocase; ) # phx07mnt78u82i8q7hadjaf5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|phx07mnt78u82i8q7hadjaf5|03|com"; nocase; ) # tbbzvy1j5y8271a2gsl1kej61u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbbzvy1j5y8271a2gsl1kej61u|03|org"; nocase; ) # 1dwcmkqlvf1h912vj4s71fvfkbc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dwcmkqlvf1h912vj4s71fvfkbc|03|org"; nocase; ) # 16wsdsmldeq3j1yf11lguofup9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wsdsmldeq3j1yf11lguofup9|03|net"; nocase; ) # 1i0u9ji1ib5b6l1wd785a110karj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i0u9ji1ib5b6l1wd785a110karj|03|org"; nocase; ) # 1wuf514i9x5zxfv847p1huhf1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wuf514i9x5zxfv847p1huhf1q|03|biz"; nocase; ) # 13u8slsi0tpfc27n0k41q13qky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13u8slsi0tpfc27n0k41q13qky|03|com"; nocase; ) # p7n9ml1785gvu1w3a22im1tmf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7n9ml1785gvu1w3a22im1tmf5|03|net"; nocase; ) # fbyiekiwnk57130lpd11j84p9q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fbyiekiwnk57130lpd11j84p9q|03|biz"; nocase; ) # 1ctbqxrz36ig3fze2t19i8glt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ctbqxrz36ig3fze2t19i8glt|03|net"; nocase; ) # ojrl8t1gtxlzkz39t9i1f3604t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ojrl8t1gtxlzkz39t9i1f3604t|03|org"; nocase; ) # 1kiqnj71n9gwr3rjpjx1gn2m0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kiqnj71n9gwr3rjpjx1gn2m0m|03|net"; nocase; ) # 1xh5oyjqho1b8vwym4x1l8mg8p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xh5oyjqho1b8vwym4x1l8mg8p|03|com"; nocase; ) # ivqfc3axt4ozr7v74m1bqafmg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ivqfc3axt4ozr7v74m1bqafmg|03|biz"; nocase; ) # 1uqmeqk1okm7xv1v71s1vvbn076.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uqmeqk1okm7xv1v71s1vvbn076|03|net"; nocase; ) # 1u8b1l61smqt4x1ohoxci13tngx7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u8b1l61smqt4x1ohoxci13tngx7|03|net"; nocase; ) # yza1lpbp5b3h3wqo9ny4zuur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yza1lpbp5b3h3wqo9ny4zuur|03|org"; nocase; ) # cjdypwnwxpbd16j7nbqbxhijy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cjdypwnwxpbd16j7nbqbxhijy|03|com"; nocase; ) # kpd4gj3x3jnsxrxov024btia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kpd4gj3x3jnsxrxov024btia|03|com"; nocase; ) # 1g269aza06cj822b4qs11qs3kz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g269aza06cj822b4qs11qs3kz|03|org"; nocase; ) # apgv821f3nh5lvgjs7mm3wa1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|apgv821f3nh5lvgjs7mm3wa1d|03|com"; nocase; ) # 1nz7ybn1iyuk45iy9n016cquom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nz7ybn1iyuk45iy9n016cquom|03|com"; nocase; ) # 10wqfz21i6lqlygf5e4g1pq46gr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wqfz21i6lqlygf5e4g1pq46gr|03|com"; nocase; ) # 1600o44197cfgt15ml2o715cg8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1600o44197cfgt15ml2o715cg8f|03|net"; nocase; ) # wbtoa8bow1yxgrdb6fyte54l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wbtoa8bow1yxgrdb6fyte54l|03|org"; nocase; ) # sm9jtt1qqfo46hohi1i1os0i9k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sm9jtt1qqfo46hohi1i1os0i9k|03|com"; nocase; ) # q2zxxxamni721ylil2f1yiznxt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q2zxxxamni721ylil2f1yiznxt|03|org"; nocase; ) # glqiyfvfzupv8rnz0k1cqhfbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glqiyfvfzupv8rnz0k1cqhfbt|03|org"; nocase; ) # 97sxuz1o4vpk91pjal71lc86wf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|97sxuz1o4vpk91pjal71lc86wf|03|com"; nocase; ) # 1o7zuu11eg5ho6nfckhdr4mzd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o7zuu11eg5ho6nfckhdr4mzd|03|org"; nocase; ) # 181i008nkh7ko1viycx4zal1bf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|181i008nkh7ko1viycx4zal1bf|03|org"; nocase; ) # 1d7skyd1fwa8sx18jyveq1rp5krd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d7skyd1fwa8sx18jyveq1rp5krd|03|net"; nocase; ) # r7magg1wutuyi1ccgyr1jid4ot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r7magg1wutuyi1ccgyr1jid4ot|03|org"; nocase; ) # lw86x4isjgpbe76drx15pfzb7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lw86x4isjgpbe76drx15pfzb7|03|org"; nocase; ) # 1sfld3y2oy3mm1b3g7fb1380cxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sfld3y2oy3mm1b3g7fb1380cxe|03|net"; nocase; ) # heb6xn1pbr9hf1mz4k2mdo3qpt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|heb6xn1pbr9hf1mz4k2mdo3qpt|03|net"; nocase; ) # 1yj4xdtopj35a1buypwmd5gh6q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yj4xdtopj35a1buypwmd5gh6q|03|biz"; nocase; ) # 18c275g1iwr9db1utund72nagu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18c275g1iwr9db1utund72nagu|03|com"; nocase; ) # e6j9nd5wmzxk9onsj113lp8t0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e6j9nd5wmzxk9onsj113lp8t0|03|net"; nocase; ) # 1wjt5n5imyczd1p3haho1eoqi5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wjt5n5imyczd1p3haho1eoqi5p|03|net"; nocase; ) # y879gdy232xg2mryzw17mlgfb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y879gdy232xg2mryzw17mlgfb|03|biz"; nocase; ) # aj9ins1fu5wyy55tsyfryj8uc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aj9ins1fu5wyy55tsyfryj8uc|03|net"; nocase; ) # zkstd11609idf1b2j9wy5m6vx3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zkstd11609idf1b2j9wy5m6vx3|03|org"; nocase; ) # 1j67el7n3avfm1yt6mjukfwliz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j67el7n3avfm1yt6mjukfwliz|03|biz"; nocase; ) # 19iojxl1tcm17z57czvv6qaici.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19iojxl1tcm17z57czvv6qaici|03|com"; nocase; ) # 1w94y161ye2yd11405o64x0txyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w94y161ye2yd11405o64x0txyv|03|com"; nocase; ) # r2ly178o7o17y8092h1gysfad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r2ly178o7o17y8092h1gysfad|03|net"; nocase; ) # gfah6gc8iooii8jsrs1jrlf4z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gfah6gc8iooii8jsrs1jrlf4z|03|com"; nocase; ) # oihk651xwqdn71kzyoy91c9sb4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oihk651xwqdn71kzyoy91c9sb4u|03|net"; nocase; ) # tk4v9o17xm6bdbi5d5m8aefig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tk4v9o17xm6bdbi5d5m8aefig|03|com"; nocase; ) # rqtwcoh1v0g1gr2pz53nxy6y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rqtwcoh1v0g1gr2pz53nxy6y|03|biz"; nocase; ) # 1fkoiph1sr1dih1nwt6jvqpbh0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fkoiph1sr1dih1nwt6jvqpbh0o|03|com"; nocase; ) # zq9lcbadubn3tnjzr015asise.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zq9lcbadubn3tnjzr015asise|03|net"; nocase; ) # q968a41lyjq3esvhq51mpa2r9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q968a41lyjq3esvhq51mpa2r9|03|com"; nocase; ) # 1fpj3tyo77blo15fuj74j108di.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpj3tyo77blo15fuj74j108di|03|biz"; nocase; ) # bim26a1j63cqs13nfo5eww06x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bim26a1j63cqs13nfo5eww06x|03|org"; nocase; ) # 1pevg3j1j0rbhsgah2vq1nugfvf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pevg3j1j0rbhsgah2vq1nugfvf|03|com"; nocase; ) # 1zggr11h7y5th11baqrg1b3xd1t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1zggr11h7y5th11baqrg1b3xd1t|03|biz"; nocase; ) # 8s95wupqidhiyjlozpmyvlgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8s95wupqidhiyjlozpmyvlgv|03|com"; nocase; ) # 902410qrx0mr30n0vs1fa2cis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|902410qrx0mr30n0vs1fa2cis|03|com"; nocase; ) # dpsfnn1keez5t1sg2xv16qto6c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpsfnn1keez5t1sg2xv16qto6c|03|com"; nocase; ) # 1ctoak01qrosx1otqmhi3abfmi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ctoak01qrosx1otqmhi3abfmi|03|net"; nocase; ) # 1h2z93s1gfq4uorv3nepf45jsz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2z93s1gfq4uorv3nepf45jsz|03|biz"; nocase; ) # 17dqejzz18znc15ro5ijzou1en.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17dqejzz18znc15ro5ijzou1en|03|com"; nocase; ) # 1e25jal19m5xpn1ovkgsj117isrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e25jal19m5xpn1ovkgsj117isrv|03|org"; nocase; ) # 1yh5xt55lcjwl1j8peo91uzmy6w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yh5xt55lcjwl1j8peo91uzmy6w|03|org"; nocase; ) # 1shgs3qv6xp7f13v5vyh1r27w0y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1shgs3qv6xp7f13v5vyh1r27w0y|03|com"; nocase; ) # 1l1ahxuhr71061iyt84c96z44f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l1ahxuhr71061iyt84c96z44f|03|net"; nocase; ) # 79pvkryu21up1eokbdq1mn8jn6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79pvkryu21up1eokbdq1mn8jn6|03|biz"; nocase; ) # 8mu3aba82l3ck66z4e7pydzv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8mu3aba82l3ck66z4e7pydzv|03|org"; nocase; ) # 243c193xneo81onnx7j111fz4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|243c193xneo81onnx7j111fz4e|03|net"; nocase; ) # 1k2vpg01ufotoa192gl2t1ft20ek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k2vpg01ufotoa192gl2t1ft20ek|03|org"; nocase; ) # 7yhpnl1t1uz761wky1yc6auep5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7yhpnl1t1uz761wky1yc6auep5|03|com"; nocase; ) # 1dbvdxgjm59tkw703yq16oytn1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dbvdxgjm59tkw703yq16oytn1|03|biz"; nocase; ) # jla2vl10jf81p1lcjpci1lg03bm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jla2vl10jf81p1lcjpci1lg03bm|03|net"; nocase; ) # 1sc48ec1e8kwgd176hh691ne5i47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sc48ec1e8kwgd176hh691ne5i47|03|com"; nocase; ) # 1kwjb4enmhqwjfv0rue1seq5v5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kwjb4enmhqwjfv0rue1seq5v5|03|biz"; nocase; ) # 1jcj5w6192y4j9damsw47ksl03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcj5w6192y4j9damsw47ksl03|03|com"; nocase; ) # 10dezoc1q1wkxm1vwdlys16ydivi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10dezoc1q1wkxm1vwdlys16ydivi|03|net"; nocase; ) # t7s4514vf4pq15k9ku91be61pp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t7s4514vf4pq15k9ku91be61pp|03|com"; nocase; ) # x72s6lfxoelbjuv0e7bcd777.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x72s6lfxoelbjuv0e7bcd777|03|biz"; nocase; ) # mu5tlapmu4xho0cm2ng9sxqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mu5tlapmu4xho0cm2ng9sxqw|03|org"; nocase; ) # o8fan73t6t8k127f81yqx6kff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o8fan73t6t8k127f81yqx6kff|03|net"; nocase; ) # 1w5n9yp1mgrwzs16gs9lf1t74i2f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w5n9yp1mgrwzs16gs9lf1t74i2f|03|biz"; nocase; ) # s0eqjttlnt401ec5pjki6erhy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s0eqjttlnt401ec5pjki6erhy|03|net"; nocase; ) # 1m1go5slfm3s81ueej27gj1h57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1go5slfm3s81ueej27gj1h57|03|org"; nocase; ) # mqeark1w9xnt9xbdeexcjtw84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqeark1w9xnt9xbdeexcjtw84|03|net"; nocase; ) # rs8rri96bw3qf9gbrj10zu1gz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rs8rri96bw3qf9gbrj10zu1gz|03|net"; nocase; ) # 1a4uu5m1igfzl1ilvztt1ol6hd2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a4uu5m1igfzl1ilvztt1ol6hd2|03|net"; nocase; ) # 5ka3cx19pp3x61xkl5dh4p06vx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ka3cx19pp3x61xkl5dh4p06vx|03|com"; nocase; ) # 3z44bz17h64j954gybnuc2oc2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3z44bz17h64j954gybnuc2oc2|03|com"; nocase; ) # zrsf2qlugiylhi31aca14btd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zrsf2qlugiylhi31aca14btd|03|net"; nocase; ) # 1i9a2bgupnekno05prjn4tfy3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i9a2bgupnekno05prjn4tfy3|03|org"; nocase; ) # 1x5a2qy166tw1613rn8j51psybva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x5a2qy166tw1613rn8j51psybva|03|net"; nocase; ) # tfeso4ym41bk19mbvad1qbsbvl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tfeso4ym41bk19mbvad1qbsbvl|03|net"; nocase; ) # 1ij8h3m1cdr59n1j8e67181d1eu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ij8h3m1cdr59n1j8e67181d1eu|03|com"; nocase; ) # 13nbrjqerrzfweotnip1j8p0xq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13nbrjqerrzfweotnip1j8p0xq|03|net"; nocase; ) # 135mbm0kvvauc13g9vt9qim64r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135mbm0kvvauc13g9vt9qim64r|03|net"; nocase; ) # fawqlj2h8kev1yz8d28364av7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fawqlj2h8kev1yz8d28364av7|03|org"; nocase; ) # 45sax6wnhp0azvry1s1c70fny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|45sax6wnhp0azvry1s1c70fny|03|com"; nocase; ) # 1isip031otu25h1omdcyxy9t95w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1isip031otu25h1omdcyxy9t95w|03|biz"; nocase; ) # 10eob0v8tjzfd7gynxen2u8k1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10eob0v8tjzfd7gynxen2u8k1|03|com"; nocase; ) # 2e21vc1p4fp5pocsehsjjexzl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2e21vc1p4fp5pocsehsjjexzl|03|net"; nocase; ) # 9qnvj3b3ywfe2ynl1n168y24q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9qnvj3b3ywfe2ynl1n168y24q|03|org"; nocase; ) # 10ii8tgh63by510suqhd1xaxslh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ii8tgh63by510suqhd1xaxslh|03|biz"; nocase; ) # 137epdf1qrzrrpvybs4d1rw7b8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137epdf1qrzrrpvybs4d1rw7b8h|03|org"; nocase; ) # 1xcp6lr19xe4yfqjv2dr14m8ae2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xcp6lr19xe4yfqjv2dr14m8ae2|03|com"; nocase; ) # 1x5lt1inlxzjc8fz3f318qi35f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5lt1inlxzjc8fz3f318qi35f|03|net"; nocase; ) # 1o428km11r5ef8six6tdx7v34e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o428km11r5ef8six6tdx7v34e|03|biz"; nocase; ) # k49fkowui52v9rq9yqhi7e7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k49fkowui52v9rq9yqhi7e7r|03|com"; nocase; ) # 4eoi3w1uw06hl15rl4ql1crsetg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4eoi3w1uw06hl15rl4ql1crsetg|03|org"; nocase; ) # o87wl51w16iie10mo0lmn59qmh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o87wl51w16iie10mo0lmn59qmh|03|biz"; nocase; ) # 1k2w1fh1mtkwrp3lnh2z12k9gy7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k2w1fh1mtkwrp3lnh2z12k9gy7|03|net"; nocase; ) # 1acfpzc1rhqhugn36szk1yrv48d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1acfpzc1rhqhugn36szk1yrv48d|03|com"; nocase; ) # 1hxx3f1gw386fiksh3t1ajr45j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hxx3f1gw386fiksh3t1ajr45j|03|com"; nocase; ) # 13fq0gow3fu5ggwegp3i2od41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13fq0gow3fu5ggwegp3i2od41|03|net"; nocase; ) # 19mkvs61uc9tpx1wd3rs5rz49ad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19mkvs61uc9tpx1wd3rs5rz49ad|03|com"; nocase; ) # 1qnypvc1ips17idds8u91ocltsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qnypvc1ips17idds8u91ocltsl|03|org"; nocase; ) # 7fohfsh3xldyi59qsx1mo4qcd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7fohfsh3xldyi59qsx1mo4qcd|03|net"; nocase; ) # 1m8s7ai1byvqpo14jrmsglzzvqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m8s7ai1byvqpo14jrmsglzzvqv|03|biz"; nocase; ) # 1dzrrxrs94noo1o1c9ombnowg9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dzrrxrs94noo1o1c9ombnowg9|03|org"; nocase; ) # zhquvd9o5k8r1ebi0lmbihl72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zhquvd9o5k8r1ebi0lmbihl72|03|net"; nocase; ) # 1v39srkx57ubu4p87gfeko9zq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v39srkx57ubu4p87gfeko9zq|03|biz"; nocase; ) # dsche11lezhig1kn3icgmptun2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsche11lezhig1kn3icgmptun2|03|net"; nocase; ) # 1fmm5ps11ul9hh15odd2mgfj2mb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fmm5ps11ul9hh15odd2mgfj2mb|03|biz"; nocase; ) # 2igkje1o56lf6q0vkymmtw2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2igkje1o56lf6q0vkymmtw2g|03|net"; nocase; ) # 1q1g9u7ejsvy3162q1rr1976dlm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q1g9u7ejsvy3162q1rr1976dlm|03|org"; nocase; ) # 10pgwb2iztdsts5y5asneolk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|10pgwb2iztdsts5y5asneolk|03|org"; nocase; ) # 1xenqym5ozfu51q4o5ffa839ya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xenqym5ozfu51q4o5ffa839ya|03|com"; nocase; ) # k2z73z199um5ylvs4nvkyxtet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k2z73z199um5ylvs4nvkyxtet|03|net"; nocase; ) # hhz2aq11twbmz1wi8vh2wf3v2j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhz2aq11twbmz1wi8vh2wf3v2j|03|net"; nocase; ) # 1wwo31j10wuhur1ppq86q1dkt0nz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wwo31j10wuhur1ppq86q1dkt0nz|03|biz"; nocase; ) # 10nknbe1xhsr7e1l7391j1mbekbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10nknbe1xhsr7e1l7391j1mbekbx|03|org"; nocase; ) # 1pitmsi5p0gbysvt9lk5pzmm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pitmsi5p0gbysvt9lk5pzmm3|03|org"; nocase; ) # 1y8jpcooamzgh1st0lppt045ys.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y8jpcooamzgh1st0lppt045ys|03|biz"; nocase; ) # 1avfkmw94c5pswodd0bwqiezl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1avfkmw94c5pswodd0bwqiezl|03|net"; nocase; ) # myoglu14fgaop1gakel8bsku16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|myoglu14fgaop1gakel8bsku16|03|net"; nocase; ) # enft451kcl30k15p1rwk1c3gqc3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|enft451kcl30k15p1rwk1c3gqc3|03|org"; nocase; ) # 10s7fwa1lo549v2e19tw1sts779.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10s7fwa1lo549v2e19tw1sts779|03|net"; nocase; ) # fy9dbs4ultxd1kpf4pv13a1ute.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fy9dbs4ultxd1kpf4pv13a1ute|03|net"; nocase; ) # 1nn7t1dyjj2ke1kf7php145c1zb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nn7t1dyjj2ke1kf7php145c1zb|03|net"; nocase; ) # 1msyto91kbvtvj199cm55maplx9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1msyto91kbvtvj199cm55maplx9|03|org"; nocase; ) # 1f6g52jadcp0hef70f41kqjngl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f6g52jadcp0hef70f41kqjngl|03|com"; nocase; ) # npxq2814qlvmy17t1w0o1imaqrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|npxq2814qlvmy17t1w0o1imaqrg|03|net"; nocase; ) # 1iexdri18sgk812f5i55eu9u4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iexdri18sgk812f5i55eu9u4x|03|org"; nocase; ) # yqleqc10z43dbrjg5nl1v343mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yqleqc10z43dbrjg5nl1v343mi|03|net"; nocase; ) # 136w7lxkhj3rd15xc6pp1jtk170.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|136w7lxkhj3rd15xc6pp1jtk170|03|org"; nocase; ) # 19gpwl082vc4w1qv4w8e1bk52ml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19gpwl082vc4w1qv4w8e1bk52ml|03|com"; nocase; ) # fq0um91rnu2ksafp0qs13r6v68.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fq0um91rnu2ksafp0qs13r6v68|03|biz"; nocase; ) # 15lszwom575hc1aut4oj2bnqkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15lszwom575hc1aut4oj2bnqkf|03|net"; nocase; ) # 1rwtbp31jk3ahd1f6u0ft1va9l33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rwtbp31jk3ahd1f6u0ft1va9l33|03|org"; nocase; ) # d3jlgl8xj7unjoeuui13lm42y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d3jlgl8xj7unjoeuui13lm42y|03|net"; nocase; ) # ptkmzk13ovq9ho7hzt3s66tbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ptkmzk13ovq9ho7hzt3s66tbq|03|biz"; nocase; ) # 5fhy3a1tavhbxi36p2gb63h7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fhy3a1tavhbxi36p2gb63h7w|03|net"; nocase; ) # cvh60f1sn88mkn44tqdu3ulu6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cvh60f1sn88mkn44tqdu3ulu6|03|com"; nocase; ) # uvi8stv02x4ar2u3511hxuyop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvi8stv02x4ar2u3511hxuyop|03|net"; nocase; ) # 1n1k7k1h73jj6ssjzwefznu8b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n1k7k1h73jj6ssjzwefznu8b|03|org"; nocase; ) # 8b5umuaoda81ntm48g1r2le7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8b5umuaoda81ntm48g1r2le7x|03|org"; nocase; ) # 1js61vw74n80dkw7bjjb20ofj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1js61vw74n80dkw7bjjb20ofj|03|org"; nocase; ) # kbwsz71jpap5l95k9r2x0po9n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kbwsz71jpap5l95k9r2x0po9n|03|net"; nocase; ) # 1lis0yt1xmhs1ys7x8r1vmzysw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lis0yt1xmhs1ys7x8r1vmzysw|03|net"; nocase; ) # svdq4makxiytxsjxk0whjplq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|svdq4makxiytxsjxk0whjplq|03|net"; nocase; ) # 9mlqh3vbnttbpec05d1t50lfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9mlqh3vbnttbpec05d1t50lfn|03|com"; nocase; ) # a0k1u21v93jdf7ajs1kqxs3ev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a0k1u21v93jdf7ajs1kqxs3ev|03|biz"; nocase; ) # 1bh5e44r77grbo1exv93zwrkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bh5e44r77grbo1exv93zwrkr|03|com"; nocase; ) # 1opa07e4ht0qx1icow6o1p1p0nt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1opa07e4ht0qx1icow6o1p1p0nt|03|net"; nocase; ) # 1yc2o4b1dg5iym8uh6zo1mtljrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yc2o4b1dg5iym8uh6zo1mtljrn|03|com"; nocase; ) # 1iyozfbuk2u901uxnzdb1wt2303.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iyozfbuk2u901uxnzdb1wt2303|03|biz"; nocase; ) # 1hkzkrmu77hgj1j49mb5706ona.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkzkrmu77hgj1j49mb5706ona|03|com"; nocase; ) # 1aevfuz71w2nthvvugpawuf5k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aevfuz71w2nthvvugpawuf5k|03|org"; nocase; ) # 1ndwlywjmshgdol356hqhv7kq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ndwlywjmshgdol356hqhv7kq|03|net"; nocase; ) # qgg38glepqzsa9p7wei4wuq5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qgg38glepqzsa9p7wei4wuq5|03|org"; nocase; ) # i7lxn81mr0n9j143q6b8q0paeq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7lxn81mr0n9j143q6b8q0paeq|03|org"; nocase; ) # 1eylzkaggf8z9jdjh8gmxu0xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eylzkaggf8z9jdjh8gmxu0xh|03|net"; nocase; ) # yq50771xyaxw3159u1yrb0wnxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yq50771xyaxw3159u1yrb0wnxf|03|org"; nocase; ) # 16pbw2v161li7kv2tkseu6c38p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16pbw2v161li7kv2tkseu6c38p|03|com"; nocase; ) # 10zytp5nomyru1s4p1tj1cuo16w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zytp5nomyru1s4p1tj1cuo16w|03|net"; nocase; ) # 18ei49k6tul9mss7a741jh3nf8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ei49k6tul9mss7a741jh3nf8|03|org"; nocase; ) # 162vp4427jamjd0vu9j18w7my6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|162vp4427jamjd0vu9j18w7my6|03|com"; nocase; ) # 1g64r07xrux31gegaut1gpki0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g64r07xrux31gegaut1gpki0|03|org"; nocase; ) # 18ea28v10w3gpmv881so1sz6n0k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ea28v10w3gpmv881so1sz6n0k|03|biz"; nocase; ) # 19l1wpkaie4421ioiibfr87d47.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19l1wpkaie4421ioiibfr87d47|03|biz"; nocase; ) # 7rjnz03qky2n1uq8qwli6d8x4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rjnz03qky2n1uq8qwli6d8x4|03|net"; nocase; ) # 1gudhfazikmuy1nd9yktjgh41q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gudhfazikmuy1nd9yktjgh41q|03|org"; nocase; ) # d3nb0zy651eejef0gysxtng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|d3nb0zy651eejef0gysxtng|03|org"; nocase; ) # 15whmhz1l4zi581krqmxvcfgvmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15whmhz1l4zi581krqmxvcfgvmp|03|net"; nocase; ) # 2rmk9111bl3kn1vkviwf8chkv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2rmk9111bl3kn1vkviwf8chkv1|03|net"; nocase; ) # uhlfq7jzkoqc4kym1c1cllozl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uhlfq7jzkoqc4kym1c1cllozl|03|com"; nocase; ) # leya5g109q8yx1kwn4yn1hd2128.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|leya5g109q8yx1kwn4yn1hd2128|03|org"; nocase; ) # t167011lnbw92x0gsrd4omkyh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t167011lnbw92x0gsrd4omkyh|03|org"; nocase; ) # sr1273mss043rp3uvq1g2749e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sr1273mss043rp3uvq1g2749e|03|com"; nocase; ) # 19vtltx1dif8pd1vdoly51ydrxae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19vtltx1dif8pd1vdoly51ydrxae|03|com"; nocase; ) # 18idlq0154xxlb1odo11iqzm82x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18idlq0154xxlb1odo11iqzm82x|03|com"; nocase; ) # 18k7pv014320pq1k9u2k9lu4og0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k7pv014320pq1k9u2k9lu4og0|03|net"; nocase; ) # bpw5eyjizlfv6q20t01uivim4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bpw5eyjizlfv6q20t01uivim4|03|net"; nocase; ) # 1oiwsrq17imis4clavxz1cpozn2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oiwsrq17imis4clavxz1cpozn2|03|com"; nocase; ) # sk375z1l7kows1a1gl5y1dlw9s2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sk375z1l7kows1a1gl5y1dlw9s2|03|org"; nocase; ) # 1apcqac9vkza51kgpagl1aaoasf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1apcqac9vkza51kgpagl1aaoasf|03|net"; nocase; ) # 13za8q1qwnz23t2f888h2vaxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13za8q1qwnz23t2f888h2vaxr|03|com"; nocase; ) # 1lumnof1svnpw21rf9wm6ggij0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lumnof1svnpw21rf9wm6ggij0m|03|com"; nocase; ) # h0ps3k8xe59v1cmom6k1n5i11l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0ps3k8xe59v1cmom6k1n5i11l|03|com"; nocase; ) # 1p14f4i1xugxhm1w8skht1050ffa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p14f4i1xugxhm1w8skht1050ffa|03|biz"; nocase; ) # 5yghf3mdcx0b1bb9i3c15xno1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5yghf3mdcx0b1bb9i3c15xno1d|03|net"; nocase; ) # 1gt12awk7n1nc11c42iq1ple1r2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gt12awk7n1nc11c42iq1ple1r2|03|com"; nocase; ) # 1ox74jdkgu00zcrt2wt2cubne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ox74jdkgu00zcrt2wt2cubne|03|com"; nocase; ) # x3xqrjimckfv1bx9edq1j5bcde.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3xqrjimckfv1bx9edq1j5bcde|03|net"; nocase; ) # 1yk4eg31o2i5n11wujt8k12x60dm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yk4eg31o2i5n11wujt8k12x60dm|03|biz"; nocase; ) # gj1qr1iitwjf1tbw6dvyxu4nf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gj1qr1iitwjf1tbw6dvyxu4nf|03|org"; nocase; ) # 174ra0wzb8bndfdw171gn3b2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|174ra0wzb8bndfdw171gn3b2t|03|org"; nocase; ) # 193phhg3ro5b6ehc2fq1v8ycbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193phhg3ro5b6ehc2fq1v8ycbp|03|com"; nocase; ) # 1mc92yt19bjrxfdbs0bd1v7ka1c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mc92yt19bjrxfdbs0bd1v7ka1c|03|net"; nocase; ) # 1jrk5kvqg9w2z1ul0xmj4pa6w3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jrk5kvqg9w2z1ul0xmj4pa6w3|03|net"; nocase; ) # a1an4yc0orak1vyg1cu1roajwx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a1an4yc0orak1vyg1cu1roajwx|03|org"; nocase; ) # 1lz63wjoonur1h5roblrp60av.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lz63wjoonur1h5roblrp60av|03|net"; nocase; ) # 1jszgkvllj5eo15vnr1e1h4ep4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jszgkvllj5eo15vnr1e1h4ep4u|03|biz"; nocase; ) # 6n7n4bry790l18c119sfedpru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6n7n4bry790l18c119sfedpru|03|org"; nocase; ) # 1jc817ww4ifir1lhvazq1al87na.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jc817ww4ifir1lhvazq1al87na|03|com"; nocase; ) # l9ymldskjsoi10n0p5l1i7sdyr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l9ymldskjsoi10n0p5l1i7sdyr|03|biz"; nocase; ) # 19xxtyt1xpg6hsg5jtk2hvc9ma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19xxtyt1xpg6hsg5jtk2hvc9ma|03|com"; nocase; ) # 7xg946ht4zc09epjs8aqqsca.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7xg946ht4zc09epjs8aqqsca|03|org"; nocase; ) # 1cd5lb1862g6bl50dt1o4vdy6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cd5lb1862g6bl50dt1o4vdy6|03|org"; nocase; ) # 1b68zir1ued7d7qfxm6rzgnmbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b68zir1ued7d7qfxm6rzgnmbq|03|net"; nocase; ) # 1o96witbvfgfxtuj0tubox0ox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o96witbvfgfxtuj0tubox0ox|03|com"; nocase; ) # 1ief3d0g5bc1e4wd20x1f2n0yz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ief3d0g5bc1e4wd20x1f2n0yz|03|org"; nocase; ) # layxij17fvrnver45nu1ruhpg0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|layxij17fvrnver45nu1ruhpg0|03|biz"; nocase; ) # 3t3tx4thm2eh1b0ac641tgqf5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3t3tx4thm2eh1b0ac641tgqf5m|03|net"; nocase; ) # 8q6hp1d69quk1r9vm0hd1e7hw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8q6hp1d69quk1r9vm0hd1e7hw|03|com"; nocase; ) # 8h1fyhxkk46v3ve0y51c7tc2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8h1fyhxkk46v3ve0y51c7tc2p|03|org"; nocase; ) # 1r7ba5l1oyvqltt653u91n1fuen.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r7ba5l1oyvqltt653u91n1fuen|03|biz"; nocase; ) # 1minnd8zlyd4eyu4atejw80ak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1minnd8zlyd4eyu4atejw80ak|03|com"; nocase; ) # m52rwk1nuggop151zk4c17q9ely.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m52rwk1nuggop151zk4c17q9ely|03|net"; nocase; ) # dozi121ur3puudjqw1r1exd85f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dozi121ur3puudjqw1r1exd85f|03|net"; nocase; ) # 1qmqxzma9n8giesuqhc1lo3xq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qmqxzma9n8giesuqhc1lo3xq0|03|biz"; nocase; ) # 60otfz1m21n2j1nnhql613jp3tw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|60otfz1m21n2j1nnhql613jp3tw|03|net"; nocase; ) # 1gb9a911xv2rn318h1nt3ftg34.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gb9a911xv2rn318h1nt3ftg34|03|biz"; nocase; ) # rfqpl1bajdkoffryxpu5o80i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rfqpl1bajdkoffryxpu5o80i|03|biz"; nocase; ) # 54i2711mtcs021op89i21k297aw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|54i2711mtcs021op89i21k297aw|03|net"; nocase; ) # csyykppq6x74g9tz9y1dcicxc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|csyykppq6x74g9tz9y1dcicxc|03|org"; nocase; ) # 1ab8c95f13xgj1yxffrwc1pude.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ab8c95f13xgj1yxffrwc1pude|03|net"; nocase; ) # 181z2hq1l0vn6tu8sflu1jei279.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|181z2hq1l0vn6tu8sflu1jei279|03|net"; nocase; ) # 1ckww8ntskwj31i9hhghg41p1r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ckww8ntskwj31i9hhghg41p1r|03|org"; nocase; ) # 8d1x7s1itwreuzhefsytehhd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8d1x7s1itwreuzhefsytehhd6|03|net"; nocase; ) # 1heb6quwxieb11geh5o8pqwtm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1heb6quwxieb11geh5o8pqwtm5|03|net"; nocase; ) # 7meocp1f74lb7el4y3610zgz0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7meocp1f74lb7el4y3610zgz0l|03|com"; nocase; ) # 14wmacx1ibiz5018lh1mc198r0y2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14wmacx1ibiz5018lh1mc198r0y2|03|net"; nocase; ) # 1nksbyy1hy10phnz9q831baubyg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nksbyy1hy10phnz9q831baubyg|03|com"; nocase; ) # 1kbodmj1m3c76khjd7c1ejkqji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kbodmj1m3c76khjd7c1ejkqji|03|biz"; nocase; ) # 3jh9igqrcpg8cgzzc21kspj7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3jh9igqrcpg8cgzzc21kspj7c|03|org"; nocase; ) # 1gmyhar1ct256zi0vi451jqk0ls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gmyhar1ct256zi0vi451jqk0ls|03|com"; nocase; ) # f209r81l4uz0ei11l8goow2il.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f209r81l4uz0ei11l8goow2il|03|biz"; nocase; ) # 1f5pzpso6jqss1eq5kw2jvfek7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f5pzpso6jqss1eq5kw2jvfek7|03|org"; nocase; ) # 12d8xnj1xjqc79wiacw7yadpo6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12d8xnj1xjqc79wiacw7yadpo6|03|biz"; nocase; ) # 11tzfhc1j43w1poci1hp1aop3dn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11tzfhc1j43w1poci1hp1aop3dn|03|com"; nocase; ) # 1rpkw4j1togwy91xal17z1b2xvpu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rpkw4j1togwy91xal17z1b2xvpu|03|net"; nocase; ) # xzrlfk194kr7411jjgep1w22qnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xzrlfk194kr7411jjgep1w22qnv|03|org"; nocase; ) # tnqrvr6oaq4c14xbzkwoz5lga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tnqrvr6oaq4c14xbzkwoz5lga|03|com"; nocase; ) # 1s8i9p9hwjrs61s5tllahujl4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s8i9p9hwjrs61s5tllahujl4p|03|net"; nocase; ) # 14s0tffzlczck1lrsnnnuhmvcl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14s0tffzlczck1lrsnnnuhmvcl|03|net"; nocase; ) # 1ygoev71d8bxsyygi4acpb2rr6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygoev71d8bxsyygi4acpb2rr6|03|org"; nocase; ) # lc0g0c186gq4uw0gzh2j1af08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lc0g0c186gq4uw0gzh2j1af08|03|net"; nocase; ) # 1kfsn6n1rx4bxi6oacogt8wn05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfsn6n1rx4bxi6oacogt8wn05|03|net"; nocase; ) # va869jwdicuht40d4pqw2fl6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|va869jwdicuht40d4pqw2fl6|03|net"; nocase; ) # i0qb03etlwd71cppx8f19efv99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i0qb03etlwd71cppx8f19efv99|03|net"; nocase; ) # 7xgvzw2btytm1541pl01v1y3li.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7xgvzw2btytm1541pl01v1y3li|03|org"; nocase; ) # 1mpxsrv1lazw131d1qjre1uoqkqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mpxsrv1lazw131d1qjre1uoqkqj|03|biz"; nocase; ) # 1yxcwbp8qs3i1gv9m25a9i3if.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yxcwbp8qs3i1gv9m25a9i3if|03|org"; nocase; ) # 1ys6j2tb971p7u5mgta1bhtp2y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ys6j2tb971p7u5mgta1bhtp2y|03|biz"; nocase; ) # 1kcqi0jd61kfd9tyh401kwo5xi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kcqi0jd61kfd9tyh401kwo5xi|03|org"; nocase; ) # 1sl5pcv19rs1jix8jfco16peuej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sl5pcv19rs1jix8jfco16peuej|03|net"; nocase; ) # 1f4mfwwy25ryzgf3o201cz6g8s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f4mfwwy25ryzgf3o201cz6g8s|03|biz"; nocase; ) # scbsqxzet3o111sxc1xbxo1uz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|scbsqxzet3o111sxc1xbxo1uz|03|org"; nocase; ) # 1acymty1g3f45z123qeta1k8okpt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1acymty1g3f45z123qeta1k8okpt|03|net"; nocase; ) # ilhk9e19kqtht1054zz71rotofr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ilhk9e19kqtht1054zz71rotofr|03|com"; nocase; ) # xgm351rqm41ss20u1z1e582h9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xgm351rqm41ss20u1z1e582h9|03|net"; nocase; ) # tu3bcd1x3nzaj1otjyef1bpy4eb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tu3bcd1x3nzaj1otjyef1bpy4eb|03|biz"; nocase; ) # 1fu1bly13igwvx17redvegadopx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fu1bly13igwvx17redvegadopx|03|org"; nocase; ) # 1qt23n4yki6fq1cxv5v5xcucaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qt23n4yki6fq1cxv5v5xcucaw|03|org"; nocase; ) # 1gxwhtmejkvs91n7cpum1lh2xc0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gxwhtmejkvs91n7cpum1lh2xc0|03|net"; nocase; ) # og0kca1148c2u1cha2z21uwgiu8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|og0kca1148c2u1cha2z21uwgiu8|03|biz"; nocase; ) # 1xy0d7gtp4jtqb4oa3s50t99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1xy0d7gtp4jtqb4oa3s50t99|03|net"; nocase; ) # 17fpy68105y0m116tvl4p1mazynw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17fpy68105y0m116tvl4p1mazynw|03|net"; nocase; ) # 1w5jzoo1wl51b11q1097m1o3ln52.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w5jzoo1wl51b11q1097m1o3ln52|03|net"; nocase; ) # qna3m51fd7zam1vgc69412umbw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qna3m51fd7zam1vgc69412umbw4|03|org"; nocase; ) # key50sw08whr1dxaq2l75y3sa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|key50sw08whr1dxaq2l75y3sa|03|org"; nocase; ) # 1xx9z8y3qkek81wk8ly41txe2dc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xx9z8y3qkek81wk8ly41txe2dc|03|net"; nocase; ) # 14hmvq3vjybn11nqqfyl5fvhgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14hmvq3vjybn11nqqfyl5fvhgj|03|net"; nocase; ) # 1vsja991kzp84yh9wvt212ysgbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vsja991kzp84yh9wvt212ysgbq|03|net"; nocase; ) # 1v5cjha140o4m0mp35l7fgczfp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5cjha140o4m0mp35l7fgczfp|03|org"; nocase; ) # 15c5lqe9l9h71ue70oisyziiw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15c5lqe9l9h71ue70oisyziiw|03|org"; nocase; ) # qb8y8cgc9pld159w8zdtf10by.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qb8y8cgc9pld159w8zdtf10by|03|biz"; nocase; ) # 1waxufzah61w6ui24hr1v118po.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1waxufzah61w6ui24hr1v118po|03|net"; nocase; ) # 3rnhe4pqb3z51itsu351abq8ui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rnhe4pqb3z51itsu351abq8ui|03|biz"; nocase; ) # 18i5twp2z1e2xh1dr55nomu7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18i5twp2z1e2xh1dr55nomu7v|03|org"; nocase; ) # 16g7h6l17o62z51yvdusvr3adfg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16g7h6l17o62z51yvdusvr3adfg|03|net"; nocase; ) # xycl3o1l345fkif7fs6b78da.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xycl3o1l345fkif7fs6b78da|03|biz"; nocase; ) # 15c1cvily7kv81rphekm1c1brb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15c1cvily7kv81rphekm1c1brb4|03|org"; nocase; ) # 1an8g2n88fmm81a1se6x1ichppu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1an8g2n88fmm81a1se6x1ichppu|03|biz"; nocase; ) # l4gpfr1dliwg31s262481vfojod.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l4gpfr1dliwg31s262481vfojod|03|biz"; nocase; ) # ticnt6e8frytp2vt7c1n38dwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ticnt6e8frytp2vt7c1n38dwm|03|biz"; nocase; ) # 1xl56oh13a4dwr1g1q0lwio2yzp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xl56oh13a4dwr1g1q0lwio2yzp|03|net"; nocase; ) # 12fdasq8rawr1egwe6ktoi2e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12fdasq8rawr1egwe6ktoi2e0|03|biz"; nocase; ) # 1cy4ykz1id7rur3m3kif9ohhcg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cy4ykz1id7rur3m3kif9ohhcg|03|net"; nocase; ) # a8po3gxw2uxk1qfyhn2pafa1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8po3gxw2uxk1qfyhn2pafa1g|03|biz"; nocase; ) # 1yjrfr61a3lzw2d1xu941g8ivv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yjrfr61a3lzw2d1xu941g8ivv2|03|net"; nocase; ) # 1wjog11yul7o21u1q0811un92om.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wjog11yul7o21u1q0811un92om|03|com"; nocase; ) # pcscizl3a1jgfr52j11xu87vm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pcscizl3a1jgfr52j11xu87vm|03|org"; nocase; ) # 11j5gnqurck1b1guursfi5genk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11j5gnqurck1b1guursfi5genk|03|net"; nocase; ) # 1ofuzil1a2nzuu1pjzbs0sr8bjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ofuzil1a2nzuu1pjzbs0sr8bjd|03|com"; nocase; ) # dp0v71opkaqcnzi54snt7l2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|dp0v71opkaqcnzi54snt7l2|03|com"; nocase; ) # 16pg7161irrjhc1n21lxp1073ink.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16pg7161irrjhc1n21lxp1073ink|03|net"; nocase; ) # 1cca5x8u50yqf1ugb9zq1cmiadr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cca5x8u50yqf1ugb9zq1cmiadr|03|net"; nocase; ) # x0a2lz1l2sgppxp4wy76rka4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x0a2lz1l2sgppxp4wy76rka4|03|com"; nocase; ) # lxq4j9i2al8t1pdj7ey1uhcn3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lxq4j9i2al8t1pdj7ey1uhcn3c|03|net"; nocase; ) # 1vuijkr1avbw9919vjy281fql57t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vuijkr1avbw9919vjy281fql57t|03|net"; nocase; ) # 1231yk6ozd5i7m4r3ks18sv3bp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1231yk6ozd5i7m4r3ks18sv3bp|03|net"; nocase; ) # 1aualbdgse9bxviiqxy1uj6f9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aualbdgse9bxviiqxy1uj6f9e|03|com"; nocase; ) # 6shnr41oh3lug10mo49j11y4x24.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6shnr41oh3lug10mo49j11y4x24|03|org"; nocase; ) # 1x6qbws1eydkca18vsnf51fk5zcl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x6qbws1eydkca18vsnf51fk5zcl|03|net"; nocase; ) # 1wuwg9jg91ncfyaxjhs10bmzx6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wuwg9jg91ncfyaxjhs10bmzx6|03|org"; nocase; ) # 1gxrvvtxmfiyw1kkzz1nckb3gy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gxrvvtxmfiyw1kkzz1nckb3gy|03|com"; nocase; ) # r588xh13emkam1aka0hn9ggm0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r588xh13emkam1aka0hn9ggm0a|03|net"; nocase; ) # 1e2r35746kusxllz1991as544.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e2r35746kusxllz1991as544|03|net"; nocase; ) # 7mcro783e28h1ebwusk1d67i01.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7mcro783e28h1ebwusk1d67i01|03|com"; nocase; ) # 16wn6ku11y6j8grqep00fq2bfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wn6ku11y6j8grqep00fq2bfh|03|net"; nocase; ) # zp2vayd7ms8t152vn5xf0ltzv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zp2vayd7ms8t152vn5xf0ltzv|03|org"; nocase; ) # 73tdmz1pcnoji10cyf7p1emoe43.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|73tdmz1pcnoji10cyf7p1emoe43|03|com"; nocase; ) # frrd7af0mqu5saxcsyd9ngyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|frrd7af0mqu5saxcsyd9ngyr|03|net"; nocase; ) # 16n1jgkjqd9bx1m2jw36u69xn4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16n1jgkjqd9bx1m2jw36u69xn4|03|com"; nocase; ) # vv5kobtgxdhl139nqarq00srw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vv5kobtgxdhl139nqarq00srw|03|net"; nocase; ) # o1bjx21ypk9n6d35ylbtqugk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1bjx21ypk9n6d35ylbtqugk9|03|net"; nocase; ) # cukb205dc0qanuygi5id9euo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cukb205dc0qanuygi5id9euo|03|org"; nocase; ) # 1hi97xg1pzqrb91eak44pbzle64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hi97xg1pzqrb91eak44pbzle64|03|net"; nocase; ) # 1ww1t78wk0bmae6c7t71w2hi6q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ww1t78wk0bmae6c7t71w2hi6q|03|net"; nocase; ) # d3l9ne1dp1hk917l9wkr1kq3qs3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d3l9ne1dp1hk917l9wkr1kq3qs3|03|biz"; nocase; ) # 1dtdpms1kuc2pn1155jzzk025k5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtdpms1kuc2pn1155jzzk025k5|03|net"; nocase; ) # huhhl1djiztg1pd0vec6ylb7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|huhhl1djiztg1pd0vec6ylb7u|03|com"; nocase; ) # oz2q1a14tlp1g1yswq5wdi2cvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oz2q1a14tlp1g1yswq5wdi2cvn|03|net"; nocase; ) # 92yia9muhnuypgi6q42g5s5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|92yia9muhnuypgi6q42g5s5t|03|net"; nocase; ) # 1byxz4g1ljv65514c4od8d18ffb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1byxz4g1ljv65514c4od8d18ffb|03|net"; nocase; ) # 1q839mp1g0cl1q1t1y1zgjubpva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q839mp1g0cl1q1t1y1zgjubpva|03|com"; nocase; ) # 9dxod6ggnfxm13u3unj1yi6doo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9dxod6ggnfxm13u3unj1yi6doo|03|org"; nocase; ) # h24z901vixl4u1ilctl37fsj9q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h24z901vixl4u1ilctl37fsj9q|03|biz"; nocase; ) # 19aa1is159akenfey8tfxxu25r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19aa1is159akenfey8tfxxu25r|03|net"; nocase; ) # rvuxc1kw8gee159fpih1c0blmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rvuxc1kw8gee159fpih1c0blmy|03|org"; nocase; ) # a2abfase399b1lavzcq1h67hjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a2abfase399b1lavzcq1h67hjl|03|net"; nocase; ) # 1vbgnq513nn9kv1ykxk180rrqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbgnq513nn9kv1ykxk180rrqt|03|biz"; nocase; ) # keuz6iv5v811yryfqkdqqahy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|keuz6iv5v811yryfqkdqqahy|03|net"; nocase; ) # cwl7pi11cp0gr1nrwk4svv9gc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cwl7pi11cp0gr1nrwk4svv9gc1|03|com"; nocase; ) # kqkz6rojco9x3lxpjprb7ib9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kqkz6rojco9x3lxpjprb7ib9|03|net"; nocase; ) # 1k6a7c41ugw0ggimf9do171bwa5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k6a7c41ugw0ggimf9do171bwa5|03|biz"; nocase; ) # 78mzmv14jsqrx18yxvcxiot64q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|78mzmv14jsqrx18yxvcxiot64q|03|org"; nocase; ) # 8p143o37l2t97vxtg73lypip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8p143o37l2t97vxtg73lypip|03|net"; nocase; ) # 1klpigz8uzlha1fin94xyn9qps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1klpigz8uzlha1fin94xyn9qps|03|com"; nocase; ) # 17hsoq41u11bvbnswdke1ys6mcy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17hsoq41u11bvbnswdke1ys6mcy|03|org"; nocase; ) # 1g4d5endvey7v1wlw523yz5x51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g4d5endvey7v1wlw523yz5x51|03|org"; nocase; ) # q2v22dc9cysqdbhaz61tqs3aq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2v22dc9cysqdbhaz61tqs3aq|03|biz"; nocase; ) # 1abnk9x1ok5xjp195qtmdo5xe19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1abnk9x1ok5xjp195qtmdo5xe19|03|net"; nocase; ) # vpclc611tr74n1jbbzlq1u0skme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vpclc611tr74n1jbbzlq1u0skme|03|com"; nocase; ) # 1cccfkihpaelso5r3w6zkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|1cccfkihpaelso5r3w6zkz|03|com"; nocase; ) # 10yaxg1820d9l1kmk2n6nnxu3e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10yaxg1820d9l1kmk2n6nnxu3e|03|org"; nocase; ) # ra1d7u7t8zxc1cz9w0a12mbwjz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ra1d7u7t8zxc1cz9w0a12mbwjz|03|net"; nocase; ) # 1w5uwuz1s1cb48d80yvp11lbmbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w5uwuz1s1cb48d80yvp11lbmbp|03|com"; nocase; ) # h9j2721qw5yh71g6nstc6b4us7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h9j2721qw5yh71g6nstc6b4us7|03|com"; nocase; ) # 1f5mury512gxy1fcazdp1rdmnz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f5mury512gxy1fcazdp1rdmnz6|03|net"; nocase; ) # mlsr62i5jnin1kibirqppom94.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mlsr62i5jnin1kibirqppom94|03|biz"; nocase; ) # 713jyhn4vemfs6spai1bnnz4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|713jyhn4vemfs6spai1bnnz4h|03|net"; nocase; ) # 9xao4vduf96qku3rmp1k9ig93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xao4vduf96qku3rmp1k9ig93|03|net"; nocase; ) # eegkg71q8zky91thrhflgu7ejy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eegkg71q8zky91thrhflgu7ejy|03|biz"; nocase; ) # 18bp9n3rgan0n12tvieaehalsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18bp9n3rgan0n12tvieaehalsc|03|net"; nocase; ) # vsqpdp13pn1f2x9tbbf3hoj6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vsqpdp13pn1f2x9tbbf3hoj6i|03|org"; nocase; ) # 1cxsn6l1224zxe1i2du5z1kzewh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cxsn6l1224zxe1i2du5z1kzewh5|03|net"; nocase; ) # net4rfo73ax81jz458dh0bv23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|net4rfo73ax81jz458dh0bv23|03|net"; nocase; ) # 6t53jr14vbp1dy53bcksg2ecs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6t53jr14vbp1dy53bcksg2ecs|03|net"; nocase; ) # 1quwhxixuh251xdsf4r3wj6vw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1quwhxixuh251xdsf4r3wj6vw|03|net"; nocase; ) # jqyy8ob0ns7p18jmkuvjzmrj2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jqyy8ob0ns7p18jmkuvjzmrj2|03|net"; nocase; ) # 10hxtadul8rc19aolt918i08ee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10hxtadul8rc19aolt918i08ee|03|org"; nocase; ) # 1vu1qsqekhdbj1gmtanl1dx1fxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vu1qsqekhdbj1gmtanl1dx1fxj|03|net"; nocase; ) # 1rvf1wa1h5tbyx11e6u701i9paeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rvf1wa1h5tbyx11e6u701i9paeq|03|net"; nocase; ) # 1mnzhwyv2s89bfo9fpk1v091i4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnzhwyv2s89bfo9fpk1v091i4|03|net"; nocase; ) # 1tg157mx08koy1eu6kor8igkas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tg157mx08koy1eu6kor8igkas|03|com"; nocase; ) # 1m5bq891i4c7v0k2ls20ow1775.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m5bq891i4c7v0k2ls20ow1775|03|org"; nocase; ) # 1tqz7xiy80m1gz6x9h0gzjyk3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tqz7xiy80m1gz6x9h0gzjyk3|03|biz"; nocase; ) # 1fz5wn3126neba6b66y16unuje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fz5wn3126neba6b66y16unuje|03|net"; nocase; ) # 1cb09x11jb0gc01kuraj6feopfe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cb09x11jb0gc01kuraj6feopfe|03|org"; nocase; ) # 1ppn19u53px4nzjbfbq28uwre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ppn19u53px4nzjbfbq28uwre|03|org"; nocase; ) # 91c3h99tgqwmigrtkdrqbqjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|91c3h99tgqwmigrtkdrqbqjb|03|biz"; nocase; ) # gfsnzk9flm44gbenit17gw5t9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gfsnzk9flm44gbenit17gw5t9|03|org"; nocase; ) # vz8xmq1j37drbo39i4k1ls6fdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vz8xmq1j37drbo39i4k1ls6fdt|03|com"; nocase; ) # 12zr8bztajv62iblq3svhn6fu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12zr8bztajv62iblq3svhn6fu|03|com"; nocase; ) # 1l6336vmsx3sxwz1d9311s3rps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l6336vmsx3sxwz1d9311s3rps|03|net"; nocase; ) # 19td5fhewxgm58gumfq1c08s93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19td5fhewxgm58gumfq1c08s93|03|com"; nocase; ) # yrqaip1vtrn9j1omf2wo5zupd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yrqaip1vtrn9j1omf2wo5zupd2|03|com"; nocase; ) # 1xnbf9j1ae13pofwlhbkyi59re.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnbf9j1ae13pofwlhbkyi59re|03|org"; nocase; ) # mrgm3reaa3zxzwzjd51g0mxch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mrgm3reaa3zxzwzjd51g0mxch|03|net"; nocase; ) # 16gggem13wf51w1wkva2tcd7fr9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16gggem13wf51w1wkva2tcd7fr9|03|com"; nocase; ) # oqapgf1fwxrl0ov754e98i36d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oqapgf1fwxrl0ov754e98i36d|03|org"; nocase; ) # 1wzijlm1onkpmi12xffnuu0wtuh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wzijlm1onkpmi12xffnuu0wtuh|03|biz"; nocase; ) # o66png2kaweypa8b8415g6cep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o66png2kaweypa8b8415g6cep|03|com"; nocase; ) # 11tzy3k1g1s1av1iyywm61l5coe8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11tzy3k1g1s1av1iyywm61l5coe8|03|org"; nocase; ) # eharag1x5hl7c1mzisjjfqapix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eharag1x5hl7c1mzisjjfqapix|03|net"; nocase; ) # 1ajcrgqd253k44zszptvxml1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ajcrgqd253k44zszptvxml1|03|net"; nocase; ) # 1teuqruyma7p4l8ke6917n4ybv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1teuqruyma7p4l8ke6917n4ybv|03|com"; nocase; ) # 1vxhhs138x1wa106mced1gb2ghv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vxhhs138x1wa106mced1gb2ghv|03|net"; nocase; ) # 13dnx74142rt0y1468spcqaftbb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13dnx74142rt0y1468spcqaftbb|03|org"; nocase; ) # 1tcbxtnhzrw80m7wu9818qbli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tcbxtnhzrw80m7wu9818qbli|03|com"; nocase; ) # iinbeogxdklr13ul4nn15yyq0a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iinbeogxdklr13ul4nn15yyq0a|03|com"; nocase; ) # cha1pi9q1m45x1ccyumqvjrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cha1pi9q1m45x1ccyumqvjrf|03|net"; nocase; ) # 11q1dvl18olw1o32e1pe1sirwmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11q1dvl18olw1o32e1pe1sirwmq|03|org"; nocase; ) # 1pcn4vm1n73arx1fgn1ud13yzxjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pcn4vm1n73arx1fgn1ud13yzxjc|03|net"; nocase; ) # 1eyhk9d1o48kmy175fvd612hs5wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eyhk9d1o48kmy175fvd612hs5wk|03|net"; nocase; ) # 1dttv2514jwcukxc5219v2yvyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dttv2514jwcukxc5219v2yvyq|03|com"; nocase; ) # 4ae6bavjcxboaqmisc1192b8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ae6bavjcxboaqmisc1192b8m|03|com"; nocase; ) # 1uxheyq7ygnqt4q6fmu15errxy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxheyq7ygnqt4q6fmu15errxy|03|net"; nocase; ) # rzpe1r1389yen18xlofw1oi809v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rzpe1r1389yen18xlofw1oi809v|03|org"; nocase; ) # 1ik7dtojhjdhl1nomql7lhfptu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ik7dtojhjdhl1nomql7lhfptu|03|com"; nocase; ) # 6mbisinq5whr4bi0x11s8opiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6mbisinq5whr4bi0x11s8opiu|03|net"; nocase; ) # icg9nsx6k9vzxj1vc410q5ka8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icg9nsx6k9vzxj1vc410q5ka8|03|biz"; nocase; ) # rrdctj13xce2f1x3cebougclfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rrdctj13xce2f1x3cebougclfy|03|net"; nocase; ) # yre9tynyqi4j1epn5sz1e0w8mw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000021999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yre9tynyqi4j1epn5sz1e0w8mw|03|org"; nocase; ) # kw0k9m1elfxssq9elnx2c4qj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kw0k9m1elfxssq9elnx2c4qj8|03|com"; nocase; ) # jul4qqgn8gjv1hfzv82o3e31p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jul4qqgn8gjv1hfzv82o3e31p|03|org"; nocase; ) # 17pxyjc1a81aq28bl1s417u2iya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17pxyjc1a81aq28bl1s417u2iya|03|org"; nocase; ) # 17pcybdsbfudd1881mkb19y5og2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17pcybdsbfudd1881mkb19y5og2|03|biz"; nocase; ) # 9ms4yx164ujjgx6xtokuz9qj2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ms4yx164ujjgx6xtokuz9qj2|03|net"; nocase; ) # qf7hui195nxua3n917seeqzaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qf7hui195nxua3n917seeqzaf|03|org"; nocase; ) # fzg39vafve7pzi64sc1lw8u32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzg39vafve7pzi64sc1lw8u32|03|net"; nocase; ) # vfnb71p3c6n0m0712c8s7cca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vfnb71p3c6n0m0712c8s7cca|03|biz"; nocase; ) # 1r9qde31j84pj1bm6r4r18u201d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9qde31j84pj1bm6r4r18u201d|03|com"; nocase; ) # 1p1spiw7ixzqpfthqwh14a62gr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p1spiw7ixzqpfthqwh14a62gr|03|net"; nocase; ) # v7qvu41lodn7fi8x2vfp3wg57.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v7qvu41lodn7fi8x2vfp3wg57|03|net"; nocase; ) # 1vyktxz1pc33zz1393vek1pawwmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vyktxz1pc33zz1393vek1pawwmx|03|org"; nocase; ) # 1d64zgimkb2de125j6aw1db97pk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d64zgimkb2de125j6aw1db97pk|03|net"; nocase; ) # kld8121pyisc9da7absaam6vm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kld8121pyisc9da7absaam6vm|03|com"; nocase; ) # xhxa781jzh04qr64aymbrlhjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xhxa781jzh04qr64aymbrlhjp|03|org"; nocase; ) # 19b3hpl15e8k0q1ukbkvd1k6uqv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19b3hpl15e8k0q1ukbkvd1k6uqv4|03|org"; nocase; ) # 8q2ctx1pxrgwcrdm7c11wlt6pa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8q2ctx1pxrgwcrdm7c11wlt6pa|03|com"; nocase; ) # 15xb9uo142i5kxrievcn189kn6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15xb9uo142i5kxrievcn189kn6n|03|org"; nocase; ) # 1r9ml0x1a5f5o0km4jrc1fp8v4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9ml0x1a5f5o0km4jrc1fp8v4l|03|net"; nocase; ) # 42z76911h7ednx0f21wl46r9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42z76911h7ednx0f21wl46r9r|03|org"; nocase; ) # 17qthh71s39wk01jiift4lniyxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17qthh71s39wk01jiift4lniyxv|03|net"; nocase; ) # ivw3z754f9roxy14ox1sou9is.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ivw3z754f9roxy14ox1sou9is|03|com"; nocase; ) # 299uol85yxo1ps19xqqc3ey3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|299uol85yxo1ps19xqqc3ey3|03|org"; nocase; ) # vmejsv1baas7cvhilff41mwug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vmejsv1baas7cvhilff41mwug|03|net"; nocase; ) # yfm1ni1b3460jey1n44o2eqby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yfm1ni1b3460jey1n44o2eqby|03|com"; nocase; ) # yadi5ete4o451bjm559hfhmoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yadi5ete4o451bjm559hfhmoc|03|biz"; nocase; ) # 1v5yfnkmug7on1vcbbuw2siwt9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5yfnkmug7on1vcbbuw2siwt9|03|com"; nocase; ) # qew2jb19imhfo56wtb1p2at1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qew2jb19imhfo56wtb1p2at1u|03|org"; nocase; ) # hmg6ze1suposyd6wd6014w7im5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hmg6ze1suposyd6wd6014w7im5|03|net"; nocase; ) # w8a13fm88ul212cbz2ib6ynv4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8a13fm88ul212cbz2ib6ynv4|03|com"; nocase; ) # 1ullxh71yl7sinsd4bub10owt1l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ullxh71yl7sinsd4bub10owt1l|03|org"; nocase; ) # m44q6m1gtnphgi5u8a91ecnf0k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m44q6m1gtnphgi5u8a91ecnf0k|03|com"; nocase; ) # 73dn4013xojmy1dz53girueq7f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|73dn4013xojmy1dz53girueq7f|03|org"; nocase; ) # 1f93uz51f6fphdq7gtg6qvnpl0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f93uz51f6fphdq7gtg6qvnpl0|03|biz"; nocase; ) # wzd0c32h8fkl153qzy514hhe4z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzd0c32h8fkl153qzy514hhe4z|03|org"; nocase; ) # 1fnzzch190zwsgtoi3nd11zqtwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fnzzch190zwsgtoi3nd11zqtwg|03|net"; nocase; ) # nvgnnu3zscu415zhqybx1rbkq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nvgnnu3zscu415zhqybx1rbkq|03|com"; nocase; ) # 1e710z0h0f4na1h5g6oh1dvjq25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e710z0h0f4na1h5g6oh1dvjq25|03|net"; nocase; ) # 1avcyt9khrc611rok8le1of9e42.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1avcyt9khrc611rok8le1of9e42|03|biz"; nocase; ) # xbv4221d1a1cx15z52ald5ww3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xbv4221d1a1cx15z52ald5ww3|03|net"; nocase; ) # ozaqle1krd4uk6ewdpilft0ap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ozaqle1krd4uk6ewdpilft0ap|03|biz"; nocase; ) # 1uq62odj82q12zkgc7rxr9ng9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uq62odj82q12zkgc7rxr9ng9|03|org"; nocase; ) # v51w9ztnwgrydi0y3usb8h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|v51w9ztnwgrydi0y3usb8h|03|com"; nocase; ) # 1wqxaov15hmf79pifmsfrykdmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wqxaov15hmf79pifmsfrykdmr|03|net"; nocase; ) # 4k0njb1nj25b3czx5ov1qltcvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4k0njb1nj25b3czx5ov1qltcvm|03|net"; nocase; ) # 1e6utut1dgarwhm9u1461gaz534.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6utut1dgarwhm9u1461gaz534|03|com"; nocase; ) # 1qvx9ajw0du6wjnmnq11nkl2wb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qvx9ajw0du6wjnmnq11nkl2wb|03|net"; nocase; ) # p5wiil1x88y90ygkv7293vqgf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5wiil1x88y90ygkv7293vqgf|03|biz"; nocase; ) # eszbqs1904y52f4dp091a14yv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eszbqs1904y52f4dp091a14yv4|03|org"; nocase; ) # 1yhg9f71k4t2dfwqaxz38pbo8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhg9f71k4t2dfwqaxz38pbo8v|03|net"; nocase; ) # ww0kksvj57aw1reqg1x1p015ug.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ww0kksvj57aw1reqg1x1p015ug|03|biz"; nocase; ) # 1pla9yb11xdzn91ai5pmd1px7oi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pla9yb11xdzn91ai5pmd1px7oi7|03|com"; nocase; ) # l4rmy1kqyiz71ap2hvmmcbqj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4rmy1kqyiz71ap2hvmmcbqj8|03|com"; nocase; ) # 1syzxjkye6r5qspffciw2vy4y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1syzxjkye6r5qspffciw2vy4y|03|net"; nocase; ) # 1e4j0la9w25xm15jk99xte1pdx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e4j0la9w25xm15jk99xte1pdx|03|biz"; nocase; ) # 1bmkwao10br1sexfe2gl1opjixn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bmkwao10br1sexfe2gl1opjixn|03|biz"; nocase; ) # jih2iw9izgubrydimjl820xx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jih2iw9izgubrydimjl820xx|03|biz"; nocase; ) # 1uon80r1v8i8y1c6feymi0tem3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uon80r1v8i8y1c6feymi0tem3|03|org"; nocase; ) # r5c3fc19j96nlibuwoetqb3o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r5c3fc19j96nlibuwoetqb3o3|03|net"; nocase; ) # ao76wh1409qd01cyp7u91xnub82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ao76wh1409qd01cyp7u91xnub82|03|org"; nocase; ) # apu3nux0aj271qrrznyi9b9jw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|apu3nux0aj271qrrznyi9b9jw|03|net"; nocase; ) # qfh8z813qanqi1uz6n511cumy27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qfh8z813qanqi1uz6n511cumy27|03|com"; nocase; ) # ltw7upgv3uz52w3xbiyul7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|ltw7upgv3uz52w3xbiyul7|03|com"; nocase; ) # hsagpyc095377q8hkh1nxadrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hsagpyc095377q8hkh1nxadrp|03|net"; nocase; ) # 1aw12g7kvj2pdyg2ip214kfd1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aw12g7kvj2pdyg2ip214kfd1q|03|biz"; nocase; ) # hzou2n147711k16430b6ru3xue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hzou2n147711k16430b6ru3xue|03|org"; nocase; ) # 1tnj1du1aclx9e1hztxwe1wvga4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tnj1du1aclx9e1hztxwe1wvga4n|03|com"; nocase; ) # 79v0opx6s3yn10ff0lp1a25fbx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79v0opx6s3yn10ff0lp1a25fbx|03|biz"; nocase; ) # q265wrfweh291j6gtvt1d4fjq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q265wrfweh291j6gtvt1d4fjq5|03|com"; nocase; ) # 8eaqq59hf0f6gwg6bp1teecx9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8eaqq59hf0f6gwg6bp1teecx9|03|net"; nocase; ) # xb9p851rs6obzheqwel1246l3j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xb9p851rs6obzheqwel1246l3j|03|org"; nocase; ) # ierurr125ruhjaahff81taoafh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ierurr125ruhjaahff81taoafh|03|org"; nocase; ) # ov17iy23aix3tpn3tjw0arbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ov17iy23aix3tpn3tjw0arbe|03|org"; nocase; ) # 1j0jh3d1upjvhg61vhje83ers.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j0jh3d1upjvhg61vhje83ers|03|net"; nocase; ) # reuylaularg8cctop4yx6ge2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|reuylaularg8cctop4yx6ge2|03|org"; nocase; ) # 6seiyrvhiimbfuv0781pxutkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6seiyrvhiimbfuv0781pxutkd|03|org"; nocase; ) # 1fzud25qqge5z6cbbtvvqptyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fzud25qqge5z6cbbtvvqptyi|03|net"; nocase; ) # 1x4ij7p1g9javysu2ep61pf0zjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4ij7p1g9javysu2ep61pf0zjn|03|com"; nocase; ) # 1jtaqzi16b1w9gw603uu1sf18rx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtaqzi16b1w9gw603uu1sf18rx|03|org"; nocase; ) # towmca1h6v3mugpj2rf1beg4pv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|towmca1h6v3mugpj2rf1beg4pv|03|net"; nocase; ) # 168dezp1je0a36v77fn51m4blsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|168dezp1je0a36v77fn51m4blsz|03|org"; nocase; ) # 195kekk1ufwb9ugmx9o31osgomr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|195kekk1ufwb9ugmx9o31osgomr|03|net"; nocase; ) # 1kybm1e12h9xgsida2v2zmaeb0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kybm1e12h9xgsida2v2zmaeb0|03|org"; nocase; ) # 11w77ji10bipvskqjpnivwd3f0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11w77ji10bipvskqjpnivwd3f0|03|net"; nocase; ) # c7h7j61f4h5r81073s4k1obm7eg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c7h7j61f4h5r81073s4k1obm7eg|03|com"; nocase; ) # 1wbngxf17una2b1ghkyqd1jsf9nj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wbngxf17una2b1ghkyqd1jsf9nj|03|net"; nocase; ) # 13q42muv6if0r17ki8nk1og2pfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13q42muv6if0r17ki8nk1og2pfn|03|com"; nocase; ) # 4yzsgxhse2znqym0831len40w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yzsgxhse2znqym0831len40w|03|net"; nocase; ) # 1wu940w1wcl7j3trdayqi77twq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wu940w1wcl7j3trdayqi77twq|03|net"; nocase; ) # 13fn2ol15sjr661rbu9woa06r1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13fn2ol15sjr661rbu9woa06r1f|03|org"; nocase; ) # e9perx3eouxjg502tt1f9vx49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9perx3eouxjg502tt1f9vx49|03|net"; nocase; ) # 1a8mux586m2f19taxu7gulefq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a8mux586m2f19taxu7gulefq|03|com"; nocase; ) # 1csbbdn1tt4giy39hg3tikcwc4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1csbbdn1tt4giy39hg3tikcwc4|03|biz"; nocase; ) # 1d72ycz18f5fnq885cp0wsuj04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d72ycz18f5fnq885cp0wsuj04|03|net"; nocase; ) # 5etlfzplu0e1pbprza1ur8g2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5etlfzplu0e1pbprza1ur8g2p|03|biz"; nocase; ) # mlvl7ks651q1li626x1bqwzw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mlvl7ks651q1li626x1bqwzw6|03|net"; nocase; ) # 1xa7bxv1rqkqnf7q1jcadrlxmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xa7bxv1rqkqnf7q1jcadrlxmn|03|com"; nocase; ) # 13vpwb117g8o0d1ve0hae1skae0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13vpwb117g8o0d1ve0hae1skae0w|03|net"; nocase; ) # 2du9o01mf988y6p4e7ugq161u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2du9o01mf988y6p4e7ugq161u|03|com"; nocase; ) # zhu2fj2jmy4xoxqupn1inwztz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zhu2fj2jmy4xoxqupn1inwztz|03|biz"; nocase; ) # qu2qcq8jzf3wuv2hvu1d7148.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qu2qcq8jzf3wuv2hvu1d7148|03|com"; nocase; ) # 1ha87z8dbu1mf1y9qsn0eghdlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ha87z8dbu1mf1y9qsn0eghdlj|03|org"; nocase; ) # 5de1r7rf2qvv1rog0kd1uvbxyu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5de1r7rf2qvv1rog0kd1uvbxyu|03|org"; nocase; ) # 1xm0fbthffku6irnaffbmqolh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xm0fbthffku6irnaffbmqolh|03|com"; nocase; ) # 101cai91ikr7rf16qrn55kff83u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|101cai91ikr7rf16qrn55kff83u|03|net"; nocase; ) # 14llbd51q27y87o4ka9n1l2iw2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14llbd51q27y87o4ka9n1l2iw2d|03|net"; nocase; ) # 1mqxq3e19moi081x06dm9dudxdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqxq3e19moi081x06dm9dudxdq|03|com"; nocase; ) # tzqco317n4n431s7s5cb1ykxkif.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tzqco317n4n431s7s5cb1ykxkif|03|org"; nocase; ) # 1934xsh1fnoete189s4btq36a1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1934xsh1fnoete189s4btq36a1g|03|com"; nocase; ) # 1cdkrgz8fwi6s18msjki1x4nnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cdkrgz8fwi6s18msjki1x4nnv|03|org"; nocase; ) # zxyzrnr43pdv8qya451dnwwu5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zxyzrnr43pdv8qya451dnwwu5|03|net"; nocase; ) # oxwaz1i0yf801bquftxrv9pl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oxwaz1i0yf801bquftxrv9pl|03|org"; nocase; ) # 4vhqdqwqbz6s165c7gbydc9g2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vhqdqwqbz6s165c7gbydc9g2|03|net"; nocase; ) # fsd9xh93hm82skis97vqbjdo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fsd9xh93hm82skis97vqbjdo|03|biz"; nocase; ) # bfao748y06nzvt1m0fvhnx81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bfao748y06nzvt1m0fvhnx81|03|net"; nocase; ) # 1jp1nyn1gzih25ob9ecibqa0y3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jp1nyn1gzih25ob9ecibqa0y3|03|org"; nocase; ) # 3u2q5q18o8mgg1alz8zey8xu2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3u2q5q18o8mgg1alz8zey8xu2e|03|com"; nocase; ) # 1xh3bcwb6pbop1w7dp17xixb0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xh3bcwb6pbop1w7dp17xixb0|03|net"; nocase; ) # 1pymyl61lf2uer1ywpllybzt9f1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pymyl61lf2uer1ywpllybzt9f1|03|org"; nocase; ) # exhud513zq5811ys6fy23pqg6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exhud513zq5811ys6fy23pqg6a|03|org"; nocase; ) # o2i0k91eeonkt1ganbog1h44uj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o2i0k91eeonkt1ganbog1h44uj3|03|com"; nocase; ) # c6pwlv1j6x55ypwma6m1inx40.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c6pwlv1j6x55ypwma6m1inx40|03|biz"; nocase; ) # 6u8o0i1klrnp9qx6ygy14bzbpg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6u8o0i1klrnp9qx6ygy14bzbpg|03|net"; nocase; ) # 1d3v9iaek9uq68tql11yrecmw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d3v9iaek9uq68tql11yrecmw|03|org"; nocase; ) # hnu92jgy7gmo1usil4j1ensajc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnu92jgy7gmo1usil4j1ensajc|03|net"; nocase; ) # 1bayctxyzt838en8q8t1k1rh12.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bayctxyzt838en8q8t1k1rh12|03|biz"; nocase; ) # vpczqp8qd5o1n6d2y52h9utr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vpczqp8qd5o1n6d2y52h9utr|03|com"; nocase; ) # jpd17xe3v2zf1hum1aj10vvgnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jpd17xe3v2zf1hum1aj10vvgnm|03|net"; nocase; ) # 38nnra1t2h13zdvce1fw2nxs7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|38nnra1t2h13zdvce1fw2nxs7|03|org"; nocase; ) # 107gd7980fdk14tzy8ir8gefj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|107gd7980fdk14tzy8ir8gefj|03|com"; nocase; ) # 144v7dv14aylnc1dbrguac3ltw9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|144v7dv14aylnc1dbrguac3ltw9|03|org"; nocase; ) # 1qdygjd51qw9n1iz1xfb1b8n03k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdygjd51qw9n1iz1xfb1b8n03k|03|com"; nocase; ) # alrlvn15ko85l1pe0bgv1f8if3v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|alrlvn15ko85l1pe0bgv1f8if3v|03|com"; nocase; ) # 31kma2xgjxiq1ql615r1fmxg9l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|31kma2xgjxiq1ql615r1fmxg9l|03|org"; nocase; ) # 1aqsp8drd3g82qp0sjfmofxzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aqsp8drd3g82qp0sjfmofxzd|03|com"; nocase; ) # 1v9elj51xzhtxlfig0r0u1qme6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v9elj51xzhtxlfig0r0u1qme6|03|org"; nocase; ) # 1l9xyhs2mw21p1rpnyfi6956du.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l9xyhs2mw21p1rpnyfi6956du|03|org"; nocase; ) # m9dsb9hkjv97g9u0do1tm9wt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m9dsb9hkjv97g9u0do1tm9wt9|03|org"; nocase; ) # v1kitzwtcx64wd2vkzxkhqvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v1kitzwtcx64wd2vkzxkhqvq|03|net"; nocase; ) # 12i524f8rvv9of13m5i1ekozhs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12i524f8rvv9of13m5i1ekozhs|03|org"; nocase; ) # 79f8hl1pwezl31yvjxe72si8yz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79f8hl1pwezl31yvjxe72si8yz|03|net"; nocase; ) # v48jf913zkb92qj096d1gdorsd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v48jf913zkb92qj096d1gdorsd|03|com"; nocase; ) # 1nomdsw1nakswhxxodmb19amezz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nomdsw1nakswhxxodmb19amezz|03|net"; nocase; ) # 7bngkzzalrtw19cijcmjx9f2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7bngkzzalrtw19cijcmjx9f2n|03|org"; nocase; ) # vq05n61x3drgu1vrazzwsie66q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vq05n61x3drgu1vrazzwsie66q|03|net"; nocase; ) # 1546fjm1ykorn43kx9dme1vo2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1546fjm1ykorn43kx9dme1vo2l|03|net"; nocase; ) # 11h0o9q14glzpjv77dxd6krkqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11h0o9q14glzpjv77dxd6krkqb|03|net"; nocase; ) # 1p0weq01a8xhz11d5h54yh3mpt5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0weq01a8xhz11d5h54yh3mpt5|03|com"; nocase; ) # 1rlcms0nchy396pqj7lz05bap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rlcms0nchy396pqj7lz05bap|03|net"; nocase; ) # 10s0mlg180x01n109g1w819tm3m6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10s0mlg180x01n109g1w819tm3m6|03|org"; nocase; ) # danfaafyi0zcagf0c417qivuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|danfaafyi0zcagf0c417qivuv|03|net"; nocase; ) # 12mqbw2rfa15i1c9pbh71mkau2e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12mqbw2rfa15i1c9pbh71mkau2e|03|biz"; nocase; ) # 2d471x1k58a7q1tldadmfzldf8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2d471x1k58a7q1tldadmfzldf8|03|org"; nocase; ) # 86d8drnzgqx411eeoe1hxkkk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86d8drnzgqx411eeoe1hxkkk9|03|net"; nocase; ) # 5tb3rv10lb0gbg1e1wvxxcp4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5tb3rv10lb0gbg1e1wvxxcp4h|03|net"; nocase; ) # 9xt4ei1h870mt1icb1tu1yknixu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9xt4ei1h870mt1icb1tu1yknixu|03|biz"; nocase; ) # 1bwvzqy18p6h941gmv2c754fprh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bwvzqy18p6h941gmv2c754fprh|03|com"; nocase; ) # s5j4381d8leod1z41i517zmrse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s5j4381d8leod1z41i517zmrse|03|net"; nocase; ) # ni4rs218qvqyc17nz63m19kav1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ni4rs218qvqyc17nz63m19kav1|03|net"; nocase; ) # 8h53z11szwn1utqehkxqfod3n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8h53z11szwn1utqehkxqfod3n|03|biz"; nocase; ) # wvw7pr16lefpz8blrqh3k6z29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvw7pr16lefpz8blrqh3k6z29|03|com"; nocase; ) # m63dge186vi6s1kg4fgubhm9xa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m63dge186vi6s1kg4fgubhm9xa|03|net"; nocase; ) # tseb82pmncr9vtgd8w1ecws06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tseb82pmncr9vtgd8w1ecws06|03|net"; nocase; ) # eruokf18v9nktsekrxqf7l1ds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eruokf18v9nktsekrxqf7l1ds|03|net"; nocase; ) # 1lxd2rt11233jb104x3s310ypyuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxd2rt11233jb104x3s310ypyuq|03|org"; nocase; ) # 1qrnoq9oun01a1y2t041gjovf0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qrnoq9oun01a1y2t041gjovf0|03|com"; nocase; ) # 34zomh1x1kea31q1e0is1jvs4mv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|34zomh1x1kea31q1e0is1jvs4mv|03|net"; nocase; ) # 1pve1fj163kg4uop03aj1ou9rqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pve1fj163kg4uop03aj1ou9rqy|03|biz"; nocase; ) # 1v0olmb170bw9917enahy196z1ru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v0olmb170bw9917enahy196z1ru|03|org"; nocase; ) # 1nrsrqg1nhgo6212l8s9o1qqt11i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nrsrqg1nhgo6212l8s9o1qqt11i|03|net"; nocase; ) # 16grsr3ljq50n1nzwa7tws518j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16grsr3ljq50n1nzwa7tws518j|03|org"; nocase; ) # levr8l16lz3aqv5s78csme6bz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|levr8l16lz3aqv5s78csme6bz|03|com"; nocase; ) # 136n3g71uc2jjpngjbbfoeblpq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136n3g71uc2jjpngjbbfoeblpq|03|net"; nocase; ) # 1iufead166kmwd1qiyo27n6zc9u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iufead166kmwd1qiyo27n6zc9u|03|org"; nocase; ) # 1ivbcz8ylewbp1cr932pmho7lu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivbcz8ylewbp1cr932pmho7lu|03|com"; nocase; ) # y83jtu1qy3lancwwlwieb1qx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y83jtu1qy3lancwwlwieb1qx4|03|net"; nocase; ) # 1b7bwx91suhtgq13s163wywles8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b7bwx91suhtgq13s163wywles8|03|biz"; nocase; ) # 110sqd11ymnkw61k16d45zizeg2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|110sqd11ymnkw61k16d45zizeg2|03|com"; nocase; ) # d12f54ij9323xwg5801hd9q50.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d12f54ij9323xwg5801hd9q50|03|biz"; nocase; ) # ei1uue1jqul212l88uux3nk26.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ei1uue1jqul212l88uux3nk26|03|net"; nocase; ) # 135seqmhygee312tfd5ahv8sf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|135seqmhygee312tfd5ahv8sf|03|net"; nocase; ) # 12rwgij1h3p5z6bold2p12rpihv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12rwgij1h3p5z6bold2p12rpihv|03|biz"; nocase; ) # 1turlii1nt2uk0161yy9x6vr91c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1turlii1nt2uk0161yy9x6vr91c|03|net"; nocase; ) # fcaexx82y6ny1umqfaztuqmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fcaexx82y6ny1umqfaztuqmf|03|org"; nocase; ) # 1fb0der18q8tya1vx8odc6z9by1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fb0der18q8tya1vx8odc6z9by1|03|net"; nocase; ) # 1dd76rq1j7r3gd1dreeswxjgkhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dd76rq1j7r3gd1dreeswxjgkhn|03|com"; nocase; ) # yf45tqjnjdsbd1y8ir3jx60n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yf45tqjnjdsbd1y8ir3jx60n|03|com"; nocase; ) # 1aliuqs1czafge655c0z1rbr5cg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aliuqs1czafge655c0z1rbr5cg|03|org"; nocase; ) # k5ib1j1pmm11wawxcqw1co71xw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k5ib1j1pmm11wawxcqw1co71xw|03|com"; nocase; ) # a8zbom1cphno1fa5npq6xktsj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8zbom1cphno1fa5npq6xktsj|03|org"; nocase; ) # 8z0hujmjdigwcbpzcd1l2ftzp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8z0hujmjdigwcbpzcd1l2ftzp|03|com"; nocase; ) # 1cepv1w1vypxt3110omnbkq1pnq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cepv1w1vypxt3110omnbkq1pnq|03|org"; nocase; ) # 161pao8s8aodjdd333g20a8v8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|161pao8s8aodjdd333g20a8v8|03|biz"; nocase; ) # rbq4s6ee8qjv1ofdgej34tgrq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rbq4s6ee8qjv1ofdgej34tgrq|03|biz"; nocase; ) # 1x8y9ddrkyyuh15raow81au6ej5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x8y9ddrkyyuh15raow81au6ej5|03|org"; nocase; ) # 1jzhpv7b4o38i5znjq91ydodbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jzhpv7b4o38i5znjq91ydodbd|03|org"; nocase; ) # a3govv16fjnc8camzyxj50b3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a3govv16fjnc8camzyxj50b3|03|com"; nocase; ) # 1tq8bvasdvg00jh2ehvhpey40.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tq8bvasdvg00jh2ehvhpey40|03|com"; nocase; ) # 14rv9lw19ki7xs1s7x29t1rsxkpm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14rv9lw19ki7xs1s7x29t1rsxkpm|03|org"; nocase; ) # 19v436f1o13006bn01d91yzmly1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19v436f1o13006bn01d91yzmly1|03|net"; nocase; ) # 1ggejt2xygbbkpycpro12uztmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ggejt2xygbbkpycpro12uztmq|03|org"; nocase; ) # 1k9k25ka3af7jbqur0u1q2nkfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k9k25ka3af7jbqur0u1q2nkfk|03|com"; nocase; ) # 1rqjc8b1gly3n22hqmp5zbu6el.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqjc8b1gly3n22hqmp5zbu6el|03|net"; nocase; ) # 1bod1or1q17zhjhliqdjtrokrj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bod1or1q17zhjhliqdjtrokrj|03|biz"; nocase; ) # 1gjszll1xs847s1t5fkba1mjvnv7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gjszll1xs847s1t5fkba1mjvnv7|03|com"; nocase; ) # 12pmdgbu7u88a1mu8zdo75m4hd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12pmdgbu7u88a1mu8zdo75m4hd|03|net"; nocase; ) # 17do3a61u6ft0t1365i591aoxm0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17do3a61u6ft0t1365i591aoxm0f|03|net"; nocase; ) # 1jei7pwalzket3r0d585cldzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jei7pwalzket3r0d585cldzi|03|org"; nocase; ) # c0750kkn5b10ssa8kdf4l5ht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c0750kkn5b10ssa8kdf4l5ht|03|net"; nocase; ) # 1iylay118h3gou1kpjioh135utr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iylay118h3gou1kpjioh135utr|03|net"; nocase; ) # uiqhfo1yln9rs19sz6uy8ujr4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uiqhfo1yln9rs19sz6uy8ujr4j|03|org"; nocase; ) # qoahpx5xewcb1j8fqok1vgty92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qoahpx5xewcb1j8fqok1vgty92|03|org"; nocase; ) # buo9c51u44b6b1h0vi9tzs439h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|buo9c51u44b6b1h0vi9tzs439h|03|com"; nocase; ) # 1e7cu581u3gmfl1orlov8j6ntw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e7cu581u3gmfl1orlov8j6ntw5|03|net"; nocase; ) # 1ylsbxa1wcitqj12vl1qv1rzgus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ylsbxa1wcitqj12vl1qv1rzgus|03|net"; nocase; ) # 1b77qmtes826m11asrch1k58qem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b77qmtes826m11asrch1k58qem|03|net"; nocase; ) # f8xbfv7th12b1pv9ef19agd5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f8xbfv7th12b1pv9ef19agd5n|03|net"; nocase; ) # jmqsq41wwucxh1ez1wn4zuydfq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jmqsq41wwucxh1ez1wn4zuydfq|03|org"; nocase; ) # 1gtlf5hk0m63zofynhx1jgowb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gtlf5hk0m63zofynhx1jgowb|03|org"; nocase; ) # uguh3yq8n8uq1888opnly8tot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uguh3yq8n8uq1888opnly8tot|03|org"; nocase; ) # m804a91b1wfp32hxqag16tivev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m804a91b1wfp32hxqag16tivev|03|net"; nocase; ) # 17f63fowuei7iizv24t1ab5pgg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17f63fowuei7iizv24t1ab5pgg|03|org"; nocase; ) # 1kpqld3n21lw19lsfpu1u41l9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpqld3n21lw19lsfpu1u41l9r|03|com"; nocase; ) # 41y6g11g8m14f1nx9m7t1ab7tnf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|41y6g11g8m14f1nx9m7t1ab7tnf|03|com"; nocase; ) # xboa18jlayya1ckmjmhq6tcv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xboa18jlayya1ckmjmhq6tcv4|03|net"; nocase; ) # kvxqcg19cfud5sh5ncv1b7bkss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvxqcg19cfud5sh5ncv1b7bkss|03|org"; nocase; ) # gcd26y11u06nuki804018hhnsn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gcd26y11u06nuki804018hhnsn|03|com"; nocase; ) # 3zb7m3p99u7s2sblb3oks7qw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3zb7m3p99u7s2sblb3oks7qw|03|net"; nocase; ) # 17mqj6z18whffe1x7sobi2o4tes.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mqj6z18whffe1x7sobi2o4tes|03|org"; nocase; ) # 174w85w11ea65513s80ez13cguk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|174w85w11ea65513s80ez13cguk8|03|net"; nocase; ) # 1xufqb3116gxwe14002zb1tjsxdi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xufqb3116gxwe14002zb1tjsxdi|03|org"; nocase; ) # 510jn31nrl5861lk3dbkmwuzm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|510jn31nrl5861lk3dbkmwuzm6|03|net"; nocase; ) # 1u57fbr5cc3av15a1iubqd56y6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u57fbr5cc3av15a1iubqd56y6|03|com"; nocase; ) # tghbk3dqo7cl17nl62b1apdjwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tghbk3dqo7cl17nl62b1apdjwk|03|com"; nocase; ) # 1nju9f628kn4w1dscsj310irq6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nju9f628kn4w1dscsj310irq6o|03|net"; nocase; ) # p0vm25r1j08r1dk1axe156fppi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0vm25r1j08r1dk1axe156fppi|03|com"; nocase; ) # 1ibit3r13ymz6kqf02p0zh7yli.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ibit3r13ymz6kqf02p0zh7yli|03|biz"; nocase; ) # 1p9gs6wziovgl1jfvjom1robtvy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p9gs6wziovgl1jfvjom1robtvy|03|org"; nocase; ) # i9zzso3bg1j38n4w38132g8rz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i9zzso3bg1j38n4w38132g8rz|03|biz"; nocase; ) # 1ur0mntzqgp9lg7vwn71alwuwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ur0mntzqgp9lg7vwn71alwuwm|03|net"; nocase; ) # josar1fnuammtw0mx9oemlx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|josar1fnuammtw0mx9oemlx6|03|biz"; nocase; ) # 13x05lngse681ix5el2vpy1pk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13x05lngse681ix5el2vpy1pk|03|net"; nocase; ) # 1nzvrq910h3hqb1lwqzz4d1jqvb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nzvrq910h3hqb1lwqzz4d1jqvb|03|org"; nocase; ) # cnxn43g7fqwclptpjcsej5ts.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cnxn43g7fqwclptpjcsej5ts|03|com"; nocase; ) # 1w6wxp6gjccc114h4e85nq2m2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w6wxp6gjccc114h4e85nq2m2h|03|biz"; nocase; ) # 131emjyk8ywcmcxbj2k1g76r5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|131emjyk8ywcmcxbj2k1g76r5z|03|net"; nocase; ) # 14f1wwx6fg3571ggqfv61rlzfr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14f1wwx6fg3571ggqfv61rlzfr|03|net"; nocase; ) # 10g70sgxuayif193yj56ow2m41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10g70sgxuayif193yj56ow2m41|03|com"; nocase; ) # 1mvczgf1nxy4zmzhovd1161h5b0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mvczgf1nxy4zmzhovd1161h5b0|03|net"; nocase; ) # 1s4mekv1od5m0jk8kchg2sdsjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s4mekv1od5m0jk8kchg2sdsjx|03|net"; nocase; ) # 8u4i61py9u2s17c2nsd9vwant.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8u4i61py9u2s17c2nsd9vwant|03|net"; nocase; ) # 1g4m67t1bh0dkzj9zhyo1sbr8xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g4m67t1bh0dkzj9zhyo1sbr8xh|03|net"; nocase; ) # w2z9fg2rwp7r1cerljqs0givb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w2z9fg2rwp7r1cerljqs0givb|03|net"; nocase; ) # 1ve4zoz1enzkaq1kfu8ys1slkdxb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ve4zoz1enzkaq1kfu8ys1slkdxb|03|biz"; nocase; ) # cgpenlkkx4mg12zq05559xrxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cgpenlkkx4mg12zq05559xrxi|03|org"; nocase; ) # 15w79u2w8g8z0ata9fl109xwbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15w79u2w8g8z0ata9fl109xwbc|03|net"; nocase; ) # 1umnji45x8m2v1bdfswd1gantzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1umnji45x8m2v1bdfswd1gantzm|03|net"; nocase; ) # 1u77avp1nmiwbvwlqeos14d9n92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u77avp1nmiwbvwlqeos14d9n92|03|net"; nocase; ) # g5ek5b1v3hvo915gp1101yg4i6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g5ek5b1v3hvo915gp1101yg4i6s|03|net"; nocase; ) # 127nne7fc5nbn11rdkpv1wqh5px.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|127nne7fc5nbn11rdkpv1wqh5px|03|biz"; nocase; ) # bvnrp81u7m71nm00l2hjfrvc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bvnrp81u7m71nm00l2hjfrvc1|03|net"; nocase; ) # 1p8zmfw19qwxeu1kag5wp1cv77f3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p8zmfw19qwxeu1kag5wp1cv77f3|03|net"; nocase; ) # 1mulfpx2cr73r1r42ahauyo8s8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mulfpx2cr73r1r42ahauyo8s8|03|com"; nocase; ) # 10s7uc51wn9s7416t56ts14ihhl2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10s7uc51wn9s7416t56ts14ihhl2|03|biz"; nocase; ) # 1gkfshcxo0jod1b2cmtq10tmfsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gkfshcxo0jod1b2cmtq10tmfsl|03|net"; nocase; ) # 1c7phes1umbdon6ij025vgykof.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c7phes1umbdon6ij025vgykof|03|net"; nocase; ) # 3jq2hf1g9g2ss1gqfyemelfcpz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3jq2hf1g9g2ss1gqfyemelfcpz|03|biz"; nocase; ) # 8va5t51pmlkxjh5kr2r1a0w3vk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8va5t51pmlkxjh5kr2r1a0w3vk|03|net"; nocase; ) # 19tohcilm2indkwincc25mi0l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19tohcilm2indkwincc25mi0l|03|org"; nocase; ) # pglypg12d1o3dr4i6rxbyjk63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pglypg12d1o3dr4i6rxbyjk63|03|com"; nocase; ) # 16o1jhw17llm19vslic45qvqpf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16o1jhw17llm19vslic45qvqpf|03|net"; nocase; ) # 1csxhkd168z3h41qm9d7ic7ysc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1csxhkd168z3h41qm9d7ic7ysc1|03|com"; nocase; ) # 1r7nfr0mg85uq1snyz6p16c5atq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r7nfr0mg85uq1snyz6p16c5atq|03|org"; nocase; ) # 1sk35jv1s212lw1swrhhk1d41i0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sk35jv1s212lw1swrhhk1d41i0r|03|com"; nocase; ) # 1awrzpqy033t91hyhwt66rswxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1awrzpqy033t91hyhwt66rswxn|03|com"; nocase; ) # 6529w86y2aw31ni1n951i0etsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6529w86y2aw31ni1n951i0etsp|03|org"; nocase; ) # ml54y31wk85h29e46zi55vl1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ml54y31wk85h29e46zi55vl1k|03|net"; nocase; ) # 1f52qg5a63a38w84iwd1y93mks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f52qg5a63a38w84iwd1y93mks|03|net"; nocase; ) # shr0t61ydih1tffyctj1oohaic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shr0t61ydih1tffyctj1oohaic|03|com"; nocase; ) # 11hqd1x8ts7vf1ladwbx1cbzytc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hqd1x8ts7vf1ladwbx1cbzytc|03|biz"; nocase; ) # 10so0o1rhzmbit6j7sg5d5k4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|10so0o1rhzmbit6j7sg5d5k4|03|net"; nocase; ) # 1hhdqh9g7d6j81sjxyi133vs8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hhdqh9g7d6j81sjxyi133vs8i|03|com"; nocase; ) # de0gv71wnxksak1ob47z86bv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|de0gv71wnxksak1ob47z86bv4|03|net"; nocase; ) # 1cgmjxe7einq011yabfpx7ldt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cgmjxe7einq011yabfpx7ldt8|03|net"; nocase; ) # gq19i811ydhq67449j61feaxko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gq19i811ydhq67449j61feaxko|03|org"; nocase; ) # 1221luaz68rcf3b59sq2jvicu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1221luaz68rcf3b59sq2jvicu|03|org"; nocase; ) # 18pjx9u11fhf9cmgh5jiopfhk5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pjx9u11fhf9cmgh5jiopfhk5|03|biz"; nocase; ) # 1cub9asu3evqv17ynnwt1o71evf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cub9asu3evqv17ynnwt1o71evf|03|com"; nocase; ) # yxdb7m1x4161w7aihl31lgvs1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yxdb7m1x4161w7aihl31lgvs1y|03|com"; nocase; ) # 13i79voyd1jm6lo9s77l3t4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13i79voyd1jm6lo9s77l3t4f|03|net"; nocase; ) # 166lhcg6iii9i1vdkqhimx0o6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166lhcg6iii9i1vdkqhimx0o6g|03|com"; nocase; ) # yu9m05agcyklko13o972x1l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|yu9m05agcyklko13o972x1l|03|org"; nocase; ) # wbw19vlsjo021n3d49cll2jcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wbw19vlsjo021n3d49cll2jcs|03|net"; nocase; ) # 1tzqx0w1ummuw9mszaw21al7ylt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tzqx0w1ummuw9mszaw21al7ylt|03|net"; nocase; ) # 1gjjem01v6m53zgm5qouj5r3jn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gjjem01v6m53zgm5qouj5r3jn|03|org"; nocase; ) # 1be3rjo1nyi6hy132el1hyboayf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1be3rjo1nyi6hy132el1hyboayf|03|net"; nocase; ) # zx14851uhzofa1y7jq791fg8i5k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zx14851uhzofa1y7jq791fg8i5k|03|com"; nocase; ) # xp4h6221mozba3bswlo0464k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xp4h6221mozba3bswlo0464k|03|net"; nocase; ) # 9x6tvokxr1d34ize5aw3v2se.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9x6tvokxr1d34ize5aw3v2se|03|org"; nocase; ) # ylttxn1alku7hzvobqgi3sr8z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ylttxn1alku7hzvobqgi3sr8z|03|net"; nocase; ) # 1jfi3vc1i3btcmiik3181kz0fpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfi3vc1i3btcmiik3181kz0fpp|03|net"; nocase; ) # h4vhxsm53dm1yfqc6ksy4f37.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h4vhxsm53dm1yfqc6ksy4f37|03|org"; nocase; ) # 5luz2o15nk94syurfic1kqcho6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5luz2o15nk94syurfic1kqcho6|03|net"; nocase; ) # 8ca2gmbpkfelfbcyw51f1udjz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ca2gmbpkfelfbcyw51f1udjz|03|com"; nocase; ) # 5xu6ln1xr4b6pb5ellc3s6rf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5xu6ln1xr4b6pb5ellc3s6rf4|03|com"; nocase; ) # 2hn7v31kh563y1bf1lf1waei8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2hn7v31kh563y1bf1lf1waei8x|03|net"; nocase; ) # vbrutn13asqgdttldp71pnmdco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vbrutn13asqgdttldp71pnmdco|03|org"; nocase; ) # emlh0w1mdotu6yefoqb11uywz4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|emlh0w1mdotu6yefoqb11uywz4|03|com"; nocase; ) # qc8sqo1rp5htf1vzhl42192q5qb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qc8sqo1rp5htf1vzhl42192q5qb|03|com"; nocase; ) # nmtvt8kfgkkh1926de2etiz1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmtvt8kfgkkh1926de2etiz1l|03|com"; nocase; ) # 6shulc159f5gnh32reac2uuq0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6shulc159f5gnh32reac2uuq0|03|org"; nocase; ) # asgnd419hvfbycpbac430dxmx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|asgnd419hvfbycpbac430dxmx|03|net"; nocase; ) # 1nw0sndc75rp2gh9hj13brkn1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nw0sndc75rp2gh9hj13brkn1|03|biz"; nocase; ) # 1r2w0yfe2wo3p81qn5n1q66ibu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r2w0yfe2wo3p81qn5n1q66ibu|03|net"; nocase; ) # ma98ge14lnq21ju5pbxmaw7u9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ma98ge14lnq21ju5pbxmaw7u9|03|com"; nocase; ) # 1jkfscz1hzbjcf1gapniz1bpsi55.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jkfscz1hzbjcf1gapniz1bpsi55|03|org"; nocase; ) # b95yry13gkixwqqua2hjl0zmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b95yry13gkixwqqua2hjl0zmf|03|net"; nocase; ) # j9vfojzhw5e27oh5lq9xdfjm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j9vfojzhw5e27oh5lq9xdfjm|03|biz"; nocase; ) # 1k0i2xuwzaxn7kxyegnrx37a7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k0i2xuwzaxn7kxyegnrx37a7|03|net"; nocase; ) # 1c19eyb1hpxes9it0lrq1tprd5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c19eyb1hpxes9it0lrq1tprd5d|03|net"; nocase; ) # 1kreblofbzlll1pjp8tl1w1b8xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kreblofbzlll1pjp8tl1w1b8xe|03|net"; nocase; ) # 1pi4yndbyu29uymtly317y0n37.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pi4yndbyu29uymtly317y0n37|03|com"; nocase; ) # s2nampmnbs7v12yapfv1h157n6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s2nampmnbs7v12yapfv1h157n6|03|biz"; nocase; ) # 3w2sm01sztfa9m8hf8619rodig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3w2sm01sztfa9m8hf8619rodig|03|net"; nocase; ) # elh9eu4po0xmfwqf3c17qy0ea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|elh9eu4po0xmfwqf3c17qy0ea|03|org"; nocase; ) # 1ioyc30be57bjli71i0nbx8vk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ioyc30be57bjli71i0nbx8vk|03|net"; nocase; ) # 2r2en31y3b3b4gqb73711a0dvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2r2en31y3b3b4gqb73711a0dvo|03|net"; nocase; ) # 7k91gjwxfq591v2f5geqvrq8z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7k91gjwxfq591v2f5geqvrq8z|03|biz"; nocase; ) # 1twj0zr1rm6spyw90eulr41ac2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1twj0zr1rm6spyw90eulr41ac2|03|biz"; nocase; ) # vqja9g38694gn9js4ytt20q8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vqja9g38694gn9js4ytt20q8|03|net"; nocase; ) # kvav381sc7t8v1y46sq41bt0bfz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kvav381sc7t8v1y46sq41bt0bfz|03|org"; nocase; ) # f7uwid1mtnxmj1psyl0q11sbjr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f7uwid1mtnxmj1psyl0q11sbjr1|03|com"; nocase; ) # 1z0lgxk1flt01c9osvacor2ykw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1z0lgxk1flt01c9osvacor2ykw|03|biz"; nocase; ) # 101bgpz1m0dy9di88vm9wp9kj9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|101bgpz1m0dy9di88vm9wp9kj9|03|biz"; nocase; ) # 1fxz3r6181uhfk1qexu56s2x82r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fxz3r6181uhfk1qexu56s2x82r|03|net"; nocase; ) # uh2dn610syf6zn5rsavsv3lzx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uh2dn610syf6zn5rsavsv3lzx|03|org"; nocase; ) # mmixtqychsoxcbmv7aacean2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mmixtqychsoxcbmv7aacean2|03|biz"; nocase; ) # jwnchw10tsg3v1fqe6q31eybotr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jwnchw10tsg3v1fqe6q31eybotr|03|biz"; nocase; ) # zhw1gy1fqp6ke1lz42kbhi2hxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhw1gy1fqp6ke1lz42kbhi2hxk|03|net"; nocase; ) # 1uei91mpcfqoxqwwqf1rcoqjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uei91mpcfqoxqwwqf1rcoqjp|03|org"; nocase; ) # fkvjxc110ibyz14td3f619s0l45.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fkvjxc110ibyz14td3f619s0l45|03|org"; nocase; ) # 14c4wgxs0ebjd1v32xdmrmpf8b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14c4wgxs0ebjd1v32xdmrmpf8b|03|net"; nocase; ) # 1g32wk9164x7sq11atxx31pzdq8b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g32wk9164x7sq11atxx31pzdq8b|03|net"; nocase; ) # poupu32o93xtjhgb2smprqnx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|poupu32o93xtjhgb2smprqnx|03|com"; nocase; ) # 1n3d6pf1x9by12f6ahfdrlkcs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n3d6pf1x9by12f6ahfdrlkcs2|03|net"; nocase; ) # fb8o0ip4t6gf1hfkcfy1fckx4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fb8o0ip4t6gf1hfkcfy1fckx4d|03|com"; nocase; ) # 1fj0obtrfhciz8f1kr41rbx340.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fj0obtrfhciz8f1kr41rbx340|03|net"; nocase; ) # 12dp7ps1wyc8xz1f518zydw5j1v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12dp7ps1wyc8xz1f518zydw5j1v|03|org"; nocase; ) # 19vytlt5n6xopzp5gamtbn1dk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19vytlt5n6xopzp5gamtbn1dk|03|com"; nocase; ) # p4cbficuiug517pprue14bdfvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4cbficuiug517pprue14bdfvb|03|biz"; nocase; ) # jzv70mwviukc8l1cl4756vrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jzv70mwviukc8l1cl4756vrr|03|com"; nocase; ) # 1te8vbe1p9mcfv78qv5q1aio5ub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1te8vbe1p9mcfv78qv5q1aio5ub|03|net"; nocase; ) # vi2syeq2qiei1613lp1gytvmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vi2syeq2qiei1613lp1gytvmt|03|net"; nocase; ) # 8jqavz1o3cnon15mr5pj1gtoc7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8jqavz1o3cnon15mr5pj1gtoc7s|03|com"; nocase; ) # icdf3tz7620r189f2ws70vdzn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icdf3tz7620r189f2ws70vdzn|03|org"; nocase; ) # 19497hv13sobm117js2zg10ohx00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19497hv13sobm117js2zg10ohx00|03|org"; nocase; ) # 1fgt5pn138ubm811453621vgvfd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fgt5pn138ubm811453621vgvfd9|03|net"; nocase; ) # 1pnh3iugat3pheblq9v1m3brvu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pnh3iugat3pheblq9v1m3brvu|03|org"; nocase; ) # 13p3sip1ir3jqr2e8t9p136agwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13p3sip1ir3jqr2e8t9p136agwr|03|net"; nocase; ) # 1s1xwzwv0vajw34eyxe1khjeng.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s1xwzwv0vajw34eyxe1khjeng|03|com"; nocase; ) # cf5qfd5ux2x412dvdnsgk276s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cf5qfd5ux2x412dvdnsgk276s|03|net"; nocase; ) # he0wosecyfnek70rqhv9zlka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|he0wosecyfnek70rqhv9zlka|03|net"; nocase; ) # 1nkmjar1gejpz1m92wwx1u61pm3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nkmjar1gejpz1m92wwx1u61pm3|03|biz"; nocase; ) # ncgoqf18q18161akhkf514vqpy1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ncgoqf18q18161akhkf514vqpy1|03|com"; nocase; ) # 1pn9rsnqkdon4iel3i21v83bpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pn9rsnqkdon4iel3i21v83bpb|03|net"; nocase; ) # 19lkt0s1bcbuk3yfoao719j2w21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19lkt0s1bcbuk3yfoao719j2w21|03|net"; nocase; ) # 1hzo1jd3uz6y413w8k53kamvmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hzo1jd3uz6y413w8k53kamvmp|03|com"; nocase; ) # 1q08srbt49sts9ryjbj13mebw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q08srbt49sts9ryjbj13mebw5|03|net"; nocase; ) # 12l2d2qxsopqbb12d7s16qhc34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12l2d2qxsopqbb12d7s16qhc34|03|com"; nocase; ) # mrdwb5dq9od7eu03vb2wv0ax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mrdwb5dq9od7eu03vb2wv0ax|03|biz"; nocase; ) # gefyu01lxcpxlbavuptxgt47q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gefyu01lxcpxlbavuptxgt47q|03|net"; nocase; ) # 1bs48a1l7ieri1bvj6cu1voh234.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bs48a1l7ieri1bvj6cu1voh234|03|net"; nocase; ) # 1an52ka16v7ccte2id7919vhx2g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1an52ka16v7ccte2id7919vhx2g|03|com"; nocase; ) # 1bodbi01q94r0r1qk3s3mw1pjg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bodbi01q94r0r1qk3s3mw1pjg6|03|net"; nocase; ) # wfvqtgnycuqggr8vtz722rg6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wfvqtgnycuqggr8vtz722rg6|03|org"; nocase; ) # lp97sr1emdpvq4sqy8cjqlgwa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lp97sr1emdpvq4sqy8cjqlgwa|03|biz"; nocase; ) # l3jvwt1bf589j1wrqi7o1y35ufp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l3jvwt1bf589j1wrqi7o1y35ufp|03|net"; nocase; ) # 1ejf4qb1fjmxcc1w981y111wgxi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ejf4qb1fjmxcc1w981y111wgxi|03|net"; nocase; ) # 1cisxkb18pgikbvkag1xj88247.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cisxkb18pgikbvkag1xj88247|03|com"; nocase; ) # 187h6qk1j15fbx3jouy4e50c8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|187h6qk1j15fbx3jouy4e50c8v|03|net"; nocase; ) # 1100bsm1f4hjxb1knyeql25gllj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1100bsm1f4hjxb1knyeql25gllj|03|org"; nocase; ) # 1cpfcqf18xzeoe1pbgs49yey25c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cpfcqf18xzeoe1pbgs49yey25c|03|org"; nocase; ) # vvehiz1m9hrup1k9im415o5at2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vvehiz1m9hrup1k9im415o5at2|03|net"; nocase; ) # 1u5rgrv1frniya1yhjpb0jlrd8j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u5rgrv1frniya1yhjpb0jlrd8j|03|org"; nocase; ) # n4vppa5ogjxlx1xhkm1dn60cs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n4vppa5ogjxlx1xhkm1dn60cs|03|com"; nocase; ) # 1whgzqr1bwbmro14g701p4fyd2d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1whgzqr1bwbmro14g701p4fyd2d|03|org"; nocase; ) # 76ysaiu4tr6u14tw8oe6zjqdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|76ysaiu4tr6u14tw8oe6zjqdy|03|net"; nocase; ) # xr48rkue0zdieojhvj1mwldzq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xr48rkue0zdieojhvj1mwldzq|03|biz"; nocase; ) # 18ilv3yk21cmd1y1req6ogwpsu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ilv3yk21cmd1y1req6ogwpsu|03|org"; nocase; ) # 1pfd82g14w5ned8w0fr1sphxl8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pfd82g14w5ned8w0fr1sphxl8|03|org"; nocase; ) # mm7wc9mt6cbx1q466svr1ar65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mm7wc9mt6cbx1q466svr1ar65|03|org"; nocase; ) # 11ncd6t18tms961whzyhd1kdty78.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11ncd6t18tms961whzyhd1kdty78|03|biz"; nocase; ) # vo6n3p4qkmgp1yjfwfbwpuhvl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vo6n3p4qkmgp1yjfwfbwpuhvl|03|net"; nocase; ) # ijdvnton308o48jmufbuyhoy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ijdvnton308o48jmufbuyhoy|03|com"; nocase; ) # 4vld2gqj666g1aso57khy19o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4vld2gqj666g1aso57khy19o|03|org"; nocase; ) # 9lt2se11wptz9rmon0s14j29c4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9lt2se11wptz9rmon0s14j29c4|03|net"; nocase; ) # 88rejw1nu6p9a2cta56dt5lym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88rejw1nu6p9a2cta56dt5lym|03|net"; nocase; ) # 1l5guj31ccazuxiads81os0re6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l5guj31ccazuxiads81os0re6|03|org"; nocase; ) # 8ks7lugfq3ef190gsawpmuct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8ks7lugfq3ef190gsawpmuct|03|net"; nocase; ) # vqpg18iosofoep95buyerk0s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vqpg18iosofoep95buyerk0s|03|biz"; nocase; ) # 1oy19slke92yipdi897mkky05.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oy19slke92yipdi897mkky05|03|com"; nocase; ) # 9ohfnx1a9vw8ze305931rcjjwg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ohfnx1a9vw8ze305931rcjjwg|03|com"; nocase; ) # 3zsxa1sui22c5sjgh02t9qco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3zsxa1sui22c5sjgh02t9qco|03|org"; nocase; ) # dvqnbzdsz4zdgpmomeadgdm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dvqnbzdsz4zdgpmomeadgdm6|03|net"; nocase; ) # 1940nkw1p15pwc14femg31kadijq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1940nkw1p15pwc14femg31kadijq|03|biz"; nocase; ) # 1i9oyuycxx00stocrnw2hyxv0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i9oyuycxx00stocrnw2hyxv0|03|org"; nocase; ) # 73zprn7l0az71hh4qo56skqw1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|73zprn7l0az71hh4qo56skqw1|03|biz"; nocase; ) # hmvw5g1g1ytdf1j9uvoq1rqfimo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hmvw5g1g1ytdf1j9uvoq1rqfimo|03|org"; nocase; ) # 1idkklc6u1vrh1qv7e7hu2tisn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1idkklc6u1vrh1qv7e7hu2tisn|03|net"; nocase; ) # n58mt510kcc9bs6ndieciwkig.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n58mt510kcc9bs6ndieciwkig|03|org"; nocase; ) # p6nm471x827w614jo6gq1176exh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p6nm471x827w614jo6gq1176exh|03|com"; nocase; ) # 188jlxqt0erquxdi21r19oi65z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|188jlxqt0erquxdi21r19oi65z|03|com"; nocase; ) # wo9orj1v8rpoe17lgekvd5f0yj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wo9orj1v8rpoe17lgekvd5f0yj|03|biz"; nocase; ) # 11nvger1u4mmsemagnve1uj4n6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nvger1u4mmsemagnve1uj4n6s|03|com"; nocase; ) # xn4aq6qkkjl91t1uz18qg70px.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xn4aq6qkkjl91t1uz18qg70px|03|biz"; nocase; ) # 737hhn1avvtl04khdoj19cm93b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|737hhn1avvtl04khdoj19cm93b|03|net"; nocase; ) # 1zh73o3kwson6kh6o012yf7en.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1zh73o3kwson6kh6o012yf7en|03|com"; nocase; ) # 13zf6gvxzn7n314nj2mjs1qxza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13zf6gvxzn7n314nj2mjs1qxza|03|net"; nocase; ) # 1d6fk6d1oj76sl76mw1212dwlc8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d6fk6d1oj76sl76mw1212dwlc8|03|com"; nocase; ) # 1ii01wobybsl5307jfej742zx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ii01wobybsl5307jfej742zx|03|biz"; nocase; ) # zd683n54407tyvnccuo3gtd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|zd683n54407tyvnccuo3gtd|03|org"; nocase; ) # 14gbj9oxfounx27ymf92c74h0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14gbj9oxfounx27ymf92c74h0|03|com"; nocase; ) # 91bp511dgvy9gltfa61742q20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91bp511dgvy9gltfa61742q20|03|org"; nocase; ) # 80ywx11xsbm0pipme0a1aod2y2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|80ywx11xsbm0pipme0a1aod2y2|03|net"; nocase; ) # m4ekzb569rpljx153stgupx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m4ekzb569rpljx153stgupx4|03|net"; nocase; ) # 1hr8e8312dw37wtd3aqe1g0uudw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hr8e8312dw37wtd3aqe1g0uudw|03|org"; nocase; ) # 19hux8zuvztk0vcusmup9dkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|19hux8zuvztk0vcusmup9dkm|03|biz"; nocase; ) # 3xy93y1ot4v3gn0fn8c1a5qf2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3xy93y1ot4v3gn0fn8c1a5qf2v|03|org"; nocase; ) # gs9y4l61i05s7rnaywqspi4i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gs9y4l61i05s7rnaywqspi4i|03|org"; nocase; ) # 1yfbnnls843a5tnbtk9t3bktv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yfbnnls843a5tnbtk9t3bktv|03|net"; nocase; ) # 1v5sszofthk9nx1mfvu9kiv75.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v5sszofthk9nx1mfvu9kiv75|03|org"; nocase; ) # d2wiba566khdcueyob1e9gv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d2wiba566khdcueyob1e9gv8|03|com"; nocase; ) # tiwwxa1x5a9wg12bnrmey3thvi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tiwwxa1x5a9wg12bnrmey3thvi|03|org"; nocase; ) # 1fl8426nbrhzfsggx3i1iw0wkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fl8426nbrhzfsggx3i1iw0wkm|03|com"; nocase; ) # 1gj3z54vqw1wpkaqhapglb9ts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gj3z54vqw1wpkaqhapglb9ts|03|net"; nocase; ) # 1g9npda1r8a82m1xppz82fgmz4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g9npda1r8a82m1xppz82fgmz4j|03|com"; nocase; ) # 1fe3kkr12uzqxw1fs5d5wzn09yt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fe3kkr12uzqxw1fs5d5wzn09yt|03|biz"; nocase; ) # ll3knss3euslxczgvpwufdss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ll3knss3euslxczgvpwufdss|03|com"; nocase; ) # 1np8i271afdep5owitc7q013w0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1np8i271afdep5owitc7q013w0|03|net"; nocase; ) # 1g0kezfykub2s1973224sba0t7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g0kezfykub2s1973224sba0t7|03|com"; nocase; ) # 1m89dctq08exq1ef0cl6y7wuib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m89dctq08exq1ef0cl6y7wuib|03|net"; nocase; ) # 1k3c68e9nagjj1tttrbw1gevwss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k3c68e9nagjj1tttrbw1gevwss|03|net"; nocase; ) # 1co9qnd3ku2gr1sc1cxlr1495.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1co9qnd3ku2gr1sc1cxlr1495|03|biz"; nocase; ) # nx21pb1adt89s1yet32q1p0j1wx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nx21pb1adt89s1yet32q1p0j1wx|03|biz"; nocase; ) # tlx0j2ytkrdyexsi6unekq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|tlx0j2ytkrdyexsi6unekq|03|com"; nocase; ) # im7i7mykq5pz1elp3wg89pyck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|im7i7mykq5pz1elp3wg89pyck|03|net"; nocase; ) # 18s36w61mlqkireafc325rj2bu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18s36w61mlqkireafc325rj2bu|03|net"; nocase; ) # 14xkivt18ekm0elkgi9o14jkfx2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14xkivt18ekm0elkgi9o14jkfx2|03|net"; nocase; ) # 4bbnxs1ifm2vi1vtblyn1guxc05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4bbnxs1ifm2vi1vtblyn1guxc05|03|org"; nocase; ) # 1by89ap944kyr1k90f0m1p9fjhv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1by89ap944kyr1k90f0m1p9fjhv|03|biz"; nocase; ) # 1dzfyvc1gxh5g5mxyac1nz3r79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dzfyvc1gxh5g5mxyac1nz3r79|03|net"; nocase; ) # 1j5as7m1sp9ylf1ga4kxy1bt7a4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j5as7m1sp9ylf1ga4kxy1bt7a4u|03|net"; nocase; ) # 1cqmy6z17n0v5yfedp6h106gtyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cqmy6z17n0v5yfedp6h106gtyc|03|com"; nocase; ) # 4i8d3qi2ukrv1p91ksprffrfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4i8d3qi2ukrv1p91ksprffrfa|03|com"; nocase; ) # x1bogd1owvviz40v82q1bx0k52.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1bogd1owvviz40v82q1bx0k52|03|org"; nocase; ) # mwr2zk1dcehudj9azyyk189i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mwr2zk1dcehudj9azyyk189i|03|biz"; nocase; ) # 1lsiksj1c6fam11irw5zk4d9i4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsiksj1c6fam11irw5zk4d9i4q|03|net"; nocase; ) # 1s2ankroeucss18a57y81r6co8c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2ankroeucss18a57y81r6co8c|03|net"; nocase; ) # k3av6517enalyo0112127hgre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k3av6517enalyo0112127hgre|03|net"; nocase; ) # 1387nhm1domc56ozt747qetl1l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1387nhm1domc56ozt747qetl1l|03|biz"; nocase; ) # xwrp91bkcs3c15zh7j21lhehyy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwrp91bkcs3c15zh7j21lhehyy|03|biz"; nocase; ) # 1lbgtq1imsmnpwszxrx1288r4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lbgtq1imsmnpwszxrx1288r4e|03|biz"; nocase; ) # yym2wycucqcy1sh2j0u19czis7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yym2wycucqcy1sh2j0u19czis7|03|com"; nocase; ) # 14emcoayx20km1k4c8zg1sfeyp1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14emcoayx20km1k4c8zg1sfeyp1|03|net"; nocase; ) # 1prqrdu1fs4b3kkklunlqmoq0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1prqrdu1fs4b3kkklunlqmoq0d|03|net"; nocase; ) # wfra5jhc356yh69s0v8ht1ip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wfra5jhc356yh69s0v8ht1ip|03|org"; nocase; ) # 1daz41g1b3r0h2290yj51gop8y8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1daz41g1b3r0h2290yj51gop8y8|03|net"; nocase; ) # 1a6ldz1c2lgu61575qe011lqie5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6ldz1c2lgu61575qe011lqie5|03|biz"; nocase; ) # 46l53710s9xc712or5ga1cudx48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|46l53710s9xc712or5ga1cudx48|03|net"; nocase; ) # mifi00j7xp8vxrp5qhw1jo0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mifi00j7xp8vxrp5qhw1jo0a|03|org"; nocase; ) # 27b7na1xw02e41rs9shwe38bya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|27b7na1xw02e41rs9shwe38bya|03|net"; nocase; ) # 1sb6pzi1jnfnx1c3kemn1lwrpki.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sb6pzi1jnfnx1c3kemn1lwrpki|03|biz"; nocase; ) # ach0epbd0zul1pm8qnby37pj8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ach0epbd0zul1pm8qnby37pj8|03|biz"; nocase; ) # 1j7zh1y12glf681ougxqpfnbyro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7zh1y12glf681ougxqpfnbyro|03|com"; nocase; ) # 1ks1apq1g7syb8143rcak9h9lfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ks1apq1g7syb8143rcak9h9lfn|03|net"; nocase; ) # 17tl0jt7bnda3swxn5b1lwdrua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17tl0jt7bnda3swxn5b1lwdrua|03|com"; nocase; ) # m5yx4eb78zmx1h7ictb1k5274o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m5yx4eb78zmx1h7ictb1k5274o|03|org"; nocase; ) # g2znic1cvw4q61bp4cgv1ogpaxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g2znic1cvw4q61bp4cgv1ogpaxi|03|org"; nocase; ) # 1kouqex181lr9z1qtkrz15bub10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kouqex181lr9z1qtkrz15bub10|03|net"; nocase; ) # tgoxwjwr7rdvpf831n1flqrvt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tgoxwjwr7rdvpf831n1flqrvt|03|net"; nocase; ) # 107q0nq1hup9tmx93zofx54qgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107q0nq1hup9tmx93zofx54qgn|03|com"; nocase; ) # kd5h17djkm7e185b6kb1ux6en7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kd5h17djkm7e185b6kb1ux6en7|03|org"; nocase; ) # 1cjjy311tx94h91ddfu2j1uh35uu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cjjy311tx94h91ddfu2j1uh35uu|03|biz"; nocase; ) # bpdwyu1brfun99jun9r1ox6qq3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bpdwyu1brfun99jun9r1ox6qq3|03|org"; nocase; ) # 1yhs5xk15zxi97105vl4v165wbs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yhs5xk15zxi97105vl4v165wbs2|03|net"; nocase; ) # 126ulpin0tizs64atna1qffvx6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|126ulpin0tizs64atna1qffvx6|03|org"; nocase; ) # vryfqt1d988q81s00kvdghn0yb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vryfqt1d988q81s00kvdghn0yb|03|org"; nocase; ) # 1cv3lsp1hrfmb1i3da0o1sdb56a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cv3lsp1hrfmb1i3da0o1sdb56a|03|org"; nocase; ) # to60lk1oka9rkkcsgmu1an8o32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|to60lk1oka9rkkcsgmu1an8o32|03|com"; nocase; ) # vfxals1ypwtubbrfyf91aa6aoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vfxals1ypwtubbrfyf91aa6aoy|03|biz"; nocase; ) # 1v5imopy26rnc1d3yliiaqktvt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5imopy26rnc1d3yliiaqktvt|03|com"; nocase; ) # xs9ib21am4snwokx7t11q1gz22.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xs9ib21am4snwokx7t11q1gz22|03|org"; nocase; ) # nz0sp819puvskpgjps4kdze5w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nz0sp819puvskpgjps4kdze5w|03|org"; nocase; ) # j14ldi1590bq9jx1w6ay8qbnz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j14ldi1590bq9jx1w6ay8qbnz|03|org"; nocase; ) # 1ldybsav5ipgkdnq8uh1u01wz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ldybsav5ipgkdnq8uh1u01wz8|03|com"; nocase; ) # 1x6wjrd176evau1s9hgm93ilmk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x6wjrd176evau1s9hgm93ilmk6|03|com"; nocase; ) # yflc6g1ibkt8nc2hc02g9wcp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yflc6g1ibkt8nc2hc02g9wcp|03|biz"; nocase; ) # oeaq001y1tj2s113v3gf1x0pen5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oeaq001y1tj2s113v3gf1x0pen5|03|org"; nocase; ) # 1hkrou8lc3oeadxm4qq1tv1adw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hkrou8lc3oeadxm4qq1tv1adw|03|org"; nocase; ) # 16jdch915ehn731ltwlxjxwb1j8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16jdch915ehn731ltwlxjxwb1j8|03|org"; nocase; ) # ivrnytq59y2317dqq6s11acuz3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ivrnytq59y2317dqq6s11acuz3|03|net"; nocase; ) # 1691ivs100xd5x1f65iohj86co4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1691ivs100xd5x1f65iohj86co4|03|com"; nocase; ) # x9g2sq1h11jvx1h2t5e81umep7u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x9g2sq1h11jvx1h2t5e81umep7u|03|net"; nocase; ) # vy54b7u5j7s6q9iqxht9ibxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vy54b7u5j7s6q9iqxht9ibxb|03|org"; nocase; ) # he1k0i1hirf7f18cys23ctnlvy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|he1k0i1hirf7f18cys23ctnlvy|03|net"; nocase; ) # 1g6mgohgps96x8f7znmvs67p7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g6mgohgps96x8f7znmvs67p7|03|com"; nocase; ) # 8zi8dswdy5804vnwpyfzvfbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8zi8dswdy5804vnwpyfzvfbt|03|com"; nocase; ) # 1mvlhw9xz6okl1ilemlf1vvdhv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mvlhw9xz6okl1ilemlf1vvdhv3|03|net"; nocase; ) # 1xi1nnu4kf166gku7xy1aotw3y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xi1nnu4kf166gku7xy1aotw3y|03|org"; nocase; ) # r7k9enhdk8ouxptefrwbuj9c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r7k9enhdk8ouxptefrwbuj9c|03|com"; nocase; ) # 1x7qj1okz7lp31doxp4uf8egjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x7qj1okz7lp31doxp4uf8egjx|03|net"; nocase; ) # xnvktol2st5s2gtum4b7empo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xnvktol2st5s2gtum4b7empo|03|org"; nocase; ) # 1q3vs171sdwp7d1886xl1y7frgl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q3vs171sdwp7d1886xl1y7frgl|03|org"; nocase; ) # 7vyr541u24tah1urvu491s707u0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7vyr541u24tah1urvu491s707u0|03|biz"; nocase; ) # z7v6m7cgeaa1ej9b4i1ki7ntv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z7v6m7cgeaa1ej9b4i1ki7ntv|03|org"; nocase; ) # 1r5q8yt1a7d0ji1gb5kse1e5hxz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r5q8yt1a7d0ji1gb5kse1e5hxz8|03|com"; nocase; ) # 1mobdx31k2a92yfc4wm6w6h37k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mobdx31k2a92yfc4wm6w6h37k|03|net"; nocase; ) # 123j0p11umgcd3if7h701r8a6pe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|123j0p11umgcd3if7h701r8a6pe|03|com"; nocase; ) # 1slokr1mhln8n1blup8e1maacp3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1slokr1mhln8n1blup8e1maacp3|03|org"; nocase; ) # kkun941t8sm7tgdrakrugomxl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkun941t8sm7tgdrakrugomxl|03|org"; nocase; ) # 8rnsfk1ex49y2fy0291ue80d6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8rnsfk1ex49y2fy0291ue80d6|03|com"; nocase; ) # 1dgt1fs1a0zls51r1e8e71qixbki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dgt1fs1a0zls51r1e8e71qixbki|03|org"; nocase; ) # 1krmaxy1246yt0jimatb1fxhchl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1krmaxy1246yt0jimatb1fxhchl|03|net"; nocase; ) # q10jpj17i3vg027ivhh24467l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q10jpj17i3vg027ivhh24467l|03|biz"; nocase; ) # cabic8sb2e9lyk7llc1st6mmi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cabic8sb2e9lyk7llc1st6mmi|03|net"; nocase; ) # 1dgwo26gmsnt5900fnm1e6nxah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dgwo26gmsnt5900fnm1e6nxah|03|com"; nocase; ) # ty7fng1dtagjkok6oaf4um9zz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ty7fng1dtagjkok6oaf4um9zz|03|com"; nocase; ) # 182dk221gxecoe1wfqsqw1hgo79n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|182dk221gxecoe1wfqsqw1hgo79n|03|org"; nocase; ) # 5v7osa15ty6sxdm5r21ha2hcr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5v7osa15ty6sxdm5r21ha2hcr|03|net"; nocase; ) # ut8u397ik4761g2i1ygpvowjz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ut8u397ik4761g2i1ygpvowjz|03|net"; nocase; ) # 1ua0o971yw6tja1dqimlk1qdhi8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ua0o971yw6tja1dqimlk1qdhi8h|03|net"; nocase; ) # wki6hs1yytva3knal9uqy4tot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wki6hs1yytva3knal9uqy4tot|03|net"; nocase; ) # v44hgw5p8fg31qmter71xmq5gd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v44hgw5p8fg31qmter71xmq5gd|03|biz"; nocase; ) # bwlvbh16rxfyn1i7qh4qmgs57v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwlvbh16rxfyn1i7qh4qmgs57v|03|net"; nocase; ) # tf9x641tkcnpu9u8oke16zgsbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tf9x641tkcnpu9u8oke16zgsbx|03|org"; nocase; ) # 6nq2uemu0kq31dolx6i189c8vz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nq2uemu0kq31dolx6i189c8vz|03|net"; nocase; ) # 11k33h1kci08pmbxfor1yhqvhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11k33h1kci08pmbxfor1yhqvhm|03|com"; nocase; ) # 170a40vnowx19347t311cfzd4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|170a40vnowx19347t311cfzd4|03|org"; nocase; ) # 148yesusww4ft122wa0zl4u4wd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|148yesusww4ft122wa0zl4u4wd|03|biz"; nocase; ) # 1gvnsbihkv45pcsnkdh1ugqay1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gvnsbihkv45pcsnkdh1ugqay1|03|net"; nocase; ) # gqjc8w15yr0ua8rmvg9wky7r5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqjc8w15yr0ua8rmvg9wky7r5|03|org"; nocase; ) # e4moxk9sr6ui14pjcailkmeqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e4moxk9sr6ui14pjcailkmeqw|03|org"; nocase; ) # iywg271jk2g0r1dkiu6b193ir76.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iywg271jk2g0r1dkiu6b193ir76|03|biz"; nocase; ) # y6wra3bchsmdplhe5k1nddg9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y6wra3bchsmdplhe5k1nddg9a|03|net"; nocase; ) # 1i10nmg1413ynp19hyd4q17h1vr6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i10nmg1413ynp19hyd4q17h1vr6|03|org"; nocase; ) # 1xlphfz1h143xy1mmr32yeqg2l4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xlphfz1h143xy1mmr32yeqg2l4|03|net"; nocase; ) # 1vfdbmj88une3184ug3bwj2lfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vfdbmj88une3184ug3bwj2lfe|03|com"; nocase; ) # 160t3j71qqbmtxwxtsr8120q9lb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|160t3j71qqbmtxwxtsr8120q9lb|03|org"; nocase; ) # 1f0ir8sthejyn1nmjq2mldjk0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f0ir8sthejyn1nmjq2mldjk0q|03|net"; nocase; ) # eddynt64ifd6jwvvvi1lvo5zt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eddynt64ifd6jwvvvi1lvo5zt|03|com"; nocase; ) # 1qlyhtp7w1qo1db2vgogno139.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qlyhtp7w1qo1db2vgogno139|03|net"; nocase; ) # 16i41bs1p9mvck1gd3klq12bi93t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16i41bs1p9mvck1gd3klq12bi93t|03|org"; nocase; ) # nnteb5ldfdk710dn3in1gd5539.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnteb5ldfdk710dn3in1gd5539|03|biz"; nocase; ) # 1pyjax91k9bfrq1dz44kj2wjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pyjax91k9bfrq1dz44kj2wjt|03|biz"; nocase; ) # 13txzhz1dqv3gz1p5zbn2x37cys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13txzhz1dqv3gz1p5zbn2x37cys|03|org"; nocase; ) # 112281kav19w6c77dbw1jmmywn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112281kav19w6c77dbw1jmmywn|03|net"; nocase; ) # 1b3i6x44fydyb1fy9un31p3ajj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3i6x44fydyb1fy9un31p3ajj6|03|net"; nocase; ) # bqbk2i1fgkxat1lnuswsnz70vz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bqbk2i1fgkxat1lnuswsnz70vz|03|com"; nocase; ) # adqdf5dvov26jwa7sm13lsmh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|adqdf5dvov26jwa7sm13lsmh6|03|net"; nocase; ) # 1qm54uu1d8dvsq1d45tr91o501bu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qm54uu1d8dvsq1d45tr91o501bu|03|com"; nocase; ) # 10ji92cn3qsk51gq2hk854t15u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ji92cn3qsk51gq2hk854t15u|03|org"; nocase; ) # 1ne23fkimceey2ntw4d11e13k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ne23fkimceey2ntw4d11e13k|03|com"; nocase; ) # dl3wiu10ch6nq5lw8u41bmql99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dl3wiu10ch6nq5lw8u41bmql99|03|com"; nocase; ) # x8ato81rmgrut1ur0w7ulwm4kw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x8ato81rmgrut1ur0w7ulwm4kw|03|org"; nocase; ) # 19wtr4c1c3h2iv101ejoeqatqtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19wtr4c1c3h2iv101ejoeqatqtj|03|net"; nocase; ) # 1djjej1oy5lgm1n2446p16gh76x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1djjej1oy5lgm1n2446p16gh76x|03|com"; nocase; ) # 24e5sn7vqwbaui6ckpnf58le.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|24e5sn7vqwbaui6ckpnf58le|03|biz"; nocase; ) # 3i5c0liquwo27dmj3xpr1hie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3i5c0liquwo27dmj3xpr1hie|03|net"; nocase; ) # 1o1flip1eq2dspodo3t1ed6zzi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o1flip1eq2dspodo3t1ed6zzi|03|com"; nocase; ) # w6ewh3m5f43c1czbw3f1imgg3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w6ewh3m5f43c1czbw3f1imgg3m|03|org"; nocase; ) # 1uxckivdakd0x121gqhi15lgazr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uxckivdakd0x121gqhi15lgazr|03|net"; nocase; ) # 6d0lb3wf5zxa3mp41q1usz06o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6d0lb3wf5zxa3mp41q1usz06o|03|biz"; nocase; ) # 3vk8slo7evpppskluc1qo62ri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3vk8slo7evpppskluc1qo62ri|03|org"; nocase; ) # 2ndhxc40siel1f25ad3rsohc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ndhxc40siel1f25ad3rsohc1|03|com"; nocase; ) # v6iv0x14t7mzm1sudipp7rum0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v6iv0x14t7mzm1sudipp7rum0b|03|net"; nocase; ) # 19wlpgb19npgi9145qyp3irgr3m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19wlpgb19npgi9145qyp3irgr3m|03|com"; nocase; ) # 18r98mc12ra6yrkpzwtnpf5u85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18r98mc12ra6yrkpzwtnpf5u85|03|org"; nocase; ) # tn2dmoh62z8bufzcbg1gl9saq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tn2dmoh62z8bufzcbg1gl9saq|03|net"; nocase; ) # s0tqv726qs7e1pu2xhqyiuikf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s0tqv726qs7e1pu2xhqyiuikf|03|net"; nocase; ) # 8b82rnu2q1rl1oi8qgx171pukv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8b82rnu2q1rl1oi8qgx171pukv|03|net"; nocase; ) # 74za23se868h11ej3n044cgo2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74za23se868h11ej3n044cgo2|03|biz"; nocase; ) # o58kx5yvrbo2o61jyj1armo3t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o58kx5yvrbo2o61jyj1armo3t|03|net"; nocase; ) # lmaqb3li9nes1j2isvy13kerio.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmaqb3li9nes1j2isvy13kerio|03|biz"; nocase; ) # t76ym412u20qxvnvg261rfqfgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t76ym412u20qxvnvg261rfqfgj|03|net"; nocase; ) # 12qe11yibaff1vuq7i51ps6a08.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12qe11yibaff1vuq7i51ps6a08|03|org"; nocase; ) # 1s63an7zear1x1ord4hb1ofo24m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s63an7zear1x1ord4hb1ofo24m|03|com"; nocase; ) # 1rssyqx11hwv5razzudv4s3tlz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rssyqx11hwv5razzudv4s3tlz|03|com"; nocase; ) # 1gl0oq1i1aa361xcr0fjfw3byg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gl0oq1i1aa361xcr0fjfw3byg|03|net"; nocase; ) # u1jgxs15ddwgmjb0pr61ogn6po.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u1jgxs15ddwgmjb0pr61ogn6po|03|com"; nocase; ) # 171fy5315dhgqtxb8964snmy4m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|171fy5315dhgqtxb8964snmy4m|03|org"; nocase; ) # hi38zdq9mt3a15ky37mfwokv9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hi38zdq9mt3a15ky37mfwokv9|03|net"; nocase; ) # 1dhfegb5har5k1s9garjsjyjw9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dhfegb5har5k1s9garjsjyjw9|03|com"; nocase; ) # c5bbwwnfabub1q9brawtct4cu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c5bbwwnfabub1q9brawtct4cu|03|org"; nocase; ) # a9th6c145xr4kv97pv31nr33wj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a9th6c145xr4kv97pv31nr33wj|03|biz"; nocase; ) # 10tpecgdzs2xzfiuw11bu9qjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10tpecgdzs2xzfiuw11bu9qjb|03|net"; nocase; ) # ivdiqchmhkswztcp5mue4cuc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ivdiqchmhkswztcp5mue4cuc|03|biz"; nocase; ) # 1qas1zz1ued3kledwdc315x9ymd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qas1zz1ued3kledwdc315x9ymd|03|com"; nocase; ) # caokklrynlbnnuheejcl8boo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|caokklrynlbnnuheejcl8boo|03|biz"; nocase; ) # rp45ym1ccl0icg1i4zcjstn8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rp45ym1ccl0icg1i4zcjstn8s|03|com"; nocase; ) # 1jgbmkq1ns6eoi8c7s7k2nq8d2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jgbmkq1ns6eoi8c7s7k2nq8d2|03|com"; nocase; ) # 1sdv1zc1hfqyh71f4m8sa11jzq67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sdv1zc1hfqyh71f4m8sa11jzq67|03|org"; nocase; ) # 7nqrwfho5cx21feiz3z12y3dj9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7nqrwfho5cx21feiz3z12y3dj9|03|com"; nocase; ) # t8c7mp1y3wdnm8oilrzegq10a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t8c7mp1y3wdnm8oilrzegq10a|03|net"; nocase; ) # 13s9rb41ufxqtn1lhzad81bc3dqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13s9rb41ufxqtn1lhzad81bc3dqc|03|org"; nocase; ) # 15226jy143b7xw5yuhaz1snugo9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15226jy143b7xw5yuhaz1snugo9|03|biz"; nocase; ) # 1jr3lvy3ume7s1vkt7rnlc3esc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jr3lvy3ume7s1vkt7rnlc3esc|03|biz"; nocase; ) # 1eauchtl7dxvewcfuy16kv50t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eauchtl7dxvewcfuy16kv50t|03|org"; nocase; ) # 1kohma61qmlrk2pq7ivnayuez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kohma61qmlrk2pq7ivnayuez|03|com"; nocase; ) # 1c219ycbxhl8r1147o6311aq6qx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c219ycbxhl8r1147o6311aq6qx|03|com"; nocase; ) # fop7iialm4oneqo73htqtfn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fop7iialm4oneqo73htqtfn9|03|net"; nocase; ) # yroe731kqo6qrl1xqep1gilyi0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yroe731kqo6qrl1xqep1gilyi0|03|net"; nocase; ) # 1wskuiueu6w4m1soczl82uc0kg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wskuiueu6w4m1soczl82uc0kg|03|org"; nocase; ) # 1r4p7ufdpv9ct13z79ld1xdwq5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r4p7ufdpv9ct13z79ld1xdwq5h|03|net"; nocase; ) # n751x31fmpfy71bi7xhacio5k7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n751x31fmpfy71bi7xhacio5k7|03|com"; nocase; ) # 175nxlt103cvvd1ooj0vd64oare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|175nxlt103cvvd1ooj0vd64oare|03|com"; nocase; ) # 1cbxkw21e5virl1wl6d0kdsavte.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cbxkw21e5virl1wl6d0kdsavte|03|biz"; nocase; ) # 1dl6q3g1b4zcohzm1jt1176vcn7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dl6q3g1b4zcohzm1jt1176vcn7|03|com"; nocase; ) # dolitt1q51zdn1cgjpi457xej8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dolitt1q51zdn1cgjpi457xej8|03|biz"; nocase; ) # 1wksg791gbu6uuxy6ypzwfr5ut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wksg791gbu6uuxy6ypzwfr5ut|03|org"; nocase; ) # 1k4p1sr11bdifkv31sq41c7zcl2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k4p1sr11bdifkv31sq41c7zcl2|03|com"; nocase; ) # 19g4uv3b3h0xe17ut3dvth85bm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19g4uv3b3h0xe17ut3dvth85bm|03|org"; nocase; ) # 1xme3u112z0mjo10gwis92sbywn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xme3u112z0mjo10gwis92sbywn|03|com"; nocase; ) # 1acenrd1mbayenrxzdn31yy76qp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1acenrd1mbayenrxzdn31yy76qp|03|biz"; nocase; ) # 1ptll4h1sf3isrfaxbp81lvvz8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptll4h1sf3isrfaxbp81lvvz8i|03|com"; nocase; ) # crngximguxq1fztcljvlx9bg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|crngximguxq1fztcljvlx9bg|03|org"; nocase; ) # 10wmbzannah3018387dgrq6rj8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wmbzannah3018387dgrq6rj8|03|net"; nocase; ) # 1g45vpg18vj70hbr6zea1aw5rao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g45vpg18vj70hbr6zea1aw5rao|03|net"; nocase; ) # 705iij1iwlfyxs7q9q38h6ine.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|705iij1iwlfyxs7q9q38h6ine|03|org"; nocase; ) # kolm62o70gc11sy0acn1jjk5l9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kolm62o70gc11sy0acn1jjk5l9|03|net"; nocase; ) # 3v5d2n1t2w5uhw68fb5faxoyq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3v5d2n1t2w5uhw68fb5faxoyq|03|net"; nocase; ) # 191if4pxky7p510stz1v2lr7uy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|191if4pxky7p510stz1v2lr7uy|03|org"; nocase; ) # xdw3k8jaukpyqwskck1uc9uom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xdw3k8jaukpyqwskck1uc9uom|03|com"; nocase; ) # vg01w21fmzswje1h2wz13drvjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vg01w21fmzswje1h2wz13drvjt|03|com"; nocase; ) # qtvsha1j5zmbhk9m32axfoxu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qtvsha1j5zmbhk9m32axfoxu7|03|net"; nocase; ) # 8ohjof18ozr2v1c2r8kemzo6ge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ohjof18ozr2v1c2r8kemzo6ge|03|biz"; nocase; ) # 11al2qy14gltezf832pb1j3ko09.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11al2qy14gltezf832pb1j3ko09|03|biz"; nocase; ) # 14pv66a1gp7cayod97mbp20ir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14pv66a1gp7cayod97mbp20ir|03|net"; nocase; ) # 1219lq8atbia41gll3v51ltlrsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1219lq8atbia41gll3v51ltlrsd|03|net"; nocase; ) # 1g0qr1j1dz4kyd1wohf2npnt0k4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g0qr1j1dz4kyd1wohf2npnt0k4|03|org"; nocase; ) # 1rjfeql1jnznm73gk5v2ei7p3j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rjfeql1jnznm73gk5v2ei7p3j|03|com"; nocase; ) # kefc4hzbt0mu1hzyw0x1wcxuzq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kefc4hzbt0mu1hzyw0x1wcxuzq|03|net"; nocase; ) # 18kp0lx1fem8ip1ucsc041qhszzv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18kp0lx1fem8ip1ucsc041qhszzv|03|org"; nocase; ) # 2ovx9n1ohjzb8it3o53posayv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ovx9n1ohjzb8it3o53posayv|03|net"; nocase; ) # 189chqx1vwwpztll95i1833o6o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|189chqx1vwwpztll95i1833o6o|03|biz"; nocase; ) # fpkqq1lop2zs1oqkssy13ai76f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fpkqq1lop2zs1oqkssy13ai76f|03|org"; nocase; ) # 7wuuxg3jqbxc1rjmdgctsg9o0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7wuuxg3jqbxc1rjmdgctsg9o0|03|org"; nocase; ) # 1qrews0jmzg011c5m6lt13hnjjz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qrews0jmzg011c5m6lt13hnjjz|03|net"; nocase; ) # oo920xocg5gc1fy45g8hh8h2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oo920xocg5gc1fy45g8hh8h2a|03|com"; nocase; ) # a3j8vk42pzfs3f25mq1hwfg66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3j8vk42pzfs3f25mq1hwfg66|03|net"; nocase; ) # qr0zj8gdatl5e7lh54l7gjkw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qr0zj8gdatl5e7lh54l7gjkw|03|org"; nocase; ) # 1469a5haspeuz1mhb6bd1ks95fw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1469a5haspeuz1mhb6bd1ks95fw|03|net"; nocase; ) # 1ddkptmiuip781m626bc1t93ptv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ddkptmiuip781m626bc1t93ptv|03|net"; nocase; ) # hnqczlgaw66w1o1bxwf1n898xi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnqczlgaw66w1o1bxwf1n898xi|03|net"; nocase; ) # iupck8t0w7511r5pogt1glzrbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iupck8t0w7511r5pogt1glzrbi|03|net"; nocase; ) # 12glhs31mx0qmo4xwlprmju3q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12glhs31mx0qmo4xwlprmju3q|03|biz"; nocase; ) # 18jktny1uvjao51g1gf9c6hagtp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18jktny1uvjao51g1gf9c6hagtp|03|net"; nocase; ) # zpsc1g1su5nw31lkk0ry4l20u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zpsc1g1su5nw31lkk0ry4l20u|03|net"; nocase; ) # 165sl385ay5ud1gj3t9jrhws0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|165sl385ay5ud1gj3t9jrhws0n|03|biz"; nocase; ) # g3p04jdzwohh1gpurctdkijrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3p04jdzwohh1gpurctdkijrn|03|com"; nocase; ) # 1ov2ed8hyi5ee1ebv2s11llcqn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ov2ed8hyi5ee1ebv2s11llcqn9|03|net"; nocase; ) # 5uy4r62sqkfn546l241s9s560.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5uy4r62sqkfn546l241s9s560|03|com"; nocase; ) # j849cx1s24mzvxyjzt4l80oz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j849cx1s24mzvxyjzt4l80oz8|03|com"; nocase; ) # 86rhk6i455ph1b2czxyesyavt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86rhk6i455ph1b2czxyesyavt|03|org"; nocase; ) # mh5cj617r19iautdfcpusul4s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mh5cj617r19iautdfcpusul4s|03|biz"; nocase; ) # glszuqjpvdil1bheyw7gs1f5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glszuqjpvdil1bheyw7gs1f5z|03|net"; nocase; ) # nl9csa1ula8t31g4mtiq4g7j9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nl9csa1ula8t31g4mtiq4g7j9r|03|com"; nocase; ) # 11scmg613srifj1n4wnlpho0efv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11scmg613srifj1n4wnlpho0efv|03|com"; nocase; ) # 1gcc6lv1ohljnh1owcutk1k9pmh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gcc6lv1ohljnh1owcutk1k9pmh8|03|org"; nocase; ) # zn0erm2nmr9p1s9phbqlfnwxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn0erm2nmr9p1s9phbqlfnwxk|03|com"; nocase; ) # 12mao5k5jni9jr96srflw1uqn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12mao5k5jni9jr96srflw1uqn|03|com"; nocase; ) # 90s0ktu4x8d410f1dron9mneq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|90s0ktu4x8d410f1dron9mneq|03|biz"; nocase; ) # 1d259tw1t1hunlq1g93t19z2n5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d259tw1t1hunlq1g93t19z2n5r|03|net"; nocase; ) # 5cxz0c1mdilgh1utpfzq1rsfp0h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5cxz0c1mdilgh1utpfzq1rsfp0h|03|com"; nocase; ) # 1lpemb8wmp4hokoszf8r04yio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lpemb8wmp4hokoszf8r04yio|03|org"; nocase; ) # 1q2tanhp4rvj1agwzqevw8s98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q2tanhp4rvj1agwzqevw8s98|03|net"; nocase; ) # 1kax6vq9r3kbt1fizj1h1e2dcxu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kax6vq9r3kbt1fizj1h1e2dcxu|03|net"; nocase; ) # ubm5joz5i1vj1r013m81fa01ak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubm5joz5i1vj1r013m81fa01ak|03|com"; nocase; ) # y1obning49187xuz7lqaxfqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y1obning49187xuz7lqaxfqi|03|net"; nocase; ) # 1w8cdpk18yd7k56deu46vf6yym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w8cdpk18yd7k56deu46vf6yym|03|org"; nocase; ) # x9m5ey1nf159lvfz64i1bxbqxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x9m5ey1nf159lvfz64i1bxbqxw|03|net"; nocase; ) # 148nljsyy6ihp1r3m3k9181ym92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|148nljsyy6ihp1r3m3k9181ym92|03|net"; nocase; ) # 1ogymbs67orwg17xsrny23rio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ogymbs67orwg17xsrny23rio|03|com"; nocase; ) # leaxin1u7oise5ed361ltdqya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|leaxin1u7oise5ed361ltdqya|03|org"; nocase; ) # 1k7zvja1rsu8fn18lfy5ryot2u8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k7zvja1rsu8fn18lfy5ryot2u8|03|com"; nocase; ) # 11swz2c1rys8qu1vqv4lk11miscb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11swz2c1rys8qu1vqv4lk11miscb|03|net"; nocase; ) # ei4tgxc8c6k91qmp5771gjodx0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ei4tgxc8c6k91qmp5771gjodx0|03|biz"; nocase; ) # 9q5t2f1qemdv51v398wk1q8y73d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9q5t2f1qemdv51v398wk1q8y73d|03|net"; nocase; ) # 2sxvsmm58tcw1ffgwjo1cusnpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2sxvsmm58tcw1ffgwjo1cusnpo|03|com"; nocase; ) # 1tucgz5gvt3ukznv7v0tnxvj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tucgz5gvt3ukznv7v0tnxvj4|03|org"; nocase; ) # x569ykih6y161yq60xs1sj8y5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x569ykih6y161yq60xs1sj8y5g|03|net"; nocase; ) # 134edqn1il4eqhk6d1u4vpyggw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|134edqn1il4eqhk6d1u4vpyggw|03|net"; nocase; ) # 181y7uun1jbkmeuhpi7u0upb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|181y7uun1jbkmeuhpi7u0upb0|03|com"; nocase; ) # 1u9hpwmk8s4zn1dw1br63akpf7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u9hpwmk8s4zn1dw1br63akpf7|03|biz"; nocase; ) # tl372m17mlp1q1yq5z9znh8e3h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tl372m17mlp1q1yq5z9znh8e3h|03|biz"; nocase; ) # t8gka9cbr27j1bil2nnaxgsh0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t8gka9cbr27j1bil2nnaxgsh0|03|biz"; nocase; ) # 1wyxiep1rfywb11444qvv1w4lvxq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wyxiep1rfywb11444qvv1w4lvxq|03|org"; nocase; ) # qmliljcj37lo1auq4g5i1rc40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmliljcj37lo1auq4g5i1rc40|03|net"; nocase; ) # 1v4ishf1fgpw28fb4c9wq0u90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v4ishf1fgpw28fb4c9wq0u90|03|com"; nocase; ) # 17c0vu51wlgy1y1n052p5i4y8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17c0vu51wlgy1y1n052p5i4y8d|03|org"; nocase; ) # 19rhlt2r57qnx1nvs8xf1hk0ye3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19rhlt2r57qnx1nvs8xf1hk0ye3|03|org"; nocase; ) # 4g7zss12oanoe1sa26etr0557.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4g7zss12oanoe1sa26etr0557|03|org"; nocase; ) # 1uacnaw130re3ax00q5xwu19qj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uacnaw130re3ax00q5xwu19qj|03|com"; nocase; ) # 1d48hltxjp4l6118okazn6unlx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d48hltxjp4l6118okazn6unlx|03|com"; nocase; ) # izvytsno28pc168mqxi19zlfye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|izvytsno28pc168mqxi19zlfye|03|org"; nocase; ) # 1telsp5ueoa164wf6er1hjcadt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1telsp5ueoa164wf6er1hjcadt|03|net"; nocase; ) # 3ngvxnlozxgwwfp5qnbysl0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ngvxnlozxgwwfp5qnbysl0z|03|org"; nocase; ) # nhvwv51s16ybg1y22aqxc4c2b6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nhvwv51s16ybg1y22aqxc4c2b6|03|org"; nocase; ) # 1sp46vd1sew3ul1g0qvl61uvltt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sp46vd1sew3ul1g0qvl61uvltt8|03|net"; nocase; ) # 7ycsuy1nz8fko12kv3d91s1i6o6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7ycsuy1nz8fko12kv3d91s1i6o6|03|biz"; nocase; ) # 1is0rd02vwo1t1t4mcw41qkt4zf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1is0rd02vwo1t1t4mcw41qkt4zf|03|net"; nocase; ) # yowen9i0gjrek0yjdjl8v9g5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yowen9i0gjrek0yjdjl8v9g5|03|com"; nocase; ) # 11ez5i4123le315ptmpue4uw53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ez5i4123le315ptmpue4uw53|03|net"; nocase; ) # 1wxh3s0u24uopvsuffnaayp69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wxh3s0u24uopvsuffnaayp69|03|net"; nocase; ) # 15odrfaqmrniw1bowv4x1bx4diq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15odrfaqmrniw1bowv4x1bx4diq|03|org"; nocase; ) # jxi6w3aexzt06vbvf31pysusg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxi6w3aexzt06vbvf31pysusg|03|biz"; nocase; ) # 9u6tk21qet8vt1wkmgniz41th0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9u6tk21qet8vt1wkmgniz41th0|03|org"; nocase; ) # 1cmz3vi1ys6b7j9wjntl3y4oke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cmz3vi1ys6b7j9wjntl3y4oke|03|biz"; nocase; ) # fkvreu1dey308gi6xdn1ryjfhn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fkvreu1dey308gi6xdn1ryjfhn|03|biz"; nocase; ) # 13ly1cjkbzwn6ezl28o548qx3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ly1cjkbzwn6ezl28o548qx3|03|com"; nocase; ) # si0a9h1ekbkdd1h3bfy21xo3vz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|si0a9h1ekbkdd1h3bfy21xo3vz8|03|com"; nocase; ) # 163d9alzneyzstuotpb1kuu5r1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|163d9alzneyzstuotpb1kuu5r1|03|net"; nocase; ) # t8mdpc1c96nwh11vgglx1ogxble.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t8mdpc1c96nwh11vgglx1ogxble|03|biz"; nocase; ) # bd42jvzdzuoa12ghm89o2jios.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bd42jvzdzuoa12ghm89o2jios|03|net"; nocase; ) # jydcexe48tp9mmasv1638wvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jydcexe48tp9mmasv1638wvz|03|com"; nocase; ) # 1nw6edkglvkwlpijf7c1iz88qs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nw6edkglvkwlpijf7c1iz88qs|03|com"; nocase; ) # w15yq01hc8ab8109mx4qa1u3r5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w15yq01hc8ab8109mx4qa1u3r5|03|net"; nocase; ) # 80ho9atrvq1w1ed4k898ztiw8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|80ho9atrvq1w1ed4k898ztiw8|03|com"; nocase; ) # wcnuu710d4b8l10tvpse1sq6r88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wcnuu710d4b8l10tvpse1sq6r88|03|net"; nocase; ) # 161h9x617qh9q01ynb15w1vt5l8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|161h9x617qh9q01ynb15w1vt5l8n|03|net"; nocase; ) # 16qpmkc13os2ep1biwqjp1fc4zkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16qpmkc13os2ep1biwqjp1fc4zkh|03|org"; nocase; ) # 5h1bam1g8jd2tlxtq7j1k8gill.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5h1bam1g8jd2tlxtq7j1k8gill|03|net"; nocase; ) # won80jln7w2kc3ilz116bs7bs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|won80jln7w2kc3ilz116bs7bs|03|org"; nocase; ) # 1j9ptgi1v99wun11koch91lxl5dl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j9ptgi1v99wun11koch91lxl5dl|03|org"; nocase; ) # ljrcnaqmd3m81g9e8y016sxrrk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ljrcnaqmd3m81g9e8y016sxrrk|03|biz"; nocase; ) # 1pxreuj1ak3zjxny9h8771ob1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pxreuj1ak3zjxny9h8771ob1|03|org"; nocase; ) # 1x8uakq8ey10n8fepiiurk1ie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x8uakq8ey10n8fepiiurk1ie|03|net"; nocase; ) # 11bscm4w4q5e8zmuqy8h8i5v8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bscm4w4q5e8zmuqy8h8i5v8|03|net"; nocase; ) # 9qj66byc5c5mthsk6i18lkr57.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9qj66byc5c5mthsk6i18lkr57|03|biz"; nocase; ) # iibalqmpiywwpfwoj5nyp9p1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iibalqmpiywwpfwoj5nyp9p1|03|net"; nocase; ) # tfffsehavj01e66j8opnpimm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tfffsehavj01e66j8opnpimm|03|org"; nocase; ) # 9y6blc3x86kh1kkz3z817v3bhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9y6blc3x86kh1kkz3z817v3bhi|03|net"; nocase; ) # dia3ylevi2ja1xvmdkkdfzl4b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dia3ylevi2ja1xvmdkkdfzl4b|03|com"; nocase; ) # 8ftji41isvcjf16fm50mnu9w9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ftji41isvcjf16fm50mnu9w9a|03|net"; nocase; ) # 1byev9914bcqp218dn34ava2npy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1byev9914bcqp218dn34ava2npy|03|net"; nocase; ) # pmqzvk1vi5nvcq430pk1i52cw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pmqzvk1vi5nvcq430pk1i52cw6|03|net"; nocase; ) # 1ki4b17lw5nqnw52jv79glisy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ki4b17lw5nqnw52jv79glisy|03|com"; nocase; ) # 1wxu6gt6r6shvdp6wg2m1ggoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wxu6gt6r6shvdp6wg2m1ggoq|03|org"; nocase; ) # nlu0t9165r41x1mauim1aynzfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nlu0t9165r41x1mauim1aynzfo|03|com"; nocase; ) # 1v81su1xc92h01k4gvrtwh6dky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v81su1xc92h01k4gvrtwh6dky|03|org"; nocase; ) # 1fsb988kn5dpi1qc79tt13zfgui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fsb988kn5dpi1qc79tt13zfgui|03|com"; nocase; ) # 1bs06174740lr1l8rhgg1no7mn1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bs06174740lr1l8rhgg1no7mn1|03|biz"; nocase; ) # 1m0iyeoe2dcugnenwhvq686z5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m0iyeoe2dcugnenwhvq686z5|03|com"; nocase; ) # 8cziqk1rpapkq1ibe84z1exo33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8cziqk1rpapkq1ibe84z1exo33|03|org"; nocase; ) # ilynt1c4zc9s2775xx1or65a8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ilynt1c4zc9s2775xx1or65a8|03|net"; nocase; ) # 18g6ykh1tpdiug1ipwgdph1j622.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18g6ykh1tpdiug1ipwgdph1j622|03|net"; nocase; ) # 4yh8riqe09gwxq57xe4xzq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4yh8riqe09gwxq57xe4xzq5|03|com"; nocase; ) # 18vn527183dhv51waajc53bts5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18vn527183dhv51waajc53bts5e|03|net"; nocase; ) # rhg7jltnrveq1b5d8fx1x80jn2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rhg7jltnrveq1b5d8fx1x80jn2|03|com"; nocase; ) # 6e1ng21rrqno81f588nr1blzljj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6e1ng21rrqno81f588nr1blzljj|03|com"; nocase; ) # 1bqkqgr16tq4cdquw3gvbqqr0b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bqkqgr16tq4cdquw3gvbqqr0b|03|biz"; nocase; ) # 495sq7fill4p9hhwts121lv6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|495sq7fill4p9hhwts121lv6g|03|com"; nocase; ) # 29xsez1s4zraf1lmy9wdm436zj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|29xsez1s4zraf1lmy9wdm436zj|03|com"; nocase; ) # 12zivk9fazwi51xxbtgw13uc9cj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12zivk9fazwi51xxbtgw13uc9cj|03|biz"; nocase; ) # xkh6qu1s7d2l312r37ghc5okkq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xkh6qu1s7d2l312r37ghc5okkq|03|com"; nocase; ) # 1bixo8rvk4cnw11psyawptztvu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bixo8rvk4cnw11psyawptztvu|03|org"; nocase; ) # aqjdbg1oczxsr1kvqlfulinuyp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aqjdbg1oczxsr1kvqlfulinuyp|03|biz"; nocase; ) # 1xq1txuwrb14t88gv0u1elrmtf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xq1txuwrb14t88gv0u1elrmtf|03|com"; nocase; ) # st4tow1gia033etvric16uv9kq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|st4tow1gia033etvric16uv9kq|03|net"; nocase; ) # 1six1a21a1yd5r194nl15r11c70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1six1a21a1yd5r194nl15r11c70|03|org"; nocase; ) # 1upln462gimm0wb46hcg1kkne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1upln462gimm0wb46hcg1kkne|03|com"; nocase; ) # afo2yy18yol7r1vewh117w4sfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|afo2yy18yol7r1vewh117w4sfa|03|biz"; nocase; ) # 1lxj20h1apdu5l173ly96cbwaxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxj20h1apdu5l173ly96cbwaxe|03|net"; nocase; ) # isnwi4wwv7kx1yh340o1wunfk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|isnwi4wwv7kx1yh340o1wunfk5|03|org"; nocase; ) # klf6et1j1ssgn76q9qi1og9p7f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|klf6et1j1ssgn76q9qi1og9p7f|03|biz"; nocase; ) # yxzgnoja2yj316yrkchrb94aw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yxzgnoja2yj316yrkchrb94aw|03|com"; nocase; ) # 1tbpx0qzehl1wyf8x1vchvvzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tbpx0qzehl1wyf8x1vchvvzi|03|org"; nocase; ) # 1xiirh7wqp4m61pn96t4gdbmxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xiirh7wqp4m61pn96t4gdbmxx|03|net"; nocase; ) # 1mjzvz0vy0d3l1kxp95r1a8yup2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mjzvz0vy0d3l1kxp95r1a8yup2|03|com"; nocase; ) # 1qqyzg21kgmwzg1tnl4tc1igeq8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qqyzg21kgmwzg1tnl4tc1igeq8x|03|net"; nocase; ) # 1tzer3phzbf2f1h2r4urti4zc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzer3phzbf2f1h2r4urti4zc5|03|net"; nocase; ) # 1ts8p54x0iltw1fob5oa1j55uo1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ts8p54x0iltw1fob5oa1j55uo1|03|org"; nocase; ) # f1k0ga10cxbqy1aq1gkz1ab799i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f1k0ga10cxbqy1aq1gkz1ab799i|03|net"; nocase; ) # 19nn3281h1bjm316vyuocc4tv7q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19nn3281h1bjm316vyuocc4tv7q|03|org"; nocase; ) # l9jwpp1d96zoe1k0lr2e8wk6li.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l9jwpp1d96zoe1k0lr2e8wk6li|03|org"; nocase; ) # mb54v71vwgi141hdnsjir7c2zn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mb54v71vwgi141hdnsjir7c2zn|03|net"; nocase; ) # lxysaisqh57a1yxqfpu27idkj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lxysaisqh57a1yxqfpu27idkj|03|biz"; nocase; ) # 1t1039e8w8ici1np0scbeoesxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1039e8w8ici1np0scbeoesxw|03|net"; nocase; ) # wnfzts1whhcvxrhldw7zon6df.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wnfzts1whhcvxrhldw7zon6df|03|com"; nocase; ) # unb8vfr7u50m2gym4w4livg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|unb8vfr7u50m2gym4w4livg6|03|net"; nocase; ) # 1ed79zu1qyfbm5amt6at784u9e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ed79zu1qyfbm5amt6at784u9e|03|net"; nocase; ) # kyknzfs2bjao9ty8lj1lbcuz5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kyknzfs2bjao9ty8lj1lbcuz5|03|net"; nocase; ) # sz4ghp14ac658lcz0vqogds8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sz4ghp14ac658lcz0vqogds8z|03|org"; nocase; ) # 13jnro93wl49s6w7fo5dqn7c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13jnro93wl49s6w7fo5dqn7c|03|biz"; nocase; ) # 1tlp54jnb5sts1tvcyhujeu1iy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tlp54jnb5sts1tvcyhujeu1iy|03|net"; nocase; ) # 13uvbou1re7rft14ws5u81vv4jbc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13uvbou1re7rft14ws5u81vv4jbc|03|biz"; nocase; ) # 16pl4qdmatuan1fpplybq78maa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16pl4qdmatuan1fpplybq78maa|03|net"; nocase; ) # 1kjej11no7gim1sss7eo1iti8vm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kjej11no7gim1sss7eo1iti8vm|03|net"; nocase; ) # ah76081ggzw0l1u0hg5z6pw6yr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ah76081ggzw0l1u0hg5z6pw6yr|03|org"; nocase; ) # 184x9b81bx55nesq1tgc1ucqwdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|184x9b81bx55nesq1tgc1ucqwdc|03|com"; nocase; ) # r45lxs1883il4291wwp1di5fh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r45lxs1883il4291wwp1di5fh4|03|net"; nocase; ) # 280e6912pa5sa1gfy6fwle7gxf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|280e6912pa5sa1gfy6fwle7gxf|03|net"; nocase; ) # pmj2kz1p45h2z1m4tdws1u42d1l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pmj2kz1p45h2z1m4tdws1u42d1l|03|biz"; nocase; ) # j1es3s1e326v0139ekr6197tz1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j1es3s1e326v0139ekr6197tz1a|03|com"; nocase; ) # o3x930gjtaej344czh1gxtxhg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3x930gjtaej344czh1gxtxhg|03|biz"; nocase; ) # 1dqymt81ogxhqk1jbtmc3150mzl8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dqymt81ogxhqk1jbtmc3150mzl8|03|biz"; nocase; ) # 1hj2brz1qcqrm81xt1e0par9ndb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hj2brz1qcqrm81xt1e0par9ndb|03|org"; nocase; ) # fpso4kfi5g9m1bry0eu1zbkvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fpso4kfi5g9m1bry0eu1zbkvs|03|com"; nocase; ) # 1klj1ea1g8zlb51rsmuol64pyuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1klj1ea1g8zlb51rsmuol64pyuw|03|net"; nocase; ) # 1194ry7w6xytoprrxq91x2t10n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1194ry7w6xytoprrxq91x2t10n|03|biz"; nocase; ) # 1rix48jtv5ray1if2ahb1pkvzat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rix48jtv5ray1if2ahb1pkvzat|03|com"; nocase; ) # 11939tgkvbcc21wibhqz1qvphrl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11939tgkvbcc21wibhqz1qvphrl|03|org"; nocase; ) # q4npxftbw1ghh84hwcoposk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q4npxftbw1ghh84hwcoposk0|03|net"; nocase; ) # e2guuggq86hue7rc5i1ksajir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e2guuggq86hue7rc5i1ksajir|03|net"; nocase; ) # jmn0k4qdskt71pzq97f4q96or.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmn0k4qdskt71pzq97f4q96or|03|com"; nocase; ) # 1m1zz8l1u85gfyw9gnc669w7yq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1zz8l1u85gfyw9gnc669w7yq|03|net"; nocase; ) # i7sdda1cyoxeqjanoh914pk86a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7sdda1cyoxeqjanoh914pk86a|03|com"; nocase; ) # 1vexg9snfmxqu363idk1140fty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vexg9snfmxqu363idk1140fty|03|biz"; nocase; ) # 1th0psi1ip1u9efnp5kg1a1z1b2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1th0psi1ip1u9efnp5kg1a1z1b2|03|net"; nocase; ) # s77wrfn4iynrgaw8vl3unmea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s77wrfn4iynrgaw8vl3unmea|03|biz"; nocase; ) # 15mxk0f10q5bmqztykwjn93tmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mxk0f10q5bmqztykwjn93tmx|03|org"; nocase; ) # 7ncpv2n9tbwc1dwqiu719ae4e8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ncpv2n9tbwc1dwqiu719ae4e8|03|com"; nocase; ) # fig2wlei17gs15qy9f4vf1rr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fig2wlei17gs15qy9f4vf1rr8|03|com"; nocase; ) # 1o4pw81cvr1ozu18bu2k8mzrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o4pw81cvr1ozu18bu2k8mzrj|03|net"; nocase; ) # d8i6xu1h8hanp9cmtg817tlpet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d8i6xu1h8hanp9cmtg817tlpet|03|biz"; nocase; ) # 15lvf5fx3ctxbhvlupy9m0ast.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15lvf5fx3ctxbhvlupy9m0ast|03|org"; nocase; ) # 18vvqf1yjh9o3jetxok1kstmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18vvqf1yjh9o3jetxok1kstmp|03|org"; nocase; ) # 1mfgttf1p2rw1l1c4l9b61dgmjh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mfgttf1p2rw1l1c4l9b61dgmjh9|03|biz"; nocase; ) # 1f8dz9g1jdp8lcp8zjvxa947ie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f8dz9g1jdp8lcp8zjvxa947ie|03|net"; nocase; ) # a3pix9186bpatkdn0holr8i6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3pix9186bpatkdn0holr8i6o|03|org"; nocase; ) # uzbpqt1kc7r0w1uqpku811k52ke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uzbpqt1kc7r0w1uqpku811k52ke|03|com"; nocase; ) # smkr2nzk0tb0yzzt248fpope.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|smkr2nzk0tb0yzzt248fpope|03|net"; nocase; ) # 1dsuu7g184wgb44m3s5s1119ddp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dsuu7g184wgb44m3s5s1119ddp|03|org"; nocase; ) # zxbhaesvu8e91owxw6agqhlva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zxbhaesvu8e91owxw6agqhlva|03|com"; nocase; ) # 1birr1e1vlhbjuow4xs61bea969.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1birr1e1vlhbjuow4xs61bea969|03|net"; nocase; ) # euehu4h9ikh8bh9r35hccap5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|euehu4h9ikh8bh9r35hccap5|03|net"; nocase; ) # 1gvwah0wtd6w71kj0gi42sekft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gvwah0wtd6w71kj0gi42sekft|03|net"; nocase; ) # 8c7c5m1i2zmel1ow44zc1eio8ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8c7c5m1i2zmel1ow44zc1eio8ec|03|org"; nocase; ) # 1mwi40j1p1r2ua9fkk0h1dj8o64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mwi40j1p1r2ua9fkk0h1dj8o64|03|net"; nocase; ) # 1s5x1e11v8e776hepizt1uzk0l9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s5x1e11v8e776hepizt1uzk0l9|03|net"; nocase; ) # 1iokfc6wtroo43v5cywyf7k2x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iokfc6wtroo43v5cywyf7k2x|03|com"; nocase; ) # vrb1d834arwq16mhpj21tomzx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vrb1d834arwq16mhpj21tomzx|03|net"; nocase; ) # 1715ou31j05btcl2tlfz1ihm98s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1715ou31j05btcl2tlfz1ihm98s|03|com"; nocase; ) # mibzy61uug9tk6qqesbxn081g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mibzy61uug9tk6qqesbxn081g|03|org"; nocase; ) # 1hsbkv01tetguw1lmkhlmxj389b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hsbkv01tetguw1lmkhlmxj389b|03|com"; nocase; ) # py89j0hioh9fehi9id1k0tji7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|py89j0hioh9fehi9id1k0tji7|03|org"; nocase; ) # 1c2186ocnhuka3l6s5h5oei7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c2186ocnhuka3l6s5h5oei7t|03|org"; nocase; ) # 14u7es1vu01uifqt3l1gsb2h2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14u7es1vu01uifqt3l1gsb2h2|03|net"; nocase; ) # waeq1l1a23zf7mesk841dmy8lt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|waeq1l1a23zf7mesk841dmy8lt|03|biz"; nocase; ) # fni5dw6mj2381d80es6nzgvg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fni5dw6mj2381d80es6nzgvg|03|com"; nocase; ) # 94zxyn1pno54rb8i5jg1s57n5v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|94zxyn1pno54rb8i5jg1s57n5v|03|net"; nocase; ) # 1pvciitzbwn94vhdzig1v9xn6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pvciitzbwn94vhdzig1v9xn6j|03|com"; nocase; ) # 72p9291fro4ldmfqo4n17fh2sp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72p9291fro4ldmfqo4n17fh2sp|03|com"; nocase; ) # 1eur7d2akcg8ogntnyn1g6da62.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eur7d2akcg8ogntnyn1g6da62|03|biz"; nocase; ) # seu3uau6545n118ff194ozjl8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|seu3uau6545n118ff194ozjl8|03|org"; nocase; ) # p1inb4126j9b6912cc6171ywzb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p1inb4126j9b6912cc6171ywzb|03|net"; nocase; ) # 1n6k9q12m8z4xalypm5u9fw3f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n6k9q12m8z4xalypm5u9fw3f|03|biz"; nocase; ) # cns5mpvp02ra1tjyd9hdm3p49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cns5mpvp02ra1tjyd9hdm3p49|03|net"; nocase; ) # 1odyvhw1yqyan28682s0wiwe9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odyvhw1yqyan28682s0wiwe9r|03|com"; nocase; ) # 1exhomtsnal9sy7lhmi1sssswm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1exhomtsnal9sy7lhmi1sssswm|03|net"; nocase; ) # zt7kor1oka124zfmcpu96ybqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zt7kor1oka124zfmcpu96ybqy|03|com"; nocase; ) # plknx36ilsfngo795o1mx8hjo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|plknx36ilsfngo795o1mx8hjo|03|biz"; nocase; ) # 1fh5cgwd360b45evf8pxpdsce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fh5cgwd360b45evf8pxpdsce|03|com"; nocase; ) # 1l25fxfitzmj19e2o811mnxpe0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l25fxfitzmj19e2o811mnxpe0|03|org"; nocase; ) # 11f3rngdm9aqkh7lt01vkt854.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11f3rngdm9aqkh7lt01vkt854|03|com"; nocase; ) # 1bzyf6i15ranwi1f05u3xjt1til.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bzyf6i15ranwi1f05u3xjt1til|03|org"; nocase; ) # kau31ylur5g1nmqwarwuzox7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kau31ylur5g1nmqwarwuzox7|03|net"; nocase; ) # 119me2y1n83w2dcp1ak0uhqkx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119me2y1n83w2dcp1ak0uhqkx0|03|net"; nocase; ) # s0o55h1xwyxkl1kbkdr712cev28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s0o55h1xwyxkl1kbkdr712cev28|03|net"; nocase; ) # 1eogqp0116cnmc1aghr471drgdqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eogqp0116cnmc1aghr471drgdqy|03|net"; nocase; ) # 9sw22z5gwr2t14aitfd19dqi5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9sw22z5gwr2t14aitfd19dqi5z|03|org"; nocase; ) # 1r7iqx21uxprqgn3dx0y15qgt1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r7iqx21uxprqgn3dx0y15qgt1z|03|net"; nocase; ) # e7ztdni9vwwovao16m24a0ii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e7ztdni9vwwovao16m24a0ii|03|com"; nocase; ) # 1m0os9t15g2dwg6w42yqvcdsth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m0os9t15g2dwg6w42yqvcdsth|03|biz"; nocase; ) # glma9o1r8lvrd1a6ngtz1vfs9qd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|glma9o1r8lvrd1a6ngtz1vfs9qd|03|com"; nocase; ) # 1ifxs1u10obd9u1h27xra1f9jt72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ifxs1u10obd9u1h27xra1f9jt72|03|net"; nocase; ) # vn94v5yelszk1221j1kwxmedd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vn94v5yelszk1221j1kwxmedd|03|biz"; nocase; ) # 7rncie5m0ggj1aim029lo8bn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rncie5m0ggj1aim029lo8bn6|03|org"; nocase; ) # e3gzuy194iqirrdtkupi5cusk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e3gzuy194iqirrdtkupi5cusk|03|org"; nocase; ) # 1jdahgo1komxsq1xudg43qjkwco.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jdahgo1komxsq1xudg43qjkwco|03|biz"; nocase; ) # 1lz3oag2wsxv525ycq91ls4qgk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lz3oag2wsxv525ycq91ls4qgk|03|org"; nocase; ) # 3u5ejve5ftrr1d5t1xm1ta26l5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3u5ejve5ftrr1d5t1xm1ta26l5|03|net"; nocase; ) # 1xw7kgvo31sutcz4qmf8iuc07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xw7kgvo31sutcz4qmf8iuc07|03|com"; nocase; ) # qwvtdhoz14xhrugl0d15eaxvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qwvtdhoz14xhrugl0d15eaxvu|03|net"; nocase; ) # wvfhgu1frx0lt25tc2hv27e6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvfhgu1frx0lt25tc2hv27e6h|03|org"; nocase; ) # 1r3w2nn151d9d31l6jjsb7e65cw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r3w2nn151d9d31l6jjsb7e65cw|03|net"; nocase; ) # c2byx81paac5214mppf01i57wua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c2byx81paac5214mppf01i57wua|03|com"; nocase; ) # oqcpysjkemjl4iup06149x1xm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oqcpysjkemjl4iup06149x1xm|03|org"; nocase; ) # b4gz7r1o7cd7lj06a0fsbaveo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b4gz7r1o7cd7lj06a0fsbaveo|03|com"; nocase; ) # evefy01kkkz5a1gh098h1vxof5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|evefy01kkkz5a1gh098h1vxof5q|03|com"; nocase; ) # tuvxlz12czm2x1r4mi261w9jebx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tuvxlz12czm2x1r4mi261w9jebx|03|net"; nocase; ) # 1klbxbavtye7wrbksjvfac7ez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1klbxbavtye7wrbksjvfac7ez|03|org"; nocase; ) # 1dx11q011y4j6h1svg48oq1r1wd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dx11q011y4j6h1svg48oq1r1wd|03|biz"; nocase; ) # 10kzcgt1p6fj0vkrcy1pr4qpco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10kzcgt1p6fj0vkrcy1pr4qpco|03|org"; nocase; ) # 6ltscvextfj01igmsefkd104s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ltscvextfj01igmsefkd104s|03|net"; nocase; ) # 1o8h1j04jaeiioquhnnormxtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o8h1j04jaeiioquhnnormxtj|03|org"; nocase; ) # 1vd3i24pio4ka1juogj1xkex1e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vd3i24pio4ka1juogj1xkex1e|03|biz"; nocase; ) # 1vfv6u71uh4tgo22hf081mjmvmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfv6u71uh4tgo22hf081mjmvmk|03|com"; nocase; ) # 1uhcyd81o33dep1f0wksz17dsegt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uhcyd81o33dep1f0wksz17dsegt|03|com"; nocase; ) # k3jt4s16ha15y1yw9ktey2ex31.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3jt4s16ha15y1yw9ktey2ex31|03|biz"; nocase; ) # y52g3217fnplp1f9yhmq1liqa2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y52g3217fnplp1f9yhmq1liqa2k|03|org"; nocase; ) # vox8427gg1k7h1dqujbhm8g7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vox8427gg1k7h1dqujbhm8g7|03|biz"; nocase; ) # 446n7lzge5z7d61ygc3etkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|446n7lzge5z7d61ygc3etkr|03|org"; nocase; ) # 306oem14zvs1j12ggha8tp5mqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|306oem14zvs1j12ggha8tp5mqd|03|net"; nocase; ) # b9rqrj1pa6k46ikoxx31vv1k5n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9rqrj1pa6k46ikoxx31vv1k5n|03|org"; nocase; ) # 1fb1xxf1cf6tewuw2j0krxf7o1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fb1xxf1cf6tewuw2j0krxf7o1|03|net"; nocase; ) # jqo94c1one5xwq5gls3157wfr8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqo94c1one5xwq5gls3157wfr8|03|org"; nocase; ) # 1x7jcfcfx32tipqt64b1hriahf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x7jcfcfx32tipqt64b1hriahf|03|net"; nocase; ) # ncy2ay20iftb1aackt41v28d9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ncy2ay20iftb1aackt41v28d9k|03|net"; nocase; ) # 1tp8tipli8a7d3avgxq6t85hz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tp8tipli8a7d3avgxq6t85hz|03|biz"; nocase; ) # tfa6jk1fwqmim25t1v3lbjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tfa6jk1fwqmim25t1v3lbjy|03|org"; nocase; ) # 1d0r5an1gwo34g14yq3o0k963is.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d0r5an1gwo34g14yq3o0k963is|03|net"; nocase; ) # j1tvio27ybak148ggn01d1xlc3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j1tvio27ybak148ggn01d1xlc3|03|com"; nocase; ) # 19ffmoklamtmjhhc17zw5rrez.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ffmoklamtmjhhc17zw5rrez|03|biz"; nocase; ) # 1hpdr1m2isphq1n74vn41th0r9v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpdr1m2isphq1n74vn41th0r9v|03|com"; nocase; ) # 11453n0lwvysp1e2hz691isif6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11453n0lwvysp1e2hz691isif6t|03|net"; nocase; ) # 1n1xteb1wc8gw6hyn84f89wjkd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1xteb1wc8gw6hyn84f89wjkd|03|net"; nocase; ) # 112mudt1mh2h7ed8x4q1143t4c8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|112mudt1mh2h7ed8x4q1143t4c8|03|com"; nocase; ) # 1s21pfrb1dyw31emsaw9j3fuba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s21pfrb1dyw31emsaw9j3fuba|03|com"; nocase; ) # 16nss9msep0g1jtgfbf1w3hu97.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16nss9msep0g1jtgfbf1w3hu97|03|biz"; nocase; ) # nfjstnp63geu1s1m9jz1baawg3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nfjstnp63geu1s1m9jz1baawg3|03|net"; nocase; ) # hc44051yuteve27jwiiaihewg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hc44051yuteve27jwiiaihewg|03|org"; nocase; ) # ajslt41nmzkdjjm7wg61aj2u9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajslt41nmzkdjjm7wg61aj2u9a|03|net"; nocase; ) # 1hrv15nwkkvnt1daf4tzemdupj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hrv15nwkkvnt1daf4tzemdupj|03|net"; nocase; ) # 1qkw66b1oxp0j14q2m9vcf7mem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qkw66b1oxp0j14q2m9vcf7mem|03|net"; nocase; ) # i5apr11s8bxjmwzef7f122qcy3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5apr11s8bxjmwzef7f122qcy3|03|com"; nocase; ) # 3hgxwi1ddkqez1tequay1o9fw9f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3hgxwi1ddkqez1tequay1o9fw9f|03|biz"; nocase; ) # pz9vmckclk7m1kc28rn1qu4dza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pz9vmckclk7m1kc28rn1qu4dza|03|org"; nocase; ) # 1f9zkxg1c145si1rj0egt1uiq3yv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f9zkxg1c145si1rj0egt1uiq3yv|03|biz"; nocase; ) # 138h99o1rdu7m7fu35cz8drg1b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|138h99o1rdu7m7fu35cz8drg1b|03|com"; nocase; ) # 1tnhcnzjkwdxxohbqe81a7w4lv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tnhcnzjkwdxxohbqe81a7w4lv|03|com"; nocase; ) # ky2rahbvv6u5g6lhpham1k2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ky2rahbvv6u5g6lhpham1k2p|03|biz"; nocase; ) # 8vfx4fo8q0kf1nia1c117pm4yj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8vfx4fo8q0kf1nia1c117pm4yj|03|org"; nocase; ) # 99ltrj1ughi7cavynk4cfdzkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|99ltrj1ughi7cavynk4cfdzkl|03|com"; nocase; ) # xkuzc2tshs4h1513jin2jvylt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xkuzc2tshs4h1513jin2jvylt|03|org"; nocase; ) # necmwfyiccxwckqb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022934; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|necmwfyiccxwckqb|02|eu"; nocase; ) # natmrhljigoqtbnn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022935; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|natmrhljigoqtbnn|02|eu"; nocase; ) # nofeovxfqvqufmpa.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022936; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nofeovxfqvqufmpa|02|eu"; nocase; ) # uklbosieimimpqws.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022937; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|uklbosieimimpqws|02|eu"; nocase; ) # uywfxtuaqcxqbcms.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022938; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|uywfxtuaqcxqbcms|02|eu"; nocase; ) # osqpiuyantdonaaa.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022939; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|osqpiuyantdonaaa|02|eu"; nocase; ) # oawltiyrxueqgshm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022940; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|oawltiyrxueqgshm|02|eu"; nocase; ) # ooidqwlbtxturqjy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022941; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ooidqwlbtxturqjy|02|eu"; nocase; ) # oyluuaxxuragigvx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022942; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|oyluuaxxuragigvx|02|eu"; nocase; ) # ihewcpohnmiigplr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022943; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ihewcpohnmiigplr|02|eu"; nocase; ) # iowfndoyxnjkyuse.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022944; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|iowfndoyxnjkyuse|02|eu"; nocase; ) # ikosifbarfneqypq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022945; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ikosifbarfneqypq|02|eu"; nocase; ) # clbyetreyxtqipxk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022946; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|clbyetreyxtqipxk|02|eu"; nocase; ) # chsyyieffpxkatuw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022947; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|chsyyieffpxkatuw|02|eu"; nocase; ) # vggnlvinescgtyne.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022948; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vggnlvinescgtyne|02|eu"; nocase; ) # pcmdqexyomicfhhj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022949; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pcmdqexyomicfhhj|02|eu"; nocase; ) # pjfyorkqmbwexmov.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022950; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pjfyorkqmbwexmov|02|eu"; nocase; ) # joarpecubdaxlmaq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022951; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|joarpecubdaxlmaq|02|eu"; nocase; ) # jvsabfcmyebarfud.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022952; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jvsabfcmyebarfud|02|eu"; nocase; ) # dootmkrfsscasqjv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022953; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dootmkrfsscasqjv|02|eu"; nocase; ) # i21484af93404b593e51205d00bea1fede.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022954; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i21484af93404b593e51205d00bea1fede|02|cc"; nocase; ) # t0b4040945c5d747ce0f805c2b9c79d0f9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022955; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t0b4040945c5d747ce0f805c2b9c79d0f9|02|in"; nocase; ) # v7e8e1f611e85901f3530ee5f7e84696fd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022956; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7e8e1f611e85901f3530ee5f7e84696fd|02|cn"; nocase; ) # z55634a5bb612fbffab457717939cad6b1.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022957; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z55634a5bb612fbffab457717939cad6b1|02|ws"; nocase; ) # ea69e3eaed4d87644fe573e85b7d8e83a5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022958; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea69e3eaed4d87644fe573e85b7d8e83a5|02|tk"; nocase; ) # kba978495941cad9c54ff252aafec5b603.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022959; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kba978495941cad9c54ff252aafec5b603|02|hk"; nocase; ) # n6b3467a53ad7a7f6d37adc876b478e8eb.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022960; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n6b3467a53ad7a7f6d37adc876b478e8eb|02|so"; nocase; ) # t20e2c4ce86b28cee71e7bb52475ec8c5a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022961; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t20e2c4ce86b28cee71e7bb52475ec8c5a|02|cn"; nocase; ) # uc03c14039ea00007f995ca2b883c62b4b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022962; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc03c14039ea00007f995ca2b883c62b4b|02|tk"; nocase; ) # v63b5ade1456987ca47dc0ce3bd9c67df7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022963; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v63b5ade1456987ca47dc0ce3bd9c67df7|02|so"; nocase; ) # x573b21d6e2c6695193bdb342d21ad8728.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022964; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x573b21d6e2c6695193bdb342d21ad8728|02|ws"; nocase; ) # z9cf52071418470fb25618438f6051e108.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022965; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9cf52071418470fb25618438f6051e108|02|in"; nocase; ) # cd4d4f89ba1239f054952e8f39cda18ee4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022966; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd4d4f89ba1239f054952e8f39cda18ee4|02|tk"; nocase; ) # faf6d50202d6357ec5bb694595809dfdd1.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022967; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|faf6d50202d6357ec5bb694595809dfdd1|02|ws"; nocase; ) # id8613d6ce5669cd5a1e7b792b148dd79e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022968; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id8613d6ce5669cd5a1e7b792b148dd79e|02|hk"; nocase; ) # nb6ef16834216946665f3904d487408188.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022969; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb6ef16834216946665f3904d487408188|02|ws"; nocase; ) # x0f3ff2a72b8109bb3fdf02c99fd693011.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022970; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0f3ff2a72b8109bb3fdf02c99fd693011|02|in"; nocase; ) # bc1dc4acd556df45ce91e70d41d9beae2d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022971; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bc1dc4acd556df45ce91e70d41d9beae2d|02|so"; nocase; ) # c06e54ae5ab5c21d5c5d876f7698af05ab.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022972; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c06e54ae5ab5c21d5c5d876f7698af05ab|02|cc"; nocase; ) # h8cc6ef8501e0e2c80567e7c18cfe96768.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022973; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h8cc6ef8501e0e2c80567e7c18cfe96768|02|cn"; nocase; ) # jee38924d36fcb230a18c245398e682f52.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022974; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jee38924d36fcb230a18c245398e682f52|02|so"; nocase; ) # lde7aa546cf5cda64ec9415afbaf96a94a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022975; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lde7aa546cf5cda64ec9415afbaf96a94a|02|ws"; nocase; ) # tc6db85d3a401746059feb9e825cb255b3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022976; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc6db85d3a401746059feb9e825cb255b3|02|ws"; nocase; ) # xab5c31d4c67141685e8640d331822073d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022977; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xab5c31d4c67141685e8640d331822073d|02|cn"; nocase; ) # dca79d9bd4901b31461ececdb80158bfff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022978; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dca79d9bd4901b31461ececdb80158bfff|02|in"; nocase; ) # gbb671cbd2041fdf5f373c6a0a3fd59ee0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022979; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gbb671cbd2041fdf5f373c6a0a3fd59ee0|02|tk"; nocase; ) # i92149e4acda5dda03645861e3ec23e562.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022980; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i92149e4acda5dda03645861e3ec23e562|02|cc"; nocase; ) # la6bf2f7122e15cf6ca8dc20706ef545fb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022981; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la6bf2f7122e15cf6ca8dc20706ef545fb|02|in"; nocase; ) # n37503405bce0d8100372cee744756138e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022982; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n37503405bce0d8100372cee744756138e|02|cn"; nocase; ) # pfd34f443cd3f1f572279278b629d56f0d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022983; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfd34f443cd3f1f572279278b629d56f0d|02|so"; nocase; ) # b72092f9d8d9b2385f8fb23c628bea386b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022984; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b72092f9d8d9b2385f8fb23c628bea386b|02|in"; nocase; ) # f71c03090bb8b1fe912500c85bd21638d8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022985; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f71c03090bb8b1fe912500c85bd21638d8|02|so"; nocase; ) # j58496b641fc138aebed5747b670d01aa1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022986; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j58496b641fc138aebed5747b670d01aa1|02|in"; nocase; ) # k65e17ca18dceb49158ee3452db1ba2ac7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022987; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k65e17ca18dceb49158ee3452db1ba2ac7|02|hk"; nocase; ) # nd43fb85fb672ac0cc2024691ae9bcae71.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022988; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd43fb85fb672ac0cc2024691ae9bcae71|02|so"; nocase; ) # tade3c3fd72cbe6a5baab0f6bb38641bfa.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022989; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tade3c3fd72cbe6a5baab0f6bb38641bfa|02|cn"; nocase; ) # x56b92666bbdf13f97858d06c870f2f326.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022990; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x56b92666bbdf13f97858d06c870f2f326|02|ws"; nocase; ) # fe51610b779129276011a9cc8a35c3fdda.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022991; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe51610b779129276011a9cc8a35c3fdda|02|ws"; nocase; ) # g72b98d5e7f4238ff2deaaf9d263c84aa0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022992; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g72b98d5e7f4238ff2deaaf9d263c84aa0|02|to"; nocase; ) # lff11492075ba2fd6231c61f827f673a48.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022993; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lff11492075ba2fd6231c61f827f673a48|02|so"; nocase; ) # n433bed87cb0144361dff6a1b409f204fc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022994; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n433bed87cb0144361dff6a1b409f204fc|02|ws"; nocase; ) # pefa58ae73b179c65b57895e796976bc56.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022995; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pefa58ae73b179c65b57895e796976bc56|02|in"; nocase; ) # ra0ca407be8ce56fd5109aeee18517125c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022996; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra0ca407be8ce56fd5109aeee18517125c|02|cn"; nocase; ) # tb7af9e0d7cf390d896f31c6d809746ead.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022997; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb7af9e0d7cf390d896f31c6d809746ead|02|so"; nocase; ) # uc91174723fe57587d4102a87ae53d05ae.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022998; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc91174723fe57587d4102a87ae53d05ae|02|cc"; nocase; ) # b7cdd4f6c0f82c44af2020871f6ca70f23.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000022999; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7cdd4f6c0f82c44af2020871f6ca70f23|02|so"; nocase; ) # g9dd67ece3bb68bb5b6ec255ffe9ed1ce7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023000; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g9dd67ece3bb68bb5b6ec255ffe9ed1ce7|02|hk"; nocase; ) # h072be7d98c8939a0bee8730f981bd2ce7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023001; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h072be7d98c8939a0bee8730f981bd2ce7|02|cn"; nocase; ) # x016188e428e317f41d6b25948974c965f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023002; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x016188e428e317f41d6b25948974c965f|02|cn"; nocase; ) # b39f03a21fd8d7d301cabbbbbca878226d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023003; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b39f03a21fd8d7d301cabbbbbca878226d|02|ws"; nocase; ) # i99bb376b1f37bf099d4a2fad682b3b8dc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023004; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i99bb376b1f37bf099d4a2fad682b3b8dc|02|cc"; nocase; ) # l1e5526912b87f23e5ba01f7b46c5a19ea.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023005; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1e5526912b87f23e5ba01f7b46c5a19ea|02|in"; nocase; ) # n3ce2a1eded08f8ad0dfa08be71cdcec05.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023006; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3ce2a1eded08f8ad0dfa08be71cdcec05|02|cn"; nocase; ) # x13795a02e96efe3ecf440ee565ca80014.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023007; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x13795a02e96efe3ecf440ee565ca80014|02|so"; nocase; ) # deb6ce905ba8b96583721b305c38e3a006.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023008; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|deb6ce905ba8b96583721b305c38e3a006|02|cn"; nocase; ) # e8e0a76de6c4fd934e1923d859a2237635.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023009; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8e0a76de6c4fd934e1923d859a2237635|02|tk"; nocase; ) # l576c64566b0db3a5556e33f845a15fd63.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023010; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l576c64566b0db3a5556e33f845a15fd63|02|cn"; nocase; ) # pc48d602f399d8bcb33c71efcf82a1011a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023011; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc48d602f399d8bcb33c71efcf82a1011a|02|ws"; nocase; ) # b9e978e1660ff71e740fd775bf4b3b3ee5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023012; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b9e978e1660ff71e740fd775bf4b3b3ee5|02|cn"; nocase; ) # cd14e4f86497ff8ad0df19b7418da36821.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023013; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cd14e4f86497ff8ad0df19b7418da36821|02|tk"; nocase; ) # i0c9c8f0e4d6ca44fadbbb85d769a399ca.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023014; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i0c9c8f0e4d6ca44fadbbb85d769a399ca|02|hk"; nocase; ) # o052fd008ad2e81bd9cbd750cf49602c29.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023015; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o052fd008ad2e81bd9cbd750cf49602c29|02|to"; nocase; ) # s8d5220159d49d4457c57a7bd979a593fb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023016; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8d5220159d49d4457c57a7bd979a593fb|02|tk"; nocase; ) # a494b161670ea37dc04d996e6e27844b43.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023017; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a494b161670ea37dc04d996e6e27844b43|02|tk"; nocase; ) # be3e0f149a07d8f387a64c7189d84d48bc.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023018; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be3e0f149a07d8f387a64c7189d84d48bc|02|so"; nocase; ) # dcfeffde4ce777a259da6c2ffb3e54e7d2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023019; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dcfeffde4ce777a259da6c2ffb3e54e7d2|02|ws"; nocase; ) # e3b45d2e38b5cbf007c12a6e6b7c7205b6.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023020; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e3b45d2e38b5cbf007c12a6e6b7c7205b6|02|to"; nocase; ) # hfcf66c404008c5a9234ae5925432ac64e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023021; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hfcf66c404008c5a9234ae5925432ac64e|02|cn"; nocase; ) # s9b10825dd5b2d9761b7df7d60532f5408.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023022; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9b10825dd5b2d9761b7df7d60532f5408|02|cc"; nocase; ) # y7f711f043885f9747c0e8fa8a38b01c63.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023023; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y7f711f043885f9747c0e8fa8a38b01c63|02|tk"; nocase; ) # z1dcc02ddda0d78d09204d0c042c93db1f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023024; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z1dcc02ddda0d78d09204d0c042c93db1f|02|so"; nocase; ) # add9e6b8fbef91717e3cffb035bf46d43a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023025; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|add9e6b8fbef91717e3cffb035bf46d43a|02|cc"; nocase; ) # d9359ba41a729426cc7b87b125111f0696.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023026; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d9359ba41a729426cc7b87b125111f0696|02|in"; nocase; ) # hca2ee2bbaf3121d65fcfe161598b1b1fe.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023027; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hca2ee2bbaf3121d65fcfe161598b1b1fe|02|ws"; nocase; ) # i4f2916c717663610c6491ee1abae7cbbd.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023028; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i4f2916c717663610c6491ee1abae7cbbd|02|to"; nocase; ) # j5593264b3fff295008c73ff1af75f3438.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023029; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5593264b3fff295008c73ff1af75f3438|02|in"; nocase; ) # k9181a87b7cb69de93427e391bc119c003.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023030; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k9181a87b7cb69de93427e391bc119c003|02|hk"; nocase; ) # be81484afcdf0980ed50d1e654c60eb9dd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023031; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be81484afcdf0980ed50d1e654c60eb9dd|02|cn"; nocase; ) # e91aa13e878148f66b8de87fb0e5667967.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023032; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e91aa13e878148f66b8de87fb0e5667967|02|cc"; nocase; ) # h6a24d6164406a5d64fb379873e17e5798.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023033; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h6a24d6164406a5d64fb379873e17e5798|02|in"; nocase; ) # k67b6d2023fc286be66b30d0bac8cc2deb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023034; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k67b6d2023fc286be66b30d0bac8cc2deb|02|tk"; nocase; ) # xbd05b50359b1c60a30f990c25145f023f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023035; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xbd05b50359b1c60a30f990c25145f023f|02|in"; nocase; ) # zef020b71769e604229e975432dfdcbd10.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023036; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zef020b71769e604229e975432dfdcbd10|02|cn"; nocase; ) # a9f4666cf906b2a36c9b0d5e02b083eb90.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023037; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a9f4666cf906b2a36c9b0d5e02b083eb90|02|tk"; nocase; ) # b07abc9cf4691def15da678371c32c9f1a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023038; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b07abc9cf4691def15da678371c32c9f1a|02|so"; nocase; ) # de9123de62172a316ed07723d998647ca6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023039; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de9123de62172a316ed07723d998647ca6|02|ws"; nocase; ) # ec1e700668a96725fc3fd1a6abedebe8b8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023040; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec1e700668a96725fc3fd1a6abedebe8b8|02|to"; nocase; ) # mbac9c2446116becbf7bbe303dd9bb3c29.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023041; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mbac9c2446116becbf7bbe303dd9bb3c29|02|to"; nocase; ) # s5a976075bd1f2c5edadd6cf6f1eb80e4c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023042; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s5a976075bd1f2c5edadd6cf6f1eb80e4c|02|cc"; nocase; ) # g05eb645b808787699aa7b4911aeaf091f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023043; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g05eb645b808787699aa7b4911aeaf091f|02|tk"; nocase; ) # id9f816b75a163c58a38e37bc8c5f40bd7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023044; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id9f816b75a163c58a38e37bc8c5f40bd7|02|cc"; nocase; ) # j460c9c776627dba46fefcb78aebbfcf76.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023045; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j460c9c776627dba46fefcb78aebbfcf76|02|ws"; nocase; ) # la9d017689d15a7a78b20e3ec90e40596d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023046; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la9d017689d15a7a78b20e3ec90e40596d|02|in"; nocase; ) # o25501464a1220507e5e4cc92373a41f9f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023047; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o25501464a1220507e5e4cc92373a41f9f|02|tk"; nocase; ) # sacd80541bcf986859fa04084ec2c12eed.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023048; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sacd80541bcf986859fa04084ec2c12eed|02|to"; nocase; ) # t8f1d5057b775f2dceaf09309feb3354c6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023049; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t8f1d5057b775f2dceaf09309feb3354c6|02|in"; nocase; ) # xb5a1400492a684038e10d222a6935cc73.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023050; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb5a1400492a684038e10d222a6935cc73|02|so"; nocase; ) # laf39439bc6ca04e7c1dbb471cfd0a0178.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023051; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|laf39439bc6ca04e7c1dbb471cfd0a0178|02|cn"; nocase; ) # re2879cb0a894e61789c1fce5dbedaa51e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023052; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|re2879cb0a894e61789c1fce5dbedaa51e|02|in"; nocase; ) # de5f24f9a3a7bd17573ba628715aaeb81d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023053; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de5f24f9a3a7bd17573ba628715aaeb81d|02|ws"; nocase; ) # ob97cb3d7b93096779b3fce8f90869e431.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023054; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ob97cb3d7b93096779b3fce8f90869e431|02|hk"; nocase; ) # aba59bc2a05cecf58909dd29252bbbbdce.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023055; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aba59bc2a05cecf58909dd29252bbbbdce|02|cc"; nocase; ) # ide1bbf8aab773a361c7e3bfb412c32358.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023056; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ide1bbf8aab773a361c7e3bfb412c32358|02|cc"; nocase; ) # l9c0be3ebdd2780690f8e684a653e5a8be.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023057; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9c0be3ebdd2780690f8e684a653e5a8be|02|in"; nocase; ) # qa69496c9cdbc86c4c48e589ed32ac7647.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023058; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qa69496c9cdbc86c4c48e589ed32ac7647|02|cc"; nocase; ) # ue434d3d57ccace3a3e2465edac831bea2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023059; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue434d3d57ccace3a3e2465edac831bea2|02|hk"; nocase; ) # x50339c1ca2ab763771eee3538fe2d609a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023060; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x50339c1ca2ab763771eee3538fe2d609a|02|so"; nocase; ) # c584553e72ae0546fee10efeed43f134d2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023061; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c584553e72ae0546fee10efeed43f134d2|02|hk"; nocase; ) # o5e6815144bfbab12bcc4078aa30cf1698.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023062; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5e6815144bfbab12bcc4078aa30cf1698|02|cc"; nocase; ) # bd87c16abc8a762235cb5dd9d79a1cb885.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023063; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd87c16abc8a762235cb5dd9d79a1cb885|02|cn"; nocase; ) # d83229970680690ce48ba4f8b381cbe1d8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023064; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d83229970680690ce48ba4f8b381cbe1d8|02|so"; nocase; ) # j449436391b8a360a2267e25a41e20078e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023065; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j449436391b8a360a2267e25a41e20078e|02|cn"; nocase; ) # od02b8f79da987d1209278aabc590b3560.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023066; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od02b8f79da987d1209278aabc590b3560|02|to"; nocase; ) # t2e41c25c5ac9238e94c1509f66017426d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023067; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t2e41c25c5ac9238e94c1509f66017426d|02|so"; nocase; ) # ddc278221d49253275c885455c0bca8be8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023068; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ddc278221d49253275c885455c0bca8be8|02|ws"; nocase; ) # e52f3e9fa4204160b4bb23f769931953d4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023069; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e52f3e9fa4204160b4bb23f769931953d4|02|to"; nocase; ) # f773a9f40d8c9f193ba46b7e838f24a29d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023070; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f773a9f40d8c9f193ba46b7e838f24a29d|02|in"; nocase; ) # o8b0074c679e3c1b2b81c828c0d9a30431.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023071; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8b0074c679e3c1b2b81c828c0d9a30431|02|hk"; nocase; ) # r0ea4174c169cc36c76f82a26061d7f408.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023072; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r0ea4174c169cc36c76f82a26061d7f408|02|so"; nocase; ) # se1ad0abb95248ea8db4487381ca2e9d55.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023073; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|se1ad0abb95248ea8db4487381ca2e9d55|02|cc"; nocase; ) # u6e6bda0aa82e0d4c5d9cdfbfd8baef6f7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023074; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u6e6bda0aa82e0d4c5d9cdfbfd8baef6f7|02|to"; nocase; ) # dd8c3e829a13fba873fdd9b70b01455418.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023075; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd8c3e829a13fba873fdd9b70b01455418|02|in"; nocase; ) # ke8403ddb3119a15908abdd4cbb0d5e991.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023076; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke8403ddb3119a15908abdd4cbb0d5e991|02|to"; nocase; ) # pb0dabdb5621c96cf5495154638b511f68.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023077; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb0dabdb5621c96cf5495154638b511f68|02|so"; nocase; ) # sd9397325e38dec2b8fd6305285af9a23e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023078; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sd9397325e38dec2b8fd6305285af9a23e|02|to"; nocase; ) # q5594448831e180344e6d46223a9ff50b4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023079; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5594448831e180344e6d46223a9ff50b4|02|to"; nocase; ) # r2b3ef3cf8bc2aa2ff016f1a1d54e68364.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023080; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2b3ef3cf8bc2aa2ff016f1a1d54e68364|02|in"; nocase; ) # sf0828daaa140967bc092e1704aa9b0a44.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023081; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sf0828daaa140967bc092e1704aa9b0a44|02|hk"; nocase; ) # hf0a55a133f6552776fcc89cec4548dcec.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023082; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf0a55a133f6552776fcc89cec4548dcec|02|in"; nocase; ) # j381b35c4c6a3d18ea7b7f3b132420326e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023083; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j381b35c4c6a3d18ea7b7f3b132420326e|02|cn"; nocase; ) # kbf5d83d9ddf1b656ab818498fa00cf880.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023084; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kbf5d83d9ddf1b656ab818498fa00cf880|02|tk"; nocase; ) # rebc5fda04f96df19e4a830fa08a8822e4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023085; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rebc5fda04f96df19e4a830fa08a8822e4|02|cn"; nocase; ) # v7a9b94a41e42e1bfb18db713efcbbd783.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023086; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7a9b94a41e42e1bfb18db713efcbbd783|02|ws"; nocase; ) # xcaed5ece1822482fc3b522bda22f08e50.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023087; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xcaed5ece1822482fc3b522bda22f08e50|02|in"; nocase; ) # d704fe49657cb44f103233ce2e172600fb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023088; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d704fe49657cb44f103233ce2e172600fb|02|ws"; nocase; ) # r2b36680ad3011d2c721f4caa711c05517.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023089; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2b36680ad3011d2c721f4caa711c05517|02|so"; nocase; ) # v78a0969597a8ea5c1ec4b66321839142a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023090; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v78a0969597a8ea5c1ec4b66321839142a|02|in"; nocase; ) # b918cbccc3f5beca54f5da71eca88016dd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023091; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b918cbccc3f5beca54f5da71eca88016dd|02|ws"; nocase; ) # d8be996dfb5af7e98b854b4f76dbd5df99.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023092; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8be996dfb5af7e98b854b4f76dbd5df99|02|in"; nocase; ) # h7c27f50fffa89640c51c08fbfa54f2257.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023093; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h7c27f50fffa89640c51c08fbfa54f2257|02|so"; nocase; ) # u577b847615547634b73c243890e328f92.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023094; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u577b847615547634b73c243890e328f92|02|hk"; nocase; ) # x76cdf7e7dd67cbe5e589f8a1cd1d8a58e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023095; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x76cdf7e7dd67cbe5e589f8a1cd1d8a58e|02|so"; nocase; ) # z77cb2a7440ea6808abbf1b87237707ed4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023096; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z77cb2a7440ea6808abbf1b87237707ed4|02|ws"; nocase; ) # ac50584d0811785e22822b259e29804a41.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023097; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ac50584d0811785e22822b259e29804a41|02|to"; nocase; ) # k0ad5c77852fe94cbb1ab1daa4b838a2ee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023098; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k0ad5c77852fe94cbb1ab1daa4b838a2ee|02|hk"; nocase; ) # s83abe3d87b5e63e73470cec797339629c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023099; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s83abe3d87b5e63e73470cec797339629c|02|hk"; nocase; ) # uabc9b163a1a7a308c9351cd5af10e9129.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023100; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uabc9b163a1a7a308c9351cd5af10e9129|02|tk"; nocase; ) # y763bd11bc656fa6c7d4efc3e5aefe7736.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023101; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y763bd11bc656fa6c7d4efc3e5aefe7736|02|to"; nocase; ) # d64d07e6dc88aa544a6882b7eee63e71ec.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023102; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d64d07e6dc88aa544a6882b7eee63e71ec|02|so"; nocase; ) # qb29fb7abd44058293e96baf943db49815.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023103; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb29fb7abd44058293e96baf943db49815|02|hk"; nocase; ) # s8b8b55505b9b38ba9e5d09deda3b3af19.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023104; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8b8b55505b9b38ba9e5d09deda3b3af19|02|tk"; nocase; ) # a2c8fcb92d065df56dd2e99c9bee1a720d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023105; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a2c8fcb92d065df56dd2e99c9bee1a720d|02|tk"; nocase; ) # df23dd19bd40cb7b5cb818565827cebc2d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023106; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df23dd19bd40cb7b5cb818565827cebc2d|02|ws"; nocase; ) # fd9081570425e72c12b5f47cda1dadf565.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023107; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fd9081570425e72c12b5f47cda1dadf565|02|in"; nocase; ) # m1537c44c3873674e2e4c7f2bca6f5af38.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023108; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m1537c44c3873674e2e4c7f2bca6f5af38|02|to"; nocase; ) # pef2c1a6af48f639b6f6a4f123a316ac97.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023109; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pef2c1a6af48f639b6f6a4f123a316ac97|02|cn"; nocase; ) # rcc42fdd7213561a1c2916aa900d0cc367.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023110; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rcc42fdd7213561a1c2916aa900d0cc367|02|so"; nocase; ) # tf79f082c05e148b12a522eee8b6e0c379.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023111; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf79f082c05e148b12a522eee8b6e0c379|02|ws"; nocase; ) # a4a811fa51d6fbd82c6f401d0ab4a97ae5.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023112; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4a811fa51d6fbd82c6f401d0ab4a97ae5|02|cc"; nocase; ) # c185eca7b979989ba2bce0f91934805dcc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023113; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c185eca7b979989ba2bce0f91934805dcc|02|to"; nocase; ) # i2d62b3718c561897dcad817a348b1b0d1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023114; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2d62b3718c561897dcad817a348b1b0d1|02|cc"; nocase; ) # j004e2abcaa3a990f7e454a6d81ed883a0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023115; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j004e2abcaa3a990f7e454a6d81ed883a0|02|ws"; nocase; ) # kb004ba624ecdd8ce47cd027184d6629e4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023116; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kb004ba624ecdd8ce47cd027184d6629e4|02|to"; nocase; ) # m38b8fc48bf5d6890d9ee184d8b69bdb87.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023117; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m38b8fc48bf5d6890d9ee184d8b69bdb87|02|hk"; nocase; ) # nd2c318715502c6d9fff83c388b6e12027.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023118; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd2c318715502c6d9fff83c388b6e12027|02|cn"; nocase; ) # qe981e623b820b1bc9edd6a261e7624723.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023119; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe981e623b820b1bc9edd6a261e7624723|02|cc"; nocase; ) # u724dd8e2126710caa7265daacbc4ff7e7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023120; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u724dd8e2126710caa7265daacbc4ff7e7|02|hk"; nocase; ) # bc7d1166c9be8f473dec59ec1280352aa7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023121; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bc7d1166c9be8f473dec59ec1280352aa7|02|in"; nocase; ) # cbe852365f62a194883c132260d4d27bd3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023122; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cbe852365f62a194883c132260d4d27bd3|02|hk"; nocase; ) # d83cbb8b97cc4d11435e062accb43d4025.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023123; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d83cbb8b97cc4d11435e062accb43d4025|02|cn"; nocase; ) # le91931152f521252f4b88aebaf8a7cc07.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023124; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le91931152f521252f4b88aebaf8a7cc07|02|cn"; nocase; ) # n9f5cbbd3a97adca36636abb7453fd3bd5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023125; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9f5cbbd3a97adca36636abb7453fd3bd5|02|so"; nocase; ) # pb2edb789c3192d0315f33989cb84049b7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023126; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb2edb789c3192d0315f33989cb84049b7|02|ws"; nocase; ) # r1a1b95ed315d60e70ce4424674b78b808.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023127; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r1a1b95ed315d60e70ce4424674b78b808|02|in"; nocase; ) # v2f72cef0fc4b6cb73fef2ee8d6508323d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023128; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2f72cef0fc4b6cb73fef2ee8d6508323d|02|so"; nocase; ) # xa4b871e7390a64e4bd941001d485269b8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023129; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa4b871e7390a64e4bd941001d485269b8|02|ws"; nocase; ) # jdde1a84d2be26c7073b5935e3bb59258e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023130; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jdde1a84d2be26c7073b5935e3bb59258e|02|cn"; nocase; ) # r9f43e3e5beab69125ddcd0e64bfed8923.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023131; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9f43e3e5beab69125ddcd0e64bfed8923|02|cn"; nocase; ) # sda77e05de788516d176706d5a698db57b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023132; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sda77e05de788516d176706d5a698db57b|02|tk"; nocase; ) # tb3e171c740cc4d14340a345d0fe322323.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023133; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb3e171c740cc4d14340a345d0fe322323|02|so"; nocase; ) # cca31e20e336c09e0f4f7de7e61b021f1e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023134; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cca31e20e336c09e0f4f7de7e61b021f1e|02|cc"; nocase; ) # ff4a9b6b8280d05425ed3902fc6fd50c09.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023135; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ff4a9b6b8280d05425ed3902fc6fd50c09|02|in"; nocase; ) # ia3a2826613462c4ca34e09fe14c3baca2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023136; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia3a2826613462c4ca34e09fe14c3baca2|02|tk"; nocase; ) # m107fcbc027923e603f2623562c95431a5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023137; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m107fcbc027923e603f2623562c95431a5|02|to"; nocase; ) # s8b76a386448c7b7519ce7bf035198e428.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023138; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8b76a386448c7b7519ce7bf035198e428|02|cc"; nocase; ) # w5ed718eb53bc8895b9089485470b806b6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023139; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5ed718eb53bc8895b9089485470b806b6|02|hk"; nocase; ) # yb4ec320c6f0fd9a4ca95fc7744fe3d69e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023140; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yb4ec320c6f0fd9a4ca95fc7744fe3d69e|02|tk"; nocase; ) # z5936cff6be55398b5d9585b8ca066da52.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023141; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z5936cff6be55398b5d9585b8ca066da52|02|so"; nocase; ) # c11f414456d63b4ea4ceccef8a67239820.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023142; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c11f414456d63b4ea4ceccef8a67239820|02|to"; nocase; ) # hd75362466cdd903346a3ef80779afbed1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023143; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd75362466cdd903346a3ef80779afbed1|02|so"; nocase; ) # i69e9d6102c096071efae5d97bb817911c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023144; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i69e9d6102c096071efae5d97bb817911c|02|cc"; nocase; ) # jc737f3d08d3b4fbb7bbd3f72db041e4fc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023145; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc737f3d08d3b4fbb7bbd3f72db041e4fc|02|ws"; nocase; ) # k090a832607fe50a7ed412a82e9ad00841.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023146; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k090a832607fe50a7ed412a82e9ad00841|02|to"; nocase; ) # o97c65714d9b76eaff845d563b7f2b7860.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023147; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o97c65714d9b76eaff845d563b7f2b7860|02|tk"; nocase; ) # ue0f8c0993150bb7a6c1c8d08669250142.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023148; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue0f8c0993150bb7a6c1c8d08669250142|02|hk"; nocase; ) # y9550c4019343ef7e5ddc703c657947a3a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023149; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9550c4019343ef7e5ddc703c657947a3a|02|cc"; nocase; ) # a45f287fdb344149dd6b1f4ae33a012385.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023150; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a45f287fdb344149dd6b1f4ae33a012385|02|to"; nocase; ) # d45e8180026611df768fe6e44ba472cf37.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023151; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d45e8180026611df768fe6e44ba472cf37|02|cn"; nocase; ) # ec2d2dd033fc25708e26aea427ed639e85.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023152; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec2d2dd033fc25708e26aea427ed639e85|02|tk"; nocase; ) # fe45a9a49cb138564a2986ce768164e550.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023153; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe45a9a49cb138564a2986ce768164e550|02|so"; nocase; ) # j11b63c2a0a02b44870395ead46153195c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023154; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j11b63c2a0a02b44870395ead46153195c|02|in"; nocase; ) # kb6d61baf9f5200da13f6f66a5413c38a5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023155; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kb6d61baf9f5200da13f6f66a5413c38a5|02|hk"; nocase; ) # ub7dba74551a357e38f3628d448ea0ec88.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023156; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub7dba74551a357e38f3628d448ea0ec88|02|tk"; nocase; ) # c53fc4daab748fb96df64ef788a9e69b98.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023157; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c53fc4daab748fb96df64ef788a9e69b98|02|tk"; nocase; ) # e3b8697a6495b5360cd1225d00a8047c23.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023158; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e3b8697a6495b5360cd1225d00a8047c23|02|cc"; nocase; ) # cf86fe98f39ea630101d8398c1128bdd0a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023159; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cf86fe98f39ea630101d8398c1128bdd0a|02|to"; nocase; ) # fe5882be1fac241e13821869059023bca9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023160; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe5882be1fac241e13821869059023bca9|02|cn"; nocase; ) # g66e2a2e4d66ed56086e60e6917b11c29e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023161; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g66e2a2e4d66ed56086e60e6917b11c29e|02|tk"; nocase; ) # id6980631f3a844cc13d3a3680ed907828.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023162; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id6980631f3a844cc13d3a3680ed907828|02|cc"; nocase; ) # k82915088586d4817910f0b9e6109f608f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023163; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k82915088586d4817910f0b9e6109f608f|02|to"; nocase; ) # q19f15c6c3d314e358d56b516f9f167531.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023164; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q19f15c6c3d314e358d56b516f9f167531|02|to"; nocase; ) # cef197cd67b3619f4eda332132de877aa2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023165; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cef197cd67b3619f4eda332132de877aa2|02|tk"; nocase; ) # f1f440049f46496a2dd1f10f68e8e35591.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023166; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1f440049f46496a2dd1f10f68e8e35591|02|ws"; nocase; ) # i2803382653e809c3b4015dd45e32372dd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023167; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2803382653e809c3b4015dd45e32372dd|02|hk"; nocase; ) # k9441a98edb72c68714e436c8684bb3da6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023168; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k9441a98edb72c68714e436c8684bb3da6|02|tk"; nocase; ) # l23eba52b7ceadd94c5d6882a3fad009c1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023169; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l23eba52b7ceadd94c5d6882a3fad009c1|02|so"; nocase; ) # r1f9cb250e78543062b2b49518bbec9ccd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023170; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r1f9cb250e78543062b2b49518bbec9ccd|02|cn"; nocase; ) # sc1a974a442ecc8d3d896641eb985a92a6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023171; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sc1a974a442ecc8d3d896641eb985a92a6|02|tk"; nocase; ) # web0b7d495d219cf545b6d56956ef2780f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023172; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|web0b7d495d219cf545b6d56956ef2780f|02|to"; nocase; ) # y644653ef266cda702661cc15875de5061.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023173; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y644653ef266cda702661cc15875de5061|02|hk"; nocase; ) # rc9b0a7266c4eb1fe1bcad90eeb0fddfad.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023174; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc9b0a7266c4eb1fe1bcad90eeb0fddfad|02|so"; nocase; ) # v5f45e51a5c4903385f8e6fc68a374341b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023175; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v5f45e51a5c4903385f8e6fc68a374341b|02|in"; nocase; ) # y5efeb38ed7c72550166211f57e89a471c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023176; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y5efeb38ed7c72550166211f57e89a471c|02|tk"; nocase; ) # h0baac249d2c138ba8dee62b9eb1c835a7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023177; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h0baac249d2c138ba8dee62b9eb1c835a7|02|so"; nocase; ) # m9e4ba3ecd17e68af6e473d144d09ee733.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023178; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m9e4ba3ecd17e68af6e473d144d09ee733|02|hk"; nocase; ) # n4b1bcacc5ef2f9ac9a63ad8e5e4e8c382.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023179; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n4b1bcacc5ef2f9ac9a63ad8e5e4e8c382|02|cn"; nocase; ) # uf5e2d8a74989dc2741d46ae2f757c47ac.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023180; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf5e2d8a74989dc2741d46ae2f757c47ac|02|hk"; nocase; ) # d0fbb6792ab70aa5373d1a1e003e9231a4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023181; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0fbb6792ab70aa5373d1a1e003e9231a4|02|cn"; nocase; ) # f21d9b72a791d79d4fea154f1bd5a4789e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023182; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f21d9b72a791d79d4fea154f1bd5a4789e|02|so"; nocase; ) # pc40ac51f3d413f9bc0ecebb02d0edd899.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023183; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc40ac51f3d413f9bc0ecebb02d0edd899|02|ws"; nocase; ) # q1c9b06ea10cf138e77b76c7f3dda8cce5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023184; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1c9b06ea10cf138e77b76c7f3dda8cce5|02|to"; nocase; ) # w4cfd1475950a51f8f5c3b163f07bb2cd8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023185; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w4cfd1475950a51f8f5c3b163f07bb2cd8|02|cc"; nocase; ) # x4b2f77be49cbb64b29d0fe39114e5a4b7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023186; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4b2f77be49cbb64b29d0fe39114e5a4b7|02|ws"; nocase; ) # y10532627c230bdc785634559f0ed393a7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023187; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y10532627c230bdc785634559f0ed393a7|02|to"; nocase; ) # a3976c87dd6fab9640067328ddba6ec539.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023188; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a3976c87dd6fab9640067328ddba6ec539|02|hk"; nocase; ) # le7f7b0dc101a5ff9f02126b3fbbeca073.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023189; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le7f7b0dc101a5ff9f02126b3fbbeca073|02|so"; nocase; ) # n984773e5fa74c9a0c9fb4b9bacc8fd1be.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023190; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n984773e5fa74c9a0c9fb4b9bacc8fd1be|02|ws"; nocase; ) # y33f64a6346456ec34d1b1cd73d580fd00.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023191; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y33f64a6346456ec34d1b1cd73d580fd00|02|hk"; nocase; ) # a4cb055ea9549e6be09f513c4482c23e11.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023192; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4cb055ea9549e6be09f513c4482c23e11|02|tk"; nocase; ) # ba20c0c5313ca44ba89d0e4103dc39f430.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023193; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ba20c0c5313ca44ba89d0e4103dc39f430|02|so"; nocase; ) # ffffc7077f462c99fde615c1956f345c3e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023194; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ffffc7077f462c99fde615c1956f345c3e|02|in"; nocase; ) # le83db1f1cbf5089d49b89b76e4bcb79c2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023195; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le83db1f1cbf5089d49b89b76e4bcb79c2|02|ws"; nocase; ) # vd172b6b0daa75748c7df09733ce32181f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023196; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd172b6b0daa75748c7df09733ce32181f|02|in"; nocase; ) # wb73ed5cc91dc43aff43301484a84d6514.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023197; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb73ed5cc91dc43aff43301484a84d6514|02|hk"; nocase; ) # z7c21f7428674e8ddd5ab6e6c891e430f5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023198; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z7c21f7428674e8ddd5ab6e6c891e430f5|02|so"; nocase; ) # i6db26ae1af7816cf4a929dcfde8914b15.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023199; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i6db26ae1af7816cf4a929dcfde8914b15|02|cc"; nocase; ) # p19cf2d4ed8fe34781ca3e630327aa3d79.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023200; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p19cf2d4ed8fe34781ca3e630327aa3d79|02|so"; nocase; ) # y0668f68d3210120eb43f710826ecd4d1e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023201; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y0668f68d3210120eb43f710826ecd4d1e|02|cc"; nocase; ) # a0673c07425d1d609fad5f718d4dcaa298.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023202; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0673c07425d1d609fad5f718d4dcaa298|02|to"; nocase; ) # f5a12167c88b34c09fad6edd9a5e796026.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023203; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5a12167c88b34c09fad6edd9a5e796026|02|so"; nocase; ) # g3fce7c62c55e6fae4c3dcb9a62e5b2144.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023204; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g3fce7c62c55e6fae4c3dcb9a62e5b2144|02|cc"; nocase; ) # hece1a277551ccee2edefa694c2b847e60.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023205; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hece1a277551ccee2edefa694c2b847e60|02|ws"; nocase; ) # l33277e695c3d0943f5ad6556305f87ea9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023206; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l33277e695c3d0943f5ad6556305f87ea9|02|cn"; nocase; ) # maf07550fd751261c95443eebd07e37e2a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023207; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|maf07550fd751261c95443eebd07e37e2a|02|tk"; nocase; ) # nf1c182c33bf8f8e5c3098807a9bfcb9d3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023208; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nf1c182c33bf8f8e5c3098807a9bfcb9d3|02|so"; nocase; ) # q5601355c98aa605176214a826cd5919af.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023209; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5601355c98aa605176214a826cd5919af|02|to"; nocase; ) # x332e189e774f2a5d49008c64f01c980f6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023210; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x332e189e774f2a5d49008c64f01c980f6|02|ws"; nocase; ) # y1a574339c63652f9e040b630d7a7e71c9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023211; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1a574339c63652f9e040b630d7a7e71c9|02|to"; nocase; ) # z5313303082af80aa4327b06d0f5466868.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023212; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z5313303082af80aa4327b06d0f5466868|02|in"; nocase; ) # kcb4027fe36daf698a38f43008b544ba6b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023213; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kcb4027fe36daf698a38f43008b544ba6b|02|tk"; nocase; ) # l6006f4e20cf06fd6c55d84984174ead60.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023214; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6006f4e20cf06fd6c55d84984174ead60|02|so"; nocase; ) # o96134701bd744cf94461425b04038e64c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023215; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o96134701bd744cf94461425b04038e64c|02|to"; nocase; ) # v6e216e7b45fc9390bca1b3e4897098b90.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023216; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v6e216e7b45fc9390bca1b3e4897098b90|02|ws"; nocase; ) # xb2a8b2a52de194d3066c3ebf2b789c91f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023217; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb2a8b2a52de194d3066c3ebf2b789c91f|02|in"; nocase; ) # zfda4bb3415a3a94171c08689f0f9ef9a2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023218; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zfda4bb3415a3a94171c08689f0f9ef9a2|02|cn"; nocase; ) # fcfef824e16f89bb8c2a48f53281d2031f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023219; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fcfef824e16f89bb8c2a48f53281d2031f|02|in"; nocase; ) # l93ff544bda4e70f385b5d922919dcc7b5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023220; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l93ff544bda4e70f385b5d922919dcc7b5|02|ws"; nocase; ) # m096c9514fc699bd37625a8aa1d2c1a8fe.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023221; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m096c9514fc699bd37625a8aa1d2c1a8fe|02|to"; nocase; ) # n50e249addf02c206eea0a2b2e2b069a1c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023222; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n50e249addf02c206eea0a2b2e2b069a1c|02|in"; nocase; ) # s074598af1c4ad0209d4ee2ff850ca495b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023223; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s074598af1c4ad0209d4ee2ff850ca495b|02|cc"; nocase; ) # x9abf2a3350c248b721deea5daf15ed36e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023224; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9abf2a3350c248b721deea5daf15ed36e|02|cn"; nocase; ) # z6df8fbb205efd5be809753bd6b6b9edc5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023225; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6df8fbb205efd5be809753bd6b6b9edc5|02|so"; nocase; ) # ef4e518f7dab8b7b9bfb5155b074605d7b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023226; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef4e518f7dab8b7b9bfb5155b074605d7b|02|hk"; nocase; ) # ke9406041a93d45c33ede770678e26580b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023227; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke9406041a93d45c33ede770678e26580b|02|to"; nocase; ) # me49504e213827ec4c841764d739ffe487.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023228; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me49504e213827ec4c841764d739ffe487|02|hk"; nocase; ) # 7jsb5r7pubklexk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023229; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7jsb5r7pubklexk|04|ddns|03|net"; nocase; ) # ufkx1d34e8ary8k6mdi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023230; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|ufkx1d34e8ary8k6mdi|04|ddns|03|net"; nocase; ) # 7l7xe8wjudwr1xm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023231; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7l7xe8wjudwr1xm|04|ddns|03|net"; nocase; ) # gf1n785nel7byho8qp5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023232; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|gf1n785nel7byho8qp5|04|ddns|03|net"; nocase; ) # m67xera0up1titw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023233; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|m67xera0up1titw|04|ddns|03|net"; nocase; ) # gxcdefm012gn3bo6k8e.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023234; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|gxcdefm012gn3bo6k8e|04|ddns|03|net"; nocase; ) # 7rk6s4af3x5jsnc0m8i.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023235; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|7rk6s4af3x5jsnc0m8i|04|ddns|03|net"; nocase; ) # kr54ihwnmbmp1vu6qnidqng.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023236; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|kr54ihwnmbmp1vu6qnidqng|04|ddns|03|net"; nocase; ) # 1r7pknq0glqva83vwdujudq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023237; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|1r7pknq0glqva83vwdujudq|04|ddns|03|net"; nocase; ) # gpu2s2ax34g8yhap5t5b5dc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023238; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|gpu2s2ax34g8yhap5t5b5dc|04|ddns|03|net"; nocase; ) # woemegqoiducr.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023239; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|woemegqoiducr|04|ddns|03|net"; nocase; ) # buquaknoxee.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023240; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|buquaknoxee|04|ddns|03|net"; nocase; ) # wiubollinamo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023241; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|wiubollinamo|04|ddns|03|net"; nocase; ) # olamnimia.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023242; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|olamnimia|04|ddns|03|net"; nocase; ) # sikokoohodt.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023243; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|sikokoohodt|04|ddns|03|net"; nocase; ) # astuquewihdowi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023244; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|astuquewihdowi|04|ddns|03|net"; nocase; ) # ilmepuwu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023245; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|ilmepuwu|04|ddns|03|net"; nocase; ) # ahxoawgu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023246; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|ahxoawgu|04|ddns|03|net"; nocase; ) # hoohseipi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023247; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|hoohseipi|04|ddns|03|net"; nocase; ) # xuoeizzdge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023248; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xuoeizzdge|03|com"; nocase; ) # uwtxaxpy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023249; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uwtxaxpy|03|biz"; nocase; ) # dzntwsbvptm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023250; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dzntwsbvptm|03|net"; nocase; ) # pxslyltrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023251; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pxslyltrg|03|net"; nocase; ) # varzgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023252; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|varzgz|03|com"; nocase; ) # ecbnmdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023253; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ecbnmdp|03|com"; nocase; ) # bufijsdvmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023254; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bufijsdvmq|03|org"; nocase; ) # nxwarfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023255; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nxwarfb|03|com"; nocase; ) # dgkuhgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023256; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dgkuhgd|03|com"; nocase; ) # cmjwcunuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023257; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cmjwcunuz|03|net"; nocase; ) # lnaljgarqza.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023258; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lnaljgarqza|04|info"; nocase; ) # htjgqlfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023259; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|htjgqlfe|03|com"; nocase; ) # kfprjlbix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023260; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kfprjlbix|03|com"; nocase; ) # bucdzrln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023261; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bucdzrln|03|org"; nocase; ) # vqugizbnckb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023262; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vqugizbnckb|03|org"; nocase; ) # zmgqxs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023263; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zmgqxs|04|info"; nocase; ) # xfyalxdqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023264; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xfyalxdqj|03|biz"; nocase; ) # abnpqhpqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023265; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|abnpqhpqj|03|biz"; nocase; ) # vfutrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023266; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vfutrz|03|net"; nocase; ) # fgigntqean.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023267; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fgigntqean|03|com"; nocase; ) # bbjfupuujbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023268; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bbjfupuujbw|03|com"; nocase; ) # idyqytla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023269; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|idyqytla|03|org"; nocase; ) # tlvnyutaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023270; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tlvnyutaz|03|com"; nocase; ) # ymnizs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023271; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ymnizs|04|info"; nocase; ) # syplurlqp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023272; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|syplurlqp|03|biz"; nocase; ) # hwtpjj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023273; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hwtpjj|03|org"; nocase; ) # ucoizz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023274; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ucoizz|04|info"; nocase; ) # unyrxkfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023275; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|unyrxkfk|03|com"; nocase; ) # ywxjwvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023276; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ywxjwvx|04|info"; nocase; ) # rejxyiipkmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023277; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rejxyiipkmq|03|org"; nocase; ) # jrijdny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023278; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jrijdny|03|biz"; nocase; ) # ihnbih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023279; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ihnbih|03|com"; nocase; ) # pvzdpjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023280; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pvzdpjv|03|org"; nocase; ) # qveigve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023281; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qveigve|04|info"; nocase; ) # qaadubvhw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023282; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qaadubvhw|03|com"; nocase; ) # lztvkpzltwc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023283; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lztvkpzltwc|04|info"; nocase; ) # pswycsnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023284; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pswycsnn|03|biz"; nocase; ) # uohypxtdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023285; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uohypxtdg|03|com"; nocase; ) # tzoxkyrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023286; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tzoxkyrp|03|net"; nocase; ) # whinciubxmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023287; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|whinciubxmj|03|org"; nocase; ) # akxtmdlnxiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023288; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|akxtmdlnxiy|03|com"; nocase; ) # dskuxrxyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023289; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dskuxrxyq|04|info"; nocase; ) # hisxrzgux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023290; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hisxrzgux|03|net"; nocase; ) # qyuxgbrefj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023291; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qyuxgbrefj|03|com"; nocase; ) # klbwqlvdezh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023292; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|klbwqlvdezh|04|info"; nocase; ) # habgigcnrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023293; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|habgigcnrh|03|net"; nocase; ) # jspwhbmqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023294; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jspwhbmqq|03|biz"; nocase; ) # atdikrvrhvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023295; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|atdikrvrhvs|04|info"; nocase; ) # kcknck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023296; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kcknck|03|com"; nocase; ) # cuwazmkpjnq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023297; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cuwazmkpjnq|03|biz"; nocase; ) # tsxvwhylnp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023298; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tsxvwhylnp|03|biz"; nocase; ) # lsvpege.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023299; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lsvpege|03|com"; nocase; ) # ynwymgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023300; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ynwymgi|03|com"; nocase; ) # sewxkqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023301; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sewxkqu|03|biz"; nocase; ) # zpnizzpfi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023302; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zpnizzpfi|03|com"; nocase; ) # yyjglhmodf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023303; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yyjglhmodf|03|com"; nocase; ) # tpsfwyyekqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023304; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tpsfwyyekqh|03|biz"; nocase; ) # ubqkbrszdkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023305; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ubqkbrszdkb|03|org"; nocase; ) # cmdzrxsks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023306; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cmdzrxsks|03|org"; nocase; ) # syfdrliej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023307; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|syfdrliej|03|com"; nocase; ) # lxjyrrand.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023308; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lxjyrrand|03|biz"; nocase; ) # wqjhelzxlnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023309; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wqjhelzxlnx|03|biz"; nocase; ) # meplxvlrjys.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023310; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|meplxvlrjys|04|info"; nocase; ) # bjrqfcdqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023311; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bjrqfcdqu|03|biz"; nocase; ) # wfsnsbysly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023312; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wfsnsbysly|03|org"; nocase; ) # ivjpegdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023313; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ivjpegdf|03|com"; nocase; ) # olpgjsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023314; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|olpgjsf|03|net"; nocase; ) # jwmjzpbnlld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023315; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jwmjzpbnlld|03|org"; nocase; ) # fkivjrwzdsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023316; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fkivjrwzdsx|03|net"; nocase; ) # lepxdthxx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023317; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lepxdthxx|04|info"; nocase; ) # noanhxyrbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023318; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|noanhxyrbg|03|com"; nocase; ) # ebupoidmmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023319; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ebupoidmmq|03|org"; nocase; ) # izgqfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023320; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|izgqfj|03|com"; nocase; ) # nukoxjwdhsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023321; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nukoxjwdhsh|03|net"; nocase; ) # kbedckya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023322; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kbedckya|04|info"; nocase; ) # xtkoimjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023323; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xtkoimjp|03|org"; nocase; ) # pkyjwgsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023324; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pkyjwgsl|03|net"; nocase; ) # inczmff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023325; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|inczmff|03|com"; nocase; ) # vbmaeevn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023326; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vbmaeevn|04|info"; nocase; ) # jhutdjahwcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023327; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jhutdjahwcd|03|com"; nocase; ) # ebycuics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023328; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ebycuics|03|com"; nocase; ) # soyofk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023329; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|soyofk|03|com"; nocase; ) # ejdxffz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023330; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ejdxffz|03|com"; nocase; ) # pbqsourcmde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023331; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pbqsourcmde|03|com"; nocase; ) # emzjtoxcww.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023332; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|emzjtoxcww|04|info"; nocase; ) # xqsggqed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023333; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xqsggqed|03|com"; nocase; ) # ydjngckush.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023334; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ydjngckush|03|net"; nocase; ) # opqviebuhhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023335; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|opqviebuhhy|03|com"; nocase; ) # oabymrxd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023336; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|oabymrxd|04|info"; nocase; ) # gdeiuiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023337; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gdeiuiv|03|com"; nocase; ) # wkmkii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023338; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wkmkii|03|com"; nocase; ) # rypdsoiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023339; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rypdsoiy|03|com"; nocase; ) # bjmylvvpbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023340; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bjmylvvpbh|03|com"; nocase; ) # qjzdbtzgpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023341; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qjzdbtzgpk|03|biz"; nocase; ) # cvmkay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023342; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cvmkay|03|com"; nocase; ) # wfhzejxejwv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023343; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wfhzejxejwv|04|info"; nocase; ) # xsqiywhilb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023344; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xsqiywhilb|03|org"; nocase; ) # mrnnslykr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023345; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mrnnslykr|03|org"; nocase; ) # psynkyylsm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023346; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|psynkyylsm|03|net"; nocase; ) # ggrhlejhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023347; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ggrhlejhe|03|com"; nocase; ) # hjlmilsfbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023348; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hjlmilsfbq|03|com"; nocase; ) # tsbrkxict.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023349; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tsbrkxict|03|com"; nocase; ) # wtsaposdye.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023350; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wtsaposdye|04|info"; nocase; ) # uvodszkixzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023351; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uvodszkixzf|04|info"; nocase; ) # kuwsodpw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023352; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kuwsodpw|03|biz"; nocase; ) # hafkhocaamg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023353; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hafkhocaamg|03|org"; nocase; ) # sijuvoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023354; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sijuvoe|03|biz"; nocase; ) # dwyicjrcuss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023355; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dwyicjrcuss|03|net"; nocase; ) # xhrjyk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023356; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xhrjyk|04|info"; nocase; ) # chwqjwmabe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023357; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|chwqjwmabe|03|com"; nocase; ) # jkbiacrwzxs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023358; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jkbiacrwzxs|04|info"; nocase; ) # ocprujhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023359; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ocprujhl|03|com"; nocase; ) # tceuteib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023360; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tceuteib|03|com"; nocase; ) # svcfwakl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023361; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|svcfwakl|03|org"; nocase; ) # iuveszhrb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023362; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iuveszhrb|03|net"; nocase; ) # acxmbgudtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023363; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|acxmbgudtn|03|net"; nocase; ) # tjsaowehwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023364; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tjsaowehwb|04|info"; nocase; ) # dpkxpb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023365; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dpkxpb|03|biz"; nocase; ) # ondlptwgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023366; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ondlptwgp|03|com"; nocase; ) # wvzcjhsp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023367; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wvzcjhsp|03|net"; nocase; ) # uylgery.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023368; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uylgery|03|net"; nocase; ) # ogfbblme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023369; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ogfbblme|03|org"; nocase; ) # dekmrxy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023370; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dekmrxy|04|info"; nocase; ) # lcpyzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023371; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lcpyzx|04|info"; nocase; ) # uagkeqcsphg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023372; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uagkeqcsphg|03|com"; nocase; ) # jeyfknbmxpp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023373; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jeyfknbmxpp|03|biz"; nocase; ) # jrtkvqxdbkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023374; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jrtkvqxdbkp|03|org"; nocase; ) # wjxozdroxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023375; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wjxozdroxw|04|info"; nocase; ) # jftpsdtoo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023376; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jftpsdtoo|03|biz"; nocase; ) # iraauxxhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023377; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iraauxxhc|03|com"; nocase; ) # ziczrdnk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023378; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ziczrdnk|03|biz"; nocase; ) # tkdutb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023379; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tkdutb|03|net"; nocase; ) # wutfkmmuf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023380; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wutfkmmuf|03|net"; nocase; ) # ndasmzqtebw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023381; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ndasmzqtebw|03|com"; nocase; ) # bbydwsmgbkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023382; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bbydwsmgbkh|03|org"; nocase; ) # vrtagbrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023383; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vrtagbrc|03|net"; nocase; ) # zwkbqnp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023384; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zwkbqnp|03|biz"; nocase; ) # ikejxh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023385; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ikejxh|04|info"; nocase; ) # kwfvcgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023386; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kwfvcgc|03|com"; nocase; ) # kagdetgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023387; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kagdetgn|03|com"; nocase; ) # oujwtwyuzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023388; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|oujwtwyuzi|04|info"; nocase; ) # nheoyhsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023389; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nheoyhsi|03|net"; nocase; ) # fnbmqur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023390; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fnbmqur|03|net"; nocase; ) # cgzcfzzcwub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023391; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cgzcfzzcwub|03|net"; nocase; ) # pezkjqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023392; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pezkjqk|03|biz"; nocase; ) # rxmripnki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023393; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rxmripnki|03|org"; nocase; ) # kqkfaqzphg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023394; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kqkfaqzphg|03|com"; nocase; ) # nbeaennseo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023395; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nbeaennseo|03|com"; nocase; ) # xclmhqfsun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023396; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xclmhqfsun|03|net"; nocase; ) # djnwjcfpzef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023397; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|djnwjcfpzef|03|com"; nocase; ) # tsvsfanbtwf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023398; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tsvsfanbtwf|04|info"; nocase; ) # tilidhvnrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023399; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tilidhvnrm|03|net"; nocase; ) # xldldmmxph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023400; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xldldmmxph|03|biz"; nocase; ) # guqbiecpvyg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023401; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|guqbiecpvyg|04|info"; nocase; ) # wdhnqtr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023402; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wdhnqtr|03|net"; nocase; ) # nzvhwyfkx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023403; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nzvhwyfkx|03|org"; nocase; ) # zibswyddyaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023404; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zibswyddyaa|03|com"; nocase; ) # dblnrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023405; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dblnrm|03|net"; nocase; ) # coocisvg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023406; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|coocisvg|04|info"; nocase; ) # yxzwdpjdiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023407; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yxzwdpjdiu|03|com"; nocase; ) # pbulwnnty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023408; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pbulwnnty|03|net"; nocase; ) # smlrru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023409; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|smlrru|03|net"; nocase; ) # krhbryxmtd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023410; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|krhbryxmtd|03|net"; nocase; ) # dwnarjwyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023411; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dwnarjwyf|04|info"; nocase; ) # mxdmajxjun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023412; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mxdmajxjun|03|net"; nocase; ) # aqpfwpzal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023413; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aqpfwpzal|03|com"; nocase; ) # xhtpsok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023414; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xhtpsok|03|biz"; nocase; ) # athstlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023415; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|athstlx|03|org"; nocase; ) # bicaaewvns.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023416; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bicaaewvns|03|biz"; nocase; ) # tbtegeuqwz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023417; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tbtegeuqwz|04|info"; nocase; ) # fchktjndul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023418; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fchktjndul|03|net"; nocase; ) # fpters.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023419; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fpters|03|net"; nocase; ) # gdpydsae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023420; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gdpydsae|03|com"; nocase; ) # tsceydxy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023421; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tsceydxy|04|info"; nocase; ) # zwxvyys.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023422; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zwxvyys|04|info"; nocase; ) # znnann.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023423; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|znnann|03|biz"; nocase; ) # uhfebxru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023424; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uhfebxru|03|net"; nocase; ) # gvdohmkobdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023425; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gvdohmkobdx|03|com"; nocase; ) # tpcmuubejot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023426; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tpcmuubejot|03|biz"; nocase; ) # edzixlejfys.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023427; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|edzixlejfys|04|info"; nocase; ) # kcxcxbylu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023428; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kcxcxbylu|03|org"; nocase; ) # vnznim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023429; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vnznim|03|com"; nocase; ) # xbznkgzntx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023430; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xbznkgzntx|03|net"; nocase; ) # bdaxcquqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023431; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bdaxcquqv|03|biz"; nocase; ) # fqfifjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023432; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fqfifjx|03|org"; nocase; ) # xjsnqyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023433; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xjsnqyl|04|info"; nocase; ) # ezeppzms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023434; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ezeppzms|03|org"; nocase; ) # mqmaem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023435; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mqmaem|03|com"; nocase; ) # hjklezv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023436; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hjklezv|04|info"; nocase; ) # fmsgacosyon.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023437; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fmsgacosyon|03|biz"; nocase; ) # rlnxycta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023438; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rlnxycta|03|net"; nocase; ) # xfzueipy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023439; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xfzueipy|03|biz"; nocase; ) # tpeixfbzfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023440; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tpeixfbzfm|03|com"; nocase; ) # dbehygzumr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023441; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dbehygzumr|03|org"; nocase; ) # lzxwucbyp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023442; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lzxwucbyp|04|info"; nocase; ) # rkaqes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023443; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rkaqes|03|com"; nocase; ) # ckwbzvi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023444; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ckwbzvi|04|info"; nocase; ) # ynegrxvxnwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023445; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ynegrxvxnwm|04|info"; nocase; ) # xalgoii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023446; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xalgoii|03|com"; nocase; ) # jyolonqiew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023447; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jyolonqiew|03|com"; nocase; ) # vszsikyo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023448; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vszsikyo|04|info"; nocase; ) # kasvtrui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023449; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kasvtrui|03|net"; nocase; ) # bvacmzfnuhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023450; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bvacmzfnuhz|03|com"; nocase; ) # tevkkgfts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023451; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tevkkgfts|03|net"; nocase; ) # kbjmhmdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023452; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kbjmhmdw|03|com"; nocase; ) # yqrwkwgotvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023453; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yqrwkwgotvu|04|info"; nocase; ) # fqwxmabj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023454; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fqwxmabj|03|com"; nocase; ) # kefofkaabmamffno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023455; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kefofkaabmamffno|03|com"; nocase; ) # abkfmldcddlcddla.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023456; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|abkfmldcddlcddla|02|co"; nocase; ) # dodaenkmllodbboc.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023457; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dodaenkmllodbboc|02|co"; nocase; ) # ckmdcacfndaaoalc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023458; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ckmdcacfndaaoalc|02|eu"; nocase; ) # nadlcdfdolfaonod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023459; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nadlcdfdolfaonod|03|com"; nocase; ) # monmbkadeafboafn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023460; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|monmbkadeafboafn|04|info"; nocase; ) # nadadabnkfclfama.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023461; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nadadabnkfclfama|03|org"; nocase; ) # cebdaddabmkdfaff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023462; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cebdaddabmkdfaff|03|com"; nocase; ) # bmkdcannbdbcfboa.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023463; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmkdcannbdbcfboa|02|co"; nocase; ) # nbbfendaabdafdkb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023464; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nbbfendaabdafdkb|02|co|02|uk"; nocase; ) # mldcfakaekabmccf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023465; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mldcfakaekabmccf|03|net"; nocase; ) # oloeffcaenfbeolm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023466; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|oloeffcaenfbeolm|03|com"; nocase; ) # dllamalcafmdcdfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023467; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dllamalcafmdcdfe|03|com"; nocase; ) # leadfaaffmfcflnb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023468; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|leadfaaffmfcflnb|03|net"; nocase; ) # fdldeddonfmbaacc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023469; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdldeddonfmbaacc|02|cc"; nocase; ) # fdnoadfaeakoefee.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023470; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdnoadfaeakoefee|06|online"; nocase; ) # oadebdaobbcacada.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023471; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|oadebdaobbcacada|03|net"; nocase; ) # omfekccdcbolaaea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023472; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|omfekccdcbolaaea|03|com"; nocase; ) # lkceanndldfdcfbn.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023473; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lkceanndldfdcfbn|02|de"; nocase; ) # mlfaccnfobdbnbcf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023474; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mlfaccnfobdbnbcf|02|eu"; nocase; ) # bbnabnaecacadnfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023475; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bbnabnaecacadnfa|03|com"; nocase; ) # cnckkcaonabablda.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023476; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cnckkcaonabablda|06|online"; nocase; ) # dmnaccclfdbkcckn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023477; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dmnaccclfdbkcckn|03|com"; nocase; ) # fpfpir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023478; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fpfpir|03|com"; nocase; ) # nofqhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023479; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nofqhd|03|com"; nocase; ) # seelsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023480; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|seelsy|03|com"; nocase; ) # zztjuu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023481; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zztjuu|03|com"; nocase; ) # meicab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023482; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|meicab|03|com"; nocase; ) # iaxahb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023483; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iaxahb|03|com"; nocase; ) # cosymz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023484; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cosymz|03|com"; nocase; ) # gmjtjr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023485; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gmjtjr|03|com"; nocase; ) # ocokkh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023486; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ocokkh|03|com"; nocase; ) # ufcmyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023487; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ufcmyc|03|com"; nocase; ) # sdludt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023488; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|sdludt|03|com"; nocase; ) # oxyspx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023489; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oxyspx|03|com"; nocase; ) # wvwuib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023490; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wvwuib|03|com"; nocase; ) # ckweiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023491; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ckweiy|03|com"; nocase; ) # umimrp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023492; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|umimrp|03|com"; nocase; ) # eihuob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023493; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eihuob|03|com"; nocase; ) # wcoydn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023494; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wcoydn|03|com"; nocase; ) # ewsgjl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023495; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ewsgjl|03|com"; nocase; ) # wmyota.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023496; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wmyota|03|com"; nocase; ) # ceauoy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023497; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ceauoy|03|com"; nocase; ) # fhkowh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023498; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fhkowh|03|com"; nocase; ) # homhkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023499; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|homhkm|03|com"; nocase; ) # dhufxo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023500; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dhufxo|03|com"; nocase; ) # ubdorg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023501; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ubdorg|03|com"; nocase; ) # cqhcqsoohoxrofnt.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023502; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|cqhcqsoohoxrofnt|02|su"; nocase; ) # afwaoml.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023503; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|afwaoml|02|su"; nocase; ) # ibnpvbqb.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023504; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ibnpvbqb|03|xyz"; nocase; ) # crmiimkmr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023505; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|crmiimkmr|04|info"; nocase; ) # kwvqdurtwtxginwgv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023506; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|kwvqdurtwtxginwgv|02|ru"; nocase; ) # iqhfbjusykaie.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023507; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|iqhfbjusykaie|03|biz"; nocase; ) # jvsukakehuc.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023508; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|jvsukakehuc|03|xyz"; nocase; ) # nrbsckho.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023509; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|nrbsckho|02|su"; nocase; ) # ibvlnmqemluqknxve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023510; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ibvlnmqemluqknxve|04|info"; nocase; ) # ehwikaamipduhga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023511; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|ehwikaamipduhga|03|org"; nocase; ) # bjisjhggws.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023512; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|bjisjhggws|03|xyz"; nocase; ) # vansnxnkljo.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023513; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|vansnxnkljo|02|pl"; nocase; ) # ucffvtfq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023514; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ucffvtfq|02|ru"; nocase; ) # uwrjjfktnuh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023515; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|uwrjjfktnuh|02|ru"; nocase; ) # aewtdeujeclgw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023516; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|aewtdeujeclgw|04|work"; nocase; ) # awveydotenqgrkvgn.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023517; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|awveydotenqgrkvgn|02|su"; nocase; ) # lpbylywmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023518; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|lpbylywmm|03|org"; nocase; ) # qnjihutaqtfirld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023519; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|qnjihutaqtfirld|03|org"; nocase; ) # ynvpkckjwxatbujk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023520; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ynvpkckjwxatbujk|02|ru"; nocase; ) # nysjiisw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023521; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|nysjiisw|02|ru"; nocase; ) # vpxffwkpbnmeqalu.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023522; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|vpxffwkpbnmeqalu|05|click"; nocase; ) # sgsudnc.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023523; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|sgsudnc|04|work"; nocase; ) # logryyxkixoxiwgp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023524; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|logryyxkixoxiwgp|02|su"; nocase; ) # ybrcmrpw.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023525; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ybrcmrpw|02|pw"; nocase; ) # eiifrjuaw.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023526; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|eiifrjuaw|02|pl"; nocase; ) # oftwhihdihx.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023527; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|oftwhihdihx|02|pl"; nocase; ) # tfoerynhafiauo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023528; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|tfoerynhafiauo|03|org"; nocase; ) # pnitvopikca.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023529; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|pnitvopikca|02|su"; nocase; ) # brprmpdjwjteehu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023530; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|brprmpdjwjteehu|03|org"; nocase; ) # ykiulclcygk.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023531; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ykiulclcygk|05|click"; nocase; ) # wcxvgttdsorgookv.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023532; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|wcxvgttdsorgookv|02|pw"; nocase; ) # yoqenmdmpesjab.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023533; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|yoqenmdmpesjab|03|xyz"; nocase; ) # vhcqfvensvlhu.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023534; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|vhcqfvensvlhu|02|pl"; nocase; ) # asyanvlhexkt.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023535; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|asyanvlhexkt|05|click"; nocase; ) # qhxfajqkpjx.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023536; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|qhxfajqkpjx|02|pl"; nocase; ) # bfeetukv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023537; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|bfeetukv|04|info"; nocase; ) # xagmuvqmsf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023538; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|xagmuvqmsf|02|ru"; nocase; ) # wwyavnjcfucxmkt.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023539; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|wwyavnjcfucxmkt|03|xyz"; nocase; ) # iyyvfxl.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023540; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|iyyvfxl|04|work"; nocase; ) # cavudvvqxsur.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023541; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|cavudvvqxsur|03|xyz"; nocase; ) # gyluaacd.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023542; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|gyluaacd|03|xyz"; nocase; ) # awkusvdjxr.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023543; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|awkusvdjxr|02|su"; nocase; ) # bjykvdxqpvadke.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023544; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|bjykvdxqpvadke|04|info"; nocase; ) # tclqxedbl.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023545; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|tclqxedbl|04|work"; nocase; ) # wghxqdtnqi.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023546; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|wghxqdtnqi|02|pw"; nocase; ) # tlyvkfnxjx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023547; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|tlyvkfnxjx|03|xyz"; nocase; ) # fhlqgyydqk.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023548; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|fhlqgyydqk|02|su"; nocase; ) # agshdgntluw.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023549; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|agshdgntluw|02|su"; nocase; ) # qreprqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023550; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|qreprqc|03|biz"; nocase; ) # rpagdswkrjdm.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023551; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|rpagdswkrjdm|02|pl"; nocase; ) # ltrkvmbtcvk.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023552; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ltrkvmbtcvk|05|click"; nocase; ) # gtwdsyxperydfldr.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023553; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|gtwdsyxperydfldr|05|click"; nocase; ) # bjlloctlgwumjt.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023554; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|bjlloctlgwumjt|02|pw"; nocase; ) # xecdehx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023555; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|xecdehx|02|ru"; nocase; ) # wlcforgwho.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023556; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|wlcforgwho|04|work"; nocase; ) # mvvgdvcrvueqdypi.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023557; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|mvvgdvcrvueqdypi|04|work"; nocase; ) # ljkdnxmplfohxxbl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023558; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ljkdnxmplfohxxbl|03|biz"; nocase; ) # awgiqlywtmyf.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023559; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|awgiqlywtmyf|03|xyz"; nocase; ) # vraouoreljwytjbba.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023560; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|vraouoreljwytjbba|03|xyz"; nocase; ) # ffwdenbfenrjjkgv.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023561; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ffwdenbfenrjjkgv|03|xyz"; nocase; ) # pgqlckiwv.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023562; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|pgqlckiwv|02|pl"; nocase; ) # ardgboftl.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023563; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ardgboftl|02|pl"; nocase; ) # hlxhpskcxrrueyv.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023564; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|hlxhpskcxrrueyv|02|pw"; nocase; ) # xroklmy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023565; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|xroklmy|02|ru"; nocase; ) # diosqxnuiw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023566; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|diosqxnuiw|04|work"; nocase; ) # fhdgpnwe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023567; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|fhdgpnwe|02|ru"; nocase; ) # ramtsucfsn.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023568; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|ramtsucfsn|02|pl"; nocase; ) # tadsvovgevhurifaf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023569; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|tadsvovgevhurifaf|02|su"; nocase; ) # briypqohu.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023570; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|briypqohu|04|work"; nocase; ) # rlshcamrrqjnew.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023571; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|rlshcamrrqjnew|05|click"; nocase; ) # bmsdgjgasop.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023572; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|bmsdgjgasop|02|pl"; nocase; ) # ixnhyqfiedre.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023573; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ixnhyqfiedre|05|click"; nocase; ) # rhvkjqmhqxpfi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023574; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|rhvkjqmhqxpfi|03|xyz"; nocase; ) # qchqfnh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023575; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|qchqfnh|04|info"; nocase; ) # heiiwqkccxmvifg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023576; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|heiiwqkccxmvifg|03|biz"; nocase; ) # plplleqatdifgy.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023577; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|plplleqatdifgy|02|pw"; nocase; ) # sbehossbw.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023578; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|sbehossbw|02|pl"; nocase; ) # ivyqabgqo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023579; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ivyqabgqo|02|ru"; nocase; ) # pdsqexuuxjflfp.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023580; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|pdsqexuuxjflfp|04|work"; nocase; ) # qchwbmxbpycstkn.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023581; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|qchwbmxbpycstkn|04|work"; nocase; ) # adavwfrnnssf.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023582; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|adavwfrnnssf|04|work"; nocase; ) # eeoleko.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023583; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|eeoleko|02|pw"; nocase; ) # ejhbeimi.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023584; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ejhbeimi|04|work"; nocase; ) # uuoqgvtero.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023585; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|uuoqgvtero|04|info"; nocase; ) # ipfeqsdipino.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023586; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ipfeqsdipino|03|biz"; nocase; ) # xeovwhptk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023587; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|xeovwhptk|04|info"; nocase; ) # nsfqemstjxlgucfcg.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023588; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|nsfqemstjxlgucfcg|02|su"; nocase; ) # ujsytpwhh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023589; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ujsytpwhh|03|org"; nocase; ) # yoxplncx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023590; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|yoxplncx|03|xyz"; nocase; ) # ffeekgeatglkstat.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023591; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ffeekgeatglkstat|03|xyz"; nocase; ) # xckgnvpwf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023592; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|xckgnvpwf|03|biz"; nocase; ) # decrmndmocd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023593; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|decrmndmocd|02|ru"; nocase; ) # mdwnpwq.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023594; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|mdwnpwq|03|xyz"; nocase; ) # kbwnynj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023595; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|kbwnynj|04|info"; nocase; ) # fwsakjdi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023596; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|fwsakjdi|03|xyz"; nocase; ) # mgrwwedexrqsvokm.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023597; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|mgrwwedexrqsvokm|05|click"; nocase; ) # gwepwor.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023598; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|gwepwor|02|pl"; nocase; ) # rbhcgatryeho.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023599; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|rbhcgatryeho|03|xyz"; nocase; ) # uhegwhuiaxidvbbix.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023600; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|uhegwhuiaxidvbbix|03|org"; nocase; ) # hxtcqjn.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023601; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hxtcqjn|02|su"; nocase; ) # qkkqrjr.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023602; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|qkkqrjr|05|click"; nocase; ) # nofigxeeh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023603; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|nofigxeeh|03|biz"; nocase; ) # tquohjeoic.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023604; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|tquohjeoic|02|su"; nocase; ) # tmmytnslh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023605; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|tmmytnslh|02|ru"; nocase; ) # fmiewnegfuxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023606; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fmiewnegfuxu|03|com"; nocase; ) # pfxqytppkvnf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023607; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pfxqytppkvnf|03|org"; nocase; ) # lpbwfajtmfjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023608; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lpbwfajtmfjs|03|com"; nocase; ) # ccarpugyrtqx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023609; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ccarpugyrtqx|02|ru"; nocase; ) # ewcuwlxjekhl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023610; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ewcuwlxjekhl|02|co|02|uk"; nocase; ) # hoouknknjggcek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023611; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hoouknknjggcek|03|com"; nocase; ) # jytyxilhxcaisc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023612; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jytyxilhxcaisc|03|org"; nocase; ) # klolbnpqofovjj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023613; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|klolbnpqofovjj|02|co|02|uk"; nocase; ) # xeifmcdqkaxwfj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023614; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xeifmcdqkaxwfj|03|org"; nocase; ) # opqsfubfdciiic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023615; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|opqsfubfdciiic|03|biz"; nocase; ) # oxpswssyvfhogn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023616; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oxpswssyvfhogn|03|net"; nocase; ) # driswoetuuyxfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023617; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|driswoetuuyxfs|03|org"; nocase; ) # souubnvtonjlgc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023618; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|souubnvtonjlgc|02|co|02|uk"; nocase; ) # ssafxeuovcqkob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023619; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ssafxeuovcqkob|03|biz"; nocase; ) # wupssqofxekxfu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023620; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wupssqofxekxfu|02|co|02|uk"; nocase; ) # ymwrsumnkyutor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023621; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ymwrsumnkyutor|03|com"; nocase; ) # mkrprdcictthni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023622; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mkrprdcictthni|03|net"; nocase; ) # adwostyjjwqgqx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023623; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|adwostyjjwqgqx|02|co|02|uk"; nocase; ) # ccurwkevpkihqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023624; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ccurwkevpkihqq|03|com"; nocase; ) # dhhetgorkvohom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023625; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dhhetgorkvohom|03|net"; nocase; ) # fgfhxwteqjgimw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023626; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fgfhxwteqjgimw|02|ru"; nocase; ) # gsatbfhqiskemk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023627; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gsatbfhqiskemk|03|org"; nocase; ) # tmdlxbrabbsqxt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023628; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tmdlxbrabbsqxt|03|biz"; nocase; ) # cphqquwsfssgwb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023629; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cphqquwsfssgwb|03|biz"; nocase; ) # eamueconxjvlws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023630; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eamueconxjvlws|04|info"; nocase; ) # akfipiiqdhyiij.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023631; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|akfipiiqdhyiij|03|org"; nocase; ) # jqjolfwntcwskl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023632; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jqjolfwntcwskl|03|org"; nocase; ) # jcqpuccjnwqgkt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023633; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jcqpuccjnwqgkt|04|info"; nocase; ) # kqnecebvkbwgkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023634; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kqnecebvkbwgkt|03|com"; nocase; ) # rxipeafbjaqdwm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023635; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rxipeafbjaqdwm|02|ru"; nocase; ) # wkltjxapommojo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023636; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wkltjxapommojo|03|biz"; nocase; ) # ntsbeljnrkmjlb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023637; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ntsbeljnrkmjlb|03|org"; nocase; ) # qawolnumbyqtlw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023638; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qawolnumbyqtlw|03|com"; nocase; ) # elnreiavdxkerw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023639; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|elnreiavdxkerw|03|org"; nocase; ) # ahxdetetliuoud.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023640; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ahxdetetliuoud|02|co|02|uk"; nocase; ) # wbkllmsehrgric.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023641; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wbkllmsehrgric|03|net"; nocase; ) # lrafrcnobngfqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023642; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lrafrcnobngfqk|03|org"; nocase; ) # ylppyhtxvnaxin.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023643; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ylppyhtxvnaxin|02|co|02|uk"; nocase; ) # dgacardpqdurib.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023644; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dgacardpqdurib|04|info"; nocase; ) # xputvjuheffslh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023645; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xputvjuheffslh|03|biz"; nocase; ) # owpsvgstcplakv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023646; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owpsvgstcplakv|03|com"; nocase; ) # cuksooiaxfdisk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023647; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cuksooiaxfdisk|03|net"; nocase; ) # omkgeloedftaus.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023648; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|omkgeloedftaus|03|biz"; nocase; ) # axjpwdmdgvxfbw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023649; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|axjpwdmdgvxfbw|03|net"; nocase; ) # oiyyxjvxvaklut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023650; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oiyyxjvxvaklut|03|com"; nocase; ) # rhtqcntmbjvusd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023651; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rhtqcntmbjvusd|03|biz"; nocase; ) # rmjmfyuxcadaau.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023652; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rmjmfyuxcadaau|02|ru"; nocase; ) # bioivwfmcvpwcw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023653; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bioivwfmcvpwcw|03|biz"; nocase; ) # gptjtpcqsytypv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023654; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gptjtpcqsytypv|03|org"; nocase; ) # mfcmnoblhovjnr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023655; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mfcmnoblhovjnr|03|biz"; nocase; ) # idcnnnsmrfsioi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023656; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|idcnnnsmrfsioi|02|ru"; nocase; ) # jndeevgnxroufx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023657; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jndeevgnxroufx|03|org"; nocase; ) # lxiirdxiqiramt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023658; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lxiirdxiqiramt|03|net"; nocase; ) # mirmgfwgpaawmt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023659; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mirmgfwgpaawmt|03|biz"; nocase; ) # xnbocfngbvoisa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023660; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xnbocfngbvoisa|03|org"; nocase; ) # cegqgmdoxhhghv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023661; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cegqgmdoxhhghv|03|net"; nocase; ) # dvqbgdiulgxtoh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023662; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dvqbgdiulgxtoh|02|ru"; nocase; ) # iwwiblcabndmjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023663; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iwwiblcabndmjb|03|net"; nocase; ) # lvrafcmckafwsd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023664; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lvrafcmckafwsd|02|ru"; nocase; ) # mnckfsrixyvkqq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023665; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mnckfsrixyvkqq|02|co|02|uk"; nocase; ) # arcfsmcyvibsbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023666; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|arcfsmcyvibsbk|03|com"; nocase; ) # shqedchnxygnoo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023667; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|shqedchnxygnoo|02|co|02|uk"; nocase; ) # gdrcckwteihrwv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023668; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gdrcckwteihrwv|04|info"; nocase; ) # aersweugvwqdpi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023669; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aersweugvwqdpi|02|co|02|uk"; nocase; ) # pvunlkkrftyliho.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023670; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pvunlkkrftyliho|02|co|02|uk"; nocase; ) # robmablndmpjjyt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023671; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|robmablndmpjjyt|03|biz"; nocase; ) # trswqycsrgpbkgd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023672; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|trswqycsrgpbkgd|02|ru"; nocase; ) # xmdjrkewrdjovbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023673; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xmdjrkewrdjovbq|03|org"; nocase; ) # bbcjhnsdlqgiixn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023674; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bbcjhnsdlqgiixn|03|biz"; nocase; ) # cnfvuprmkwjliti.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023675; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cnfvuprmkwjliti|02|ru"; nocase; ) # jfywlgefoaymwtk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023676; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jfywlgefoaymwtk|02|co|02|uk"; nocase; ) # wbeflyikpfrocof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023677; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wbeflyikpfrocof|03|com"; nocase; ) # yacecpnaegifsge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023678; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yacecpnaegifsge|03|biz"; nocase; ) # bvormkkopclcnpa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023679; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bvormkkopclcnpa|03|net"; nocase; ) # cijepsxbhlpxemy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023680; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cijepsxbhlpxemy|03|biz"; nocase; ) # gqnwunbvnyddscp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023681; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gqnwunbvnyddscp|04|info"; nocase; ) # hdqjivsykqpxalm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023682; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hdqjivsykqpxalm|03|com"; nocase; ) # dxibbrnrcwlpolc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023683; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dxibbrnrcwlpolc|03|biz"; nocase; ) # svnkselbxuheshk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023684; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|svnkselbxuheshk|03|com"; nocase; ) # lfstjdtjkuoalgr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023685; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lfstjdtjkuoalgr|02|ru"; nocase; ) # mptigixsxrdnlav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023686; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mptigixsxrdnlav|03|org"; nocase; ) # mbqrwngydqdmsip.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023687; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mbqrwngydqdmsip|02|co|02|uk"; nocase; ) # nhwhvklesiowsjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023688; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nhwhvklesiowsjy|03|com"; nocase; ) # orxvsppngfdksvy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023689; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|orxvsppngfdksvy|03|net"; nocase; ) # wrltxjvhyloowew.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023690; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wrltxjvhyloowew|02|co|02|uk"; nocase; ) # yqjsotidpbvnedl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023691; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yqjsotidpbvnedl|03|com"; nocase; ) # upaskcrapjyvvrh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023692; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|upaskcrapjyvvrh|02|ru"; nocase; ) # uysdonhxetfaxvx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023693; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uysdonhxetfaxvx|03|biz"; nocase; ) # xlyxgerdawglveb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023694; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xlyxgerdawglveb|03|org"; nocase; ) # pyfqbighvsvlvbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023695; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pyfqbighvsvlvbm|03|net"; nocase; ) # thjjgpvpihcrvmi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023696; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|thjjgpvpihcrvmi|02|co|02|uk"; nocase; ) # udhhtgbsyshmtih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023697; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|udhhtgbsyshmtih|03|com"; nocase; ) # giytohyqxeutfnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023698; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|giytohyqxeutfnq|03|net"; nocase; ) # xvfmjlngtayxbet.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023699; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xvfmjlngtayxbet|02|co|02|uk"; nocase; ) # aflgxcxyrnonbwh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023700; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aflgxcxyrnonbwh|03|com"; nocase; ) # btiqrkpcewcmini.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023701; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|btiqrkpcewcmini|03|net"; nocase; ) # hfkucacfuiqeidv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023702; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hfkucacfuiqeidv|02|ru"; nocase; ) # iwubokoutmoqpft.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023703; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iwubokoutmoqpft|02|co|02|uk"; nocase; ) # wfjihajcjwpoxnv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023704; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wfjihajcjwpoxnv|03|net"; nocase; ) # ootjmkqleknepac.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023705; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ootjmkqleknepac|03|biz"; nocase; ) # pgepyudbdolqgwq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023706; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pgepyudbdolqgwq|03|org"; nocase; ) # nitrqopmqlasyae.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023707; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nitrqopmqlasyae|02|co|02|uk"; nocase; ) # ckynhgwnsyhbwbj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023708; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ckynhgwnsyhbwbj|02|ru"; nocase; ) # efjeyqjjploanmp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023709; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|efjeyqjjploanmp|02|co|02|uk"; nocase; ) # fresvywklymmnos.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023710; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fresvywklymmnos|04|info"; nocase; ) # kovdwaiagvodxxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023711; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kovdwaiagvodxxu|03|com"; nocase; ) # owavculumjcixpx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023712; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|owavculumjcixpx|03|org"; nocase; ) # cuuvuarxytiugkc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023713; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cuuvuarxytiugkc|02|co|02|uk"; nocase; ) # dmfchqwbugxxegb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023714; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dmfchqwbugxxegb|03|com"; nocase; ) # qnlkhgbpjgiiahb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023715; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qnlkhgbpjgiiahb|03|org"; nocase; ) # qduomeljjtdsjaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023716; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qduomeljjtdsjaf|03|com"; nocase; ) # fakflmbshdbsiic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023717; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fakflmbshdbsiic|03|net"; nocase; ) # fmqyhchbvftdjnv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023718; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fmqyhchbvftdjnv|02|co|02|uk"; nocase; ) # wjcveckmtxhvnqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023719; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wjcveckmtxhvnqj|03|org"; nocase; ) # jucycjxknidvlxs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023720; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jucycjxknidvlxs|02|co|02|uk"; nocase; ) # dkrqydoumwuhsbx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023721; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dkrqydoumwuhsbx|04|info"; nocase; ) # ujnxuvndkakxllg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023722; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ujnxuvndkakxllg|03|net"; nocase; ) # vbququrwmboicvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023723; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vbququrwmboicvs|03|org"; nocase; ) # xvblifesjnvhshy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023724; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xvblifesjnvhshy|04|info"; nocase; ) # asneycsbfpmpxmg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023725; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|asneycsbfpmpxmg|03|net"; nocase; ) # rwsudoombtjiuyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023726; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rwsudoombtjiuyn|04|info"; nocase; ) # sodbpftpwgylsum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023727; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sodbpftpwgylsum|03|net"; nocase; ) # iaxwhmxtipecxcs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023728; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iaxwhmxtipecxcs|03|biz"; nocase; ) # jridtddwectfxub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023729; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jridtddwectfxub|03|org"; nocase; ) # nsdgdyrwewqmxsb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023730; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nsdgdyrwewqmxsb|03|com"; nocase; ) # iademjnnyagmfyf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023731; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iademjnnyagmfyf|02|ru"; nocase; ) # wixpyninpdlxhka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023732; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wixpyninpdlxhka|03|org"; nocase; ) # xsygpvvovphkxal.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023733; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xsygpvvovphkxal|02|co|02|uk"; nocase; ) # bqcieuxvcrrehaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023734; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bqcieuxvcrrehaq|03|net"; nocase; ) # cbdyudlwienqxix.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023735; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cbdyudlwienqxix|03|biz"; nocase; ) # dlmyvldlvqhmfyy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023736; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dlmyvldlvqhmfyy|02|ru"; nocase; ) # wolddbnaqvtd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023737; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wolddbnaqvtd|03|biz"; nocase; ) # kmgcygahhuew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023738; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kmgcygahhuew|02|ru"; nocase; ) # aujovwweiwrx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023739; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aujovwweiwrx|03|com"; nocase; ) # jptyxestkaas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023740; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jptyxestkaas|03|com"; nocase; ) # ucksbisyrqhe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023741; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ucksbisyrqhe|02|ru"; nocase; ) # musbktsjqfsi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023742; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|musbktsjqfsi|03|org"; nocase; ) # pydjhjjicioq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023743; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pydjhjjicioq|03|com"; nocase; ) # bampsssyoiae.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023744; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bampsssyoiae|02|co|02|uk"; nocase; ) # rgamvvypvxlw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023745; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rgamvvypvxlw|02|co|02|uk"; nocase; ) # ursbguxhtkyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023746; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ursbguxhtkyr|03|net"; nocase; ) # hhahxslrnfoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023747; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hhahxslrnfoo|03|org"; nocase; ) # bnacoccnyitj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023748; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bnacoccnyitj|03|biz"; nocase; ) # dxfxbjroityl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023749; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dxfxbjroityl|04|info"; nocase; ) # ajbjhupbckum.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023750; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ajbjhupbckum|02|co|02|uk"; nocase; ) # jydpdrmkbxbl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023751; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jydpdrmkbxbl|02|co|02|uk"; nocase; ) # iajsrgvhjmic.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023752; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iajsrgvhjmic|04|info"; nocase; ) # sscabyuiuhun.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023753; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sscabyuiuhun|04|info"; nocase; ) # mrlmcojmghqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023754; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mrlmcojmghqa|03|org"; nocase; ) # ncmcvttotnwp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023755; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ncmcvttotnwp|02|co|02|uk"; nocase; ) # reoigmgucuii.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023756; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|reoigmgucuii|02|ru"; nocase; ) # cllouaheqrsw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023757; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cllouaheqrsw|02|ru"; nocase; ) # vymcruymqajw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023758; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vymcruymqajw|03|biz"; nocase; ) # wgsdwdrwvxrw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023759; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wgsdwdrwvxrw|02|ru"; nocase; ) # yfqgbtwjcljx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023760; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yfqgbtwjcljx|02|co|02|uk"; nocase; ) # cnudjvhoynqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023761; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cnudjvhoynqn|03|net"; nocase; ) # rrpigvksrgql.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023762; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rrpigvksrgql|04|info"; nocase; ) # stixsbekctvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023763; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|stixsbekctvn|03|net"; nocase; ) # wisrflextfsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023764; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wisrflextfsc|03|net"; nocase; ) # fskpqagbavbk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023765; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fskpqagbavbk|03|org"; nocase; ) # sqfqgicavfqq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023766; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sqfqgicavfqq|02|co|02|uk"; nocase; ) # sgarnssoonkk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023767; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sgarnssoonkk|03|com"; nocase; ) # hciqkadfkcrh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023768; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hciqkadfkcrh|02|ru"; nocase; ) # sejjbneuwebv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023769; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sejjbneuwebv|03|biz"; nocase; ) # ggmxhdkdkdji.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023770; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ggmxhdkdkdji|04|info"; nocase; ) # rstcfduwcdpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023771; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rstcfduwcdpw|03|net"; nocase; ) # fqodulqvxmfd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023772; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fqodulqvxmfd|03|biz"; nocase; ) # jhtwxgrwaibw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023773; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jhtwxgrwaibw|04|info"; nocase; ) # yfrkcatieoag.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023774; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yfrkcatieoag|02|co|02|uk"; nocase; ) # yioiivkythma.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023775; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yioiivkythma|03|biz"; nocase; ) # oodrsiaqbgvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023776; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oodrsiaqbgvs|03|com"; nocase; ) # cfsakwmniwtn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023777; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cfsakwmniwtn|03|com"; nocase; ) # kvbjuhrrgfmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023778; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kvbjuhrrgfmb|03|net"; nocase; ) # maifwjjqdfyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023779; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|maifwjjqdfyf|03|net"; nocase; ) # ktkbifojrept.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023780; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ktkbifojrept|02|ru"; nocase; ) # lawutavcfigkl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023781; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lawutavcfigkl|02|co|02|uk"; nocase; ) # nsxnxpwcoweea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023782; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nsxnxpwcoweea|03|net"; nocase; ) # culvlgibkdejl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023783; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|culvlgibkdejl|03|com"; nocase; ) # cxrcgqysffjfl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023784; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cxrcgqysffjfl|03|biz"; nocase; ) # qyucbspbepcsd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023785; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qyucbspbepcsd|02|ru"; nocase; ) # rovfehvbscewh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023786; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rovfehvbscewh|04|info"; nocase; ) # uddxaerfdkcwd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023787; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uddxaerfdkcwd|03|org"; nocase; ) # kfahpqyqwvhoi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023788; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kfahpqyqwvhoi|03|net"; nocase; ) # rvopfgweujpif.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023789; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rvopfgweujpif|03|org"; nocase; ) # phegtjmfudfrt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023790; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|phegtjmfudfrt|03|net"; nocase; ) # wwfmptneaxrgv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023791; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wwfmptneaxrgv|02|co|02|uk"; nocase; ) # lnmtepmlrehxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023792; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lnmtepmlrehxb|03|org"; nocase; ) # jughlnyoflepn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023793; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jughlnyoflepn|02|co|02|uk"; nocase; ) # wqhctvuchhsfm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023794; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wqhctvuchhsfm|04|info"; nocase; ) # nvilnfbluphia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023795; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nvilnfbluphia|03|org"; nocase; ) # tkmpmjrqddyel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023796; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tkmpmjrqddyel|03|net"; nocase; ) # uxtlboobndcsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023797; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxtlboobndcsl|03|org"; nocase; ) # uxolkvibhddeu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023798; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxolkvibhddeu|02|ru"; nocase; ) # kotdshisgajsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023799; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kotdshisgajsk|03|org"; nocase; ) # ygsvodadkmlhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023800; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ygsvodadkmlhq|03|com"; nocase; ) # qdwpghmnokitj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023801; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qdwpghmnokitj|03|org"; nocase; ) # qmvakqbkblsov.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023802; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qmvakqbkblsov|04|info"; nocase; ) # ydejuchqingeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023803; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ydejuchqingeh|03|com"; nocase; ) # cmdxfbglyplof.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023804; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cmdxfbglyplof|02|ru"; nocase; ) # cnobvjdrsquwk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023805; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cnobvjdrsquwk|03|net"; nocase; ) # gotludvxmjglt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023806; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gotludvxmjglt|04|info"; nocase; ) # tknxbinmtaycm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023807; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tknxbinmtaycm|03|net"; nocase; ) # usdbskgousyqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023808; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|usdbskgousyqt|03|biz"; nocase; ) # vmrdmdqafrlwi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023809; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vmrdmdqafrlwi|02|co|02|uk"; nocase; ) # hdaojfnvdmsip.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023810; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hdaojfnvdmsip|02|co|02|uk"; nocase; ) # iukuvvsyyyilw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023811; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iukuvvsyyyilw|03|com"; nocase; ) # ilyneagaphdwb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023812; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ilyneagaphdwb|02|ru"; nocase; ) # nlneulmebxkcn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023813; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nlneulmebxkcn|03|biz"; nocase; ) # rdvwwlwdodhic.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023814; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rdvwwlwdodhic|02|ru"; nocase; ) # vlahbgxeehykc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023815; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vlahbgxeehykc|03|com"; nocase; ) # bcdqaybbplbbp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023816; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bcdqaybbplbbp|03|biz"; nocase; ) # keycytpknxbyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023817; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|keycytpknxbyl|04|info"; nocase; ) # xailjypedfdwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023818; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xailjypedfdwk|03|com"; nocase; ) # acmqugffctyqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023819; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|acmqugffctyqy|03|org"; nocase; ) # nxnnwlrblqufx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023820; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nxnnwlrblqufx|02|co|02|uk"; nocase; ) # 18xpxsane1yf7z3zv71twlnzp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18xpxsane1yf7z3zv71twlnzp|03|com"; nocase; ) # 2fmf7ucdb1cc18eq5yh1h9kjso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2fmf7ucdb1cc18eq5yh1h9kjso|03|net"; nocase; ) # 8ngzi913xes8e1igbbxmpnswjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ngzi913xes8e1igbbxmpnswjc|03|com"; nocase; ) # 1s1oagm1hqc3du16ed7d81ihd8zd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s1oagm1hqc3du16ed7d81ihd8zd|03|org"; nocase; ) # 1dhhkk61xiq4wy1ciyyvv1nkmd2v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dhhkk61xiq4wy1ciyyvv1nkmd2v|03|net"; nocase; ) # 6e8cw91sffziq5dycv8n7l601.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6e8cw91sffziq5dycv8n7l601|03|org"; nocase; ) # n40hr3u60h5q1hvg31v16fg1gd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n40hr3u60h5q1hvg31v16fg1gd|03|biz"; nocase; ) # 1emmlwj17mybmg1ib87qvdym4qr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1emmlwj17mybmg1ib87qvdym4qr|03|net"; nocase; ) # gv6s5kqo7bef1dj7epl1exut5u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gv6s5kqo7bef1dj7epl1exut5u|03|biz"; nocase; ) # 1phdu6o1mrfxa0d7sd0e11jopqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1phdu6o1mrfxa0d7sd0e11jopqf|03|com"; nocase; ) # 1ub4k3hym59mh1xtuj9epcpvol.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ub4k3hym59mh1xtuj9epcpvol|03|net"; nocase; ) # jhuc872qcvwbx9x6ur1q1j5w0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jhuc872qcvwbx9x6ur1q1j5w0|03|com"; nocase; ) # uv4ufa1w7e75l132kk7mrdoeq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uv4ufa1w7e75l132kk7mrdoeq9|03|net"; nocase; ) # g0bkypbv81xm1u6bsrjl0y5m9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g0bkypbv81xm1u6bsrjl0y5m9|03|net"; nocase; ) # 1b02brn1l898y51p6htw45tp8yy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b02brn1l898y51p6htw45tp8yy|03|net"; nocase; ) # 5rv44yz231q31l8cpdl1n3vf7f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5rv44yz231q31l8cpdl1n3vf7f|03|com"; nocase; ) # g7xx9ukvwjwt1tcbzencabpur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g7xx9ukvwjwt1tcbzencabpur|03|net"; nocase; ) # pt7n1c1ytc6y61me3op41a6zu5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pt7n1c1ytc6y61me3op41a6zu5j|03|com"; nocase; ) # 1lqbvgo5y1g9w19xvdio18jqx21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lqbvgo5y1g9w19xvdio18jqx21|03|net"; nocase; ) # 1x6jsbprc57pjyi7go518ipvhd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x6jsbprc57pjyi7go518ipvhd|03|biz"; nocase; ) # 1wcx7bsgts8111wt4yy610qhrcm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wcx7bsgts8111wt4yy610qhrcm|03|org"; nocase; ) # vm0lem1u3h50j1lb7u9d1oaq3cn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vm0lem1u3h50j1lb7u9d1oaq3cn|03|biz"; nocase; ) # 12pr59a1y7drz81qmg59d1uvk9g5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12pr59a1y7drz81qmg59d1uvk9g5|03|com"; nocase; ) # en8wcwcuxyrg14nlpm34g177l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|en8wcwcuxyrg14nlpm34g177l|03|net"; nocase; ) # 1d2211botn4hi38zva1w2dtpt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d2211botn4hi38zva1w2dtpt|03|org"; nocase; ) # px7ily5heik0u45vtwecxia1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|px7ily5heik0u45vtwecxia1|03|net"; nocase; ) # 19bii4f12t14qr1bj85ywscroqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19bii4f12t14qr1bj85ywscroqi|03|net"; nocase; ) # 1xxbt9b1rdtf3qrwzpq51ubxvab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xxbt9b1rdtf3qrwzpq51ubxvab|03|com"; nocase; ) # 1klc79ctkv7ve1ndkrde1ukvrgd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1klc79ctkv7ve1ndkrde1ukvrgd|03|biz"; nocase; ) # 1oaycy07le611hzq3euy5ipxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oaycy07le611hzq3euy5ipxf|03|com"; nocase; ) # seibzw178luwl13yq6sohihv8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|seibzw178luwl13yq6sohihv8o|03|org"; nocase; ) # p0f1iw1q3mkow61s52u18yo4a5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0f1iw1q3mkow61s52u18yo4a5|03|org"; nocase; ) # pym4dp189cgofg4q7e1765xk0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pym4dp189cgofg4q7e1765xk0|03|com"; nocase; ) # 5yssr69wwynm7789qrw69jtt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5yssr69wwynm7789qrw69jtt|03|biz"; nocase; ) # 1xnavmx1hxzql7rquo1396q95o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnavmx1hxzql7rquo1396q95o|03|org"; nocase; ) # 1b8c680ow9r8k1s4rpp13sao73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b8c680ow9r8k1s4rpp13sao73|03|net"; nocase; ) # k5ifsy1pqrp9c1tkskb41apd736.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k5ifsy1pqrp9c1tkskb41apd736|03|com"; nocase; ) # 3lsknu6ssmhn9inuabz88ed0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3lsknu6ssmhn9inuabz88ed0|03|com"; nocase; ) # lrudmm1mjvs43183zkt9apz0pf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lrudmm1mjvs43183zkt9apz0pf|03|biz"; nocase; ) # 1yg080dd8tcb71hvnc7mmf7jv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yg080dd8tcb71hvnc7mmf7jv4|03|org"; nocase; ) # 8fg5dp14qojzp16skerhgrmq5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8fg5dp14qojzp16skerhgrmq5t|03|org"; nocase; ) # qwhhcu1nvvwhw14i3ykwf3hwb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qwhhcu1nvvwhw14i3ykwf3hwb|03|biz"; nocase; ) # k8qmjz9295zm8ybhqu1lv311x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k8qmjz9295zm8ybhqu1lv311x|03|net"; nocase; ) # 11anlpu1hcvuhvjlutdv1gw2ri8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11anlpu1hcvuhvjlutdv1gw2ri8|03|com"; nocase; ) # 1wvmir11klx37wp9dngox0s30y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvmir11klx37wp9dngox0s30y|03|org"; nocase; ) # x5mpmg5yqy97151xovce1s9py.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x5mpmg5yqy97151xovce1s9py|03|org"; nocase; ) # 16yoajz1i9r9o2dy773ht0b2yr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16yoajz1i9r9o2dy773ht0b2yr|03|com"; nocase; ) # 1azyet4w650gt1vnqfqx3c69fs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1azyet4w650gt1vnqfqx3c69fs|03|net"; nocase; ) # 19cm77y67yiik1l5hd681isuazm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19cm77y67yiik1l5hd681isuazm|03|biz"; nocase; ) # rxwl7naefj2v1vyfxea1ku84c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxwl7naefj2v1vyfxea1ku84c|03|net"; nocase; ) # 1x2ttw2p0pzn31fqjed31dy9v4i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x2ttw2p0pzn31fqjed31dy9v4i|03|biz"; nocase; ) # 1ojqgj5755kyhj1lq6d1y9b9e2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ojqgj5755kyhj1lq6d1y9b9e2|03|com"; nocase; ) # 1d01byq1n8kkvn1t7niym70r4bc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d01byq1n8kkvn1t7niym70r4bc|03|biz"; nocase; ) # 1vo85k9djjg8e1hk4007k39jsr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vo85k9djjg8e1hk4007k39jsr|03|com"; nocase; ) # 3svv7g17dah2j10quxhddo1xkw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3svv7g17dah2j10quxhddo1xkw|03|net"; nocase; ) # 1cftzhuucgqe6pc7vua195qp5i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cftzhuucgqe6pc7vua195qp5i|03|com"; nocase; ) # 14qml4q1q7phlopedjz6xbp9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14qml4q1q7phlopedjz6xbp9i|03|net"; nocase; ) # jvra8u109sgzb1rmiukxwxr490.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jvra8u109sgzb1rmiukxwxr490|03|net"; nocase; ) # 1slr5zyodfx941r468yf1tlnlih.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1slr5zyodfx941r468yf1tlnlih|03|org"; nocase; ) # v02kx61wgbxio1k87ka515ekvwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v02kx61wgbxio1k87ka515ekvwq|03|net"; nocase; ) # 73ylfc13likdq1kj4ev1l5t1ge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|73ylfc13likdq1kj4ev1l5t1ge|03|com"; nocase; ) # lhsfbs1b9l5ba1gb7vbo1lyxel2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lhsfbs1b9l5ba1gb7vbo1lyxel2|03|net"; nocase; ) # 1584wdq89pdl79qmqowex25mm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1584wdq89pdl79qmqowex25mm|03|com"; nocase; ) # 1sf2d5e1mxgv9c1ka70pk18u4ye1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sf2d5e1mxgv9c1ka70pk18u4ye1|03|net"; nocase; ) # pvuumb196mh2l1sxymelxpsd5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvuumb196mh2l1sxymelxpsd5g|03|org"; nocase; ) # 1g9acow1hqxektwtye4c10b7qom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g9acow1hqxektwtye4c10b7qom|03|org"; nocase; ) # zv1trex4tolv1rcez9a1lvmh6w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zv1trex4tolv1rcez9a1lvmh6w|03|org"; nocase; ) # 1m98yadn6ng0d1nohab1p4deai.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m98yadn6ng0d1nohab1p4deai|03|org"; nocase; ) # dtdnmafo4bab1yfwyux10uwb4x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dtdnmafo4bab1yfwyux10uwb4x|03|biz"; nocase; ) # 1peucbg1kn6kez1khl33k13jnoyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1peucbg1kn6kez1khl33k13jnoyh|03|com"; nocase; ) # 5s8ih5k2g1jxfwky7815vpcgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5s8ih5k2g1jxfwky7815vpcgw|03|net"; nocase; ) # 5c8l8q1g5mkfy3s248r1bne7oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5c8l8q1g5mkfy3s248r1bne7oq|03|net"; nocase; ) # lbk4ig4t6gta1b83x8f1mkrfrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lbk4ig4t6gta1b83x8f1mkrfrp|03|org"; nocase; ) # nsvtn610jxezox37u1h1k7dhvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nsvtn610jxezox37u1h1k7dhvk|03|net"; nocase; ) # p9jzd8xv0urxwzzt5q1w65b04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p9jzd8xv0urxwzzt5q1w65b04|03|com"; nocase; ) # 10w0ts9aowr5y9bwnuguiwjw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10w0ts9aowr5y9bwnuguiwjw4|03|org"; nocase; ) # 11rpzy0157p418z1lbjlvo7tmw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11rpzy0157p418z1lbjlvo7tmw|03|org"; nocase; ) # ld7ba41rti2yu9lztam1gkfl1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ld7ba41rti2yu9lztam1gkfl1u|03|com"; nocase; ) # 4urc8c2vmzs11g10bko1w8kr8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4urc8c2vmzs11g10bko1w8kr8a|03|org"; nocase; ) # zmg1x1krwurqmz1e1rxija0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|zmg1x1krwurqmz1e1rxija0|03|org"; nocase; ) # 1mjtyay10lo15a1oomvo21ba0ifc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mjtyay10lo15a1oomvo21ba0ifc|03|biz"; nocase; ) # 1nokgjf17eizl24kdkc1dcn6c9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nokgjf17eizl24kdkc1dcn6c9|03|net"; nocase; ) # 183xwm21tuooipenu4311r07pu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|183xwm21tuooipenu4311r07pu2|03|net"; nocase; ) # n7h5ogwpvlz3afgnbr13bum64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7h5ogwpvlz3afgnbr13bum64|03|net"; nocase; ) # 15r90o2gkd7c72jm95xl4r4xm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15r90o2gkd7c72jm95xl4r4xm|03|biz"; nocase; ) # 1stc59jet030h612qv31n2ci4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1stc59jet030h612qv31n2ci4w|03|net"; nocase; ) # 1tjipoxkfnyn3zdd7511wrnera.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tjipoxkfnyn3zdd7511wrnera|03|com"; nocase; ) # zyx3yw15ubtct4zgj5c1l7h3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zyx3yw15ubtct4zgj5c1l7h3k|03|com"; nocase; ) # 1lqw61g1h4qkmb35yw7yqv6ps0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lqw61g1h4qkmb35yw7yqv6ps0|03|org"; nocase; ) # puxmhkmdv2et10x2pes1pm7q7d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|puxmhkmdv2et10x2pes1pm7q7d|03|biz"; nocase; ) # eeia7lsgd02el9t08y1c1n8gh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eeia7lsgd02el9t08y1c1n8gh|03|net"; nocase; ) # l5eagziumz1y1eun26m17nohvw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l5eagziumz1y1eun26m17nohvw|03|com"; nocase; ) # cf8jiq1zyf6nw55n841rufu1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cf8jiq1zyf6nw55n841rufu1q|03|org"; nocase; ) # mkjizb1agbhby41g2e51wssezx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mkjizb1agbhby41g2e51wssezx|03|biz"; nocase; ) # 1aqesy2e8dc2n1jvioipfzefuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqesy2e8dc2n1jvioipfzefuz|03|net"; nocase; ) # rno6en6do96s17h1u7gpx2q69.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rno6en6do96s17h1u7gpx2q69|03|biz"; nocase; ) # 3m4s3yois0t1nilvklwtucg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3m4s3yois0t1nilvklwtucg|03|com"; nocase; ) # 463lt6gb9g96500n4vbmb11g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|463lt6gb9g96500n4vbmb11g|03|biz"; nocase; ) # 1lir6ecs2hvyy1p3dfpd1pp7xer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lir6ecs2hvyy1p3dfpd1pp7xer|03|com"; nocase; ) # 1n5resn1k3bjw5czff7csyfz0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n5resn1k3bjw5czff7csyfz0v|03|net"; nocase; ) # 1vriqaf13btzwl14z1v1m5tskny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vriqaf13btzwl14z1v1m5tskny|03|org"; nocase; ) # xzr1481hyk75nvur8vp8wi8r1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzr1481hyk75nvur8vp8wi8r1|03|org"; nocase; ) # 1sqc5xglvepwdx5v751p2hyp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sqc5xglvepwdx5v751p2hyp6|03|net"; nocase; ) # rqjy2v1qg39351ezw4v81jk5zhy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rqjy2v1qg39351ezw4v81jk5zhy|03|biz"; nocase; ) # 1e9p4cmhow2onhb0gds16xluwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e9p4cmhow2onhb0gds16xluwp|03|com"; nocase; ) # 4x0ghr1s9rapb1hgh0xdpeyptj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4x0ghr1s9rapb1hgh0xdpeyptj|03|com"; nocase; ) # 1vwbrfd1qjcuc41grhlvm1o4dqh6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vwbrfd1qjcuc41grhlvm1o4dqh6|03|com"; nocase; ) # 13fnhqr1s99agye08p5wi49u3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13fnhqr1s99agye08p5wi49u3|03|org"; nocase; ) # mlu4irnidhtfi06oi81l94wze.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mlu4irnidhtfi06oi81l94wze|03|net"; nocase; ) # 1snitq2p5mckcjaqyjonq3uv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1snitq2p5mckcjaqyjonq3uv|03|org"; nocase; ) # w5hv8z1ywsi4rx507lel9md8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5hv8z1ywsi4rx507lel9md8y|03|org"; nocase; ) # 12t4da51vmiu281eglhzc19wzw2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12t4da51vmiu281eglhzc19wzw2p|03|biz"; nocase; ) # tyajob1vo64zxhqwv0m1gu0som.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tyajob1vo64zxhqwv0m1gu0som|03|net"; nocase; ) # 1f94ak397lq41devl6z19dtjpl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f94ak397lq41devl6z19dtjpl|03|biz"; nocase; ) # 1sdlo2y8tt2as1mngikd9sfclb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sdlo2y8tt2as1mngikd9sfclb|03|org"; nocase; ) # 15be4m5fiu9jd19i2kuciq9yxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15be4m5fiu9jd19i2kuciq9yxu|03|com"; nocase; ) # 9ihqsdvl5qrg13gvo3o17a2e0r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ihqsdvl5qrg13gvo3o17a2e0r|03|org"; nocase; ) # 5s0g0o1jlk1fuhcw6vy1fi79to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5s0g0o1jlk1fuhcw6vy1fi79to|03|com"; nocase; ) # miz9p31nugr71mswbf6l2lbxz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|miz9p31nugr71mswbf6l2lbxz|03|org"; nocase; ) # yo87kd1bfhwax92wcsh1m87hr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yo87kd1bfhwax92wcsh1m87hr0|03|net"; nocase; ) # v2ebib1f3s2rx1rz2uho1v3x3t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v2ebib1f3s2rx1rz2uho1v3x3t9|03|com"; nocase; ) # 1tejk3aw6heu417sfbz4q4hlly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tejk3aw6heu417sfbz4q4hlly|03|com"; nocase; ) # 17fp9x8t9vozklxtn6rbc2652.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17fp9x8t9vozklxtn6rbc2652|03|net"; nocase; ) # ekelnx19dd0gz7zrofpuq0wyl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ekelnx19dd0gz7zrofpuq0wyl|03|net"; nocase; ) # 17zgyg018cx7kw1gdun3e9u06sj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17zgyg018cx7kw1gdun3e9u06sj|03|com"; nocase; ) # 11st1xdyn7tsf1abke5e1am8mis.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11st1xdyn7tsf1abke5e1am8mis|03|biz"; nocase; ) # 1hc4sthd4ix081prb46t5yqzqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hc4sthd4ix081prb46t5yqzqs|03|net"; nocase; ) # utjpz6165y5w31mgrjuhc2wppu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|utjpz6165y5w31mgrjuhc2wppu|03|biz"; nocase; ) # 8lv8zlnauw3p1482ogi1m3d0cy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8lv8zlnauw3p1482ogi1m3d0cy|03|biz"; nocase; ) # neqgsoe7b545cqr85kma9b0g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|neqgsoe7b545cqr85kma9b0g|03|com"; nocase; ) # wt8cwlpexqek1b3fon8mkjmwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wt8cwlpexqek1b3fon8mkjmwu|03|net"; nocase; ) # 1ocwgrd25s09wr81uapewxrbg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ocwgrd25s09wr81uapewxrbg|03|org"; nocase; ) # 1fea9obihqdyl1hqitpe1oezdru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fea9obihqdyl1hqitpe1oezdru|03|net"; nocase; ) # towtkq15wm1bex2e2b41hg0pff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|towtkq15wm1bex2e2b41hg0pff|03|org"; nocase; ) # teyslaeerk04ps3k7m1f8ruwv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|teyslaeerk04ps3k7m1f8ruwv|03|com"; nocase; ) # 1jo3sku1wfqt1bnsik6m1l0fs35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jo3sku1wfqt1bnsik6m1l0fs35|03|com"; nocase; ) # 1fwmu6ojqtl95l006aujpqxj9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fwmu6ojqtl95l006aujpqxj9|03|org"; nocase; ) # hqp5191w5e65h15gf4ho1owv54d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hqp5191w5e65h15gf4ho1owv54d|03|com"; nocase; ) # 1jbg8dgun40jm1vnpd7eorrko1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbg8dgun40jm1vnpd7eorrko1|03|com"; nocase; ) # 1836zkf1frsah514u0cck17bkp4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1836zkf1frsah514u0cck17bkp4w|03|net"; nocase; ) # badl5gvlh1vfd0qyuf1obxs8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|badl5gvlh1vfd0qyuf1obxs8i|03|org"; nocase; ) # 1tnm8ff1kcq7c13girle1geea3j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tnm8ff1kcq7c13girle1geea3j|03|org"; nocase; ) # cuk7s9821qpb1s6bmvgs3mzfd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cuk7s9821qpb1s6bmvgs3mzfd|03|biz"; nocase; ) # 3ihned1ndtuua7l525n26fi87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ihned1ndtuua7l525n26fi87|03|com"; nocase; ) # ixh45610s80dgv6z0ky1hvex72.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ixh45610s80dgv6z0ky1hvex72|03|biz"; nocase; ) # t6zn931pjk5w8852986kwasao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6zn931pjk5w8852986kwasao|03|org"; nocase; ) # mvpxrvcm8tpq1kw1xvi10aj84v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mvpxrvcm8tpq1kw1xvi10aj84v|03|biz"; nocase; ) # 10s530j1wyajjw1ka5etz8qrpzp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10s530j1wyajjw1ka5etz8qrpzp|03|org"; nocase; ) # enc98q1jvp6gbdv940t1e29jhd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|enc98q1jvp6gbdv940t1e29jhd|03|net"; nocase; ) # 1emiy091j62koe3vkpr21lw1rpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1emiy091j62koe3vkpr21lw1rpb|03|org"; nocase; ) # 1oiznfi1b523ge1cllnq514034rs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oiznfi1b523ge1cllnq514034rs|03|org"; nocase; ) # 1g95q41vfy2cp1m3y6z1xwdhrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g95q41vfy2cp1m3y6z1xwdhrj|03|net"; nocase; ) # 1u1vj571t306spaqabgp1gyx7lc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u1vj571t306spaqabgp1gyx7lc|03|org"; nocase; ) # zoy380g3qvsj13b7gba1e0d03i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zoy380g3qvsj13b7gba1e0d03i|03|biz"; nocase; ) # y064h2788hrp2hmesgqru0ca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y064h2788hrp2hmesgqru0ca|03|net"; nocase; ) # feey1mie8bf41min0az13qkdjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|feey1mie8bf41min0az13qkdjq|03|com"; nocase; ) # fedm1g1wi3xsi145ae061bh19mh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fedm1g1wi3xsi145ae061bh19mh|03|biz"; nocase; ) # 8y03k7sihyh31mx5i4ifaruxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8y03k7sihyh31mx5i4ifaruxp|03|net"; nocase; ) # p9p3g112b3com1ox7hxm13fv3qp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p9p3g112b3com1ox7hxm13fv3qp|03|com"; nocase; ) # 5m85ez54uso01rekyey1nfd2fa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5m85ez54uso01rekyey1nfd2fa|03|com"; nocase; ) # mr35zvic39231frylbd122l3hk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mr35zvic39231frylbd122l3hk|03|org"; nocase; ) # m15rxy1p47g871jx0zx7mjrqfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m15rxy1p47g871jx0zx7mjrqfk|03|com"; nocase; ) # 190t6frnrmbogd4xkni1qvd7kh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|190t6frnrmbogd4xkni1qvd7kh|03|org"; nocase; ) # 1ce99fxtp99rt18so2qbtxgs2q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ce99fxtp99rt18so2qbtxgs2q|03|com"; nocase; ) # 1loe4ki1tii8xzmjb7wo1i6xc6c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1loe4ki1tii8xzmjb7wo1i6xc6c|03|net"; nocase; ) # 1yh2am61djp9pg9fbhrblrynoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yh2am61djp9pg9fbhrblrynoe|03|biz"; nocase; ) # 1wb6nos9h9gau1evy2d5qkl69z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wb6nos9h9gau1evy2d5qkl69z|03|org"; nocase; ) # 185cgwjsn2u5zyagtv1jt16bp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|185cgwjsn2u5zyagtv1jt16bp|03|com"; nocase; ) # 190e4j4dcrkihxxq3xo1byzq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|190e4j4dcrkihxxq3xo1byzq|03|com"; nocase; ) # 1eq3n089zgninh7ojvm162tngk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eq3n089zgninh7ojvm162tngk|03|net"; nocase; ) # 10p0j8l1050glb1ny1uhs123tmsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10p0j8l1050glb1ny1uhs123tmsu|03|net"; nocase; ) # 1edrv4v1muu3ao54izh41o6fz09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1edrv4v1muu3ao54izh41o6fz09|03|org"; nocase; ) # 4mioco19ltee7jjiqm11kn91l5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4mioco19ltee7jjiqm11kn91l5|03|com"; nocase; ) # 151h96md0m0oj1kkznt31ms2hi2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|151h96md0m0oj1kkznt31ms2hi2|03|com"; nocase; ) # 1iiqjvnr6g0lcxtw07e1agu78w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iiqjvnr6g0lcxtw07e1agu78w|03|com"; nocase; ) # 1fyvbsl1yaxro4ubpxmyqnuptd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fyvbsl1yaxro4ubpxmyqnuptd|03|org"; nocase; ) # 5jm8mhdtzw9lfyyxc0adf5s4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5jm8mhdtzw9lfyyxc0adf5s4|03|net"; nocase; ) # 1wx1ew219qohemgcxgvl172icnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wx1ew219qohemgcxgvl172icnj|03|org"; nocase; ) # 1gkmqxx12p9ji9v0eiz61ar9kfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000023999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gkmqxx12p9ji9v0eiz61ar9kfy|03|net"; nocase; ) # 1kutaie1hrf7nlt8ky37j1fyh8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kutaie1hrf7nlt8ky37j1fyh8|03|com"; nocase; ) # etw5to1omkgzsqy8rovflstor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|etw5to1omkgzsqy8rovflstor|03|biz"; nocase; ) # il5jvf16toyuzau4udv1kxmbbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|il5jvf16toyuzau4udv1kxmbbr|03|net"; nocase; ) # 1kak71ndmpkf1drkbpbwhwt2f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kak71ndmpkf1drkbpbwhwt2f|03|biz"; nocase; ) # 10bi9kh1p3l1x4172hlpqqxolrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10bi9kh1p3l1x4172hlpqqxolrr|03|com"; nocase; ) # feniz0oddtdxqesn92ge7di6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|feniz0oddtdxqesn92ge7di6|03|org"; nocase; ) # 6m75l1cqkj9q1i8av1a1mhjnrg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6m75l1cqkj9q1i8av1a1mhjnrg|03|org"; nocase; ) # 18x9nvu1j7cozs1akev131eqtm8o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18x9nvu1j7cozs1akev131eqtm8o|03|biz"; nocase; ) # qzzuy1xp5ss61prywyaqjynn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qzzuy1xp5ss61prywyaqjynn7|03|net"; nocase; ) # 1kchhpshmfrrgng5zh1ohfjv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kchhpshmfrrgng5zh1ohfjv7|03|net"; nocase; ) # 2udhsjwd3drz13r0dzr72ewr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2udhsjwd3drz13r0dzr72ewr2|03|org"; nocase; ) # 13k8p4zozgoth92qunqsgd2q6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13k8p4zozgoth92qunqsgd2q6|03|net"; nocase; ) # 56izcxzh7fod1aim9rbju2vsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|56izcxzh7fod1aim9rbju2vsi|03|net"; nocase; ) # 1q5b0nl1h7gx9y5ydui6dywf21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q5b0nl1h7gx9y5ydui6dywf21|03|com"; nocase; ) # 157yana93pdyp1k2lzav1o8vee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157yana93pdyp1k2lzav1o8vee|03|com"; nocase; ) # 1lanovzjjsg7m4zr4t31b799r5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lanovzjjsg7m4zr4t31b799r5|03|net"; nocase; ) # o12l0z1vcyz0mokgnj81gm9lu6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o12l0z1vcyz0mokgnj81gm9lu6|03|org"; nocase; ) # 1yb6ds51wtgesl1st9j6ps6lol7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yb6ds51wtgesl1st9j6ps6lol7|03|com"; nocase; ) # 5haosz1oy8jsely0ta1hvcoqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5haosz1oy8jsely0ta1hvcoqa|03|net"; nocase; ) # zgkyrkmom0x8pnwbkyjxv9w0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zgkyrkmom0x8pnwbkyjxv9w0|03|com"; nocase; ) # ihe77d18gnpaq33rsda1j07q21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ihe77d18gnpaq33rsda1j07q21|03|org"; nocase; ) # 1axuz041ii0hhgonaih71lp9dpr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1axuz041ii0hhgonaih71lp9dpr|03|biz"; nocase; ) # 1rrltup8vcz4014x7ia535fbwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rrltup8vcz4014x7ia535fbwq|03|net"; nocase; ) # s8rtgeuiz4u01agv9t1sl61we.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s8rtgeuiz4u01agv9t1sl61we|03|biz"; nocase; ) # iizzox17yn3ka18o0vpkxkj3j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iizzox17yn3ka18o0vpkxkj3j|03|org"; nocase; ) # 6bqh43m5q4xg1w55msw8gzs82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6bqh43m5q4xg1w55msw8gzs82|03|org"; nocase; ) # 4yyyg9mwcbtyanweub1axk8tf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yyyg9mwcbtyanweub1axk8tf|03|net"; nocase; ) # n2ugmj1r459qk8s5crd1hs7a7f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n2ugmj1r459qk8s5crd1hs7a7f|03|biz"; nocase; ) # 1fbfxxb1sz3vb31g27sie126pi67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fbfxxb1sz3vb31g27sie126pi67|03|net"; nocase; ) # 1rgvvcb1g7eqts7p4k9u1y5vco3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rgvvcb1g7eqts7p4k9u1y5vco3|03|net"; nocase; ) # 16gzn1m1fv3ny5kw1kkxsvjyla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16gzn1m1fv3ny5kw1kkxsvjyla|03|org"; nocase; ) # p4owx07mqnvbvk1un11xby0md.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p4owx07mqnvbvk1un11xby0md|03|net"; nocase; ) # mnc5mra71sapx5d0j515uafi5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mnc5mra71sapx5d0j515uafi5|03|biz"; nocase; ) # mujktk1htb6vk1xol5cavaga9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mujktk1htb6vk1xol5cavaga9x|03|org"; nocase; ) # 7rn3tf147lr09qcerygi4czgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rn3tf147lr09qcerygi4czgm|03|biz"; nocase; ) # uxbuyn34vdrqjqkjes1iy7s1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uxbuyn34vdrqjqkjes1iy7s1y|03|net"; nocase; ) # 1pshh7z1355k1lfkpj09658due.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pshh7z1355k1lfkpj09658due|03|net"; nocase; ) # q282j0uk35la3ibd9l4p9pgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q282j0uk35la3ibd9l4p9pgb|03|org"; nocase; ) # 174t3ii1hxxv8e1kxp24m1pydi3o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|174t3ii1hxxv8e1kxp24m1pydi3o|03|com"; nocase; ) # f4rwtqrxbav91n6g55417bsh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4rwtqrxbav91n6g55417bsh9|03|biz"; nocase; ) # krlt151xed6xrg7vdxv197sakt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|krlt151xed6xrg7vdxv197sakt|03|biz"; nocase; ) # 22r7z51yumpc5ju4z4h1nxu1xv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|22r7z51yumpc5ju4z4h1nxu1xv|03|net"; nocase; ) # 12poclb1q97e7q12vn2p318xjwof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12poclb1q97e7q12vn2p318xjwof|03|biz"; nocase; ) # ht0gm3d7iq6p1tkmstm1yi38l5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ht0gm3d7iq6p1tkmstm1yi38l5|03|org"; nocase; ) # 19iv5wi1hliqkd8eo42ijenbf6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19iv5wi1hliqkd8eo42ijenbf6|03|org"; nocase; ) # wuqbz21wjat0za1xn9eutqxul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wuqbz21wjat0za1xn9eutqxul|03|net"; nocase; ) # ue2i7b1e075dq1s084g611gitji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ue2i7b1e075dq1s084g611gitji|03|com"; nocase; ) # 2ki7uhb0aeoc1etrqby318s1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ki7uhb0aeoc1etrqby318s1n|03|net"; nocase; ) # 3e9j05ful5gm1l7o2ar2cslxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3e9j05ful5gm1l7o2ar2cslxn|03|com"; nocase; ) # h8d0vdsg9xn8rttnqf1dfrgod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h8d0vdsg9xn8rttnqf1dfrgod|03|com"; nocase; ) # 4258ex17pi5lgw6yhin1n59a6x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4258ex17pi5lgw6yhin1n59a6x|03|com"; nocase; ) # 1qkkowmuq9ayh1pbo6om1orzwwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qkkowmuq9ayh1pbo6om1orzwwu|03|net"; nocase; ) # 1ogzhkqpsqp8qe7mma7owszj0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ogzhkqpsqp8qe7mma7owszj0|03|org"; nocase; ) # 516cuvz1l2dc1ohqyt21xuyzgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|516cuvz1l2dc1ohqyt21xuyzgn|03|com"; nocase; ) # 1m459m410jux6z836c2bripqao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m459m410jux6z836c2bripqao|03|biz"; nocase; ) # b34ehms5pfuvehe1ypz0nhx0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b34ehms5pfuvehe1ypz0nhx0|03|com"; nocase; ) # mq16wx1wu81xt1nv8335lms55t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mq16wx1wu81xt1nv8335lms55t|03|biz"; nocase; ) # smlm681cuobj3143j54c78d6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|smlm681cuobj3143j54c78d6i|03|com"; nocase; ) # 1tz86kc1abdfoj1gpm9qr19ex7o6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tz86kc1abdfoj1gpm9qr19ex7o6|03|biz"; nocase; ) # 1tr5g5byhbs641yb1q1g11vmklf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tr5g5byhbs641yb1q1g11vmklf|03|biz"; nocase; ) # wbbor81gfrkaxedod864vtzga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wbbor81gfrkaxedod864vtzga|03|com"; nocase; ) # 1g2hv9v7q2jfx1nrtym018w9nqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g2hv9v7q2jfx1nrtym018w9nqa|03|org"; nocase; ) # 60ai0z124om09fzxvlaagk6en.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|60ai0z124om09fzxvlaagk6en|03|com"; nocase; ) # xiaf301ickzs14zkih1f03og5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xiaf301ickzs14zkih1f03og5|03|net"; nocase; ) # 1te1ed21mzod1qatvx651uak6od.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1te1ed21mzod1qatvx651uak6od|03|org"; nocase; ) # 1kb1ywd1ypfz9kl4t1vcau4ijs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kb1ywd1ypfz9kl4t1vcau4ijs|03|org"; nocase; ) # h1901p15hn45hnl2jqa1pbhphc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h1901p15hn45hnl2jqa1pbhphc|03|net"; nocase; ) # 1qgtvkfywc7uk167mfww1ve9eaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qgtvkfywc7uk167mfww1ve9eaa|03|com"; nocase; ) # v9zh6nollnf516yvz091re3bay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9zh6nollnf516yvz091re3bay|03|com"; nocase; ) # rp4cca1a6icx01yix6r0zgc5hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rp4cca1a6icx01yix6r0zgc5hk|03|net"; nocase; ) # 8fyzpjow5opotkv8uribr6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|8fyzpjow5opotkv8uribr6|03|com"; nocase; ) # 1qhbg9roflix4o7vugoktje4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qhbg9roflix4o7vugoktje4q|03|net"; nocase; ) # x455t982unyw1n5htiy1315ttw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x455t982unyw1n5htiy1315ttw|03|com"; nocase; ) # qtl3da1pll925krhdnj1dhab9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qtl3da1pll925krhdnj1dhab9t|03|net"; nocase; ) # 1hizeox1sucjkqu89ftk30ambx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hizeox1sucjkqu89ftk30ambx|03|org"; nocase; ) # 1sb0wk31s2nu4s16nwasjnhj7qb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sb0wk31s2nu4s16nwasjnhj7qb|03|org"; nocase; ) # 1iu5f2nd3w592eya8lvaqkbav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iu5f2nd3w592eya8lvaqkbav|03|org"; nocase; ) # 1brok8wfh0og9hone3qhfsdzq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1brok8wfh0og9hone3qhfsdzq|03|com"; nocase; ) # pvx8c412d7rmhchklxqdaeu18.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pvx8c412d7rmhchklxqdaeu18|03|biz"; nocase; ) # 1blgisk1abkkfu15xwqol1nv9qxh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1blgisk1abkkfu15xwqol1nv9qxh|03|org"; nocase; ) # 2wlo0c1siwiza1wa1spu1mb0oeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2wlo0c1siwiza1wa1spu1mb0oeq|03|com"; nocase; ) # 11yoyu9jw18rq1n67iq41dvhpaj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11yoyu9jw18rq1n67iq41dvhpaj|03|org"; nocase; ) # 1xi23t4nf7xu5r7m5119o8ia3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xi23t4nf7xu5r7m5119o8ia3|03|org"; nocase; ) # 1tq9mi35zy0pc2rr98rlo506.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1tq9mi35zy0pc2rr98rlo506|03|com"; nocase; ) # 4joktx15doai91divyuo2xedxa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4joktx15doai91divyuo2xedxa|03|biz"; nocase; ) # 1u9nhq15r41v8zh6bz13k6m6l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9nhq15r41v8zh6bz13k6m6l|03|com"; nocase; ) # x6hrylf6ndgd49c7z1lquhag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x6hrylf6ndgd49c7z1lquhag|03|biz"; nocase; ) # 6po0ztp3vzelfdp6b71a4ybpz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6po0ztp3vzelfdp6b71a4ybpz|03|org"; nocase; ) # hgmvvy11tsbdd19str3hjeyoal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hgmvvy11tsbdd19str3hjeyoal|03|net"; nocase; ) # fscmud1l8l1pj14ifhym1k0fu85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fscmud1l8l1pj14ifhym1k0fu85|03|net"; nocase; ) # hcp28pk464oj2nz46g4nohb7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hcp28pk464oj2nz46g4nohb7|03|org"; nocase; ) # 1soeeq6rtgsukvth0n3iclh30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1soeeq6rtgsukvth0n3iclh30|03|com"; nocase; ) # 1erhk0k1g99f5afkez551dvptgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1erhk0k1g99f5afkez551dvptgb|03|com"; nocase; ) # 1kw8632mils1wvv18p1ei0pg7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kw8632mils1wvv18p1ei0pg7|03|org"; nocase; ) # 1wwnjgr17vkowme5ekw1wjguum.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwnjgr17vkowme5ekw1wjguum|03|biz"; nocase; ) # 186iquehuqanpzj5q9y1yeoiju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|186iquehuqanpzj5q9y1yeoiju|03|org"; nocase; ) # ulrxh51aq5ngrzp4s421kjshwa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ulrxh51aq5ngrzp4s421kjshwa|03|com"; nocase; ) # oauhsj1fm4tb2kkn2o343q1z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oauhsj1fm4tb2kkn2o343q1z7|03|net"; nocase; ) # ep1bnh1b7ogei12a5rtw498ej1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ep1bnh1b7ogei12a5rtw498ej1|03|com"; nocase; ) # 8s3tu64z04zc12g9twg7vxwgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8s3tu64z04zc12g9twg7vxwgj|03|com"; nocase; ) # dic5z51jfcbo3p2xc0g19qzl21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dic5z51jfcbo3p2xc0g19qzl21|03|org"; nocase; ) # 704gbbm0csm282t9pk1fu8iz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|704gbbm0csm282t9pk1fu8iz9|03|com"; nocase; ) # 1py1bjz1n5mjvu3vt6jpjcg37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1py1bjz1n5mjvu3vt6jpjcg37|03|net"; nocase; ) # 1adi07w19w0vn8ahvpc0jbz38o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1adi07w19w0vn8ahvpc0jbz38o|03|org"; nocase; ) # 1r0unus1dnwl39ksu26w1hk1kgc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r0unus1dnwl39ksu26w1hk1kgc|03|net"; nocase; ) # 1v7z96ycwrai9poofov184q11d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v7z96ycwrai9poofov184q11d|03|net"; nocase; ) # f7xu3h9523mg1b894a61jbpxre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7xu3h9523mg1b894a61jbpxre|03|net"; nocase; ) # 1te6x0r1slfuoj1ufps1y1omozyy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1te6x0r1slfuoj1ufps1y1omozyy|03|biz"; nocase; ) # 1xluwol1s05lga1e6ovdz1q41agp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xluwol1s05lga1e6ovdz1q41agp|03|org"; nocase; ) # 1fnorwtwslp353r2mg238icl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fnorwtwslp353r2mg238icl|03|net"; nocase; ) # 43m83p708sjr1txkc9wv2b94u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|43m83p708sjr1txkc9wv2b94u|03|com"; nocase; ) # 7ri9ue1ks7zgz1gbl3v01gt0cfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7ri9ue1ks7zgz1gbl3v01gt0cfs|03|org"; nocase; ) # zfmgoryo9tx72rvm0c1y3ox3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfmgoryo9tx72rvm0c1y3ox3g|03|org"; nocase; ) # 94krje9lpc5ejowrko1debu45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94krje9lpc5ejowrko1debu45|03|net"; nocase; ) # 11nolc015th5r91rkb9rjpubtb0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nolc015th5r91rkb9rjpubtb0|03|biz"; nocase; ) # 14ti1by1d2wpow1a7ss97158phz5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14ti1by1d2wpow1a7ss97158phz5|03|biz"; nocase; ) # egdaweh20m9v193gfmujc92cg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|egdaweh20m9v193gfmujc92cg|03|org"; nocase; ) # qixtm01in8de328xem2clkplh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qixtm01in8de328xem2clkplh|03|biz"; nocase; ) # uapy1o3x9rv1qm70ut1wund0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uapy1o3x9rv1qm70ut1wund0q|03|net"; nocase; ) # 1widiwi13gknt59mi0qm12eh8hb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1widiwi13gknt59mi0qm12eh8hb|03|biz"; nocase; ) # 1ijdgew1ku2wuqgykqbg184fpd2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ijdgew1ku2wuqgykqbg184fpd2|03|org"; nocase; ) # 1n3s9y3m0bibgbukt6lknph02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n3s9y3m0bibgbukt6lknph02|03|net"; nocase; ) # 1yvm3mf12pzrlgyxuhn7vapcwd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yvm3mf12pzrlgyxuhn7vapcwd|03|net"; nocase; ) # 15ntolz1x0trga1k53g2b58kjc7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ntolz1x0trga1k53g2b58kjc7|03|biz"; nocase; ) # ump465k50stx1vzqwpp10s4140.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ump465k50stx1vzqwpp10s4140|03|net"; nocase; ) # 3fofls3ll2tv19gxgrij7xu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3fofls3ll2tv19gxgrij7xu7|03|net"; nocase; ) # 23xgr11ym7b1ls1cyg622n2ly.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|23xgr11ym7b1ls1cyg622n2ly|03|biz"; nocase; ) # 1myqbpfn3oy5ybvmd5r1x4xcw7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1myqbpfn3oy5ybvmd5r1x4xcw7|03|biz"; nocase; ) # 196j7l319tsy5v1539nun16l2js5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|196j7l319tsy5v1539nun16l2js5|03|net"; nocase; ) # 1wa36hk18belaxz6nzgbn2s7a9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wa36hk18belaxz6nzgbn2s7a9|03|biz"; nocase; ) # pu8nwi34x4u81rmn5lk1v6cqqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pu8nwi34x4u81rmn5lk1v6cqqa|03|biz"; nocase; ) # yjrqu71yhnscm1htp1au6hw187.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yjrqu71yhnscm1htp1au6hw187|03|net"; nocase; ) # 1ae5jc11pz9lanmanx43gnz1w4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ae5jc11pz9lanmanx43gnz1w4|03|net"; nocase; ) # 13n532p10xm7v31vlknt21psk1qo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13n532p10xm7v31vlknt21psk1qo|03|net"; nocase; ) # 8h7u23xdf3b51r9tlm31xml1mv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8h7u23xdf3b51r9tlm31xml1mv|03|org"; nocase; ) # 1gtqqkz127qu8i1hxcy491lekk1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gtqqkz127qu8i1hxcy491lekk1p|03|biz"; nocase; ) # xj63m11mfzfiew6dmsa5v0u8s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xj63m11mfzfiew6dmsa5v0u8s|03|org"; nocase; ) # 7em3hh1ck8h9e19nk8v31808cmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7em3hh1ck8h9e19nk8v31808cmj|03|net"; nocase; ) # nn9rq718apyqp1ujd840xip1w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nn9rq718apyqp1ujd840xip1w4|03|org"; nocase; ) # 13cwvdv5vdb8w14fxl8p17bibah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13cwvdv5vdb8w14fxl8p17bibah|03|org"; nocase; ) # my24851n1h32j1c0zl391oidgvj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|my24851n1h32j1c0zl391oidgvj|03|biz"; nocase; ) # 1b31v2d1gm9xmt1rq4d6ra51k6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b31v2d1gm9xmt1rq4d6ra51k6v|03|com"; nocase; ) # gtbh9inkdiu56ixb4z1rfmaex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gtbh9inkdiu56ixb4z1rfmaex|03|biz"; nocase; ) # 1o0946g1kajq7wxd1tk314k1hqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o0946g1kajq7wxd1tk314k1hqs|03|net"; nocase; ) # 18araxe1lllbu41td0lx41ow6zhz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18araxe1lllbu41td0lx41ow6zhz|03|net"; nocase; ) # a2mru57l33ajo2i9en1k26xyb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a2mru57l33ajo2i9en1k26xyb|03|net"; nocase; ) # 1uvim9y48m2eu1rd3p8p11rxgak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uvim9y48m2eu1rd3p8p11rxgak|03|net"; nocase; ) # jd3vaf16rcphy1fxdd4hb1nio7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jd3vaf16rcphy1fxdd4hb1nio7|03|biz"; nocase; ) # 4jmbdj1nba2klj9c62mey7zzd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4jmbdj1nba2klj9c62mey7zzd|03|org"; nocase; ) # 1hmogtb1696mzj1e481t9n92y5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hmogtb1696mzj1e481t9n92y5e|03|net"; nocase; ) # 1qd65k79b6sce84olilzodp0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qd65k79b6sce84olilzodp0r|03|com"; nocase; ) # 1lt5qnrdyely81us6vq4jhgjjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lt5qnrdyely81us6vq4jhgjjq|03|com"; nocase; ) # ycwd481m2op8l1vr314r1gg5ean.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ycwd481m2op8l1vr314r1gg5ean|03|net"; nocase; ) # xpe5tue7s5y019zpyx61tod28q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xpe5tue7s5y019zpyx61tod28q|03|net"; nocase; ) # 1ko2hvt250i6a1gbt5si1oizabh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ko2hvt250i6a1gbt5si1oizabh|03|net"; nocase; ) # dm0dwa1mpdiby1egmp9b15fc4zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dm0dwa1mpdiby1egmp9b15fc4zw|03|org"; nocase; ) # 1xoc4q99crae01o1sy74ug7486.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xoc4q99crae01o1sy74ug7486|03|org"; nocase; ) # tywnam6hb3jq7dp0x6qx4h9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tywnam6hb3jq7dp0x6qx4h9j|03|net"; nocase; ) # oikdem16xlz7yev99sv1p97zg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oikdem16xlz7yev99sv1p97zg5|03|org"; nocase; ) # 1ubp6nj14invna1hjdemzxfsg0t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ubp6nj14invna1hjdemzxfsg0t|03|biz"; nocase; ) # 6m344hc9jrl211nlsmz10ep9u0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6m344hc9jrl211nlsmz10ep9u0|03|net"; nocase; ) # n9a7na45cs991s33gbdemj0z2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n9a7na45cs991s33gbdemj0z2|03|com"; nocase; ) # 1w3yh4x1ve3oarzunbyl1ski2a6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w3yh4x1ve3oarzunbyl1ski2a6|03|net"; nocase; ) # 2rfkda4ewpq7vht8kv6cooan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2rfkda4ewpq7vht8kv6cooan|03|com"; nocase; ) # 1v6c0kv1cqciaf142n33j1qicdoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v6c0kv1cqciaf142n33j1qicdoz|03|biz"; nocase; ) # 1gyu0y645hbq31duyjfdrtd38c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gyu0y645hbq31duyjfdrtd38c|03|com"; nocase; ) # 1be9m6n1enr4731517pbdppz6ti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1be9m6n1enr4731517pbdppz6ti|03|net"; nocase; ) # 1ibx7h0rlc61j1b4yvi2jlf0vi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ibx7h0rlc61j1b4yvi2jlf0vi|03|org"; nocase; ) # 1nj7trgidecce15fpiwht564ct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nj7trgidecce15fpiwht564ct|03|org"; nocase; ) # 1t63udbemhprwcd9e991i2ablr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t63udbemhprwcd9e991i2ablr|03|biz"; nocase; ) # 1q67c621rd1lw6ksdct61nau2jc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q67c621rd1lw6ksdct61nau2jc|03|biz"; nocase; ) # othyox1a1fer5zkh8gccpqev8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|othyox1a1fer5zkh8gccpqev8|03|net"; nocase; ) # slbk7sygp0a51kiqihkjj7pxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|slbk7sygp0a51kiqihkjj7pxg|03|com"; nocase; ) # 93haa73n8mct7ltsgtmedyli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|93haa73n8mct7ltsgtmedyli|03|net"; nocase; ) # 78o2gr1mzrwr6ogho2p1j1kxkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|78o2gr1mzrwr6ogho2p1j1kxkg|03|org"; nocase; ) # 1cwwvwrs2o6f7lb5p1a716nx1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cwwvwrs2o6f7lb5p1a716nx1|03|net"; nocase; ) # 182r85u14rs7kw19dnlsg6f1qki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182r85u14rs7kw19dnlsg6f1qki|03|net"; nocase; ) # 1u08qazkasu2e1osllwj1cwghj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u08qazkasu2e1osllwj1cwghj|03|net"; nocase; ) # z98jjk1o3wl5z4u6cf5qs4s4l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z98jjk1o3wl5z4u6cf5qs4s4l|03|com"; nocase; ) # yfhyzrfiouna1ajw4p0ml7huw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yfhyzrfiouna1ajw4p0ml7huw|03|org"; nocase; ) # 1p55xnb1bvvlzsd7o9tq19u8am6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p55xnb1bvvlzsd7o9tq19u8am6|03|com"; nocase; ) # tuzo5v1nkypt1l69xyce0903t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tuzo5v1nkypt1l69xyce0903t|03|biz"; nocase; ) # uwfc5a1mk2zu01n8k9th1iuh421.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uwfc5a1mk2zu01n8k9th1iuh421|03|biz"; nocase; ) # 1197j9g1l0amv1rrsjc75zcmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1197j9g1l0amv1rrsjc75zcmo|03|net"; nocase; ) # uoipp21bhajuz140l5mmzqiz57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uoipp21bhajuz140l5mmzqiz57|03|com"; nocase; ) # qathvsuqhrjf141wrl71vhzk0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qathvsuqhrjf141wrl71vhzk0y|03|net"; nocase; ) # tkhyuggs03mz3u03ds19zau6y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkhyuggs03mz3u03ds19zau6y|03|net"; nocase; ) # 1hhleg1f9ps28nma7u6117inpr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hhleg1f9ps28nma7u6117inpr|03|net"; nocase; ) # 1j6uvkn1jon9j1pgi49a1tk1mpw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j6uvkn1jon9j1pgi49a1tk1mpw|03|biz"; nocase; ) # shtr6q2z8rnu1diorxf1d1oqae.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shtr6q2z8rnu1diorxf1d1oqae|03|org"; nocase; ) # 1183roq1e3f1oq17vbi1p1dol49y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1183roq1e3f1oq17vbi1p1dol49y|03|net"; nocase; ) # 17odode1cb11pz1539zna1soofz1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17odode1cb11pz1539zna1soofz1|03|com"; nocase; ) # 151qhbe41hteqneb21h199yvf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|151qhbe41hteqneb21h199yvf|03|org"; nocase; ) # 7u3i9d1jgstgjd588m0a43l5t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7u3i9d1jgstgjd588m0a43l5t|03|biz"; nocase; ) # 1gpc9d3t8ws3nrvbvo1ki9z1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpc9d3t8ws3nrvbvo1ki9z1d|03|org"; nocase; ) # 1hftg362td2l93bdlxh1mi0v1w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hftg362td2l93bdlxh1mi0v1w|03|biz"; nocase; ) # 1xyjntb1bqppa3127ddyq25jgs2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xyjntb1bqppa3127ddyq25jgs2|03|com"; nocase; ) # 1uxtvpgij9a2l176pwg8nqqe4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxtvpgij9a2l176pwg8nqqe4t|03|net"; nocase; ) # 1hyh5b11nwgwd21tbqm091dp4cyp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hyh5b11nwgwd21tbqm091dp4cyp|03|biz"; nocase; ) # 13nw1fwjgt57515mtiv418fkblk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13nw1fwjgt57515mtiv418fkblk|03|net"; nocase; ) # 11x0a1k1rvgxyo1d7y3zz1otwnjz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11x0a1k1rvgxyo1d7y3zz1otwnjz|03|com"; nocase; ) # 1ma6y311fbjq2wrrp1gm1f1e8cv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ma6y311fbjq2wrrp1gm1f1e8cv|03|net"; nocase; ) # smyjiy1dgsuzf1sym8pgfqt83g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|smyjiy1dgsuzf1sym8pgfqt83g|03|com"; nocase; ) # zurul1167ebywn6q7wn13opidl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zurul1167ebywn6q7wn13opidl|03|biz"; nocase; ) # 1t0wm44dkptvp18ciyqu1tntior.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t0wm44dkptvp18ciyqu1tntior|03|biz"; nocase; ) # 1afaugmocu68mnpbj9pmoqx95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1afaugmocu68mnpbj9pmoqx95|03|net"; nocase; ) # 10x6nr8vrja5ick5k54c24dfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10x6nr8vrja5ick5k54c24dfy|03|net"; nocase; ) # 1xc16d31eoo7ofka6jdgwjtpd8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xc16d31eoo7ofka6jdgwjtpd8|03|biz"; nocase; ) # 12aqhlz9zhpf21nzg9a2psgl1c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12aqhlz9zhpf21nzg9a2psgl1c|03|net"; nocase; ) # jmkw531vqz0ya1dfxkgh1r1zhws.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jmkw531vqz0ya1dfxkgh1r1zhws|03|org"; nocase; ) # zqy1q91wdfut01vvgfm550hb77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zqy1q91wdfut01vvgfm550hb77|03|net"; nocase; ) # 4v5gfl25i1ss1bpdvu517q7crx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4v5gfl25i1ss1bpdvu517q7crx|03|com"; nocase; ) # 19k3f8ltq7nvx1oinluc1yybozn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19k3f8ltq7nvx1oinluc1yybozn|03|biz"; nocase; ) # oq9m877gn892bkhq9h58i1gr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oq9m877gn892bkhq9h58i1gr|03|net"; nocase; ) # xogahtea0tg1yirvmo1xttd8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xogahtea0tg1yirvmo1xttd8o|03|org"; nocase; ) # 181gi23nv16bsmmu4yx6t6m31.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|181gi23nv16bsmmu4yx6t6m31|03|com"; nocase; ) # 1huy7o61bgkrhk13fx5cb1qig763.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1huy7o61bgkrhk13fx5cb1qig763|03|biz"; nocase; ) # 2khyy160vtmah1af1u1rzyuc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2khyy160vtmah1af1u1rzyuc1|03|net"; nocase; ) # 1k76f5zf7zz4uvgdmtj4k0nk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1k76f5zf7zz4uvgdmtj4k0nk|03|org"; nocase; ) # 1ktg03hc21bll1bn1bjatgf0do.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ktg03hc21bll1bn1bjatgf0do|03|org"; nocase; ) # 71b4gxjpdqdz1yphw994kk7ld.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|71b4gxjpdqdz1yphw994kk7ld|03|biz"; nocase; ) # p5o1sxcxuime1f6p3nx1h4orv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5o1sxcxuime1f6p3nx1h4orv|03|com"; nocase; ) # q6s7k417lemveb20ccbzlbczw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6s7k417lemveb20ccbzlbczw|03|org"; nocase; ) # 1d440831tqg5fj1eslg8g19rrvec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d440831tqg5fj1eslg8g19rrvec|03|net"; nocase; ) # 1tokj0a1ydvapy11frf0j1ic78mn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tokj0a1ydvapy11frf0j1ic78mn|03|com"; nocase; ) # zgiq7k1f1t81s1slaseq1d4d9q9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zgiq7k1f1t81s1slaseq1d4d9q9|03|biz"; nocase; ) # 14wbz5317vwtzska4olhwcpvy6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14wbz5317vwtzska4olhwcpvy6|03|net"; nocase; ) # 11mifroi7n6221lqoycfs9nsy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11mifroi7n6221lqoycfs9nsy|03|net"; nocase; ) # 419edq1hvi3dckv3qn3sxvreg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|419edq1hvi3dckv3qn3sxvreg|03|org"; nocase; ) # xopkbd1w4n0rz1xy1v5s6k71om.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xopkbd1w4n0rz1xy1v5s6k71om|03|org"; nocase; ) # 1hwo8qp1iw3dhx152miqm1agwo2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hwo8qp1iw3dhx152miqm1agwo2z|03|net"; nocase; ) # djs5tgk2irk74vnd2wtv9575.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|djs5tgk2irk74vnd2wtv9575|03|biz"; nocase; ) # 110arn0qn9iq71rvtsrh1iwfei7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|110arn0qn9iq71rvtsrh1iwfei7|03|net"; nocase; ) # 1a5uxpkhxvjzi1kd87lq3l4iii.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a5uxpkhxvjzi1kd87lq3l4iii|03|biz"; nocase; ) # wq717y1v2r11a5jqx813tqlsb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wq717y1v2r11a5jqx813tqlsb|03|org"; nocase; ) # 1qfn9cl1mbs26wk39ztb1u80dfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qfn9cl1mbs26wk39ztb1u80dfe|03|net"; nocase; ) # 7b9aex1sj0cywh2folnnkh93n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7b9aex1sj0cywh2folnnkh93n|03|com"; nocase; ) # 1cnf4dxqb09woz9iy89l43za8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cnf4dxqb09woz9iy89l43za8|03|net"; nocase; ) # rj4rkb1iihb231fs5zh81kw4bz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rj4rkb1iihb231fs5zh81kw4bz7|03|com"; nocase; ) # 177h73312dt73g1e0o83u1spn0oa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|177h73312dt73g1e0o83u1spn0oa|03|com"; nocase; ) # freroinxb5pi17807kkfr4nsj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|freroinxb5pi17807kkfr4nsj|03|biz"; nocase; ) # nunh7r8ozzqag0vvnlfb72ld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nunh7r8ozzqag0vvnlfb72ld|03|net"; nocase; ) # clsbcz1ffcchjw9qfonx3qp99.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|clsbcz1ffcchjw9qfonx3qp99|03|biz"; nocase; ) # 1rjk0nv9feonqnibbayi1tmg8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rjk0nv9feonqnibbayi1tmg8|03|net"; nocase; ) # avpob41vuv0iq2wrg1b1rqvsxu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|avpob41vuv0iq2wrg1b1rqvsxu|03|net"; nocase; ) # 1xedaby1w64skk19xof3e7xc4h9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xedaby1w64skk19xof3e7xc4h9|03|biz"; nocase; ) # hbd8kdnem6mf14v4d221auip22.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hbd8kdnem6mf14v4d221auip22|03|com"; nocase; ) # 1v4r9z51jj6j8kpt1xb7a3sq0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v4r9z51jj6j8kpt1xb7a3sq0z|03|org"; nocase; ) # wz2xwvvvu6qk1owjpbz1oq8t7z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wz2xwvvvu6qk1owjpbz1oq8t7z|03|org"; nocase; ) # trpaj412yye19dsj8c81vlystk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|trpaj412yye19dsj8c81vlystk|03|biz"; nocase; ) # 1dqr3k9173p2w1d3fluu13jccpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqr3k9173p2w1d3fluu13jccpj|03|com"; nocase; ) # 8gbwuqtufmfyei3nvl1403lvb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8gbwuqtufmfyei3nvl1403lvb|03|com"; nocase; ) # lvanrjcm0ju2mbnli1osyscs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lvanrjcm0ju2mbnli1osyscs|03|org"; nocase; ) # 1afgrsx1f5183u1668onw11hx65z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1afgrsx1f5183u1668onw11hx65z|03|net"; nocase; ) # 1nezrn1l5yeoymrt0qqdwptk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1nezrn1l5yeoymrt0qqdwptk|03|org"; nocase; ) # 17s5p59djztyc139yg32ytuv96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17s5p59djztyc139yg32ytuv96|03|org"; nocase; ) # 1odjvpj1n9y0h01bdrgpv1p5jdud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1odjvpj1n9y0h01bdrgpv1p5jdud|03|biz"; nocase; ) # rlz39bilhujta1ju71nsf61n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rlz39bilhujta1ju71nsf61n|03|com"; nocase; ) # 6d4onoy3yirg14wox6ankgzc5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6d4onoy3yirg14wox6ankgzc5|03|biz"; nocase; ) # 1l7qcit1a1crhyhtf1flqu5n4h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7qcit1a1crhyhtf1flqu5n4h|03|biz"; nocase; ) # loz79l66f2jz1vlvtro18cwgqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|loz79l66f2jz1vlvtro18cwgqz|03|biz"; nocase; ) # 15d957c1v5hw561xhr4vkqqn81n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15d957c1v5hw561xhr4vkqqn81n|03|net"; nocase; ) # a303v01s05m5a3fxdd2t8gxc7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a303v01s05m5a3fxdd2t8gxc7|03|biz"; nocase; ) # rp3gb49aaw0uk611ibenclw1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rp3gb49aaw0uk611ibenclw1|03|com"; nocase; ) # uwy8lr1caf824nqtuuyx1kpv0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uwy8lr1caf824nqtuuyx1kpv0|03|com"; nocase; ) # qbcbf45ukly7y61qmg1pqgzrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qbcbf45ukly7y61qmg1pqgzrp|03|org"; nocase; ) # 62nyx41ofhe5ovgvf9pg6wloz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|62nyx41ofhe5ovgvf9pg6wloz|03|com"; nocase; ) # 1lbe2h81yjrjlxm7y2zk1piu8fl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lbe2h81yjrjlxm7y2zk1piu8fl|03|org"; nocase; ) # 4qq5f0vxofz2do1su1rz4a3h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4qq5f0vxofz2do1su1rz4a3h|03|net"; nocase; ) # 1wuf0d41ks8szc1wve9e8h2hr0f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wuf0d41ks8szc1wve9e8h2hr0f|03|org"; nocase; ) # 16r8n671p15uuuw6z07t149flsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16r8n671p15uuuw6z07t149flsu|03|net"; nocase; ) # 1c3kmgt2c1oe61r0gk5x1v71gt5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c3kmgt2c1oe61r0gk5x1v71gt5|03|net"; nocase; ) # qn86u1u3w1gm1yeek1a10tlygb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qn86u1u3w1gm1yeek1a10tlygb|03|net"; nocase; ) # 1t726k6jijd8u1j8be5c1a4x7lt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t726k6jijd8u1j8be5c1a4x7lt|03|com"; nocase; ) # 1ls9vyxk6l2fnlj8nbmsw5ubr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ls9vyxk6l2fnlj8nbmsw5ubr|03|biz"; nocase; ) # qcvt4m1en8l891robspx19d4ikb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qcvt4m1en8l891robspx19d4ikb|03|net"; nocase; ) # jsfhvo1voz0s01b5cq4d5jvjad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jsfhvo1voz0s01b5cq4d5jvjad|03|com"; nocase; ) # 1f866he1dafx6e89pw1bfstidi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f866he1dafx6e89pw1bfstidi|03|net"; nocase; ) # 1kf929y1da6zzs1rtdyfvygyu9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kf929y1da6zzs1rtdyfvygyu9q|03|com"; nocase; ) # r28suqsbkp7l1qkv3gn5s52gt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r28suqsbkp7l1qkv3gn5s52gt|03|net"; nocase; ) # dsxd54fps120suwhfbgfv7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|dsxd54fps120suwhfbgfv7l|03|org"; nocase; ) # yon27sy28sx455p0hhqtxbvy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yon27sy28sx455p0hhqtxbvy|03|com"; nocase; ) # j0qz6tsg57nx1934kmevxo2rp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0qz6tsg57nx1934kmevxo2rp|03|org"; nocase; ) # 1pbfxfd1nwrj9r11qq2f4100kx5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pbfxfd1nwrj9r11qq2f4100kx5w|03|com"; nocase; ) # 1p61tfg16cnkis1nzy463frrrr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p61tfg16cnkis1nzy463frrrr|03|net"; nocase; ) # 1u0wg791xprm9v1rkkyzme0bn4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u0wg791xprm9v1rkkyzme0bn4n|03|org"; nocase; ) # 1l18ek21brh75m1jqcf9pilc916.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l18ek21brh75m1jqcf9pilc916|03|net"; nocase; ) # 125xfzfh0dpci2elm6s1xjr1qq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|125xfzfh0dpci2elm6s1xjr1qq|03|net"; nocase; ) # 10gazsn1gl3d4qov8t6c1wy5new.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10gazsn1gl3d4qov8t6c1wy5new|03|com"; nocase; ) # f4xagvki01c2amkmhw10gzlvr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4xagvki01c2amkmhw10gzlvr|03|net"; nocase; ) # 1mac4l31bdemiyr4bp6tiixc1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mac4l31bdemiyr4bp6tiixc1|03|biz"; nocase; ) # rg8n841jzm6muuk1cdl1tz2tpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rg8n841jzm6muuk1cdl1tz2tpl|03|com"; nocase; ) # 7xavc11kt1z9pofpc0h1dnpugq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7xavc11kt1z9pofpc0h1dnpugq|03|com"; nocase; ) # 1afapsmv66oh71ei5nw71784upg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1afapsmv66oh71ei5nw71784upg|03|net"; nocase; ) # 1d0bm44l75oh3dz6weackhn7z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d0bm44l75oh3dz6weackhn7z|03|org"; nocase; ) # 1pbm1l5z7dqbt13lax16wg27m8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbm1l5z7dqbt13lax16wg27m8|03|org"; nocase; ) # aym0ko3w3sg1a8s3zy79fq7g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aym0ko3w3sg1a8s3zy79fq7g|03|org"; nocase; ) # 11qjcxv1b7ndwo1sy8raj1s4kajc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11qjcxv1b7ndwo1sy8raj1s4kajc|03|com"; nocase; ) # 18nr2mlgwt084mil3371kof8dy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18nr2mlgwt084mil3371kof8dy|03|biz"; nocase; ) # 1gdttr2qr2nz01yygvyb2kuryj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gdttr2qr2nz01yygvyb2kuryj|03|net"; nocase; ) # r2yytldslcpui7eeqexs3bc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r2yytldslcpui7eeqexs3bc2|03|net"; nocase; ) # ajeli354gfjclvaq1xx0ncg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ajeli354gfjclvaq1xx0ncg|03|com"; nocase; ) # dvx5jmvdvudl156cjm1ph61oc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dvx5jmvdvudl156cjm1ph61oc|03|net"; nocase; ) # 1mtgr4vbohh65o9lcbos7ogg7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mtgr4vbohh65o9lcbos7ogg7|03|net"; nocase; ) # 1bl7x08ewx0i31xh5a9rrg159s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bl7x08ewx0i31xh5a9rrg159s|03|biz"; nocase; ) # ye4cv11jrhhpzcqndz0hd3fz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ye4cv11jrhhpzcqndz0hd3fz9|03|com"; nocase; ) # 1nssg6q1u28dx21nw6jadbm4ulj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nssg6q1u28dx21nw6jadbm4ulj|03|net"; nocase; ) # k50qukboutz42ql2cipxmm06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k50qukboutz42ql2cipxmm06|03|net"; nocase; ) # 17d3xhq1dpe7ozcd9rq7voxcwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17d3xhq1dpe7ozcd9rq7voxcwk|03|com"; nocase; ) # 15kydx41xo6dkl5vnorc1uj5g0c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15kydx41xo6dkl5vnorc1uj5g0c|03|com"; nocase; ) # 1qz36n66faprglmbqjy6l0ebj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qz36n66faprglmbqjy6l0ebj|03|net"; nocase; ) # nslzca1tqfam81hn9f42826vl9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nslzca1tqfam81hn9f42826vl9|03|com"; nocase; ) # 10w5dbho1qguf10qy61z16c2xi8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10w5dbho1qguf10qy61z16c2xi8|03|net"; nocase; ) # 1visdad1f67hq210hiaptj1xzkf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1visdad1f67hq210hiaptj1xzkf|03|biz"; nocase; ) # 1osy0uno5myxo963zyt14v04ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osy0uno5myxo963zyt14v04ap|03|net"; nocase; ) # 1usk2rp1t4koi01fqpo5513xgi3i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1usk2rp1t4koi01fqpo5513xgi3i|03|org"; nocase; ) # 1fwc8us1l6do6obkbnzgr0iwqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fwc8us1l6do6obkbnzgr0iwqc|03|biz"; nocase; ) # ffj67vm3yqbz1einqad1kqk1fc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ffj67vm3yqbz1einqad1kqk1fc|03|com"; nocase; ) # yoxsmahpjp0d1ufxf921pei0nh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yoxsmahpjp0d1ufxf921pei0nh|03|org"; nocase; ) # 10makunidd1se1ghya1c7kkc60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10makunidd1se1ghya1c7kkc60|03|net"; nocase; ) # p6v298ej97b4dpywsmbp3y7c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p6v298ej97b4dpywsmbp3y7c|03|com"; nocase; ) # 193anjs1pgigdltkuan24lck4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|193anjs1pgigdltkuan24lck4|03|biz"; nocase; ) # 156dcmo1i25v0gune8p3bm3fph.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156dcmo1i25v0gune8p3bm3fph|03|com"; nocase; ) # yxft5g1c8poud1e7sosf1t397wz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yxft5g1c8poud1e7sosf1t397wz|03|biz"; nocase; ) # 171ky8jwo9iezk81a4ohkz0xb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|171ky8jwo9iezk81a4ohkz0xb|03|org"; nocase; ) # 1wt94nh1y4p5esybnrdtvo1o1p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wt94nh1y4p5esybnrdtvo1o1p|03|net"; nocase; ) # 1cacniu192iqijerji3i1c1hx9w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cacniu192iqijerji3i1c1hx9w|03|org"; nocase; ) # 1byc5qw9nmeppnfsbk11w4beyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1byc5qw9nmeppnfsbk11w4beyb|03|org"; nocase; ) # 1dup1d8mdcro51iu4meyp3rpli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dup1d8mdcro51iu4meyp3rpli|03|com"; nocase; ) # k04fuc14zhgwlyh2didsf22if.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k04fuc14zhgwlyh2didsf22if|03|org"; nocase; ) # qh78aawc9bt712604dl1o0xc7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qh78aawc9bt712604dl1o0xc7h|03|com"; nocase; ) # 1p97f7r1njlwg1yhhvtr1bmz806.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p97f7r1njlwg1yhhvtr1bmz806|03|org"; nocase; ) # jm0id3m1clgq162dfv67m7rxr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jm0id3m1clgq162dfv67m7rxr|03|biz"; nocase; ) # 1qx1nzn1m6fkgk9vg91ggaksi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qx1nzn1m6fkgk9vg91ggaksi|03|net"; nocase; ) # 11uk7twkbd1n71lepd0m1hvf6mq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11uk7twkbd1n71lepd0m1hvf6mq|03|net"; nocase; ) # 1patll717zq3p2t2ggj71n17i0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1patll717zq3p2t2ggj71n17i0a|03|org"; nocase; ) # 12y9o5k1hrzaxy1yivd4isyx6g9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12y9o5k1hrzaxy1yivd4isyx6g9|03|biz"; nocase; ) # 1c0zgdzc5v31m1mv1vbk75s2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1c0zgdzc5v31m1mv1vbk75s2|03|net"; nocase; ) # uw9dhy140iuwq15llq2p5br9k9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uw9dhy140iuwq15llq2p5br9k9|03|net"; nocase; ) # gy2il4ddty751itmxyc1my2phm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gy2il4ddty751itmxyc1my2phm|03|net"; nocase; ) # 161qnppm6fpro1aabxff1xwleor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161qnppm6fpro1aabxff1xwleor|03|com"; nocase; ) # dv7sh712cbq3211v5ip01ju2aef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dv7sh712cbq3211v5ip01ju2aef|03|com"; nocase; ) # 1kguj8plnqerd116wntretb3zx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kguj8plnqerd116wntretb3zx|03|net"; nocase; ) # 1mjn4rt92mpmu1jyytl55176ji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mjn4rt92mpmu1jyytl55176ji|03|biz"; nocase; ) # 16vqxln3peoig210mcmpf7mng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16vqxln3peoig210mcmpf7mng|03|net"; nocase; ) # 1dmiuwaoty080s7xbrh1cc3hda.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dmiuwaoty080s7xbrh1cc3hda|03|org"; nocase; ) # 158fi61lbkvahg3ifmq1ou0wj6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|158fi61lbkvahg3ifmq1ou0wj6|03|com"; nocase; ) # 1budelk1puwr6aubf0ms1wtfyrb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1budelk1puwr6aubf0ms1wtfyrb|03|org"; nocase; ) # 1kopnxlp4gg3a1bb6kekbvlcn1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kopnxlp4gg3a1bb6kekbvlcn1|03|com"; nocase; ) # 1iq20yn1dnj5ppx80nqrmdtu7d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iq20yn1dnj5ppx80nqrmdtu7d|03|biz"; nocase; ) # 1snaqq5rdunhk5pq9xs441dqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1snaqq5rdunhk5pq9xs441dqr|03|biz"; nocase; ) # kurp689kd2di4zcrszi8q08j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kurp689kd2di4zcrszi8q08j|03|org"; nocase; ) # 213r2pe1x14z2b47dv1h2bty1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|213r2pe1x14z2b47dv1h2bty1|03|com"; nocase; ) # 1k80wf01cco0e61bumyc61wy4jd3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k80wf01cco0e61bumyc61wy4jd3|03|org"; nocase; ) # 1irjj5a1crmijcu7r319yozzl8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1irjj5a1crmijcu7r319yozzl8|03|net"; nocase; ) # m44ekd1cywliiirjwkj1nbgrbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m44ekd1cywliiirjwkj1nbgrbz|03|net"; nocase; ) # p027b11s7sa8942aqqq4puzt6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p027b11s7sa8942aqqq4puzt6|03|com"; nocase; ) # gcn4ppl2ipar14slr5w1s9s443.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gcn4ppl2ipar14slr5w1s9s443|03|net"; nocase; ) # 37dq2i14788nb1q4yvzu1lwj4t8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|37dq2i14788nb1q4yvzu1lwj4t8|03|biz"; nocase; ) # 1jr3c9tti0ha71wuvkv9i8z32p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jr3c9tti0ha71wuvkv9i8z32p|03|net"; nocase; ) # 1awk8nmx1wbdl1sn5ga61sl35ti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awk8nmx1wbdl1sn5ga61sl35ti|03|org"; nocase; ) # 1fyhpioxn8ri1jtlj2v1eawgcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fyhpioxn8ri1jtlj2v1eawgcs|03|com"; nocase; ) # 16h68nmzob3cz29u9e05b4t7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16h68nmzob3cz29u9e05b4t7d|03|net"; nocase; ) # 39glncjfcjxu10abbi11ie1ouj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39glncjfcjxu10abbi11ie1ouj|03|biz"; nocase; ) # 1i3n0yrt502h1hqfjfw1o8liw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i3n0yrt502h1hqfjfw1o8liw5|03|org"; nocase; ) # cem6oq1okkztb1kvqqrj1wktdot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cem6oq1okkztb1kvqqrj1wktdot|03|net"; nocase; ) # 6kyyb6dwjq1sv4yq3e1k1kk7j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6kyyb6dwjq1sv4yq3e1k1kk7j|03|biz"; nocase; ) # 1u36s7b1ca3m2zeuy7ml1wi22ll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u36s7b1ca3m2zeuy7ml1wi22ll|03|com"; nocase; ) # 1tk7uhv1hob2s81qc2a8l1itlnkm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tk7uhv1hob2s81qc2a8l1itlnkm|03|net"; nocase; ) # 6azdym17gx5y9r7nznutmfz65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6azdym17gx5y9r7nznutmfz65|03|net"; nocase; ) # b25bn91y0yhh565ybnx1thosct.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b25bn91y0yhh565ybnx1thosct|03|biz"; nocase; ) # knhhry1cldc99og57d4nvlmk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|knhhry1cldc99og57d4nvlmk6|03|com"; nocase; ) # 9rmeq13i43921rfqm9n407yf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9rmeq13i43921rfqm9n407yf|03|org"; nocase; ) # 1kptswh1odkncm1e9ucxe1u89b5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kptswh1odkncm1e9ucxe1u89b5z|03|org"; nocase; ) # ymqjoi1mieish1imnq811rlnns9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ymqjoi1mieish1imnq811rlnns9|03|org"; nocase; ) # 1q8uqdu1del360p6aw8c1962wfs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q8uqdu1del360p6aw8c1962wfs|03|biz"; nocase; ) # l5kcc81b8os9ir4zshs1gs331h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l5kcc81b8os9ir4zshs1gs331h|03|net"; nocase; ) # 11wle3mpuwxao1fndbsa24ndlm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11wle3mpuwxao1fndbsa24ndlm|03|biz"; nocase; ) # 1m0beqb1mfwf9c14wu8e9umgk8c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m0beqb1mfwf9c14wu8e9umgk8c|03|net"; nocase; ) # 1klrleh1pz6ddz1jvylkgltqc37.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1klrleh1pz6ddz1jvylkgltqc37|03|biz"; nocase; ) # aeygq6fkak9o1t7hjtlaaum6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aeygq6fkak9o1t7hjtlaaum6j|03|org"; nocase; ) # 1exu0ku1ygvxn710v57k2pbywn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1exu0ku1ygvxn710v57k2pbywn2|03|net"; nocase; ) # 2vqvg1s8596i1jl142yx60v8y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2vqvg1s8596i1jl142yx60v8y|03|net"; nocase; ) # fw9lhggx3mxl1ugn89sdl0uhk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fw9lhggx3mxl1ugn89sdl0uhk|03|biz"; nocase; ) # 1dvapig1t9s5iw1x1ixixmd3keb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dvapig1t9s5iw1x1ixixmd3keb|03|org"; nocase; ) # 47acay7afhjp1nsqjko15gfukk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|47acay7afhjp1nsqjko15gfukk|03|com"; nocase; ) # 599yyxu28mtj6cyjwa92wdlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|599yyxu28mtj6cyjwa92wdlh|03|org"; nocase; ) # 1tex18x154a3j44u8z7fhji763.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tex18x154a3j44u8z7fhji763|03|net"; nocase; ) # tgagoe1fd73sk14bhtab1wvgs5o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tgagoe1fd73sk14bhtab1wvgs5o|03|com"; nocase; ) # 1aigpa61p18w7612f8ombq2l7bs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aigpa61p18w7612f8ombq2l7bs|03|org"; nocase; ) # 1nj7vp2r643k4246o7d19lhhcl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nj7vp2r643k4246o7d19lhhcl|03|net"; nocase; ) # 1k13v8r1dv1z2d1sduqoox2ktmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k13v8r1dv1z2d1sduqoox2ktmq|03|org"; nocase; ) # ddi9o21q9ui7w5ipq3g1s4zzb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ddi9o21q9ui7w5ipq3g1s4zzb7|03|net"; nocase; ) # 1x4fuk5jckzoa1s7nygyr7lbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x4fuk5jckzoa1s7nygyr7lbl|03|com"; nocase; ) # opdpoenkz73w1u6m8bkc2t9g8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|opdpoenkz73w1u6m8bkc2t9g8|03|net"; nocase; ) # aydq471njzq3ed75i5r1rp2hsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aydq471njzq3ed75i5r1rp2hsz|03|com"; nocase; ) # cipby6ojjr6615fx672t0ml12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cipby6ojjr6615fx672t0ml12|03|net"; nocase; ) # apgyj64rtnzhx3s35z788t0k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|apgyj64rtnzhx3s35z788t0k|03|com"; nocase; ) # bomdd1q5sup34u7wqq138tvlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bomdd1q5sup34u7wqq138tvlj|03|org"; nocase; ) # 2r1dsa3lr60lf2bl8rzrmnfp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2r1dsa3lr60lf2bl8rzrmnfp|03|org"; nocase; ) # vd0jg285dr8k1ul29sbyxdpbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vd0jg285dr8k1ul29sbyxdpbh|03|com"; nocase; ) # 1nf7ipt1czav6o1iaju231aztgsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nf7ipt1czav6o1iaju231aztgsy|03|org"; nocase; ) # 18khaggl5gmng11i8bmcujiqwy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18khaggl5gmng11i8bmcujiqwy|03|biz"; nocase; ) # 1f9ikbv1fmp2vw1tavbu31gq0ctu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f9ikbv1fmp2vw1tavbu31gq0ctu|03|net"; nocase; ) # ta0kqif8rdt45k8kmc1k2i6dd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ta0kqif8rdt45k8kmc1k2i6dd|03|net"; nocase; ) # jq56p1dd44qsfd5w0717r71nv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jq56p1dd44qsfd5w0717r71nv|03|com"; nocase; ) # jun4j11kj4mho5c59hj6owons.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jun4j11kj4mho5c59hj6owons|03|org"; nocase; ) # j44x7f1wg6yzy1i72o7c1fuf90o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j44x7f1wg6yzy1i72o7c1fuf90o|03|com"; nocase; ) # 1xo8eie1t5ycmvu6sesdx10pfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xo8eie1t5ycmvu6sesdx10pfu|03|biz"; nocase; ) # 1u69c0sy35e11sfgisc10azzp9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u69c0sy35e11sfgisc10azzp9|03|org"; nocase; ) # jyhzrk11bjkg41e1sbrm1uoj5by.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jyhzrk11bjkg41e1sbrm1uoj5by|03|net"; nocase; ) # gd6ok3s51uegcprb90vzt9ii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gd6ok3s51uegcprb90vzt9ii|03|net"; nocase; ) # 68kpf11hnzxz11vrm4ui1lyvb36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|68kpf11hnzxz11vrm4ui1lyvb36|03|org"; nocase; ) # z6wfqpj50lnb112bu4513edrod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z6wfqpj50lnb112bu4513edrod|03|com"; nocase; ) # k1vjvfuuso66znhdh1nlsmt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|k1vjvfuuso66znhdh1nlsmt|03|biz"; nocase; ) # fa5cb71vg2kvzqnrl937263pd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fa5cb71vg2kvzqnrl937263pd|03|biz"; nocase; ) # 10g1s1r14gel9n19nf8z41lpfnxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10g1s1r14gel9n19nf8z41lpfnxf|03|com"; nocase; ) # 1yw12pp1aans6t2yr910m6igvi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yw12pp1aans6t2yr910m6igvi|03|net"; nocase; ) # 13qdrbwk2sa88124209jo83m4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qdrbwk2sa88124209jo83m4c|03|com"; nocase; ) # 59jr2fwewcww1vhhb8f13c2w9w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59jr2fwewcww1vhhb8f13c2w9w|03|biz"; nocase; ) # 1tpcgft14w1vqc1ugeqj8yrcjdx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tpcgft14w1vqc1ugeqj8yrcjdx|03|org"; nocase; ) # 16p1ndzgqobdb1opyj0f13974yw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16p1ndzgqobdb1opyj0f13974yw|03|net"; nocase; ) # 11iyf4c1hqv75c1ln4rm1fyet4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11iyf4c1hqv75c1ln4rm1fyet4k|03|com"; nocase; ) # 1mlrdbu1rubi971y06iml6wf8o1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mlrdbu1rubi971y06iml6wf8o1|03|com"; nocase; ) # 12hveok12v1oi1u7nezn1au86zn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12hveok12v1oi1u7nezn1au86zn|03|biz"; nocase; ) # tla1601kpwzvcki00li16ygpml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tla1601kpwzvcki00li16ygpml|03|org"; nocase; ) # punfe7teasft1k9r1x91phfqgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|punfe7teasft1k9r1x91phfqgg|03|com"; nocase; ) # 5psugy745znk1h0wx8tj0thsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5psugy745znk1h0wx8tj0thsz|03|net"; nocase; ) # u7lthl1bn02j21uu3c7l1l5qj6x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u7lthl1bn02j21uu3c7l1l5qj6x|03|net"; nocase; ) # 1rx41bq6tutq8zy4xsp5lh207.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rx41bq6tutq8zy4xsp5lh207|03|org"; nocase; ) # zcqywm704imy2qlctgefgh7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zcqywm704imy2qlctgefgh7k|03|net"; nocase; ) # 1g84lige996udkd2vw82ihmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1g84lige996udkd2vw82ihmz|03|org"; nocase; ) # 1tpkjckklpjvfnffeskt9ya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1tpkjckklpjvfnffeskt9ya|03|biz"; nocase; ) # 4b1ohk1k14hscsu147w4y8wpi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4b1ohk1k14hscsu147w4y8wpi|03|org"; nocase; ) # 15bug6af3hytu1xg9mc4px5xmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15bug6af3hytu1xg9mc4px5xmt|03|org"; nocase; ) # 5hhadorna2a9140b8gs1uoulgm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5hhadorna2a9140b8gs1uoulgm|03|com"; nocase; ) # 12p7iu3nxwpin1q4hx2vm0uazm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12p7iu3nxwpin1q4hx2vm0uazm|03|biz"; nocase; ) # 1rdraxm3enj9011bggaxzskvh3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rdraxm3enj9011bggaxzskvh3|03|org"; nocase; ) # 4dfjj19bvtsd1cr6hww1xi8hml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4dfjj19bvtsd1cr6hww1xi8hml|03|net"; nocase; ) # zx1vzq1ixfcsef49siadfanfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zx1vzq1ixfcsef49siadfanfb|03|net"; nocase; ) # 1u9ld815qemdl15idjxv13egd69.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9ld815qemdl15idjxv13egd69|03|org"; nocase; ) # t0rsul12b90wh53sms18kqfw3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t0rsul12b90wh53sms18kqfw3|03|com"; nocase; ) # 1wdpdt11y84pel177nfzc1h3fvu7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wdpdt11y84pel177nfzc1h3fvu7|03|biz"; nocase; ) # jn84z033t2q71xznww5b8204v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jn84z033t2q71xznww5b8204v|03|org"; nocase; ) # 1glwb1n1ev4wa212dig2w1wigdsx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1glwb1n1ev4wa212dig2w1wigdsx|03|com"; nocase; ) # 5z5z3etn4m1j18yj00f1bqujxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5z5z3etn4m1j18yj00f1bqujxr|03|com"; nocase; ) # 1xxeu5p1v5960wd04kdy87nyi1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xxeu5p1v5960wd04kdy87nyi1|03|biz"; nocase; ) # 1e5z2c41iogfo21dyvearxgmup6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e5z2c41iogfo21dyvearxgmup6|03|org"; nocase; ) # 1wt17ev12ggdd2oani0t15eb81e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wt17ev12ggdd2oani0t15eb81e|03|net"; nocase; ) # 1isuor61t8zlod4yr44moyxwzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1isuor61t8zlod4yr44moyxwzm|03|com"; nocase; ) # ax5nxdttjtte10djpo31fk0znk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ax5nxdttjtte10djpo31fk0znk|03|org"; nocase; ) # 1luxe901i9z6mg1qxuyeuvs3uf3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1luxe901i9z6mg1qxuyeuvs3uf3|03|biz"; nocase; ) # 1ha64t7vr4z7lcsdrj7vox42i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ha64t7vr4z7lcsdrj7vox42i|03|org"; nocase; ) # 18nk77vef9sc4904o31bg8zp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18nk77vef9sc4904o31bg8zp3|03|com"; nocase; ) # 10jm29p1jxbx34iv2u1q1ku7s8n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10jm29p1jxbx34iv2u1q1ku7s8n|03|org"; nocase; ) # b7zf3f1kf194d1cibpvz1yuocyl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b7zf3f1kf194d1cibpvz1yuocyl|03|net"; nocase; ) # 150tovl1fx30t1175d5nhiuxhnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|150tovl1fx30t1175d5nhiuxhnn|03|com"; nocase; ) # y3qg2l1y017p67u0x9d1ptsxvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y3qg2l1y017p67u0x9d1ptsxvg|03|net"; nocase; ) # kgjq1g88t5fnusjhb41mog166.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kgjq1g88t5fnusjhb41mog166|03|net"; nocase; ) # 8ypxo1a6ujue16th1sa1bxj9aw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ypxo1a6ujue16th1sa1bxj9aw|03|org"; nocase; ) # tpo0d6zqvpegk5ithy1j64bdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tpo0d6zqvpegk5ithy1j64bdz|03|com"; nocase; ) # 1h602me1i4b6wr16uos0l18kb857.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h602me1i4b6wr16uos0l18kb857|03|org"; nocase; ) # aafzvh1b2b9tj1p6cjszavec7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aafzvh1b2b9tj1p6cjszavec7v|03|org"; nocase; ) # 18xgsdj1ccb5hs18y7jb81d1wpx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18xgsdj1ccb5hs18y7jb81d1wpx9|03|biz"; nocase; ) # 1povoqg1a5cjhs1h393ftyhl54h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1povoqg1a5cjhs1h393ftyhl54h|03|org"; nocase; ) # cdxlr0c04698qbpwgpbw779b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cdxlr0c04698qbpwgpbw779b|03|net"; nocase; ) # mit7us1icca3c1apbl2c1o2i3zg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mit7us1icca3c1apbl2c1o2i3zg|03|com"; nocase; ) # 1h3cttpme4z1m1g19rb21ourvdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3cttpme4z1m1g19rb21ourvdg|03|com"; nocase; ) # pl8761bkd39n13tpdgk1wdyik9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pl8761bkd39n13tpdgk1wdyik9|03|net"; nocase; ) # gfcbch16xf31c1ptk0wb17kayq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gfcbch16xf31c1ptk0wb17kayq|03|org"; nocase; ) # cqlb0ecxpy9i1l26n6ucpgv3f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cqlb0ecxpy9i1l26n6ucpgv3f|03|org"; nocase; ) # 18olh8ra4f4p953egfq42afb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18olh8ra4f4p953egfq42afb|03|biz"; nocase; ) # 7enx8p1gkww241m3tb2n131k3fy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7enx8p1gkww241m3tb2n131k3fy|03|net"; nocase; ) # qu3gr41pddnlitpz9cqf701vn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qu3gr41pddnlitpz9cqf701vn|03|biz"; nocase; ) # 1g4nuk61nwoixcl35isso0tzwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g4nuk61nwoixcl35isso0tzwx|03|net"; nocase; ) # 1at79z21w99azj1gp4g34rkw77a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1at79z21w99azj1gp4g34rkw77a|03|org"; nocase; ) # 12zn3v8ih0vgie6uutt19kmo0u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12zn3v8ih0vgie6uutt19kmo0u|03|net"; nocase; ) # we858tj23zps1uwakdk1wwrz21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|we858tj23zps1uwakdk1wwrz21|03|com"; nocase; ) # 16z6iii1uxnw2u172qau21m9mrwy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16z6iii1uxnw2u172qau21m9mrwy|03|org"; nocase; ) # 1pbknkhqypjpg1hqa8el18bzec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbknkhqypjpg1hqa8el18bzec|03|net"; nocase; ) # 1xw0l0911u7w1zicm4jlpa7gww.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xw0l0911u7w1zicm4jlpa7gww|03|biz"; nocase; ) # aa6r4t1aa7pqopzvsj11bgme19.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aa6r4t1aa7pqopzvsj11bgme19|03|biz"; nocase; ) # nyl3ji1s0d7yr19gjutt1kg5z09.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nyl3ji1s0d7yr19gjutt1kg5z09|03|net"; nocase; ) # nfhzmk10qskcz1phnw17mh6c2p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nfhzmk10qskcz1phnw17mh6c2p|03|com"; nocase; ) # 1l5irsm4drwtz16f4ah1cf75v0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l5irsm4drwtz16f4ah1cf75v0|03|com"; nocase; ) # 1p0efa3w4dbqq11knpp68ylzhk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p0efa3w4dbqq11knpp68ylzhk|03|org"; nocase; ) # 1n076ahibz2rh1a4ecys94w4z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n076ahibz2rh1a4ecys94w4z7|03|net"; nocase; ) # cxjwik1d9k6um98n4e7q8899s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cxjwik1d9k6um98n4e7q8899s|03|com"; nocase; ) # 5ij1rgp9bxzuwta84m1v9cq4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5ij1rgp9bxzuwta84m1v9cq4|03|biz"; nocase; ) # 5gr4h1fy4n5k1qvtkeq1i2accj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5gr4h1fy4n5k1qvtkeq1i2accj|03|org"; nocase; ) # 11id8hxgqrpxy1mgfjp3mmspjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11id8hxgqrpxy1mgfjp3mmspjn|03|com"; nocase; ) # 1cz5i2sakpqyw1v47akv1gk4xq6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cz5i2sakpqyw1v47akv1gk4xq6|03|biz"; nocase; ) # biiw2m1vqdqxlxapcwn1cc5pzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|biiw2m1vqdqxlxapcwn1cc5pzs|03|net"; nocase; ) # ca4lva16z66sfdgt0lk13lx56e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ca4lva16z66sfdgt0lk13lx56e|03|org"; nocase; ) # 14nfqo81uojc6h1fl9lyr10mu2tj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14nfqo81uojc6h1fl9lyr10mu2tj|03|com"; nocase; ) # 16kq7d51dx9230pv6wgy18m9oer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16kq7d51dx9230pv6wgy18m9oer|03|com"; nocase; ) # mpv6hjd25s5x30avzcjviz0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mpv6hjd25s5x30avzcjviz0r|03|net"; nocase; ) # 14xjryquupwb7y2ctef1nt76fn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14xjryquupwb7y2ctef1nt76fn|03|biz"; nocase; ) # lg48e88a7o231owqz3cu6loxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lg48e88a7o231owqz3cu6loxp|03|net"; nocase; ) # m3o6f710caw5w110l0cc1h3waen.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m3o6f710caw5w110l0cc1h3waen|03|biz"; nocase; ) # 1wahinx8euw7q1izkhcb176mggw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wahinx8euw7q1izkhcb176mggw|03|com"; nocase; ) # 1bjlqlxhuiravgynpef1hfd0tn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjlqlxhuiravgynpef1hfd0tn|03|org"; nocase; ) # 158psvn8rl4zy13l2pa07i8ymo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|158psvn8rl4zy13l2pa07i8ymo|03|biz"; nocase; ) # zitdtu2nikb91fjkzuy1m6342i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zitdtu2nikb91fjkzuy1m6342i|03|net"; nocase; ) # unkbofu1zwkl1urxtvfvgw5g9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|unkbofu1zwkl1urxtvfvgw5g9|03|net"; nocase; ) # h1wy071byk3ra76d6704jum03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1wy071byk3ra76d6704jum03|03|com"; nocase; ) # b0bia89xse6e10d7nidvjpdtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b0bia89xse6e10d7nidvjpdtb|03|net"; nocase; ) # 8n5altebylno4dkvs21rifwil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8n5altebylno4dkvs21rifwil|03|biz"; nocase; ) # 1nii48vsl7503uw7elv1wzy0ej.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nii48vsl7503uw7elv1wzy0ej|03|biz"; nocase; ) # 1h4h75r1iodibk1wrgunk10g7sub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h4h75r1iodibk1wrgunk10g7sub|03|net"; nocase; ) # 8iivcg1ecncwzcy9t9nyh3w7e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8iivcg1ecncwzcy9t9nyh3w7e|03|org"; nocase; ) # tsw3el169hij610z674m1ecx6h6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tsw3el169hij610z674m1ecx6h6|03|com"; nocase; ) # wkw670ghl5ja1pyvd84gmntvp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wkw670ghl5ja1pyvd84gmntvp|03|org"; nocase; ) # 1nemce1d27i0k1cwu6bp1ad2k9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nemce1d27i0k1cwu6bp1ad2k9e|03|org"; nocase; ) # 6lvhqowfhdo715j7ttck1c9c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6lvhqowfhdo715j7ttck1c9c|03|org"; nocase; ) # 1uaebup10wlthmp2h1uftak9b9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uaebup10wlthmp2h1uftak9b9|03|net"; nocase; ) # jia2ojlxsprz12fy2mzmb0n1h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jia2ojlxsprz12fy2mzmb0n1h|03|com"; nocase; ) # j4rnd1ykogyu1o8wn0g13zpxc2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j4rnd1ykogyu1o8wn0g13zpxc2|03|com"; nocase; ) # 1lynowddgs9rkitmw729e67q0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lynowddgs9rkitmw729e67q0|03|net"; nocase; ) # 16h5uj7jb2fxw1ws82xe1xvk0n7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16h5uj7jb2fxw1ws82xe1xvk0n7|03|net"; nocase; ) # 81imgvqenpk91jpxwv01iixg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|81imgvqenpk91jpxwv01iixg8|03|org"; nocase; ) # 1kn4ge710ueq347j4l251uhe742.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kn4ge710ueq347j4l251uhe742|03|com"; nocase; ) # 1my1k5019hdzzn13o66y6pgmv88.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1my1k5019hdzzn13o66y6pgmv88|03|com"; nocase; ) # lirugbdto2jz1f287pv1yq5jf0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lirugbdto2jz1f287pv1yq5jf0|03|net"; nocase; ) # 14ql1b21uka44e5b5ja31kl0ezy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ql1b21uka44e5b5ja31kl0ezy|03|biz"; nocase; ) # kp6i8zzc6qrkwn5opr1m8g7rq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kp6i8zzc6qrkwn5opr1m8g7rq|03|org"; nocase; ) # 1u08k3cfea8gz9bsaax1y7ggbd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u08k3cfea8gz9bsaax1y7ggbd|03|net"; nocase; ) # 1nmiv4fb9azf5eeoqod12uzap0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nmiv4fb9azf5eeoqod12uzap0|03|net"; nocase; ) # b3tiuo1onwwt0yxaedg8ge3oj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3tiuo1onwwt0yxaedg8ge3oj|03|org"; nocase; ) # bwmu3m6lsedo18xv47ndx07p2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bwmu3m6lsedo18xv47ndx07p2|03|biz"; nocase; ) # 12h3j7at1jwou1smsiafzfyja8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12h3j7at1jwou1smsiafzfyja8|03|org"; nocase; ) # 1r9q9n617qrhik1veha6flb4gbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9q9n617qrhik1veha6flb4gbl|03|com"; nocase; ) # 1uu8gvw1i897jp1lahbgog5kn7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uu8gvw1i897jp1lahbgog5kn7c|03|net"; nocase; ) # r9nhyf1hikdobt5cvjgu7l282.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r9nhyf1hikdobt5cvjgu7l282|03|net"; nocase; ) # 1hp5x70rxey5e8o3llszwrtue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hp5x70rxey5e8o3llszwrtue|03|com"; nocase; ) # a741qiveve8b4c9t0718pea3z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a741qiveve8b4c9t0718pea3z|03|biz"; nocase; ) # 1u8ghji365m7ch3qumi118zw8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u8ghji365m7ch3qumi118zw8i|03|net"; nocase; ) # 1ge0rm715cmraog69lmx15qztoy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ge0rm715cmraog69lmx15qztoy|03|org"; nocase; ) # j1fnqsngy8cn1ngxvsr4vvd40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j1fnqsngy8cn1ngxvsr4vvd40|03|org"; nocase; ) # 1l0wlj6wuxamz1ngyyp6lp914h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0wlj6wuxamz1ngyyp6lp914h|03|org"; nocase; ) # w7e7o0k1xabzsf9o7l1chyckh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w7e7o0k1xabzsf9o7l1chyckh|03|net"; nocase; ) # 1pmx5ht1bt65tx1nk3i661pb1o61.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pmx5ht1bt65tx1nk3i661pb1o61|03|com"; nocase; ) # 1bg331v12nk0tnn8993o1t9g5fh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bg331v12nk0tnn8993o1t9g5fh|03|org"; nocase; ) # 1mvr3pfslet8i154c5vrbtkptg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvr3pfslet8i154c5vrbtkptg|03|biz"; nocase; ) # 1h5imeh1fx6ensqh7a5n10rtsqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5imeh1fx6ensqh7a5n10rtsqp|03|com"; nocase; ) # 1404xa4u7325wp1mwmrtncm57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1404xa4u7325wp1mwmrtncm57|03|org"; nocase; ) # 118jfuz3m1q3nbgoukw182qtu7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|118jfuz3m1q3nbgoukw182qtu7|03|com"; nocase; ) # 26kd2ujhcoa28alf0s1o5gh9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|26kd2ujhcoa28alf0s1o5gh9j|03|net"; nocase; ) # 2tj8vg1e4k2m1hzgz2w1csu30.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2tj8vg1e4k2m1hzgz2w1csu30|03|net"; nocase; ) # dmlpbgqu5dqm4g8m0wrwwbsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dmlpbgqu5dqm4g8m0wrwwbsc|03|net"; nocase; ) # 1t1du351cvq48ilhxgfx111be4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t1du351cvq48ilhxgfx111be4n|03|org"; nocase; ) # 1voye9o1m052mc1ckhlvqroaplu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1voye9o1m052mc1ckhlvqroaplu|03|net"; nocase; ) # qdp7oc1cs3spw1a2wu8o1rvi41y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qdp7oc1cs3spw1a2wu8o1rvi41y|03|net"; nocase; ) # 1kp62g71i3iqt2gwcepu1vjrimh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kp62g71i3iqt2gwcepu1vjrimh|03|com"; nocase; ) # 1qadayq1ewmuf9czyjlhf7iv4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qadayq1ewmuf9czyjlhf7iv4p|03|net"; nocase; ) # zfthrp1kf4he5k23pe839abnw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfthrp1kf4he5k23pe839abnw|03|net"; nocase; ) # 8yovrxemw7jsi1uzdgxvb2n4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8yovrxemw7jsi1uzdgxvb2n4|03|com"; nocase; ) # 8lkirsav219y17lqj4b31fnc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8lkirsav219y17lqj4b31fnc6|03|org"; nocase; ) # 1g8vswu110xzh8182thzkvskzpf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g8vswu110xzh8182thzkvskzpf|03|net"; nocase; ) # 115901k1e26e3e1bfztjn4pn5p5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|115901k1e26e3e1bfztjn4pn5p5|03|org"; nocase; ) # tqk6nqzy9hmj3u0bnphasnzs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tqk6nqzy9hmj3u0bnphasnzs|03|biz"; nocase; ) # j8f8h017pm7r11yg24tpw5ikr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j8f8h017pm7r11yg24tpw5ikr|03|net"; nocase; ) # dpom0l132foug1srzi8trty3m6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpom0l132foug1srzi8trty3m6|03|com"; nocase; ) # pb5rwi13m7kubhqxkih1fnjd8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pb5rwi13m7kubhqxkih1fnjd8k|03|biz"; nocase; ) # zfzdix1plgbx21nxcssbag5m5y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zfzdix1plgbx21nxcssbag5m5y|03|net"; nocase; ) # 4vqh6u1sy8x5p18re4fj28kedz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4vqh6u1sy8x5p18re4fj28kedz|03|org"; nocase; ) # 1c5g6341nruugx1paquzjoe6zt0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c5g6341nruugx1paquzjoe6zt0|03|com"; nocase; ) # 12hitcy17wv42g1mrvyhv1ejavc7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12hitcy17wv42g1mrvyhv1ejavc7|03|com"; nocase; ) # 170t8891v6okko6vq0zx15lpyn8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|170t8891v6okko6vq0zx15lpyn8|03|com"; nocase; ) # 1grjlwlf0r6gk1riu2tadvd54l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1grjlwlf0r6gk1riu2tadvd54l|03|net"; nocase; ) # 1uni2401lhaan2fflx9zairo3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uni2401lhaan2fflx9zairo3|03|org"; nocase; ) # 1p2y8w51st9rxq19i74m8a105x4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p2y8w51st9rxq19i74m8a105x4|03|com"; nocase; ) # 8ox8l8ad3xzqdkl3m5jznipn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8ox8l8ad3xzqdkl3m5jznipn|03|org"; nocase; ) # 1x6pe1d1ikrdpp19h3xak1o1eu6q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x6pe1d1ikrdpp19h3xak1o1eu6q|03|biz"; nocase; ) # 1n18138fv22ukxgp21f1ud2wj7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n18138fv22ukxgp21f1ud2wj7|03|org"; nocase; ) # 19ud6bj1nq9j0q3seajyl0eche.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ud6bj1nq9j0q3seajyl0eche|03|net"; nocase; ) # 1p62y6yc47i7bec5hkijmc09d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p62y6yc47i7bec5hkijmc09d|03|net"; nocase; ) # v33ekc1q7jyit104l9awv5yx0c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v33ekc1q7jyit104l9awv5yx0c|03|com"; nocase; ) # 1dzws8m1wtx8611hen8al19lh0gx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dzws8m1wtx8611hen8al19lh0gx|03|net"; nocase; ) # 1jwcr5fiy028o1tkix911f5kklt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jwcr5fiy028o1tkix911f5kklt|03|com"; nocase; ) # w8k8q6wpdc04kxqwrbcrf6ft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w8k8q6wpdc04kxqwrbcrf6ft|03|com"; nocase; ) # 122cpqc1ddp0itezs11w1aedhh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|122cpqc1ddp0itezs11w1aedhh4|03|net"; nocase; ) # zlv6ff1hrd5a619zcnob1pbf2ix.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zlv6ff1hrd5a619zcnob1pbf2ix|03|biz"; nocase; ) # 1xy1ja7128vcc4c6edmcea19zq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xy1ja7128vcc4c6edmcea19zq|03|com"; nocase; ) # w550emchvpbbgi81xs11djz2k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w550emchvpbbgi81xs11djz2k|03|net"; nocase; ) # bm3b0bctszy2a4xito1xjl9nk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bm3b0bctszy2a4xito1xjl9nk|03|com"; nocase; ) # 45s2rv11amyos1ev2hvj1w1lz76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|45s2rv11amyos1ev2hvj1w1lz76|03|com"; nocase; ) # ul9jdev27qkgxe4dq2zeh6t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ul9jdev27qkgxe4dq2zeh6t|03|biz"; nocase; ) # x9iy3b1743citws5fq7l9ieyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x9iy3b1743citws5fq7l9ieyv|03|org"; nocase; ) # 1j5lejmtyrbqz14z0i4t1ojc5yn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j5lejmtyrbqz14z0i4t1ojc5yn|03|biz"; nocase; ) # 1f16bp33u8g73a4v7zsrfuv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1f16bp33u8g73a4v7zsrfuv3|03|net"; nocase; ) # w42c3q1d5q2ro1fchvj8qwm47s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w42c3q1d5q2ro1fchvj8qwm47s|03|com"; nocase; ) # cz345z1uz8k1s1dii2l31pg1qdq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cz345z1uz8k1s1dii2l31pg1qdq|03|org"; nocase; ) # ielp4r65m4k81gp2qf6zlr7qb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ielp4r65m4k81gp2qf6zlr7qb|03|biz"; nocase; ) # s8o3lk5wj6vxy7uvpp1g1ezdm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s8o3lk5wj6vxy7uvpp1g1ezdm|03|net"; nocase; ) # dms01z1yh0puk1j4deqx1qjlvra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dms01z1yh0puk1j4deqx1qjlvra|03|com"; nocase; ) # 1syizdge4sbu188z4ezmikpg9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1syizdge4sbu188z4ezmikpg9|03|org"; nocase; ) # 1omt15r11574j9y67wuntezpmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1omt15r11574j9y67wuntezpmp|03|net"; nocase; ) # vm0xjrjud5v3175q3sc3abco8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vm0xjrjud5v3175q3sc3abco8|03|biz"; nocase; ) # 1tsulujzmnvkgkfktoo16bp17b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tsulujzmnvkgkfktoo16bp17b|03|org"; nocase; ) # 6c2gf71kjva0tuwd5di19a1s9k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6c2gf71kjva0tuwd5di19a1s9k|03|org"; nocase; ) # tjjaf91b8djb31159vmp1rw3xge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tjjaf91b8djb31159vmp1rw3xge|03|biz"; nocase; ) # 10vdje21bfekb61wyrvgi1oomq1m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10vdje21bfekb61wyrvgi1oomq1m|03|org"; nocase; ) # 1aqj41t15ckfyhlj6g40gmrb9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqj41t15ckfyhlj6g40gmrb9f|03|com"; nocase; ) # 13qcra4vpiiz8y7fnd19vr8hk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13qcra4vpiiz8y7fnd19vr8hk|03|com"; nocase; ) # 1g2y6zw1t00sc51wnermpu9xc59.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g2y6zw1t00sc51wnermpu9xc59|03|biz"; nocase; ) # zhj56b8flmeu1lv82181l5icq6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhj56b8flmeu1lv82181l5icq6|03|org"; nocase; ) # 1yxz6in1dt86x71jl2sekja8vbw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxz6in1dt86x71jl2sekja8vbw|03|org"; nocase; ) # 1m2ltmnj6n01y1pm6ab9vq5ibi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m2ltmnj6n01y1pm6ab9vq5ibi|03|net"; nocase; ) # 1srf4phc1n6qk4t7d8js81865.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1srf4phc1n6qk4t7d8js81865|03|org"; nocase; ) # 1543c4s1y7j8s31urenkh1qnrx9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1543c4s1y7j8s31urenkh1qnrx9g|03|org"; nocase; ) # 2a0ewz2rja4ywfgwgo84ai1w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2a0ewz2rja4ywfgwgo84ai1w|03|biz"; nocase; ) # ah8f1316fpyz4g6e62b1ggmdb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ah8f1316fpyz4g6e62b1ggmdb8|03|net"; nocase; ) # 13bucuuqmynzyzic2gfanou9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13bucuuqmynzyzic2gfanou9f|03|net"; nocase; ) # nte6y6ipyo95grupp12ubqkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nte6y6ipyo95grupp12ubqkn|03|net"; nocase; ) # 82s2fiinewue9fhwmaooomh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|82s2fiinewue9fhwmaooomh|03|net"; nocase; ) # 1scmaue1ekwus41h3e5ep1hje46y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1scmaue1ekwus41h3e5ep1hje46y|03|com"; nocase; ) # 1arohr9c9rxjvf2rn12mjnt7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1arohr9c9rxjvf2rn12mjnt7g|03|com"; nocase; ) # fe4imjxxvudnqnyhvnd42os6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fe4imjxxvudnqnyhvnd42os6|03|org"; nocase; ) # 1jng9kk1oza6de197x8ie1qsrp76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jng9kk1oza6de197x8ie1qsrp76|03|com"; nocase; ) # 10wou9f1nauwgi1xgwf7dow2g5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wou9f1nauwgi1xgwf7dow2g5|03|net"; nocase; ) # 1hl28mc1t0ffbioqoulsir4m11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hl28mc1t0ffbioqoulsir4m11|03|com"; nocase; ) # 18z1u47ycllrqbtaisc1xh5qkx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18z1u47ycllrqbtaisc1xh5qkx|03|biz"; nocase; ) # 10qb49xi82mpz1cfmza412nqa3u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10qb49xi82mpz1cfmza412nqa3u|03|net"; nocase; ) # pew3mc11sm6qq10m2su1a4n5gl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pew3mc11sm6qq10m2su1a4n5gl|03|net"; nocase; ) # 2lb6wy85qldjumu3j218esj1p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2lb6wy85qldjumu3j218esj1p|03|org"; nocase; ) # 18c63kv29bnjksdzileehvak2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18c63kv29bnjksdzileehvak2|03|net"; nocase; ) # wnl8p81wynlsh87tyxsb64bzi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wnl8p81wynlsh87tyxsb64bzi|03|biz"; nocase; ) # 1veocus17efd3b15eo6op9xo4yz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1veocus17efd3b15eo6op9xo4yz|03|net"; nocase; ) # y3amr81whyhep1sf777ddwicmr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y3amr81whyhep1sf777ddwicmr|03|biz"; nocase; ) # 15bczulx6p6z13ybu37hp4zrg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15bczulx6p6z13ybu37hp4zrg|03|com"; nocase; ) # 1f8z6mr1voe8el853gi11nm5e8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f8z6mr1voe8el853gi11nm5e8g|03|org"; nocase; ) # 2t6e4233faxu1hgh5f01id9c01.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2t6e4233faxu1hgh5f01id9c01|03|net"; nocase; ) # 12iwq4gr4vqha1s80h441yirnkr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12iwq4gr4vqha1s80h441yirnkr|03|net"; nocase; ) # 11bgvdtbx6oz1fiuj0110efr6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11bgvdtbx6oz1fiuj0110efr6i|03|net"; nocase; ) # e5i9pj7puy1k1u2dguobvtfhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5i9pj7puy1k1u2dguobvtfhc|03|org"; nocase; ) # 1ir57a41azcotzx35e01wzmo7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ir57a41azcotzx35e01wzmo7a|03|com"; nocase; ) # 1b2w92m13vseev126f8hq1svcz3a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b2w92m13vseev126f8hq1svcz3a|03|org"; nocase; ) # 1vswoxx1gr7qgvsjprns19z80r8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vswoxx1gr7qgvsjprns19z80r8|03|com"; nocase; ) # 12ec2u51eu6cdd1tfugmqvb6g7p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ec2u51eu6cdd1tfugmqvb6g7p|03|net"; nocase; ) # 1y9a4718fp8qtnhn1if2xbesy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y9a4718fp8qtnhn1if2xbesy|03|com"; nocase; ) # pg9mfj6ssgyq8vx3iogwg74z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pg9mfj6ssgyq8vx3iogwg74z|03|com"; nocase; ) # 12nfi5p150rby61uwya6bx94ofc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12nfi5p150rby61uwya6bx94ofc|03|biz"; nocase; ) # fpeaglmju3kn1lsu99y18qbylz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fpeaglmju3kn1lsu99y18qbylz|03|com"; nocase; ) # x70sr14s05oup3cfqmvleylt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x70sr14s05oup3cfqmvleylt|03|org"; nocase; ) # 8491kw38fzsk1yrgj2upjer4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8491kw38fzsk1yrgj2upjer4u|03|com"; nocase; ) # 1q530pj8zg6ja1oi62pmnqb98g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q530pj8zg6ja1oi62pmnqb98g|03|com"; nocase; ) # w3s3slchs7dqhuggopomscro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w3s3slchs7dqhuggopomscro|03|com"; nocase; ) # 4amf9v19edgk8h2avmy2wefqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4amf9v19edgk8h2avmy2wefqi|03|biz"; nocase; ) # v1n6z42zfo9pjt5kwj1alw3wg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v1n6z42zfo9pjt5kwj1alw3wg|03|org"; nocase; ) # mkdd001n4z8sr694ntgoih4ez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mkdd001n4z8sr694ntgoih4ez|03|org"; nocase; ) # 1svgjptyvjao4cgf8nim2u9bu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1svgjptyvjao4cgf8nim2u9bu|03|com"; nocase; ) # 1bjys1cwjm9se2bu0o91kvymrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjys1cwjm9se2bu0o91kvymrj|03|net"; nocase; ) # 14idx7915x5skyse6v5dih7140.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14idx7915x5skyse6v5dih7140|03|com"; nocase; ) # 1lawp731b9hiuc1s18ih6j0e0l2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lawp731b9hiuc1s18ih6j0e0l2|03|com"; nocase; ) # 1wnmz0u1oj8y6xx4gj74ku3epk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wnmz0u1oj8y6xx4gj74ku3epk|03|com"; nocase; ) # 1pad2c24knrpi6pt4ri11c2884.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pad2c24knrpi6pt4ri11c2884|03|org"; nocase; ) # 1hf7wzw1jtvlsj1komll21h4bpv8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hf7wzw1jtvlsj1komll21h4bpv8|03|net"; nocase; ) # 1ttsz9d1ovojce1t0qgd4wzwd6b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ttsz9d1ovojce1t0qgd4wzwd6b|03|com"; nocase; ) # 1mrfgap1oelvbqp3t0774v6l7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mrfgap1oelvbqp3t0774v6l7z|03|net"; nocase; ) # 18m19kw1fpf7yq9abf8j1forcii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18m19kw1fpf7yq9abf8j1forcii|03|com"; nocase; ) # n1x218728zkl1hsnbe41u4cr0v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1x218728zkl1hsnbe41u4cr0v|03|biz"; nocase; ) # sfrg1uituorm17c5b0f1eebsr1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sfrg1uituorm17c5b0f1eebsr1|03|biz"; nocase; ) # 18bgz4d163yyun573rl9193c04o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18bgz4d163yyun573rl9193c04o|03|org"; nocase; ) # v7mm3s1iphv00qu28kw177zhur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v7mm3s1iphv00qu28kw177zhur|03|net"; nocase; ) # gb0gvj9pas1i1v29sux1w8kxz2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gb0gvj9pas1i1v29sux1w8kxz2|03|org"; nocase; ) # 1a2nurds18f7w1bsluutpjsfrq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a2nurds18f7w1bsluutpjsfrq|03|com"; nocase; ) # 15fvg5radtz7c1xkhfbd1vnw7gb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15fvg5radtz7c1xkhfbd1vnw7gb|03|org"; nocase; ) # 1k9bhcd1aroejs1axe6pxd0lons.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k9bhcd1aroejs1axe6pxd0lons|03|org"; nocase; ) # 8yh2671thwr2wbn3s1uzs1qkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8yh2671thwr2wbn3s1uzs1qkd|03|com"; nocase; ) # b7uq21n6llnurkkvhu1ivxv4d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b7uq21n6llnurkkvhu1ivxv4d|03|biz"; nocase; ) # 19a77ox1isxikdiyyp27nk7cbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19a77ox1isxikdiyyp27nk7cbt|03|org"; nocase; ) # 31ft168vcwbs1wkq0urdukc3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|31ft168vcwbs1wkq0urdukc3m|03|net"; nocase; ) # 1ecz1ki1kw0tn1135gof5ybeepp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ecz1ki1kw0tn1135gof5ybeepp|03|net"; nocase; ) # 4ikjzycobgze1xbthvwvopl3e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ikjzycobgze1xbthvwvopl3e|03|biz"; nocase; ) # fe5r1v7vijpl1b7hrjk1n4f6qs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fe5r1v7vijpl1b7hrjk1n4f6qs|03|net"; nocase; ) # 1lsso1jarv4x71r6czo91af279q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsso1jarv4x71r6czo91af279q|03|com"; nocase; ) # 1llfr5l1897ak81tmh3cm1az795s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1llfr5l1897ak81tmh3cm1az795s|03|net"; nocase; ) # fo4cebw46zud185293l12fb8y3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fo4cebw46zud185293l12fb8y3|03|biz"; nocase; ) # 1hx13dex5ic2t181km8alr41xs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hx13dex5ic2t181km8alr41xs|03|net"; nocase; ) # o6drj81pqpnf64q29f88ggx4t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o6drj81pqpnf64q29f88ggx4t|03|biz"; nocase; ) # 1i41zp33m6mgsxhtykweot7r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1i41zp33m6mgsxhtykweot7r|03|net"; nocase; ) # 3w2mbb1vu699dto5wtju9kd2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3w2mbb1vu699dto5wtju9kd2d|03|net"; nocase; ) # 1nhp3i5f6m2oxg9h82n9kki2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nhp3i5f6m2oxg9h82n9kki2t|03|net"; nocase; ) # 5logcr1g9sxlot0e65d1o75i41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5logcr1g9sxlot0e65d1o75i41|03|net"; nocase; ) # 1whkjhsvyijiy51eoa168l8ud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1whkjhsvyijiy51eoa168l8ud|03|org"; nocase; ) # 1gj70yvtfogltpaoc1mg9tcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gj70yvtfogltpaoc1mg9tcc|03|com"; nocase; ) # qulvrg1yqduf86yigys9tmzge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qulvrg1yqduf86yigys9tmzge|03|net"; nocase; ) # 159a8amruw9it1yij48z1jr6vu6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|159a8amruw9it1yij48z1jr6vu6|03|net"; nocase; ) # 14uhped120k3zf2enk7u1bcuwr8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14uhped120k3zf2enk7u1bcuwr8|03|org"; nocase; ) # 15jdaaoaew7b8p1cjjj18tkws.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15jdaaoaew7b8p1cjjj18tkws|03|biz"; nocase; ) # 1s6kvo914nzsko1ikkcid1gtofoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s6kvo914nzsko1ikkcid1gtofoe|03|org"; nocase; ) # 1klzay4ailo5h1rkhb6zjmvxoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1klzay4ailo5h1rkhb6zjmvxoj|03|net"; nocase; ) # t9yj17oodgv19qcewz1trypjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t9yj17oodgv19qcewz1trypjv|03|org"; nocase; ) # sb55z01uvslwo1cm59tq1sdd4i1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sb55z01uvslwo1cm59tq1sdd4i1|03|biz"; nocase; ) # 19ynuja2360vnrh77lw174yza9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ynuja2360vnrh77lw174yza9|03|net"; nocase; ) # v6w9d2167xhw01asit2menzust.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v6w9d2167xhw01asit2menzust|03|org"; nocase; ) # 1gyz5axy0byz1x41zi290im7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gyz5axy0byz1x41zi290im7r|03|com"; nocase; ) # 1vtygos1nwqztq1i3318919j0zz1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vtygos1nwqztq1i3318919j0zz1|03|com"; nocase; ) # okj6ny1pfu99nofw9scln8u4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|okj6ny1pfu99nofw9scln8u4|03|com"; nocase; ) # rqbl9e1tfhy8i1c4ofy6467okb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rqbl9e1tfhy8i1c4ofy6467okb|03|com"; nocase; ) # 1k0xqme1uzjnbv1egblmnftsi2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k0xqme1uzjnbv1egblmnftsi2z|03|com"; nocase; ) # 1v2n4loo2mvmiduflce1jigy5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2n4loo2mvmiduflce1jigy5r|03|com"; nocase; ) # 1xqku357s6qs69rolsujremak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xqku357s6qs69rolsujremak|03|net"; nocase; ) # 1wup4bq1fddzcsja4y3x1xkl317.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wup4bq1fddzcsja4y3x1xkl317|03|net"; nocase; ) # u5ltj8vrnfr6m64ep7qef2br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u5ltj8vrnfr6m64ep7qef2br|03|com"; nocase; ) # 1194yd11c2y8u41vqlxi61usoy5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1194yd11c2y8u41vqlxi61usoy5j|03|org"; nocase; ) # vb5ydhdvcxic1gikodt1peo99f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vb5ydhdvcxic1gikodt1peo99f|03|com"; nocase; ) # zmenpr177gohul80ft636d6np.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zmenpr177gohul80ft636d6np|03|biz"; nocase; ) # 1of0brjzb7iox7l33hm2ieden.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1of0brjzb7iox7l33hm2ieden|03|com"; nocase; ) # 1jfowj3z1s1ir1rp2v2581wt3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jfowj3z1s1ir1rp2v2581wt3z|03|net"; nocase; ) # 128neig14zbc7s1bpjx9hg94lj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|128neig14zbc7s1bpjx9hg94lj4|03|org"; nocase; ) # 12t80ucm7ukpc1jt8b0jxzypey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12t80ucm7ukpc1jt8b0jxzypey|03|org"; nocase; ) # wewoli8q8m4saszmbtrsd9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|wewoli8q8m4saszmbtrsd9r|03|org"; nocase; ) # 17bek7b1ykn4niifuw637il8h6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17bek7b1ykn4niifuw637il8h6|03|com"; nocase; ) # 1m1b32zuw2rl4aarl05c5oeep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m1b32zuw2rl4aarl05c5oeep|03|org"; nocase; ) # 5jof251vkfrg61leti79563hv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5jof251vkfrg61leti79563hv|03|net"; nocase; ) # 1tr66p4qq9vp36s345azephjb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tr66p4qq9vp36s345azephjb|03|com"; nocase; ) # caj9k41ub4us1jy88td15pq5f0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|caj9k41ub4us1jy88td15pq5f0|03|net"; nocase; ) # 8m2996c6psy41vnbp0m1gu99f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8m2996c6psy41vnbp0m1gu99f|03|com"; nocase; ) # 1criko4f7hxn51flfq6p3u4v85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1criko4f7hxn51flfq6p3u4v85|03|net"; nocase; ) # 95iipcgqzpoq1yko0dl1upenum.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|95iipcgqzpoq1yko0dl1upenum|03|biz"; nocase; ) # 19g8c2uktrgpc1js2q1e5tmf75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19g8c2uktrgpc1js2q1e5tmf75|03|net"; nocase; ) # 1llmv81o19nzj1xrrswp1q4cfam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1llmv81o19nzj1xrrswp1q4cfam|03|net"; nocase; ) # 10v6bd61bltqus145ahix1yvnldc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10v6bd61bltqus145ahix1yvnldc|03|org"; nocase; ) # 10yb29l1sowcth17xlob8notwra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10yb29l1sowcth17xlob8notwra|03|net"; nocase; ) # 3dxxv311m26z11wnemqepc65o8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3dxxv311m26z11wnemqepc65o8|03|net"; nocase; ) # 1nkqg2b1wq7h1lk01d1m1bj29jr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nkqg2b1wq7h1lk01d1m1bj29jr|03|com"; nocase; ) # j3bivp1xktzmxbbxscz1t49oid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j3bivp1xktzmxbbxscz1t49oid|03|com"; nocase; ) # 1m0y96v11ripwjrto3zz1o29c2d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m0y96v11ripwjrto3zz1o29c2d|03|com"; nocase; ) # 1hpnjfd1u5xuot5h8ilyw8e8q1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hpnjfd1u5xuot5h8ilyw8e8q1|03|net"; nocase; ) # mdm1ry6l63coeblxhj1qvnbt5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mdm1ry6l63coeblxhj1qvnbt5|03|net"; nocase; ) # ikoil310gi3lb2pd2k11yrjfu4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikoil310gi3lb2pd2k11yrjfu4|03|biz"; nocase; ) # j91zei1wpncmhe5zk681ajpz6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j91zei1wpncmhe5zk681ajpz6i|03|com"; nocase; ) # t0531gpwfgkn1piiycz9gajg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t0531gpwfgkn1piiycz9gajg|03|net"; nocase; ) # 1xsmiqu4pdh0qz4lgpks50546.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xsmiqu4pdh0qz4lgpks50546|03|net"; nocase; ) # 16bq48k1a8uexrye45d917axt8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16bq48k1a8uexrye45d917axt8d|03|com"; nocase; ) # hh2tzt1fl6dor14d1qx5kdih8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hh2tzt1fl6dor14d1qx5kdih8i|03|org"; nocase; ) # nq640yqdc0xs160u9ib12n2smq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nq640yqdc0xs160u9ib12n2smq|03|biz"; nocase; ) # 17ge18havs0f6os9ib616lgcxi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ge18havs0f6os9ib616lgcxi|03|com"; nocase; ) # 14jo0ts7eutf41d3qf6fm3op5x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14jo0ts7eutf41d3qf6fm3op5x|03|org"; nocase; ) # 1y8u94g1ba6un51h922281ivadgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y8u94g1ba6un51h922281ivadgb|03|net"; nocase; ) # 1oku4nz1tgwn44xn9thv1un1cpm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oku4nz1tgwn44xn9thv1un1cpm|03|com"; nocase; ) # 1frsz581bl9ncgispb461s61x0f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1frsz581bl9ncgispb461s61x0f|03|com"; nocase; ) # jd4myp1q9yabe1pm48e213vhs66.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jd4myp1q9yabe1pm48e213vhs66|03|biz"; nocase; ) # 14znqbqlxjkav1goqrpr1s5eju5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14znqbqlxjkav1goqrpr1s5eju5|03|biz"; nocase; ) # k7u2ds1f2ju15dlzk7w1qmokg0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k7u2ds1f2ju15dlzk7w1qmokg0|03|com"; nocase; ) # 153ngw4pglkvdbvcrw79fc38p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|153ngw4pglkvdbvcrw79fc38p|03|org"; nocase; ) # 6toh9uktwb7rjk6zco13y3s0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6toh9uktwb7rjk6zco13y3s0s|03|org"; nocase; ) # 3wxeews41ixdlqw21tqg27vq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3wxeews41ixdlqw21tqg27vq|03|biz"; nocase; ) # 5v4ssyz8k2jylq635g1xqyy5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5v4ssyz8k2jylq635g1xqyy5c|03|net"; nocase; ) # 1pul2h1imbjxx1uaz5971q5gnba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pul2h1imbjxx1uaz5971q5gnba|03|org"; nocase; ) # 2kmmdx145et02mg8hrt13tapml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2kmmdx145et02mg8hrt13tapml|03|net"; nocase; ) # qrkh6y5mcvio482z6c1t5em08.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qrkh6y5mcvio482z6c1t5em08|03|com"; nocase; ) # 1wrmyjc1prz3ic1g2345p98qg7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wrmyjc1prz3ic1g2345p98qg7|03|biz"; nocase; ) # le2kaa1riutl5maoghd1rr1im3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|le2kaa1riutl5maoghd1rr1im3|03|net"; nocase; ) # 1m12qh01u6cjtj1nljq1d9n0vyo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m12qh01u6cjtj1nljq1d9n0vyo|03|com"; nocase; ) # 1d67hfj109tr7e1jkbrny9e8vm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d67hfj109tr7e1jkbrny9e8vm|03|biz"; nocase; ) # 1cequqx1yq1k4ev68i9w16qub6d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cequqx1yq1k4ev68i9w16qub6d|03|biz"; nocase; ) # 1d87g5b1vtxykvlhbh6d1jdc9iu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d87g5b1vtxykvlhbh6d1jdc9iu|03|net"; nocase; ) # k4u3n71wv6hyq1ntmnay1rj4rfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k4u3n71wv6hyq1ntmnay1rj4rfq|03|com"; nocase; ) # 3eazu1124nqok8ljfkg1olmq6y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3eazu1124nqok8ljfkg1olmq6y|03|com"; nocase; ) # 1xj219s1dbllf21xknpib1mdo263.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xj219s1dbllf21xknpib1mdo263|03|org"; nocase; ) # 108alwq1c6syxn1bxafih1qe91zs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|108alwq1c6syxn1bxafih1qe91zs|03|com"; nocase; ) # 1wzahxl16ya6xx1n6ty50zjodkr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wzahxl16ya6xx1n6ty50zjodkr|03|net"; nocase; ) # 168b8rx12w2qhtwtjdj5bwk3is.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168b8rx12w2qhtwtjdj5bwk3is|03|biz"; nocase; ) # nbdlj6vzdg0aruuh01vq8ra1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nbdlj6vzdg0aruuh01vq8ra1|03|net"; nocase; ) # r2zjlkazw48lnk460imggvya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r2zjlkazw48lnk460imggvya|03|com"; nocase; ) # 1vp3roe1anhqdr8bazx11nbvdlw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vp3roe1anhqdr8bazx11nbvdlw|03|net"; nocase; ) # 1iwwhste1a9cg1sleqvi1dt06rd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iwwhste1a9cg1sleqvi1dt06rd|03|biz"; nocase; ) # mub3vbmsvqzm1to544i9michr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mub3vbmsvqzm1to544i9michr|03|net"; nocase; ) # na8lk413yjstt1lowuy71qe8y76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|na8lk413yjstt1lowuy71qe8y76|03|com"; nocase; ) # zja1suv4n8dwuk5jp4x5w4gu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zja1suv4n8dwuk5jp4x5w4gu|03|net"; nocase; ) # 1tqbyelca2n7u1q5sh7doi6v2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqbyelca2n7u1q5sh7doi6v2z|03|net"; nocase; ) # 1vg8gb6qqwhc6xjlr16nfhzzz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vg8gb6qqwhc6xjlr16nfhzzz|03|biz"; nocase; ) # i45uge0qjkp1cv3mhl1h0vp64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i45uge0qjkp1cv3mhl1h0vp64|03|com"; nocase; ) # liobt81epcl4p48alm1ql5t0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|liobt81epcl4p48alm1ql5t0|03|com"; nocase; ) # yuegit4at5ovsqv381ju7kha.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yuegit4at5ovsqv381ju7kha|03|org"; nocase; ) # xl3cwwu2jay3swu6ck18blskh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xl3cwwu2jay3swu6ck18blskh|03|com"; nocase; ) # 1s8i0rzcaoz2e16g4khwj4m71n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s8i0rzcaoz2e16g4khwj4m71n|03|net"; nocase; ) # v1fb3d1248hyecyhaau5dbz2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v1fb3d1248hyecyhaau5dbz2g|03|net"; nocase; ) # 7mq0zlq4k4pp1h1blku1ybg6i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7mq0zlq4k4pp1h1blku1ybg6i3|03|com"; nocase; ) # 1aqxyq01f0e5rn1uuo3zl16ldv7a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aqxyq01f0e5rn1uuo3zl16ldv7a|03|biz"; nocase; ) # m8rxnd1fk11mpza11mckj43o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m8rxnd1fk11mpza11mckj43o3|03|net"; nocase; ) # 4wak6g1tqpig8s0pf86162sv1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4wak6g1tqpig8s0pf86162sv1q|03|biz"; nocase; ) # 1h93fk0z0t2tb1vfha8yfmh8zi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h93fk0z0t2tb1vfha8yfmh8zi|03|net"; nocase; ) # 1xloai51gtec961ame5ao1gpdadp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xloai51gtec961ame5ao1gpdadp|03|org"; nocase; ) # 1j2b2as13kui2o1k4h8y8163m4u0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j2b2as13kui2o1k4h8y8163m4u0|03|net"; nocase; ) # vt63r714gfncm4nrf431lwjdcc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vt63r714gfncm4nrf431lwjdcc|03|org"; nocase; ) # 1pe3jrx1803lfrepwp091l0g3hq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pe3jrx1803lfrepwp091l0g3hq|03|net"; nocase; ) # 1ficgeo1kou1bdkh6zy3wv5i4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ficgeo1kou1bdkh6zy3wv5i4|03|com"; nocase; ) # 995mjyx6m8cf1bk7q4911gksjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|995mjyx6m8cf1bk7q4911gksjb|03|org"; nocase; ) # 1rbs0wa1pvmgc71k1fcqm1knz2th.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rbs0wa1pvmgc71k1fcqm1knz2th|03|net"; nocase; ) # 1vz482qfrbaat1ad6vv8px8q13.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vz482qfrbaat1ad6vv8px8q13|03|com"; nocase; ) # 13qam8kid2syg1qpz0djf14ksv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qam8kid2syg1qpz0djf14ksv|03|net"; nocase; ) # f8m6yz1nsvm0y1fckt65cjm4z1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f8m6yz1nsvm0y1fckt65cjm4z1|03|biz"; nocase; ) # brb5gl19t9ln2eno4ks1mng5f3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|brb5gl19t9ln2eno4ks1mng5f3|03|org"; nocase; ) # d13ka31eg5g011sms4iy1qi99o2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d13ka31eg5g011sms4iy1qi99o2|03|biz"; nocase; ) # 184keuu9267w3aevq5t1mfoord.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184keuu9267w3aevq5t1mfoord|03|net"; nocase; ) # muvzfie1impm1itufsf1mqebao.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|muvzfie1impm1itufsf1mqebao|03|org"; nocase; ) # 15mpyv610dvx191n9yetfkpx8nh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15mpyv610dvx191n9yetfkpx8nh|03|net"; nocase; ) # vzkj3a48dkml1ewfea33fmyxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzkj3a48dkml1ewfea33fmyxg|03|com"; nocase; ) # 1styna1w01k5m5z18ghf1bc28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1styna1w01k5m5z18ghf1bc28|03|net"; nocase; ) # 2h7v8l1xbo9go1ek6a431iuqlg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2h7v8l1xbo9go1ek6a431iuqlg8|03|org"; nocase; ) # 24bgr93ovigkgjihol2ya13o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|24bgr93ovigkgjihol2ya13o|03|biz"; nocase; ) # 15a8nor1y2p8z7nj9ikeab41js.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15a8nor1y2p8z7nj9ikeab41js|03|org"; nocase; ) # geowrl1sy0c2o19yxuvataemqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|geowrl1sy0c2o19yxuvataemqo|03|net"; nocase; ) # jtg3ls1h6rnhdpp4hnz1vvasmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jtg3ls1h6rnhdpp4hnz1vvasmb|03|net"; nocase; ) # 1b6pd8p2vak22j3q2otho1twl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b6pd8p2vak22j3q2otho1twl|03|com"; nocase; ) # 1v6tj6qenakbm4k1ua91guq6mh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v6tj6qenakbm4k1ua91guq6mh|03|com"; nocase; ) # 1bm1h25nby7ca9c9nn1yokk2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bm1h25nby7ca9c9nn1yokk2m|03|net"; nocase; ) # 1lcrtohj8gt0m13ah95vxtfs11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lcrtohj8gt0m13ah95vxtfs11|03|org"; nocase; ) # i5h39t1ysrxl84udxdr1ysi7kp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5h39t1ysrxl84udxdr1ysi7kp|03|com"; nocase; ) # jfjysp1jqh2tq7kdu3ooqqgyl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jfjysp1jqh2tq7kdu3ooqqgyl|03|org"; nocase; ) # 18d13hhrh1kdcifdgpat520z6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18d13hhrh1kdcifdgpat520z6|03|biz"; nocase; ) # 11mgcvf82fnyp1aft9ay1gwgaz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11mgcvf82fnyp1aft9ay1gwgaz5|03|com"; nocase; ) # liul2dde1vzk1ve5d7m1bn5mx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|liul2dde1vzk1ve5d7m1bn5mx4|03|com"; nocase; ) # 10k0j40fqjxk1ttdwy71jfskoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10k0j40fqjxk1ttdwy71jfskoq|03|biz"; nocase; ) # do8x7ny3eevjwtzl5hkagio.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|do8x7ny3eevjwtzl5hkagio|03|net"; nocase; ) # 1jylti55vt7d1fvhla51prt3bz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jylti55vt7d1fvhla51prt3bz|03|org"; nocase; ) # n7uefk1q639ox1pfl21adjieq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n7uefk1q639ox1pfl21adjieq8|03|org"; nocase; ) # vhnytk794nrf4mdx8nd6dbmy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vhnytk794nrf4mdx8nd6dbmy|03|net"; nocase; ) # 1trqkhc1srb57q13pt6tv1p25e04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1trqkhc1srb57q13pt6tv1p25e04|03|com"; nocase; ) # 1thtu3da91v5q1soosxz4pf1aj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1thtu3da91v5q1soosxz4pf1aj|03|net"; nocase; ) # iiidlj1fsgpag1bwwwvf1vssdqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iiidlj1fsgpag1bwwwvf1vssdqa|03|org"; nocase; ) # 18sknh0c479gh1a5d4zv2d7er6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18sknh0c479gh1a5d4zv2d7er6|03|com"; nocase; ) # 1k7nymz8v43o3152hyzgvo7pf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k7nymz8v43o3152hyzgvo7pf8|03|net"; nocase; ) # 7lxdti1e6f3r74h6soe2qjg3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7lxdti1e6f3r74h6soe2qjg3d|03|com"; nocase; ) # a1xml3iddbtr8cazyp32h1s6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a1xml3iddbtr8cazyp32h1s6|03|org"; nocase; ) # 1t72am2y0rzd31dops8g1x8d8ac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t72am2y0rzd31dops8g1x8d8ac|03|net"; nocase; ) # tqibvb1shkjnxkyq8yx1oczswb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tqibvb1shkjnxkyq8yx1oczswb|03|com"; nocase; ) # 1aqsta61uotxk61vr9rof1mq872p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aqsta61uotxk61vr9rof1mq872p|03|com"; nocase; ) # sfriti1yg8xkizr9wox1lbeypf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sfriti1yg8xkizr9wox1lbeypf|03|org"; nocase; ) # d32ia01n4cd7u1wbjeoh6f3o6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d32ia01n4cd7u1wbjeoh6f3o6h|03|net"; nocase; ) # 1r3etos1g2nmdc2mqlkfu5izua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r3etos1g2nmdc2mqlkfu5izua|03|net"; nocase; ) # pon69u16lmir26oly8p1w4x1px.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pon69u16lmir26oly8p1w4x1px|03|org"; nocase; ) # knasipk5cjdhh0zwddftvybp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|knasipk5cjdhh0zwddftvybp|03|org"; nocase; ) # jxbwttrb9ecv11201ev2p20xi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxbwttrb9ecv11201ev2p20xi|03|net"; nocase; ) # 1ouqr7p1a1jcr81wog0tiobwzve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ouqr7p1a1jcr81wog0tiobwzve|03|com"; nocase; ) # l13de01phgjkd55yrgg1y58cyh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l13de01phgjkd55yrgg1y58cyh|03|org"; nocase; ) # 16u7twy1p6wm2t1caeg3i4d4tdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16u7twy1p6wm2t1caeg3i4d4tdt|03|org"; nocase; ) # 1s9tqst1vl70og7t4jhv9sdn3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s9tqst1vl70og7t4jhv9sdn3x|03|com"; nocase; ) # t5hw0q63a5l6nncjq61vo5r06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t5hw0q63a5l6nncjq61vo5r06|03|net"; nocase; ) # cfpvhkxdgc9n1m0iri1rgdas9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cfpvhkxdgc9n1m0iri1rgdas9|03|net"; nocase; ) # 19wa3xiorqiaz1mcptee1v2s3jt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19wa3xiorqiaz1mcptee1v2s3jt|03|org"; nocase; ) # 1n9vzvl11fhpyt1xsfw1s1cv2uuz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n9vzvl11fhpyt1xsfw1s1cv2uuz|03|biz"; nocase; ) # 98qohe1xfug76vlvn60js3irr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98qohe1xfug76vlvn60js3irr|03|net"; nocase; ) # 1tn7j04gjiu9y1yl1jfu1lb721w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tn7j04gjiu9y1yl1jfu1lb721w|03|biz"; nocase; ) # 18u9lsp1f32jiwppzkb41k3js8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18u9lsp1f32jiwppzkb41k3js8u|03|net"; nocase; ) # 12tkcy6pggpol2nmax7pbr8u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|12tkcy6pggpol2nmax7pbr8u|03|org"; nocase; ) # z0gskc1akz0uiowpsko17iky30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z0gskc1akz0uiowpsko17iky30|03|com"; nocase; ) # 12dtik51v8jmxh1mumx6xd0onnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12dtik51v8jmxh1mumx6xd0onnz|03|com"; nocase; ) # upxcs0kb44gyjgm06ye0qjqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|upxcs0kb44gyjgm06ye0qjqw|03|org"; nocase; ) # 1ijhuv21x81dpmke452yvu747m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ijhuv21x81dpmke452yvu747m|03|org"; nocase; ) # 5ckusz11rt8071ehd0bykqq58z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ckusz11rt8071ehd0bykqq58z|03|org"; nocase; ) # 1ke58sd1hjlek6o1njs9135kdfo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ke58sd1hjlek6o1njs9135kdfo|03|org"; nocase; ) # 1vrno56vz8pae54c1rp1w4a2v4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vrno56vz8pae54c1rp1w4a2v4|03|net"; nocase; ) # goo26u18bkhku1n1skdb129y8m0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|goo26u18bkhku1n1skdb129y8m0|03|com"; nocase; ) # 2hflb11yie8zlu2b83h1bjsf4f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2hflb11yie8zlu2b83h1bjsf4f|03|org"; nocase; ) # 1xdsfuj1d33flk6g1s2dmjlf12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xdsfuj1d33flk6g1s2dmjlf12|03|com"; nocase; ) # t0d3al1gxih46155xqjf307fye.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t0d3al1gxih46155xqjf307fye|03|biz"; nocase; ) # eryyjr1n7r3lg1cnhj7h1sc858t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eryyjr1n7r3lg1cnhj7h1sc858t|03|org"; nocase; ) # 138exd1myiwjl1bnvrv71et1jpv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|138exd1myiwjl1bnvrv71et1jpv|03|org"; nocase; ) # gueiit5zg76kj4tm8i1fa3j0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gueiit5zg76kj4tm8i1fa3j0d|03|org"; nocase; ) # 3v4d0oevwmafhaehtwllw52j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3v4d0oevwmafhaehtwllw52j|03|net"; nocase; ) # vfkp0jlbh3x7vkav3epf3sgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vfkp0jlbh3x7vkav3epf3sgm|03|biz"; nocase; ) # thf7891cs92ts1orur051mn7djw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|thf7891cs92ts1orur051mn7djw|03|org"; nocase; ) # dzq1j886360d114w98zp06rwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzq1j886360d114w98zp06rwa|03|org"; nocase; ) # 15mv5t81qhtpdw1ow7hotndx5sb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15mv5t81qhtpdw1ow7hotndx5sb|03|net"; nocase; ) # 1m86nzlaksl9i12xnll4uy1nr4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m86nzlaksl9i12xnll4uy1nr4|03|org"; nocase; ) # 12k0ymx1mbf7r11fi6fe71fwvrvv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12k0ymx1mbf7r11fi6fe71fwvrvv|03|com"; nocase; ) # 1refvt91uornucac5tea4230bq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1refvt91uornucac5tea4230bq|03|org"; nocase; ) # 1q5dj00egtl68bjbvz61dmt66r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q5dj00egtl68bjbvz61dmt66r|03|com"; nocase; ) # brzkvc1rt2ppq6w3pvp1cxn8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|brzkvc1rt2ppq6w3pvp1cxn8n|03|net"; nocase; ) # 9w40f1c46nbr7ed8ddirojgg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9w40f1c46nbr7ed8ddirojgg|03|net"; nocase; ) # 1nvorl11rnvjuz1rm05h5c5ip0u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nvorl11rnvjuz1rm05h5c5ip0u|03|com"; nocase; ) # 1oxy4m9dk9dqt1p08ysd11c0pa0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oxy4m9dk9dqt1p08ysd11c0pa0|03|com"; nocase; ) # aojmf18o53o4pbqjj31naou0j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aojmf18o53o4pbqjj31naou0j|03|biz"; nocase; ) # 1tjr4lm1xzrpk31jwug7b1cqw5yy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tjr4lm1xzrpk31jwug7b1cqw5yy|03|net"; nocase; ) # 1srohe298pwdg1lj5w8e1xzlliu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1srohe298pwdg1lj5w8e1xzlliu|03|org"; nocase; ) # 1u16y0m197f8nd4mheu1m1uao9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u16y0m197f8nd4mheu1m1uao9|03|biz"; nocase; ) # 3ylp4qykxftgxxb7wil662i8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ylp4qykxftgxxb7wil662i8|03|net"; nocase; ) # 1ru7agy1larpsus38pbdfiuo81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ru7agy1larpsus38pbdfiuo81|03|net"; nocase; ) # kxsz0xwh532ai8nhaq1tlihej.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kxsz0xwh532ai8nhaq1tlihej|03|biz"; nocase; ) # b6ymhmgjt3bkpgk2p0c1tvy7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b6ymhmgjt3bkpgk2p0c1tvy7|03|net"; nocase; ) # 1jx5cddwj8f5p1r4tbgui7qodg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jx5cddwj8f5p1r4tbgui7qodg|03|com"; nocase; ) # 1vshq5j1wch5kmd6xd9y1wdsztu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vshq5j1wch5kmd6xd9y1wdsztu|03|org"; nocase; ) # t0wmyi1sr9ria1n179mc1i5yyrv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t0wmyi1sr9ria1n179mc1i5yyrv|03|biz"; nocase; ) # mh5gok1dk1zk4d9equ21eiozng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mh5gok1dk1zk4d9equ21eiozng|03|net"; nocase; ) # 13cp63gnts47cj1q0h8slif5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13cp63gnts47cj1q0h8slif5j|03|org"; nocase; ) # skcq161j0whi8a6ezyygpzvso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|skcq161j0whi8a6ezyygpzvso|03|com"; nocase; ) # e0ll1n13mhwh7gmn3sklrtg8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e0ll1n13mhwh7gmn3sklrtg8a|03|org"; nocase; ) # 492dhnpg3bcm1x4xenv4zub11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|492dhnpg3bcm1x4xenv4zub11|03|net"; nocase; ) # 1yofyai1q505a9bza9tf1s9p3k2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yofyai1q505a9bza9tf1s9p3k2|03|org"; nocase; ) # 1gn933k1uslp2u3203l41e94hbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gn933k1uslp2u3203l41e94hbv|03|com"; nocase; ) # 14d7p5iu3a2wrprng898fmmug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14d7p5iu3a2wrprng898fmmug|03|net"; nocase; ) # cb4zq4174cq35drqkz012wr1h3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cb4zq4174cq35drqkz012wr1h3|03|org"; nocase; ) # xjssju1tefc651j2xiqm1xswrgq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xjssju1tefc651j2xiqm1xswrgq|03|net"; nocase; ) # f6d2sf6qtc391axscynssl2pe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6d2sf6qtc391axscynssl2pe|03|org"; nocase; ) # uvicrg1bb9p1v12c2kyr1srwk0u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uvicrg1bb9p1v12c2kyr1srwk0u|03|com"; nocase; ) # 10ybvk11ajs1v4162iwbe1jm4jc9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ybvk11ajs1v4162iwbe1jm4jc9|03|biz"; nocase; ) # acf7huhocz8yrw9rhe1pa6vww.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|acf7huhocz8yrw9rhe1pa6vww|03|org"; nocase; ) # xq86gxtmcrx11t332hr1fjt92e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xq86gxtmcrx11t332hr1fjt92e|03|net"; nocase; ) # c9v1f015wafg11fq1csh1sunogy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c9v1f015wafg11fq1csh1sunogy|03|org"; nocase; ) # 14hham02xfyk91p2j47q11gxzwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hham02xfyk91p2j47q11gxzwr|03|net"; nocase; ) # cywle71474p11n4v0y71046lrh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cywle71474p11n4v0y71046lrh|03|com"; nocase; ) # 8vn9b46zezdj1azlnki116xndc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8vn9b46zezdj1azlnki116xndc|03|com"; nocase; ) # vqixklsazmw21igddrw1djdkof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vqixklsazmw21igddrw1djdkof|03|org"; nocase; ) # qgma2r9n1fyj1m2u2ik13i35u1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qgma2r9n1fyj1m2u2ik13i35u1|03|com"; nocase; ) # ef6ke1lfkx27cwvfcsn8y0k6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ef6ke1lfkx27cwvfcsn8y0k6|03|com"; nocase; ) # 5f9cc81cl60pi1w4e6siy71fyg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5f9cc81cl60pi1w4e6siy71fyg|03|org"; nocase; ) # 7nb1p7au8kq7kl692z3u0ho0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7nb1p7au8kq7kl692z3u0ho0|03|org"; nocase; ) # 1l6k0xoqjihumfncicd17f9qz6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l6k0xoqjihumfncicd17f9qz6|03|com"; nocase; ) # 1q20qcu1bw5qsz1fpryjd1632nu2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q20qcu1bw5qsz1fpryjd1632nu2|03|com"; nocase; ) # 1n1elkn48pfko1i8rg6rw3br93.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1elkn48pfko1i8rg6rw3br93|03|com"; nocase; ) # z1ire61qno4j312jlhvk18bmb1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z1ire61qno4j312jlhvk18bmb1i|03|org"; nocase; ) # bqmbea8c97891eac9qvlrsbqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bqmbea8c97891eac9qvlrsbqy|03|net"; nocase; ) # cr1l3eqth6l81q7gke01fvokqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cr1l3eqth6l81q7gke01fvokqv|03|net"; nocase; ) # 1bt4qgazcg60u1wye6di1csjk35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bt4qgazcg60u1wye6di1csjk35|03|com"; nocase; ) # b3tjhu1ymk4b5jfwxzg1t3husg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b3tjhu1ymk4b5jfwxzg1t3husg|03|com"; nocase; ) # 1y42avb138sig018mk32hi21hgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y42avb138sig018mk32hi21hgc|03|com"; nocase; ) # hdgf4816uczz3156rz758u69c6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hdgf4816uczz3156rz758u69c6|03|org"; nocase; ) # 2kff0rm1nx3qqeal5yqa6ybg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2kff0rm1nx3qqeal5yqa6ybg|03|org"; nocase; ) # 11we0hree9q2s5y5mdn1a3u9j6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11we0hree9q2s5y5mdn1a3u9j6|03|biz"; nocase; ) # 1v9g42z1sgueay1x7cl51her2qt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v9g42z1sgueay1x7cl51her2qt|03|org"; nocase; ) # 1sdayhj1rcmk61sw7nrvgxkm0v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sdayhj1rcmk61sw7nrvgxkm0v|03|com"; nocase; ) # u6cwu118heoht1r6myv11hrqwiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u6cwu118heoht1r6myv11hrqwiv|03|org"; nocase; ) # b1l47ao18wi545pfke1n2i8eo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1l47ao18wi545pfke1n2i8eo|03|biz"; nocase; ) # 1sha68q1jkifyw2zvixl3llvjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sha68q1jkifyw2zvixl3llvjt|03|com"; nocase; ) # 5ayau4622ov5gy2vdc55tek0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5ayau4622ov5gy2vdc55tek0|03|net"; nocase; ) # pm8eeuacjb941am5erwdyek1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pm8eeuacjb941am5erwdyek1q|03|org"; nocase; ) # zvu0k214mdup0ft770111wl1ea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zvu0k214mdup0ft770111wl1ea|03|com"; nocase; ) # 1n1ftpr1nntqowrnvaza1eaq5k1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n1ftpr1nntqowrnvaza1eaq5k1|03|net"; nocase; ) # 1etnpi616p3m3k9tbbzl1m4n579.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1etnpi616p3m3k9tbbzl1m4n579|03|biz"; nocase; ) # al2g6w3ihqjb1jmgqzq7g6qzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|al2g6w3ihqjb1jmgqzq7g6qzz|03|net"; nocase; ) # rybrif1viogb1pzxzscirl11t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rybrif1viogb1pzxzscirl11t|03|org"; nocase; ) # 1x1g38la6jm8puczeoe1yabmfz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x1g38la6jm8puczeoe1yabmfz|03|com"; nocase; ) # mecpq01xou1bjmjiif11o20kek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mecpq01xou1bjmjiif11o20kek|03|net"; nocase; ) # 1pi7e4c14z75e2aj5xxpjkk8ur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pi7e4c14z75e2aj5xxpjkk8ur|03|com"; nocase; ) # 12lyf5u1ycuist14qn4p5nqzbwq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12lyf5u1ycuist14qn4p5nqzbwq|03|com"; nocase; ) # qpiblg1lqsijg1x6jxdqbj25f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qpiblg1lqsijg1x6jxdqbj25f6|03|net"; nocase; ) # 8c2dzd1vnvaa4198a84k10e5jei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8c2dzd1vnvaa4198a84k10e5jei|03|com"; nocase; ) # hc15l11yof36815usaso1nes9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hc15l11yof36815usaso1nes9r|03|org"; nocase; ) # 1ntwo261xsu8ra149vktb98rwmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ntwo261xsu8ra149vktb98rwmb|03|org"; nocase; ) # 1raj1uqiuixcw1pkt6z41yckuy2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1raj1uqiuixcw1pkt6z41yckuy2|03|org"; nocase; ) # 1wm1i3cigwjn1dt4xhjcuml7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wm1i3cigwjn1dt4xhjcuml7i|03|com"; nocase; ) # 1y2tavxysn9yujfkfvk1iya5w0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2tavxysn9yujfkfvk1iya5w0|03|com"; nocase; ) # wv5m97dnjimo1bzo6d81ab9ffn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wv5m97dnjimo1bzo6d81ab9ffn|03|org"; nocase; ) # uuwhuj1eym52hge5a771jxonjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uuwhuj1eym52hge5a771jxonjk|03|net"; nocase; ) # mjz7n714whb2s1481m37183kysc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mjz7n714whb2s1481m37183kysc|03|net"; nocase; ) # 1fnsnof1pk7g6d2088o5121ewp3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fnsnof1pk7g6d2088o5121ewp3|03|org"; nocase; ) # a68txz7axg331k2czg21rnuobm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a68txz7axg331k2czg21rnuobm|03|net"; nocase; ) # 156fexw1ysih0lctumq02vki2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156fexw1ysih0lctumq02vki2l|03|biz"; nocase; ) # 1jeyntk14n5txj120ziyr5acj04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jeyntk14n5txj120ziyr5acj04|03|net"; nocase; ) # 143qbj91biehzg1idhva172zdbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|143qbj91biehzg1idhva172zdbd|03|com"; nocase; ) # smvzpmniqqlx2cx11r3hx4lm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|smvzpmniqqlx2cx11r3hx4lm|03|net"; nocase; ) # 1d12yi218jpssrrm94ckvyr5wq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d12yi218jpssrrm94ckvyr5wq|03|net"; nocase; ) # 10d0wqip6e0xe1kb1zn0fje3bx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10d0wqip6e0xe1kb1zn0fje3bx|03|net"; nocase; ) # 1yh7mfn1umax278gl1z81jvmf5l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yh7mfn1umax278gl1z81jvmf5l|03|biz"; nocase; ) # 92qbjn1goxfargn6bzgvjn3ci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92qbjn1goxfargn6bzgvjn3ci|03|net"; nocase; ) # 1ebzprk18wi8as1rkt1bq1exzohc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ebzprk18wi8as1rkt1bq1exzohc|03|org"; nocase; ) # bpcjuhpanmuk1t4tw0z1ium54c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bpcjuhpanmuk1t4tw0z1ium54c|03|com"; nocase; ) # 18e3gu31e27qn713407zj16icuv2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18e3gu31e27qn713407zj16icuv2|03|org"; nocase; ) # 11qcgruakxujh10kg8ph1qqrtp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11qcgruakxujh10kg8ph1qqrtp|03|com"; nocase; ) # 7k08g41j1e0wl1pbj73r1rbra9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7k08g41j1e0wl1pbj73r1rbra9i|03|net"; nocase; ) # ef0c3h13ls1li1ojpd6a1l7j6rm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ef0c3h13ls1li1ojpd6a1l7j6rm|03|biz"; nocase; ) # ixg45h1v7o5851e7r0e4qoh0fp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ixg45h1v7o5851e7r0e4qoh0fp|03|org"; nocase; ) # 1tdsy5b117ko1n1itpq2mxft98z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tdsy5b117ko1n1itpq2mxft98z|03|org"; nocase; ) # 11chyrxpuscnq1w5582r16ebenb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11chyrxpuscnq1w5582r16ebenb|03|biz"; nocase; ) # 155901by241w2lfq4aravi339.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|155901by241w2lfq4aravi339|03|org"; nocase; ) # itwzhnrl22zy3i8amaiw3are.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itwzhnrl22zy3i8amaiw3are|03|com"; nocase; ) # 1wqykdw1pso7mq1k4mowe14tmls1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wqykdw1pso7mq1k4mowe14tmls1|03|org"; nocase; ) # 11d9wgifw0ld19qsjy21kgobuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d9wgifw0ld19qsjy21kgobuh|03|com"; nocase; ) # ro39xs1q4rjf69xf7ts1tafy3d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ro39xs1q4rjf69xf7ts1tafy3d|03|org"; nocase; ) # qbkax51lmmbn1zhav8nmmet5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qbkax51lmmbn1zhav8nmmet5l|03|net"; nocase; ) # bjfk1xbe003bdd99ik1v7fpaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjfk1xbe003bdd99ik1v7fpaw|03|com"; nocase; ) # 19upqo01y3tb941kg3n3s12gk1na.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19upqo01y3tb941kg3n3s12gk1na|03|org"; nocase; ) # 19nc0vu1410zw3hfi48ynun5db.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19nc0vu1410zw3hfi48ynun5db|03|net"; nocase; ) # fvzuh0opoaf31kon9f4138jl55.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fvzuh0opoaf31kon9f4138jl55|03|biz"; nocase; ) # 1vrg8r8wyc5g3ps85uk1jjnhoz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vrg8r8wyc5g3ps85uk1jjnhoz|03|com"; nocase; ) # w8vmj418eb5t1u5jxjmnrqnz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w8vmj418eb5t1u5jxjmnrqnz|03|net"; nocase; ) # pc6law16urwvgcp0jhd1pt58kq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pc6law16urwvgcp0jhd1pt58kq|03|net"; nocase; ) # iup6va18o44ch5yinw2g1mvfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iup6va18o44ch5yinw2g1mvfe|03|com"; nocase; ) # aek3bz65sp721ey6ye9lnwenq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aek3bz65sp721ey6ye9lnwenq|03|biz"; nocase; ) # ul615p18gj8919xwdq1dbjmse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ul615p18gj8919xwdq1dbjmse|03|net"; nocase; ) # j20iad1pyt9io15zvmf8wpvsfg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j20iad1pyt9io15zvmf8wpvsfg|03|net"; nocase; ) # qai71ln1fe51dxpuyrf5szqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qai71ln1fe51dxpuyrf5szqb|03|com"; nocase; ) # 189ykxx1c8a4h21gavtg01rlfcn5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|189ykxx1c8a4h21gavtg01rlfcn5|03|net"; nocase; ) # rbrexzc7gmi31qdqsfl1uth2k8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rbrexzc7gmi31qdqsfl1uth2k8|03|net"; nocase; ) # 4v05i916o667knwu3p1pwvw2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4v05i916o667knwu3p1pwvw2m|03|org"; nocase; ) # 1e15s6b14043bfx46v7y1p3s59b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e15s6b14043bfx46v7y1p3s59b|03|com"; nocase; ) # wsx0v21l21wbuir5itc64y2ct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wsx0v21l21wbuir5itc64y2ct|03|net"; nocase; ) # 92xejz152kpjoeujguxvcephb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92xejz152kpjoeujguxvcephb|03|org"; nocase; ) # 128xsi51p5uop9luzh4psr0wgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|128xsi51p5uop9luzh4psr0wgt|03|com"; nocase; ) # lent1drankuyjqx1t6imafke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lent1drankuyjqx1t6imafke|03|net"; nocase; ) # datx3b1hdk1pq1czjkuu1hs55bs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|datx3b1hdk1pq1czjkuu1hs55bs|03|org"; nocase; ) # rx9a9suwbgse1g7k8ns1phjg7c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rx9a9suwbgse1g7k8ns1phjg7c|03|com"; nocase; ) # 1hlrbrj2iem5mug9loas9ahng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hlrbrj2iem5mug9loas9ahng|03|net"; nocase; ) # 1m17esu1muyqmam7bgts1yvm4rw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m17esu1muyqmam7bgts1yvm4rw|03|org"; nocase; ) # 321s8r1kbpjlpdf1i671hkxcdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000024999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|321s8r1kbpjlpdf1i671hkxcdr|03|biz"; nocase; ) # nptexjykbfio94qux1yt9cq5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nptexjykbfio94qux1yt9cq5|03|net"; nocase; ) # stg23z12xmt4q1jnuh81f6nmyg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|stg23z12xmt4q1jnuh81f6nmyg|03|com"; nocase; ) # 335xqr12h4sjoiz6gnjedrhu8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|335xqr12h4sjoiz6gnjedrhu8|03|net"; nocase; ) # l1dde317b2f0l11muqwqxwybag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l1dde317b2f0l11muqwqxwybag|03|net"; nocase; ) # 1qi27wz16q0ow57cldek151u773.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qi27wz16q0ow57cldek151u773|03|net"; nocase; ) # 5vo1by5flopr1mafarx2f7igq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5vo1by5flopr1mafarx2f7igq|03|org"; nocase; ) # 1eh7gu7n4l8sk1h1c6i11nfufmm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eh7gu7n4l8sk1h1c6i11nfufmm|03|com"; nocase; ) # wxee4n1rin7t11kkivb315pdiki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wxee4n1rin7t11kkivb315pdiki|03|org"; nocase; ) # 1pmrs4f1afgf0kp6yslr1p80mly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pmrs4f1afgf0kp6yslr1p80mly|03|net"; nocase; ) # 1kg2v1afnydj41t1qubp1nj0339.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kg2v1afnydj41t1qubp1nj0339|03|com"; nocase; ) # wy30po110yar9161ofxp1cz57kk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wy30po110yar9161ofxp1cz57kk|03|biz"; nocase; ) # 184qiw8sf93231wtzuno18em3or.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|184qiw8sf93231wtzuno18em3or|03|com"; nocase; ) # onhya39mkhzu1okl9l56sfnzi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|onhya39mkhzu1okl9l56sfnzi|03|biz"; nocase; ) # dwc8aezlqczy5qhdpalxwjgs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dwc8aezlqczy5qhdpalxwjgs|03|org"; nocase; ) # 94wby1lqnj1swr86mvrej00c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|94wby1lqnj1swr86mvrej00c|03|net"; nocase; ) # 1j0q16a19s3gxt1hkrqpvctfvza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j0q16a19s3gxt1hkrqpvctfvza|03|org"; nocase; ) # 1jtc87r1fbdn4ar9hiyp1mkhkjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtc87r1fbdn4ar9hiyp1mkhkjg|03|com"; nocase; ) # 30qrncftpwgm108neim1e6cxvs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|30qrncftpwgm108neim1e6cxvs|03|net"; nocase; ) # jnd51v1wax8el1i7n1um7c9qb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jnd51v1wax8el1i7n1um7c9qb|03|net"; nocase; ) # 17rt7nut3efee1jhrtvcsye3kr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17rt7nut3efee1jhrtvcsye3kr|03|com"; nocase; ) # 16x2o1w1ucrdkfdt01725g0kh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16x2o1w1ucrdkfdt01725g0kh|03|net"; nocase; ) # oxdokd1cwiu0f1km72hb12578ij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oxdokd1cwiu0f1km72hb12578ij|03|biz"; nocase; ) # 1ih7t6ijj7va4zhk5hztam1jp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ih7t6ijj7va4zhk5hztam1jp|03|net"; nocase; ) # 1v11ihii18u1x112xt6s1biqbrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v11ihii18u1x112xt6s1biqbrt|03|org"; nocase; ) # 8vmss84clazqjy5gpda3jv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|8vmss84clazqjy5gpda3jv|03|net"; nocase; ) # c0u1o212v78k4n8uhkoah58od.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c0u1o212v78k4n8uhkoah58od|03|org"; nocase; ) # megb2l14hscq213e8ody1fc1p57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|megb2l14hscq213e8ody1fc1p57|03|org"; nocase; ) # 1nx7o9xi4xg9s17vvw0c1m38o7n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nx7o9xi4xg9s17vvw0c1m38o7n|03|net"; nocase; ) # xrwxnphncst34jbvhg3yu9o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xrwxnphncst34jbvhg3yu9o3|03|net"; nocase; ) # 1q8wlci141a5ds1wk3tafzzryi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q8wlci141a5ds1wk3tafzzryi|03|com"; nocase; ) # 1u2l49ydg42rx1e6zxr513wmb4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u2l49ydg42rx1e6zxr513wmb4d|03|com"; nocase; ) # 2stf67ptcngohxmxj6hd75my.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2stf67ptcngohxmxj6hd75my|03|net"; nocase; ) # 17g3kg6n3ohhf1fnudzaqntfhu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17g3kg6n3ohhf1fnudzaqntfhu|03|com"; nocase; ) # 1gfqxir1387qqj2vsewc1oyu86i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gfqxir1387qqj2vsewc1oyu86i|03|net"; nocase; ) # qh197l1wix60r9q0oxfh7g0ot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qh197l1wix60r9q0oxfh7g0ot|03|biz"; nocase; ) # bpwugrjxf8gq7ckludpp1xm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|bpwugrjxf8gq7ckludpp1xm|03|com"; nocase; ) # 1ixzpv9qvxtjp1faf5kc1jpyrr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixzpv9qvxtjp1faf5kc1jpyrr|03|biz"; nocase; ) # mjdzj414x5p3q1tni2dh1w8hznz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mjdzj414x5p3q1tni2dh1w8hznz|03|biz"; nocase; ) # 1vshlyyek0g8s1d6idc8xf9rb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vshlyyek0g8s1d6idc8xf9rb3|03|net"; nocase; ) # 18hfp8xtgd80f1rcs9bfovatv9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18hfp8xtgd80f1rcs9bfovatv9|03|org"; nocase; ) # wsenrcsv9uqm1md9vgds2695y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wsenrcsv9uqm1md9vgds2695y|03|biz"; nocase; ) # uw3njo1kzygb01kc4fo74mp02u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uw3njo1kzygb01kc4fo74mp02u|03|net"; nocase; ) # 1od0mu31us8at01nz7nn9142hu34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1od0mu31us8at01nz7nn9142hu34|03|org"; nocase; ) # 1b1vabc3y78e41676bu81dxh7oc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1vabc3y78e41676bu81dxh7oc|03|net"; nocase; ) # 1yodatagfxo271eoltfg4mhjro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yodatagfxo271eoltfg4mhjro|03|org"; nocase; ) # 1q4c5v5grxpvc1yw7ccu1ogfx1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4c5v5grxpvc1yw7ccu1ogfx1z|03|com"; nocase; ) # jtc4in2wcj4m1xn662r1ymekcc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jtc4in2wcj4m1xn662r1ymekcc|03|org"; nocase; ) # ikab70itjlo61t2nhrh17q1zwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikab70itjlo61t2nhrh17q1zwr|03|net"; nocase; ) # 11w6eyfyfkzwm1rkixhsj1ghs1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11w6eyfyfkzwm1rkixhsj1ghs1|03|com"; nocase; ) # 1i9k7b51fvjdks1g90tckhfl028.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i9k7b51fvjdks1g90tckhfl028|03|org"; nocase; ) # akkxaq3hcw1dg03r6axb66gd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|akkxaq3hcw1dg03r6axb66gd|03|biz"; nocase; ) # xwwymx19dngrk1b329l64i1fv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwwymx19dngrk1b329l64i1fv4|03|net"; nocase; ) # 1wvnd6k1h7pzz1sxixpnbrifcm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvnd6k1h7pzz1sxixpnbrifcm|03|com"; nocase; ) # 42qzkcqtduqy1bzzete1tnopk3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|42qzkcqtduqy1bzzete1tnopk3|03|com"; nocase; ) # u0ryny1izj834i1qq63budtih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u0ryny1izj834i1qq63budtih|03|net"; nocase; ) # 5y98bj13ggmpj1rbx1wu1bpqomr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5y98bj13ggmpj1rbx1wu1bpqomr|03|org"; nocase; ) # 1x1pxa96k2o3e1tjzccb1fg1uqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1pxa96k2o3e1tjzccb1fg1uqx|03|com"; nocase; ) # 11mqqmpntz88f19q3cn51ij0qqe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11mqqmpntz88f19q3cn51ij0qqe|03|net"; nocase; ) # 157lgwjjnewjy1ffiu436tcci5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157lgwjjnewjy1ffiu436tcci5|03|biz"; nocase; ) # 1jmeh5q1hz5ou22elq0pd0wf9w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jmeh5q1hz5ou22elq0pd0wf9w|03|biz"; nocase; ) # n7nf2tdfxh1gw4ftmk19ia1kk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7nf2tdfxh1gw4ftmk19ia1kk|03|org"; nocase; ) # vqekn9j82ogthneowlkbj28m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vqekn9j82ogthneowlkbj28m|03|net"; nocase; ) # hd6h4oizvx0zh2leis14eivvb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hd6h4oizvx0zh2leis14eivvb|03|org"; nocase; ) # 16uyh0nel1s871d8pc0eqv2acv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16uyh0nel1s871d8pc0eqv2acv|03|org"; nocase; ) # 1yno7kk1ggzzqazjkhcj1qzmgl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yno7kk1ggzzqazjkhcj1qzmgl4|03|com"; nocase; ) # 1ds1u9j59stinfnhprpg0gv8j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ds1u9j59stinfnhprpg0gv8j|03|com"; nocase; ) # d3x6rv13co9r81izhbpd1dmmviz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d3x6rv13co9r81izhbpd1dmmviz|03|net"; nocase; ) # 1yxhfzx1xvg8m8uxcq055w8lh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yxhfzx1xvg8m8uxcq055w8lh|03|net"; nocase; ) # nstbal1uvoqm81dm80i51td8hv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nstbal1uvoqm81dm80i51td8hv6|03|com"; nocase; ) # mu30b1hz15fz4cyv311aqrqto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mu30b1hz15fz4cyv311aqrqto|03|org"; nocase; ) # 1xf3zxjc17ur7newt8jzwce9u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xf3zxjc17ur7newt8jzwce9u|03|org"; nocase; ) # ggqrq41exzqu56fbmya17uv72n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ggqrq41exzqu56fbmya17uv72n|03|com"; nocase; ) # ml842toq0ayunms4rg1hks6vc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ml842toq0ayunms4rg1hks6vc|03|com"; nocase; ) # 1hg1gihxisdgfg00admzipjh7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hg1gihxisdgfg00admzipjh7|03|com"; nocase; ) # 1rwsiow1mj4bqhs65t8uo9hgug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rwsiow1mj4bqhs65t8uo9hgug|03|net"; nocase; ) # zomiff1figqafe4lbqq1fgw5si.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zomiff1figqafe4lbqq1fgw5si|03|org"; nocase; ) # 5kkhfg1vsjiwm1srmjlm1m1ok86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5kkhfg1vsjiwm1srmjlm1m1ok86|03|com"; nocase; ) # cj7w9wyti49m1shezdgp1ueud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cj7w9wyti49m1shezdgp1ueud|03|biz"; nocase; ) # 1oqr0q49r6e6zjypix71xqao2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oqr0q49r6e6zjypix71xqao2l|03|com"; nocase; ) # 1iagq901c1x3l1ir8fcn19zs1ct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iagq901c1x3l1ir8fcn19zs1ct|03|net"; nocase; ) # 1lvcb4g1twtzjnzo787f17pp5x7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lvcb4g1twtzjnzo787f17pp5x7|03|net"; nocase; ) # 1xmyd7u13e30gj7omyfgeq25p1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmyd7u13e30gj7omyfgeq25p1|03|biz"; nocase; ) # n114ws17d6vpw17ckp87sq6hya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n114ws17d6vpw17ckp87sq6hya|03|net"; nocase; ) # 138cntm2ca4ye12zqvp81mxks7n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|138cntm2ca4ye12zqvp81mxks7n|03|net"; nocase; ) # ckc17wg3vf71tm0bj515x0d3w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ckc17wg3vf71tm0bj515x0d3w|03|biz"; nocase; ) # 1rm76i3m5f8n01gljvs61lilgt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rm76i3m5f8n01gljvs61lilgt9|03|org"; nocase; ) # hcxv7w19uftdt1k85gn11irk18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hcxv7w19uftdt1k85gn11irk18|03|org"; nocase; ) # 17dcl8qc4knbg1muuop41j5wezd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17dcl8qc4knbg1muuop41j5wezd|03|biz"; nocase; ) # 1wmksom1wqbf3apuxhx7101b1hz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wmksom1wqbf3apuxhx7101b1hz|03|net"; nocase; ) # 14ws9ua1b2xiqlj4nkrg1opudon.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ws9ua1b2xiqlj4nkrg1opudon|03|biz"; nocase; ) # 9s55p5d9eihk1fsk5kxhydtd2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9s55p5d9eihk1fsk5kxhydtd2|03|org"; nocase; ) # d2th83b3zh6panhoz11m3aqk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d2th83b3zh6panhoz11m3aqk8|03|net"; nocase; ) # 1yshygey8w8ik1fqvcro19wcz8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yshygey8w8ik1fqvcro19wcz8g|03|org"; nocase; ) # o3p80z15c11g21ga7epn1jvtcad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o3p80z15c11g21ga7epn1jvtcad|03|net"; nocase; ) # 10qqqe46yadwf1fz6u6ib1jgmt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10qqqe46yadwf1fz6u6ib1jgmt|03|biz"; nocase; ) # 11yjyxbtwgwbzh7qtxerw2mat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11yjyxbtwgwbzh7qtxerw2mat|03|com"; nocase; ) # 49dqvy86o5ud14hmrau1fn7ym0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|49dqvy86o5ud14hmrau1fn7ym0|03|org"; nocase; ) # 19pqaui7zjstibzczod12i53yl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19pqaui7zjstibzczod12i53yl|03|biz"; nocase; ) # 91j0dr1v94j4n13pmaa8gxpqk5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|91j0dr1v94j4n13pmaa8gxpqk5|03|biz"; nocase; ) # rifolo1wpf7bifv2zj11o8hxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rifolo1wpf7bifv2zj11o8hxm|03|net"; nocase; ) # mf9bmcdwbdhc1qx2awtk2nuag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mf9bmcdwbdhc1qx2awtk2nuag|03|com"; nocase; ) # 1f10fywt80t6pfu4tv2ed5xvw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f10fywt80t6pfu4tv2ed5xvw|03|com"; nocase; ) # vvmvost9c0581lmruijzyv123.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vvmvost9c0581lmruijzyv123|03|net"; nocase; ) # 137q0371ylkjr51ammo2h1l7omc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137q0371ylkjr51ammo2h1l7omc|03|com"; nocase; ) # 1h933nwnxargz5gc9q915r7ujz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h933nwnxargz5gc9q915r7ujz|03|net"; nocase; ) # rg7shr3kghdsam9u901rb0925.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rg7shr3kghdsam9u901rb0925|03|com"; nocase; ) # 1fedv7glml9jj1kx20p47lx0d7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fedv7glml9jj1kx20p47lx0d7|03|biz"; nocase; ) # 1hy5kt51yot6rk159vp78fufdeo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hy5kt51yot6rk159vp78fufdeo|03|org"; nocase; ) # 1uhv2eo1iswxeaeee5b14tarvx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uhv2eo1iswxeaeee5b14tarvx|03|com"; nocase; ) # cdcijb8b3y3ogir4f5gvp61t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cdcijb8b3y3ogir4f5gvp61t|03|net"; nocase; ) # lle7h91fau36mrjo1d7mufgc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lle7h91fau36mrjo1d7mufgc6|03|org"; nocase; ) # 14ablrmiyioawxs79vw26fti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14ablrmiyioawxs79vw26fti|03|net"; nocase; ) # l0kvs0ggt4xc3c4wug1styjbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l0kvs0ggt4xc3c4wug1styjbf|03|com"; nocase; ) # co1j0p1x8afwo18hmsss1v1jl17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|co1j0p1x8afwo18hmsss1v1jl17|03|org"; nocase; ) # 1n2rhft1qa1wbhlhpm0ysceaxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n2rhft1qa1wbhlhpm0ysceaxs|03|net"; nocase; ) # 1ury2xkmidroe164jxbpe8pxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ury2xkmidroe164jxbpe8pxx|03|net"; nocase; ) # 1sxks721njoghu1aruj411x3eqqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sxks721njoghu1aruj411x3eqqy|03|com"; nocase; ) # 797im42a66n69d399j1umwxtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|797im42a66n69d399j1umwxtk|03|net"; nocase; ) # 1hbrrka1th2ikk4fsn4m1pw6nu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hbrrka1th2ikk4fsn4m1pw6nu2|03|net"; nocase; ) # wpd89zttsu2f10wrs7b1wiv8xe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wpd89zttsu2f10wrs7b1wiv8xe|03|com"; nocase; ) # 19ttoouh7afr2exwn7xwnm21g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ttoouh7afr2exwn7xwnm21g|03|biz"; nocase; ) # 1d6al9rwyk4a5sy5jqbfqv741.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d6al9rwyk4a5sy5jqbfqv741|03|org"; nocase; ) # 1rx844uybhyn51819w4f1ybjmym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rx844uybhyn51819w4f1ybjmym|03|net"; nocase; ) # 119h82mf871j61s6kv42ys97dq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|119h82mf871j61s6kv42ys97dq|03|net"; nocase; ) # 1naqxb91wcd8sfz7nc4m1eo89dg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1naqxb91wcd8sfz7nc4m1eo89dg|03|com"; nocase; ) # lqstnv1kymkqgri80771tjctt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lqstnv1kymkqgri80771tjctt1|03|com"; nocase; ) # 1thv51rdldho62d77us1yhzi0u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1thv51rdldho62d77us1yhzi0u|03|biz"; nocase; ) # utbi071nmui2k4ujowd1vv3a6o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|utbi071nmui2k4ujowd1vv3a6o|03|biz"; nocase; ) # 1e983ymrev59tmx2kabjmuy7r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e983ymrev59tmx2kabjmuy7r|03|org"; nocase; ) # 1jqlelmavxmwo1enjpa4ykarq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jqlelmavxmwo1enjpa4ykarq3|03|com"; nocase; ) # 1jlkv3xhx2ovn1pd2dvpbe1gmy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jlkv3xhx2ovn1pd2dvpbe1gmy|03|net"; nocase; ) # 1bh2s7a1p7vegx1skdbfqrijae3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bh2s7a1p7vegx1skdbfqrijae3|03|org"; nocase; ) # ei8vjyhjqql7126nxz3yja08n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ei8vjyhjqql7126nxz3yja08n|03|org"; nocase; ) # 1w9jx3a144vgeqqhd9se1xz9qp5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w9jx3a144vgeqqhd9se1xz9qp5|03|biz"; nocase; ) # 1qwqwscz4rmmxo8fh4xsihetx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qwqwscz4rmmxo8fh4xsihetx|03|biz"; nocase; ) # ghk3711vykxxz1kaxkimkkshwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ghk3711vykxxz1kaxkimkkshwv|03|org"; nocase; ) # i1u4l319a631yz5sd381gjjgi8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i1u4l319a631yz5sd381gjjgi8|03|org"; nocase; ) # 1hjhnryidud4944mfxkjjll23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hjhnryidud4944mfxkjjll23|03|net"; nocase; ) # 1oe6ltzqij5rw13pkfux1qh92sf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oe6ltzqij5rw13pkfux1qh92sf|03|net"; nocase; ) # 7rwcddhmvr01bdpfjn86zrkh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7rwcddhmvr01bdpfjn86zrkh|03|com"; nocase; ) # 1at6zisroszh01munfmc1541m40.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1at6zisroszh01munfmc1541m40|03|com"; nocase; ) # 8dwolj1nx4026et7htk2dvvlp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8dwolj1nx4026et7htk2dvvlp|03|net"; nocase; ) # 182lxrr7lmsmz1xnj5tz250d11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|182lxrr7lmsmz1xnj5tz250d11|03|net"; nocase; ) # gcstruhra7mt1xdlb418zsz96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gcstruhra7mt1xdlb418zsz96|03|org"; nocase; ) # 5mkn32qnqgqo1a3411a3hneb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5mkn32qnqgqo1a3411a3hneb|03|net"; nocase; ) # la5rde1yxrllvld4x5s1jvtr11.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|la5rde1yxrllvld4x5s1jvtr11|03|biz"; nocase; ) # 1q64agji9wvqyjpi5ad1vq77s9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q64agji9wvqyjpi5ad1vq77s9|03|net"; nocase; ) # 11c1w521obur9c1dl4fue18a7fbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11c1w521obur9c1dl4fue18a7fbj|03|org"; nocase; ) # 1xhx3nq8qh0qpm2g03dyi2u4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xhx3nq8qh0qpm2g03dyi2u4f|03|net"; nocase; ) # xtxp5uvrdgyb1dc2mok89ubqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtxp5uvrdgyb1dc2mok89ubqb|03|biz"; nocase; ) # 1enxbwe1msmhhowh0wqf2bx2r2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1enxbwe1msmhhowh0wqf2bx2r2|03|net"; nocase; ) # za09k212vp3zak3446h1b0r0po.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|za09k212vp3zak3446h1b0r0po|03|com"; nocase; ) # 1jm9rh0lk5pb7120ieguipxexm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jm9rh0lk5pb7120ieguipxexm|03|biz"; nocase; ) # t9t9ry9gwmtj1k5zr0o1tbt0eb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t9t9ry9gwmtj1k5zr0o1tbt0eb|03|org"; nocase; ) # 1ljyvr7porppv1orcwek1earj8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ljyvr7porppv1orcwek1earj8v|03|com"; nocase; ) # baougdocsecy5k88181f4b1p4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|baougdocsecy5k88181f4b1p4|03|com"; nocase; ) # mhyxb31e0bzlf1nno5e81v2ocrx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mhyxb31e0bzlf1nno5e81v2ocrx|03|biz"; nocase; ) # au2a8fg9tovfli6d9iagj1a4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|au2a8fg9tovfli6d9iagj1a4|03|org"; nocase; ) # 18c6u9umaotq1tft80j1u0a66r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18c6u9umaotq1tft80j1u0a66r|03|biz"; nocase; ) # 1aoub5a18u1n1atqc4nr1ohihkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aoub5a18u1n1atqc4nr1ohihkm|03|com"; nocase; ) # 1rdx38cxcitxg1v1ghqz1yysszj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rdx38cxcitxg1v1ghqz1yysszj|03|org"; nocase; ) # wgijk51k27s80bzdgfx1ge23p4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wgijk51k27s80bzdgfx1ge23p4|03|org"; nocase; ) # 1wrmvhcnh3uy71uw7lun9nbqvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wrmvhcnh3uy71uw7lun9nbqvv|03|net"; nocase; ) # 110vaew1wavw4t1c5zpgu16zgn34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|110vaew1wavw4t1c5zpgu16zgn34|03|net"; nocase; ) # bd59zv14hxf4j1v0tp6f1dh0e0v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bd59zv14hxf4j1v0tp6f1dh0e0v|03|org"; nocase; ) # 140qz43go2vg1c5oycb5crpsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|140qz43go2vg1c5oycb5crpsd|03|org"; nocase; ) # 114z4ge1orycu81skafi5ulivj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|114z4ge1orycu81skafi5ulivj|03|com"; nocase; ) # 1qwew0e1y1btdu1x92a4qd98227.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwew0e1y1btdu1x92a4qd98227|03|com"; nocase; ) # 1uwjyv51wa77kku50i04prjox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uwjyv51wa77kku50i04prjox|03|com"; nocase; ) # 1r817enl87zil1keqi5psu613t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r817enl87zil1keqi5psu613t|03|org"; nocase; ) # 1gkleny1oc8zy91kcj9uc1vogpqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gkleny1oc8zy91kcj9uc1vogpqg|03|biz"; nocase; ) # 1milu1o9qvggnmnnl9x2z2xky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1milu1o9qvggnmnnl9x2z2xky|03|org"; nocase; ) # neu9cn16uj9gnsron46dmq63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|neu9cn16uj9gnsron46dmq63|03|org"; nocase; ) # 1yhdrjocy685m9niiwpv8qtzd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yhdrjocy685m9niiwpv8qtzd|03|org"; nocase; ) # osrsspbudcrf1fpntqyd9is0c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|osrsspbudcrf1fpntqyd9is0c|03|net"; nocase; ) # 16pvvrh10ovkz81fjg5yzk0tl90.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16pvvrh10ovkz81fjg5yzk0tl90|03|biz"; nocase; ) # 116rao316pmkp1ss0lq7y1o6tj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|116rao316pmkp1ss0lq7y1o6tj|03|net"; nocase; ) # dg7sqsgxijx216hvsc4bv5yzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dg7sqsgxijx216hvsc4bv5yzz|03|net"; nocase; ) # 166vgju1tc1ads1t88b29yjm48c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|166vgju1tc1ads1t88b29yjm48c|03|net"; nocase; ) # rahtq8cjcvid1knquwf1r8yrl7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rahtq8cjcvid1knquwf1r8yrl7|03|net"; nocase; ) # 1fexsdk1cjxek3av5ps91pfxzpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fexsdk1cjxek3av5ps91pfxzpa|03|org"; nocase; ) # 13tqsqt10b2zgqlr2pxbwrh080.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13tqsqt10b2zgqlr2pxbwrh080|03|net"; nocase; ) # 5vuqovabi1tx1ph626vgedyxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5vuqovabi1tx1ph626vgedyxk|03|com"; nocase; ) # 1rj0i8xzjvpa91lpttb012kt0zo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rj0i8xzjvpa91lpttb012kt0zo|03|biz"; nocase; ) # urnr0otlb6g71n2bd25clmn40.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|urnr0otlb6g71n2bd25clmn40|03|biz"; nocase; ) # cbk7px3pk8p6yslj0r16s3esp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cbk7px3pk8p6yslj0r16s3esp|03|net"; nocase; ) # 1ph5pmq6gr4rayrzsx91xbq3zu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ph5pmq6gr4rayrzsx91xbq3zu|03|org"; nocase; ) # 19sv6k714bf2xfxhjmo41pp1jtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19sv6k714bf2xfxhjmo41pp1jtv|03|net"; nocase; ) # l8angv1yzqno1vu1qzrysq1kx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l8angv1yzqno1vu1qzrysq1kx|03|org"; nocase; ) # 30ctk31pmhhfm1u79aby1wp2gi3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|30ctk31pmhhfm1u79aby1wp2gi3|03|biz"; nocase; ) # pg3l33g5i56crtw7m73ee2iq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pg3l33g5i56crtw7m73ee2iq|03|com"; nocase; ) # kxiknqixv2wxx72xtu4u5hgi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kxiknqixv2wxx72xtu4u5hgi|03|net"; nocase; ) # 1rcn5i43vcobwenrk051bkdk13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rcn5i43vcobwenrk051bkdk13|03|org"; nocase; ) # 1t5r7mr1qzx4tycmdv0514yt29d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5r7mr1qzx4tycmdv0514yt29d|03|com"; nocase; ) # nrf1g9yskgu51fggei9y9m7pt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nrf1g9yskgu51fggei9y9m7pt|03|com"; nocase; ) # 1xvef0e1q3rqbrnky0w3fs89o0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xvef0e1q3rqbrnky0w3fs89o0|03|net"; nocase; ) # 19ufcow1fxj3n51llduln1re0iv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19ufcow1fxj3n51llduln1re0iv5|03|org"; nocase; ) # vne3n1n8rlig1jekvaetqf7nh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vne3n1n8rlig1jekvaetqf7nh|03|org"; nocase; ) # 1qhgt735di8np1f25l29lr9b4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhgt735di8np1f25l29lr9b4x|03|net"; nocase; ) # 1qo4y9q1gn1m81pnw08l10267ol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qo4y9q1gn1m81pnw08l10267ol|03|com"; nocase; ) # dbtwkq11z0zb41usruvdg1k46d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dbtwkq11z0zb41usruvdg1k46d|03|net"; nocase; ) # 19yzjaia75qlf15npmxlrxjuo3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19yzjaia75qlf15npmxlrxjuo3|03|org"; nocase; ) # 1kbda191vjhepr1ghgyyu8h1zfc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kbda191vjhepr1ghgyyu8h1zfc|03|org"; nocase; ) # h8noheji2zny11gkgrsbqvmg1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h8noheji2zny11gkgrsbqvmg1|03|org"; nocase; ) # 1j3ioo540m2aznztqm6fzbgc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1j3ioo540m2aznztqm6fzbgc|03|net"; nocase; ) # n1xzm011scpl71ibmmmnyl0sk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1xzm011scpl71ibmmmnyl0sk8|03|com"; nocase; ) # 2zyor81wwqklk1fudpaqeihtx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zyor81wwqklk1fudpaqeihtx6|03|biz"; nocase; ) # b6iixc1mmrs2l11qzbtd1g2esj1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b6iixc1mmrs2l11qzbtd1g2esj1|03|net"; nocase; ) # a0kxlk1c6fk2w7fh3roloe934.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a0kxlk1c6fk2w7fh3roloe934|03|biz"; nocase; ) # 1pjs86t1mj95aafbbvju1i4abry.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pjs86t1mj95aafbbvju1i4abry|03|biz"; nocase; ) # 9004f18w9ecubj5kvkp4qkgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9004f18w9ecubj5kvkp4qkgz|03|com"; nocase; ) # 1yodjpb1e1w9tn1jbxb7l1s9ireu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yodjpb1e1w9tn1jbxb7l1s9ireu|03|com"; nocase; ) # 1ijqo2m1tm1y6t1eeymee10lbvzq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ijqo2m1tm1y6t1eeymee10lbvzq|03|biz"; nocase; ) # ktr8xym8m1pp11pbk2b1e0sh9v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktr8xym8m1pp11pbk2b1e0sh9v|03|com"; nocase; ) # tvo2l615in18c191vjf26d15pr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tvo2l615in18c191vjf26d15pr|03|com"; nocase; ) # wm6k7d8fzfdi7jz9x11536e8e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wm6k7d8fzfdi7jz9x11536e8e|03|com"; nocase; ) # 1wakz29avbquwpbm1i4is429.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wakz29avbquwpbm1i4is429|03|biz"; nocase; ) # nll2cvh159zo6sykenppqb0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nll2cvh159zo6sykenppqb0q|03|biz"; nocase; ) # 1skx5gmfyobay1o7s2hu10sfls3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skx5gmfyobay1o7s2hu10sfls3|03|com"; nocase; ) # yiwoz859c1f212k2dihmxgs15.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yiwoz859c1f212k2dihmxgs15|03|biz"; nocase; ) # 1ulhiib148i7jgwlk85z14rqkuy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ulhiib148i7jgwlk85z14rqkuy|03|org"; nocase; ) # 1anc9ar1ym6m4gjuwez518fozfy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1anc9ar1ym6m4gjuwez518fozfy|03|biz"; nocase; ) # 18dad719ijhsvka8nrn507pbp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18dad719ijhsvka8nrn507pbp|03|net"; nocase; ) # 1wck2gv1xoc5lh1nhp2d5pyacg3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wck2gv1xoc5lh1nhp2d5pyacg3|03|com"; nocase; ) # qgf7mn1yy2owhew08ctzzkk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qgf7mn1yy2owhew08ctzzkk0|03|net"; nocase; ) # oq8kic1wqeeresf9f16v2o6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oq8kic1wqeeresf9f16v2o6g|03|com"; nocase; ) # y6xi4rv5ltj613xghf312bzdyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6xi4rv5ltj613xghf312bzdyj|03|org"; nocase; ) # 13qx0kadch0ol1xkavj12k82nb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qx0kadch0ol1xkavj12k82nb|03|net"; nocase; ) # prh93k8zhoprsvxt7z1ar82ye.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|prh93k8zhoprsvxt7z1ar82ye|03|biz"; nocase; ) # 17nxe541t2p65p1gy288g1tsszei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17nxe541t2p65p1gy288g1tsszei|03|net"; nocase; ) # 17eu72s2dhbv31b756r7udecvp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17eu72s2dhbv31b756r7udecvp|03|biz"; nocase; ) # 1n3pgx315b6h6xr264bp89cfy9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n3pgx315b6h6xr264bp89cfy9|03|org"; nocase; ) # 1wgsmuh15zlghsqixxdi11o56lf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wgsmuh15zlghsqixxdi11o56lf|03|org"; nocase; ) # 5k469x14if5juue90j6t1xr9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5k469x14if5juue90j6t1xr9z|03|net"; nocase; ) # 1hvcnvtej4rck1gbcjlw1ll1ewe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hvcnvtej4rck1gbcjlw1ll1ewe|03|biz"; nocase; ) # 1ui24vl5fmsecxqgj92exmi4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ui24vl5fmsecxqgj92exmi4e|03|net"; nocase; ) # 17upjj6gd6zipmktxhk1hyjiid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17upjj6gd6zipmktxhk1hyjiid|03|com"; nocase; ) # 17nf6atatjzxilrs3xvzyxhxl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17nf6atatjzxilrs3xvzyxhxl|03|org"; nocase; ) # 1r4uhjkp5ba6odv1c1e9gavs8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r4uhjkp5ba6odv1c1e9gavs8|03|biz"; nocase; ) # 1e3i2wj10v0ef81g7t3lzui46y5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3i2wj10v0ef81g7t3lzui46y5|03|org"; nocase; ) # 1nbyixec21o0jp447al1hvtwt7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nbyixec21o0jp447al1hvtwt7|03|biz"; nocase; ) # xe5qsv8rd4rwqfo8mb1dsf1dg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xe5qsv8rd4rwqfo8mb1dsf1dg|03|net"; nocase; ) # 1pmu2fdyyq2tq9huzxjuihpxz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pmu2fdyyq2tq9huzxjuihpxz|03|biz"; nocase; ) # mdnb5e6avzkudg4zuhbbclii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mdnb5e6avzkudg4zuhbbclii|03|net"; nocase; ) # kkkizh4xnh3d84dl2j1cr8rbb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkkizh4xnh3d84dl2j1cr8rbb|03|net"; nocase; ) # 1egiurgbdm4xx195w9hb5wc9x4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egiurgbdm4xx195w9hb5wc9x4|03|biz"; nocase; ) # 1j6ugwn11npb6a6idcii1v7x5vb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j6ugwn11npb6a6idcii1v7x5vb|03|com"; nocase; ) # 14of84dnd0o53l2k37govbh2p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14of84dnd0o53l2k37govbh2p|03|net"; nocase; ) # 165dvpp55f09fpcspy6148zosi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|165dvpp55f09fpcspy6148zosi|03|net"; nocase; ) # 1xa46024r8su51ywsyoa165vl2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xa46024r8su51ywsyoa165vl2|03|biz"; nocase; ) # 1263skx1rpnun3hckjhh97sz74.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1263skx1rpnun3hckjhh97sz74|03|org"; nocase; ) # sg02q71m2ihxp5q6hju19gib05.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sg02q71m2ihxp5q6hju19gib05|03|com"; nocase; ) # 1ls1c58utrxtybpbc0d1ahgmfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ls1c58utrxtybpbc0d1ahgmfq|03|com"; nocase; ) # 1ew8k9td5ocx01kut0ktcog0ct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ew8k9td5ocx01kut0ktcog0ct|03|net"; nocase; ) # 1hn9cvp4420skg8x7pgfbklra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hn9cvp4420skg8x7pgfbklra|03|net"; nocase; ) # dd7cwz1kvbzi1qdnj6ll4mtxb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dd7cwz1kvbzi1qdnj6ll4mtxb|03|com"; nocase; ) # 131z77b2evxe91tf27gi1oxzg8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|131z77b2evxe91tf27gi1oxzg8x|03|net"; nocase; ) # fqz4b21g87dyv1755syplmmjip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fqz4b21g87dyv1755syplmmjip|03|org"; nocase; ) # 197pcont8ruyicltxa850b7hb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|197pcont8ruyicltxa850b7hb|03|com"; nocase; ) # 1jqqqg6jix70o405z33oi6t5l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jqqqg6jix70o405z33oi6t5l|03|org"; nocase; ) # tseu561x4qcgiu9xr8t44ehpp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tseu561x4qcgiu9xr8t44ehpp|03|org"; nocase; ) # 1c4l8g91go2tzh1xe2y1jswk8wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c4l8g91go2tzh1xe2y1jswk8wz|03|com"; nocase; ) # p9sws7u019sg9uj0q9mwb71g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p9sws7u019sg9uj0q9mwb71g|03|com"; nocase; ) # 16x5md3wuaebm1w193eny28ntv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16x5md3wuaebm1w193eny28ntv|03|org"; nocase; ) # svbfub1wkcdk1134hwgokwtnbz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|svbfub1wkcdk1134hwgokwtnbz|03|org"; nocase; ) # 1wi5uqb5zm9anuw6d0b1919vp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wi5uqb5zm9anuw6d0b1919vp3|03|com"; nocase; ) # biuq6g1op6w3f18o45lrruzg3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|biuq6g1op6w3f18o45lrruzg3|03|net"; nocase; ) # e26uq1c5adeqzhh3uabqnp4o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e26uq1c5adeqzhh3uabqnp4o|03|biz"; nocase; ) # 197484zs9ooalqmdl4ko6i3xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|197484zs9ooalqmdl4ko6i3xe|03|net"; nocase; ) # 18nkynupverl1lxu7m011y9fz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18nkynupverl1lxu7m011y9fz|03|com"; nocase; ) # zygs60c96t791j3l1s315k0bto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zygs60c96t791j3l1s315k0bto|03|net"; nocase; ) # 1rkw4xg15gtd4c1dlcfbe1xyxcrw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rkw4xg15gtd4c1dlcfbe1xyxcrw|03|com"; nocase; ) # 1a72w7ehxouha1iu2uhb14hxy8p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a72w7ehxouha1iu2uhb14hxy8p|03|org"; nocase; ) # 1u61547b50bcp1bgn5sev0wmy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u61547b50bcp1bgn5sev0wmy2|03|net"; nocase; ) # 1uma5r31bwjct68cq2nj111hfqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uma5r31bwjct68cq2nj111hfqw|03|com"; nocase; ) # 1pvj9p235541qz7v9bn18mc32w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pvj9p235541qz7v9bn18mc32w|03|net"; nocase; ) # mfv3xbpi82w753id7t1177ewd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mfv3xbpi82w753id7t1177ewd|03|com"; nocase; ) # 10ajx3g1imdjyngajtqx1n108w1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ajx3g1imdjyngajtqx1n108w1|03|net"; nocase; ) # gsltpudh8lh46b2qd91xwigwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gsltpudh8lh46b2qd91xwigwm|03|net"; nocase; ) # 69eqpj1qxwnlb1duokmy1qy6mmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|69eqpj1qxwnlb1duokmy1qy6mmv|03|org"; nocase; ) # 4vtymg103ztbbi285db1nfwqej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4vtymg103ztbbi285db1nfwqej|03|org"; nocase; ) # qc5jsid9y0rp1i67derfgf1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qc5jsid9y0rp1i67derfgf1f|03|biz"; nocase; ) # fm4ql59w7rze1wpis7h130uqcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fm4ql59w7rze1wpis7h130uqcx|03|org"; nocase; ) # 1krr8g3cit9m0bk9fnu154m4vm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1krr8g3cit9m0bk9fnu154m4vm|03|org"; nocase; ) # 1qo1r7sz7si8d1qijmjddtsizs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qo1r7sz7si8d1qijmjddtsizs|03|net"; nocase; ) # suafyzud3fw586xm5f2dftag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|suafyzud3fw586xm5f2dftag|03|net"; nocase; ) # xrg8xb1u7ysr13f8yat94o86f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrg8xb1u7ysr13f8yat94o86f|03|org"; nocase; ) # 1v0v26b1b6603jquyfx51bgc37z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v0v26b1b6603jquyfx51bgc37z|03|com"; nocase; ) # d1rx181jvy6t1k3xb3pesogya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d1rx181jvy6t1k3xb3pesogya|03|biz"; nocase; ) # wodwmevir2awm8xj4r134i9cu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wodwmevir2awm8xj4r134i9cu|03|com"; nocase; ) # 1ro0fch4mlz4z1e6ynef1jrq0cd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ro0fch4mlz4z1e6ynef1jrq0cd|03|biz"; nocase; ) # im0297q464ez1itz6at13wnmww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|im0297q464ez1itz6at13wnmww|03|net"; nocase; ) # s5bgyi1fuzmg8gaxscv1kkqxp6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s5bgyi1fuzmg8gaxscv1kkqxp6|03|org"; nocase; ) # 1zeeta1etvjle115qr3k1xauke2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1zeeta1etvjle115qr3k1xauke2|03|net"; nocase; ) # 8ss4qvyn46nzcwqouq12trmfi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ss4qvyn46nzcwqouq12trmfi|03|org"; nocase; ) # 1pn4keg1vubttt1mevhjhqmglni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pn4keg1vubttt1mevhjhqmglni|03|com"; nocase; ) # ikmatg1g36b30w5ourl1t0yz5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikmatg1g36b30w5ourl1t0yz5y|03|com"; nocase; ) # 11eeys930z6bw1sftv3skqjocc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11eeys930z6bw1sftv3skqjocc|03|biz"; nocase; ) # osbvtwr2mfs51mvnel410zcwft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|osbvtwr2mfs51mvnel410zcwft|03|com"; nocase; ) # w49qhsegruyix03zcj1x75iu0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w49qhsegruyix03zcj1x75iu0|03|org"; nocase; ) # tydcsj10xfagonng8151saet2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tydcsj10xfagonng8151saet2v|03|biz"; nocase; ) # 1w47imua2eawncdigh8ihoq6n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w47imua2eawncdigh8ihoq6n|03|com"; nocase; ) # vcuqtklyn4az1ephfn214f3mag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vcuqtklyn4az1ephfn214f3mag|03|org"; nocase; ) # 1ra5njn1m3j85uzzdhtl3tf5iu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ra5njn1m3j85uzzdhtl3tf5iu|03|biz"; nocase; ) # wnz6uywy32oe1ksyn4k1ug8rv9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wnz6uywy32oe1ksyn4k1ug8rv9|03|com"; nocase; ) # k3txgs1wgah3c10oadbmhtaj8m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3txgs1wgah3c10oadbmhtaj8m|03|biz"; nocase; ) # g524fo10qvpby60midntn5bv0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g524fo10qvpby60midntn5bv0|03|biz"; nocase; ) # 1g05vba1vq4ol6yy68gy132eoaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g05vba1vq4ol6yy68gy132eoaq|03|net"; nocase; ) # 1qbr0tnkb1g9gp02czg8lzqjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qbr0tnkb1g9gp02czg8lzqjt|03|biz"; nocase; ) # 1ra53fsiy0qy11tscbqf6jhozm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ra53fsiy0qy11tscbqf6jhozm|03|net"; nocase; ) # 1r8eaih1jlu6na191dhs92pm3ri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r8eaih1jlu6na191dhs92pm3ri|03|com"; nocase; ) # 7tww2m1he12i51dgl6axkvxikm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7tww2m1he12i51dgl6axkvxikm|03|net"; nocase; ) # 1q3zcc19dn7x22r8az5mqhl4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q3zcc19dn7x22r8az5mqhl4n|03|com"; nocase; ) # 1e1mahg1y9e4l0trm79t1aqeemi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e1mahg1y9e4l0trm79t1aqeemi|03|org"; nocase; ) # xmts2mmwxjpz3mwr6z10f29r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xmts2mmwxjpz3mwr6z10f29r|03|net"; nocase; ) # u8yq9d11rotd11d21lxy2g7qhc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u8yq9d11rotd11d21lxy2g7qhc|03|com"; nocase; ) # uguhhg498yat16by4oc1vnnma4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uguhhg498yat16by4oc1vnnma4|03|net"; nocase; ) # 1t608161s5jjk1pt2uidwlq278.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t608161s5jjk1pt2uidwlq278|03|biz"; nocase; ) # m3jl3h1nuugc787d2v17sow7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m3jl3h1nuugc787d2v17sow7u|03|com"; nocase; ) # 1r8v3boopr3ccz2agfc194xd2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8v3boopr3ccz2agfc194xd2b|03|net"; nocase; ) # 1ss4ru5103ucvx1r94xzrz5k5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ss4ru5103ucvx1r94xzrz5k5|03|org"; nocase; ) # qyak3aadw26w1b4yn75159uvuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qyak3aadw26w1b4yn75159uvuo|03|com"; nocase; ) # e2t1vu1gnr3hc132avd44gn5dt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e2t1vu1gnr3hc132avd44gn5dt|03|org"; nocase; ) # g844561pwcdrj1yf43ei1nkvjt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g844561pwcdrj1yf43ei1nkvjt2|03|net"; nocase; ) # 1ahi9ij1mukv2oj2ary1zswqx2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahi9ij1mukv2oj2ary1zswqx2|03|com"; nocase; ) # 1dyqkzj179jwe1ac2d8p13sbrfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dyqkzj179jwe1ac2d8p13sbrfy|03|net"; nocase; ) # q5uuay1fbksl51ww39at1yvezc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q5uuay1fbksl51ww39at1yvezc9|03|net"; nocase; ) # 9pe4sr1hctj3k1v23e824ejke7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9pe4sr1hctj3k1v23e824ejke7|03|biz"; nocase; ) # 1p5ru411ocdej3xy78dk1f1ol1b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p5ru411ocdej3xy78dk1f1ol1b|03|com"; nocase; ) # 1j9q55fzsydr15ti299y8azp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1j9q55fzsydr15ti299y8azp|03|com"; nocase; ) # r3uv51uvpwj39lianiepf0r5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r3uv51uvpwj39lianiepf0r5|03|org"; nocase; ) # 1ijllhgndghey15srmvevxhw4h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ijllhgndghey15srmvevxhw4h|03|org"; nocase; ) # 182e2pd1oykflm113pfqe64sqd8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182e2pd1oykflm113pfqe64sqd8|03|net"; nocase; ) # wn0ux188l5p21uukodjbnxp5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wn0ux188l5p21uukodjbnxp5i|03|net"; nocase; ) # lov9yfsmvnq51b2uw4f1pcf9u6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lov9yfsmvnq51b2uw4f1pcf9u6|03|org"; nocase; ) # ns9for1622oviydbnbn1auerlv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ns9for1622oviydbnbn1auerlv|03|biz"; nocase; ) # 1pjuw1u1e4tkmzmciz96pi2b5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pjuw1u1e4tkmzmciz96pi2b5q|03|com"; nocase; ) # 1qvu937kxoxtn1v2tpf811uwuta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qvu937kxoxtn1v2tpf811uwuta|03|com"; nocase; ) # 6sn8zmtb421k3yit271z0bc6g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sn8zmtb421k3yit271z0bc6g|03|net"; nocase; ) # h7b72w5q4yzz1x5frb319qu05w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h7b72w5q4yzz1x5frb319qu05w|03|biz"; nocase; ) # ecq8bq1yaazjh1h3yhxbk36kv7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecq8bq1yaazjh1h3yhxbk36kv7|03|org"; nocase; ) # gjga6i1rrcubcdetxma1v2kogm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gjga6i1rrcubcdetxma1v2kogm|03|net"; nocase; ) # 1xxp4dd1y2gqs71un0s3rfl60yk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xxp4dd1y2gqs71un0s3rfl60yk|03|com"; nocase; ) # 1ngf06a1wh1aoz10ly5bouljz7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ngf06a1wh1aoz10ly5bouljz7j|03|org"; nocase; ) # 12g3bvkus7te7kmsbj61db8bkt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12g3bvkus7te7kmsbj61db8bkt|03|biz"; nocase; ) # 18gdzh8fhq25u1en0kb1wkzpsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18gdzh8fhq25u1en0kb1wkzpsh|03|net"; nocase; ) # 2ptl0si59xjq1s8ckq9s70tk6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ptl0si59xjq1s8ckq9s70tk6|03|biz"; nocase; ) # 1d9o6v716eqicb1lbxo7d9zk7oz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d9o6v716eqicb1lbxo7d9zk7oz|03|com"; nocase; ) # 7tl3ri12rpgjq1ohuipt15rwm98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7tl3ri12rpgjq1ohuipt15rwm98|03|net"; nocase; ) # b820hh7nbr5u1qv0xmy1yjyftr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b820hh7nbr5u1qv0xmy1yjyftr|03|net"; nocase; ) # fqagvrxjkk7b15h4p4vaumab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fqagvrxjkk7b15h4p4vaumab|03|org"; nocase; ) # fsfxwy1if5xc71rc3exq1th5z7b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fsfxwy1if5xc71rc3exq1th5z7b|03|org"; nocase; ) # 1aix1aa1f18euufn09cfz32y5c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aix1aa1f18euufn09cfz32y5c|03|com"; nocase; ) # wbcy4y1mdju801gyapd71mxlmnq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wbcy4y1mdju801gyapd71mxlmnq|03|org"; nocase; ) # 1m9w9fp1is8xbbrmvdxm1bm2xo7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9w9fp1is8xbbrmvdxm1bm2xo7|03|biz"; nocase; ) # 18cjiil7w43z0wahfoz8cdskv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18cjiil7w43z0wahfoz8cdskv|03|net"; nocase; ) # 1t0beyg1mlb5cd1p3qdfr1rw7daq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t0beyg1mlb5cd1p3qdfr1rw7daq|03|com"; nocase; ) # 1uftzn71jr7m461ai8ibdenwv76.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uftzn71jr7m461ai8ibdenwv76|03|net"; nocase; ) # 1psysgk50jwyx1bong3t15lvksb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1psysgk50jwyx1bong3t15lvksb|03|com"; nocase; ) # 1ye38kvay0rypv1pf2z1xf0sfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ye38kvay0rypv1pf2z1xf0sfn|03|com"; nocase; ) # 1fnsnlc18h29jh1hf5ti3w5sld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fnsnlc18h29jh1hf5ti3w5sld|03|org"; nocase; ) # 1mah0c3e9ebpq1274evd12z7tj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mah0c3e9ebpq1274evd12z7tj3|03|net"; nocase; ) # jjqn8n1nqftaqa73iba8jau09.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jjqn8n1nqftaqa73iba8jau09|03|net"; nocase; ) # 947s5bd5qkal15qj02n1jl9k46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|947s5bd5qkal15qj02n1jl9k46|03|org"; nocase; ) # qisxf3rj5vwco8dl0j1efanhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qisxf3rj5vwco8dl0j1efanhw|03|net"; nocase; ) # 17kwigb1ol5v3r1b3wneft26am7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17kwigb1ol5v3r1b3wneft26am7|03|org"; nocase; ) # gp6s0lg9zg479186xl19tg8rv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gp6s0lg9zg479186xl19tg8rv|03|org"; nocase; ) # 1mnl0f9u3qco318k9hot1sav0sa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnl0f9u3qco318k9hot1sav0sa|03|com"; nocase; ) # 13glm351pf3hq31609rshoyokt5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13glm351pf3hq31609rshoyokt5|03|com"; nocase; ) # yzcwq71vbk3yq1empyzrhyb7dh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yzcwq71vbk3yq1empyzrhyb7dh|03|net"; nocase; ) # cye1k017ewnmn179lmhanf4bln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cye1k017ewnmn179lmhanf4bln|03|org"; nocase; ) # 1hytggf5yphplmqujp2dejyt7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hytggf5yphplmqujp2dejyt7|03|net"; nocase; ) # bteoio1dsfmopivestiz83bcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bteoio1dsfmopivestiz83bcx|03|com"; nocase; ) # 1pem1w41brrubunirf4314xe2mv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pem1w41brrubunirf4314xe2mv|03|net"; nocase; ) # 11qumzg3uqjrx14yi22q1gedkwb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qumzg3uqjrx14yi22q1gedkwb|03|biz"; nocase; ) # qxpvqe11wkiynk3cy3s4rfcar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qxpvqe11wkiynk3cy3s4rfcar|03|com"; nocase; ) # f3c0bnp9zh029d948w1dce5b0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3c0bnp9zh029d948w1dce5b0|03|org"; nocase; ) # 19zn6fn10w7l4a6qary1mwpq3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19zn6fn10w7l4a6qary1mwpq3s|03|com"; nocase; ) # h81czlvezob0eitkax1iqj7dr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h81czlvezob0eitkax1iqj7dr|03|biz"; nocase; ) # 15f2m2d1injlm7uvwt471qu8ady.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15f2m2d1injlm7uvwt471qu8ady|03|com"; nocase; ) # 1oxuow1osdz467wjz6bjc9eoj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oxuow1osdz467wjz6bjc9eoj|03|biz"; nocase; ) # 2zo02655bhu68a24hg5xfcfu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2zo02655bhu68a24hg5xfcfu|03|org"; nocase; ) # ra347uvbbnc1r7jdlq1skc5to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ra347uvbbnc1r7jdlq1skc5to|03|com"; nocase; ) # 12fnlyohw4zv7bgxcvm694z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|12fnlyohw4zv7bgxcvm694z|03|org"; nocase; ) # jmfk7h8xtlgd1fppibv14p69nx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jmfk7h8xtlgd1fppibv14p69nx|03|net"; nocase; ) # vr0eu61ulkpsc1d7fvkm1q0knlq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vr0eu61ulkpsc1d7fvkm1q0knlq|03|com"; nocase; ) # 1b0ia7r60vd20ltv2nl8j6zwp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b0ia7r60vd20ltv2nl8j6zwp|03|net"; nocase; ) # gfd74414xbjlkkrflca1feox6c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gfd74414xbjlkkrflca1feox6c|03|org"; nocase; ) # eew2xgwlrtpp8plppy9u7bht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eew2xgwlrtpp8plppy9u7bht|03|com"; nocase; ) # 1pfipq711ganef1sfj3lq13rwhoa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pfipq711ganef1sfj3lq13rwhoa|03|org"; nocase; ) # 1h2oxi81pi0lhm1r8gze96rvk2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h2oxi81pi0lhm1r8gze96rvk2t|03|org"; nocase; ) # 1tt4gz4chtjm41nnzkrw1aabrf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tt4gz4chtjm41nnzkrw1aabrf2|03|net"; nocase; ) # l09ykhvv3p2w2puz7zszccrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l09ykhvv3p2w2puz7zszccrr|03|com"; nocase; ) # gpgqmhk7pvccceu2weeb1wq3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gpgqmhk7pvccceu2weeb1wq3|03|biz"; nocase; ) # eb6twm1pztz8m1fuz6211b8djc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eb6twm1pztz8m1fuz6211b8djc3|03|net"; nocase; ) # 8lt5h31ft0r36ehc7w51wgb2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8lt5h31ft0r36ehc7w51wgb2a|03|com"; nocase; ) # 1j4i4dplr8ns1ifbybg1csewaz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j4i4dplr8ns1ifbybg1csewaz|03|biz"; nocase; ) # 2druv71hmcwa21ya2mr0kqulf9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2druv71hmcwa21ya2mr0kqulf9|03|com"; nocase; ) # 12fu46o1xhp0tcit0x0ufk8wfp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12fu46o1xhp0tcit0x0ufk8wfp|03|net"; nocase; ) # gwlu9e1mh83cq1u7sav2207u9p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gwlu9e1mh83cq1u7sav2207u9p|03|org"; nocase; ) # rv8xlxmjfqwx1potn2q1blbohx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rv8xlxmjfqwx1potn2q1blbohx|03|net"; nocase; ) # ecbovirza2z8n6g97f8tshq9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ecbovirza2z8n6g97f8tshq9|03|com"; nocase; ) # 1cl2649zzquq1vzup8l182b8h7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cl2649zzquq1vzup8l182b8h7|03|net"; nocase; ) # 1jwccex1si3h3y4mr2y91kr9z5v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jwccex1si3h3y4mr2y91kr9z5v|03|org"; nocase; ) # 13c2qqg3iliov1ae7fj5fqduj4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13c2qqg3iliov1ae7fj5fqduj4|03|net"; nocase; ) # 55p9m813s44d71syf24k19lc6ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|55p9m813s44d71syf24k19lc6ec|03|org"; nocase; ) # evwuuc1j6khky98v31u3z3tq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|evwuuc1j6khky98v31u3z3tq|03|net"; nocase; ) # 1ex6fjtpn8jp61ct5tflxllt39.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ex6fjtpn8jp61ct5tflxllt39|03|com"; nocase; ) # htawcipjfxtbgmbu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025408; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|htawcipjfxtbgmbu|02|eu"; nocase; ) # bxwlemsgqjswimnn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025409; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bxwlemsgqjswimnn|02|eu"; nocase; ) # uotngqvdcirsxmat.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025410; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|uotngqvdcirsxmat|02|eu"; nocase; ) # ovbyoklsemikxjey.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025411; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ovbyoklsemikxjey|02|eu"; nocase; ) # okaqlyxomcxojugl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025412; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|okaqlyxomcxojugl|02|eu"; nocase; ) # ogrqgbxpsgoibydx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025413; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ogrqgbxpsgoibydx|02|eu"; nocase; ) # ietnvmccwtdmvstf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025414; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ietnvmccwtdmvstf|02|eu"; nocase; ) # ilmjhncthiroolof.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025415; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ilmjhncthiroolof|02|eu"; nocase; ) # ivpbyqbqvcxmrnne.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025416; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ivpbyqbqvcxmrnne|02|eu"; nocase; ) # idvwwebitqyokgie.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025417; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|idvwwebitqyokgie|02|eu"; nocase; ) # ciqpxqfyufcilgtl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025418; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ciqpxqfyufcilgtl|02|eu"; nocase; ) # cpjljrfqstdkeybl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025419; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|cpjljrfqstdkeybl|02|eu"; nocase; ) # vnyvjjifchqimrie.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025420; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vnyvjjifchqimrie|02|eu"; nocase; ) # vurruwujmirkfkde.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025421; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vurruwujmirkfkde|02|eu"; nocase; ) # vcxngxubkwsmxpkq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025422; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vcxngxubkwsmxpkq|02|eu"; nocase; ) # vfiwmnhtbpxiimcd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025423; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vfiwmnhtbpxiimcd|02|eu"; nocase; ) # jdyvyfoqjscckxcd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025424; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jdyvyfoqjscckxcd|02|eu"; nocase; ) # jrknvtbafvrgvvep.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025425; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jrknvtbafvrgvvep|02|eu"; nocase; ) # jgjfsibjnlhxhhtc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025426; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|jgjfsibjnlhxhhtc|02|eu"; nocase; ) # dvhpxxewdhqcljev.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025427; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dvhpxxewdhqcljev|02|eu"; nocase; ) # ha0aa8abab741208e1ac029d08deddefc9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha0aa8abab741208e1ac029d08deddefc9|02|so"; nocase; ) # q9fd500509280a7c051e6e5c1fb4f59330.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9fd500509280a7c051e6e5c1fb4f59330|02|cc"; nocase; ) # r06d00510a1ea431181b58e628c10aadf0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r06d00510a1ea431181b58e628c10aadf0|02|ws"; nocase; ) # w1facf60e5f5ddb288576a51e5821a3d5a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1facf60e5f5ddb288576a51e5821a3d5a|02|tk"; nocase; ) # c443afb769566885059eba41062b990259.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c443afb769566885059eba41062b990259|02|hk"; nocase; ) # la5f7b08bc4836f8428ed110e6cc16bcc0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la5f7b08bc4836f8428ed110e6cc16bcc0|02|cn"; nocase; ) # mf0299d51c81ea03484ef3410df86e97b3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf0299d51c81ea03484ef3410df86e97b3|02|tk"; nocase; ) # o142b9ea44a8dece370d3cbda38d4b3058.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o142b9ea44a8dece370d3cbda38d4b3058|02|cc"; nocase; ) # p6834428bf8822aa35cda8255413f594a6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6834428bf8822aa35cda8255413f594a6|02|ws"; nocase; ) # se0b642d0dc7731fb56559048ef9c528dc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|se0b642d0dc7731fb56559048ef9c528dc|02|hk"; nocase; ) # w61fae2a226019f2a12ec4df4dd85a0e23.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w61fae2a226019f2a12ec4df4dd85a0e23|02|cc"; nocase; ) # a3cd153293ffca04ebae550358d4e0fa1e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a3cd153293ffca04ebae550358d4e0fa1e|02|hk"; nocase; ) # ge1bcb1c8711627eccf4f0c5b11226051a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge1bcb1c8711627eccf4f0c5b11226051a|02|to"; nocase; ) # ja3fb570924ee76e4f7759a1f12273593a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ja3fb570924ee76e4f7759a1f12273593a|02|cn"; nocase; ) # p1f15af86cfd79c04ae5b76b99c824f19f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p1f15af86cfd79c04ae5b76b99c824f19f|02|in"; nocase; ) # r7d11fc9cd00855ad3203372402acbdbad.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r7d11fc9cd00855ad3203372402acbdbad|02|cn"; nocase; ) # p2ae90e57448b2087ea3c2347af2918e32.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p2ae90e57448b2087ea3c2347af2918e32|02|cn"; nocase; ) # f67543423e404da477e0b89fb2f965ad79.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f67543423e404da477e0b89fb2f965ad79|02|cn"; nocase; ) # j574f067f6c6ccbc4bc4818889ab8673dc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j574f067f6c6ccbc4bc4818889ab8673dc|02|ws"; nocase; ) # k87bcdcda8f0a6a4cae9027dad7a98a5d5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k87bcdcda8f0a6a4cae9027dad7a98a5d5|02|to"; nocase; ) # o5b62343556a5a90efc45eee5ddba594bb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5b62343556a5a90efc45eee5ddba594bb|02|tk"; nocase; ) # t31a4e373fc2ba3035f297768c8e40b3cd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t31a4e373fc2ba3035f297768c8e40b3cd|02|in"; nocase; ) # vade54464252318a3df60af7d93fc99c9c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vade54464252318a3df60af7d93fc99c9c|02|cn"; nocase; ) # yb65371014ee9c6dfe1dfae9b733616b03.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yb65371014ee9c6dfe1dfae9b733616b03|02|cc"; nocase; ) # z37391587e6bd58758ec9795fe0d4ffc5f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z37391587e6bd58758ec9795fe0d4ffc5f|02|ws"; nocase; ) # ddae87d2bf3ad95a757bce021b813944ac.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ddae87d2bf3ad95a757bce021b813944ac|02|cn"; nocase; ) # u3a8084cc1fd4e91cc91faccdda5fae6bf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3a8084cc1fd4e91cc91faccdda5fae6bf|02|tk"; nocase; ) # wa2eebdfd300d5e7629fbf4edeb38a763f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa2eebdfd300d5e7629fbf4edeb38a763f|02|cc"; nocase; ) # d217c052d928f1dee713fb59d2ef383826.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d217c052d928f1dee713fb59d2ef383826|02|so"; nocase; ) # icc42dfc0c4a60f02ca7ff7c605a27f082.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|icc42dfc0c4a60f02ca7ff7c605a27f082|02|hk"; nocase; ) # o154d940aa8cce253a528c105f883b9345.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o154d940aa8cce253a528c105f883b9345|02|to"; nocase; ) # s3485eb34380a5b29ba5d822bef36806bb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s3485eb34380a5b29ba5d822bef36806bb|02|tk"; nocase; ) # wa65db78a4c46a7b6719a58264ee9afc94.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa65db78a4c46a7b6719a58264ee9afc94|02|to"; nocase; ) # x22c2b8bb2686ae96f7e718907be46f258.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x22c2b8bb2686ae96f7e718907be46f258|02|in"; nocase; ) # z17e232833f60f9e4c18a1eed397a236e3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z17e232833f60f9e4c18a1eed397a236e3|02|cn"; nocase; ) # f1637ec42f722c88b90597bee50df7d8d2.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1637ec42f722c88b90597bee50df7d8d2|02|in"; nocase; ) # i43845ff2b58be289eed68583f1df1d6f6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i43845ff2b58be289eed68583f1df1d6f6|02|tk"; nocase; ) # k5231424b8f2697873fe16feb95bbbf054.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5231424b8f2697873fe16feb95bbbf054|02|cc"; nocase; ) # l748534cdda76abe4221620b7c29c35afe.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l748534cdda76abe4221620b7c29c35afe|02|ws"; nocase; ) # m511f44db2d1a7ae58ed251b171394f68a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m511f44db2d1a7ae58ed251b171394f68a|02|to"; nocase; ) # s4df7c5a5057e9572cbef39c99a01ec382.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s4df7c5a5057e9572cbef39c99a01ec382|02|cc"; nocase; ) # ze12d683904ed6dea3e4205bee9c53b1de.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ze12d683904ed6dea3e4205bee9c53b1de|02|so"; nocase; ) # de01e81ef82627c4bdbdf072a5abf61a18.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de01e81ef82627c4bdbdf072a5abf61a18|02|in"; nocase; ) # q4917d2480b0ac4e5977f3003a9c6e9039.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4917d2480b0ac4e5977f3003a9c6e9039|02|cc"; nocase; ) # t1e65e4b09b09cdd02178d9b3979d19640.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t1e65e4b09b09cdd02178d9b3979d19640|02|in"; nocase; ) # y38a9999a27ec0e72de0821508d8a19037.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y38a9999a27ec0e72de0821508d8a19037|02|cc"; nocase; ) # z32f2f54ba7f8bd9d5f104510fa8650ee5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z32f2f54ba7f8bd9d5f104510fa8650ee5|02|ws"; nocase; ) # r58ae7bc6981d906814d3a0087bd7fdcee.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r58ae7bc6981d906814d3a0087bd7fdcee|02|in"; nocase; ) # sc83c63dd37c85ab823a6e73c9372ea4ab.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sc83c63dd37c85ab823a6e73c9372ea4ab|02|hk"; nocase; ) # xfd8ed4cd0e12f801d694057f125041721.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xfd8ed4cd0e12f801d694057f125041721|02|ws"; nocase; ) # n9d6536008e30aa0ab0f7e78ffc76f52fb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9d6536008e30aa0ab0f7e78ffc76f52fb|02|ws"; nocase; ) # k0011fba68b4851bc626d9548b2ded6d1d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k0011fba68b4851bc626d9548b2ded6d1d|02|cc"; nocase; ) # l722e5352d00c9f6b33ee92f32e6185c94.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l722e5352d00c9f6b33ee92f32e6185c94|02|ws"; nocase; ) # u2dac59451ab3512737991892206d5a1f1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2dac59451ab3512737991892206d5a1f1|02|to"; nocase; ) # wf8c6fe4c7a4914b61fdb00dbcd356c086.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wf8c6fe4c7a4914b61fdb00dbcd356c086|02|hk"; nocase; ) # ga48bea66949c8a130f1c4d2e88b31fee8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga48bea66949c8a130f1c4d2e88b31fee8|02|tk"; nocase; ) # hba1352baf370d1ba26fd887ae8402015d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hba1352baf370d1ba26fd887ae8402015d|02|so"; nocase; ) # i85cad75f1cdcd286145b80ff821a1919c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i85cad75f1cdcd286145b80ff821a1919c|02|cc"; nocase; ) # l8610216bc0d9c6c8b60158932e96d120f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8610216bc0d9c6c8b60158932e96d120f|02|in"; nocase; ) # n9e1389af5067c3773ab03534c802b9892.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9e1389af5067c3773ab03534c802b9892|02|cn"; nocase; ) # o2d790f305f569399cada0f3937ab45322.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o2d790f305f569399cada0f3937ab45322|02|tk"; nocase; ) # p3ccfd4eee855b17f269d4bc3d82ea8c03.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p3ccfd4eee855b17f269d4bc3d82ea8c03|02|so"; nocase; ) # wd0f373a65ea26a318e6955275cb6f9ad8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd0f373a65ea26a318e6955275cb6f9ad8|02|tk"; nocase; ) # bb46c9243ac7145e613a57fcfc50e656bf.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb46c9243ac7145e613a57fcfc50e656bf|02|in"; nocase; ) # e398214f0135f5edb87f25b7d4fdf0dec4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e398214f0135f5edb87f25b7d4fdf0dec4|02|tk"; nocase; ) # fecbcc6aa88c99ed9cf6132f59055ac3be.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fecbcc6aa88c99ed9cf6132f59055ac3be|02|so"; nocase; ) # mbb6e6623334c1d28c411f022fe1f7d22a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mbb6e6623334c1d28c411f022fe1f7d22a|02|tk"; nocase; ) # pd378d670a1680bc45aabe191496ab8b22.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd378d670a1680bc45aabe191496ab8b22|02|ws"; nocase; ) # r395a878f5fd6c245d8a5f08973fd09387.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r395a878f5fd6c245d8a5f08973fd09387|02|in"; nocase; ) # sec388544c87b0bc860176af255b6a4f29.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sec388544c87b0bc860176af255b6a4f29|02|hk"; nocase; ) # gf9b7ec44618ed765fe7aa4a6175753944.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gf9b7ec44618ed765fe7aa4a6175753944|02|to"; nocase; ) # j2d5be0a33c85723ac3b51367d788be089.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2d5be0a33c85723ac3b51367d788be089|02|cn"; nocase; ) # q62cab47a1ea6285d10c34fefaf11b8808.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q62cab47a1ea6285d10c34fefaf11b8808|02|hk"; nocase; ) # rf370a70430dfc64b9204184d218a8c684.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf370a70430dfc64b9204184d218a8c684|02|cn"; nocase; ) # t343ab245cf6d15fa8cd15c7f458312650.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t343ab245cf6d15fa8cd15c7f458312650|02|so"; nocase; ) # u1996401b51a3c3218e779eeb950d87aee.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u1996401b51a3c3218e779eeb950d87aee|02|cc"; nocase; ) # g2c79712965dc8b900d40914f81211f8c9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g2c79712965dc8b900d40914f81211f8c9|02|hk"; nocase; ) # oe4e7e5a6d123dbde29075d785d1d9a480.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe4e7e5a6d123dbde29075d785d1d9a480|02|hk"; nocase; ) # p30ef6f54e1461f8729c2596348dca71f9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p30ef6f54e1461f8729c2596348dca71f9|02|cn"; nocase; ) # x9899c45560757e602baeddc6e396aaf04.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9899c45560757e602baeddc6e396aaf04|02|cn"; nocase; ) # abf018ea0c25b54336ee47111c4d267cda.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|abf018ea0c25b54336ee47111c4d267cda|02|cc"; nocase; ) # bd55095df4efe3a15fa5ddfaf78ed2bb01.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd55095df4efe3a15fa5ddfaf78ed2bb01|02|ws"; nocase; ) # h9c67bc5f083d949aceabd9a161504d754.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h9c67bc5f083d949aceabd9a161504d754|02|so"; nocase; ) # k67aed4e74beba2548f46579c4814cb26a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k67aed4e74beba2548f46579c4814cb26a|02|to"; nocase; ) # nc52ca4ecb3363706bc893a171f7663c4c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc52ca4ecb3363706bc893a171f7663c4c|02|cn"; nocase; ) # qb4d557b655ae59f534148b73430cfc6d3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qb4d557b655ae59f534148b73430cfc6d3|02|cc"; nocase; ) # ued327c1b2c7b0f3b9aa9f616d83203ea0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ued327c1b2c7b0f3b9aa9f616d83203ea0|02|hk"; nocase; ) # a217aa2f464e2034bd6e58f01816955cb5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a217aa2f464e2034bd6e58f01816955cb5|02|to"; nocase; ) # e632181108efccf0c17cac9334c86995e7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e632181108efccf0c17cac9334c86995e7|02|tk"; nocase; ) # ha68367ba94bd4d33808760f2c82e16de4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha68367ba94bd4d33808760f2c82e16de4|02|ws"; nocase; ) # p3b938255ea3f10a619af09df3f6326749.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p3b938255ea3f10a619af09df3f6326749|02|ws"; nocase; ) # s180ae90abf5fab89bee2a1715d5664fb8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s180ae90abf5fab89bee2a1715d5664fb8|02|hk"; nocase; ) # v844bb4c38bbb143a75237cf17ba01edb1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v844bb4c38bbb143a75237cf17ba01edb1|02|so"; nocase; ) # ce93ec7d3a5d74c4e11133d744b3ce1093.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ce93ec7d3a5d74c4e11133d744b3ce1093|02|tk"; nocase; ) # g8b44f0d5fc6b5057f18aed3a3866abaa1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g8b44f0d5fc6b5057f18aed3a3866abaa1|02|to"; nocase; ) # j92c879d8c2a2706a9b8027a04ecbf7c71.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j92c879d8c2a2706a9b8027a04ecbf7c71|02|cn"; nocase; ) # ke625ff044e855f74d50d0edfd460a87fa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke625ff044e855f74d50d0edfd460a87fa|02|tk"; nocase; ) # c095ee43722f5760df7ddc4478ba1be447.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c095ee43722f5760df7ddc4478ba1be447|02|cc"; nocase; ) # g500d7a13821b40b7324976d675111907f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g500d7a13821b40b7324976d675111907f|02|hk"; nocase; ) # j98920c54fc9f048aacbb31dff4aa0245a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j98920c54fc9f048aacbb31dff4aa0245a|02|so"; nocase; ) # ldcbe09eb2d2d9f748df01abc135fc3848.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ldcbe09eb2d2d9f748df01abc135fc3848|02|ws"; nocase; ) # n5a30769af9f731aec5f55a49e9f09fd4c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5a30769af9f731aec5f55a49e9f09fd4c|02|in"; nocase; ) # pfccf6fa3e6b65a1af45a34a6b5c7643f1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfccf6fa3e6b65a1af45a34a6b5c7643f1|02|cn"; nocase; ) # sac22439337195b988b2d4b5ceff440864.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sac22439337195b988b2d4b5ceff440864|02|cc"; nocase; ) # ud7b663e4c4502657ed78f6f875c97a1cf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ud7b663e4c4502657ed78f6f875c97a1cf|02|to"; nocase; ) # cc9fc0ded10e64b0e7d047701147a9ab29.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc9fc0ded10e64b0e7d047701147a9ab29|02|to"; nocase; ) # d920c09ab70b02ebcf55d74cd621260849.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d920c09ab70b02ebcf55d74cd621260849|02|in"; nocase; ) # f312ae9213c37440ccf1638582cc6a1a1b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f312ae9213c37440ccf1638582cc6a1a1b|02|cn"; nocase; ) # k10535f0d7879edf5af752feb0e7bebfc7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k10535f0d7879edf5af752feb0e7bebfc7|02|to"; nocase; ) # m12921f1af32bf9d58d118ce8124925380.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m12921f1af32bf9d58d118ce8124925380|02|hk"; nocase; ) # oecc37137f15e8e22e5cbc1818cc2e7bab.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oecc37137f15e8e22e5cbc1818cc2e7bab|02|tk"; nocase; ) # paee202a3a5ad209e42592874e587ead6e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|paee202a3a5ad209e42592874e587ead6e|02|so"; nocase; ) # t6f67ec773783222afd8cdf9caa28a6cf7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6f67ec773783222afd8cdf9caa28a6cf7|02|in"; nocase; ) # vb2bd79d8722806c8af6264cd4ec95db20.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vb2bd79d8722806c8af6264cd4ec95db20|02|cn"; nocase; ) # ab37f95befab6a43aa1a454ee0517f80f8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab37f95befab6a43aa1a454ee0517f80f8|02|to"; nocase; ) # me4eb587e002476011aeb62d50759ad11c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me4eb587e002476011aeb62d50759ad11c|02|tk"; nocase; ) # q9ef8a22357112f7e1d6f4dd12912e2ee7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9ef8a22357112f7e1d6f4dd12912e2ee7|02|to"; nocase; ) # z36f0cde7ab20d11e4b8e1dd9ba15df3dc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z36f0cde7ab20d11e4b8e1dd9ba15df3dc|02|in"; nocase; ) # h950715137b5db19b6d87797591ec84535.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h950715137b5db19b6d87797591ec84535|02|in"; nocase; ) # k9ac066189d40574853b25178335f7990c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k9ac066189d40574853b25178335f7990c|02|tk"; nocase; ) # ld9b804a7b2c6b4f191a7cadbeb0dba15f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ld9b804a7b2c6b4f191a7cadbeb0dba15f|02|so"; nocase; ) # q51b44a23a4872ec72686d754abe2b7db9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q51b44a23a4872ec72686d754abe2b7db9|02|hk"; nocase; ) # x413e8483fe4b266597b48922cd9521726.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x413e8483fe4b266597b48922cd9521726|02|in"; nocase; ) # ye8560f5ef5bf7cd5bf9e94d7ef7974d73.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ye8560f5ef5bf7cd5bf9e94d7ef7974d73|02|hk"; nocase; ) # a1efe414c62e2e2d004f194675bf5fdda5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1efe414c62e2e2d004f194675bf5fdda5|02|tk"; nocase; ) # c6cee8682fdf3d6702ceb44fb806e2ba97.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6cee8682fdf3d6702ceb44fb806e2ba97|02|cc"; nocase; ) # g58c3eb0ad4d03e6761f0500ca58bfccae.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g58c3eb0ad4d03e6761f0500ca58bfccae|02|hk"; nocase; ) # h2c006fb97f01288578f103b425d8608be.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2c006fb97f01288578f103b425d8608be|02|cn"; nocase; ) # pda7c5b28d9f14c652e5bee24b937a8d8b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pda7c5b28d9f14c652e5bee24b937a8d8b|02|cn"; nocase; ) # t5523bce7d38d7aa69474bf5eb462a68a8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t5523bce7d38d7aa69474bf5eb462a68a8|02|ws"; nocase; ) # b8875d0a5b9798be6c9af58d0c19c39604.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8875d0a5b9798be6c9af58d0c19c39604|02|ws"; nocase; ) # h2cd84531c31a9677db74a2030776c5119.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2cd84531c31a9677db74a2030776c5119|02|so"; nocase; ) # l8c96387e93f59ac5851068298ef868b40.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8c96387e93f59ac5851068298ef868b40|02|in"; nocase; ) # o8ed04dac83b82dba45ac580ca93881c11.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8ed04dac83b82dba45ac580ca93881c11|02|tk"; nocase; ) # y8ca9681c75b78265a1089e6c8d121e52b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8ca9681c75b78265a1089e6c8d121e52b|02|cc"; nocase; ) # z3c44a7e39d97045fc0999bc3d83a52f37.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3c44a7e39d97045fc0999bc3d83a52f37|02|ws"; nocase; ) # baa5a2613d6a8b12407b3163fb57872572.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|baa5a2613d6a8b12407b3163fb57872572|02|in"; nocase; ) # n9cc22ce4fa30d108251c3cc36e3706db0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9cc22ce4fa30d108251c3cc36e3706db0|02|so"; nocase; ) # x2a501ac77bdd0cbafcc63a86d875a2ea0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x2a501ac77bdd0cbafcc63a86d875a2ea0|02|ws"; nocase; ) # b5868b3a3846ce210a11e44708749d6e6d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5868b3a3846ce210a11e44708749d6e6d|02|cn"; nocase; ) # gb5199645aa58620adc43c006df0517022.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gb5199645aa58620adc43c006df0517022|02|to"; nocase; ) # id22d7b0ce6724b42fe1c60489d7a9ae25.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id22d7b0ce6724b42fe1c60489d7a9ae25|02|hk"; nocase; ) # t2ae0dcc1eb8049d6f7b898d7f5a092f6e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t2ae0dcc1eb8049d6f7b898d7f5a092f6e|02|so"; nocase; ) # we63ac5ec9368730ba9efbc4ade577652e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|we63ac5ec9368730ba9efbc4ade577652e|02|to"; nocase; ) # y6c0ae09868367485323e4061cdb5711ed.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y6c0ae09868367485323e4061cdb5711ed|02|hk"; nocase; ) # af960b499dcfd5153f3839bd5e5c163998.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af960b499dcfd5153f3839bd5e5c163998|02|tk"; nocase; ) # b8b33a0a1636e65134be966fb5c6cf7192.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8b33a0a1636e65134be966fb5c6cf7192|02|so"; nocase; ) # f7496463368cb6fc7a2bb59d1d58669fda.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7496463368cb6fc7a2bb59d1d58669fda|02|in"; nocase; ) # sa6ab41ab84c639601fb3fc978571c225d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sa6ab41ab84c639601fb3fc978571c225d|02|cc"; nocase; ) # t47e2a3a53ebdd2ee4386af4cdcea07cc0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t47e2a3a53ebdd2ee4386af4cdcea07cc0|02|ws"; nocase; ) # xf290c463e40b97ae3891829d7a3f92d7a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf290c463e40b97ae3891829d7a3f92d7a|02|cn"; nocase; ) # zad082ee6ccbcb257a87c9b69c13049b6d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zad082ee6ccbcb257a87c9b69c13049b6d|02|so"; nocase; ) # a031aa9343104315587d7984b8a263a9da.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a031aa9343104315587d7984b8a263a9da|02|cc"; nocase; ) # k679e259fbc1a7d189b4263d234cb62b32.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k679e259fbc1a7d189b4263d234cb62b32|02|to"; nocase; ) # ne426dab9f2db2947767a0702f3f4c2f98.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne426dab9f2db2947767a0702f3f4c2f98|02|cn"; nocase; ) # sb72c338f9dc82c7a021460c1008407507.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sb72c338f9dc82c7a021460c1008407507|02|to"; nocase; ) # v1dc938c5d95ae9a1ba384347f2d4e59b9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1dc938c5d95ae9a1ba384347f2d4e59b9|02|cn"; nocase; ) # b8b7b4ef1406f25fae30e1e5307e8cfa0a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8b7b4ef1406f25fae30e1e5307e8cfa0a|02|in"; nocase; ) # d56ad4607c327781d7b0b734eb4bab1a57.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d56ad4607c327781d7b0b734eb4bab1a57|02|cn"; nocase; ) # h7be7a9e06f5884f887c10682a163d8ccb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h7be7a9e06f5884f887c10682a163d8ccb|02|ws"; nocase; ) # i44c63cfcff6d3b1f33a9b7454773bc0c0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i44c63cfcff6d3b1f33a9b7454773bc0c0|02|to"; nocase; ) # oc84b11b0bf0c84d88ebebd3d13e7354d9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc84b11b0bf0c84d88ebebd3d13e7354d9|02|cc"; nocase; ) # v7fe665da978e5d31a9bafd1f969f59178.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7fe665da978e5d31a9bafd1f969f59178|02|so"; nocase; ) # fa6799efa4f8bbaed1e822bdeb64758f1a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fa6799efa4f8bbaed1e822bdeb64758f1a|02|ws"; nocase; ) # g6796615426a4568d6b351615134476d54.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6796615426a4568d6b351615134476d54|02|to"; nocase; ) # jb543000aaf109e94d0c9efaa314eb858a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jb543000aaf109e94d0c9efaa314eb858a|02|cn"; nocase; ) # k86d3384fd1603b3cdd02c67c79882fbb8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k86d3384fd1603b3cdd02c67c79882fbb8|02|tk"; nocase; ) # l79de927afebcc5ecbd9e8072d42e721d0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l79de927afebcc5ecbd9e8072d42e721d0|02|so"; nocase; ) # u3389f36dbe93e83fb659408a9558175ac.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3389f36dbe93e83fb659408a9558175ac|02|cc"; nocase; ) # xbc3c669f99362127b3b1a5d0fd05aaf08.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xbc3c669f99362127b3b1a5d0fd05aaf08|02|in"; nocase; ) # cc075596e13c138a1141272e001f914903.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc075596e13c138a1141272e001f914903|02|cc"; nocase; ) # jce201ddff5eb644adc44dccb928119766.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jce201ddff5eb644adc44dccb928119766|02|so"; nocase; ) # o22de95bda4d95eeb6c86bf3313f63a4a8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o22de95bda4d95eeb6c86bf3313f63a4a8|02|hk"; nocase; ) # s75852682e79040da1434dc33f878526f1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s75852682e79040da1434dc33f878526f1|02|cc"; nocase; ) # u0fef508dcc06e00319199abe44f3c8867.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u0fef508dcc06e00319199abe44f3c8867|02|to"; nocase; ) # y2d7f821a0e3cbc3683f7799024335bb3a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y2d7f821a0e3cbc3683f7799024335bb3a|02|tk"; nocase; ) # zddbbb053a933b20fb22df6f1ef185f9b7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zddbbb053a933b20fb22df6f1ef185f9b7|02|so"; nocase; ) # y8c0bb80ac26f326ff7900399c349b749c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8c0bb80ac26f326ff7900399c349b749c|02|cc"; nocase; ) # a95641e3476fac548ad2a58dfd6e86e1dc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a95641e3476fac548ad2a58dfd6e86e1dc|02|to"; nocase; ) # f14ae5b3c2d67128c959b8a2c769b679f8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f14ae5b3c2d67128c959b8a2c769b679f8|02|so"; nocase; ) # o93ac20a9952496a7b99c4ce64fb51b2c7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025608; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o93ac20a9952496a7b99c4ce64fb51b2c7|02|cc"; nocase; ) # s77a062b6105b0d5f0832d7f3882e24724.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025609; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s77a062b6105b0d5f0832d7f3882e24724|02|hk"; nocase; ) # w121817000b59b954c758f458c08cbaa39.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025610; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w121817000b59b954c758f458c08cbaa39|02|cc"; nocase; ) # ya343f3ba39e01414df7429706ab1fc7b5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025611; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ya343f3ba39e01414df7429706ab1fc7b5|02|to"; nocase; ) # cf1b388c1aca444af94fe302a1f20413f4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025612; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cf1b388c1aca444af94fe302a1f20413f4|02|tk"; nocase; ) # ebb8711cbffad9f8344f0ef82f15bd6940.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025613; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ebb8711cbffad9f8344f0ef82f15bd6940|02|cc"; nocase; ) # o74744d4db9e6f5a2336af434be50ede6e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025614; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o74744d4db9e6f5a2336af434be50ede6e|02|to"; nocase; ) # q63a4aa2ef7066399435135e9bdf336243.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025615; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q63a4aa2ef7066399435135e9bdf336243|02|hk"; nocase; ) # zfe3a69110e0e59e327070be36545b7276.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025616; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zfe3a69110e0e59e327070be36545b7276|02|cn"; nocase; ) # a93f25a8bc35493331b6526ace1722d782.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025617; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a93f25a8bc35493331b6526ace1722d782|02|tk"; nocase; ) # b77f7f9a5bb83caa1ab097dadf27ab3891.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025618; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b77f7f9a5bb83caa1ab097dadf27ab3891|02|so"; nocase; ) # e03b676556d8f9672d2d350739cfa33051.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025619; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e03b676556d8f9672d2d350739cfa33051|02|to"; nocase; ) # hc89dce92f35cb75b6ed4bdbdda9d47200.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025620; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc89dce92f35cb75b6ed4bdbdda9d47200|02|cn"; nocase; ) # le10e9804a3b77887e91803151605cf2db.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025621; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le10e9804a3b77887e91803151605cf2db|02|ws"; nocase; ) # nc90227cf076ebbe379933941ab6577cba.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025622; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc90227cf076ebbe379933941ab6577cba|02|in"; nocase; ) # p1a17eacfcc4051cd486128a5b8b6ac0f0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025623; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p1a17eacfcc4051cd486128a5b8b6ac0f0|02|cn"; nocase; ) # qaa58e11d62e9d07373307ce918e6bd917.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025624; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qaa58e11d62e9d07373307ce918e6bd917|02|tk"; nocase; ) # d6c4123d41353d13223a2507d838a58058.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025625; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6c4123d41353d13223a2507d838a58058|02|in"; nocase; ) # ff7d14e780ee109c1ac3010ace63ec14e9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025626; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ff7d14e780ee109c1ac3010ace63ec14e9|02|cn"; nocase; ) # x7b22f6f79015ceaf10bbb97d3e13ee8fe.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025627; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7b22f6f79015ceaf10bbb97d3e13ee8fe|02|so"; nocase; ) # b2b01fb5d46fcc7c4a955b5f2d0f3dce6d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025628; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b2b01fb5d46fcc7c4a955b5f2d0f3dce6d|02|in"; nocase; ) # cb2f464a0e143ddab1dc9b2fd9fc39e41b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025629; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb2f464a0e143ddab1dc9b2fd9fc39e41b|02|hk"; nocase; ) # h26ceed1b1db58f0d357688d381ed82762.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025630; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h26ceed1b1db58f0d357688d381ed82762|02|ws"; nocase; ) # i36e1f065ac08a200f2cb2fc3a5d532d81.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025631; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i36e1f065ac08a200f2cb2fc3a5d532d81|02|to"; nocase; ) # n1509c9fc87757f90970e4820e2b2ae18a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025632; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1509c9fc87757f90970e4820e2b2ae18a|02|so"; nocase; ) # ocb14ee322611209d3e38d5eea66b193e1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025633; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ocb14ee322611209d3e38d5eea66b193e1|02|cc"; nocase; ) # s4131915e800e581b66022b9923aa7c8ac.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025634; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s4131915e800e581b66022b9923aa7c8ac|02|hk"; nocase; ) # t3f556d0d2528939866a384766477fdff1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025635; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t3f556d0d2528939866a384766477fdff1|02|cn"; nocase; ) # xdf6eff045696c1bf5088526519097082d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025636; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xdf6eff045696c1bf5088526519097082d|02|ws"; nocase; ) # z2fec21478367662e4af782babcbbbeed5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025637; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z2fec21478367662e4af782babcbbbeed5|02|in"; nocase; ) # b6e6d31e14da897ea90a74cd16fc8e0305.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025638; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6e6d31e14da897ea90a74cd16fc8e0305|02|cn"; nocase; ) # i5ea6b8b0417e88e40533426f8002c8f3e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025639; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5ea6b8b0417e88e40533426f8002c8f3e|02|hk"; nocase; ) # bf6b34ed2e50c93db18ba811966234ca1a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025640; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bf6b34ed2e50c93db18ba811966234ca1a|02|ws"; nocase; ) # u9133b044c81de362b2b1bea41d1f01d61.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u9133b044c81de362b2b1bea41d1f01d61|02|hk"; nocase; ) # vf94da2e454c26466741816778a501ff9d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vf94da2e454c26466741816778a501ff9d|02|so"; nocase; ) # y9306f7a916c6582e3d1a806355bffd077.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9306f7a916c6582e3d1a806355bffd077|02|to"; nocase; ) # a27bf688d1a661c2b2fca8a2ea72a7b183.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a27bf688d1a661c2b2fca8a2ea72a7b183|02|hk"; nocase; ) # u2fa7bf7341c000ecb56c689a95dc66499.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2fa7bf7341c000ecb56c689a95dc66499|02|cc"; nocase; ) # l0a54eda3cf367291291ab84b1fe2b14ea.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l0a54eda3cf367291291ab84b1fe2b14ea|02|ws"; nocase; ) # mdbb3b37987e8c7e9ee1be4095103c985c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mdbb3b37987e8c7e9ee1be4095103c985c|02|to"; nocase; ) # t0cf154e50ed9b6ab0a477b0c0bd6e62b8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t0cf154e50ed9b6ab0a477b0c0bd6e62b8|02|ws"; nocase; ) # x25965248bdc6f128d1699d4f7dc36354b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x25965248bdc6f128d1699d4f7dc36354b|02|cn"; nocase; ) # z82e52a535c3498b6690179de37c95a1d7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z82e52a535c3498b6690179de37c95a1d7|02|so"; nocase; ) # bd728a5d2b7ed8e09f401d925f36622b96.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd728a5d2b7ed8e09f401d925f36622b96|02|ws"; nocase; ) # c0f55452a76f0d2f7fc1ffd2b6aebc1df4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c0f55452a76f0d2f7fc1ffd2b6aebc1df4|02|to"; nocase; ) # e75a82d181b3ef92c9cfa84bcf8564b147.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e75a82d181b3ef92c9cfa84bcf8564b147|02|hk"; nocase; ) # gad0a7d224893cb199e645c1515368b951.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gad0a7d224893cb199e645c1515368b951|02|tk"; nocase; ) # l4b4ab00b93433b4fd9582889b5312e6a0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4b4ab00b93433b4fd9582889b5312e6a0|02|in"; nocase; ) # ka988dcb461a946cc2744b935ce429bb34.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka988dcb461a946cc2744b935ce429bb34|02|hk"; nocase; ) # n5fde99648230b5abb0b03a5fb1c117128.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5fde99648230b5abb0b03a5fb1c117128|02|so"; nocase; ) # t21676b6253132cc8f37dde753c274e7b2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t21676b6253132cc8f37dde753c274e7b2|02|cn"; nocase; ) # d3359ad8cc2e7ebfb9dc354505cf5e963d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d3359ad8cc2e7ebfb9dc354505cf5e963d|02|so"; nocase; ) # i4bf48b0c57967f9b7295de0abdfe3928a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i4bf48b0c57967f9b7295de0abdfe3928a|02|hk"; nocase; ) # j438bcfbc864b022b82ae4848dedacb2be.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j438bcfbc864b022b82ae4848dedacb2be|02|cn"; nocase; ) # kfa3592da0378563d1f703a7ed0972e54c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kfa3592da0378563d1f703a7ed0972e54c|02|tk"; nocase; ) # m4d98e8ecab3a56aaf8d22335254abca88.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m4d98e8ecab3a56aaf8d22335254abca88|02|cc"; nocase; ) # o8459338173c5a7ed26170203dd0dcb254.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8459338173c5a7ed26170203dd0dcb254|02|to"; nocase; ) # p7f61c9be3c026941fe4783aa784544143.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7f61c9be3c026941fe4783aa784544143|02|in"; nocase; ) # q9f251df7fa70c74fb547e02cc5e612813.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9f251df7fa70c74fb547e02cc5e612813|02|hk"; nocase; ) # u67de08751e04c4b003198eb61a8c578fa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u67de08751e04c4b003198eb61a8c578fa|02|cc"; nocase; ) # v9b58d843fb23111a2bf125cbc7b1d33e7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9b58d843fb23111a2bf125cbc7b1d33e7|02|ws"; nocase; ) # cbf0f432a95e38943e4b5da5fa3bef5e58.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cbf0f432a95e38943e4b5da5fa3bef5e58|02|cc"; nocase; ) # d66966ed48d8c82766c1e9a8c3c16fe44c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d66966ed48d8c82766c1e9a8c3c16fe44c|02|ws"; nocase; ) # m122c31a44cabc0d4049e1564d7b6c1292.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025671; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m122c31a44cabc0d4049e1564d7b6c1292|02|to"; nocase; ) # r1c72d5a811516429877ce3656ea85e53a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025672; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r1c72d5a811516429877ce3656ea85e53a|02|so"; nocase; ) # u8b7b168187d0d9ca8e081ba4ceb7d3abf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025673; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8b7b168187d0d9ca8e081ba4ceb7d3abf|02|to"; nocase; ) # y95de611066c5398169aa13a39ad77870f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025674; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y95de611066c5398169aa13a39ad77870f|02|tk"; nocase; ) # b1dd4f549edea3adae33bfa19d070ce3cd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025675; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1dd4f549edea3adae33bfa19d070ce3cd|02|ws"; nocase; ) # de3da2b8c9faf94d47026103e7f53193b0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025676; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de3da2b8c9faf94d47026103e7f53193b0|02|in"; nocase; ) # f61e3e52afbb8287117c263f18e7154112.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025677; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f61e3e52afbb8287117c263f18e7154112|02|cn"; nocase; ) # g8ada97ecf5f36defe2f08c28640bee05f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025678; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g8ada97ecf5f36defe2f08c28640bee05f|02|tk"; nocase; ) # h83c7e616b1729cafe3cc8b5aa2634aac5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025679; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h83c7e616b1729cafe3cc8b5aa2634aac5|02|so"; nocase; ) # k81696aaff9779015e23f6a7bc23e1f23e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025680; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k81696aaff9779015e23f6a7bc23e1f23e|02|to"; nocase; ) # na66eee237178aad5dd6e4f517c3c8f536.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025681; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|na66eee237178aad5dd6e4f517c3c8f536|02|cn"; nocase; ) # oebbf41a06b997ecba1bdc5edaff015a3d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025682; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oebbf41a06b997ecba1bdc5edaff015a3d|02|tk"; nocase; ) # qc98a1937d23233589a54ad77aa69306fa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025683; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qc98a1937d23233589a54ad77aa69306fa|02|cc"; nocase; ) # rc0b76dbcd7cf29d1aa6be30df4048b9ea.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025684; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc0b76dbcd7cf29d1aa6be30df4048b9ea|02|ws"; nocase; ) # sa9528f516a0e2c5cf0e7b0f874bc2c83c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025685; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sa9528f516a0e2c5cf0e7b0f874bc2c83c|02|to"; nocase; ) # v89ec5ebe9116936b9f685959647f725f1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025686; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v89ec5ebe9116936b9f685959647f725f1|02|cn"; nocase; ) # cda6d3f47d68f5e7fca6e879056c83e5c4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025687; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cda6d3f47d68f5e7fca6e879056c83e5c4|02|hk"; nocase; ) # e656e171a66fb9f49a6bbbefac6f1b3757.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025688; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e656e171a66fb9f49a6bbbefac6f1b3757|02|tk"; nocase; ) # k067c52dc6038117b96840b94aadd91f65.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025689; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k067c52dc6038117b96840b94aadd91f65|02|hk"; nocase; ) # od7424ac37523e8a3a37632efe5772340d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025690; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od7424ac37523e8a3a37632efe5772340d|02|cc"; nocase; ) # u1e16e05775d2b337038ebcd855a13d29e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025691; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u1e16e05775d2b337038ebcd855a13d29e|02|tk"; nocase; ) # v2297a75b4a0f88d4789c93439aedffcda.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025692; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2297a75b4a0f88d4789c93439aedffcda|02|so"; nocase; ) # c6a34012861ff2853ff8406376e593a863.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025693; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6a34012861ff2853ff8406376e593a863|02|tk"; nocase; ) # ff10f90d204be772687ba3971b126cd247.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025694; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ff10f90d204be772687ba3971b126cd247|02|ws"; nocase; ) # mc81af116e641689715a177f274f23dd16.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025695; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc81af116e641689715a177f274f23dd16|02|cc"; nocase; ) # s83371ac87db2f78ae2a90f926b2355458.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025696; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s83371ac87db2f78ae2a90f926b2355458|02|tk"; nocase; ) # ib15457e0bf810478a28e00f00a30c2142.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025697; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib15457e0bf810478a28e00f00a30c2142|02|tk"; nocase; ) # j96034edbaf1724a92a009af0980d7f645.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025698; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j96034edbaf1724a92a009af0980d7f645|02|so"; nocase; ) # k7339c43defc79792ec009d54f786f0b03.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025699; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k7339c43defc79792ec009d54f786f0b03|02|cc"; nocase; ) # o8a3edc0b22ef8c9166fb856a44f825786.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025700; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8a3edc0b22ef8c9166fb856a44f825786|02|hk"; nocase; ) # w5cc29eca56fc033c1f5c5ee0b24a8ef42.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025701; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5cc29eca56fc033c1f5c5ee0b24a8ef42|02|hk"; nocase; ) # yda3e0a888d9497a5341413bb13488dc18.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025702; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yda3e0a888d9497a5341413bb13488dc18|02|tk"; nocase; ) # b5f0b384aa3507a378d8c4fbaa4cde2e2b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025703; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b5f0b384aa3507a378d8c4fbaa4cde2e2b|02|ws"; nocase; ) # cc74dce6cf026ceca765eb3b1b5f67a40d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025704; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc74dce6cf026ceca765eb3b1b5f67a40d|02|to"; nocase; ) # fda6e16ab767b980160263a3696c08ba11.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025705; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fda6e16ab767b980160263a3696c08ba11|02|cn"; nocase; ) # lcdd4f471592339cd95fd2391e62206a13.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025706; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lcdd4f471592339cd95fd2391e62206a13|02|in"; nocase; ) # o5b1641e590ac742294a4d314d8f47e0ca.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025707; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5b1641e590ac742294a4d314d8f47e0ca|02|tk"; nocase; ) # p07360a63a8357d41bf5b6272913ccab0e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025708; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p07360a63a8357d41bf5b6272913ccab0e|02|so"; nocase; ) # q64b641199a597a071f272178cb323ac93.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025709; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q64b641199a597a071f272178cb323ac93|02|cc"; nocase; ) # r9adeba818eb82bde3255d569b3ec7a6aa.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025710; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9adeba818eb82bde3255d569b3ec7a6aa|02|ws"; nocase; ) # tced05b3b997040c298cb93eb176d02d9d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025711; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tced05b3b997040c298cb93eb176d02d9d|02|in"; nocase; ) # krapqx16enchabg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025712; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|krapqx16enchabg|04|ddns|03|net"; nocase; ) # ofire0i41hy2747linkds65.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025713; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|ofire0i41hy2747linkds65|04|ddns|03|net"; nocase; ) # o67voha0c0kpulgpitijaxe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025714; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|o67voha0c0kpulgpitijaxe|04|ddns|03|net"; nocase; ) # 3dqpufa2qvi0c4a6ux5bulo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025715; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|3dqpufa2qvi0c4a6ux5bulo|04|ddns|03|net"; nocase; ) # a8gbwrcj7xi65ni.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025716; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|a8gbwrcj7xi65ni|04|ddns|03|net"; nocase; ) # 1rsvup5j18s4s4a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025717; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|1rsvup5j18s4s4a|04|ddns|03|net"; nocase; ) # 54it5vytcfmv1vmlcfqloby.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025718; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|54it5vytcfmv1vmlcfqloby|04|ddns|03|net"; nocase; ) # kfo4y8385va0kpsl3l3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025719; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|kfo4y8385va0kpsl3l3|04|ddns|03|net"; nocase; ) # yhshsp76kbs670ir3baxcp5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025720; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|yhshsp76kbs670ir3baxcp5|04|ddns|03|net"; nocase; ) # k0y2ilofavajm6onknw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025721; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|k0y2ilofavajm6onknw|04|ddns|03|net"; nocase; ) # mubixaiq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025722; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|mubixaiq|04|ddns|03|net"; nocase; ) # ugfailukafugw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025723; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|ugfailukafugw|04|ddns|03|net"; nocase; ) # haevpeodeqodem.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025724; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|haevpeodeqodem|04|ddns|03|net"; nocase; ) # umvoquqiakek.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025725; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|umvoquqiakek|04|ddns|03|net"; nocase; ) # supoovbileleh.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025726; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|supoovbileleh|04|ddns|03|net"; nocase; ) # dsqsyhnhdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dsqsyhnhdp|03|com"; nocase; ) # cogobv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cogobv|03|com"; nocase; ) # vgyzsxcfqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vgyzsxcfqy|03|biz"; nocase; ) # ziqximkgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ziqximkgj|03|com"; nocase; ) # lutwkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lutwkl|03|org"; nocase; ) # mzfdkypzp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mzfdkypzp|04|info"; nocase; ) # siibfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|siibfp|03|com"; nocase; ) # ptjsibtfmyo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ptjsibtfmyo|04|info"; nocase; ) # nkpbnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nkpbnb|03|biz"; nocase; ) # gzrflkjfkxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gzrflkjfkxp|04|info"; nocase; ) # iiwtqphck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iiwtqphck|03|com"; nocase; ) # rtogqykywtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rtogqykywtv|03|net"; nocase; ) # mjduppzvtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mjduppzvtv|03|net"; nocase; ) # jwpxman.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jwpxman|03|com"; nocase; ) # jwqlcfsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jwqlcfsu|03|net"; nocase; ) # arkuxemwkmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|arkuxemwkmv|03|org"; nocase; ) # bvzred.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bvzred|03|com"; nocase; ) # jmuamis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jmuamis|03|com"; nocase; ) # hukspjaqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hukspjaqt|03|biz"; nocase; ) # rfcfvyms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rfcfvyms|03|org"; nocase; ) # nftmxfdj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nftmxfdj|03|com"; nocase; ) # brhrstiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|brhrstiz|03|com"; nocase; ) # govyezzqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|govyezzqv|03|biz"; nocase; ) # eygzhtuqgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|eygzhtuqgq|03|com"; nocase; ) # ufpstlfowh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ufpstlfowh|04|info"; nocase; ) # advqeeodg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|advqeeodg|03|com"; nocase; ) # ailqxjle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ailqxjle|03|org"; nocase; ) # jhblsmgoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jhblsmgoc|03|biz"; nocase; ) # uccmpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uccmpa|03|biz"; nocase; ) # zabbfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zabbfe|03|com"; nocase; ) # aezmqdlo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aezmqdlo|03|org"; nocase; ) # gjcwlmmjagx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gjcwlmmjagx|03|com"; nocase; ) # rrjziatexu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rrjziatexu|04|info"; nocase; ) # zvwhmhdcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zvwhmhdcn|03|com"; nocase; ) # fyyrsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fyyrsd|03|net"; nocase; ) # vwiijblmpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vwiijblmpx|03|biz"; nocase; ) # zmzmfnnjxnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zmzmfnnjxnv|03|biz"; nocase; ) # beaftfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|beaftfx|03|com"; nocase; ) # vxswldddy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vxswldddy|03|com"; nocase; ) # tpqzvbbxu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tpqzvbbxu|04|info"; nocase; ) # mnenlyjwxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mnenlyjwxg|04|info"; nocase; ) # qeerezh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qeerezh|04|info"; nocase; ) # uhlsneei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uhlsneei|03|com"; nocase; ) # bpznyxwxf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bpznyxwxf|04|info"; nocase; ) # bhcgfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bhcgfp|03|com"; nocase; ) # rkpmfwef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rkpmfwef|03|com"; nocase; ) # bpopmooxy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bpopmooxy|04|info"; nocase; ) # hekexkgvs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hekexkgvs|04|info"; nocase; ) # vplsprk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vplsprk|03|net"; nocase; ) # yxyixogb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yxyixogb|03|com"; nocase; ) # oljwypddqpf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oljwypddqpf|03|biz"; nocase; ) # ictdmhx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ictdmhx|03|com"; nocase; ) # uyywdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uyywdg|03|com"; nocase; ) # kxufllyr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kxufllyr|04|info"; nocase; ) # mlchwddmg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mlchwddmg|03|org"; nocase; ) # jaezqeqxcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jaezqeqxcu|03|com"; nocase; ) # tiymrsjr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tiymrsjr|03|org"; nocase; ) # kfsyfads.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kfsyfads|03|com"; nocase; ) # vcqsfohvds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vcqsfohvds|03|com"; nocase; ) # yxgjgrli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yxgjgrli|03|org"; nocase; ) # hekaxqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hekaxqb|03|biz"; nocase; ) # kwvrnpxogp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kwvrnpxogp|03|com"; nocase; ) # qfnxoqiqag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qfnxoqiqag|03|com"; nocase; ) # igegkzwoxkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|igegkzwoxkz|03|org"; nocase; ) # gkqdgnwj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gkqdgnwj|04|info"; nocase; ) # pgsbjnrul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pgsbjnrul|03|net"; nocase; ) # dzwyyew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025793; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dzwyyew|03|com"; nocase; ) # xutruqpwsbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025794; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xutruqpwsbg|03|com"; nocase; ) # tmtzziof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025795; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tmtzziof|03|biz"; nocase; ) # itcdiit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025796; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|itcdiit|03|com"; nocase; ) # vmcasxvmtss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025797; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vmcasxvmtss|03|net"; nocase; ) # pwxldgsnzt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025798; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pwxldgsnzt|04|info"; nocase; ) # hoxqrzoau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025799; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hoxqrzoau|03|com"; nocase; ) # tvmlgsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025800; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tvmlgsl|03|net"; nocase; ) # ctkrvwna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025801; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ctkrvwna|03|biz"; nocase; ) # vekrntyrdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025802; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vekrntyrdm|03|com"; nocase; ) # wzawpy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025803; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wzawpy|03|biz"; nocase; ) # uyyxuwmajym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025804; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uyyxuwmajym|04|info"; nocase; ) # aysytpm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025805; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|aysytpm|03|biz"; nocase; ) # muqtleimp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025806; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|muqtleimp|03|org"; nocase; ) # uiqjswxmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025807; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uiqjswxmx|03|org"; nocase; ) # jxqosn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025808; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jxqosn|03|net"; nocase; ) # uqmnvgyppol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025809; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uqmnvgyppol|03|biz"; nocase; ) # ceujar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025810; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ceujar|03|com"; nocase; ) # azmizcnmaym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025811; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|azmizcnmaym|04|info"; nocase; ) # rchcbpnix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025812; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rchcbpnix|03|com"; nocase; ) # qwilvquxh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025813; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qwilvquxh|04|info"; nocase; ) # ithpnja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025814; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ithpnja|03|org"; nocase; ) # lpbqlpeiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025815; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lpbqlpeiv|03|com"; nocase; ) # yhzeqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025816; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yhzeqj|03|biz"; nocase; ) # hunnax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025817; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hunnax|03|com"; nocase; ) # ifjssffl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025818; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ifjssffl|03|com"; nocase; ) # aaybdbadsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025819; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aaybdbadsx|03|net"; nocase; ) # ushwecvixro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025820; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ushwecvixro|03|net"; nocase; ) # wqtifmprsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025821; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wqtifmprsi|03|net"; nocase; ) # gqizyhur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025822; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gqizyhur|03|net"; nocase; ) # zmcwjyxeea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025823; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zmcwjyxeea|03|com"; nocase; ) # jcckacfv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025824; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jcckacfv|03|com"; nocase; ) # oeucbivnrt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025825; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|oeucbivnrt|03|net"; nocase; ) # nscmanxyrqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025826; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nscmanxyrqk|03|biz"; nocase; ) # pfdfgtkwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025827; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pfdfgtkwb|04|info"; nocase; ) # tvzqurxhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025828; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tvzqurxhf|03|com"; nocase; ) # hwtugjenxnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025829; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hwtugjenxnt|03|biz"; nocase; ) # wcqygp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025830; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wcqygp|03|com"; nocase; ) # cjtdiugzdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025831; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cjtdiugzdx|03|com"; nocase; ) # rwixghwuol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025832; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rwixghwuol|03|biz"; nocase; ) # yikcslznzo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025833; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yikcslznzo|04|info"; nocase; ) # hctkdpxoxd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025834; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hctkdpxoxd|04|info"; nocase; ) # uykvia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025835; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uykvia|03|com"; nocase; ) # ohrwki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025836; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ohrwki|03|org"; nocase; ) # ultxhmhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025837; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ultxhmhp|03|com"; nocase; ) # tsvlzeajjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025838; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tsvlzeajjy|03|org"; nocase; ) # nlfxic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025839; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nlfxic|03|com"; nocase; ) # mcxfjei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025840; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mcxfjei|03|com"; nocase; ) # uwblnge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025841; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uwblnge|03|com"; nocase; ) # zndylhgbfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025842; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zndylhgbfp|03|com"; nocase; ) # pkndzeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025843; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pkndzeh|03|com"; nocase; ) # wojcbitfyov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025844; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wojcbitfyov|03|biz"; nocase; ) # bncbot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025845; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bncbot|03|biz"; nocase; ) # ophcevktwbz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025846; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ophcevktwbz|03|com"; nocase; ) # oihuil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025847; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oihuil|03|com"; nocase; ) # uqzbook.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025848; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uqzbook|03|biz"; nocase; ) # rruvplnrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025849; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rruvplnrz|03|net"; nocase; ) # qerbpcddpl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025850; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qerbpcddpl|03|biz"; nocase; ) # nfbbdlnga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025851; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nfbbdlnga|03|com"; nocase; ) # ioihirg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025852; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ioihirg|03|net"; nocase; ) # bqbpmttasd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025853; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bqbpmttasd|03|net"; nocase; ) # svojtgunlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025854; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|svojtgunlq|03|org"; nocase; ) # cwphzy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025855; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cwphzy|04|info"; nocase; ) # mrmzpzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025856; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mrmzpzm|04|info"; nocase; ) # lmnzjvkpii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025857; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lmnzjvkpii|03|com"; nocase; ) # psojqnmqhov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025858; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|psojqnmqhov|03|biz"; nocase; ) # dqobcdlvaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025859; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dqobcdlvaq|03|com"; nocase; ) # ovdcqdgaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025860; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ovdcqdgaj|03|com"; nocase; ) # qjutywwk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025861; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qjutywwk|04|info"; nocase; ) # ohqtof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025862; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ohqtof|03|biz"; nocase; ) # fxvognzqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025863; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fxvognzqr|03|biz"; nocase; ) # gyclvo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025864; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gyclvo|04|info"; nocase; ) # jxjuaotwxfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025865; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jxjuaotwxfq|03|com"; nocase; ) # cpshchqasw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025866; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cpshchqasw|03|net"; nocase; ) # oqtttvr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025867; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oqtttvr|04|info"; nocase; ) # rflemigbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025868; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rflemigbn|03|com"; nocase; ) # hmlhabhmddv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025869; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hmlhabhmddv|03|com"; nocase; ) # sturpb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025870; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|sturpb|03|biz"; nocase; ) # rwelcihr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025871; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rwelcihr|03|com"; nocase; ) # ngtayzssm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025872; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ngtayzssm|03|net"; nocase; ) # avfsrpz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025873; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|avfsrpz|03|biz"; nocase; ) # vikkxe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025874; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vikkxe|04|info"; nocase; ) # ehdnhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025875; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ehdnhn|03|com"; nocase; ) # nrlrdhil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025876; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nrlrdhil|03|com"; nocase; ) # xyutovyx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025877; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xyutovyx|04|info"; nocase; ) # yjmugkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025878; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yjmugkl|03|org"; nocase; ) # zqkapgay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025879; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zqkapgay|03|com"; nocase; ) # spantxgqqgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025880; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|spantxgqqgt|03|com"; nocase; ) # plamwwshvp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025881; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|plamwwshvp|04|info"; nocase; ) # qpxsrhrixhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025882; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qpxsrhrixhd|03|com"; nocase; ) # wdpzmldnzfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025883; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wdpzmldnzfb|03|com"; nocase; ) # xcpecnbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025884; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xcpecnbj|03|com"; nocase; ) # skkicflv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025885; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|skkicflv|03|org"; nocase; ) # myingubbado.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025886; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|myingubbado|03|com"; nocase; ) # dymtbvuywsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025887; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dymtbvuywsj|03|net"; nocase; ) # ppgmgml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025888; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ppgmgml|03|org"; nocase; ) # deswsalgbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025889; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|deswsalgbh|03|com"; nocase; ) # wlnlje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025890; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wlnlje|03|org"; nocase; ) # mpveluza.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025891; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mpveluza|04|info"; nocase; ) # ulzmgdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025892; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ulzmgdd|03|com"; nocase; ) # sagmrphhyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025893; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sagmrphhyw|04|info"; nocase; ) # zooqbizna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025894; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zooqbizna|03|biz"; nocase; ) # phvqhotrr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025895; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|phvqhotrr|03|net"; nocase; ) # txdhuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025896; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|txdhuu|03|net"; nocase; ) # amnaynoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025897; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|amnaynoy|03|biz"; nocase; ) # ivjegqcrmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025898; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ivjegqcrmm|03|org"; nocase; ) # vcuyiffpizh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025899; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vcuyiffpizh|04|info"; nocase; ) # brcacozpaga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025900; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|brcacozpaga|03|com"; nocase; ) # oxnjpxzxsmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025901; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oxnjpxzxsmk|03|org"; nocase; ) # zuewzseh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025902; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zuewzseh|03|com"; nocase; ) # vkueug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025903; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vkueug|03|net"; nocase; ) # qxjfcfmfrvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025904; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qxjfcfmfrvm|04|info"; nocase; ) # cblqbcthoq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025905; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cblqbcthoq|03|biz"; nocase; ) # dqbtsim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025906; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dqbtsim|03|com"; nocase; ) # kxxkqvhh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025907; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kxxkqvhh|03|com"; nocase; ) # pqeueb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025908; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pqeueb|03|com"; nocase; ) # ojkfyce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025909; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ojkfyce|03|com"; nocase; ) # tdhweuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025910; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tdhweuo|03|net"; nocase; ) # hvysoetbayx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025911; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hvysoetbayx|04|info"; nocase; ) # fuypirfewjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025912; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fuypirfewjl|03|org"; nocase; ) # mshvmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025913; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mshvmb|03|org"; nocase; ) # xsymmc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025914; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xsymmc|03|org"; nocase; ) # sygdihpfrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025915; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sygdihpfrk|03|net"; nocase; ) # irflxgfmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025916; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|irflxgfmt|03|org"; nocase; ) # tbhwxojsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025917; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tbhwxojsz|03|net"; nocase; ) # bfdcaafccafkbbmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025918; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bfdcaafccafkbbmc|03|com"; nocase; ) # dbckmfbnceklcddf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025919; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbckmfbnceklcddf|03|com"; nocase; ) # ladlabcfbbadocmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025920; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ladlabcfbbadocmn|03|com"; nocase; ) # acklbokenmebnodd.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025921; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|acklbokenmebnodd|02|de"; nocase; ) # dbaaflncaefadofe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025922; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbaaflncaefadofe|03|com"; nocase; ) # ncccaafadddfllal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025923; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ncccaafadddfllal|03|com"; nocase; ) # cboknacbcfaeeefc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025924; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cboknacbcfaeeefc|03|org"; nocase; ) # mmkdfoabckabbdaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025925; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mmkdfoabckabbdaf|03|com"; nocase; ) # acdbeameabbaeeff.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025926; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|acdbeameabbaeeff|04|info"; nocase; ) # cckfblnacaecambd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025927; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cckfblnacaecambd|03|com"; nocase; ) # dfnmfocffeafdacl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025928; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dfnmfocffeafdacl|03|com"; nocase; ) # ecofnbabafonnmam.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025929; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ecofnbabafonnmam|04|info"; nocase; ) # aeeolcccaabbeend.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025930; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aeeolcccaabbeend|02|eu"; nocase; ) # cdbfldaddkfcmmff.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025931; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdbfldaddkfcmmff|02|de"; nocase; ) # kdcedolocbcdcbef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025932; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kdcedolocbcdcbef|03|com"; nocase; ) # bcclcfmedmfmcmae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025933; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bcclcfmedmfmcmae|03|com"; nocase; ) # ldbbccbbkbbfocdl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025934; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ldbbccbbkbbfocdl|04|info"; nocase; ) # meldebfbeecdflbb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025935; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|meldebfbeecdflbb|02|cc"; nocase; ) # dkdbmnddebaaobcm.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025936; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dkdbmnddebaaobcm|02|cc"; nocase; ) # dsdgfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025937; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dsdgfw|03|com"; nocase; ) # yhiwtc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025938; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yhiwtc|03|com"; nocase; ) # kuzfmu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025939; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kuzfmu|03|com"; nocase; ) # xezaek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025940; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xezaek|03|com"; nocase; ) # qfkylx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025941; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qfkylx|03|com"; nocase; ) # espowj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025942; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|espowj|03|com"; nocase; ) # egwpwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025943; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|egwpwx|03|com"; nocase; ) # oniipt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025944; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oniipt|03|com"; nocase; ) # ixaddj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025945; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ixaddj|03|com"; nocase; ) # ysxnus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025946; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ysxnus|03|com"; nocase; ) # ioafob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025947; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ioafob|03|com"; nocase; ) # mvtyui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025948; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mvtyui|03|com"; nocase; ) # cxroyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025949; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cxroyj|03|com"; nocase; ) # shhsjw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025950; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|shhsjw|03|com"; nocase; ) # pnyulb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025951; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|pnyulb|03|com"; nocase; ) # uabyeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025952; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uabyeo|03|com"; nocase; ) # hbcjeqnmpqugww.yt [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025953; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|hbcjeqnmpqugww|02|yt"; nocase; ) # uqyvbx.be [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025954; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|06|uqyvbx|02|be"; nocase; ) # mdfxr.pm [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025955; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|05|mdfxr|02|pm"; nocase; ) # gckqxyonnygcgpcpv.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025956; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|gckqxyonnygcgpcpv|02|su"; nocase; ) # wulknuw.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025957; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|wulknuw|05|click"; nocase; ) # iakhjprpfskvimc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025958; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|iakhjprpfskvimc|03|biz"; nocase; ) # njbrxwjrg.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025959; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|njbrxwjrg|03|xyz"; nocase; ) # qoelgolergpio.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025960; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|qoelgolergpio|04|work"; nocase; ) # gxbrycpmbg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025961; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|gxbrycpmbg|03|org"; nocase; ) # wxxxxujyulnvvsmb.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025962; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|wxxxxujyulnvvsmb|02|pl"; nocase; ) # crcwqiclvk.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025963; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|crcwqiclvk|03|xyz"; nocase; ) # wxxipvjwknftqleea.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025964; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|wxxipvjwknftqleea|05|click"; nocase; ) # jtkbjxdcjjdb.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025965; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|jtkbjxdcjjdb|02|pw"; nocase; ) # wasahrbnvvx.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025966; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|wasahrbnvvx|02|pw"; nocase; ) # xaqumlud.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025967; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|xaqumlud|02|pl"; nocase; ) # pircnxtpr.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025968; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|pircnxtpr|02|pl"; nocase; ) # yjwfjbbniulpdbpx.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025969; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|yjwfjbbniulpdbpx|04|work"; nocase; ) # hjknbyjnpjcvlksq.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025970; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|hjknbyjnpjcvlksq|05|click"; nocase; ) # gdlohfc.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025971; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|gdlohfc|04|work"; nocase; ) # vmsrmapxa.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025972; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|vmsrmapxa|02|pw"; nocase; ) # couvvthcxnxuxe.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025973; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|couvvthcxnxuxe|02|su"; nocase; ) # bdjfauejdga.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025974; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|bdjfauejdga|05|click"; nocase; ) # txcfaahyjfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025975; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|txcfaahyjfq|03|biz"; nocase; ) # yqpoyeo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025976; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|yqpoyeo|04|info"; nocase; ) # jeatfwnbhhukwmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025977; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|jeatfwnbhhukwmm|03|org"; nocase; ) # yunqnjoy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025978; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|yunqnjoy|02|ru"; nocase; ) # wrxrefxeoxgbeuvw.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025979; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|wrxrefxeoxgbeuvw|03|xyz"; nocase; ) # cmhrlmcnstkvuylv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025980; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|cmhrlmcnstkvuylv|02|ru"; nocase; ) # tsfypnftpupbrhvn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025981; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|tsfypnftpupbrhvn|04|info"; nocase; ) # pvfuwuahckven.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025982; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|pvfuwuahckven|04|work"; nocase; ) # vdtmoajmgwrnviqba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025983; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|vdtmoajmgwrnviqba|03|biz"; nocase; ) # tybqtgmewblqou.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025984; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|tybqtgmewblqou|05|click"; nocase; ) # orgguai.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025985; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|orgguai|02|su"; nocase; ) # xoajvxlw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025986; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|xoajvxlw|04|work"; nocase; ) # rhqbdxvtp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025987; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|rhqbdxvtp|02|su"; nocase; ) # urrmneerxdjgq.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025988; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|urrmneerxdjgq|03|xyz"; nocase; ) # hwpfsrewcfa.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025989; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|hwpfsrewcfa|03|xyz"; nocase; ) # rricaqtcywfbtpxp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025990; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|rricaqtcywfbtpxp|02|su"; nocase; ) # spxwqveojjvhigi.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025991; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|spxwqveojjvhigi|04|work"; nocase; ) # nifugdfaenvequn.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025992; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|nifugdfaenvequn|05|click"; nocase; ) # mhqrlctxuwvgmexe.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025993; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|mhqrlctxuwvgmexe|04|work"; nocase; ) # iepworw.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025994; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|iepworw|02|pl"; nocase; ) # gcwksyvxebbrnc.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025995; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|gcwksyvxebbrnc|02|pl"; nocase; ) # pjptxiyuccskkwea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025996; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|pjptxiyuccskkwea|03|org"; nocase; ) # neevbjjqrae.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025997; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|neevbjjqrae|02|pl"; nocase; ) # myjscefy.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025998; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|myjscefy|05|click"; nocase; ) # mhjgpaqithd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000025999; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|mhjgpaqithd|02|ru"; nocase; ) # wncwlluvhosb.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026000; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|wncwlluvhosb|02|su"; nocase; ) # awbpktsgbdnbu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026001; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|awbpktsgbdnbu|02|ru"; nocase; ) # rcqrlvqwfaucgxci.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026002; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|rcqrlvqwfaucgxci|03|biz"; nocase; ) # olwsgtwjlod.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026003; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|olwsgtwjlod|03|xyz"; nocase; ) # kmoxqcbyaxbfhsh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026004; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|kmoxqcbyaxbfhsh|02|ru"; nocase; ) # brghwjnr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026005; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|brghwjnr|02|ru"; nocase; ) # nyhxevjuevr.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026006; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|nyhxevjuevr|05|click"; nocase; ) # fnuxooa.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026007; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|fnuxooa|05|click"; nocase; ) # mimebqhlrwg.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026008; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|mimebqhlrwg|03|xyz"; nocase; ) # eikqbnknfajb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026009; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|eikqbnknfajb|04|info"; nocase; ) # bfhnocotqggohxspt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026010; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|bfhnocotqggohxspt|04|info"; nocase; ) # lordfjlqyswa.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026011; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|lordfjlqyswa|05|click"; nocase; ) # hkfxsmxiir.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026012; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|hkfxsmxiir|04|work"; nocase; ) # ihfiqwusqpo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026013; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ihfiqwusqpo|03|org"; nocase; ) # cuwbcukkiqyusu.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026014; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|cuwbcukkiqyusu|03|xyz"; nocase; ) # ldfimheun.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026015; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ldfimheun|03|biz"; nocase; ) # nhrjtnqqubbaexq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026016; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|nhrjtnqqubbaexq|03|org"; nocase; ) # brsipnkvbdsqhbgsh.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026017; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|brsipnkvbdsqhbgsh|03|xyz"; nocase; ) # llielje.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026018; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|llielje|02|su"; nocase; ) # ftfiowwvwplt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026019; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ftfiowwvwplt|02|ru"; nocase; ) # hujpqypbup.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026020; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|hujpqypbup|02|pl"; nocase; ) # ywwdyuur.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026021; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ywwdyuur|03|biz"; nocase; ) # fjelrspmeplyldrgd.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026022; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|fjelrspmeplyldrgd|03|xyz"; nocase; ) # mvwnncpovqsyuu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026023; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|mvwnncpovqsyuu|04|info"; nocase; ) # alblgsqhyffubvtkd.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026024; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|alblgsqhyffubvtkd|02|pw"; nocase; ) # msrlpofcrcglemsy.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026025; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|msrlpofcrcglemsy|02|pl"; nocase; ) # rcggkrerx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026026; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|rcggkrerx|03|xyz"; nocase; ) # txemobjgw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026027; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|txemobjgw|02|ru"; nocase; ) # oslvlpqiet.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026028; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|oslvlpqiet|04|info"; nocase; ) # jdufkocynwhx.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026029; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|jdufkocynwhx|02|su"; nocase; ) # ofevlfvdulijj.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026030; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ofevlfvdulijj|02|pw"; nocase; ) # fksigxe.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026031; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|fksigxe|02|pw"; nocase; ) # qcewbsriqgsymeq.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026032; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|qcewbsriqgsymeq|03|xyz"; nocase; ) # wspyukwp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026033; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|wspyukwp|03|biz"; nocase; ) # jrqovhwfveyoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026034; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|jrqovhwfveyoo|03|org"; nocase; ) # kmokmlmjwjdq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kmokmlmjwjdq|04|info"; nocase; ) # xitjsqywirgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xitjsqywirgg|03|com"; nocase; ) # rlukwfernnrf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rlukwfernnrf|02|co|02|uk"; nocase; ) # svawskowyxry.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|svawskowyxry|04|info"; nocase; ) # jcytujkyvnil.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jcytujkyvnil|02|co|02|uk"; nocase; ) # xtvxyrnmprry.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xtvxyrnmprry|04|info"; nocase; ) # dteijcixjjwgvo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dteijcixjjwgvo|04|info"; nocase; ) # eilkvmwfwrfpvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eilkvmwfwrfpvq|03|net"; nocase; ) # ividaymcejfdyd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ividaymcejfdyd|04|info"; nocase; ) # mqspbkogegyqkx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mqspbkogegyqkx|03|com"; nocase; ) # ndncescsvpdmbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ndncescsvpdmbu|03|net"; nocase; ) # tkswcebawomyny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tkswcebawomyny|03|com"; nocase; ) # wjfhcyxjokshdj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wjfhcyxjokshdj|04|info"; nocase; ) # xfdjdpdpwlvuku.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xfdjdpdpwlvuku|03|net"; nocase; ) # sxvjlemrjxbijk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sxvjlemrjxbijk|03|com"; nocase; ) # gtwfqjsgwiwaih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gtwfqjsgwiwaih|03|net"; nocase; ) # ajiasfgwqisvyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ajiasfgwqisvyu|04|info"; nocase; ) # bfgctpsjrvesgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bfgctpsjrvesgt|03|net"; nocase; ) # ctnegmxrjyvbgu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ctnegmxrjyvbgu|02|ru"; nocase; ) # lvbahjgqmvdqld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lvbahjgqmvdqld|03|net"; nocase; ) # ayxhgldujmfukc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ayxhgldujmfukc|03|biz"; nocase; ) # hrllhukougnbdx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hrllhukougnbdx|03|biz"; nocase; ) # igiaowjbrktbkx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|igiaowjbrktbkx|02|ru"; nocase; ) # fxfvaleseqxyov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fxfvaleseqxyov|03|org"; nocase; ) # stgrfqkhrbtqns.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|stgrfqkhrbtqns|02|co|02|uk"; nocase; ) # sgvfjjecwwiuji.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sgvfjjecwwiuji|02|ru"; nocase; ) # xvkmvkfbayafvw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xvkmvkfbayafvw|02|co|02|uk"; nocase; ) # truxvvjyijkpnx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|truxvvjyijkpnx|04|info"; nocase; ) # aeknmmpjuwbgmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aeknmmpjuwbgmy|03|com"; nocase; ) # bvuxmwcvchbltj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bvuxmwcvchbltj|03|biz"; nocase; ) # qwpkrgpxrbngqo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qwpkrgpxrbngqo|04|info"; nocase; ) # wyoxsyoobmmvrs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wyoxsyoobmmvrs|04|info"; nocase; ) # kpegkkrxfdfibd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kpegkkrxfdfibd|04|info"; nocase; ) # ogjiofusxlhfbc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ogjiofusxlhfbc|02|ru"; nocase; ) # qbtdtvafjaugiv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qbtdtvafjaugiv|02|co|02|uk"; nocase; ) # hxjpcxtciajnwc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hxjpcxtciajnwc|02|co|02|uk"; nocase; ) # abdkmthoqemvma.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|abdkmthoqemvma|02|ru"; nocase; ) # ophqbvsgafyock.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ophqbvsgafyock|04|info"; nocase; ) # vwnvmekythtaei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vwnvmekythtaei|03|org"; nocase; ) # cqcpknahtjunpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cqcpknahtjunpq|03|org"; nocase; ) # pcxwrsujnfunmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pcxwrsujnfunmh|03|com"; nocase; ) # knhrbukhkvvnvl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|knhrbukhkvvnvl|03|com"; nocase; ) # ljcmbktjklfubu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ljcmbktjklfubu|02|co|02|uk"; nocase; ) # qrryfioxuvogni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qrryfioxuvogni|03|org"; nocase; ) # gulhkpsyevgusp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gulhkpsyevgusp|02|co|02|uk"; nocase; ) # cmmaxdhlhwotbd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cmmaxdhlhwotbd|03|biz"; nocase; ) # wxvuhfwjenptpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wxvuhfwjenptpc|03|biz"; nocase; ) # xiwlxnkkkalgpe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xiwlxnkkkalgpe|02|ru"; nocase; ) # ntqaypjxdpgnbrs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ntqaypjxdpgnbrs|03|net"; nocase; ) # brlxxupmteujjqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|brlxxupmteujjqb|03|biz"; nocase; ) # vtwkdtdmtkiyrsp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vtwkdtdmtkiyrsp|03|com"; nocase; ) # xsujtepikapxiev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xsujtepikapxiev|03|biz"; nocase; ) # albiiuqsisqntcf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|albiiuqsisqntcf|04|info"; nocase; ) # aohweffqthcmrtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aohweffqthcmrtk|03|net"; nocase; ) # ijbyxpycxotryjt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ijbyxpycxotryjt|02|ru"; nocase; ) # bojxqrepolialal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bojxqrepolialal|04|info"; nocase; ) # mxwcbxduvbhsbcd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mxwcbxduvbhsbcd|02|ru"; nocase; ) # digwhkquktvkach.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|digwhkquktvkach|04|info"; nocase; ) # ehhdgjdqvmgoecx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ehhdgjdqvmgoecx|03|org"; nocase; ) # rphuthgvidvtuvm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rphuthgvidvtuvm|02|co|02|uk"; nocase; ) # famonyfmkklmkic.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|famonyfmkklmkic|04|info"; nocase; ) # gvkmbjrcdgaykoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gvkmbjrcdgaykoy|03|net"; nocase; ) # jvkxsbgmwghbxnl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jvkxsbgmwghbxnl|03|org"; nocase; ) # nwmkvskdvjowksi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nwmkvskdvjowksi|02|ru"; nocase; ) # snvfxuafhvyyoyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|snvfxuafhvyyoyn|04|info"; nocase; ) # umteofmbxlgxvjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|umteofmbxlgxvjk|03|net"; nocase; ) # ghtjvrvgaxenygl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ghtjvrvgaxenygl|04|info"; nocase; ) # tdufbwcuniafhmx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tdufbwcuniafhmx|03|com"; nocase; ) # hdrhjibjqjjiyyt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hdrhjibjqjjiyyt|03|net"; nocase; ) # qudooylkmebgmvu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qudooylkmebgmvu|02|ru"; nocase; ) # caubjajilponjrn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|caubjajilponjrn|03|org"; nocase; ) # qnaysieghxwpysj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qnaysieghxwpysj|02|co|02|uk"; nocase; ) # ncyupfmqrcevpup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ncyupfmqrcevpup|03|net"; nocase; ) # otjbcpygqgcipbm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|otjbcpygqgcipbm|02|ru"; nocase; ) # xiuellymsrpmqaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xiuellymsrpmqaw|03|com"; nocase; ) # lnjbyedqtystyqx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lnjbyedqtystyqx|02|ru"; nocase; ) # cdfqmvipnhvcyum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cdfqmvipnhvcyum|03|net"; nocase; ) # pbqvkbwuwxyajsb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pbqvkbwuwxyajsb|02|ru"; nocase; ) # ywvvobsihqxfkgi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ywvvobsihqxfkgi|03|biz"; nocase; ) # eebwmtpmxtchjee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eebwmtpmxtchjee|03|org"; nocase; ) # hakbugfgitrahej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hakbugfgitrahej|03|com"; nocase; ) # imfproshehpmxtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|imfproshehpmxtu|03|net"; nocase; ) # juurmwkvcshifdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|juurmwkvcshifdr|03|biz"; nocase; ) # khpgjfxwxgfuffu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khpgjfxwxgfuffu|02|ru"; nocase; ) # adqpdtowbpffjix.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|adqpdtowbpffjix|02|ru"; nocase; ) # bphahscypknisrr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bphahscypknisrr|03|org"; nocase; ) # poqsauyogntdktq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|poqsauyogntdktq|02|co|02|uk"; nocase; ) # ygccynrtpartscx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ygccynrtpartscx|03|com"; nocase; ) # kcjtkihrnuajoqf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kcjtkihrnuajoqf|02|co|02|uk"; nocase; ) # micpmtncuekixus.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|micpmtncuekixus|04|info"; nocase; ) # qvxnitiygcycboq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qvxnitiygcycboq|02|co|02|uk"; nocase; ) # erylhcxfmlagjdc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|erylhcxfmlagjdc|04|info"; nocase; ) # vaejrqwytwhw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vaejrqwytwhw|03|com"; nocase; ) # aemfqcyosrdj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aemfqcyosrdj|03|net"; nocase; ) # dbmmjcmehwbx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dbmmjcmehwbx|04|info"; nocase; ) # dbghmxncnscl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dbghmxncnscl|03|biz"; nocase; ) # sjgcubmddkoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sjgcubmddkoa|03|com"; nocase; ) # gsllnhwmfqor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gsllnhwmfqor|03|biz"; nocase; ) # hqvvttguleqb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hqvvttguleqb|02|co|02|uk"; nocase; ) # idqhacaaddmu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|idqhacaaddmu|04|info"; nocase; ) # kcokemmycyvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kcokemmycyvm|03|net"; nocase; ) # heptfdgrbrwk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|heptfdgrbrwk|03|biz"; nocase; ) # ianvgtlxjsax.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026137; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ianvgtlxjsax|03|org"; nocase; ) # aonoftygcngl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026138; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aonoftygcngl|03|biz"; nocase; ) # qubliaookjre.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026139; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qubliaookjre|03|biz"; nocase; ) # dykswjxluvrf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026140; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dykswjxluvrf|03|com"; nocase; ) # trunevdyfmyn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026141; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|trunevdyfmyn|02|ru"; nocase; ) # vwfgyqaqxthq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026142; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vwfgyqaqxthq|03|biz"; nocase; ) # wjarfytvpsdk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026143; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjarfytvpsdk|02|ru"; nocase; ) # yixujpyivgul.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026144; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yixujpyivgul|02|co|02|uk"; nocase; ) # rbtqdgjjqsms.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026145; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rbtqdgjjqsms|04|info"; nocase; ) # gssnmvidfhuj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026146; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gssnmvidfhuj|03|biz"; nocase; ) # luwidvvnuuea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026147; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|luwidvvnuuea|03|biz"; nocase; ) # ljilpyclkjgn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026148; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ljilpyclkjgn|03|biz"; nocase; ) # fwbfstibhgxt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026149; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fwbfstibhgxt|02|co|02|uk"; nocase; ) # vnjrdpheasgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026150; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vnjrdpheasgu|03|net"; nocase; ) # opktmrlqoveh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026151; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|opktmrlqoveh|03|biz"; nocase; ) # qoiwqiqdujvi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026152; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qoiwqiqdujvi|03|org"; nocase; ) # spnjtvauildc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026153; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|spnjtvauildc|04|info"; nocase; ) # dffnjgtbgxqs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026154; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dffnjgtbgxqs|02|ru"; nocase; ) # exayvqkcwaoq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026155; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|exayvqkcwaoq|02|co|02|uk"; nocase; ) # tgdlsgoxoiut.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026156; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tgdlsgoxoiut|03|biz"; nocase; ) # vqihfbrlmusw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026157; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vqihfbrlmusw|04|info"; nocase; ) # vvxefgtkhqtv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026158; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vvxefgtkhqtv|03|com"; nocase; ) # kjnypsjxladb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026159; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kjnypsjxladb|04|info"; nocase; ) # kyiawdameiwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026160; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kyiawdameiwu|03|net"; nocase; ) # glcuhofvlnbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026161; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|glcuhofvlnbp|03|com"; nocase; ) # hxwihtpjxcav.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026162; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hxwihtpjxcav|03|net"; nocase; ) # locckoqkaxvp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026163; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|locckoqkaxvp|02|co|02|uk"; nocase; ) # pxjhampkqocv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026164; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pxjhampkqocv|04|info"; nocase; ) # dveipuljmxrc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026165; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dveipuljmxrc|03|com"; nocase; ) # uomqyfshcsem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026166; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uomqyfshcsem|03|net"; nocase; ) # vwcxenearnkd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026167; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vwcxenearnkd|03|biz"; nocase; ) # bacfhqyupdnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026168; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bacfhqyupdnh|03|com"; nocase; ) # mexvgbkpruqq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026169; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mexvgbkpruqq|02|ru"; nocase; ) # unwmegnjreyn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026170; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|unwmegnjreyn|02|ru"; nocase; ) # aunexpwmylol.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026171; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aunexpwmylol|02|ru"; nocase; ) # nqobaxslfcor.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026172; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nqobaxslfcor|03|org"; nocase; ) # lgcbipllmkcp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026173; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lgcbipllmkcp|03|biz"; nocase; ) # xmwxunrogjmd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026174; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xmwxunrogjmd|02|co|02|uk"; nocase; ) # ifqjstmbbcls.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026175; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ifqjstmbbcls|03|biz"; nocase; ) # mvvdvbedooan.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026176; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mvvdvbedooan|04|info"; nocase; ) # ophlrdvngbok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026177; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ophlrdvngbok|03|biz"; nocase; ) # cliitlrmmroq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026178; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cliitlrmmroq|02|ru"; nocase; ) # gcncwsjoaedl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026179; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gcncwsjoaedl|03|com"; nocase; ) # wgpucnbrejhx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026180; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wgpucnbrejhx|02|ru"; nocase; ) # bwuofustrvvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026181; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bwuofustrvvs|03|com"; nocase; ) # chvgsdmnxblh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026182; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|chvgsdmnxblh|03|net"; nocase; ) # vapfoewrpisal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026183; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vapfoewrpisal|03|com"; nocase; ) # jjcjcatngkcti.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026184; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jjcjcatngkcti|04|info"; nocase; ) # nrgtguuovotvi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026185; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nrgtguuovotvi|02|ru"; nocase; ) # nnkfblvdffxgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026186; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nnkfblvdffxgq|03|com"; nocase; ) # pvdouhlimjdmh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026187; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pvdouhlimjdmh|02|ru"; nocase; ) # rgcfkarujevik.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026188; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rgcfkarujevik|02|ru"; nocase; ) # hndptmjtcmlfs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026189; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hndptmjtcmlfs|04|info"; nocase; ) # vogpousvyinkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026190; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vogpousvyinkr|03|com"; nocase; ) # yglxdxjpbbsrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026191; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yglxdxjpbbsrk|03|com"; nocase; ) # escihosjdxaql.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026192; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|escihosjdxaql|02|co|02|uk"; nocase; ) # roddptfqqywkk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026193; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|roddptfqqywkk|04|info"; nocase; ) # mjkrraybkavki.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026194; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mjkrraybkavki|04|info"; nocase; ) # npqypwcmqsdri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026195; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|npqypwcmqsdri|03|net"; nocase; ) # oarojcmoeyjhi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026196; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oarojcmoeyjhi|03|biz"; nocase; ) # ltegcxlkvblol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026197; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ltegcxlkvblol|03|com"; nocase; ) # ypfbkghxxwaet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026198; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ypfbkghxxwaet|03|net"; nocase; ) # yslhfdkdgvoyi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026199; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yslhfdkdgvoyi|02|ru"; nocase; ) # tnsvhguvlcnyu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026200; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tnsvhguvlcnyu|02|ru"; nocase; ) # tcqnwfdxqrxje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026201; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tcqnwfdxqrxje|03|net"; nocase; ) # hcnqcqvttcgkv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026202; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hcnqcqvttcgkv|03|biz"; nocase; ) # psvamcclbeces.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026203; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|psvamcclbeces|02|ru"; nocase; ) # sfcmdsokncfms.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026204; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sfcmdsokncfms|02|co|02|uk"; nocase; ) # tbakqjtnenkha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026205; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tbakqjtnenkha|03|com"; nocase; ) # merpgjjixcklh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026206; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|merpgjjixcklh|03|biz"; nocase; ) # cyqjfikloyprg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026207; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cyqjfikloyprg|02|co|02|uk"; nocase; ) # eiwusywxdhheu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026208; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eiwusywxdhheu|03|com"; nocase; ) # sltybhgapmjft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026209; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sltybhgapmjft|03|net"; nocase; ) # wtxxhluetforx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026210; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wtxxhluetforx|02|co|02|uk"; nocase; ) # anfyokbvkouxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026211; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|anfyokbvkouxx|03|net"; nocase; ) # alkvkoaehyicd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026212; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|alkvkoaehyicd|03|org"; nocase; ) # fcnfjetjjxkso.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026213; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fcnfjetjjxkso|04|info"; nocase; ) # gtxlvogyicifm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026214; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gtxlvogyicifm|03|net"; nocase; ) # hjhdheyyhfvtk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026215; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hjhdheyyhfvtk|03|org"; nocase; ) # wuhgefjcgklli.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026216; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wuhgefjcgklli|04|info"; nocase; ) # rkblhgetvyoto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026217; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rkblhgetvyoto|03|org"; nocase; ) # iqogqlbpyfttb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026218; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iqogqlbpyfttb|03|org"; nocase; ) # lefyifystpeyi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026219; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lefyifystpeyi|02|ru"; nocase; ) # dwnhrpgqjkqjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026220; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dwnhrpgqjkqjw|03|org"; nocase; ) # wixfwodoebfkd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026221; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wixfwodoebfkd|02|co|02|uk"; nocase; ) # lvjilecamcylj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026222; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lvjilecamcylj|03|net"; nocase; ) # mgdhkbflmmwsh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026223; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mgdhkbflmmwsh|02|ru"; nocase; ) # er1s2712dehszv0pyjh11vh8h8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|er1s2712dehszv0pyjh11vh8h8|03|org"; nocase; ) # 1c1jan71wvmcy11npi9wo1x80aur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c1jan71wvmcy11npi9wo1x80aur|03|com"; nocase; ) # 1g7nm5mrcl7585jthmtjo7f48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g7nm5mrcl7585jthmtjo7f48|03|com"; nocase; ) # 16fp7gudchiltcut0t5jlxdyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16fp7gudchiltcut0t5jlxdyn|03|biz"; nocase; ) # 1fwy5wnu8ts4c1hsx7co6kanqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fwy5wnu8ts4c1hsx7co6kanqy|03|biz"; nocase; ) # aohwrwskg4dp1p913pwwm9git.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aohwrwskg4dp1p913pwwm9git|03|com"; nocase; ) # czqb4ndo32hx1k7nqqx1mg5da7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|czqb4ndo32hx1k7nqqx1mg5da7|03|net"; nocase; ) # 1elqcjt18h8eeh17b7tgt5vofyf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1elqcjt18h8eeh17b7tgt5vofyf|03|biz"; nocase; ) # vryidh1046tkmu0ssa01abxp73.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vryidh1046tkmu0ssa01abxp73|03|com"; nocase; ) # 178jrj219nas57j7nikgzm49v4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178jrj219nas57j7nikgzm49v4|03|org"; nocase; ) # 124q0qcpez39p1jvvcy51m9hnl7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124q0qcpez39p1jvvcy51m9hnl7|03|com"; nocase; ) # sbj66r1tgdzy693gkg4a60ppu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbj66r1tgdzy693gkg4a60ppu|03|org"; nocase; ) # k2s02yooy091dq5x916rdlpt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k2s02yooy091dq5x916rdlpt|03|com"; nocase; ) # 1x7d5ag9oprrg60y9tu1wa9dog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x7d5ag9oprrg60y9tu1wa9dog|03|net"; nocase; ) # fen7bw1i9ajsf1hau0b6sdngup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fen7bw1i9ajsf1hau0b6sdngup|03|org"; nocase; ) # ncchqu1tf2asg524exp1c3oyqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ncchqu1tf2asg524exp1c3oyqa|03|net"; nocase; ) # 1jc29xh1iz25gp18447hlfs69b5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jc29xh1iz25gp18447hlfs69b5|03|com"; nocase; ) # vy5oe1a0ps6b1637ipjtjq9vo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vy5oe1a0ps6b1637ipjtjq9vo|03|biz"; nocase; ) # 1st0vh04ul66y4fzq3nf2lrky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1st0vh04ul66y4fzq3nf2lrky|03|net"; nocase; ) # 15n4kbh1fxpxqnqvzxg1agxah4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15n4kbh1fxpxqnqvzxg1agxah4|03|net"; nocase; ) # 1mjhy9r1xuh8iqxp580ojfgox7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mjhy9r1xuh8iqxp580ojfgox7|03|biz"; nocase; ) # 18t39t11y9dap71og6fzzzttvlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18t39t11y9dap71og6fzzzttvlc|03|org"; nocase; ) # vqyhn61i6w7dm14n3ov1cpjlth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vqyhn61i6w7dm14n3ov1cpjlth|03|net"; nocase; ) # 1jvcx6u1vk2po3s4230wapbyzn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jvcx6u1vk2po3s4230wapbyzn|03|biz"; nocase; ) # dcaee3hpclb9w5cwdt1jmsxly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dcaee3hpclb9w5cwdt1jmsxly|03|com"; nocase; ) # 1razsywzwbeq1n1sf26a35mh2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1razsywzwbeq1n1sf26a35mh2|03|biz"; nocase; ) # 1hdeoq5zy2nxc15nqvy01xj1jzf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hdeoq5zy2nxc15nqvy01xj1jzf|03|org"; nocase; ) # 1kwv3791j2b5os11avqr518za7co.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kwv3791j2b5os11avqr518za7co|03|org"; nocase; ) # 1h2kdj1f3q6vk1wuf4s021m3nx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2kdj1f3q6vk1wuf4s021m3nx|03|org"; nocase; ) # yntbbir2x4f9zha2i97prc6d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yntbbir2x4f9zha2i97prc6d|03|org"; nocase; ) # axawg7rktvgxo73927uzcv93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|axawg7rktvgxo73927uzcv93|03|net"; nocase; ) # 16zsga9z14wn21v76dph1gkdfew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16zsga9z14wn21v76dph1gkdfew|03|org"; nocase; ) # lvjaqeu4v1uy1ni9eya149igq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lvjaqeu4v1uy1ni9eya149igq0|03|biz"; nocase; ) # u00cr324b9h2kr3sazi21mmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u00cr324b9h2kr3sazi21mmn|03|com"; nocase; ) # g2va55155wtxi1qfpu948t7wzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g2va55155wtxi1qfpu948t7wzm|03|net"; nocase; ) # 1wn3w7z1hu1owd1aik40envq48u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wn3w7z1hu1owd1aik40envq48u|03|org"; nocase; ) # 1cwze5wgrzl78kvwvj11dpcs5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cwze5wgrzl78kvwvj11dpcs5a|03|net"; nocase; ) # 7hninqgokm9z1j1bio4u586rk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7hninqgokm9z1j1bio4u586rk|03|com"; nocase; ) # t4xoavus6w6q11fyjvwubjsa2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4xoavus6w6q11fyjvwubjsa2|03|com"; nocase; ) # g8g9mk18yfjb46qj1ic1b2es3i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g8g9mk18yfjb46qj1ic1b2es3i|03|net"; nocase; ) # nby08k1cgmlwd1xvh7irhs1kh3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nby08k1cgmlwd1xvh7irhs1kh3|03|org"; nocase; ) # gljao41i53uon3r0v7g1cum4br.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gljao41i53uon3r0v7g1cum4br|03|net"; nocase; ) # yq8m2d1j4ajl81c5o0f91np7x6w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yq8m2d1j4ajl81c5o0f91np7x6w|03|com"; nocase; ) # 2t8b5q14cohhiyjmcw9oqrdr3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2t8b5q14cohhiyjmcw9oqrdr3|03|net"; nocase; ) # 1jiibm8zxldwbgwao91t62opj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jiibm8zxldwbgwao91t62opj|03|org"; nocase; ) # 1yr3zmi1krjzyg1n5qyyb10m2dbh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yr3zmi1krjzyg1n5qyyb10m2dbh|03|biz"; nocase; ) # 18iyiq115vye791ul089i1l9xdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18iyiq115vye791ul089i1l9xdb|03|com"; nocase; ) # naqr4s1t9k4asrnyvsq18uhv4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|naqr4s1t9k4asrnyvsq18uhv4x|03|org"; nocase; ) # tcrmxc10x5dm11h9ai7p16trfqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tcrmxc10x5dm11h9ai7p16trfqo|03|org"; nocase; ) # 1uwndlowbdbw41wa6br2xbaxeg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwndlowbdbw41wa6br2xbaxeg|03|net"; nocase; ) # 1cgu85f4303vs1tc7i5c18u6567.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cgu85f4303vs1tc7i5c18u6567|03|org"; nocase; ) # 1dc848emfkgvt1xii1gd93zx65.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dc848emfkgvt1xii1gd93zx65|03|com"; nocase; ) # 1eblhsotpf0n117pcpp1qnazwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eblhsotpf0n117pcpp1qnazwv|03|net"; nocase; ) # algfwasjk3tz1224c6e1js9i9n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|algfwasjk3tz1224c6e1js9i9n|03|org"; nocase; ) # 4kczef15jtxwf9s82hbxwgmnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4kczef15jtxwf9s82hbxwgmnx|03|biz"; nocase; ) # 1e5bvpm1sisxn1w95uee4ttit0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5bvpm1sisxn1w95uee4ttit0|03|biz"; nocase; ) # c4zkie1hm40yd1ggmyb91bw8xks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c4zkie1hm40yd1ggmyb91bw8xks|03|com"; nocase; ) # 1w3tri15bj2ag6crwwa1hhuhww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w3tri15bj2ag6crwwa1hhuhww|03|net"; nocase; ) # 15dwttj1frc9dk2rudjn130brz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15dwttj1frc9dk2rudjn130brz8|03|net"; nocase; ) # 9m0lqd3p0ck5ikam4c1546wli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9m0lqd3p0ck5ikam4c1546wli|03|com"; nocase; ) # 6qg5l1xv9ztkibohqc129wq9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6qg5l1xv9ztkibohqc129wq9a|03|net"; nocase; ) # 1yqk00n1mw6q9fmab2iv1q7phe2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yqk00n1mw6q9fmab2iv1q7phe2|03|org"; nocase; ) # zh3yh21o6lsf3dhk4zx1xoq72j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zh3yh21o6lsf3dhk4zx1xoq72j|03|biz"; nocase; ) # 1p7qsn3g8sk0o1wknwa71hgrdtq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p7qsn3g8sk0o1wknwa71hgrdtq|03|org"; nocase; ) # 1lu646ovkmu009m38btv97f07.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lu646ovkmu009m38btv97f07|03|net"; nocase; ) # 1llejqn1gg851v1coplitxnis2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1llejqn1gg851v1coplitxnis2p|03|org"; nocase; ) # s2izh2f1c4q81wt2npq14u1338.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s2izh2f1c4q81wt2npq14u1338|03|org"; nocase; ) # 1e148x51q1w20416e9pfr19gvxqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e148x51q1w20416e9pfr19gvxqv|03|net"; nocase; ) # 1k4124d1nrqk741cyn3ombhybbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k4124d1nrqk741cyn3ombhybbp|03|com"; nocase; ) # 12bm1qz36a091rphp8hyye3l2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12bm1qz36a091rphp8hyye3l2|03|org"; nocase; ) # sv2z5ffr1j511vrjcleiyvzef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sv2z5ffr1j511vrjcleiyvzef|03|org"; nocase; ) # 1p3w5tih1rp5hus4qey8z4l6q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p3w5tih1rp5hus4qey8z4l6q|03|com"; nocase; ) # khwqzz1xqokqo1euynb829vlfx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|khwqzz1xqokqo1euynb829vlfx|03|biz"; nocase; ) # pqtcmh19yd07dxnswvjdtuh5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pqtcmh19yd07dxnswvjdtuh5b|03|com"; nocase; ) # 4z9rdk7v17j7sekcge14nlmxp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4z9rdk7v17j7sekcge14nlmxp|03|biz"; nocase; ) # d93s9spxctml1gcav8ccf1qva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d93s9spxctml1gcav8ccf1qva|03|net"; nocase; ) # jfp4321muzo9vn80abi1mjcfjb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jfp4321muzo9vn80abi1mjcfjb|03|com"; nocase; ) # 1e398t2f39oh2nfdfmn1e6t75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e398t2f39oh2nfdfmn1e6t75|03|com"; nocase; ) # pxf922zpkvacgrw071ploxpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pxf922zpkvacgrw071ploxpk|03|net"; nocase; ) # vcb4v31cgnste13vck8n1y9yabf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vcb4v31cgnste13vck8n1y9yabf|03|net"; nocase; ) # 1tmcplt1ks08hvu79l3v1c7sc6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tmcplt1ks08hvu79l3v1c7sc6c|03|biz"; nocase; ) # 1m9v9m71nwgir71ke6x3816fhk9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m9v9m71nwgir71ke6x3816fhk9f|03|com"; nocase; ) # 1x63thz8gb24w133byne1xukmiy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x63thz8gb24w133byne1xukmiy|03|org"; nocase; ) # 1598uzv1ktjpv11lhr3ave1oa47.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1598uzv1ktjpv11lhr3ave1oa47|03|biz"; nocase; ) # epntzo10627o61cl56syk7nz5v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|epntzo10627o61cl56syk7nz5v|03|biz"; nocase; ) # 1rxqibietr8aesmp0h8y5v9c5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rxqibietr8aesmp0h8y5v9c5|03|com"; nocase; ) # h8ffcc3u4e2e1806411q6aq8q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h8ffcc3u4e2e1806411q6aq8q|03|org"; nocase; ) # 1mbklyf18tnrvzpl2vivms2haz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mbklyf18tnrvzpl2vivms2haz|03|com"; nocase; ) # 1ac4z6p18od2bt190ghw31l4kn2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ac4z6p18od2bt190ghw31l4kn2i|03|org"; nocase; ) # 1jlg2zu1hujfpi1p6cdu01g0ikn0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jlg2zu1hujfpi1p6cdu01g0ikn0|03|com"; nocase; ) # 1jv3q551wt0d8v1v84yyo5grdrf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jv3q551wt0d8v1v84yyo5grdrf|03|org"; nocase; ) # 1xoae6a25acau1hzsh748eusra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xoae6a25acau1hzsh748eusra|03|net"; nocase; ) # xsvyonvf78j761m3qnjgnnak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xsvyonvf78j761m3qnjgnnak|03|com"; nocase; ) # 1xbm1gk1e01izopdi1az1ukfqkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xbm1gk1e01izopdi1az1ukfqkl|03|org"; nocase; ) # 1yhvdn3hca3xe1gn7vpp1qsrmql.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yhvdn3hca3xe1gn7vpp1qsrmql|03|biz"; nocase; ) # 7t8bkh1gbuctdw29feghgsphx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7t8bkh1gbuctdw29feghgsphx|03|net"; nocase; ) # 1018praxlb90h1p6quog55qhx8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1018praxlb90h1p6quog55qhx8|03|com"; nocase; ) # 1b6q1an1o7ay5s90buxv1hs94yf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b6q1an1o7ay5s90buxv1hs94yf|03|net"; nocase; ) # 19tlxllpvvlg82oha8zzsprir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19tlxllpvvlg82oha8zzsprir|03|com"; nocase; ) # 14vzyyz10o8bwl1m3lrnfzol9g6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14vzyyz10o8bwl1m3lrnfzol9g6|03|com"; nocase; ) # 19asfti10l8tmi1bsy1lw4lsc7a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19asfti10l8tmi1bsy1lw4lsc7a|03|org"; nocase; ) # ctr08t1bzz3ec7ona0n11fk3u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctr08t1bzz3ec7ona0n11fk3u|03|org"; nocase; ) # q8ub8rzewrct1hz8l4c1hn04xz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8ub8rzewrct1hz8l4c1hn04xz|03|net"; nocase; ) # 192do1b1af5vqj12ta8jqs0kcmu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|192do1b1af5vqj12ta8jqs0kcmu|03|biz"; nocase; ) # f2hmbs10r5wnv6flp14vi54lg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f2hmbs10r5wnv6flp14vi54lg|03|biz"; nocase; ) # 21thokbwrrty134zk8g641sb2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21thokbwrrty134zk8g641sb2|03|biz"; nocase; ) # 1k97sjq1xf8a1k1uk4wdr18kitab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k97sjq1xf8a1k1uk4wdr18kitab|03|com"; nocase; ) # h3js5uzfij7f1cxzyu21hrqsgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h3js5uzfij7f1cxzyu21hrqsgp|03|org"; nocase; ) # 1q1zn11q9ucjx1fwwb1t1x7l4y2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q1zn11q9ucjx1fwwb1t1x7l4y2|03|net"; nocase; ) # qv9ceyvo7jv1e88mbib1id50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qv9ceyvo7jv1e88mbib1id50|03|net"; nocase; ) # 1o24puu11qk2dzmnkgy2zh8ypa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o24puu11qk2dzmnkgy2zh8ypa|03|net"; nocase; ) # 756otxo7fu6txl1gez1n4g7kw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|756otxo7fu6txl1gez1n4g7kw|03|org"; nocase; ) # 7mc1ty1s1334q40o6zb19b18bx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7mc1ty1s1334q40o6zb19b18bx|03|biz"; nocase; ) # 1hiqt10mb1qxt1xdy22q18uikfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hiqt10mb1qxt1xdy22q18uikfs|03|org"; nocase; ) # 1xxtwqc1ei6at51ixj3cpouzx0y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xxtwqc1ei6at51ixj3cpouzx0y|03|com"; nocase; ) # 1su7cv3i9fkk4wmc9saww922h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1su7cv3i9fkk4wmc9saww922h|03|net"; nocase; ) # 1l28avcdww5bifhwitxw2dojy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l28avcdww5bifhwitxw2dojy|03|biz"; nocase; ) # 1lwyorc16cylae7irkr91usdc46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lwyorc16cylae7irkr91usdc46|03|org"; nocase; ) # z6qhp51r37xvu1b8alpk1sjym8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z6qhp51r37xvu1b8alpk1sjym8f|03|net"; nocase; ) # 1tj79g8zn2j9u1dv5d7i1ed666o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tj79g8zn2j9u1dv5d7i1ed666o|03|biz"; nocase; ) # t2gq2l1jd615b18k7hwnsys12d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t2gq2l1jd615b18k7hwnsys12d|03|net"; nocase; ) # 1o0c3ua12tz70b1m5nci3xconfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o0c3ua12tz70b1m5nci3xconfx|03|net"; nocase; ) # 12jlz4735uq8cdo8di19kdcj3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12jlz4735uq8cdo8di19kdcj3|03|org"; nocase; ) # 922ox11esqmtnwl50zf1r2zhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|922ox11esqmtnwl50zf1r2zhf|03|com"; nocase; ) # rj072re33ohhb4h597bux690.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rj072re33ohhb4h597bux690|03|com"; nocase; ) # 9blz7m1pytv42vnc1ka1uil3gn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9blz7m1pytv42vnc1ka1uil3gn|03|biz"; nocase; ) # pewdhs1jor0nir9zel31xvj37h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pewdhs1jor0nir9zel31xvj37h|03|org"; nocase; ) # 1sj6yngrtd1hjdbmdl759wjb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sj6yngrtd1hjdbmdl759wjb3|03|net"; nocase; ) # ekgm95jjj7b8tg62o4sns5q0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ekgm95jjj7b8tg62o4sns5q0|03|org"; nocase; ) # 1y8p0qdote2gq5l2lygldzll5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y8p0qdote2gq5l2lygldzll5|03|biz"; nocase; ) # 1tmq17z10e0utvk3zvea2u0tro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tmq17z10e0utvk3zvea2u0tro|03|com"; nocase; ) # 1m2v4ar1am72wm18i5zrqr3pkbj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2v4ar1am72wm18i5zrqr3pkbj|03|net"; nocase; ) # hhigat1dbz2b6qqvzx686mdlv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hhigat1dbz2b6qqvzx686mdlv|03|org"; nocase; ) # yjg13fajvs65jygzjtbya7so.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yjg13fajvs65jygzjtbya7so|03|net"; nocase; ) # 1dx6ss01afx1az18qcerbtcxt1b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dx6ss01afx1az18qcerbtcxt1b|03|com"; nocase; ) # svb6y619wtpqnij9qjnho0b7l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|svb6y619wtpqnij9qjnho0b7l|03|net"; nocase; ) # 157ogl2eryppsnvi3oa1w952ci.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157ogl2eryppsnvi3oa1w952ci|03|org"; nocase; ) # 1bi2vp9f3xdgq1mtq61deu3d7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bi2vp9f3xdgq1mtq61deu3d7v|03|org"; nocase; ) # 9f88rjiyk8ymr6imms11s6vm9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f88rjiyk8ymr6imms11s6vm9|03|biz"; nocase; ) # r6pfj11nrlk8fwhod9qdwxdid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6pfj11nrlk8fwhod9qdwxdid|03|com"; nocase; ) # 1myc3xjbon0bx1tm32cl10rv5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1myc3xjbon0bx1tm32cl10rv5h|03|net"; nocase; ) # 1c6q5o1bwb0rdnapx3g1lqdk62.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c6q5o1bwb0rdnapx3g1lqdk62|03|org"; nocase; ) # 1yp4goa1ghx0oyv8q1g318zoxn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yp4goa1ghx0oyv8q1g318zoxn6|03|org"; nocase; ) # 1fss5u21prk0pu1wqcx471fq60nn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fss5u21prk0pu1wqcx471fq60nn|03|net"; nocase; ) # vfkffl1n0c3qr1w51urw1rl5rz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vfkffl1n0c3qr1w51urw1rl5rz8|03|net"; nocase; ) # 1d3i8q912fu27kkccur5huuy7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d3i8q912fu27kkccur5huuy7g|03|com"; nocase; ) # 2uc5douy6f9mpdmuhh1qm0u6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2uc5douy6f9mpdmuhh1qm0u6e|03|org"; nocase; ) # 1im49g117vzymg1sno6dl13e7do3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1im49g117vzymg1sno6dl13e7do3|03|biz"; nocase; ) # q4afsab1wtxz19w78yjjgl8bl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q4afsab1wtxz19w78yjjgl8bl|03|net"; nocase; ) # c9xol1m3ghfs1h0m0m31kz3j0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c9xol1m3ghfs1h0m0m31kz3j0n|03|org"; nocase; ) # 1s3m2u61vvdixcnsa00i1jp49g3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3m2u61vvdixcnsa00i1jp49g3|03|net"; nocase; ) # tk2iu67pyuxzfzv7t1qby44x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tk2iu67pyuxzfzv7t1qby44x|03|biz"; nocase; ) # 14u8sgf1biixn61793h5b3rz416.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14u8sgf1biixn61793h5b3rz416|03|net"; nocase; ) # 1osyhi418m8jay1xoeadg1nyhj8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1osyhi418m8jay1xoeadg1nyhj8i|03|com"; nocase; ) # ylk63vc4ohbs7f5rbas9kp1u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ylk63vc4ohbs7f5rbas9kp1u|03|net"; nocase; ) # 1dfniglr7gl0bytvpqos58ym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1dfniglr7gl0bytvpqos58ym|03|net"; nocase; ) # 1gk35sb1ta3dq71wqg34ab9aoe8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gk35sb1ta3dq71wqg34ab9aoe8|03|net"; nocase; ) # 10b4kb01l2qwg81ci8s0hb520nx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10b4kb01l2qwg81ci8s0hb520nx|03|org"; nocase; ) # 1ofigzd1uvx53xakk58pbn51fk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ofigzd1uvx53xakk58pbn51fk|03|org"; nocase; ) # 4ae85rlz7nts1abogwz1fp2d2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ae85rlz7nts1abogwz1fp2d2i|03|net"; nocase; ) # 1ybnugz1f6qjdcpwd5ry1auixm9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybnugz1f6qjdcpwd5ry1auixm9|03|org"; nocase; ) # qhl82218p4vi71er4hu81r9oi9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qhl82218p4vi71er4hu81r9oi9q|03|com"; nocase; ) # 50ec561v7tm2o1m936oi1y3qmz6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|50ec561v7tm2o1m936oi1y3qmz6|03|biz"; nocase; ) # zr3qwh1jlk0cp1dw69f3avh9o0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zr3qwh1jlk0cp1dw69f3avh9o0|03|net"; nocase; ) # 1b4tggofj3xqffq07qfu5ryto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b4tggofj3xqffq07qfu5ryto|03|biz"; nocase; ) # jxp2vt17c97hl1uex2z71gvwai3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jxp2vt17c97hl1uex2z71gvwai3|03|net"; nocase; ) # 1uwqx6u9u4a251v4ms3h0y1bw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uwqx6u9u4a251v4ms3h0y1bw|03|net"; nocase; ) # 1c22v4v1vqkldchzwmin127ydi4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c22v4v1vqkldchzwmin127ydi4|03|biz"; nocase; ) # 1rhy1bb115lflxbgxk4n7axkpz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rhy1bb115lflxbgxk4n7axkpz|03|biz"; nocase; ) # 1ya48cxchtbjg1oianks1vj4afx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ya48cxchtbjg1oianks1vj4afx|03|com"; nocase; ) # 1a2gzsj17jqcyg106h5ds1rioloh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a2gzsj17jqcyg106h5ds1rioloh|03|org"; nocase; ) # 1h5iat41wog35ubibgw11orljhx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5iat41wog35ubibgw11orljhx|03|net"; nocase; ) # wn8j501dab0101r4w0qz172xrj5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wn8j501dab0101r4w0qz172xrj5|03|org"; nocase; ) # 8sfx9m1hm46j51smo37jsvndw1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8sfx9m1hm46j51smo37jsvndw1|03|biz"; nocase; ) # 15oer6d12irkx4ejveuu100oqh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15oer6d12irkx4ejveuu100oqh5|03|net"; nocase; ) # jgkpeu1co8dcmfpn9541w7cth8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jgkpeu1co8dcmfpn9541w7cth8|03|biz"; nocase; ) # 1bm633twmckp218qv3apl2m3ss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bm633twmckp218qv3apl2m3ss|03|com"; nocase; ) # 2dw8axp87kt81a7l39t122j7kq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2dw8axp87kt81a7l39t122j7kq|03|net"; nocase; ) # ibgt2s1u1cqyz1nlfwu3xp8lls.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ibgt2s1u1cqyz1nlfwu3xp8lls|03|net"; nocase; ) # 1n13b7yqs7s3nyuka411bvcip8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n13b7yqs7s3nyuka411bvcip8|03|biz"; nocase; ) # 1cj3ltm8hp9ewx79sd3k9lmwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cj3ltm8hp9ewx79sd3k9lmwr|03|net"; nocase; ) # 1gt3a1ianokv11yp65od166c6r7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gt3a1ianokv11yp65od166c6r7|03|com"; nocase; ) # 1quuqok8c433x1srml7s1shdmfk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1quuqok8c433x1srml7s1shdmfk|03|org"; nocase; ) # gvh43abku6db14ylvksrxnhby.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gvh43abku6db14ylvksrxnhby|03|com"; nocase; ) # 10txwm7s6pfli1q9xto5cbyvxz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10txwm7s6pfli1q9xto5cbyvxz|03|org"; nocase; ) # 10w2e3un4no511mvalroz362v9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10w2e3un4no511mvalroz362v9|03|org"; nocase; ) # 98u3ji10r7718dctzj1157hyh0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98u3ji10r7718dctzj1157hyh0|03|biz"; nocase; ) # e96oht5w0gy3ptkjf93mwugb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e96oht5w0gy3ptkjf93mwugb|03|net"; nocase; ) # 17tcb87lh48z6ostv0d6z0qet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17tcb87lh48z6ostv0d6z0qet|03|biz"; nocase; ) # v4kae917wg5nc2nj26l194hfsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4kae917wg5nc2nj26l194hfsu|03|net"; nocase; ) # 1o4s5qgnibdp31wsp9oy1iwnujf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4s5qgnibdp31wsp9oy1iwnujf|03|net"; nocase; ) # vfp7b0blxgth9sqtaldsehnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vfp7b0blxgth9sqtaldsehnn|03|com"; nocase; ) # 17nj0ww133ucaa164mwqyymva3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17nj0ww133ucaa164mwqyymva3v|03|biz"; nocase; ) # 1yfscsk1tjis09e94t367zf0am.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yfscsk1tjis09e94t367zf0am|03|net"; nocase; ) # 1h21j62s2rhkubibv201ho7xcn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h21j62s2rhkubibv201ho7xcn|03|org"; nocase; ) # 1zsr8k92ziuf7kxdt3anz538.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1zsr8k92ziuf7kxdt3anz538|03|biz"; nocase; ) # 1ojngbz1evn77k10pp9qy1b4mpeb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ojngbz1evn77k10pp9qy1b4mpeb|03|net"; nocase; ) # 2p8l5n1i9wa531v30qgkec4re0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2p8l5n1i9wa531v30qgkec4re0|03|com"; nocase; ) # 1pdgt3vv78uj1e203ph1e5y7kg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pdgt3vv78uj1e203ph1e5y7kg|03|org"; nocase; ) # 186n1ik1g6narw66s78ho2e1ul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|186n1ik1g6narw66s78ho2e1ul|03|net"; nocase; ) # 1dqxwevkihsssek0p8b1fpuroz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dqxwevkihsssek0p8b1fpuroz|03|com"; nocase; ) # flpk1pfg8cf71e2pcz01d38gag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|flpk1pfg8cf71e2pcz01d38gag|03|com"; nocase; ) # 1qhrmmokf6dq119nk4cyvjdmt4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhrmmokf6dq119nk4cyvjdmt4|03|org"; nocase; ) # 1m7l76r14atlrk4f1nqc12uj3yd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m7l76r14atlrk4f1nqc12uj3yd|03|org"; nocase; ) # nu8w9g18r608ivj3wqbloco2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nu8w9g18r608ivj3wqbloco2l|03|com"; nocase; ) # 1di10tn17bs82z18my4ie1qu8hgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1di10tn17bs82z18my4ie1qu8hgt|03|org"; nocase; ) # 1idiil11036eh1rntafksdmsyh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1idiil11036eh1rntafksdmsyh|03|net"; nocase; ) # 6ish1cif8v7vhyuxr8164cjy0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ish1cif8v7vhyuxr8164cjy0|03|net"; nocase; ) # yqisli10cdddgcjk6a11xz5t2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yqisli10cdddgcjk6a11xz5t2z|03|com"; nocase; ) # 55a0d1v66czp1dt7n9s4i7pmy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|55a0d1v66czp1dt7n9s4i7pmy|03|net"; nocase; ) # 98hecnqmao0gpythx3fw6ov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|98hecnqmao0gpythx3fw6ov|03|com"; nocase; ) # omq1iz1e9h6qjqgs6g1kpipxi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|omq1iz1e9h6qjqgs6g1kpipxi|03|com"; nocase; ) # 1ph5g8n11s6hrd15iaevbf7b8sn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ph5g8n11s6hrd15iaevbf7b8sn|03|net"; nocase; ) # 5wmzil1xwrpkw1lm2lik1cbm0yl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5wmzil1xwrpkw1lm2lik1cbm0yl|03|com"; nocase; ) # b5em14vnl1tdphrr5x1j33i4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b5em14vnl1tdphrr5x1j33i4|03|org"; nocase; ) # kep5ux16z1ge9xn23e81alxy2j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kep5ux16z1ge9xn23e81alxy2j|03|biz"; nocase; ) # 14t6uytum5t731mid14v1olcyaj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14t6uytum5t731mid14v1olcyaj|03|net"; nocase; ) # q7obz6qz7m6bz4a22z1ney363.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q7obz6qz7m6bz4a22z1ney363|03|net"; nocase; ) # 3pmj9h9jqbkh7t8rygkq2tfm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3pmj9h9jqbkh7t8rygkq2tfm|03|org"; nocase; ) # 1dtberqghoai847yyj96idr6p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dtberqghoai847yyj96idr6p|03|org"; nocase; ) # st9bpmx37ixcjympyj13fbcdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|st9bpmx37ixcjympyj13fbcdg|03|com"; nocase; ) # apu9yu1v6td8y33cz6dh7a2ri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|apu9yu1v6td8y33cz6dh7a2ri|03|com"; nocase; ) # 1alug50glj32mopbyh41sk3tlt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alug50glj32mopbyh41sk3tlt|03|com"; nocase; ) # 1k90djl5x17q1pn53583s7h75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k90djl5x17q1pn53583s7h75|03|net"; nocase; ) # 1tzzrv0mjwbdk88yaw716ng3ak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzzrv0mjwbdk88yaw716ng3ak|03|net"; nocase; ) # 4zwuq7mc2w5yier9okh023tp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4zwuq7mc2w5yier9okh023tp|03|org"; nocase; ) # jhlxu71x42cx9amh21112pnc3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhlxu71x42cx9amh21112pnc3x|03|com"; nocase; ) # 6baonw139cske106vwcldllih2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6baonw139cske106vwcldllih2|03|com"; nocase; ) # yuh832rlznj15uqkzyte0b5y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yuh832rlznj15uqkzyte0b5y|03|com"; nocase; ) # 1mo614t1mjm21adyylxrrkp8q3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mo614t1mjm21adyylxrrkp8q3|03|net"; nocase; ) # 1vmvtuv18xant4endbxchigmzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vmvtuv18xant4endbxchigmzy|03|net"; nocase; ) # 1do9mvdic90y51ny9sujxuv63u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1do9mvdic90y51ny9sujxuv63u|03|org"; nocase; ) # h9dhrrgeqlnm1lh0kl5nqwtry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h9dhrrgeqlnm1lh0kl5nqwtry|03|net"; nocase; ) # 1uf2j0f12q4fmx1kjn8c16ke5nw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uf2j0f12q4fmx1kjn8c16ke5nw|03|com"; nocase; ) # 12e9boxugs3xszsn6n41yl60y9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12e9boxugs3xszsn6n41yl60y9|03|biz"; nocase; ) # 14si5n21sy5ias1dc7xew1xc69tw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14si5n21sy5ias1dc7xew1xc69tw|03|com"; nocase; ) # 8dafdbw8is7qz91ap6nvwqhx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8dafdbw8is7qz91ap6nvwqhx|03|net"; nocase; ) # lynfvzhubzcszkeeuxmo0k5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lynfvzhubzcszkeeuxmo0k5c|03|net"; nocase; ) # vecyna1tujpztqacmam3q8n9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vecyna1tujpztqacmam3q8n9f|03|com"; nocase; ) # 1q03c1h1mgflfc15aqr5g1jjnqt5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q03c1h1mgflfc15aqr5g1jjnqt5|03|org"; nocase; ) # 41xjrvo50m22lzsfkk1kfuw4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|41xjrvo50m22lzsfkk1kfuw4n|03|com"; nocase; ) # 1ry1ydxf6rktt1c1f6lu1gyp54m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ry1ydxf6rktt1c1f6lu1gyp54m|03|com"; nocase; ) # 123pysv12ap4j417qlu0c1djermu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|123pysv12ap4j417qlu0c1djermu|03|net"; nocase; ) # 10i9rrf163ldcgcw72lr1x9rdd0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10i9rrf163ldcgcw72lr1x9rdd0|03|net"; nocase; ) # 11rj1uq1enigmkrl7az0161vauu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11rj1uq1enigmkrl7az0161vauu|03|com"; nocase; ) # 7kwlfw1kiy0tb16rxc3xyrt805.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7kwlfw1kiy0tb16rxc3xyrt805|03|net"; nocase; ) # 20fv431o3t6vye5rzn9sar8li.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|20fv431o3t6vye5rzn9sar8li|03|com"; nocase; ) # 1txwa093yf3v4su4d371yooqfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1txwa093yf3v4su4d371yooqfr|03|com"; nocase; ) # 1bhtwtbjtlaqiqp2we71tm376j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bhtwtbjtlaqiqp2we71tm376j|03|net"; nocase; ) # vubplv4vi44l74kutfc4rcup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vubplv4vi44l74kutfc4rcup|03|org"; nocase; ) # 17q44zr16s7tzz98mcrmub7arx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17q44zr16s7tzz98mcrmub7arx|03|com"; nocase; ) # ljwytnwz0an01rjri5dy2nf00.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ljwytnwz0an01rjri5dy2nf00|03|biz"; nocase; ) # euncbs3bjjwrd6a0bp1n95tg6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|euncbs3bjjwrd6a0bp1n95tg6|03|com"; nocase; ) # 5k25kinus7kg1iw4cbs16wpm70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5k25kinus7kg1iw4cbs16wpm70|03|net"; nocase; ) # 1gl1j4s10ulgf1jclijm1059aiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gl1j4s10ulgf1jclijm1059aiy|03|com"; nocase; ) # o0awvp1mf7knx1khkqvz1snoawp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o0awvp1mf7knx1khkqvz1snoawp|03|biz"; nocase; ) # d1x52p2m4i9r2p0u65134ypcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d1x52p2m4i9r2p0u65134ypcs|03|net"; nocase; ) # ma8mxnrrcf9z1w8v9u21k2d3aw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ma8mxnrrcf9z1w8v9u21k2d3aw|03|org"; nocase; ) # ypa92pigex5utvbl0z1b8nbos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypa92pigex5utvbl0z1b8nbos|03|com"; nocase; ) # 1n1rl596q57613i4naa1fzd5j6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1rl596q57613i4naa1fzd5j6|03|org"; nocase; ) # y6kmgmkqqh94djq7a1o8hqwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y6kmgmkqqh94djq7a1o8hqwh|03|org"; nocase; ) # 1hnfurkckdgw312i3a4ijvnxv8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hnfurkckdgw312i3a4ijvnxv8|03|biz"; nocase; ) # yzv0tzggxnlc6f24xg8o9u04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yzv0tzggxnlc6f24xg8o9u04|03|org"; nocase; ) # 10183tc1uf4xzh1mfijtyuzleul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10183tc1uf4xzh1mfijtyuzleul|03|net"; nocase; ) # 1v29r68nn70wczf2x6143ccvb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v29r68nn70wczf2x6143ccvb|03|net"; nocase; ) # gemnhw1658810rh6sb61hiba7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gemnhw1658810rh6sb61hiba7w|03|com"; nocase; ) # 2839odrhwz3ttc4yghppfpxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2839odrhwz3ttc4yghppfpxv|03|net"; nocase; ) # 3o6x91m84sck1csf2bd5e9nhe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3o6x91m84sck1csf2bd5e9nhe|03|biz"; nocase; ) # oooqv81api3rz1fkkz8a1603exw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oooqv81api3rz1fkkz8a1603exw|03|com"; nocase; ) # 148d5fn1qt6x241wy589m1tnk99c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|148d5fn1qt6x241wy589m1tnk99c|03|biz"; nocase; ) # 1gojhkb1l1dyhdzr8p9f5a0gud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gojhkb1l1dyhdzr8p9f5a0gud|03|org"; nocase; ) # dhyoj41ckiwtyim4xgbj73aj6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dhyoj41ckiwtyim4xgbj73aj6|03|com"; nocase; ) # 1eqho38d2ikbr19vznupv1vfme.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eqho38d2ikbr19vznupv1vfme|03|biz"; nocase; ) # 1x3uuk91elmdw58lw3bp1or029f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x3uuk91elmdw58lw3bp1or029f|03|net"; nocase; ) # 1wi3z6w15h8qtf1kl4wgg46565s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi3z6w15h8qtf1kl4wgg46565s|03|org"; nocase; ) # 47pjciu9973pi5didl1g3rme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|47pjciu9973pi5didl1g3rme|03|com"; nocase; ) # 5219zu127ekyq4dyx1jn0b3tz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5219zu127ekyq4dyx1jn0b3tz|03|org"; nocase; ) # 1p0ftyj1axs6843g5l8br5wgjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p0ftyj1axs6843g5l8br5wgjb|03|biz"; nocase; ) # 16bqcnbzzr0ii7bcfdizg3km7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16bqcnbzzr0ii7bcfdizg3km7|03|net"; nocase; ) # 18fk7bo1il9sal9r6wlh1aj5p91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18fk7bo1il9sal9r6wlh1aj5p91|03|com"; nocase; ) # 1o9nv82616jk8125yob61tw5ljp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o9nv82616jk8125yob61tw5ljp|03|com"; nocase; ) # 1ezttpk1fn0pmpsr6e9ue6p0jo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ezttpk1fn0pmpsr6e9ue6p0jo|03|org"; nocase; ) # e9twxr1ejh54913gzqbc1vezz0y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e9twxr1ejh54913gzqbc1vezz0y|03|biz"; nocase; ) # 1ct828w22zheraa6xhekwsiag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ct828w22zheraa6xhekwsiag|03|com"; nocase; ) # puq3nlypz7ryzlao0m30ny3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|puq3nlypz7ryzlao0m30ny3w|03|net"; nocase; ) # 18w900d1m22vnsn5qa5wi57fj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18w900d1m22vnsn5qa5wi57fj3|03|com"; nocase; ) # g5l7841s76k0010f66ug1fyzuvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g5l7841s76k0010f66ug1fyzuvc|03|org"; nocase; ) # mosa7pwwfttj1mqa3m0agh2ny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mosa7pwwfttj1mqa3m0agh2ny|03|com"; nocase; ) # i4i1461jxlx0l1cu1fp3o32f3q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i4i1461jxlx0l1cu1fp3o32f3q|03|net"; nocase; ) # 81olpuvqd48m498dyu1bi239j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|81olpuvqd48m498dyu1bi239j|03|net"; nocase; ) # 1adr3hft95r0n181xzyz1hjwkgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adr3hft95r0n181xzyz1hjwkgj|03|net"; nocase; ) # 1kqwzsn1hx20hf194pj1g164llbe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kqwzsn1hx20hf194pj1g164llbe|03|com"; nocase; ) # 1lqnz8y1ekaqrc3s0ugcpqtqju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lqnz8y1ekaqrc3s0ugcpqtqju|03|biz"; nocase; ) # 1gtwcgqaaunly1lweo399a89gm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gtwcgqaaunly1lweo399a89gm|03|org"; nocase; ) # jsgxryhzsnn1wi5i4l1sae50h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jsgxryhzsnn1wi5i4l1sae50h|03|com"; nocase; ) # n2d6d110exb8hr1jq83fcdzaf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n2d6d110exb8hr1jq83fcdzaf|03|net"; nocase; ) # 3rvhjk1ihxkct1fx454vxhhtvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rvhjk1ihxkct1fx454vxhhtvm|03|net"; nocase; ) # 1b8yhywgvlrw414msetn1xaez44.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b8yhywgvlrw414msetn1xaez44|03|net"; nocase; ) # hav0hsjh1vzazdxse2hjt3hb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hav0hsjh1vzazdxse2hjt3hb|03|com"; nocase; ) # 9lmabjsxvxlzd0to0f1cjva4a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9lmabjsxvxlzd0to0f1cjva4a|03|org"; nocase; ) # 1gr8dzoy441hamwcec1hkipot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gr8dzoy441hamwcec1hkipot|03|biz"; nocase; ) # 1a3rd7w5pl7q41w32bacq5lswv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a3rd7w5pl7q41w32bacq5lswv|03|com"; nocase; ) # i57uwf11of65q15c0m221i67s01.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i57uwf11of65q15c0m221i67s01|03|net"; nocase; ) # mn9gfg7ls4kviq09mr150eik2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mn9gfg7ls4kviq09mr150eik2|03|net"; nocase; ) # 16xxmvgc2ubi41e00b1lodnph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16xxmvgc2ubi41e00b1lodnph|03|net"; nocase; ) # h0b7m416zbbrzqxpgpw9p4uz9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0b7m416zbbrzqxpgpw9p4uz9|03|org"; nocase; ) # mo2vmy1cpjyq71jt9e0c15n3g2s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mo2vmy1cpjyq71jt9e0c15n3g2s|03|biz"; nocase; ) # 1aomudr1yehg7314svtk39tzceo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aomudr1yehg7314svtk39tzceo|03|com"; nocase; ) # 1xym5wp1ijjid2rru3oa9tpfmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xym5wp1ijjid2rru3oa9tpfmo|03|net"; nocase; ) # 2d2s8nuf2em917efo471hlxdbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2d2s8nuf2em917efo471hlxdbg|03|com"; nocase; ) # cqq1b51rfm5fokufwcs1ctri91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cqq1b51rfm5fokufwcs1ctri91|03|net"; nocase; ) # 1dl5qvtoh7noj14qfl8t8nvbj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dl5qvtoh7noj14qfl8t8nvbj7|03|net"; nocase; ) # 1xo35ts9j5518ua2dr11fhgb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xo35ts9j5518ua2dr11fhgb3|03|net"; nocase; ) # ipv2ix1pypo591xzw9bmjr5v8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ipv2ix1pypo591xzw9bmjr5v8c|03|com"; nocase; ) # zcwmq3s6bpbufafjf44lbe6q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zcwmq3s6bpbufafjf44lbe6q|03|biz"; nocase; ) # jtb0utwg9j7skn7dqb1445i2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtb0utwg9j7skn7dqb1445i2v|03|org"; nocase; ) # 9mxuwus4nus71cgsian1g68z48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9mxuwus4nus71cgsian1g68z48|03|net"; nocase; ) # 1o2cboo8847wa1vd2sm5khamw0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o2cboo8847wa1vd2sm5khamw0|03|org"; nocase; ) # fgd32x868k4kmpvv0v1witoor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgd32x868k4kmpvv0v1witoor|03|com"; nocase; ) # 1ectipp12xqcv417jti9lujuyf6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ectipp12xqcv417jti9lujuyf6|03|org"; nocase; ) # bg8jax1j40k1p19ijab31w91exi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bg8jax1j40k1p19ijab31w91exi|03|net"; nocase; ) # 1cfpb6c4jt2nx12jre451rp69nx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cfpb6c4jt2nx12jre451rp69nx|03|org"; nocase; ) # 1mbf3vnvtzol11v5jta44rhk86.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mbf3vnvtzol11v5jta44rhk86|03|org"; nocase; ) # 1y8hulm1elb09119s7hropexba4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8hulm1elb09119s7hropexba4|03|net"; nocase; ) # cr0n0aswzehy16q8ybabsshmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cr0n0aswzehy16q8ybabsshmj|03|net"; nocase; ) # sxdbwo1esl5qge8gygw1wi20wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sxdbwo1esl5qge8gygw1wi20wz|03|com"; nocase; ) # 1etdi4xzo04vclauwg4g6yp9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1etdi4xzo04vclauwg4g6yp9x|03|net"; nocase; ) # fgn2va1eca9kjr0scerxxeond.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgn2va1eca9kjr0scerxxeond|03|net"; nocase; ) # rq1gl6dqrb9z1pkqqsg13zjkab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rq1gl6dqrb9z1pkqqsg13zjkab|03|org"; nocase; ) # 2ctp0z64vvj08330kp2qg2j1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ctp0z64vvj08330kp2qg2j1|03|com"; nocase; ) # pulrw8zi4jzlbh7cir1f327w6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pulrw8zi4jzlbh7cir1f327w6|03|org"; nocase; ) # 1nilj4q1r9b7bkaot38l1po616.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nilj4q1r9b7bkaot38l1po616|03|net"; nocase; ) # p9mkz4ko82yf18ox62t1csf6p1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9mkz4ko82yf18ox62t1csf6p1|03|org"; nocase; ) # 1ecmvawczrc35ko9w241homg47.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ecmvawczrc35ko9w241homg47|03|net"; nocase; ) # 14mk9hf1vqdctt5kvj6b1bnwbx9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14mk9hf1vqdctt5kvj6b1bnwbx9|03|net"; nocase; ) # s7qu3z1twl6d5tgdj3q12p2vhq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s7qu3z1twl6d5tgdj3q12p2vhq|03|net"; nocase; ) # 106s5ongguxdy1fnkxs16wci8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|106s5ongguxdy1fnkxs16wci8a|03|org"; nocase; ) # 1rw7095iyl8lzrkj7lu1xvcy8d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rw7095iyl8lzrkj7lu1xvcy8d|03|net"; nocase; ) # rdehttkl1keyg1ji5dzpdqoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdehttkl1keyg1ji5dzpdqoq|03|org"; nocase; ) # 1kcqpy3bvm44b14ywyno1260lg8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kcqpy3bvm44b14ywyno1260lg8|03|net"; nocase; ) # 160dioc1dpvlsi6vnwp311arxtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|160dioc1dpvlsi6vnwp311arxtz|03|net"; nocase; ) # 1uabjis1l8q7j41egl7281n14czb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uabjis1l8q7j41egl7281n14czb|03|biz"; nocase; ) # 15ctrgh19tfyyt1gtex6m4iew5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ctrgh19tfyyt1gtex6m4iew5j|03|net"; nocase; ) # a68x1w1sheihu1rjomyu1reuzpu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a68x1w1sheihu1rjomyu1reuzpu|03|com"; nocase; ) # 5llklpkit6tu1bsnpn3d0m3g7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5llklpkit6tu1bsnpn3d0m3g7|03|com"; nocase; ) # nxt14u1ljgb94bq4nplwc19mr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nxt14u1ljgb94bq4nplwc19mr|03|org"; nocase; ) # 16ck3gp1gtmu75k4x8dm1y7o307.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ck3gp1gtmu75k4x8dm1y7o307|03|net"; nocase; ) # 1hiesb21o5an6b1snhdaw1d6h3am.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hiesb21o5an6b1snhdaw1d6h3am|03|com"; nocase; ) # tware1mzjqqygz9grp17l8z0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tware1mzjqqygz9grp17l8z0g|03|net"; nocase; ) # 1pdawm31056m621i3n23xwt9pse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pdawm31056m621i3n23xwt9pse|03|org"; nocase; ) # 8880jkjrmskmqzy6tl1aej3zz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8880jkjrmskmqzy6tl1aej3zz|03|org"; nocase; ) # vhx96jv7hrf0lrlw4e4fok8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vhx96jv7hrf0lrlw4e4fok8f|03|net"; nocase; ) # zxnc3gwyjx7t1wbl11p1ei6rb7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zxnc3gwyjx7t1wbl11p1ei6rb7|03|org"; nocase; ) # sq47p3uk1oceygrj4kw7i0ut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sq47p3uk1oceygrj4kw7i0ut|03|net"; nocase; ) # 16dffr81tgvh69ekujzq1tnjrku.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16dffr81tgvh69ekujzq1tnjrku|03|com"; nocase; ) # 12hz8dplaqqys8cprgrqy501s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12hz8dplaqqys8cprgrqy501s|03|org"; nocase; ) # 1ok8v1nfmoohnbw8wqd1ufe7z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ok8v1nfmoohnbw8wqd1ufe7z7|03|net"; nocase; ) # 30ddolw9628547jb7x1xfdkmh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30ddolw9628547jb7x1xfdkmh|03|org"; nocase; ) # 1aehobxt6llownwm4pu1qhxk15.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aehobxt6llownwm4pu1qhxk15|03|org"; nocase; ) # vlu2821npnworyzpet81n6vlj8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vlu2821npnworyzpet81n6vlj8|03|org"; nocase; ) # 17b89jy1pesjyhn9w31a1rvogt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17b89jy1pesjyhn9w31a1rvogt4|03|com"; nocase; ) # nfgmlj51mnw81cszflq6vhbz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nfgmlj51mnw81cszflq6vhbz|03|biz"; nocase; ) # vx1pkx1x7zz341hzepodwpqs9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vx1pkx1x7zz341hzepodwpqs9m|03|net"; nocase; ) # s13o491jz7n7i18nrz9x1po4zy1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s13o491jz7n7i18nrz9x1po4zy1|03|org"; nocase; ) # 1938h3ue892v51aft8wytbnvib.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1938h3ue892v51aft8wytbnvib|03|biz"; nocase; ) # be5wvq1u14ne6un9oak10m1qpt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|be5wvq1u14ne6un9oak10m1qpt|03|org"; nocase; ) # 1rh4ggf1e67to4ag7ob1bng6if.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rh4ggf1e67to4ag7ob1bng6if|03|com"; nocase; ) # 1htry0u15j2lvr9zfndxbs02mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1htry0u15j2lvr9zfndxbs02mt|03|com"; nocase; ) # 1d00z0c1rc87m81j441scvb9wf7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d00z0c1rc87m81j441scvb9wf7|03|org"; nocase; ) # 1158lnv1wr51gn1bqbl5zbzwsc6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1158lnv1wr51gn1bqbl5zbzwsc6|03|net"; nocase; ) # 7iafo11yb9tbf1ewu57x1yz6nxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7iafo11yb9tbf1ewu57x1yz6nxo|03|net"; nocase; ) # k1bn3z1i7gablgevr579ijhr7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k1bn3z1i7gablgevr579ijhr7|03|biz"; nocase; ) # 102q39o1a8e3ut1qcfc8jrelyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|102q39o1a8e3ut1qcfc8jrelyc|03|net"; nocase; ) # 12ejk6i1srzo1h1tz9fdh1a9vt0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12ejk6i1srzo1h1tz9fdh1a9vt0b|03|net"; nocase; ) # 1oudgohdzy5ie16ixt88e9olra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oudgohdzy5ie16ixt88e9olra|03|com"; nocase; ) # 63uznt1cha1h11pw1todvkg7it.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|63uznt1cha1h11pw1todvkg7it|03|biz"; nocase; ) # wqpq8t1jle0ksqup3bxevl3ig.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqpq8t1jle0ksqup3bxevl3ig|03|biz"; nocase; ) # j3kfl316x83ezmi9gwu1wesygp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j3kfl316x83ezmi9gwu1wesygp|03|net"; nocase; ) # 1u128zx1rr9lon1rg78nx5bkgt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u128zx1rr9lon1rg78nx5bkgt1|03|com"; nocase; ) # hh6vek1y2c0w513lzkdb1btujfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hh6vek1y2c0w513lzkdb1btujfd|03|com"; nocase; ) # xx7raoovsb6cdgpl4dsuhkhq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xx7raoovsb6cdgpl4dsuhkhq|03|org"; nocase; ) # ck0ikz1no198qbvmaty17vd1lv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ck0ikz1no198qbvmaty17vd1lv|03|biz"; nocase; ) # 19dcjfq1i2wzpv374drn1anwlce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19dcjfq1i2wzpv374drn1anwlce|03|com"; nocase; ) # 10td9m1q9uf1fgy30qo1eayucw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10td9m1q9uf1fgy30qo1eayucw|03|net"; nocase; ) # 1ho6xxby70asm1aqgh4d1s2nnp2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ho6xxby70asm1aqgh4d1s2nnp2|03|net"; nocase; ) # 1huxlv11ckeza41vskkv1gbcek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1huxlv11ckeza41vskkv1gbcek|03|biz"; nocase; ) # ubqle6v4svpluuwvbdf6ic2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ubqle6v4svpluuwvbdf6ic2h|03|biz"; nocase; ) # 19hnbgo3xt9qd17lu81q17m0213.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19hnbgo3xt9qd17lu81q17m0213|03|com"; nocase; ) # 1wx04bn2u7bief8wlyx17izz58.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wx04bn2u7bief8wlyx17izz58|03|biz"; nocase; ) # zpms09cfesf45iukss32ipg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zpms09cfesf45iukss32ipg9|03|net"; nocase; ) # ac3ls3f94hji1koxexi1qoxaio.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ac3ls3f94hji1koxexi1qoxaio|03|net"; nocase; ) # ffnxyx3w39wc1wihc0k53adx9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ffnxyx3w39wc1wihc0k53adx9|03|org"; nocase; ) # 1tm0q2u13qnxi61str6z51zfm0g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tm0q2u13qnxi61str6z51zfm0g|03|org"; nocase; ) # 1ogp4pe77q6x7rlyz8618p6uj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ogp4pe77q6x7rlyz8618p6uj7|03|com"; nocase; ) # 30qyd717xjvxu1br5z3018enp11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|30qyd717xjvxu1br5z3018enp11|03|net"; nocase; ) # xy1722eh8nw7l0ufk51hbz71l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xy1722eh8nw7l0ufk51hbz71l|03|net"; nocase; ) # 1whme5h4blzpbpd71f1smjqdu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1whme5h4blzpbpd71f1smjqdu|03|biz"; nocase; ) # 5j74ubkzl8s910s90141huwehl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5j74ubkzl8s910s90141huwehl|03|biz"; nocase; ) # mbwmu51iodo8xekjd8rnewie8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mbwmu51iodo8xekjd8rnewie8|03|com"; nocase; ) # 7jd8ex1uuirjz17vgttj11oswsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7jd8ex1uuirjz17vgttj11oswsn|03|net"; nocase; ) # 1e7icao1mvtmp5nat5ca1peqncz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e7icao1mvtmp5nat5ca1peqncz|03|com"; nocase; ) # c85gwlwwlq5o1b10xxky3b953.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c85gwlwwlq5o1b10xxky3b953|03|net"; nocase; ) # 1pnxmsi1prwqdl1hmm1rhgiahlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnxmsi1prwqdl1hmm1rhgiahlw|03|org"; nocase; ) # dc5g2y1avpr4fchgxzuu1oiun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dc5g2y1avpr4fchgxzuu1oiun|03|net"; nocase; ) # dr1cegvs92ew43ttpy14jm2yp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dr1cegvs92ew43ttpy14jm2yp|03|com"; nocase; ) # alanlkfuj6qjlcg5pw5a8shg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|alanlkfuj6qjlcg5pw5a8shg|03|com"; nocase; ) # lciyew1weavck1uw5f24f61ty7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lciyew1weavck1uw5f24f61ty7|03|net"; nocase; ) # m25n0o1qx9p0a11rrem112xnmbz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m25n0o1qx9p0a11rrem112xnmbz|03|org"; nocase; ) # 4f5n7fycxi7hkibuxordyl1u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4f5n7fycxi7hkibuxordyl1u|03|biz"; nocase; ) # 1vkj0mgg9b0xm1ahn7r11whj2cw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vkj0mgg9b0xm1ahn7r11whj2cw|03|org"; nocase; ) # fgoq2w1rhtxes1g735215h53q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgoq2w1rhtxes1g735215h53q|03|com"; nocase; ) # 1e9t928yc304c69g9uy1qyuadg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e9t928yc304c69g9uy1qyuadg|03|net"; nocase; ) # 1l6kzwh13h3zgy1uq3yts6y3kwk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l6kzwh13h3zgy1uq3yts6y3kwk|03|biz"; nocase; ) # gjr0vn6i08ni3y49gplfyap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gjr0vn6i08ni3y49gplfyap|03|org"; nocase; ) # mqhj192pd6zxwgpymo19g2es3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqhj192pd6zxwgpymo19g2es3|03|com"; nocase; ) # 894dxp1urwpyo1h3oje8lmtu88.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|894dxp1urwpyo1h3oje8lmtu88|03|com"; nocase; ) # 1e2czdlvbh9rq11iu3ulnhxv2n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e2czdlvbh9rq11iu3ulnhxv2n|03|com"; nocase; ) # 2o0fbd1rat8jiladi751arfu0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2o0fbd1rat8jiladi751arfu0v|03|net"; nocase; ) # 18qjx121wq5ujo1lxv7ro14gqzfd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18qjx121wq5ujo1lxv7ro14gqzfd|03|biz"; nocase; ) # 1mpy55ewzeli41yvkmr8pjx5k0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpy55ewzeli41yvkmr8pjx5k0|03|org"; nocase; ) # whipj3r5ar1mw4xocwr34zm7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|whipj3r5ar1mw4xocwr34zm7|03|biz"; nocase; ) # 1e0ndk31e2hfedz581081gs8zmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e0ndk31e2hfedz581081gs8zmo|03|net"; nocase; ) # z2kzkpcto40h2kxc101w80508.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z2kzkpcto40h2kxc101w80508|03|net"; nocase; ) # 1ry04h81k7xzpl1ex94un4chm54.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ry04h81k7xzpl1ex94un4chm54|03|com"; nocase; ) # z11lordlihheuwd96k1pfkwvt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z11lordlihheuwd96k1pfkwvt|03|org"; nocase; ) # zluv6b15zwa7zpneh1h17206af.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zluv6b15zwa7zpneh1h17206af|03|com"; nocase; ) # 18opv3fxvf87911rk6481a9ou1w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18opv3fxvf87911rk6481a9ou1w|03|org"; nocase; ) # i2sdzdijp2n32yf10g1t7mqs9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i2sdzdijp2n32yf10g1t7mqs9|03|net"; nocase; ) # z0oe841fw7hvg1xvvhchevce2w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z0oe841fw7hvg1xvvhchevce2w|03|biz"; nocase; ) # 8sjx0o1gup8i7bh4ctiszgnzb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sjx0o1gup8i7bh4ctiszgnzb|03|net"; nocase; ) # 1hllvcx19r60uh1ncdzyav8ya1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hllvcx19r60uh1ncdzyav8ya1v|03|com"; nocase; ) # dy1x7q132cad133t14b12zqjuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dy1x7q132cad133t14b12zqjuh|03|net"; nocase; ) # bc70y9mzuijz1t33wsp1t6gx8l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bc70y9mzuijz1t33wsp1t6gx8l|03|net"; nocase; ) # 18r15ms3uzdpu4c917c1xbg9up.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18r15ms3uzdpu4c917c1xbg9up|03|com"; nocase; ) # z7cvak1hnqmto1abw4ierxpcd5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7cvak1hnqmto1abw4ierxpcd5|03|org"; nocase; ) # 1lb4nr1qlzexim66v1v1pdys3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lb4nr1qlzexim66v1v1pdys3y|03|com"; nocase; ) # 15ubg5u1qweh4bhqnkd4tflpkh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ubg5u1qweh4bhqnkd4tflpkh|03|com"; nocase; ) # iazn4a1tqhuhwmci9l8a3w1e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iazn4a1tqhuhwmci9l8a3w1e|03|biz"; nocase; ) # 1end8uu14xog1r13zim4d1nc3gtm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1end8uu14xog1r13zim4d1nc3gtm|03|com"; nocase; ) # 1a42q2i5zxi7pb2qzbo1wqq4zg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a42q2i5zxi7pb2qzbo1wqq4zg|03|net"; nocase; ) # 1r95nbzbk492b1mhr6ov1cdknzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r95nbzbk492b1mhr6ov1cdknzd|03|com"; nocase; ) # 1s329ke1m5kawlzhhw1s1534vre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s329ke1m5kawlzhhw1s1534vre|03|org"; nocase; ) # z4uh9r1c8fi2n11wz01kije1c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4uh9r1c8fi2n11wz01kije1c|03|biz"; nocase; ) # 19pc7rt11h3v511a0xzbs1eo3qsx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19pc7rt11h3v511a0xzbs1eo3qsx|03|org"; nocase; ) # 1w8rpt419ub3rv1cvy5e91nm2hpi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w8rpt419ub3rv1cvy5e91nm2hpi|03|org"; nocase; ) # 72r5a4t4zvbyk450ii18ugz52.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72r5a4t4zvbyk450ii18ugz52|03|biz"; nocase; ) # 1abh5d9p0oygw1q915ogc5f4v6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1abh5d9p0oygw1q915ogc5f4v6|03|com"; nocase; ) # zja4ai1go0pgxrzeh3vwwck6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zja4ai1go0pgxrzeh3vwwck6t|03|net"; nocase; ) # 1dno4eh1kdtqve1vjeddn13f7qez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dno4eh1kdtqve1vjeddn13f7qez|03|net"; nocase; ) # y7dv51d8vihj1een24i811ytb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y7dv51d8vihj1een24i811ytb|03|org"; nocase; ) # 1egpvh61pe13w31qkulfzaoyhzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1egpvh61pe13w31qkulfzaoyhzd|03|com"; nocase; ) # 7izdsdffqjfn19ol8emxtt2oq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7izdsdffqjfn19ol8emxtt2oq|03|com"; nocase; ) # 166ikt82549pu19c827j1i6u1a7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|166ikt82549pu19c827j1i6u1a7|03|net"; nocase; ) # 14ih77rvljruc1qb6u8zyejg0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ih77rvljruc1qb6u8zyejg0e|03|com"; nocase; ) # 5xtdxg1sjq56u1t072l5csm3zb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xtdxg1sjq56u1t072l5csm3zb|03|org"; nocase; ) # 8wtyn510etth912f0fnv1q50tac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8wtyn510etth912f0fnv1q50tac|03|com"; nocase; ) # 3gt11drs10n1m8tqze1ujf7sa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3gt11drs10n1m8tqze1ujf7sa|03|org"; nocase; ) # fed2kf1tlhh931587dyfvmvfl1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fed2kf1tlhh931587dyfvmvfl1|03|biz"; nocase; ) # 19iztuzljipwn1r9vkgza5goyn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19iztuzljipwn1r9vkgza5goyn|03|org"; nocase; ) # 1aplepnsxfqrjw7libmsdk92g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aplepnsxfqrjw7libmsdk92g|03|org"; nocase; ) # ot5xo3w2682vm9h8z89qccx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ot5xo3w2682vm9h8z89qccx6|03|com"; nocase; ) # p8kbnf1bctr02g5iyc4151l1uc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8kbnf1bctr02g5iyc4151l1uc|03|biz"; nocase; ) # npyzb1di3tnt13tvzox18yqg4e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|npyzb1di3tnt13tvzox18yqg4e|03|org"; nocase; ) # 4n4w9y1a0lu5ij01azh22fv8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4n4w9y1a0lu5ij01azh22fv8|03|biz"; nocase; ) # l5vtmy1gdxv9f1xiq7xj15bs9d2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l5vtmy1gdxv9f1xiq7xj15bs9d2|03|net"; nocase; ) # 17t6mux1ccoet2lz56hi18pm0ds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17t6mux1ccoet2lz56hi18pm0ds|03|com"; nocase; ) # oir332nmfbpxtqwllm1yjioyx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oir332nmfbpxtqwllm1yjioyx|03|org"; nocase; ) # 15e2100j4c5zh48x5c91nyow6b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15e2100j4c5zh48x5c91nyow6b|03|biz"; nocase; ) # kmb02g1ajyw5su571pz12w37bp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kmb02g1ajyw5su571pz12w37bp|03|org"; nocase; ) # jz4jjssuq6yogwnkoi18skudp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jz4jjssuq6yogwnkoi18skudp|03|net"; nocase; ) # 1wcnlhzj6iu171m9r69p1d5092m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wcnlhzj6iu171m9r69p1d5092m|03|biz"; nocase; ) # trqv5d1fq0vopxt3clv1gowiay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|trqv5d1fq0vopxt3clv1gowiay|03|com"; nocase; ) # 125vl921ltgde4v80wl1cl1a70.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|125vl921ltgde4v80wl1cl1a70|03|biz"; nocase; ) # 1jstt1c1vvvyw41ilpohbwhs2mb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jstt1c1vvvyw41ilpohbwhs2mb|03|org"; nocase; ) # f0g0bk3c7ivkj539bwf3g2if.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f0g0bk3c7ivkj539bwf3g2if|03|com"; nocase; ) # kjk2311uptjjvb5q36918vh1am.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kjk2311uptjjvb5q36918vh1am|03|net"; nocase; ) # 1c53sf81hf58wcv6yo2439pvv4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c53sf81hf58wcv6yo2439pvv4|03|com"; nocase; ) # 1rf47rl1ptlso41cg742hmi9hli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rf47rl1ptlso41cg742hmi9hli|03|net"; nocase; ) # mmk431llz1ff1a99hsn1m76kec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mmk431llz1ff1a99hsn1m76kec|03|net"; nocase; ) # 1fpqt4ni1u2nxrlrvburvb4u4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fpqt4ni1u2nxrlrvburvb4u4|03|com"; nocase; ) # imcj3u10z78811pwjwzy16tvf3n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|imcj3u10z78811pwjwzy16tvf3n|03|net"; nocase; ) # 18pfwkx1rhl8b99qcqzr1jopnz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18pfwkx1rhl8b99qcqzr1jopnz5|03|com"; nocase; ) # x8lbug3yobpu1fkjhzm26u46g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x8lbug3yobpu1fkjhzm26u46g|03|org"; nocase; ) # 7jwkgsjlenr41xrmiwu16pz25n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7jwkgsjlenr41xrmiwu16pz25n|03|com"; nocase; ) # 51um3uva1fr8qmclrf36m9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|51um3uva1fr8qmclrf36m9x|03|net"; nocase; ) # 18hdje9le1hx61kxx2zicc92wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18hdje9le1hx61kxx2zicc92wk|03|net"; nocase; ) # 1ytemhc10ef42o8tf4c291krz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ytemhc10ef42o8tf4c291krz|03|com"; nocase; ) # 1495vqcd7hkvjx6x0i7q7h938.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1495vqcd7hkvjx6x0i7q7h938|03|net"; nocase; ) # y4ynkn12macfa1pgjd7zwbmaah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4ynkn12macfa1pgjd7zwbmaah|03|com"; nocase; ) # spqjc06ygii81i04zc7aj527d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|spqjc06ygii81i04zc7aj527d|03|net"; nocase; ) # 1xl8q5hqdt99lsuyrp61oj2lrd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xl8q5hqdt99lsuyrp61oj2lrd|03|biz"; nocase; ) # n4kvgqq2wq641yfd2k51clbvds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n4kvgqq2wq641yfd2k51clbvds|03|net"; nocase; ) # rp01sun8kpwf8x0me21uqbpej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rp01sun8kpwf8x0me21uqbpej|03|net"; nocase; ) # zdciqd1o3yop112ew66qgke7fw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zdciqd1o3yop112ew66qgke7fw|03|net"; nocase; ) # 8ao3iv1ywehxn15dr81b1dox1ec.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8ao3iv1ywehxn15dr81b1dox1ec|03|biz"; nocase; ) # 13mdbd41l1nrt81l1y9o91arwokf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13mdbd41l1nrt81l1y9o91arwokf|03|net"; nocase; ) # 1rc5jafkxefzt1tgjyce1pb5d5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rc5jafkxefzt1tgjyce1pb5d5z|03|net"; nocase; ) # 1l9xcpnmq7l9x1us7n6n3nbchq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l9xcpnmq7l9x1us7n6n3nbchq|03|com"; nocase; ) # 13bivg16n18kh1a0cl5p1vneusn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13bivg16n18kh1a0cl5p1vneusn|03|net"; nocase; ) # vrcvfgy2x5ns1h5gl85hi14jg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vrcvfgy2x5ns1h5gl85hi14jg|03|biz"; nocase; ) # 12tuklaqcyna11w8m0co1yc8c2w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12tuklaqcyna11w8m0co1yc8c2w|03|com"; nocase; ) # 1gb0zpl1of4ik61ah64qehun159.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gb0zpl1of4ik61ah64qehun159|03|net"; nocase; ) # 1rc1zzt1k9bk6a1a2acvu10ygb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rc1zzt1k9bk6a1a2acvu10ygb2|03|net"; nocase; ) # zq82669dzlfy16q4r28v19n6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zq82669dzlfy16q4r28v19n6m|03|org"; nocase; ) # 1vz8jym1u4m3smowqtx21wadc7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vz8jym1u4m3smowqtx21wadc7m|03|net"; nocase; ) # 1ri4gpid1v8hd29ex5fdakbml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ri4gpid1v8hd29ex5fdakbml|03|net"; nocase; ) # 1twpf1gnwtrcimzzhmlug8qcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1twpf1gnwtrcimzzhmlug8qcq|03|net"; nocase; ) # 1bm76gd1p6g6ei1tozw5wa2p5fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bm76gd1p6g6ei1tozw5wa2p5fp|03|net"; nocase; ) # 1kfohhr1hovo5h1mdzyg717s9zh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kfohhr1hovo5h1mdzyg717s9zh8|03|org"; nocase; ) # 1u0xktzp08wkgetvys01tmu4mb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u0xktzp08wkgetvys01tmu4mb|03|com"; nocase; ) # sjupwc1q59lnawkqoga1u66rcp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sjupwc1q59lnawkqoga1u66rcp|03|net"; nocase; ) # 5mwnkrk86ua4cbwkfl1t5u1rr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5mwnkrk86ua4cbwkfl1t5u1rr|03|biz"; nocase; ) # c04fgl1gzgdm61jr6x3216ws0br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c04fgl1gzgdm61jr6x3216ws0br|03|com"; nocase; ) # oep9h8ldxddqn8z7i215whfrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oep9h8ldxddqn8z7i215whfrb|03|com"; nocase; ) # 1rzchmj12i05za14zij7e1wu6lsc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rzchmj12i05za14zij7e1wu6lsc|03|org"; nocase; ) # 1w78zmd1chlo069pih4910d1hej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w78zmd1chlo069pih4910d1hej|03|com"; nocase; ) # 1cmq874m7u4rr1ote2x6jg6pcg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cmq874m7u4rr1ote2x6jg6pcg|03|org"; nocase; ) # o8po3g16vkjgjbkmrh8ug4r7s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o8po3g16vkjgjbkmrh8ug4r7s|03|org"; nocase; ) # wzpzp51w8fe6a23onl41aik73f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzpzp51w8fe6a23onl41aik73f|03|com"; nocase; ) # mkx79drxkjn91i5r25w1yfmyws.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mkx79drxkjn91i5r25w1yfmyws|03|biz"; nocase; ) # 1fdpulg16o33ronadg9q1ghpmtz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fdpulg16o33ronadg9q1ghpmtz|03|biz"; nocase; ) # 1oisumm132uzv1u5k7wj1hy22rh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oisumm132uzv1u5k7wj1hy22rh|03|net"; nocase; ) # ssmsv1xsc6z8gx3wyf1s51oeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssmsv1xsc6z8gx3wyf1s51oeh|03|com"; nocase; ) # 8kqt2w1vqk7271exdau3jm3nmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8kqt2w1vqk7271exdau3jm3nmo|03|net"; nocase; ) # q1lsz61on4jiy1ondbjo1haams7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q1lsz61on4jiy1ondbjo1haams7|03|org"; nocase; ) # 1g2fezf1eutpxr1hevr3zc3r93o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g2fezf1eutpxr1hevr3zc3r93o|03|biz"; nocase; ) # 3wl60613egfjp30rrvoh5bnxd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3wl60613egfjp30rrvoh5bnxd|03|biz"; nocase; ) # 1w0fp1i45b3wz1kew0xrjaqh25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w0fp1i45b3wz1kew0xrjaqh25|03|net"; nocase; ) # 1cs3xk51drwoj21cqf4yu1nq6yhz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cs3xk51drwoj21cqf4yu1nq6yhz|03|net"; nocase; ) # yhmd9i1halg4b1fupkp53n239o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yhmd9i1halg4b1fupkp53n239o|03|org"; nocase; ) # 1ygqa8m1mfsf8fr4wd956b306e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygqa8m1mfsf8fr4wd956b306e|03|com"; nocase; ) # 1rdivt31oi1ae3f4bzg61ufira3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rdivt31oi1ae3f4bzg61ufira3|03|net"; nocase; ) # p979kd1y1tv2sslujfeh0njuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p979kd1y1tv2sslujfeh0njuz|03|net"; nocase; ) # 18ecz1d150pcpg19qxm281oizxlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18ecz1d150pcpg19qxm281oizxlh|03|org"; nocase; ) # 1bctpw218g7gdw14ziiwb1x6e0f1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bctpw218g7gdw14ziiwb1x6e0f1|03|biz"; nocase; ) # r4cmi5ht094er7aoar142ok4a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4cmi5ht094er7aoar142ok4a|03|com"; nocase; ) # bl193e1ntezhtekb2lflxv9gh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bl193e1ntezhtekb2lflxv9gh|03|com"; nocase; ) # 5jv4rs1gtl70o1oszans9bekwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5jv4rs1gtl70o1oszans9bekwq|03|biz"; nocase; ) # lict4o1qkc9tg49x5wb1dzp9gs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lict4o1qkc9tg49x5wb1dzp9gs|03|net"; nocase; ) # btaq2wqlybootyso6t1xj2mk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|btaq2wqlybootyso6t1xj2mk5|03|org"; nocase; ) # 10dr72lms5ai71a6xaaf17vlty1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10dr72lms5ai71a6xaaf17vlty1|03|org"; nocase; ) # sxspb11lvjb615fi8yn1hahqw1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sxspb11lvjb615fi8yn1hahqw1|03|net"; nocase; ) # 107aiti78ndu41ymnn9ek1d5yx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107aiti78ndu41ymnn9ek1d5yx|03|biz"; nocase; ) # 1plpd8m1t52flm859vag1sdp2zr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1plpd8m1t52flm859vag1sdp2zr|03|org"; nocase; ) # 1u3ruci11n487j1y00oh01wvkw69.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u3ruci11n487j1y00oh01wvkw69|03|com"; nocase; ) # e91y4b15rii031pcxr6p44wgkc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e91y4b15rii031pcxr6p44wgkc|03|biz"; nocase; ) # 1u9uh7d1ukmf641vfmw5l14t6qki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u9uh7d1ukmf641vfmw5l14t6qki|03|net"; nocase; ) # 17oho2y1awsefdsbpwevlnhf9t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17oho2y1awsefdsbpwevlnhf9t|03|org"; nocase; ) # 1ma21u5111olu31gbp69i121sidb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ma21u5111olu31gbp69i121sidb|03|org"; nocase; ) # eor4f81vdq8br1aiiffatsxx53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eor4f81vdq8br1aiiffatsxx53|03|net"; nocase; ) # x36klg19ubodys3a5vb6c6xnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x36klg19ubodys3a5vb6c6xnw|03|biz"; nocase; ) # gu4sy4oyk4gq1o2aw0m1aeikpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gu4sy4oyk4gq1o2aw0m1aeikpj|03|com"; nocase; ) # 17f346d1opgk96ww7ycd1fliuo3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17f346d1opgk96ww7ycd1fliuo3|03|org"; nocase; ) # sx48kh1p47cuh1kgt4unmlv5hh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sx48kh1p47cuh1kgt4unmlv5hh|03|org"; nocase; ) # nnnd7n1pf9rqytj60lh1kh5557.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnnd7n1pf9rqytj60lh1kh5557|03|net"; nocase; ) # 1lbmb9s1a7ddgarss624pk8bla.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lbmb9s1a7ddgarss624pk8bla|03|net"; nocase; ) # 1gs6x77n93v6z1qopzsh1sdiyd4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gs6x77n93v6z1qopzsh1sdiyd4|03|org"; nocase; ) # t3d7jd1813vxkzyqsp97ecwgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t3d7jd1813vxkzyqsp97ecwgx|03|net"; nocase; ) # 125m27v1mryb2j1nrafujskkcja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|125m27v1mryb2j1nrafujskkcja|03|biz"; nocase; ) # 602dr61tkts4cnjb0ii7iu3tn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|602dr61tkts4cnjb0ii7iu3tn|03|net"; nocase; ) # rg4own1fbws7q1ul1qlt2cwsc3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rg4own1fbws7q1ul1qlt2cwsc3|03|org"; nocase; ) # bsqtyl1du6ppi1cgq5hxw7ee2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bsqtyl1du6ppi1cgq5hxw7ee2h|03|com"; nocase; ) # 1kug797fwrjoodl1au81qzlwn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kug797fwrjoodl1au81qzlwn6|03|org"; nocase; ) # 1caz70lasrzsxhkhvn316ir7mk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1caz70lasrzsxhkhvn316ir7mk|03|net"; nocase; ) # qunvs53rs92ye9mah72r6yge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qunvs53rs92ye9mah72r6yge|03|com"; nocase; ) # xoyhnjkgt9r71iqlnodmwrygj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xoyhnjkgt9r71iqlnodmwrygj|03|net"; nocase; ) # 15ch5nm89012l1l91sjogr1efn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ch5nm89012l1l91sjogr1efn|03|com"; nocase; ) # 1cx773v112zb004aify851dacr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cx773v112zb004aify851dacr|03|com"; nocase; ) # siyj0x1fu0xdl1cni5hj1vldpra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|siyj0x1fu0xdl1cni5hj1vldpra|03|org"; nocase; ) # 64mmisly9hq519fyrsb1ycjdqa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64mmisly9hq519fyrsb1ycjdqa|03|com"; nocase; ) # 8sz1051czx4olri4v7kz2ibfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sz1051czx4olri4v7kz2ibfr|03|com"; nocase; ) # y1mtuc1fylkmxhx8ekkcrqm1v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y1mtuc1fylkmxhx8ekkcrqm1v|03|org"; nocase; ) # 9z0a39qx1q9810gf16a1nicchz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9z0a39qx1q9810gf16a1nicchz|03|biz"; nocase; ) # 1lvwnw0cvtuwz4258xypyuv9c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lvwnw0cvtuwz4258xypyuv9c|03|com"; nocase; ) # r5vwcknsqqhs1pzz9yd1524scf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r5vwcknsqqhs1pzz9yd1524scf|03|net"; nocase; ) # jm49pox80jktcl2z691s52fjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jm49pox80jktcl2z691s52fjg|03|com"; nocase; ) # 1d6hnorrnyw5dgj3f8x4x3x1p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d6hnorrnyw5dgj3f8x4x3x1p|03|net"; nocase; ) # cothol8wiaia1g0757xuzdul9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cothol8wiaia1g0757xuzdul9|03|net"; nocase; ) # 1resgxmltjconzxj1hu4h4vzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1resgxmltjconzxj1hu4h4vzz|03|net"; nocase; ) # 1gixm0k11svknv1kwggtucsq8y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gixm0k11svknv1kwggtucsq8y|03|com"; nocase; ) # 1xxlnuibsnq7g1w5s23r14zn4it.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xxlnuibsnq7g1w5s23r14zn4it|03|biz"; nocase; ) # 1e13lenqyaui5eo0lry1s3qbbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e13lenqyaui5eo0lry1s3qbbe|03|net"; nocase; ) # zwoojx69ul0y1bu5udiiv7uj3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwoojx69ul0y1bu5udiiv7uj3|03|org"; nocase; ) # 9z5e9g1mcr7k8h3pp581qjl626.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9z5e9g1mcr7k8h3pp581qjl626|03|com"; nocase; ) # abboz0qamjfzxiekbd11yfssr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abboz0qamjfzxiekbd11yfssr|03|net"; nocase; ) # 1be4ov7v6tb4x1y2cz3k5tvzjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1be4ov7v6tb4x1y2cz3k5tvzjg|03|com"; nocase; ) # 1a45ufj1odnp991h1ze2ol6sy4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a45ufj1odnp991h1ze2ol6sy4o|03|net"; nocase; ) # k3o2cnfz994a6f30x2j3lx2i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k3o2cnfz994a6f30x2j3lx2i|03|com"; nocase; ) # 1rdvgkw1riqv1puia1oy1wcvr3g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rdvgkw1riqv1puia1oy1wcvr3g|03|org"; nocase; ) # wqk7wy1smkod7aabde6zpfw43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqk7wy1smkod7aabde6zpfw43|03|net"; nocase; ) # 1279n6tqwu0rh1o3mlhr1vj8x1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1279n6tqwu0rh1o3mlhr1vj8x1l|03|com"; nocase; ) # qr691q1tomzbg4vn1ur1gy4fpc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qr691q1tomzbg4vn1ur1gy4fpc|03|org"; nocase; ) # 1lb0kvggmkxrh1jib1kobmsb18.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lb0kvggmkxrh1jib1kobmsb18|03|net"; nocase; ) # 1jlqqfm1hz7wd915qbi831jq4pjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jlqqfm1hz7wd915qbi831jq4pjn|03|com"; nocase; ) # x3ay4b1kuj3no994jki1yk89vc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3ay4b1kuj3no994jki1yk89vc|03|org"; nocase; ) # 1p9dmbwbgbu4mca9q7s1y39emo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p9dmbwbgbu4mca9q7s1y39emo|03|org"; nocase; ) # ruczbs1b30lnusz34126w9am1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ruczbs1b30lnusz34126w9am1|03|net"; nocase; ) # wt2nny1ufvgqznhdh1j1vffsjp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wt2nny1ufvgqznhdh1j1vffsjp|03|com"; nocase; ) # 3xt4yx19qeuys1539ffrqd6vzy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3xt4yx19qeuys1539ffrqd6vzy|03|org"; nocase; ) # 19v8frkjdd46u1wz4jmpstaj1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19v8frkjdd46u1wz4jmpstaj1m|03|net"; nocase; ) # wva4vnxh002e1qqa0czrbdvs0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wva4vnxh002e1qqa0czrbdvs0|03|org"; nocase; ) # tkapghs7vg9f4kjx41jvplz2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tkapghs7vg9f4kjx41jvplz2|03|biz"; nocase; ) # yusyd41m622s4hagjfdqxbuk2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yusyd41m622s4hagjfdqxbuk2|03|com"; nocase; ) # qqvtj911ijdfg7yt20j1wvc9rx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qqvtj911ijdfg7yt20j1wvc9rx|03|biz"; nocase; ) # gii3og1iamlf41cmqhml6zg7wv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gii3og1iamlf41cmqhml6zg7wv|03|net"; nocase; ) # fzrm3v1fnq4hanpyuao131ihbo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fzrm3v1fnq4hanpyuao131ihbo|03|biz"; nocase; ) # 2stisnfxrhe96owibf1e6iuui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2stisnfxrhe96owibf1e6iuui|03|org"; nocase; ) # 16gbhec1p3ra6b15klttk1gr9ag8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16gbhec1p3ra6b15klttk1gr9ag8|03|biz"; nocase; ) # 1wlgfq6jhajyheynypq1rtu8tx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlgfq6jhajyheynypq1rtu8tx|03|com"; nocase; ) # 1q99gdj1aclbnk16joxml15jy2n0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q99gdj1aclbnk16joxml15jy2n0|03|com"; nocase; ) # 1sx8hxptw10xca9hny39sbufx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sx8hxptw10xca9hny39sbufx|03|net"; nocase; ) # 172y9nuk8cbzsnzntzs2uuktm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|172y9nuk8cbzsnzntzs2uuktm|03|org"; nocase; ) # 1rx9zor8qmkkn11glxl01qx1zv2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rx9zor8qmkkn11glxl01qx1zv2|03|com"; nocase; ) # 1p4wxy61tmzspy1ljgyy9gsefny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p4wxy61tmzspy1ljgyy9gsefny|03|org"; nocase; ) # 1u6xdc93bp03p1d4dfrd60g6oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u6xdc93bp03p1d4dfrd60g6oq|03|net"; nocase; ) # 1y77hzzgye6bl1lmnn0q415b3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y77hzzgye6bl1lmnn0q415b3m|03|org"; nocase; ) # rk9hda143ilrb1cf7m3sgddy3g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rk9hda143ilrb1cf7m3sgddy3g|03|net"; nocase; ) # 132wihm15wpbbssf3qo2gzzz27.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|132wihm15wpbbssf3qo2gzzz27|03|org"; nocase; ) # pj2bjk1o1ybthdx8d1t1h4plbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pj2bjk1o1ybthdx8d1t1h4plbc|03|net"; nocase; ) # 1xkou7rbabe0c13cg1qqxtamv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xkou7rbabe0c13cg1qqxtamv1|03|com"; nocase; ) # 19zp5wv1upjrfkwyjsyi1x4tw28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19zp5wv1upjrfkwyjsyi1x4tw28|03|net"; nocase; ) # kmrnmr9zvxtzg6g5be3zbpzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kmrnmr9zvxtzg6g5be3zbpzu|03|org"; nocase; ) # vgrt5j16yonxulw7mbt1qvi61t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vgrt5j16yonxulw7mbt1qvi61t|03|net"; nocase; ) # 17o6bjtrrdl6ju9j3rcthlw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|17o6bjtrrdl6ju9j3rcthlw5|03|net"; nocase; ) # 1y5izqc19ebg5c13oht21ti2tws.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y5izqc19ebg5c13oht21ti2tws|03|org"; nocase; ) # urxo21bub2o0p7kv0mtj9898.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|urxo21bub2o0p7kv0mtj9898|03|org"; nocase; ) # vvj8sw1mbukmdu6ef641l3n7nd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vvj8sw1mbukmdu6ef641l3n7nd|03|net"; nocase; ) # orl83kv8g6x51pah0gyguw925.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|orl83kv8g6x51pah0gyguw925|03|org"; nocase; ) # 1tnm64l1qbm1v793xljf1c2iuf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tnm64l1qbm1v793xljf1c2iuf8|03|net"; nocase; ) # u25tu0z39tjh1ahx6ll1cff1rq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u25tu0z39tjh1ahx6ll1cff1rq|03|biz"; nocase; ) # 1u7td281gryqgq136qajk1r7mcl5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u7td281gryqgq136qajk1r7mcl5|03|net"; nocase; ) # m2m3yf1xzvazq1dm132ff3wlhq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m2m3yf1xzvazq1dm132ff3wlhq|03|org"; nocase; ) # 1o23h6u7m4w6a1c0xq7s9831zu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o23h6u7m4w6a1c0xq7s9831zu|03|org"; nocase; ) # zc9bsz1x43nzl1dl6i8015o11p9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zc9bsz1x43nzl1dl6i8015o11p9|03|com"; nocase; ) # ovi63g1vu6c34sk5oq4llj413.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovi63g1vu6c34sk5oq4llj413|03|com"; nocase; ) # a1r3s51i63q5lz2lwk17qxl3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a1r3s51i63q5lz2lwk17qxl3v|03|org"; nocase; ) # 6dfusmjb2jsd157na9cxe6iua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6dfusmjb2jsd157na9cxe6iua|03|com"; nocase; ) # u0y7lz1t9cerq18v075s65pq77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u0y7lz1t9cerq18v075s65pq77|03|net"; nocase; ) # 2l57121vb3wwr1n4h19jd13n0v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2l57121vb3wwr1n4h19jd13n0v|03|org"; nocase; ) # 12wz5p71okviaa1ogumtk1u4xc9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12wz5p71okviaa1ogumtk1u4xc9x|03|org"; nocase; ) # 196p9z4119bifw1v57cuez7h5mv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|196p9z4119bifw1v57cuez7h5mv|03|biz"; nocase; ) # 1le7tzz1w2o74g1ue208yczum26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1le7tzz1w2o74g1ue208yczum26|03|org"; nocase; ) # 132yoyu6w5z5937twxg12pd3tg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|132yoyu6w5z5937twxg12pd3tg|03|biz"; nocase; ) # 144zdp41ncje8ydfb7r77j4k1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144zdp41ncje8ydfb7r77j4k1a|03|com"; nocase; ) # 15knipa1xdbdiypo28kd14twbdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15knipa1xdbdiypo28kd14twbdz|03|com"; nocase; ) # mn5sndhaesg8rtxdak5fjsdd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mn5sndhaesg8rtxdak5fjsdd|03|org"; nocase; ) # w5jpomy95gwr166t4u68wsr2k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5jpomy95gwr166t4u68wsr2k|03|net"; nocase; ) # xer8lb36hesg1tv14wf1hf1a83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xer8lb36hesg1tv14wf1hf1a83|03|net"; nocase; ) # khhn0u1udznbpra8j8u1geeml5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|khhn0u1udznbpra8j8u1geeml5|03|biz"; nocase; ) # 7szwxu1ny44ox9c4k1e1l0ad0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7szwxu1ny44ox9c4k1e1l0ad0a|03|org"; nocase; ) # v913id15zszej1d7aum41bid20k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v913id15zszej1d7aum41bid20k|03|com"; nocase; ) # 1b8wkn14zg2cwu1cm9n1widni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b8wkn14zg2cwu1cm9n1widni|03|biz"; nocase; ) # 1be38l11814f6wasx2dd1gl9hpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1be38l11814f6wasx2dd1gl9hpc|03|biz"; nocase; ) # 2zqjju8h4wz01jr0bswmihi99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2zqjju8h4wz01jr0bswmihi99|03|org"; nocase; ) # f5uofn1twjz6mt70hvqcui4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5uofn1twjz6mt70hvqcui4c|03|net"; nocase; ) # 1yxklwlvjx190ke56781idxyt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yxklwlvjx190ke56781idxyt4|03|com"; nocase; ) # 1bm39721lu77c11wp22qn12w2bea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bm39721lu77c11wp22qn12w2bea|03|org"; nocase; ) # 1j3d2sj76oz6c1a0p9zeqlnmfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j3d2sj76oz6c1a0p9zeqlnmfs|03|com"; nocase; ) # 15bwwjbna72vc4rw2u0w593re.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15bwwjbna72vc4rw2u0w593re|03|net"; nocase; ) # 1wzq2lypztvph1o5799y8890ec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wzq2lypztvph1o5799y8890ec|03|net"; nocase; ) # nc30qs1kj98buvappv7zibg32.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nc30qs1kj98buvappv7zibg32|03|biz"; nocase; ) # b4akjyqffgsat9v02uocmvu8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b4akjyqffgsat9v02uocmvu8|03|com"; nocase; ) # 1w0qgm7xmv0erpwkah3t03m1u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w0qgm7xmv0erpwkah3t03m1u|03|net"; nocase; ) # 1iitl6m1odmrokwkcqg6mmbxse.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iitl6m1odmrokwkcqg6mmbxse|03|biz"; nocase; ) # 1epnt7v1k9otkj1sgk1x53mcuc1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epnt7v1k9otkj1sgk1x53mcuc1|03|com"; nocase; ) # 8iyhz81bj7nkp1tnzzzm1i9fydz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8iyhz81bj7nkp1tnzzzm1i9fydz|03|net"; nocase; ) # 15o7vi51dhy0ns87emjo1g2xcy8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15o7vi51dhy0ns87emjo1g2xcy8|03|org"; nocase; ) # xleo0c121cdc77pk2hk1aym9qe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xleo0c121cdc77pk2hk1aym9qe|03|com"; nocase; ) # ai3ejf12qprisiiftly4q9oy5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ai3ejf12qprisiiftly4q9oy5|03|com"; nocase; ) # 6grpagd06t9xnkl0nfdy6pdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6grpagd06t9xnkl0nfdy6pdf|03|com"; nocase; ) # kls6mp3rwaz3g3l2yvhjujpd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kls6mp3rwaz3g3l2yvhjujpd|03|net"; nocase; ) # axtcfejl93ti15ef2oduapuw1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|axtcfejl93ti15ef2oduapuw1|03|com"; nocase; ) # 2dw3ty1ay2d734kpslr1nh9dpy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2dw3ty1ay2d734kpslr1nh9dpy|03|biz"; nocase; ) # 1pnygh433dqr7xgkxn41wddb6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pnygh433dqr7xgkxn41wddb6z|03|net"; nocase; ) # fxq7iv19s1j5zu0rauv1fhzmze.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxq7iv19s1j5zu0rauv1fhzmze|03|net"; nocase; ) # dz0qg8z3endm2xv9ry1m9nvx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dz0qg8z3endm2xv9ry1m9nvx9|03|biz"; nocase; ) # 92eds61f0we8w1yndrlj13tmmye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|92eds61f0we8w1yndrlj13tmmye|03|org"; nocase; ) # 8ced7lddewu8e0zars1c7j3db.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ced7lddewu8e0zars1c7j3db|03|biz"; nocase; ) # w472ae8r2iv41n05bwa1ycou7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w472ae8r2iv41n05bwa1ycou7i|03|org"; nocase; ) # fbgaq9111dl8v19g8viv199dc12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fbgaq9111dl8v19g8viv199dc12|03|com"; nocase; ) # 1nvjvn51mc6mm71lu49tn1m1ohn7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nvjvn51mc6mm71lu49tn1m1ohn7|03|org"; nocase; ) # 480njwr4l0rq92241y1qsmrnn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|480njwr4l0rq92241y1qsmrnn|03|org"; nocase; ) # 18faluhxagkn1ju9goqbmdwwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18faluhxagkn1ju9goqbmdwwr|03|org"; nocase; ) # tfiwuiavhdp21igz3af1bkqwo7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tfiwuiavhdp21igz3af1bkqwo7|03|biz"; nocase; ) # y8ekyqd4l64mxkwy2f1ezmo8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y8ekyqd4l64mxkwy2f1ezmo8d|03|org"; nocase; ) # o8f11h1kqrvo4y9ky5rxhunhb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o8f11h1kqrvo4y9ky5rxhunhb|03|net"; nocase; ) # 1r4nse1o7ofdxfuicu91tjbimb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4nse1o7ofdxfuicu91tjbimb|03|com"; nocase; ) # 1hcu25f1x6ycpsgc1nk13m9c5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hcu25f1x6ycpsgc1nk13m9c5j|03|net"; nocase; ) # 21ntri163ww3xj9ob9n14szcx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21ntri163ww3xj9ob9n14szcx0|03|net"; nocase; ) # a1ryqd15nh3at1encq0j11qeey7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a1ryqd15nh3at1encq0j11qeey7|03|com"; nocase; ) # 1mx1806uct49nbmt1lq1dmnx91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mx1806uct49nbmt1lq1dmnx91|03|net"; nocase; ) # 1hprcxd1o7o7vy145xletjxzo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hprcxd1o7o7vy145xletjxzo0|03|net"; nocase; ) # 1w5418wl5boo31vb9hv11im5dmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w5418wl5boo31vb9hv11im5dmr|03|org"; nocase; ) # 1asb7bs1d9pmrl1fgejc6wdbsea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1asb7bs1d9pmrl1fgejc6wdbsea|03|com"; nocase; ) # dgo7ua1khjzhl3d5o5wocro9m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dgo7ua1khjzhl3d5o5wocro9m|03|biz"; nocase; ) # r0xfku1pmiof21y5zcnm1ogr2l4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r0xfku1pmiof21y5zcnm1ogr2l4|03|org"; nocase; ) # 4zk6h41natomi9hs22df7h5a1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4zk6h41natomi9hs22df7h5a1|03|org"; nocase; ) # 1ps3cd67yqksli2c5zte50lw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ps3cd67yqksli2c5zte50lw3|03|net"; nocase; ) # e9vhcfxb7nc0ulspr7du7v6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e9vhcfxb7nc0ulspr7du7v6r|03|org"; nocase; ) # 1x96170wx8wcn1cld2i8otvy8j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x96170wx8wcn1cld2i8otvy8j|03|biz"; nocase; ) # 1v3g0btg75cnt13wb7by1lhipl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v3g0btg75cnt13wb7by1lhipl|03|org"; nocase; ) # tbklvu15oj29bsn3rwsgv7awa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tbklvu15oj29bsn3rwsgv7awa|03|com"; nocase; ) # 1c92ur1vbya57rc4qk6yre8ye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c92ur1vbya57rc4qk6yre8ye|03|com"; nocase; ) # 1pobsynyu479sahty5w1ghy31m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pobsynyu479sahty5w1ghy31m|03|com"; nocase; ) # 1rbtkkr19svevv1f25w7cgysf9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbtkkr19svevv1f25w7cgysf9r|03|org"; nocase; ) # limodh1r49f3141szw2111yqco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|limodh1r49f3141szw2111yqco|03|net"; nocase; ) # is40610hih8u1ig80ju9cmmro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|is40610hih8u1ig80ju9cmmro|03|org"; nocase; ) # 1ednry11nvi8v11d7wz9e1dfwkqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ednry11nvi8v11d7wz9e1dfwkqg|03|biz"; nocase; ) # 1w75easorm7h1usfnx9eb3qft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w75easorm7h1usfnx9eb3qft|03|org"; nocase; ) # 1ohxed38sxhiw15y7ui38k5gr4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ohxed38sxhiw15y7ui38k5gr4|03|com"; nocase; ) # 1pn5jum1fesjgv1fcbxxa18suzmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pn5jum1fesjgv1fcbxxa18suzmv|03|org"; nocase; ) # 13gqvgwui4si0zzg5yy1cbhw8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13gqvgwui4si0zzg5yy1cbhw8d|03|biz"; nocase; ) # w5h4wintprw8t89v8e1dqcc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w5h4wintprw8t89v8e1dqcc3|03|net"; nocase; ) # 1pvd1b4139gilcp4liw5nv98rp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pvd1b4139gilcp4liw5nv98rp|03|org"; nocase; ) # 15bujqruu2t6j19c9xpk1m79u31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15bujqruu2t6j19c9xpk1m79u31|03|net"; nocase; ) # 2yrwtdd3bave18quijp1eym6of.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2yrwtdd3bave18quijp1eym6of|03|net"; nocase; ) # 1wq91r6rzjh1kjv68943qrsh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wq91r6rzjh1kjv68943qrsh|03|org"; nocase; ) # r839iil274hzts8wlkqpbs6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r839iil274hzts8wlkqpbs6r|03|org"; nocase; ) # 1ybvr8u15go5u914sykexhs55mn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybvr8u15go5u914sykexhs55mn|03|biz"; nocase; ) # qr63so14p7gpd11cy5kk1f59myt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qr63so14p7gpd11cy5kk1f59myt|03|net"; nocase; ) # 7yjglkr77hsb1dfpy8g1bn06cq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7yjglkr77hsb1dfpy8g1bn06cq|03|org"; nocase; ) # fl002y1eorh82gyzaq18dgm3r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fl002y1eorh82gyzaq18dgm3r|03|com"; nocase; ) # qgxhnfdxmqm6jqs8z61khi71p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qgxhnfdxmqm6jqs8z61khi71p|03|org"; nocase; ) # 17uwu5710js92k1xd0k1b1jxsiuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17uwu5710js92k1xd0k1b1jxsiuq|03|org"; nocase; ) # 18rmugasttgnr49ezmn3szxvz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18rmugasttgnr49ezmn3szxvz|03|biz"; nocase; ) # is4yqddzpc4oy7wxgfihjye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|is4yqddzpc4oy7wxgfihjye|03|org"; nocase; ) # l29tb92d3emg1i73qfx14vvbjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l29tb92d3emg1i73qfx14vvbjo|03|org"; nocase; ) # 1v9p4inxofv088lsjos1kdf79j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v9p4inxofv088lsjos1kdf79j|03|net"; nocase; ) # xidlt31gftay5bfz8jg1rkhy7y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xidlt31gftay5bfz8jg1rkhy7y|03|com"; nocase; ) # y8e67y2de3uhdgrszev4fvbs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y8e67y2de3uhdgrszev4fvbs|03|biz"; nocase; ) # 1o7ra481ll4eao1hgxys61ez45w6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o7ra481ll4eao1hgxys61ez45w6|03|net"; nocase; ) # 88ug4hbq22ctrf43qj13t42gl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88ug4hbq22ctrf43qj13t42gl|03|net"; nocase; ) # yq6e4q9vobjf874dgv1oaqg40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yq6e4q9vobjf874dgv1oaqg40|03|org"; nocase; ) # 1wo593j1igmudvwrx6b2ey8qnf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wo593j1igmudvwrx6b2ey8qnf|03|com"; nocase; ) # 1sv7ya91aoscun133dm6n149940k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sv7ya91aoscun133dm6n149940k|03|net"; nocase; ) # iuqz0tbk9b1518suveb4wt2vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iuqz0tbk9b1518suveb4wt2vi|03|net"; nocase; ) # 1wd4kp91jd1du81764wszcmfoxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wd4kp91jd1du81764wszcmfoxa|03|com"; nocase; ) # 1qwuztg1aczi8r1n6ijd2181xvlv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qwuztg1aczi8r1n6ijd2181xvlv|03|biz"; nocase; ) # 1dybeby1iwehx1tor64n1blsvay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dybeby1iwehx1tor64n1blsvay|03|net"; nocase; ) # 12949b91br5330b1rzrh1mtboe2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12949b91br5330b1rzrh1mtboe2|03|com"; nocase; ) # 1w0jhvu1smqd2f33onle19pj66j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w0jhvu1smqd2f33onle19pj66j|03|net"; nocase; ) # 1gglu9u12ffu7vahm4pl1ksjfc1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gglu9u12ffu7vahm4pl1ksjfc1|03|org"; nocase; ) # b82nxj1yawcyajz3ol8nfixjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b82nxj1yawcyajz3ol8nfixjd|03|org"; nocase; ) # 18k187k1y83wyx1642ql6tztt15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k187k1y83wyx1642ql6tztt15|03|com"; nocase; ) # gbgwnawenywp1tdzes5lv93cn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbgwnawenywp1tdzes5lv93cn|03|org"; nocase; ) # n7i7v9jr3mr41g7m28z85jqxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7i7v9jr3mr41g7m28z85jqxo|03|net"; nocase; ) # 1ljx2v31bmed0k1y2nu8ed7iaut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ljx2v31bmed0k1y2nu8ed7iaut|03|net"; nocase; ) # 9s8b7ejkave2nidu1ou7sxlb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9s8b7ejkave2nidu1ou7sxlb|03|com"; nocase; ) # rytq9szrgmd01g57srcpfl24r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rytq9szrgmd01g57srcpfl24r|03|com"; nocase; ) # 1o7y16j1p2fn384hk7s91w4199t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o7y16j1p2fn384hk7s91w4199t|03|com"; nocase; ) # 1bd7eaf5v3le06clwzz1d8m0b7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bd7eaf5v3le06clwzz1d8m0b7|03|net"; nocase; ) # pn70r9fzqoaa4wjjkxvnvd48.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pn70r9fzqoaa4wjjkxvnvd48|03|org"; nocase; ) # 72r27t76tbdr1npjj51htbdwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72r27t76tbdr1npjj51htbdwj|03|net"; nocase; ) # 7cjsbm8i3bsu9ys32m1axi28g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7cjsbm8i3bsu9ys32m1axi28g|03|org"; nocase; ) # 1w34yur2hmzbme4sw4j1mxx2hd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w34yur2hmzbme4sw4j1mxx2hd|03|org"; nocase; ) # 1d4dutzqfigritdhbqd6v2qh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1d4dutzqfigritdhbqd6v2qh|03|net"; nocase; ) # 12e7k3n1yptxqw110ry6w13rq0gd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12e7k3n1yptxqw110ry6w13rq0gd|03|org"; nocase; ) # 1iy26la1jk5rszu14r901rwxyqa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iy26la1jk5rszu14r901rwxyqa|03|com"; nocase; ) # 1drgzr9zt5camiy9dfi41joxm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1drgzr9zt5camiy9dfi41joxm|03|org"; nocase; ) # 1ygm5bgm2980h8w41e11ydqixq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygm5bgm2980h8w41e11ydqixq|03|org"; nocase; ) # gwl1pt1oh88pr1higb9f1rldu73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gwl1pt1oh88pr1higb9f1rldu73|03|net"; nocase; ) # 1dap4u118t8vj0kng5fx16ak2ml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dap4u118t8vj0kng5fx16ak2ml|03|net"; nocase; ) # qlk121it67qw1a9yq3l16lpzui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qlk121it67qw1a9yq3l16lpzui|03|com"; nocase; ) # 11hfzc25rk8kw19hjyi516wuimr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hfzc25rk8kw19hjyi516wuimr|03|org"; nocase; ) # 165ghnc1imbkkbj6tgx51mtu75i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165ghnc1imbkkbj6tgx51mtu75i|03|com"; nocase; ) # zriikk2as2imdvk8851517lyg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zriikk2as2imdvk8851517lyg|03|net"; nocase; ) # tr660f1aoyu121x6gdwz4qx6b9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tr660f1aoyu121x6gdwz4qx6b9|03|org"; nocase; ) # 15vy39tz4phid1frd6xaqnafwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15vy39tz4phid1frd6xaqnafwg|03|net"; nocase; ) # o76cjnh3c1tlj18ssnn6pehb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o76cjnh3c1tlj18ssnn6pehb|03|org"; nocase; ) # fhe9unodrlhud3j5t712471ub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fhe9unodrlhud3j5t712471ub|03|com"; nocase; ) # 1qoywf614cau0w1ow6abm1ky4cm0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qoywf614cau0w1ow6abm1ky4cm0|03|org"; nocase; ) # 1v59asr1fm07i1qza7ee4g1h12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v59asr1fm07i1qza7ee4g1h12|03|net"; nocase; ) # mh9o4wzlkzwg137c4yy1kqlr6k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mh9o4wzlkzwg137c4yy1kqlr6k|03|org"; nocase; ) # e5tjqx1sg06e6gii7zsfbdpqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5tjqx1sg06e6gii7zsfbdpqg|03|net"; nocase; ) # 14adzg878yuop1ii9h641uzu1bd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14adzg878yuop1ii9h641uzu1bd|03|net"; nocase; ) # 104r0zcfy98jw17zz4ik1otavnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000026999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|104r0zcfy98jw17zz4ik1otavnh|03|com"; nocase; ) # jrkbjg1g4u97lfs6045oef18u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jrkbjg1g4u97lfs6045oef18u|03|org"; nocase; ) # 1y4b0cs1185l0vm04xv11sj9ux8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4b0cs1185l0vm04xv11sj9ux8|03|org"; nocase; ) # szygym1pghv0q1dby6z9p504ir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|szygym1pghv0q1dby6z9p504ir|03|net"; nocase; ) # 169cpktv6yp811ygp8fcb6762z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|169cpktv6yp811ygp8fcb6762z|03|net"; nocase; ) # ut84fjdzq9qpv3491n155vlug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ut84fjdzq9qpv3491n155vlug|03|com"; nocase; ) # 1d4ry5s1w9f0d7vi3ypuq1snr3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4ry5s1w9f0d7vi3ypuq1snr3|03|biz"; nocase; ) # 1si6u52ddobkx9yz3tinl8fw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1si6u52ddobkx9yz3tinl8fw2|03|net"; nocase; ) # axccnodlm2jkjwi02a1vi4r3g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|axccnodlm2jkjwi02a1vi4r3g|03|com"; nocase; ) # qt8fgfrq5r6h1kv0kgbj5kf2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qt8fgfrq5r6h1kv0kgbj5kf2s|03|net"; nocase; ) # eaaf8hskmyyj1xofexdglwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|eaaf8hskmyyj1xofexdglwr|03|net"; nocase; ) # crybonbwvl55ubejf0pss33d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|crybonbwvl55ubejf0pss33d|03|biz"; nocase; ) # 1wzmjp1x36g023in6jj4h8gmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wzmjp1x36g023in6jj4h8gmj|03|net"; nocase; ) # 1qz6kom1132l1ju917p81n3pgzi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qz6kom1132l1ju917p81n3pgzi|03|net"; nocase; ) # 2f0mdj1optzftvnmvsq1wryge9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2f0mdj1optzftvnmvsq1wryge9|03|net"; nocase; ) # 1m9yguhmtmpik1vu91z617v78kh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9yguhmtmpik1vu91z617v78kh|03|com"; nocase; ) # mxn43ay9widl5kqxar1ulb8jz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mxn43ay9widl5kqxar1ulb8jz|03|net"; nocase; ) # 19s8cu31y8vxjw1qgt75adbf7se.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19s8cu31y8vxjw1qgt75adbf7se|03|com"; nocase; ) # 1yuqeou8eb8091xgqyunb6pj42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yuqeou8eb8091xgqyunb6pj42|03|com"; nocase; ) # 1ahrt9tv3ksk115t8tvsm474pm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahrt9tv3ksk115t8tvsm474pm|03|biz"; nocase; ) # 1glphsr25bdyi1fdcgej1ye7bq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1glphsr25bdyi1fdcgej1ye7bq4|03|net"; nocase; ) # awmvb718gfk871ud69pkoqvuru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|awmvb718gfk871ud69pkoqvuru|03|org"; nocase; ) # hh9wtk166x7x0jjcwlwlcivx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hh9wtk166x7x0jjcwlwlcivx4|03|net"; nocase; ) # l3oj3annjproma8t9k1obn4xt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l3oj3annjproma8t9k1obn4xt|03|org"; nocase; ) # ekxqwds3z28j10nxjgzio18ud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ekxqwds3z28j10nxjgzio18ud|03|biz"; nocase; ) # 1ar542r1yoni4i3flljb79i8ic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ar542r1yoni4i3flljb79i8ic|03|net"; nocase; ) # gyy72n12zc8a51qxjku6w2eox8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gyy72n12zc8a51qxjku6w2eox8|03|org"; nocase; ) # 1lp4fwe12dl1jm1ahd5kk1lkelkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lp4fwe12dl1jm1ahd5kk1lkelkm|03|biz"; nocase; ) # itkduy8hzumzms47xrxh16hn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itkduy8hzumzms47xrxh16hn|03|com"; nocase; ) # 4k8baww54ahs9d2ljc54w7pt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4k8baww54ahs9d2ljc54w7pt|03|org"; nocase; ) # 1egypgb1c0znlp1rvdagvt6we9k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1egypgb1c0znlp1rvdagvt6we9k|03|org"; nocase; ) # fmp49b1077mtyryqnh41qpj799.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fmp49b1077mtyryqnh41qpj799|03|net"; nocase; ) # maj7zz15s5e8j1xc3sz712wtmhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|maj7zz15s5e8j1xc3sz712wtmhq|03|com"; nocase; ) # veyfk1n5g9ofkifzkhqz50hn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|veyfk1n5g9ofkifzkhqz50hn|03|net"; nocase; ) # bhrlt91u9veaf1yzwln91qskdwn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bhrlt91u9veaf1yzwln91qskdwn|03|org"; nocase; ) # 1ybd3br18gz0xq1qr792xasucbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybd3br18gz0xq1qr792xasucbl|03|com"; nocase; ) # 13sv1zy16r1pgk44blcdttjpch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13sv1zy16r1pgk44blcdttjpch|03|com"; nocase; ) # xw06oe1px4zut1r5jdqbzn53yn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xw06oe1px4zut1r5jdqbzn53yn|03|net"; nocase; ) # 1eahbw41a4t2kw1clphqb1nxr1pz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eahbw41a4t2kw1clphqb1nxr1pz|03|net"; nocase; ) # bp5t9n13zoeq279gmdl1qfocwj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bp5t9n13zoeq279gmdl1qfocwj|03|com"; nocase; ) # kultwf1g4cenv1fl77hrmix77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kultwf1g4cenv1fl77hrmix77|03|net"; nocase; ) # pfz9xm1gpmu6xk8ey251dcampg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pfz9xm1gpmu6xk8ey251dcampg|03|com"; nocase; ) # 1ltfire1im3o1i8gvlazpstgxc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ltfire1im3o1i8gvlazpstgxc|03|biz"; nocase; ) # 2q4ehj1vwiz681ke9n3t16iwbvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2q4ehj1vwiz681ke9n3t16iwbvc|03|com"; nocase; ) # 1xbfku4cz3o91wqgmf71k555v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xbfku4cz3o91wqgmf71k555v0|03|net"; nocase; ) # 1w6c1qf17z2npdmt0rp71ldmi8g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6c1qf17z2npdmt0rp71ldmi8g|03|biz"; nocase; ) # 14cquz01vo6lu26pezuo1xkmov0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cquz01vo6lu26pezuo1xkmov0|03|biz"; nocase; ) # 11h0kvl5hhcb8q3mas6pir82p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11h0kvl5hhcb8q3mas6pir82p|03|com"; nocase; ) # kurk711g4y5vte6y54x18om8ig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kurk711g4y5vte6y54x18om8ig|03|net"; nocase; ) # d4rcejkvtj4cpul3jgm78khq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d4rcejkvtj4cpul3jgm78khq|03|org"; nocase; ) # 1cu0woq1qfi4uj1ngh37h1hosyhd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cu0woq1qfi4uj1ngh37h1hosyhd|03|org"; nocase; ) # 11w7ruswgr3qhfuqnutpvovz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|11w7ruswgr3qhfuqnutpvovz|03|net"; nocase; ) # yf9juti34wxbgt58a116ie05z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yf9juti34wxbgt58a116ie05z|03|org"; nocase; ) # c8rry4conghh150t3asaux3al.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c8rry4conghh150t3asaux3al|03|org"; nocase; ) # 1j24vo1ovdsnrbfl4tstqnsg8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j24vo1ovdsnrbfl4tstqnsg8|03|biz"; nocase; ) # 1bbtr9l1o9df6cwcwrwr1fc6s5l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bbtr9l1o9df6cwcwrwr1fc6s5l|03|org"; nocase; ) # d4m4om1568shgd6jwax144bip3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d4m4om1568shgd6jwax144bip3|03|net"; nocase; ) # 1ekyflinlw2tc1jlsqwf1rqhooc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ekyflinlw2tc1jlsqwf1rqhooc|03|com"; nocase; ) # 1mwluw78eib511o30nw8204r4f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mwluw78eib511o30nw8204r4f|03|com"; nocase; ) # 1gbl5rl4j56hr14o5u02qqznv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gbl5rl4j56hr14o5u02qqznv8|03|com"; nocase; ) # 1526t41k7cdeg1flldej1v5jsjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1526t41k7cdeg1flldej1v5jsjd|03|com"; nocase; ) # 130pbzblilkdd1g62jkf19lpy1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|130pbzblilkdd1g62jkf19lpy1z|03|net"; nocase; ) # 12ymnbb1jc92t7xxv8t41p23448.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ymnbb1jc92t7xxv8t41p23448|03|net"; nocase; ) # 1dx9r6hla2zfg19yyzxd1ufb5s1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dx9r6hla2zfg19yyzxd1ufb5s1|03|com"; nocase; ) # rf5f5m1xjgvx2ojp0fwzn4bww.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rf5f5m1xjgvx2ojp0fwzn4bww|03|biz"; nocase; ) # 1qo5vwntivh098tugy3qtexoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qo5vwntivh098tugy3qtexoq|03|org"; nocase; ) # 16wekeaainr17m965yh1b7c3px.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wekeaainr17m965yh1b7c3px|03|net"; nocase; ) # 1lxoqhx1gpdx7p1v9zcjw1pau4p0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxoqhx1gpdx7p1v9zcjw1pau4p0|03|net"; nocase; ) # 117pbuf182okbbbxhx88r3cji6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117pbuf182okbbbxhx88r3cji6|03|net"; nocase; ) # 1pdh0541bjz8at1dpw4xu19u02n3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pdh0541bjz8at1dpw4xu19u02n3|03|org"; nocase; ) # 1bszyu01rkpsj31rvw9wbldjvnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bszyu01rkpsj31rvw9wbldjvnc|03|net"; nocase; ) # 1b8upls83ynrb197oj8w7nyxn0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b8upls83ynrb197oj8w7nyxn0|03|org"; nocase; ) # 1jhijs1x4i4x91j7a1wjkrxl3c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhijs1x4i4x91j7a1wjkrxl3c|03|org"; nocase; ) # 1868mh21q5taz116z89n51ipgiph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1868mh21q5taz116z89n51ipgiph|03|org"; nocase; ) # bhpnv7wti8gf13tv21u14ceyg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bhpnv7wti8gf13tv21u14ceyg5|03|org"; nocase; ) # 1f1kd9qq1r7gw130z7vrnlmu1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f1kd9qq1r7gw130z7vrnlmu1u|03|com"; nocase; ) # 1uua88l145eirjn20kdcwh2ax2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uua88l145eirjn20kdcwh2ax2|03|org"; nocase; ) # tpmpfdffivhcnqt4cd36ii94.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tpmpfdffivhcnqt4cd36ii94|03|net"; nocase; ) # niesl1n3x7i7xnxsvvwlt8wn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|niesl1n3x7i7xnxsvvwlt8wn|03|net"; nocase; ) # 182grwht0qi5vyypi501oe82sy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|182grwht0qi5vyypi501oe82sy|03|biz"; nocase; ) # 1dms5ndua5hfe2hb60itkdk8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dms5ndua5hfe2hb60itkdk8m|03|org"; nocase; ) # dzcddb1u6yw5z1ve0xb01ebk7hc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dzcddb1u6yw5z1ve0xb01ebk7hc|03|net"; nocase; ) # qll7kuufm23bqm66yl10jjjub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qll7kuufm23bqm66yl10jjjub|03|org"; nocase; ) # 1xac9xjf2boom9gis8b28mbd5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xac9xjf2boom9gis8b28mbd5|03|org"; nocase; ) # nnueovuiie05129o8dz1jz40rb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnueovuiie05129o8dz1jz40rb|03|com"; nocase; ) # 9udno01aqcaq3knu191fqegxu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9udno01aqcaq3knu191fqegxu|03|org"; nocase; ) # 1vvrcpgkvwelz5ca6bt4e2zko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vvrcpgkvwelz5ca6bt4e2zko|03|biz"; nocase; ) # 1w0hix311srr481265jgh1qc6ue6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w0hix311srr481265jgh1qc6ue6|03|com"; nocase; ) # 65tvd71xtgyi8rkid5716xjzy2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|65tvd71xtgyi8rkid5716xjzy2|03|org"; nocase; ) # 1x6qr3e1yi2l4ilzama1hb91mp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x6qr3e1yi2l4ilzama1hb91mp|03|com"; nocase; ) # 1uve2o317uo9jk1dj9tlle7vlnr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uve2o317uo9jk1dj9tlle7vlnr|03|net"; nocase; ) # 1f3yq5h15awwrahku51f11znfzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3yq5h15awwrahku51f11znfzk|03|net"; nocase; ) # 1qawrgv1q4p2k2hzx5nul4nf5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qawrgv1q4p2k2hzx5nul4nf5j|03|com"; nocase; ) # 2u56igpw0v8814ef9ddlas684.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2u56igpw0v8814ef9ddlas684|03|com"; nocase; ) # 1o6xc8e15klv5fm5htjcpg8snm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o6xc8e15klv5fm5htjcpg8snm|03|org"; nocase; ) # 1vssxb4jwwej6zoblh9xtkfgj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vssxb4jwwej6zoblh9xtkfgj|03|biz"; nocase; ) # 1kwu5741aaikuct8b477bbcc9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kwu5741aaikuct8b477bbcc9p|03|net"; nocase; ) # 16652vr1cmiss21gqf6kn1nwhs82.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16652vr1cmiss21gqf6kn1nwhs82|03|com"; nocase; ) # h2q4g9kzt22v17l4w8l1jm9r7p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2q4g9kzt22v17l4w8l1jm9r7p|03|org"; nocase; ) # 1v5ms5046t5771cdouuu1ue3r9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v5ms5046t5771cdouuu1ue3r9e|03|biz"; nocase; ) # 1kpz5911x6981f1yxmi8i1gparn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kpz5911x6981f1yxmi8i1gparn9|03|net"; nocase; ) # 153w9ys1y81a1f14cr8tv5undeq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|153w9ys1y81a1f14cr8tv5undeq|03|org"; nocase; ) # u8c89mwfzn1bmt0ywo1jlngvt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u8c89mwfzn1bmt0ywo1jlngvt|03|com"; nocase; ) # 1ae3nffalpm441e2vybq1r4p0qa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ae3nffalpm441e2vybq1r4p0qa|03|biz"; nocase; ) # ud8n9s14i0dow1l4y04t1i1fgij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ud8n9s14i0dow1l4y04t1i1fgij|03|net"; nocase; ) # 1dlx8kr1tm63qlslu8ehl6zktg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlx8kr1tm63qlslu8ehl6zktg|03|biz"; nocase; ) # numtb21t082l1gixpbf14edz39.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|numtb21t082l1gixpbf14edz39|03|net"; nocase; ) # f5qo4xoc1nxardp0anb284qg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5qo4xoc1nxardp0anb284qg|03|com"; nocase; ) # tkda55ncuh0wjxgjepudic0z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tkda55ncuh0wjxgjepudic0z|03|biz"; nocase; ) # ar2ab01x63hcg9a89pemwdkgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ar2ab01x63hcg9a89pemwdkgj|03|net"; nocase; ) # iae94wak8snkqe9aajzz10vk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iae94wak8snkqe9aajzz10vk|03|org"; nocase; ) # 1sk3qy61l7mesvxjy93r6rzkys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sk3qy61l7mesvxjy93r6rzkys|03|net"; nocase; ) # 1qah6t71o5jfzo14yc9vu1w9ltd4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qah6t71o5jfzo14yc9vu1w9ltd4|03|biz"; nocase; ) # 1n6r44yqtxsj48hxjg318uj0o9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n6r44yqtxsj48hxjg318uj0o9|03|net"; nocase; ) # 1ws749x15zqnrn9irsfxuni26q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ws749x15zqnrn9irsfxuni26q|03|biz"; nocase; ) # 1b9wfqbq48uob1lorq6ng6fyaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b9wfqbq48uob1lorq6ng6fyaw|03|com"; nocase; ) # 8tmfvgo6v0ix5slelmk54svo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8tmfvgo6v0ix5slelmk54svo|03|net"; nocase; ) # 1yfvvy51ebf1b71ln03reruh7xj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yfvvy51ebf1b71ln03reruh7xj|03|com"; nocase; ) # mx1h555oyrx11xbyi33hh0nzf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mx1h555oyrx11xbyi33hh0nzf|03|org"; nocase; ) # 1f2s0fdidm71w11o2ww41ho2jmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f2s0fdidm71w11o2ww41ho2jmp|03|net"; nocase; ) # nhmwkh1kew4ea1a7slou1akog16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nhmwkh1kew4ea1a7slou1akog16|03|net"; nocase; ) # 101sfkm1jht1hbcig3ozpfw5et.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|101sfkm1jht1hbcig3ozpfw5et|03|biz"; nocase; ) # 1yupy9g69r99k1cfu1o111o1ppw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yupy9g69r99k1cfu1o111o1ppw|03|org"; nocase; ) # 1fa1fosoxws74oplukm6avj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1fa1fosoxws74oplukm6avj|03|org"; nocase; ) # x7on3qlpnk0ve3tdk4145p3um.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7on3qlpnk0ve3tdk4145p3um|03|net"; nocase; ) # 1my4zvq177mbdl189w1oqsarx3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1my4zvq177mbdl189w1oqsarx3v|03|net"; nocase; ) # h6i6ew1s76c4oql6z301uu2xv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h6i6ew1s76c4oql6z301uu2xv3|03|org"; nocase; ) # qtlrzi1ckgfig7sghok19muitv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qtlrzi1ckgfig7sghok19muitv|03|com"; nocase; ) # 1iwmua61m2mig9huw7i810252lv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iwmua61m2mig9huw7i810252lv|03|net"; nocase; ) # pthydk1kajwv2qzyxtln5picr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pthydk1kajwv2qzyxtln5picr|03|biz"; nocase; ) # o7t1t71a72q301selryvlp1yjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o7t1t71a72q301selryvlp1yjb|03|net"; nocase; ) # 1rznddqxup0121uop6cy1wmyszr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rznddqxup0121uop6cy1wmyszr|03|biz"; nocase; ) # u9eua8jx9dp9rj49jg1su7s0r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u9eua8jx9dp9rj49jg1su7s0r|03|biz"; nocase; ) # zm1ssds6kyf11lapwtmctdpoz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zm1ssds6kyf11lapwtmctdpoz|03|org"; nocase; ) # 170mri112gm5yc1wlmq5r1dqrsdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|170mri112gm5yc1wlmq5r1dqrsdd|03|com"; nocase; ) # 1bdgjmjg5pgkv1puag4th5qhwi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bdgjmjg5pgkv1puag4th5qhwi|03|org"; nocase; ) # qaqgprl1jk5g1qya3kz1us0qam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qaqgprl1jk5g1qya3kz1us0qam|03|net"; nocase; ) # vh9bh9lypit6123ovcmss648s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vh9bh9lypit6123ovcmss648s|03|biz"; nocase; ) # 1ybvepx151k3ls1sx8c968sewr7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybvepx151k3ls1sx8c968sewr7|03|net"; nocase; ) # ddm3cgo4dwon1typgyp1wk95n3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ddm3cgo4dwon1typgyp1wk95n3|03|com"; nocase; ) # 1wvsoqev14owu1nkitjbeala4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvsoqev14owu1nkitjbeala4a|03|net"; nocase; ) # znyiwwyg1cnqz7ftslshm36n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|znyiwwyg1cnqz7ftslshm36n|03|com"; nocase; ) # x8veb5jxftoq1ks9kllgh8f8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x8veb5jxftoq1ks9kllgh8f8d|03|biz"; nocase; ) # uodka148kwqk1k99ysg164u8vb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uodka148kwqk1k99ysg164u8vb|03|net"; nocase; ) # 15mcjx91mrwminduybhpopnb2g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mcjx91mrwminduybhpopnb2g|03|com"; nocase; ) # au6knwqg61uq1hzz9nb1egrmq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|au6knwqg61uq1hzz9nb1egrmq0|03|net"; nocase; ) # jx0axj1afplku1kxtopi5lbfxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jx0axj1afplku1kxtopi5lbfxq|03|biz"; nocase; ) # aw54v81smyxnz1szrwl216u5z0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aw54v81smyxnz1szrwl216u5z0l|03|net"; nocase; ) # 1cgwz6i1xj96podmyft91cgb03u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cgwz6i1xj96podmyft91cgb03u|03|biz"; nocase; ) # zaso3vgbk9mm1jmzwfi2u313z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zaso3vgbk9mm1jmzwfi2u313z|03|com"; nocase; ) # 12dtu6x1ne4doe16jco5d1gj1bl7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12dtu6x1ne4doe16jco5d1gj1bl7|03|net"; nocase; ) # k2bshwse7wnb1vvqyeg1tbghi5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k2bshwse7wnb1vvqyeg1tbghi5|03|org"; nocase; ) # 10ktnu1bc5sco1qz3fa711mwkq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ktnu1bc5sco1qz3fa711mwkq8|03|net"; nocase; ) # 19t3l2l1uar4cp3khea61y85hgm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19t3l2l1uar4cp3khea61y85hgm|03|net"; nocase; ) # 1ghawpelg4hinfhaecz1vrdmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ghawpelg4hinfhaecz1vrdmm|03|org"; nocase; ) # 1k1aw3j5qgubp1m0vef516zkd8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k1aw3j5qgubp1m0vef516zkd8i|03|org"; nocase; ) # j4nkzt11a4q441l2r6qn1ejn7yj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j4nkzt11a4q441l2r6qn1ejn7yj|03|biz"; nocase; ) # qgychd4a8aslt3z4rg1bfvl0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qgychd4a8aslt3z4rg1bfvl0|03|net"; nocase; ) # e5igtw1b7izjauvryd219nc61y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e5igtw1b7izjauvryd219nc61y|03|com"; nocase; ) # 1kpz7vg1hdpvogpydlypue2999.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpz7vg1hdpvogpydlypue2999|03|net"; nocase; ) # zkjv751274ir41oqfpezr8ghhn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zkjv751274ir41oqfpezr8ghhn|03|biz"; nocase; ) # 1tq4oybn78xup1q71wir1nnt6c1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tq4oybn78xup1q71wir1nnt6c1|03|org"; nocase; ) # 1duwwf6d518w61s8gmj61obamcj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1duwwf6d518w61s8gmj61obamcj|03|net"; nocase; ) # kkamly1qirddt1r3uhq5itlkmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kkamly1qirddt1r3uhq5itlkmc|03|com"; nocase; ) # hz910z8dzgy712xva361498z2z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hz910z8dzgy712xva361498z2z|03|biz"; nocase; ) # 1kwv3ipspi3hqa3t0et14go1b9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kwv3ipspi3hqa3t0et14go1b9|03|net"; nocase; ) # 16mp65hg4s8n2hu43mm1hyfa6g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16mp65hg4s8n2hu43mm1hyfa6g|03|com"; nocase; ) # 1e1hlcmkeepz215wf96eldul6c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e1hlcmkeepz215wf96eldul6c|03|net"; nocase; ) # dpenyp1mrsipuzo0d09116ckpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpenyp1mrsipuzo0d09116ckpq|03|org"; nocase; ) # 1fpgpi1voss4l59lo3j1391c66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpgpi1voss4l59lo3j1391c66|03|net"; nocase; ) # h3q2yy16ot5un1yiad3tbqxg9h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h3q2yy16ot5un1yiad3tbqxg9h|03|org"; nocase; ) # rgti1z1nmuuy7moezzh1b00utr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rgti1z1nmuuy7moezzh1b00utr|03|com"; nocase; ) # 6zdb7uux80zauys84g7q8r0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6zdb7uux80zauys84g7q8r0z|03|org"; nocase; ) # 10ms3hw10ed1ii18sn4u2111kkcy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ms3hw10ed1ii18sn4u2111kkcy|03|biz"; nocase; ) # e8w8hxh4x3axdbjdsd9znqr0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e8w8hxh4x3axdbjdsd9znqr0|03|com"; nocase; ) # 1lc8d4c1i7wavn12hbe5dy4xg4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lc8d4c1i7wavn12hbe5dy4xg4b|03|net"; nocase; ) # 1aj774u10ga88o118ubhdyghppt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aj774u10ga88o118ubhdyghppt|03|org"; nocase; ) # 1wnfzms6kmlp91pjn86nu7wgbl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wnfzms6kmlp91pjn86nu7wgbl|03|biz"; nocase; ) # ipyaskwqul426f8tcb10hy1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ipyaskwqul426f8tcb10hy1e|03|com"; nocase; ) # dyydj6bkwkbw5ek4yec988vz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dyydj6bkwkbw5ek4yec988vz|03|org"; nocase; ) # jtdyqz4abu2r3eu7i8xgssmr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jtdyqz4abu2r3eu7i8xgssmr|03|biz"; nocase; ) # 55x4i11taovh2jv4dgndu3w97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|55x4i11taovh2jv4dgndu3w97|03|net"; nocase; ) # wm4jxh16y824n9wcxyk16elfi8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wm4jxh16y824n9wcxyk16elfi8|03|biz"; nocase; ) # 10j9r4d1xwvmpk1xi9x3o111w06z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10j9r4d1xwvmpk1xi9x3o111w06z|03|net"; nocase; ) # fq8pxp1xydz0mm7m1381grga47.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fq8pxp1xydz0mm7m1381grga47|03|net"; nocase; ) # 1neb9a018i2jxngqalk41247c1f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1neb9a018i2jxngqalk41247c1f|03|com"; nocase; ) # 1riizid1z2o501s11fxk1mboqew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1riizid1z2o501s11fxk1mboqew|03|biz"; nocase; ) # 1jsvmo013mhfp7hc81e11kohxdv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsvmo013mhfp7hc81e11kohxdv|03|net"; nocase; ) # 1ag58df19rt85qfetjbevmkmup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ag58df19rt85qfetjbevmkmup|03|com"; nocase; ) # gflmq31fmema2r6wutu1qpdpw0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gflmq31fmema2r6wutu1qpdpw0|03|com"; nocase; ) # gthvr21o04117ff9vwv2e1n90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gthvr21o04117ff9vwv2e1n90|03|com"; nocase; ) # 1vivl8o11p9ybo6gtqjz4nc5yb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vivl8o11p9ybo6gtqjz4nc5yb|03|biz"; nocase; ) # w21w8w1qrd23ga9igw41bl99mw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w21w8w1qrd23ga9igw41bl99mw|03|biz"; nocase; ) # zu13b21u6443j17gxcsk1gm04qu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zu13b21u6443j17gxcsk1gm04qu|03|biz"; nocase; ) # vcn2mbwqcqrccn2n6l1xg5gj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vcn2mbwqcqrccn2n6l1xg5gj|03|com"; nocase; ) # 2ps6sqv7p69befqoj21ken4kj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ps6sqv7p69befqoj21ken4kj|03|com"; nocase; ) # 1qp9phq194eupi1pz4omn1ku0ls3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qp9phq194eupi1pz4omn1ku0ls3|03|biz"; nocase; ) # jsd1yhv3sekc13b4j8x1mkereb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jsd1yhv3sekc13b4j8x1mkereb|03|biz"; nocase; ) # 15k6ih8130p31rrfwp2inpaenf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15k6ih8130p31rrfwp2inpaenf|03|com"; nocase; ) # fnpx3mjyugh1mdthq8ub8ohm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fnpx3mjyugh1mdthq8ub8ohm|03|com"; nocase; ) # c3men51a2glfa1dlhmc019fek1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c3men51a2glfa1dlhmc019fek1z|03|net"; nocase; ) # 21ycts1f8e2z7nz8j7v7bnulu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21ycts1f8e2z7nz8j7v7bnulu|03|com"; nocase; ) # 30r60jt4qy0g1l0ibksjmfzl0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30r60jt4qy0g1l0ibksjmfzl0|03|net"; nocase; ) # 3feya01teiw5ox0osbv11qrtoc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3feya01teiw5ox0osbv11qrtoc|03|org"; nocase; ) # 16o2ziolcpnhm1yp16sk1kst02t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16o2ziolcpnhm1yp16sk1kst02t|03|com"; nocase; ) # l0vkmc1ah7vt41lvpuds1540see.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l0vkmc1ah7vt41lvpuds1540see|03|org"; nocase; ) # uw85pivxfi7h1g27yxm1orqikd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uw85pivxfi7h1g27yxm1orqikd|03|com"; nocase; ) # p4bv72bj4kwodaaluw8n86n9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p4bv72bj4kwodaaluw8n86n9|03|net"; nocase; ) # ns4qsfwbpeal1xvsikj10q9bi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ns4qsfwbpeal1xvsikj10q9bi7|03|com"; nocase; ) # 1f8otihijzg971l3i39k1syu3y4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f8otihijzg971l3i39k1syu3y4|03|net"; nocase; ) # 1pxylhb2zpdzm1dkp5am13izqx6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pxylhb2zpdzm1dkp5am13izqx6|03|org"; nocase; ) # 1wqv6uq1klmsz31sioz50hso6l9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wqv6uq1klmsz31sioz50hso6l9|03|biz"; nocase; ) # o4ct7j3ocrk01afbv491asw5ih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4ct7j3ocrk01afbv491asw5ih|03|net"; nocase; ) # 107x8auakqu3u1w0kf8f1delpza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107x8auakqu3u1w0kf8f1delpza|03|org"; nocase; ) # 1o6km0hqmu3nnoqrkef1beis72.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o6km0hqmu3nnoqrkef1beis72|03|biz"; nocase; ) # pw87m41nk86sozc04nv1b5661q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pw87m41nk86sozc04nv1b5661q|03|com"; nocase; ) # 1lntuqnzf5kply5lw9zp8zw0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lntuqnzf5kply5lw9zp8zw0d|03|org"; nocase; ) # 1pr9nns7wau6omh0n6s1woh4ka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pr9nns7wau6omh0n6s1woh4ka|03|biz"; nocase; ) # lz2r7c8lmghm1433722ljtsqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lz2r7c8lmghm1433722ljtsqk|03|net"; nocase; ) # p7jub537pc1u196vc5u1ywzwkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p7jub537pc1u196vc5u1ywzwkf|03|org"; nocase; ) # tq6naz1aefo7yzf3img1i27dlg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tq6naz1aefo7yzf3img1i27dlg|03|net"; nocase; ) # 1fccvf91sch4qmhrnpbpdu906.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fccvf91sch4qmhrnpbpdu906|03|org"; nocase; ) # grelsxb3tgsw1o72ery10he9wd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|grelsxb3tgsw1o72ery10he9wd|03|biz"; nocase; ) # h0emdg1va3w03cq0wpo12is89x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0emdg1va3w03cq0wpo12is89x|03|com"; nocase; ) # cmk0oe1r9l1osusb41we8etw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cmk0oe1r9l1osusb41we8etw9|03|net"; nocase; ) # 15iev7618kmzr2ze4rxrjb05or.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15iev7618kmzr2ze4rxrjb05or|03|com"; nocase; ) # xxm8fwgdxehd1o6ivte1knzcxw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xxm8fwgdxehd1o6ivte1knzcxw|03|org"; nocase; ) # otpvyas3720g117h7tmw1aeg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|otpvyas3720g117h7tmw1aeg|03|net"; nocase; ) # 1wtat8h182b8q4ag5fik195y80n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wtat8h182b8q4ag5fik195y80n|03|com"; nocase; ) # 1vagijjz342ol1oddgug1ih28w7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vagijjz342ol1oddgug1ih28w7|03|com"; nocase; ) # 2trorlghrvcn1imsufa1cj2qwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2trorlghrvcn1imsufa1cj2qwx|03|com"; nocase; ) # 1czq6v714193lel7hr2e129amq3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1czq6v714193lel7hr2e129amq3|03|net"; nocase; ) # 1urkq751bijuu49ucjkghm97b0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1urkq751bijuu49ucjkghm97b0|03|com"; nocase; ) # z3xpz71uzn4ske6ad9n6w91tk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z3xpz71uzn4ske6ad9n6w91tk|03|org"; nocase; ) # 1n0dqnsghwt68zzu43mz9hd9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n0dqnsghwt68zzu43mz9hd9y|03|org"; nocase; ) # 1l9pxon135mq1v1djqoagnpq59t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l9pxon135mq1v1djqoagnpq59t|03|biz"; nocase; ) # noad0xcqho6s1dx89vm6n2cjs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|noad0xcqho6s1dx89vm6n2cjs|03|biz"; nocase; ) # xq1ihr1q6ougxsd146914k2ews.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xq1ihr1q6ougxsd146914k2ews|03|biz"; nocase; ) # 1f37hj215qgfbhibp0x2usabcj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f37hj215qgfbhibp0x2usabcj|03|org"; nocase; ) # n8yjk8ob595rlcnfka1ai2ynh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n8yjk8ob595rlcnfka1ai2ynh|03|net"; nocase; ) # 89uewuyedk959tj4041j6inwb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89uewuyedk959tj4041j6inwb|03|biz"; nocase; ) # 15hsv4c1jzsmjse2t2471jfm7qm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15hsv4c1jzsmjse2t2471jfm7qm|03|net"; nocase; ) # xsolup1ovw5iw1b4ww2j1fiyz3l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xsolup1ovw5iw1b4ww2j1fiyz3l|03|org"; nocase; ) # 1xudkgb19fptajcrn99j1bfmmx1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xudkgb19fptajcrn99j1bfmmx1|03|net"; nocase; ) # 1dpqt2g112lzks1pm5ll1lq4wsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dpqt2g112lzks1pm5ll1lq4wsz|03|com"; nocase; ) # 1ubpsnjcuv83uj7a8a6fk8gqb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ubpsnjcuv83uj7a8a6fk8gqb|03|org"; nocase; ) # 13oq3kk1fn1t6jztwuvxshxpw9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13oq3kk1fn1t6jztwuvxshxpw9|03|biz"; nocase; ) # 1plzox51m4xjgj1yo4a0g5lpwrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1plzox51m4xjgj1yo4a0g5lpwrm|03|net"; nocase; ) # 9bhrjqrmmo5r1gigpqsnwx3x7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bhrjqrmmo5r1gigpqsnwx3x7|03|org"; nocase; ) # 188vomc3fqt3i154mpyp17mun1x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|188vomc3fqt3i154mpyp17mun1x|03|biz"; nocase; ) # kgkezg13xzlcm68z9zwy6018t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kgkezg13xzlcm68z9zwy6018t|03|com"; nocase; ) # rvzt7qgmqckg1ehg6ca1jbj36i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rvzt7qgmqckg1ehg6ca1jbj36i|03|net"; nocase; ) # cvs3n01ur4afvhjbk141ynyhxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cvs3n01ur4afvhjbk141ynyhxe|03|org"; nocase; ) # 13jukguw289d4f5q06c1coht6p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13jukguw289d4f5q06c1coht6p|03|biz"; nocase; ) # 1t09zye15ojkas15kkzbf1svmosc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t09zye15ojkas15kkzbf1svmosc|03|com"; nocase; ) # 3dqx311r7ndf4iyy6uwyinrji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3dqx311r7ndf4iyy6uwyinrji|03|com"; nocase; ) # jbgp4k1fhw2hj1s32irlgbk4yo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jbgp4k1fhw2hj1s32irlgbk4yo|03|org"; nocase; ) # 1lgrxmiz14k7t1j1u4mfqa5rec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lgrxmiz14k7t1j1u4mfqa5rec|03|org"; nocase; ) # a5pj801rovsql1kipo7z1vh4i3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a5pj801rovsql1kipo7z1vh4i3s|03|com"; nocase; ) # 6i27cj1bcue6pv7u0w38jouhn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6i27cj1bcue6pv7u0w38jouhn|03|org"; nocase; ) # hy2sw61sren1d8brtwc13zrs8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hy2sw61sren1d8brtwc13zrs8h|03|net"; nocase; ) # isi6t71n7u4zu4zsf8r43exy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|isi6t71n7u4zu4zsf8r43exy|03|biz"; nocase; ) # 1qyh4rb1semnh51jxdphs1lx6ec5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qyh4rb1semnh51jxdphs1lx6ec5|03|org"; nocase; ) # 10n25f51623ml4d3dlebbh6pjz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10n25f51623ml4d3dlebbh6pjz|03|biz"; nocase; ) # 4cbgx41essg3mkumini81m75a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4cbgx41essg3mkumini81m75a|03|org"; nocase; ) # u78xef1816wmo51qfpbmnkt08.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u78xef1816wmo51qfpbmnkt08|03|com"; nocase; ) # badckd1liky2b1innzah1pv4ybe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|badckd1liky2b1innzah1pv4ybe|03|org"; nocase; ) # 1r03ap1pmlmdg1r1jkmq7dudvt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r03ap1pmlmdg1r1jkmq7dudvt|03|biz"; nocase; ) # d1cs27dklpmwujadw7uunhst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d1cs27dklpmwujadw7uunhst|03|net"; nocase; ) # 17dvzc71a42o0r1e345wven80n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17dvzc71a42o0r1e345wven80n|03|com"; nocase; ) # hjo6dwayf9j3uoe12xyhdl53.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hjo6dwayf9j3uoe12xyhdl53|03|org"; nocase; ) # ni87f09hs1pk1ttgcad18ykmup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ni87f09hs1pk1ttgcad18ykmup|03|net"; nocase; ) # 16az768j4zdmb8mi8tr1y9rhmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16az768j4zdmb8mi8tr1y9rhmo|03|net"; nocase; ) # 1gkrnninbqgz8rwmd3zr8h139.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gkrnninbqgz8rwmd3zr8h139|03|net"; nocase; ) # 17b0ibi1bik4494zz39f177hwo0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17b0ibi1bik4494zz39f177hwo0|03|org"; nocase; ) # 3sitr81mx9x4m17l3aa316bm9l3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3sitr81mx9x4m17l3aa316bm9l3|03|org"; nocase; ) # d25rrw1o0fcr11bf7chog4oyrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d25rrw1o0fcr11bf7chog4oyrd|03|net"; nocase; ) # 2tm1gm1u52csf1yfrndptu55xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2tm1gm1u52csf1yfrndptu55xh|03|net"; nocase; ) # 1sn94iy1pljsli9xl0ti10qo5jy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sn94iy1pljsli9xl0ti10qo5jy|03|biz"; nocase; ) # 1du9wpvp4cqjk5tiv11iop40y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1du9wpvp4cqjk5tiv11iop40y|03|com"; nocase; ) # p9l20813u7p1e18r0cqk1e0ecw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9l20813u7p1e18r0cqk1e0ecw|03|org"; nocase; ) # 19bf3w71psgbegfuhsbhv14s3q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19bf3w71psgbegfuhsbhv14s3q|03|org"; nocase; ) # 1yru21l163tsfql82jwf4kubsc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yru21l163tsfql82jwf4kubsc|03|biz"; nocase; ) # eqg0ik1dxt1usuwv6v03xlx34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqg0ik1dxt1usuwv6v03xlx34|03|org"; nocase; ) # inabsktn67fw10pq14tpje3ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|inabsktn67fw10pq14tpje3ar|03|net"; nocase; ) # 54jjbb15mv3rnpz8rfze8fgsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|54jjbb15mv3rnpz8rfze8fgsp|03|org"; nocase; ) # 11w2ua4uhs0n1r94sv0ab3cd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11w2ua4uhs0n1r94sv0ab3cd1|03|net"; nocase; ) # gp0iuv7usma3lzdzipnkt7sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gp0iuv7usma3lzdzipnkt7sq|03|net"; nocase; ) # 1npwqvs1rjzafogio98p1d40j0y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1npwqvs1rjzafogio98p1d40j0y|03|org"; nocase; ) # 1k1s9uf17ax9dbgxgp7b1274arp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k1s9uf17ax9dbgxgp7b1274arp|03|com"; nocase; ) # 16gwgusj2kgps1i6uh2g1jc1umw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16gwgusj2kgps1i6uh2g1jc1umw|03|net"; nocase; ) # 7oswrc75ejdi6zwztxdlrbsx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7oswrc75ejdi6zwztxdlrbsx|03|biz"; nocase; ) # 15i21ht7f4iea1h61kgtfpbx7q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15i21ht7f4iea1h61kgtfpbx7q|03|org"; nocase; ) # k9l982edukzbfrdv6p1lvwryp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k9l982edukzbfrdv6p1lvwryp|03|org"; nocase; ) # 18zifiu1albro716xyaqv3cecoz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18zifiu1albro716xyaqv3cecoz|03|com"; nocase; ) # 1yxf9961r71g1a7wvp0b1jvzvll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxf9961r71g1a7wvp0b1jvzvll|03|net"; nocase; ) # 19oljce1sxghn48sh9cy1gryypa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19oljce1sxghn48sh9cy1gryypa|03|com"; nocase; ) # 1evgns0vhvkrq1rgvbjvlhrt14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evgns0vhvkrq1rgvbjvlhrt14|03|org"; nocase; ) # a0tqyfvh2ygc1az5yyjl8p2np.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a0tqyfvh2ygc1az5yyjl8p2np|03|org"; nocase; ) # 1v7fkbs1ynqnvuox2hf9svj54j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v7fkbs1ynqnvuox2hf9svj54j|03|com"; nocase; ) # 1ha2l8l1dp71lt14pv709fttc9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ha2l8l1dp71lt14pv709fttc9e|03|com"; nocase; ) # 1suuwwjkzmh2uf26z08a7ft2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1suuwwjkzmh2uf26z08a7ft2s|03|net"; nocase; ) # 6ykof1w83o9k1y8t77r1yvy6cb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ykof1w83o9k1y8t77r1yvy6cb|03|biz"; nocase; ) # 1u48vtpq795wxrxbhnp1r5it4f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u48vtpq795wxrxbhnp1r5it4f|03|org"; nocase; ) # 1r8ts9l1ydxvbd1j784551qrdtpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r8ts9l1ydxvbd1j784551qrdtpz|03|net"; nocase; ) # 11tf1zawilers102bzk5pexgum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11tf1zawilers102bzk5pexgum|03|net"; nocase; ) # f41zmki6q9e51vevneg1pr35rp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f41zmki6q9e51vevneg1pr35rp|03|com"; nocase; ) # 1dm68zk84wsjr1fqmn9w1lk851v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dm68zk84wsjr1fqmn9w1lk851v|03|com"; nocase; ) # f4z29i1vtukiv36j6z6hf24nb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f4z29i1vtukiv36j6z6hf24nb|03|org"; nocase; ) # 1dmvrlr1pevo411d4q9fh1n786e9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dmvrlr1pevo411d4q9fh1n786e9|03|net"; nocase; ) # afcgimhpy1i7fl7odh4ee8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|afcgimhpy1i7fl7odh4ee8s|03|net"; nocase; ) # 13vd965sijkitijenhg1tw0njd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13vd965sijkitijenhg1tw0njd|03|org"; nocase; ) # 74qa7l9h0s4w11ee4txxrvmvv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74qa7l9h0s4w11ee4txxrvmvv|03|com"; nocase; ) # 1d0fd4rr3s70s2bpsws1cov4lb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d0fd4rr3s70s2bpsws1cov4lb|03|net"; nocase; ) # 1ieg80gkzs6kzlyyycl15ddloo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ieg80gkzs6kzlyyycl15ddloo|03|biz"; nocase; ) # 108knn51toa55u1v0fkg4j2b2ud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108knn51toa55u1v0fkg4j2b2ud|03|org"; nocase; ) # 13itj0l1qcnkl61yvosvx1f1lpjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13itj0l1qcnkl61yvosvx1f1lpjg|03|com"; nocase; ) # 1p3fukp1gl9lqf1qr33bz3q9f4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3fukp1gl9lqf1qr33bz3q9f4x|03|net"; nocase; ) # 1s0a4dg83571o1roo83o1x7bj2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s0a4dg83571o1roo83o1x7bj2h|03|net"; nocase; ) # 2lrgqt1rv7k71lju0vx1kl7ekv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2lrgqt1rv7k71lju0vx1kl7ekv|03|org"; nocase; ) # 1vw64d5169systmbrqm1csrwgl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vw64d5169systmbrqm1csrwgl|03|net"; nocase; ) # dnyyr4w58mgjsvln215n42yn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dnyyr4w58mgjsvln215n42yn|03|net"; nocase; ) # 1j29temn3n7wo65ne0meh80ss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j29temn3n7wo65ne0meh80ss|03|org"; nocase; ) # 1tp34w6bcbezf18zgaru1ati0mo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tp34w6bcbezf18zgaru1ati0mo|03|net"; nocase; ) # 1sl9xxmg00eyf1716keb148ob2k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sl9xxmg00eyf1716keb148ob2k|03|net"; nocase; ) # jl69hsh9kkiitwamuc1pf797s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jl69hsh9kkiitwamuc1pf797s|03|biz"; nocase; ) # 2xc4b946rb4oqm28ouwfbgce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2xc4b946rb4oqm28ouwfbgce|03|com"; nocase; ) # 1rf2nhk11zwcjb13uljcd1tuanl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rf2nhk11zwcjb13uljcd1tuanl0|03|com"; nocase; ) # 1et8yq01kgcrbo16dmtk51uoaqfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1et8yq01kgcrbo16dmtk51uoaqfe|03|biz"; nocase; ) # 1p352yu7cmiex19js9hh1uro4b2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p352yu7cmiex19js9hh1uro4b2|03|com"; nocase; ) # zrje8i1s7fsdqbojzcb1discb0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zrje8i1s7fsdqbojzcb1discb0|03|biz"; nocase; ) # 8xls3z4qonv7vthpwy1ni0o8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8xls3z4qonv7vthpwy1ni0o8v|03|net"; nocase; ) # mm3y3i1xwbsy8sqqk9512fe4xr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mm3y3i1xwbsy8sqqk9512fe4xr|03|org"; nocase; ) # 1nr0mcw51n12fk94dce123cvax.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nr0mcw51n12fk94dce123cvax|03|org"; nocase; ) # 10t4he0194nha2b9cj8ueeqpdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10t4he0194nha2b9cj8ueeqpdy|03|net"; nocase; ) # 1jbxwkg15yjydpo12t2yf3n93t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbxwkg15yjydpo12t2yf3n93t|03|com"; nocase; ) # 1op2vfpv1mtji16o9uomv9qdg0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1op2vfpv1mtji16o9uomv9qdg0|03|biz"; nocase; ) # 1o2k88edhjc5rqv7fafg2dus1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o2k88edhjc5rqv7fafg2dus1|03|org"; nocase; ) # 1pi2qzr1icmlws1dgxc911imgce6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pi2qzr1icmlws1dgxc911imgce6|03|net"; nocase; ) # nsuwrs1246j8219hltq616j8k1i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nsuwrs1246j8219hltq616j8k1i|03|com"; nocase; ) # 1s5jvuf1tweu001xoiqmf1iikiqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s5jvuf1tweu001xoiqmf1iikiqk|03|com"; nocase; ) # 18u5v5spfb5dj1mzze1r8edqod.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18u5v5spfb5dj1mzze1r8edqod|03|net"; nocase; ) # 1xrzudajw9he112vjqdp1ws4srp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xrzudajw9he112vjqdp1ws4srp|03|net"; nocase; ) # bltbfd1cebxd1pa27j7rapv3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bltbfd1cebxd1pa27j7rapv3k|03|net"; nocase; ) # c7zxxq1pt1ips13slnt132fd5f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c7zxxq1pt1ips13slnt132fd5f|03|net"; nocase; ) # 1m22zt61j07uiltxf6g0u4yg71.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m22zt61j07uiltxf6g0u4yg71|03|org"; nocase; ) # tvowa8swnr0d7j3sh0zo2fev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tvowa8swnr0d7j3sh0zo2fev|03|net"; nocase; ) # 1pyl1w412pdu94ov3ysvnv26pf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pyl1w412pdu94ov3ysvnv26pf|03|net"; nocase; ) # t3yk8j1f1wobj184xvkcoti008.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t3yk8j1f1wobj184xvkcoti008|03|com"; nocase; ) # tz990tvleeqx196bjr039b4pn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tz990tvleeqx196bjr039b4pn|03|com"; nocase; ) # mhsc8y17j99o15pzrlb1q8uyvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mhsc8y17j99o15pzrlb1q8uyvv|03|net"; nocase; ) # 1xrwg8e1bpsrg4m0dgnk1tp4rxq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xrwg8e1bpsrg4m0dgnk1tp4rxq|03|org"; nocase; ) # 1vyv4851aknr5ojd5ywv9nzf8k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vyv4851aknr5ojd5ywv9nzf8k|03|com"; nocase; ) # 19tfubi1pcjllhlt7l6x1e602ox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19tfubi1pcjllhlt7l6x1e602ox|03|com"; nocase; ) # yi2jop1jq2psg1uwz2dh1m2qcbk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yi2jop1jq2psg1uwz2dh1m2qcbk|03|net"; nocase; ) # 10gaeynxqcn8f1tvzzt1l1skh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10gaeynxqcn8f1tvzzt1l1skh|03|net"; nocase; ) # 1s08bbrqk9k6h1xoitim198alqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s08bbrqk9k6h1xoitim198alqj|03|com"; nocase; ) # y2hyoc19qvrzl1432h7m1alxxvf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y2hyoc19qvrzl1432h7m1alxxvf|03|com"; nocase; ) # 1votmrf6pglszu45vlenalkue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1votmrf6pglszu45vlenalkue|03|org"; nocase; ) # 17io6b817gqnfm16c4umd1qtz9rx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17io6b817gqnfm16c4umd1qtz9rx|03|com"; nocase; ) # 81w3q6bj1he7f2tlh13r9464.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|81w3q6bj1he7f2tlh13r9464|03|org"; nocase; ) # h589if1mce6fuqefp541xxo03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h589if1mce6fuqefp541xxo03|03|com"; nocase; ) # 8y7o0m3cs1z6z5eb6s10pxo9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8y7o0m3cs1z6z5eb6s10pxo9l|03|net"; nocase; ) # spajgmyifpy384e8p7c9a5jg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|spajgmyifpy384e8p7c9a5jg|03|com"; nocase; ) # 15o9i34bewh6t1mrt3qaeqjn3w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15o9i34bewh6t1mrt3qaeqjn3w|03|org"; nocase; ) # 18b7pks16flsop10qtxuf1uoze9l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18b7pks16flsop10qtxuf1uoze9l|03|com"; nocase; ) # 12z1rzj1ai0m5m5309ml1xs4n4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12z1rzj1ai0m5m5309ml1xs4n4j|03|biz"; nocase; ) # 1w0dqk2betza7luqtd714rzygs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w0dqk2betza7luqtd714rzygs|03|org"; nocase; ) # sc5yleg6i5i6qdc6oq1yqmvxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sc5yleg6i5i6qdc6oq1yqmvxv|03|net"; nocase; ) # 1vchkog1jgx5d01iwdfku1oboxpc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vchkog1jgx5d01iwdfku1oboxpc|03|net"; nocase; ) # dtrt7k1l3xh0wp8bs9u14udivz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dtrt7k1l3xh0wp8bs9u14udivz|03|biz"; nocase; ) # zft73ki45ncqef2v8juwujdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zft73ki45ncqef2v8juwujdy|03|net"; nocase; ) # 1nzaagpavvv7h1mjhidmbt2ghn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzaagpavvv7h1mjhidmbt2ghn|03|net"; nocase; ) # n1vtpz1lj8vxve1icwqme1j4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n1vtpz1lj8vxve1icwqme1j4e|03|biz"; nocase; ) # dhfbrr6stni41a0k5kn1bwsssr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dhfbrr6stni41a0k5kn1bwsssr|03|net"; nocase; ) # 1p4i4yi1jweoax16r1sdk1a9gttc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p4i4yi1jweoax16r1sdk1a9gttc|03|net"; nocase; ) # 1v6xu0rd54ekqurrc1r17ml7co.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v6xu0rd54ekqurrc1r17ml7co|03|net"; nocase; ) # 7uot718c3rxa1o3n6g81ljga50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7uot718c3rxa1o3n6g81ljga50|03|net"; nocase; ) # 7h5ugd1cwpxhf1flzkjjcxvc82.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7h5ugd1cwpxhf1flzkjjcxvc82|03|com"; nocase; ) # 1658adq18fjujz1c3t1q9bf9rk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1658adq18fjujz1c3t1q9bf9rk7|03|net"; nocase; ) # roejnjd3lic9l0090j1c6dj39.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|roejnjd3lic9l0090j1c6dj39|03|org"; nocase; ) # 1dffiaw1dvni8z1ked098krau51.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dffiaw1dvni8z1ked098krau51|03|net"; nocase; ) # 1n1p4l2pt7aewebz7tx1vm9iiu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1p4l2pt7aewebz7tx1vm9iiu|03|org"; nocase; ) # 120fecvh4zstz3pec2o1fsuoie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120fecvh4zstz3pec2o1fsuoie|03|org"; nocase; ) # 18hkvjs136vuxe1ydmsqe34oxc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18hkvjs136vuxe1ydmsqe34oxc1|03|net"; nocase; ) # 2gzw5f2fp3au1tglsi1d3up0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2gzw5f2fp3au1tglsi1d3up0h|03|org"; nocase; ) # 1540u0w12932cpxvecwb1dfhq8a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1540u0w12932cpxvecwb1dfhq8a|03|com"; nocase; ) # 1ria2jz111a6g51wmgva61m7ygwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ria2jz111a6g51wmgva61m7ygwu|03|net"; nocase; ) # d3che9jaa9eq37fe0vsumrx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d3che9jaa9eq37fe0vsumrx4|03|com"; nocase; ) # 1wqjzarwvmy4pxrkn81wxp01f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wqjzarwvmy4pxrkn81wxp01f|03|org"; nocase; ) # w0309z6air0wwah34a1i5mrwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w0309z6air0wwah34a1i5mrwm|03|net"; nocase; ) # bm3tu74bv1ij10j6byv185fhk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bm3tu74bv1ij10j6byv185fhk2|03|net"; nocase; ) # 1gdbjfo58157qqdp7mupryf4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gdbjfo58157qqdp7mupryf4w|03|net"; nocase; ) # qhd2ea15hmwbj23yaj14f6kyx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qhd2ea15hmwbj23yaj14f6kyx|03|org"; nocase; ) # 63kzvj3clszg89wicekw7r4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|63kzvj3clszg89wicekw7r4|03|com"; nocase; ) # 168igbi1smqetq1lgyo8wy3j8e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168igbi1smqetq1lgyo8wy3j8e|03|biz"; nocase; ) # 1cqd0xuxj8iiev2m9rt1kzztf5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqd0xuxj8iiev2m9rt1kzztf5|03|org"; nocase; ) # a1anh31unk4wp1l8q55kj9vaj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a1anh31unk4wp1l8q55kj9vaj6|03|org"; nocase; ) # 1sogx9l10c24mow28757fryy0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sogx9l10c24mow28757fryy0|03|com"; nocase; ) # rj5gyy98l7io1drd7djqqhket.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rj5gyy98l7io1drd7djqqhket|03|org"; nocase; ) # pdvhhj1vlp8p71byvy5a1k76waq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pdvhhj1vlp8p71byvy5a1k76waq|03|biz"; nocase; ) # x2n9u71o9b4ryut2l5isdo95q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x2n9u71o9b4ryut2l5isdo95q|03|net"; nocase; ) # a8yckmp41oyj1087k3ywu8klg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a8yckmp41oyj1087k3ywu8klg|03|org"; nocase; ) # pf43h2f25g9f19cnomrvp560w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pf43h2f25g9f19cnomrvp560w|03|com"; nocase; ) # cp58aw84hyow1b0bspm1oqfj65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cp58aw84hyow1b0bspm1oqfj65|03|net"; nocase; ) # tuigum1joec1f1u3ko941o8yusm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tuigum1joec1f1u3ko941o8yusm|03|biz"; nocase; ) # dufy8y1e5k4ahq9twk91hfpn0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dufy8y1e5k4ahq9twk91hfpn0a|03|net"; nocase; ) # 1tinrhreglkke1o3lf9m1ano82o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tinrhreglkke1o3lf9m1ano82o|03|net"; nocase; ) # v229aq1si38zvrv9ug3kqgb2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v229aq1si38zvrv9ug3kqgb2z|03|org"; nocase; ) # 1my7jh11q984rvur54br5s4045.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1my7jh11q984rvur54br5s4045|03|net"; nocase; ) # 2phpn91iw828or8jwazk24osg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2phpn91iw828or8jwazk24osg|03|net"; nocase; ) # b22y10456k3a1712ijo9lgxr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b22y10456k3a1712ijo9lgxr|03|biz"; nocase; ) # cgnofc1kaqvz51gfs5kn1v8r42j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cgnofc1kaqvz51gfs5kn1v8r42j|03|org"; nocase; ) # 1b4i9me10elu168kzt3eyi5wxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4i9me10elu168kzt3eyi5wxe|03|com"; nocase; ) # 81j20oosurqg62j9qv4wwab7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|81j20oosurqg62j9qv4wwab7|03|org"; nocase; ) # hzudq56av5w411k65iv1gh8sf7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hzudq56av5w411k65iv1gh8sf7|03|net"; nocase; ) # 1wb4di21gwec40rlrsru1i4futg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wb4di21gwec40rlrsru1i4futg|03|net"; nocase; ) # zkjqx87dge2z1y3nd5a117k1fn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zkjqx87dge2z1y3nd5a117k1fn|03|net"; nocase; ) # j6wr1iaj9htd1sk14vnyggkr2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6wr1iaj9htd1sk14vnyggkr2|03|net"; nocase; ) # 16xw0mgb2lxny1ntyj6s15jd3xi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xw0mgb2lxny1ntyj6s15jd3xi|03|biz"; nocase; ) # 19ef1v31p14gsl1xbs7vbefykj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ef1v31p14gsl1xbs7vbefykj6|03|org"; nocase; ) # 9rtnj1ab66uod6iqcd1w3w9fc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9rtnj1ab66uod6iqcd1w3w9fc|03|net"; nocase; ) # xszlvv2kr1tk1fs500zd2gy7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xszlvv2kr1tk1fs500zd2gy7w|03|org"; nocase; ) # hzmx8l1n6jhqdeaamhyvyliv8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hzmx8l1n6jhqdeaamhyvyliv8|03|org"; nocase; ) # 2tmmb51w4ba871vhpelue7k76y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2tmmb51w4ba871vhpelue7k76y|03|net"; nocase; ) # 16jpcqf1vw1f8a166169xvg6ppk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16jpcqf1vw1f8a166169xvg6ppk|03|net"; nocase; ) # 76fugt1un75s71rycxzr18ct2gg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|76fugt1un75s71rycxzr18ct2gg|03|org"; nocase; ) # vm1vmp1t8zysvee35om1018roi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vm1vmp1t8zysvee35om1018roi|03|net"; nocase; ) # 19z0gy99b391j1r15nctw6wmoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19z0gy99b391j1r15nctw6wmoj|03|net"; nocase; ) # x7ro1cqipslwxoyp1h1vfgm8b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7ro1cqipslwxoyp1h1vfgm8b|03|biz"; nocase; ) # 1qrh4cq13kfm04qru0251g5a2xz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qrh4cq13kfm04qru0251g5a2xz|03|biz"; nocase; ) # 14bnng1ihh3mx1mcale31qmhagl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14bnng1ihh3mx1mcale31qmhagl|03|com"; nocase; ) # d18su6i0ipqw193qsoi1i5u2gx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d18su6i0ipqw193qsoi1i5u2gx|03|com"; nocase; ) # 1vpwmet12fa7nw1fhq6oxoy8hl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vpwmet12fa7nw1fhq6oxoy8hl4|03|com"; nocase; ) # 141d0twnt506o16z6nii16903x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|141d0twnt506o16z6nii16903x|03|org"; nocase; ) # 7f9k8ndjs7e7v9yzvxc05qo6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7f9k8ndjs7e7v9yzvxc05qo6|03|org"; nocase; ) # k2jl0i1wud4cr1mc8z19124k545.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k2jl0i1wud4cr1mc8z19124k545|03|biz"; nocase; ) # h4ww4914uvywhnpxx1r11vl2c1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h4ww4914uvywhnpxx1r11vl2c1|03|com"; nocase; ) # bgymgey4v6q1zec1f01mrygow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bgymgey4v6q1zec1f01mrygow|03|com"; nocase; ) # 1nzk7jvjb8ewui4xygz17x2lr4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzk7jvjb8ewui4xygz17x2lr4|03|net"; nocase; ) # 10vf6l5k8ntpno2uyzx631xic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10vf6l5k8ntpno2uyzx631xic|03|biz"; nocase; ) # uc3qk2lhygncpwd0jo15twj8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uc3qk2lhygncpwd0jo15twj8i|03|org"; nocase; ) # 1k9ja5d1gkz4dajkgljayj5ep1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k9ja5d1gkz4dajkgljayj5ep1|03|com"; nocase; ) # pp9s9nueeo911epzfhu4j7dv0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pp9s9nueeo911epzfhu4j7dv0|03|org"; nocase; ) # 1p5agl1137ej6p4z6pqa153v4tc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p5agl1137ej6p4z6pqa153v4tc|03|com"; nocase; ) # 1x91i7z9tmn703nure4om1zzb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x91i7z9tmn703nure4om1zzb|03|org"; nocase; ) # 42kegt1xoa27el43a84plhar3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42kegt1xoa27el43a84plhar3|03|net"; nocase; ) # vjsv0aztbzh5167s3s911vhq5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vjsv0aztbzh5167s3s911vhq5t|03|org"; nocase; ) # jpzkia1azotls1x2uzpjbv8cwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jpzkia1azotls1x2uzpjbv8cwx|03|net"; nocase; ) # u2p7zl1inmt4e1mj1axltsipyi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2p7zl1inmt4e1mj1axltsipyi|03|org"; nocase; ) # 1ujz0b92c2ty0a4nf4m1xzprye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujz0b92c2ty0a4nf4m1xzprye|03|com"; nocase; ) # 1gwtmau19tieg01kdvqgf1vd08q7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gwtmau19tieg01kdvqgf1vd08q7|03|net"; nocase; ) # d41n4b8vtpr71i4ppk7qn8ru9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d41n4b8vtpr71i4ppk7qn8ru9|03|com"; nocase; ) # g5xeeonj5vuq1mtcbiz1xox1jy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g5xeeonj5vuq1mtcbiz1xox1jy|03|net"; nocase; ) # 10kl87u1ug4nwskqelk11rh15sf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10kl87u1ug4nwskqelk11rh15sf|03|net"; nocase; ) # 1no226y161q76l1j1upj913uc8rx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1no226y161q76l1j1upj913uc8rx|03|biz"; nocase; ) # mua6p91h837vtaqv1m71sv08lb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mua6p91h837vtaqv1m71sv08lb|03|com"; nocase; ) # 14tpra6jpu8sj16prkhfesiuh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14tpra6jpu8sj16prkhfesiuh5|03|com"; nocase; ) # eiua7kadwgs317e6dlu19f8v2e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eiua7kadwgs317e6dlu19f8v2e|03|biz"; nocase; ) # 1o3f2av6zybc3187tym41wnebny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3f2av6zybc3187tym41wnebny|03|com"; nocase; ) # hv2t1rlzikmc1x61qc11qfo6by.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hv2t1rlzikmc1x61qc11qfo6by|03|net"; nocase; ) # yu85uv17tsmfhtpd04a1niim0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yu85uv17tsmfhtpd04a1niim0b|03|net"; nocase; ) # 19ah0bnff3e4sq8z1ef1jzwdg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ah0bnff3e4sq8z1ef1jzwdg6|03|net"; nocase; ) # x4xgs0111wc791yzeecgo5k1ed.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x4xgs0111wc791yzeecgo5k1ed|03|biz"; nocase; ) # 1vee53j19vj8ujdtvrm8nbmsb8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vee53j19vj8ujdtvrm8nbmsb8|03|org"; nocase; ) # pyds0j1yg5gb91rf1zzp1pk164u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pyds0j1yg5gb91rf1zzp1pk164u|03|net"; nocase; ) # 12qzimm1syzkxymanimenvexp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12qzimm1syzkxymanimenvexp6|03|net"; nocase; ) # 14imb0ee5ia2u7j7qawl1buam.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14imb0ee5ia2u7j7qawl1buam|03|org"; nocase; ) # 1yo4ulw1h90w2o1cs11cko2am6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yo4ulw1h90w2o1cs11cko2am6u|03|com"; nocase; ) # ba4ab780da9i13u6l3akvekct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ba4ab780da9i13u6l3akvekct|03|net"; nocase; ) # 1qpobyoq7gxjc1pti470pfp2tv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qpobyoq7gxjc1pti470pfp2tv|03|net"; nocase; ) # 11dfebv19wy6w6grl8h41q94qws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11dfebv19wy6w6grl8h41q94qws|03|net"; nocase; ) # 1hu2hhew9qut81pdrro01pvu3dz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hu2hhew9qut81pdrro01pvu3dz|03|net"; nocase; ) # hqxj2r1jdkegf13srp742c4sos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hqxj2r1jdkegf13srp742c4sos|03|com"; nocase; ) # nu1wu7hzf49mqln01hek76h4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nu1wu7hzf49mqln01hek76h4|03|net"; nocase; ) # 1jzcabh18uyp3ja1cytn1m80ql3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jzcabh18uyp3ja1cytn1m80ql3|03|org"; nocase; ) # 1rv5a614wtgic1jdspfaa9u56p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rv5a614wtgic1jdspfaa9u56p|03|com"; nocase; ) # 1hy6te51k7gpnt1176nz5hiuyrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hy6te51k7gpnt1176nz5hiuyrn|03|com"; nocase; ) # csjan8x4gu641w1kil817waohx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csjan8x4gu641w1kil817waohx|03|biz"; nocase; ) # 140kyb9kltvh2y36evhb0xnu8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|140kyb9kltvh2y36evhb0xnu8|03|org"; nocase; ) # yb5ct512ll5hv14pkqpd15z14d1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yb5ct512ll5hv14pkqpd15z14d1|03|net"; nocase; ) # 96bpmg1hfeqfl1rmpz6g1cxwivk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|96bpmg1hfeqfl1rmpz6g1cxwivk|03|org"; nocase; ) # 1spzyh0cahkg51bak9iixvy69t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1spzyh0cahkg51bak9iixvy69t|03|com"; nocase; ) # a8x92uwrs0t0ga0vko9j4119.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a8x92uwrs0t0ga0vko9j4119|03|org"; nocase; ) # 1vzi9akatxgohvcv56v1tb05mm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vzi9akatxgohvcv56v1tb05mm|03|net"; nocase; ) # j63u3gsu5ym81gle1xypu32k5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j63u3gsu5ym81gle1xypu32k5|03|biz"; nocase; ) # 190nbdj3rx4xykhyvp11ks5qjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|190nbdj3rx4xykhyvp11ks5qjg|03|com"; nocase; ) # 1nq8zmgwnjw5l1uhc6do1lgkqxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nq8zmgwnjw5l1uhc6do1lgkqxn|03|com"; nocase; ) # 1fn3y8f157xaq71sz7tk6uoyotp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fn3y8f157xaq71sz7tk6uoyotp|03|net"; nocase; ) # 1feuc7qa2xql1dirtjxwo36lt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1feuc7qa2xql1dirtjxwo36lt|03|net"; nocase; ) # udvbawg62xckbrjsq61szcbsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|udvbawg62xckbrjsq61szcbsl|03|org"; nocase; ) # 19xh2al19cd6bo14eu9sqaystc9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xh2al19cd6bo14eu9sqaystc9|03|net"; nocase; ) # cg1mwb1f4d6y31was6qep6i9ov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cg1mwb1f4d6y31was6qep6i9ov|03|biz"; nocase; ) # ti8oxh18wjw1n1udck3jzbcvol.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ti8oxh18wjw1n1udck3jzbcvol|03|org"; nocase; ) # z91m3xcr6m6r1txyhvymdf7e3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z91m3xcr6m6r1txyhvymdf7e3|03|org"; nocase; ) # 1dvzj6zjz7ez6kzbr471cylsy5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dvzj6zjz7ez6kzbr471cylsy5|03|org"; nocase; ) # phjw3c9c23ju13fap4p1eyjpi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|phjw3c9c23ju13fap4p1eyjpi7|03|net"; nocase; ) # 11s2tt84560ob1t35a531vwgrl5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11s2tt84560ob1t35a531vwgrl5|03|org"; nocase; ) # 1dqqlj011bs4hpr7kvdp12nmm1j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqqlj011bs4hpr7kvdp12nmm1j|03|biz"; nocase; ) # 1obltxb1fgv3ijjlaz4e1pg0irm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obltxb1fgv3ijjlaz4e1pg0irm|03|com"; nocase; ) # 8qlkwp1euyx5wn4cbkd1aduxve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8qlkwp1euyx5wn4cbkd1aduxve|03|org"; nocase; ) # 1h2dshctja6zzn3ztg51q6o21i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h2dshctja6zzn3ztg51q6o21i|03|org"; nocase; ) # 1rjhyhznq0c0mz331c314qqniu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rjhyhznq0c0mz331c314qqniu|03|net"; nocase; ) # 1r1sm3713okca81dpkpr712p0co7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r1sm3713okca81dpkpr712p0co7|03|org"; nocase; ) # 8m8s4vf7kvvl1qqitx2nsuzui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8m8s4vf7kvvl1qqitx2nsuzui|03|org"; nocase; ) # 1kjkg32nzd53a12o0bn51vgdzcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kjkg32nzd53a12o0bn51vgdzcu|03|com"; nocase; ) # 1ifs9m87geqnl80jqzo1klsko2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ifs9m87geqnl80jqzo1klsko2|03|org"; nocase; ) # 1wim8wb1etvc42rkt4ti78qgsd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wim8wb1etvc42rkt4ti78qgsd|03|com"; nocase; ) # q1tg5txi26hw1fd5nh21vt8q88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q1tg5txi26hw1fd5nh21vt8q88|03|net"; nocase; ) # 1glxqj92d9mbv1qtcenrbzcrx5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1glxqj92d9mbv1qtcenrbzcrx5|03|com"; nocase; ) # 1kouyf61li32rl2djdxm2w6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1kouyf61li32rl2djdxm2w6z|03|net"; nocase; ) # n5mbi21irpdux47nxwepc46s7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5mbi21irpdux47nxwepc46s7|03|net"; nocase; ) # 1tf5jzq17z5b3p1alhhfw1d83raf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tf5jzq17z5b3p1alhhfw1d83raf|03|com"; nocase; ) # 1l4220k1koeuqk4cuhhubpqhha.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l4220k1koeuqk4cuhhubpqhha|03|net"; nocase; ) # 16mznbr1dhwo1ytjo6kh11tph27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mznbr1dhwo1ytjo6kh11tph27|03|net"; nocase; ) # 1h63rkqfeduus1jc1o2zhmd4e3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h63rkqfeduus1jc1o2zhmd4e3|03|com"; nocase; ) # 1ixkbvorikk6z1b3snl2y55u63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixkbvorikk6z1b3snl2y55u63|03|org"; nocase; ) # 8gczihct96am14cezb01b5qopd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8gczihct96am14cezb01b5qopd|03|biz"; nocase; ) # 11m2hfs1w9r03a8g7d5r17kk4a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11m2hfs1w9r03a8g7d5r17kk4a|03|com"; nocase; ) # eft1lk1m909xeqpqg4910pae9t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eft1lk1m909xeqpqg4910pae9t|03|org"; nocase; ) # 1l1uoj4yhetuz14p8jt6153zbwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l1uoj4yhetuz14p8jt6153zbwv|03|net"; nocase; ) # g1kfb219pmrmu6xdp1v1w32zos.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g1kfb219pmrmu6xdp1v1w32zos|03|net"; nocase; ) # 8ztqatvx1lt0145nufs1dkwoo4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ztqatvx1lt0145nufs1dkwoo4|03|net"; nocase; ) # 1u458m127ej8l1ywku1c15mu9gw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u458m127ej8l1ywku1c15mu9gw|03|com"; nocase; ) # 1bl5gjr1p3ip36157kvc6w5ixu4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bl5gjr1p3ip36157kvc6w5ixu4|03|org"; nocase; ) # qgsc3hhumof31aw2gvr1w5xtwf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qgsc3hhumof31aw2gvr1w5xtwf|03|com"; nocase; ) # 1j41l7a1b0fwx2wuojul11ubl7s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j41l7a1b0fwx2wuojul11ubl7s|03|org"; nocase; ) # 86kx551xogie0x1augvvagx4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86kx551xogie0x1augvvagx4c|03|net"; nocase; ) # 17uc9gl9syuev1aqbgsg15vohn6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uc9gl9syuev1aqbgsg15vohn6|03|net"; nocase; ) # 3bbycz2hzb2cfemywee2qnc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3bbycz2hzb2cfemywee2qnc7|03|org"; nocase; ) # 1a9b2ovno1pv8fwi00bu9bopg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a9b2ovno1pv8fwi00bu9bopg|03|org"; nocase; ) # 1sxgc7egsbqesrdhbs8gp2it.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1sxgc7egsbqesrdhbs8gp2it|03|com"; nocase; ) # wz22epslxjebvbvyzczuobeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wz22epslxjebvbvyzczuobeq|03|net"; nocase; ) # s7pvzu1ihlr9b7r6k9y1a2y83x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s7pvzu1ihlr9b7r6k9y1a2y83x|03|org"; nocase; ) # ouily2l1t7tg1yw3iur18uqnw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ouily2l1t7tg1yw3iur18uqnw5|03|net"; nocase; ) # pp8ppcxl27hrelpr15wn6clj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pp8ppcxl27hrelpr15wn6clj|03|com"; nocase; ) # 13fcfhs10mas1y7tyycr1y0ofcg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13fcfhs10mas1y7tyycr1y0ofcg|03|net"; nocase; ) # 1wbbpp8odwv9zpftwit1cfu19d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbbpp8odwv9zpftwit1cfu19d|03|net"; nocase; ) # k9a25b1tb1ue6bixrsn1pgs4zf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k9a25b1tb1ue6bixrsn1pgs4zf|03|com"; nocase; ) # 1abk45a1rg6u071wrmciv1ar4jsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abk45a1rg6u071wrmciv1ar4jsq|03|org"; nocase; ) # mpej0dic8hpu1ngz58n3e16n6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mpej0dic8hpu1ngz58n3e16n6|03|org"; nocase; ) # 1mexi8fxmidwo15w0yqt6o6rnt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mexi8fxmidwo15w0yqt6o6rnt|03|com"; nocase; ) # zqpctsrtsycaf32qec1k56tm2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zqpctsrtsycaf32qec1k56tm2|03|net"; nocase; ) # 1wxs7nwld9e33lfm0zo9h2nvt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wxs7nwld9e33lfm0zo9h2nvt|03|net"; nocase; ) # 1t22axr2busefsjcewr102v3wo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t22axr2busefsjcewr102v3wo|03|org"; nocase; ) # 17m1rbm1m78o0n1aewugh1iz1ceh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17m1rbm1m78o0n1aewugh1iz1ceh|03|net"; nocase; ) # 1a9lcm1l5s2xp14jyyruplt7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a9lcm1l5s2xp14jyyruplt7x|03|org"; nocase; ) # 1xgtda2a08s6gsg5axs18spb8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xgtda2a08s6gsg5axs18spb8i|03|com"; nocase; ) # 12uoxkc1e0jl82gg174c1ecmtcc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12uoxkc1e0jl82gg174c1ecmtcc|03|net"; nocase; ) # 1toird31l31elf1yd4dll17aqijr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1toird31l31elf1yd4dll17aqijr|03|net"; nocase; ) # 18lm9ff1wfsavd1mfrg011p5etc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18lm9ff1wfsavd1mfrg011p5etc|03|org"; nocase; ) # 15vf9dmy5se6871vvx143exxr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15vf9dmy5se6871vvx143exxr|03|org"; nocase; ) # lslk3a1rylpgbj82vsfydcoqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lslk3a1rylpgbj82vsfydcoqn|03|net"; nocase; ) # aewbvc1uvw0gvxpx0b113dg3iz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aewbvc1uvw0gvxpx0b113dg3iz|03|com"; nocase; ) # 1he42er6vvyb8yhj3f0jdj4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1he42er6vvyb8yhj3f0jdj4k|03|net"; nocase; ) # px7h7m1v5cce612evl59figk19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|px7h7m1v5cce612evl59figk19|03|net"; nocase; ) # 10ayyhn1qeljk8bj56tenl0jpy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ayyhn1qeljk8bj56tenl0jpy|03|net"; nocase; ) # 7idnkx1reh10a1ny9std14hixie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7idnkx1reh10a1ny9std14hixie|03|org"; nocase; ) # u8ws261f3tuin1ct64rgltld51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u8ws261f3tuin1ct64rgltld51|03|org"; nocase; ) # 136ee8wsmi1sy1ir8b0qsi7i1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|136ee8wsmi1sy1ir8b0qsi7i1|03|net"; nocase; ) # 1tja9nfk80z5w1rmoec5o11zwc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tja9nfk80z5w1rmoec5o11zwc|03|org"; nocase; ) # 6v26hu90s3bl14x0pqp121311.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6v26hu90s3bl14x0pqp121311|03|com"; nocase; ) # 1btylflfl43xis4l2j81hfx5vy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btylflfl43xis4l2j81hfx5vy|03|net"; nocase; ) # lj47s69cdajn14ifo9kkkvpgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lj47s69cdajn14ifo9kkkvpgb|03|net"; nocase; ) # qd8n261pjz60k1ew2h2z1x9akkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qd8n261pjz60k1ew2h2z1x9akkk|03|net"; nocase; ) # 194ihvv9idr3e513dkgt65t6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|194ihvv9idr3e513dkgt65t6|03|net"; nocase; ) # 176lqwg1yc354r1152fqd10z9hqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|176lqwg1yc354r1152fqd10z9hqo|03|org"; nocase; ) # bikzty3kluzbmx9xlguh148y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bikzty3kluzbmx9xlguh148y|03|com"; nocase; ) # 1i9n1krl99tlx1wlkz4x18kr3xl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i9n1krl99tlx1wlkz4x18kr3xl|03|org"; nocase; ) # 75dngcxhbqzt4aaew6vnc9x6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|75dngcxhbqzt4aaew6vnc9x6|03|com"; nocase; ) # he0xotzayj3151ezofg3n434.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|he0xotzayj3151ezofg3n434|03|net"; nocase; ) # 9913qemlyw4m76dgmz17l5lop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9913qemlyw4m76dgmz17l5lop|03|org"; nocase; ) # 5z0y58rb6jhy132hypej1q9mx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5z0y58rb6jhy132hypej1q9mx|03|biz"; nocase; ) # 1e3b1mk1cj77sw61xs5d1soyuaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3b1mk1cj77sw61xs5d1soyuaq|03|net"; nocase; ) # 8exukp1gemh28tfs1wo1ijeu93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8exukp1gemh28tfs1wo1ijeu93|03|net"; nocase; ) # 1fkuya8jurc6219unxox5vchty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fkuya8jurc6219unxox5vchty|03|biz"; nocase; ) # w2u8w41p6u0gd1x12wuc17i9buu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w2u8w41p6u0gd1x12wuc17i9buu|03|org"; nocase; ) # 10tjwv01f2m2fh1acinrk1jf6hgr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10tjwv01f2m2fh1acinrk1jf6hgr|03|net"; nocase; ) # bctbhn14nmnjc7291hm603kyl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bctbhn14nmnjc7291hm603kyl|03|org"; nocase; ) # 17wex0wofli7mak23cgl08d3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17wex0wofli7mak23cgl08d3z|03|net"; nocase; ) # wa2jj41xl304k9ov9ez13do1f4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wa2jj41xl304k9ov9ez13do1f4|03|com"; nocase; ) # wjqtvq16aviue15mnqjd1b35bsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wjqtvq16aviue15mnqjd1b35bsk|03|org"; nocase; ) # tq9qa11i7uuiqt3bl2d6c2tik.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tq9qa11i7uuiqt3bl2d6c2tik|03|biz"; nocase; ) # 1fzca013ok7bx1ewmjgi1pe1430.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fzca013ok7bx1ewmjgi1pe1430|03|org"; nocase; ) # efe3bv78zkvrnyxh1imi5qs3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|efe3bv78zkvrnyxh1imi5qs3|03|net"; nocase; ) # 5przhf1p8zedotbcjau1i6fame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5przhf1p8zedotbcjau1i6fame|03|com"; nocase; ) # 18nklsx7dz0ehv4y3113tmceo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18nklsx7dz0ehv4y3113tmceo|03|net"; nocase; ) # zo8sl1txi6qopp8u9dzvwhpt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zo8sl1txi6qopp8u9dzvwhpt|03|org"; nocase; ) # f7767k1lp418wz6ttxd11emssg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7767k1lp418wz6ttxd11emssg|03|biz"; nocase; ) # o56x59d09xl8lf71vh1q70h8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o56x59d09xl8lf71vh1q70h8n|03|net"; nocase; ) # 1gq8ahp1uuj386mf6hstkx4722.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gq8ahp1uuj386mf6hstkx4722|03|net"; nocase; ) # 108rj5u101mnr2151t866xo2i9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108rj5u101mnr2151t866xo2i9v|03|org"; nocase; ) # vduhm21mjbv631xwtwek41v59t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vduhm21mjbv631xwtwek41v59t|03|com"; nocase; ) # 1mh7afpjorv52zzsf0ol0k934.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mh7afpjorv52zzsf0ol0k934|03|com"; nocase; ) # a7ywsbbqo316uy6g7bohruf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|a7ywsbbqo316uy6g7bohruf|03|com"; nocase; ) # 8hijzrd8vwed1ohev1s6ag680.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8hijzrd8vwed1ohev1s6ag680|03|org"; nocase; ) # 16jcois1f6nq1ek4yu0y1x4qups.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16jcois1f6nq1ek4yu0y1x4qups|03|org"; nocase; ) # fc1cubid4ikm1lja7joa0kuf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fc1cubid4ikm1lja7joa0kuf2|03|net"; nocase; ) # 166r4zm1sjf1s31kc4ibuedfxsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|166r4zm1sjf1s31kc4ibuedfxsd|03|org"; nocase; ) # 1mkovqg1086rmvi0s8041ipw8qh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mkovqg1086rmvi0s8041ipw8qh|03|net"; nocase; ) # 17fnzaexzoeheuz0h1e17cgnv2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17fnzaexzoeheuz0h1e17cgnv2|03|com"; nocase; ) # ea7zpp1gi2loy1vugubr12ag65u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ea7zpp1gi2loy1vugubr12ag65u|03|org"; nocase; ) # ihqsl61bft4ma18fhje75elwci.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ihqsl61bft4ma18fhje75elwci|03|org"; nocase; ) # 1r4p3d0x5c19u15incrnvma2sw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4p3d0x5c19u15incrnvma2sw|03|com"; nocase; ) # rgf1aao60iwz84eot3m31gsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rgf1aao60iwz84eot3m31gsv|03|net"; nocase; ) # 1d22nyx78xs3e1rjn4ij535hxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d22nyx78xs3e1rjn4ij535hxn|03|com"; nocase; ) # 158qmhe1sksv0c1urff5a194oivn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|158qmhe1sksv0c1urff5a194oivn|03|biz"; nocase; ) # 16sjn864o8msyv417xk159g9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16sjn864o8msyv417xk159g9j|03|org"; nocase; ) # ko3993oql8q1f47k0fzqyu4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ko3993oql8q1f47k0fzqyu4i|03|net"; nocase; ) # 1bxy64e1uzee141lluvqzc3wwy3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bxy64e1uzee141lluvqzc3wwy3|03|org"; nocase; ) # 1uw9e1bsr0y1x1n0ygumhlq5ef.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uw9e1bsr0y1x1n0ygumhlq5ef|03|net"; nocase; ) # 1dzk17od2h1s5t8l6kgydy0hf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dzk17od2h1s5t8l6kgydy0hf|03|biz"; nocase; ) # qr52n41yyk6ly8hlo6gbhifoy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qr52n41yyk6ly8hlo6gbhifoy|03|org"; nocase; ) # 1981b9aecuygp575dmvrtcrve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1981b9aecuygp575dmvrtcrve|03|org"; nocase; ) # 16c4jfq1683r6p1kewooo1wfz0wy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16c4jfq1683r6p1kewooo1wfz0wy|03|com"; nocase; ) # wajlg4oov33911a666d59bvvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wajlg4oov33911a666d59bvvu|03|net"; nocase; ) # q3r1yny8okx83vfdsyau4t2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q3r1yny8okx83vfdsyau4t2e|03|com"; nocase; ) # 13r5txeom3gz61s78nmwikpymr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13r5txeom3gz61s78nmwikpymr|03|org"; nocase; ) # 19uz1enblvxhs1w3vjcy17il433.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19uz1enblvxhs1w3vjcy17il433|03|biz"; nocase; ) # 1vv8t3riwq2dg5r0x1e1e6dent.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vv8t3riwq2dg5r0x1e1e6dent|03|biz"; nocase; ) # rsiv4n34x782lfhf68k3y0ho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rsiv4n34x782lfhf68k3y0ho|03|net"; nocase; ) # p5hyk818bufoyo0f79lj6zyje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5hyk818bufoyo0f79lj6zyje|03|org"; nocase; ) # 1qj5dkc1t4sexr1wepmtgksqj6s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qj5dkc1t4sexr1wepmtgksqj6s|03|org"; nocase; ) # 7qnqvnalp4s715r6kv2111fl89.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7qnqvnalp4s715r6kv2111fl89|03|com"; nocase; ) # xhnu68y51ri4y5wxdevcr2ox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xhnu68y51ri4y5wxdevcr2ox|03|biz"; nocase; ) # 5k3btf5yszjc1j35td8ig5s9x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5k3btf5yszjc1j35td8ig5s9x|03|com"; nocase; ) # 1hxlrq31g8ozsj14rcoby1cjp154.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hxlrq31g8ozsj14rcoby1cjp154|03|org"; nocase; ) # 109x9pp15am4rc1r8kbyy1p2lzdp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|109x9pp15am4rc1r8kbyy1p2lzdp|03|org"; nocase; ) # exapv1d7gzpv1mnfd4vqybdc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exapv1d7gzpv1mnfd4vqybdc7|03|org"; nocase; ) # 1kn2ghc1jdyupm1ar07on1gv2igh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kn2ghc1jdyupm1ar07on1gv2igh|03|net"; nocase; ) # ubwkab117j0fm1ikttrv1jwvaet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ubwkab117j0fm1ikttrv1jwvaet|03|biz"; nocase; ) # 14axv2kefngjq1l6bjjw153lrg9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14axv2kefngjq1l6bjjw153lrg9|03|biz"; nocase; ) # uih8pmv15mst11ep1jb73vro1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uih8pmv15mst11ep1jb73vro1|03|com"; nocase; ) # 9emx8oqo0oie1ub7a251sdjczr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9emx8oqo0oie1ub7a251sdjczr|03|com"; nocase; ) # 1ajo4jy86gqwsw5im4kmflpg7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ajo4jy86gqwsw5im4kmflpg7|03|biz"; nocase; ) # c1p3wre5mp5w1hh003jp5ywdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c1p3wre5mp5w1hh003jp5ywdb|03|com"; nocase; ) # 1hzuvpg13l1trjkczxtq1b1vkxr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hzuvpg13l1trjkczxtq1b1vkxr|03|net"; nocase; ) # wn43hh1m0nge7k0047ecet05p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wn43hh1m0nge7k0047ecet05p|03|net"; nocase; ) # 2o19rag784wvvfeffp1ujjoge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2o19rag784wvvfeffp1ujjoge|03|net"; nocase; ) # 1ptwwyw1byjo833r59zpjbi8jv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ptwwyw1byjo833r59zpjbi8jv|03|net"; nocase; ) # 1rioop4vxaayrnr0iuv1kaxz11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rioop4vxaayrnr0iuv1kaxz11|03|net"; nocase; ) # 1d3eltp9l0izihfjadrux9j84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d3eltp9l0izihfjadrux9j84|03|net"; nocase; ) # 18e57yx1i9bdx61lb9o3o64s5qu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18e57yx1i9bdx61lb9o3o64s5qu|03|com"; nocase; ) # 1o86iul1vyw64g162e5g316zhgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o86iul1vyw64g162e5g316zhgg|03|biz"; nocase; ) # f9d1ro16xa2q8jqtjouq6g10v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f9d1ro16xa2q8jqtjouq6g10v|03|biz"; nocase; ) # m6cjofw4kroq1su8frklmmiil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6cjofw4kroq1su8frklmmiil|03|biz"; nocase; ) # 1lvvf99lyhyjspawlx01y5ivxg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lvvf99lyhyjspawlx01y5ivxg|03|net"; nocase; ) # rjzypmedb0s229rvg01r9z53i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rjzypmedb0s229rvg01r9z53i|03|com"; nocase; ) # 135mx73fsdby1w5xlrxei0xa6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|135mx73fsdby1w5xlrxei0xa6|03|net"; nocase; ) # c0jrlupz6wkvav5ofi165hd8o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c0jrlupz6wkvav5ofi165hd8o|03|biz"; nocase; ) # 2c496p1ct7w1wbqgt95123ju66.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2c496p1ct7w1wbqgt95123ju66|03|com"; nocase; ) # 1l5h6av11304pc1tesoz51bl51w3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l5h6av11304pc1tesoz51bl51w3|03|org"; nocase; ) # ku28k610qpbad1qq5pilfwgivp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ku28k610qpbad1qq5pilfwgivp|03|net"; nocase; ) # 1v18lmxht3seyz144kivewnaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v18lmxht3seyz144kivewnaa|03|org"; nocase; ) # iluzm2xzybyddmktyk1ur9cz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iluzm2xzybyddmktyk1ur9cz8|03|com"; nocase; ) # 17s46spmgeby91kn1e62rwnkp8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17s46spmgeby91kn1e62rwnkp8|03|biz"; nocase; ) # 17jm0ux4yxp4ugar3853dk44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|17jm0ux4yxp4ugar3853dk44|03|com"; nocase; ) # 32nsuu1rb1bxnvo183d1pw7k99.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|32nsuu1rb1bxnvo183d1pw7k99|03|biz"; nocase; ) # gbcs5aaz4ykfaw1nyl1riwe5x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbcs5aaz4ykfaw1nyl1riwe5x|03|com"; nocase; ) # pd29bv85um4y5fyhutg5s43i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pd29bv85um4y5fyhutg5s43i|03|com"; nocase; ) # nrbduy1neuohv1ixcghf16u2mqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nrbduy1neuohv1ixcghf16u2mqw|03|net"; nocase; ) # 2sw8ak9bcvn3axmvjcgew503.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2sw8ak9bcvn3axmvjcgew503|03|com"; nocase; ) # re6ejtnbpekx1298mbc5yt3xx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|re6ejtnbpekx1298mbc5yt3xx|03|biz"; nocase; ) # 1sjiyu4x4694tw7ehm31rrlinf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sjiyu4x4694tw7ehm31rrlinf|03|com"; nocase; ) # j0koojqd838z4epmve1uc0byj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0koojqd838z4epmve1uc0byj|03|biz"; nocase; ) # z0hv851yg9dqi10h0fhb9tjulv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z0hv851yg9dqi10h0fhb9tjulv|03|net"; nocase; ) # r0rw5ohs8kb438k3z51aokg4x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r0rw5ohs8kb438k3z51aokg4x|03|biz"; nocase; ) # 11lj02o2hy3wcze4f1o1ot7stz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11lj02o2hy3wcze4f1o1ot7stz|03|net"; nocase; ) # 1p7aszbgobuq125262t1maq793.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p7aszbgobuq125262t1maq793|03|biz"; nocase; ) # 1b0up0tyasq8jtg7c3b1p90htj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b0up0tyasq8jtg7c3b1p90htj|03|net"; nocase; ) # gph7sl1h4nx501fmhcohpn3n1c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gph7sl1h4nx501fmhcohpn3n1c|03|biz"; nocase; ) # t0knng1nahiyg59n1ko4rfok9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t0knng1nahiyg59n1ko4rfok9|03|net"; nocase; ) # 13a8z8c1atukvvboai17ftsn4u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13a8z8c1atukvvboai17ftsn4u|03|org"; nocase; ) # 1qy2oax1q5l34zfdl5aifr6hm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qy2oax1q5l34zfdl5aifr6hm5|03|net"; nocase; ) # 79e1yy1cs0lc3oq8p3n1xzn5et.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79e1yy1cs0lc3oq8p3n1xzn5et|03|net"; nocase; ) # ybhsa31qoiguo1578658ymataf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ybhsa31qoiguo1578658ymataf|03|org"; nocase; ) # ujgcltc5cij91b8ufix86adic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ujgcltc5cij91b8ufix86adic|03|biz"; nocase; ) # y78klgp8e7lmbn5y5f1qozbco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y78klgp8e7lmbn5y5f1qozbco|03|net"; nocase; ) # 8yo4ud8wet98tk2fl5g6fgd9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8yo4ud8wet98tk2fl5g6fgd9|03|org"; nocase; ) # ryjqdw13mw9uv1r6ndb1ymxqd8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ryjqdw13mw9uv1r6ndb1ymxqd8|03|com"; nocase; ) # 1ldgqrgt7bdyk1bc2n7219d1el3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ldgqrgt7bdyk1bc2n7219d1el3|03|com"; nocase; ) # uzmckt4mgdo624mxa71yf3r2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uzmckt4mgdo624mxa71yf3r2a|03|org"; nocase; ) # v95bsk1hzkj61cr2mvrqe0y5t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v95bsk1hzkj61cr2mvrqe0y5t|03|biz"; nocase; ) # 105rok61bdj0mc1dosqd3ck36uw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|105rok61bdj0mc1dosqd3ck36uw|03|net"; nocase; ) # 1qiqzjanlvft10nazlxuzrf2z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qiqzjanlvft10nazlxuzrf2z|03|biz"; nocase; ) # zi968f1iee4yv6jvkr4hizks0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zi968f1iee4yv6jvkr4hizks0|03|net"; nocase; ) # iwdw5p1i8qo0gr9i5i1qfw5xt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwdw5p1i8qo0gr9i5i1qfw5xt|03|org"; nocase; ) # 17o0cpo1u4155n1vo8hexaahzjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17o0cpo1u4155n1vo8hexaahzjc|03|org"; nocase; ) # pyzhnr1gg77h8yq1fm6w70uz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pyzhnr1gg77h8yq1fm6w70uz|03|net"; nocase; ) # 3ywh951wydm411ws57d1btf3vc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ywh951wydm411ws57d1btf3vc|03|org"; nocase; ) # sfk75repsu3pcb0qml19pm0ga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfk75repsu3pcb0qml19pm0ga|03|org"; nocase; ) # fa5yq411qhwze0uhg4ts0dw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|fa5yq411qhwze0uhg4ts0dw|03|biz"; nocase; ) # 1ooi00o15godj49l2lf18054om.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ooi00o15godj49l2lf18054om|03|net"; nocase; ) # un9se319vyq9zxev6g7r8lzsr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|un9se319vyq9zxev6g7r8lzsr|03|biz"; nocase; ) # mjmlte1mydtqrfqh7u21f6gj64.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mjmlte1mydtqrfqh7u21f6gj64|03|org"; nocase; ) # nev2iueczr7fiazm7g2n8xxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nev2iueczr7fiazm7g2n8xxn|03|com"; nocase; ) # wiyidced9c788unp4811ujv2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wiyidced9c788unp4811ujv2n|03|net"; nocase; ) # hr7xko1do4olg16mdgrvij1nny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hr7xko1do4olg16mdgrvij1nny|03|com"; nocase; ) # 1vacgzo89knbyre1xo1i3bj7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vacgzo89knbyre1xo1i3bj7w|03|net"; nocase; ) # 17y8c0t96krmk1nzzowp2nyx7n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17y8c0t96krmk1nzzowp2nyx7n|03|org"; nocase; ) # 1rwx3fr4ozfx1sng7fqg3jrqu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rwx3fr4ozfx1sng7fqg3jrqu|03|net"; nocase; ) # mksekkbk7k4drpo2ikcd47qj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mksekkbk7k4drpo2ikcd47qj|03|biz"; nocase; ) # 1py6gdb15hhlkp1x9j5e014l73o8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1py6gdb15hhlkp1x9j5e014l73o8|03|net"; nocase; ) # clqdm710osbuh1dbtvv5lb7l8f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|clqdm710osbuh1dbtvv5lb7l8f|03|com"; nocase; ) # 1v7goio1vy415gb4zzyp1a4aru2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v7goio1vy415gb4zzyp1a4aru2|03|net"; nocase; ) # 3k5uvwkafkhz12g413g5glw03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3k5uvwkafkhz12g413g5glw03|03|com"; nocase; ) # 1t8fg541du5n8i1ngb7yfroevl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t8fg541du5n8i1ngb7yfroevl|03|net"; nocase; ) # 1wv24wrcy3vrm1kl19ce163nrha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wv24wrcy3vrm1kl19ce163nrha|03|com"; nocase; ) # 14wow2t1n6svi710pimk41hb3ne0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14wow2t1n6svi710pimk41hb3ne0|03|net"; nocase; ) # 85u7as1wx4iwz80j3jv8t63zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|85u7as1wx4iwz80j3jv8t63zh|03|net"; nocase; ) # bd2a5t1eea6p9rmwkkk1h3yh3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bd2a5t1eea6p9rmwkkk1h3yh3x|03|biz"; nocase; ) # 1jrw7nwmztp261fntg7k17pn6ot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jrw7nwmztp261fntg7k17pn6ot|03|org"; nocase; ) # orbozz1cmv5tk1m57hn514fucju.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|orbozz1cmv5tk1m57hn514fucju|03|com"; nocase; ) # 1c1t6ic1wuognx6xeorz8e8ygk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c1t6ic1wuognx6xeorz8e8ygk|03|com"; nocase; ) # bd5va0cdsk8la8ixcn18g0881.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bd5va0cdsk8la8ixcn18g0881|03|biz"; nocase; ) # agg8de1p8pvqwbogmhb4cstnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|agg8de1p8pvqwbogmhb4cstnx|03|net"; nocase; ) # b4apzt9s9bo414xafk115oee8l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4apzt9s9bo414xafk115oee8l|03|com"; nocase; ) # 1qj4f0fratas2r6b76hjjs36q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qj4f0fratas2r6b76hjjs36q|03|com"; nocase; ) # kphwot1qfau1yb6r7dz17eeody.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kphwot1qfau1yb6r7dz17eeody|03|net"; nocase; ) # 16xcs6h1hvke9p1thr5471h4dxvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16xcs6h1hvke9p1thr5471h4dxvo|03|net"; nocase; ) # 3c0rvl14272tg1m55z0g9com4v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3c0rvl14272tg1m55z0g9com4v|03|com"; nocase; ) # xwr45cvuh1s41yg3tsea4ym4q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xwr45cvuh1s41yg3tsea4ym4q|03|com"; nocase; ) # 1qc9wsphrr1o6191z7f15r0ovh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qc9wsphrr1o6191z7f15r0ovh|03|net"; nocase; ) # 1hywnfd1th8iyleblbix59udbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hywnfd1th8iyleblbix59udbe|03|org"; nocase; ) # 1fydbafownr8s7pcf8518ycic6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fydbafownr8s7pcf8518ycic6|03|net"; nocase; ) # 3hkt7b1n7q9mw1uae45o670pmx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3hkt7b1n7q9mw1uae45o670pmx|03|biz"; nocase; ) # 1cas0hk1s5v57j1cxy5tz1mwn3iq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cas0hk1s5v57j1cxy5tz1mwn3iq|03|net"; nocase; ) # 1x3w1f510wbyvbmckmkrneu75x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x3w1f510wbyvbmckmkrneu75x|03|net"; nocase; ) # 16ndtse1b3mflp1noidkpyqtkx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ndtse1b3mflp1noidkpyqtkx6|03|com"; nocase; ) # 14kkwtby3anp21rd0i9w13bt10o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14kkwtby3anp21rd0i9w13bt10o|03|org"; nocase; ) # ybisbw1q1qy6210w14ri1gatbx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ybisbw1q1qy6210w14ri1gatbx6|03|biz"; nocase; ) # 1beao84cpsuik1p0kvlehrucvp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1beao84cpsuik1p0kvlehrucvp|03|org"; nocase; ) # yu5ch215c5ztz15giznf12cydxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yu5ch215c5ztz15giznf12cydxu|03|com"; nocase; ) # 18y2wyu15j1nh41d5ukm41685fr9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18y2wyu15j1nh41d5ukm41685fr9|03|org"; nocase; ) # jc2o7u63q5nx1oa5nmj1ia1w8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jc2o7u63q5nx1oa5nmj1ia1w8b|03|com"; nocase; ) # 1ik9cobkciwy41mhp7esvt9ame.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ik9cobkciwy41mhp7esvt9ame|03|net"; nocase; ) # 1iey3hbwg3gavx5x4uyh0q27a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iey3hbwg3gavx5x4uyh0q27a|03|org"; nocase; ) # j27jh5a0v7ww8rhyuy1bp09zj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j27jh5a0v7ww8rhyuy1bp09zj|03|net"; nocase; ) # 1uy7ra0rdjxp3vw1dmdpm3kih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uy7ra0rdjxp3vw1dmdpm3kih|03|com"; nocase; ) # 137sx5r1h3zqsu1vo2n2s1n1hgd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|137sx5r1h3zqsu1vo2n2s1n1hgd2|03|biz"; nocase; ) # po3u51mxf7et1s1r5u2o4kj8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|po3u51mxf7et1s1r5u2o4kj8u|03|net"; nocase; ) # 1bum4x6n7zavl1dkzfei1fwzjmh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bum4x6n7zavl1dkzfei1fwzjmh|03|net"; nocase; ) # 1tau6ps1p63zg46tdra91oifn83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tau6ps1p63zg46tdra91oifn83|03|net"; nocase; ) # 1tb9wo21oufxh15odkfm7xpoxy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tb9wo21oufxh15odkfm7xpoxy|03|biz"; nocase; ) # jkfyyu1s48lapw9ozz315srotw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jkfyyu1s48lapw9ozz315srotw|03|org"; nocase; ) # 1tu6t8x115hoggbvqjea1ymhdi7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tu6t8x115hoggbvqjea1ymhdi7|03|biz"; nocase; ) # jy7qgzznvi29b774b870wsjz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jy7qgzznvi29b774b870wsjz|03|biz"; nocase; ) # 18pehz9q2a9iu1tlvtz1s6zkzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pehz9q2a9iu1tlvtz1s6zkzk|03|net"; nocase; ) # phhb4lq4dv531quhys52eifqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|phhb4lq4dv531quhys52eifqk|03|net"; nocase; ) # jix20qi2tf1w63taxr4xfkv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jix20qi2tf1w63taxr4xfkv3|03|net"; nocase; ) # 1u6wkcn5h9v8r169fmb95ikyzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u6wkcn5h9v8r169fmb95ikyzs|03|net"; nocase; ) # 107ax5o1xkb5y7lw662c1infitc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107ax5o1xkb5y7lw662c1infitc|03|biz"; nocase; ) # 1nh93u01q5cqx6150nz63uqpljp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nh93u01q5cqx6150nz63uqpljp|03|net"; nocase; ) # giq6qqmh4pci1cms1hj3fvjwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|giq6qqmh4pci1cms1hj3fvjwc|03|com"; nocase; ) # 1p7cs3mveqrbo18uwzgp7h0y2f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p7cs3mveqrbo18uwzgp7h0y2f|03|org"; nocase; ) # 18h6jyf1tb40ik8ezzk18ylntt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18h6jyf1tb40ik8ezzk18ylntt|03|com"; nocase; ) # tx7vmt1fggb6hr4glpc1rxlz3r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tx7vmt1fggb6hr4glpc1rxlz3r|03|org"; nocase; ) # 19cimii10jx8ho11nd2iohou0jy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19cimii10jx8ho11nd2iohou0jy|03|net"; nocase; ) # 1q4e6vx1dhfetijt5sq41qdvxci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4e6vx1dhfetijt5sq41qdvxci|03|com"; nocase; ) # 1mrhrtcdcbfy2j0quwq13y5t4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mrhrtcdcbfy2j0quwq13y5t4k|03|net"; nocase; ) # 12qyd861wtk01ks1ww2l1xop9dl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12qyd861wtk01ks1ww2l1xop9dl|03|org"; nocase; ) # fmsogyhafruvynszfr1qcnsp3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fmsogyhafruvynszfr1qcnsp3|03|net"; nocase; ) # u6w47f1dpfl881bcpgkn1x7pxgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u6w47f1dpfl881bcpgkn1x7pxgd|03|com"; nocase; ) # 1v97rg31rve12b1xhcykjnkzx73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v97rg31rve12b1xhcykjnkzx73|03|org"; nocase; ) # 16haka69l63rk1g7d3worutgub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16haka69l63rk1g7d3worutgub|03|com"; nocase; ) # 1x2rdqs1mg8dghukz5jte7ar7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x2rdqs1mg8dghukz5jte7ar7v|03|com"; nocase; ) # 1xevrb11m8cuv11vtook6k6vwxk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xevrb11m8cuv11vtook6k6vwxk|03|biz"; nocase; ) # 1l079d11pqi0adnyo169mmnn8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l079d11pqi0adnyo169mmnn8|03|net"; nocase; ) # 1ece50ipj5xy01dofd8313v7r6h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ece50ipj5xy01dofd8313v7r6h|03|biz"; nocase; ) # 6jnyrd1dp4wogj5kgu962yr1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6jnyrd1dp4wogj5kgu962yr1z|03|net"; nocase; ) # lp2kmc1be4eok1soyv83rs10r1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lp2kmc1be4eok1soyv83rs10r1|03|org"; nocase; ) # 1cs4s1bex5kwr12rs7c312d4xp0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cs4s1bex5kwr12rs7c312d4xp0|03|biz"; nocase; ) # t2mezi15gtdd0sccpo484ba6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t2mezi15gtdd0sccpo484ba6j|03|com"; nocase; ) # 13q037gdpkptz1fgjpnm190dic3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13q037gdpkptz1fgjpnm190dic3|03|org"; nocase; ) # 1u3zoratvk2x719by62xwyms6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u3zoratvk2x719by62xwyms6i|03|net"; nocase; ) # 1n0kg3735r3efl3y9w2x1w20e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n0kg3735r3efl3y9w2x1w20e|03|org"; nocase; ) # xvtxefzzlbgt2o4v8n1dim3rt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvtxefzzlbgt2o4v8n1dim3rt|03|biz"; nocase; ) # 1tnxq50wou3ey1houe8rwpo99m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tnxq50wou3ey1houe8rwpo99m|03|net"; nocase; ) # gs1djfn0g44iyphe8w1cx9g6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gs1djfn0g44iyphe8w1cx9g6r|03|net"; nocase; ) # 37ts7ywog1f7ktwsrr1ktk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|37ts7ywog1f7ktwsrr1ktk|03|net"; nocase; ) # 1pway7c1q3af31nf5tf31557dmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pway7c1q3af31nf5tf31557dmn|03|com"; nocase; ) # s93rss1ag3rxp1c6g9zp6gyfab.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s93rss1ag3rxp1c6g9zp6gyfab|03|biz"; nocase; ) # ktb1bl15739tcx3j4qu1lj7q97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktb1bl15739tcx3j4qu1lj7q97|03|org"; nocase; ) # cjrja8xz99dt1gh3yojk07c9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cjrja8xz99dt1gh3yojk07c9z|03|net"; nocase; ) # 149q9yg12wd6071b9u5nugsuq5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|149q9yg12wd6071b9u5nugsuq5q|03|net"; nocase; ) # 1s4gf1116judhs17ij8u03hbxre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s4gf1116judhs17ij8u03hbxre|03|net"; nocase; ) # qa9br6lskrq2utnazlrvs6le.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qa9br6lskrq2utnazlrvs6le|03|biz"; nocase; ) # 19zvomi1v1v1ca17khxt99qyiuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19zvomi1v1v1ca17khxt99qyiuq|03|org"; nocase; ) # h8g1xd1dys2ax8evgx31rv5f5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h8g1xd1dys2ax8evgx31rv5f5b|03|biz"; nocase; ) # 1dnuqqj18fex2g1b80mvu1s309n0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dnuqqj18fex2g1b80mvu1s309n0|03|net"; nocase; ) # 2bsk6n1gfm41x19jtwa6bza4nt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2bsk6n1gfm41x19jtwa6bza4nt|03|org"; nocase; ) # 5fficx1wykqu0q62a5ipeyftl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fficx1wykqu0q62a5ipeyftl|03|org"; nocase; ) # siwtbe12yob4c1etg2v41jrxvzx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|siwtbe12yob4c1etg2v41jrxvzx|03|biz"; nocase; ) # 3lr1mu17ztxr888doz2gbm9ym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3lr1mu17ztxr888doz2gbm9ym|03|org"; nocase; ) # bc0ez1zmg4rqchs19k1phlh9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bc0ez1zmg4rqchs19k1phlh9j|03|org"; nocase; ) # 1clb1o4vnzoxj1ub9p9y1vzsxvj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1clb1o4vnzoxj1ub9p9y1vzsxvj|03|com"; nocase; ) # 72e2oyh8u4op1yv532c1ml99ck.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72e2oyh8u4op1yv532c1ml99ck|03|org"; nocase; ) # 16qrdyn1e2ocwc1lcrl221hf3cjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16qrdyn1e2ocwc1lcrl221hf3cjg|03|org"; nocase; ) # q8xy4u1e90m1l1e7jifs1p1rnam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q8xy4u1e90m1l1e7jifs1p1rnam|03|com"; nocase; ) # 6fwgia1ut5t0f1ae3rfi1x4eina.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6fwgia1ut5t0f1ae3rfi1x4eina|03|org"; nocase; ) # rntx9vf2alzl1loudjvl2ktii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rntx9vf2alzl1loudjvl2ktii|03|net"; nocase; ) # tp9hoe1h6y5h71ecn41xwx7ja8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tp9hoe1h6y5h71ecn41xwx7ja8|03|com"; nocase; ) # yr9tv0wvaiqb1eyix2svr5dy3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yr9tv0wvaiqb1eyix2svr5dy3|03|com"; nocase; ) # 1lfnh6nkfn8lxiashah1lwr6c0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfnh6nkfn8lxiashah1lwr6c0|03|org"; nocase; ) # 1orhd6v1f6ajhu51ekvh2fdhx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1orhd6v1f6ajhu51ekvh2fdhx4|03|com"; nocase; ) # 1hoferc94f95n958ygy1652tye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hoferc94f95n958ygy1652tye|03|com"; nocase; ) # 1xph9q51linfimc38htmfk2eb8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xph9q51linfimc38htmfk2eb8|03|org"; nocase; ) # 1no5n27117mooz2zugfr6lht39.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1no5n27117mooz2zugfr6lht39|03|net"; nocase; ) # 1h37ny54pbv0912aj8sdoc616r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h37ny54pbv0912aj8sdoc616r|03|net"; nocase; ) # 1t1hoxf1q6ytqnpptwg64dfewi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1hoxf1q6ytqnpptwg64dfewi|03|org"; nocase; ) # eg7b711f4r13jgujko212d5kvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eg7b711f4r13jgujko212d5kvq|03|net"; nocase; ) # 1pxply8l2gq6g163r9281sftdvp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pxply8l2gq6g163r9281sftdvp|03|com"; nocase; ) # 1kdggyx14ghayf46m2va14zna29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdggyx14ghayf46m2va14zna29|03|com"; nocase; ) # esvnya1n681as181hiduab8qw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|esvnya1n681as181hiduab8qw3|03|biz"; nocase; ) # 1mp6xtb1lhslrp1bh95mw19q8bwf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mp6xtb1lhslrp1bh95mw19q8bwf|03|org"; nocase; ) # y46kv11vqxytcv57ixtga5oql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y46kv11vqxytcv57ixtga5oql|03|net"; nocase; ) # 4sgsk2yiyrzm16x0f5iq9f07t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4sgsk2yiyrzm16x0f5iq9f07t|03|com"; nocase; ) # 1ru6agw58prvxhwzqa232qduy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ru6agw58prvxhwzqa232qduy|03|net"; nocase; ) # 1vp7cyvgyu6zbhq8x3zjl7qif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vp7cyvgyu6zbhq8x3zjl7qif|03|biz"; nocase; ) # 10dpckh10xedrkocu1ui1fphrh7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10dpckh10xedrkocu1ui1fphrh7|03|com"; nocase; ) # 14v9piwanjz1d1tuj1p51nx22sy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14v9piwanjz1d1tuj1p51nx22sy|03|net"; nocase; ) # uxuy411a600iu1rh6ltt1mb67o9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uxuy411a600iu1rh6ltt1mb67o9|03|net"; nocase; ) # 34pn7s1qfyvt09rjmlp9yirgq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|34pn7s1qfyvt09rjmlp9yirgq|03|net"; nocase; ) # unx44tjxo4ygj1q7sh11m7gi5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|unx44tjxo4ygj1q7sh11m7gi5|03|com"; nocase; ) # 7ceddalavhi1gxloth8zlsgv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7ceddalavhi1gxloth8zlsgv|03|biz"; nocase; ) # 1s5akpg1gfu857js9r9fd2cjd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s5akpg1gfu857js9r9fd2cjd|03|net"; nocase; ) # pdb2lk1ocoyugr1ucxxq359ff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pdb2lk1ocoyugr1ucxxq359ff|03|net"; nocase; ) # nr4p00z4uhe21rq8zth105ds7f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nr4p00z4uhe21rq8zth105ds7f|03|org"; nocase; ) # 16j28651nvri97vy7evu65skp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16j28651nvri97vy7evu65skp|03|com"; nocase; ) # 16w3ukewdqv62ncx6xf1nyf3u7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16w3ukewdqv62ncx6xf1nyf3u7|03|com"; nocase; ) # iiyrfzs1gup71u8ezsn1ey2h3t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iiyrfzs1gup71u8ezsn1ey2h3t|03|net"; nocase; ) # 1r9zsbm1ysq63b63kfqq1qj2twb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r9zsbm1ysq63b63kfqq1qj2twb|03|biz"; nocase; ) # 17ere6cboqxbt18b442i13aqs6f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ere6cboqxbt18b442i13aqs6f|03|net"; nocase; ) # dydibzkay6xweh9qq1o3grco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dydibzkay6xweh9qq1o3grco|03|com"; nocase; ) # mtmsj1v0mnxp1segpebig7p53.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mtmsj1v0mnxp1segpebig7p53|03|org"; nocase; ) # degxcg16snez15dpogb1ljnpeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|degxcg16snez15dpogb1ljnpeo|03|com"; nocase; ) # 1hhfjrsujc6ts1n3gqhvfpjxff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hhfjrsujc6ts1n3gqhvfpjxff|03|org"; nocase; ) # 8jqvkg4q05qw10oxmmo150omr8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8jqvkg4q05qw10oxmmo150omr8|03|net"; nocase; ) # nedyyp1ggzgbmzni40cga4a8j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nedyyp1ggzgbmzni40cga4a8j|03|net"; nocase; ) # 1vvxa2ut4azxzmh5qxo1o802t8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vvxa2ut4azxzmh5qxo1o802t8|03|biz"; nocase; ) # v0r0o8pwfsgr132znor1vojuo4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v0r0o8pwfsgr132znor1vojuo4|03|org"; nocase; ) # l1pd7o1gf6ilhdu2qzh12bhnt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l1pd7o1gf6ilhdu2qzh12bhnt4|03|com"; nocase; ) # 1uaeqbr16o5a8j8d0ixreut54k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uaeqbr16o5a8j8d0ixreut54k|03|org"; nocase; ) # 1qhjla8wwdqhfu43sb3jd9wc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qhjla8wwdqhfu43sb3jd9wc|03|biz"; nocase; ) # 28i2z19wgof4485347e5g3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|28i2z19wgof4485347e5g3|03|com"; nocase; ) # u9cmc91d41g0k1izg4am18y7l2g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u9cmc91d41g0k1izg4am18y7l2g|03|com"; nocase; ) # 120fewdjygvl41ogdpsnzbmvmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120fewdjygvl41ogdpsnzbmvmr|03|net"; nocase; ) # 3sad30umy0v8lf95wf1j5zlj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3sad30umy0v8lf95wf1j5zlj6|03|net"; nocase; ) # fh298zyxzzxj1cocn3n13ow9in.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fh298zyxzzxj1cocn3n13ow9in|03|biz"; nocase; ) # 1c6psk8ayom0b1iibg9x1lmj99u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c6psk8ayom0b1iibg9x1lmj99u|03|net"; nocase; ) # 1y4phxk10i9384dgpcy61prwlbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4phxk10i9384dgpcy61prwlbw|03|biz"; nocase; ) # j66am81pptihf1v93di8336zth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j66am81pptihf1v93di8336zth|03|biz"; nocase; ) # tp3gy01rb19t6umoank1p8kh8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tp3gy01rb19t6umoank1p8kh8|03|net"; nocase; ) # 1xuh12511xk9xaxwlngopjp2m5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xuh12511xk9xaxwlngopjp2m5|03|biz"; nocase; ) # rrk45fj1o0p4ldtees1wqcrw8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rrk45fj1o0p4ldtees1wqcrw8|03|org"; nocase; ) # 14k9g6x19vh5qe1x9phonra48d8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14k9g6x19vh5qe1x9phonra48d8|03|biz"; nocase; ) # t90z9h1ol3ggl2wf6ob9v174g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t90z9h1ol3ggl2wf6ob9v174g|03|org"; nocase; ) # xw4hpn189wcck1a8x28z1l8lxjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xw4hpn189wcck1a8x28z1l8lxjw|03|net"; nocase; ) # 10qktwcfb38nf1cd57yh4zmm98.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10qktwcfb38nf1cd57yh4zmm98|03|biz"; nocase; ) # 1lb0wpxghy6l1oudkyx1gkox02.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lb0wpxghy6l1oudkyx1gkox02|03|org"; nocase; ) # 18we2i48kpd116whke21gu7yve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18we2i48kpd116whke21gu7yve|03|net"; nocase; ) # 15da3d91sxyge71s1takqyfwuxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15da3d91sxyge71s1takqyfwuxw|03|net"; nocase; ) # ti2cljlm55oh1xp9n1zrytl0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ti2cljlm55oh1xp9n1zrytl0x|03|org"; nocase; ) # y97pvip94kpr1my8r3cd402lw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y97pvip94kpr1my8r3cd402lw|03|biz"; nocase; ) # 1acfg921vwab2s1wnygzwqs348t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1acfg921vwab2s1wnygzwqs348t|03|net"; nocase; ) # vzroigwds8r8oo65ie129fcyq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzroigwds8r8oo65ie129fcyq|03|biz"; nocase; ) # 1uesg9n1lci0cg1dfm1gc193exd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uesg9n1lci0cg1dfm1gc193exd6|03|net"; nocase; ) # 1bjhtv65ni4fd1pzk6gs1qjbdd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bjhtv65ni4fd1pzk6gs1qjbdd2|03|com"; nocase; ) # 1km5ais3u7dh17lg14aawpblf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1km5ais3u7dh17lg14aawpblf|03|org"; nocase; ) # 1s41o0nmf79ptjci6dj1fpysc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s41o0nmf79ptjci6dj1fpysc7|03|net"; nocase; ) # 10f48ds1awmmmu1graa7bkkgnus.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10f48ds1awmmmu1graa7bkkgnus|03|biz"; nocase; ) # ebtxqa12bqne7ezuzk6z6l8q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ebtxqa12bqne7ezuzk6z6l8q|03|biz"; nocase; ) # 73doghuk0elie3tmle1ue037r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|73doghuk0elie3tmle1ue037r|03|org"; nocase; ) # 1ccut8l16ltf3n13ipd9j1j3laab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ccut8l16ltf3n13ipd9j1j3laab|03|net"; nocase; ) # vv4k4vssoj0d1s0kqj9l5mtxj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vv4k4vssoj0d1s0kqj9l5mtxj|03|biz"; nocase; ) # 1t54fci10tz5pt1vx7ps3z0m815.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t54fci10tz5pt1vx7ps3z0m815|03|net"; nocase; ) # 1n95uvqfyhaji1aki7173e00sn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n95uvqfyhaji1aki7173e00sn|03|net"; nocase; ) # prqfya4mwdl85le3ao19la0nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|prqfya4mwdl85le3ao19la0nf|03|com"; nocase; ) # 1jpgul02zx69pu5p3d63a4jj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jpgul02zx69pu5p3d63a4jj7|03|com"; nocase; ) # 1scv8v21pziotc1uv9jj1hiogj4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1scv8v21pziotc1uv9jj1hiogj4|03|biz"; nocase; ) # 44a2bbj6mbq1uxmk9gf1k9xu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|44a2bbj6mbq1uxmk9gf1k9xu|03|net"; nocase; ) # 1kb7wrr69jnx6vjjqu91g1m0n7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kb7wrr69jnx6vjjqu91g1m0n7|03|org"; nocase; ) # x3zycr1ylqyhacho82w1sg2erd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3zycr1ylqyhacho82w1sg2erd|03|net"; nocase; ) # 1htioz51aj95ck1ofuqlc1j880x3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1htioz51aj95ck1ofuqlc1j880x3|03|org"; nocase; ) # 1dd9imp175nffh1phkp571f7zy67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dd9imp175nffh1phkp571f7zy67|03|com"; nocase; ) # 15h8jepx7z34fzur2k5j28717.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15h8jepx7z34fzur2k5j28717|03|com"; nocase; ) # fsda3c1fvy3jy13zmuz71903khc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fsda3c1fvy3jy13zmuz71903khc|03|biz"; nocase; ) # 126qfz0m51yby21z21bvuqoei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|126qfz0m51yby21z21bvuqoei|03|net"; nocase; ) # o43u0palo0sv1ozm16e1deae32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o43u0palo0sv1ozm16e1deae32|03|org"; nocase; ) # 1nzjler120x39s10582yv18q53pj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nzjler120x39s10582yv18q53pj|03|com"; nocase; ) # 1efod7rg4ncztas4rkdjt36y3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1efod7rg4ncztas4rkdjt36y3|03|org"; nocase; ) # 150j3embtlh5y18m3ah53kvebk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|150j3embtlh5y18m3ah53kvebk|03|com"; nocase; ) # 1euhok19gqmicr0icxa1alwp45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1euhok19gqmicr0icxa1alwp45|03|net"; nocase; ) # hhwwjsmhs5ux1451q4714bexwq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhwwjsmhs5ux1451q4714bexwq|03|org"; nocase; ) # 17jce031khudfh1jsnn9q19d9cqm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17jce031khudfh1jsnn9q19d9cqm|03|net"; nocase; ) # de0scv1tvik0rnqf4656btzeu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|de0scv1tvik0rnqf4656btzeu|03|org"; nocase; ) # vhvmr91rp56hq1yim4zg1vrc49z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vhvmr91rp56hq1yim4zg1vrc49z|03|net"; nocase; ) # 34whrpsjw87qe755m1p18ru0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|34whrpsjw87qe755m1p18ru0|03|org"; nocase; ) # edloca113tczh6qj38p1h9m53x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|edloca113tczh6qj38p1h9m53x|03|com"; nocase; ) # x15ze1qr9g1p1esbrcb8cyums.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x15ze1qr9g1p1esbrcb8cyums|03|org"; nocase; ) # v2di6hyx3ngrgptn5r1mp9h73.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v2di6hyx3ngrgptn5r1mp9h73|03|biz"; nocase; ) # 1nlpks17uqwsc1g2z11uo39syr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nlpks17uqwsc1g2z11uo39syr|03|com"; nocase; ) # 198cngrk2zwsl2zbb0mw90f9o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|198cngrk2zwsl2zbb0mw90f9o|03|biz"; nocase; ) # ldfn9stg989x1419ip51glbio8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ldfn9stg989x1419ip51glbio8|03|net"; nocase; ) # vtawjw8olb5h1trj0zk1mfyb6k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vtawjw8olb5h1trj0zk1mfyb6k|03|org"; nocase; ) # 19s4yto16zx1841uslzfqdchodm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19s4yto16zx1841uslzfqdchodm|03|biz"; nocase; ) # 1m7tqix1asoqgov1k4op12bwwz6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m7tqix1asoqgov1k4op12bwwz6|03|biz"; nocase; ) # 11t1wye18ebyk41c3cp0a19xijth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11t1wye18ebyk41c3cp0a19xijth|03|net"; nocase; ) # 89ndqwt1ljhhnhs7vo1yc21ek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89ndqwt1ljhhnhs7vo1yc21ek|03|org"; nocase; ) # yof9f118f5fat1y9mc5ifhin36.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yof9f118f5fat1y9mc5ifhin36|03|biz"; nocase; ) # 1xck7is10arxmapvfnvr17fgfj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xck7is10arxmapvfnvr17fgfj|03|net"; nocase; ) # xjf3xw1u2x565u7871q1vtag1b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xjf3xw1u2x565u7871q1vtag1b|03|biz"; nocase; ) # irvt4o1aueh7p10gs11b1x24buu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|irvt4o1aueh7p10gs11b1x24buu|03|org"; nocase; ) # qq8lbtnxmvsx614m2o1cltl00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qq8lbtnxmvsx614m2o1cltl00|03|org"; nocase; ) # 1rtxj9t1mvaj08rhpva118ucjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rtxj9t1mvaj08rhpva118ucjt|03|net"; nocase; ) # 1xiht6s1xvhh1mlq58owb4d28u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xiht6s1xvhh1mlq58owb4d28u|03|org"; nocase; ) # hfwwktl8pc12m4zcfj1dvxgxg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hfwwktl8pc12m4zcfj1dvxgxg|03|org"; nocase; ) # oelxvvw175fumxcrqa1egl4pj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oelxvvw175fumxcrqa1egl4pj|03|biz"; nocase; ) # lsnxhrailizu553ar49p4f88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lsnxhrailizu553ar49p4f88|03|net"; nocase; ) # 3rf07c1mrm7w7128b1s4pgydiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rf07c1mrm7w7128b1s4pgydiv|03|net"; nocase; ) # 19kcltdji2ahaon7m781s2vsus.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19kcltdji2ahaon7m781s2vsus|03|org"; nocase; ) # 2k549n1lt6h89gzaadfvxs5zm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2k549n1lt6h89gzaadfvxs5zm|03|net"; nocase; ) # 171h1373ev56r1b6elvy1s4d5fo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|171h1373ev56r1b6elvy1s4d5fo|03|org"; nocase; ) # 1vruwmxuj35nh9s6avlhyczbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vruwmxuj35nh9s6avlhyczbc|03|com"; nocase; ) # h4mo4f51clf91q35yvi1gr5j6b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h4mo4f51clf91q35yvi1gr5j6b|03|com"; nocase; ) # 1h5cagd1ccuq2l2kqyof6j08hl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h5cagd1ccuq2l2kqyof6j08hl|03|net"; nocase; ) # 10rn485qvty4p14jtvtx1ul7ssl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rn485qvty4p14jtvtx1ul7ssl|03|biz"; nocase; ) # 1agm5st1asymbw1ahqq3uksjiwb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1agm5st1asymbw1ahqq3uksjiwb|03|org"; nocase; ) # 1qup9v41vkud36ta8b3qy0zjw0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qup9v41vkud36ta8b3qy0zjw0|03|net"; nocase; ) # 168kwbtmnx3ntbavlc8101mnnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168kwbtmnx3ntbavlc8101mnnd|03|biz"; nocase; ) # 1jixp0m1cmhku3y2lk2j1r3ctlz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jixp0m1cmhku3y2lk2j1r3ctlz|03|com"; nocase; ) # oj19n11s9tmsq1r1g5of1dpykl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oj19n11s9tmsq1r1g5of1dpykl9|03|net"; nocase; ) # 15j3qhhad4vzgjrhvxh1afkx2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15j3qhhad4vzgjrhvxh1afkx2t|03|com"; nocase; ) # odmusre7mz3990b6tn1e48wa0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|odmusre7mz3990b6tn1e48wa0|03|com"; nocase; ) # 1elyrp4p860kyjooahz11500sg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1elyrp4p860kyjooahz11500sg|03|org"; nocase; ) # yhl7qo1ac4gkh1cxnydi4bpojh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yhl7qo1ac4gkh1cxnydi4bpojh|03|biz"; nocase; ) # eewolb3bqdux1qu3f9fcu4o8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eewolb3bqdux1qu3f9fcu4o8u|03|net"; nocase; ) # tdf6te1n4mdo71fdaboainc41t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tdf6te1n4mdo71fdaboainc41t|03|org"; nocase; ) # 12ca85piaxf5lo7p20p9ngrpq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ca85piaxf5lo7p20p9ngrpq|03|com"; nocase; ) # 1x03ewh7gzpfp53qm3y1amtqbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x03ewh7gzpfp53qm3y1amtqbp|03|org"; nocase; ) # 19566nrt1xjveb93wezj25grm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19566nrt1xjveb93wezj25grm|03|com"; nocase; ) # 19putlxien67e9edppo18vprfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19putlxien67e9edppo18vprfh|03|org"; nocase; ) # vwftwg1634e4i1pyuo2d1v8titt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vwftwg1634e4i1pyuo2d1v8titt|03|net"; nocase; ) # jzi8btj55pvp173i74eaqrdzq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jzi8btj55pvp173i74eaqrdzq|03|org"; nocase; ) # loo4ku8jw8gk133fdpe17gbfky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|loo4ku8jw8gk133fdpe17gbfky|03|org"; nocase; ) # 10kz8af75p5yy1gswo8r121qm3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10kz8af75p5yy1gswo8r121qm3m|03|net"; nocase; ) # 1xr6wzf1d3ij89x4fztl1jj9v2b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xr6wzf1d3ij89x4fztl1jj9v2b|03|com"; nocase; ) # p6vihy1hnf90u1af5yckaii808.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p6vihy1hnf90u1af5yckaii808|03|net"; nocase; ) # 9heg3211u16611z09dw118sv71f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9heg3211u16611z09dw118sv71f|03|org"; nocase; ) # 770ob1y0a4pn1akc03ox9vfzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|770ob1y0a4pn1akc03ox9vfzi|03|org"; nocase; ) # vfuj855k23ea1phoq9g1iqa5g2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vfuj855k23ea1phoq9g1iqa5g2|03|biz"; nocase; ) # 1tvru69b0ywx3aguijppcwjjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tvru69b0ywx3aguijppcwjjb|03|net"; nocase; ) # 1x66ni7i8katp1hne5rb127ut6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x66ni7i8katp1hne5rb127ut6i|03|com"; nocase; ) # 14vbrq01twtf89984oza1hhzmu9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14vbrq01twtf89984oza1hhzmu9|03|com"; nocase; ) # 1e0sdb1723thn9jsqsl1sx4um3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e0sdb1723thn9jsqsl1sx4um3|03|org"; nocase; ) # hkqmw618l3m5tnyh9jyae1t5g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hkqmw618l3m5tnyh9jyae1t5g|03|biz"; nocase; ) # entuan9ewfob1h515rl1f365xe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|entuan9ewfob1h515rl1f365xe|03|org"; nocase; ) # sejsgy1eyx15n9smqih18br105.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sejsgy1eyx15n9smqih18br105|03|net"; nocase; ) # cs3gag1tr781u1qtarcv1gfe7xk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cs3gag1tr781u1qtarcv1gfe7xk|03|net"; nocase; ) # 1qcmb391y97hwkl2nqn31hc5eam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qcmb391y97hwkl2nqn31hc5eam|03|com"; nocase; ) # 1ed0njh18iyrbwua2ety18c8cci.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ed0njh18iyrbwua2ety18c8cci|03|org"; nocase; ) # 87f6441mf2rag11wl5yc12k64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|87f6441mf2rag11wl5yc12k64|03|com"; nocase; ) # 9xwejh18ikl7msrr921r6zsfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xwejh18ikl7msrr921r6zsfs|03|org"; nocase; ) # 1mff9kh1q880mjhfn3981juc8pj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mff9kh1q880mjhfn3981juc8pj|03|com"; nocase; ) # 1gtdbegp7ftwk13kfs9m19p10ex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gtdbegp7ftwk13kfs9m19p10ex|03|com"; nocase; ) # acypwp59mnsfn6a14q1yro69j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|acypwp59mnsfn6a14q1yro69j|03|com"; nocase; ) # n3nlx613uumgggby96n1oemq27.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3nlx613uumgggby96n1oemq27|03|org"; nocase; ) # otgv0tbxvz1nn39wjfiwbw7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|otgv0tbxvz1nn39wjfiwbw7h|03|com"; nocase; ) # hhohrem9477sx8donjqn47a1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hhohrem9477sx8donjqn47a1|03|net"; nocase; ) # 1oikkdq1f9jm0mqc56px64sx38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oikkdq1f9jm0mqc56px64sx38|03|com"; nocase; ) # 19egbc8qmzq8611jj7by1o7w64u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19egbc8qmzq8611jj7by1o7w64u|03|org"; nocase; ) # 1rj7x2vuy4o6412252x818wgud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rj7x2vuy4o6412252x818wgud|03|net"; nocase; ) # 1p8pion15pnzk8145pcr316k9isv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p8pion15pnzk8145pcr316k9isv|03|org"; nocase; ) # 18ptsgr1kp38i11fonfxet70dj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ptsgr1kp38i11fonfxet70dj|03|org"; nocase; ) # gzyt1s168237mz42zx6hjg81q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gzyt1s168237mz42zx6hjg81q|03|com"; nocase; ) # uuyi4ysmkx2kal69pqokiuix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uuyi4ysmkx2kal69pqokiuix|03|com"; nocase; ) # 1mtqbja13px0b7oztdhk15lpgq1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mtqbja13px0b7oztdhk15lpgq1|03|com"; nocase; ) # 1ojanuiz5l5731scbncsrj65ja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ojanuiz5l5731scbncsrj65ja|03|net"; nocase; ) # 410xuhv62bwqtkznl1bh9qfp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|410xuhv62bwqtkznl1bh9qfp|03|net"; nocase; ) # 1s5z01212tstzz1rkuy46kwkai9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s5z01212tstzz1rkuy46kwkai9|03|net"; nocase; ) # 1ew9iz4k6uedh47qkwy1kv4sa3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ew9iz4k6uedh47qkwy1kv4sa3|03|biz"; nocase; ) # 1bt81521n6ply3iucwxo28nxmk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bt81521n6ply3iucwxo28nxmk|03|com"; nocase; ) # 1ismgfftbnts414edew91gmhss3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ismgfftbnts414edew91gmhss3|03|org"; nocase; ) # w4h1pe1twenle6x9ike1pwx7ut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w4h1pe1twenle6x9ike1pwx7ut|03|com"; nocase; ) # axp73vua3i6u11axpqp1m7rds0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|axp73vua3i6u11axpqp1m7rds0|03|net"; nocase; ) # b711sgho77117zj90kuxihg7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b711sgho77117zj90kuxihg7|03|com"; nocase; ) # cjlrr816gkw2r1lscxcd1ims0k8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cjlrr816gkw2r1lscxcd1ims0k8|03|com"; nocase; ) # 7kjewr1sca96y1mr1ybl9ry3tc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7kjewr1sca96y1mr1ybl9ry3tc|03|net"; nocase; ) # 1v8a2iral9j8217ace64txk6q2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v8a2iral9j8217ace64txk6q2|03|org"; nocase; ) # 18eddmxsmm5boo2rw2q1tsn2h0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18eddmxsmm5boo2rw2q1tsn2h0|03|net"; nocase; ) # 11hkw16kf1r9f1j5n06r1nfu6fm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hkw16kf1r9f1j5n06r1nfu6fm|03|net"; nocase; ) # yeuksp10423sid1s1fqcrn2bo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yeuksp10423sid1s1fqcrn2bo|03|biz"; nocase; ) # i23vf91wt6tii1gczdx7cdmphi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i23vf91wt6tii1gczdx7cdmphi|03|org"; nocase; ) # 1afgtxp1vd3lyf8nyfkv1q9t0u8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1afgtxp1vd3lyf8nyfkv1q9t0u8|03|net"; nocase; ) # 1qmad0o2zzhj5s5dhth1i7shyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qmad0o2zzhj5s5dhth1i7shyi|03|com"; nocase; ) # 1xd4rno11lswp9bfbwt2qq00lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xd4rno11lswp9bfbwt2qq00lg|03|net"; nocase; ) # hlyj2bouhvaa17ebn7uigktpa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hlyj2bouhvaa17ebn7uigktpa|03|net"; nocase; ) # da6gsf1p4lp8b1vidl635xs2nv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|da6gsf1p4lp8b1vidl635xs2nv|03|net"; nocase; ) # 1qb4xy5ru80r1155of0h6jzeey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qb4xy5ru80r1155of0h6jzeey|03|net"; nocase; ) # 1se789g11w3zyu1my2qo5j9oijz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1se789g11w3zyu1my2qo5j9oijz|03|net"; nocase; ) # kss80r1gccuhw1d49bf68zt0es.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000027999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kss80r1gccuhw1d49bf68zt0es|03|org"; nocase; ) # qr27ljfdwse51xhmmx5jx8mg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qr27ljfdwse51xhmmx5jx8mg1|03|com"; nocase; ) # ab0uey1n7o6onu2xx98ia5lre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ab0uey1n7o6onu2xx98ia5lre|03|net"; nocase; ) # 11udv3wfvxrkc1qlcrl1ts4l8w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11udv3wfvxrkc1qlcrl1ts4l8w|03|com"; nocase; ) # c5eh2y18lfk8x1ubove418vwn49.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c5eh2y18lfk8x1ubove418vwn49|03|org"; nocase; ) # f3ju13uiwwop1hs2pkvmnchs7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3ju13uiwwop1hs2pkvmnchs7|03|com"; nocase; ) # 1p64vdnj6vgm01pziinx7jpaue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p64vdnj6vgm01pziinx7jpaue|03|net"; nocase; ) # 1ou3pregyxdxez9x3qmpsgs9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ou3pregyxdxez9x3qmpsgs9|03|org"; nocase; ) # 1cz5ehl1voj0nl1f4wbu4acel4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cz5ehl1voj0nl1f4wbu4acel4p|03|org"; nocase; ) # 36d7wd16cj6501pq9ijf1s3cdbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|36d7wd16cj6501pq9ijf1s3cdbc|03|net"; nocase; ) # rndsio86e2v9zrh4t718eihbg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rndsio86e2v9zrh4t718eihbg|03|org"; nocase; ) # r2eyxzjor6gl14qrzsvql9nr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r2eyxzjor6gl14qrzsvql9nr|03|net"; nocase; ) # 1dr1tvo1q3k53q169f1711b1cskd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dr1tvo1q3k53q169f1711b1cskd|03|biz"; nocase; ) # hsac861gmg3rtcvccwp1euwtyt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hsac861gmg3rtcvccwp1euwtyt|03|biz"; nocase; ) # 8f7o46r60za61mix9ztua7g25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8f7o46r60za61mix9ztua7g25|03|net"; nocase; ) # uvxv4112poz1167mu7dqha5s5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uvxv4112poz1167mu7dqha5s5|03|org"; nocase; ) # 8neq9d1w36gmg15vmm161e0u7cv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8neq9d1w36gmg15vmm161e0u7cv|03|biz"; nocase; ) # 1tl709us2dynzc3dq36ryh0xz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tl709us2dynzc3dq36ryh0xz|03|biz"; nocase; ) # 1r85hrgipjqcj1g82dzo6wju3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r85hrgipjqcj1g82dzo6wju3|03|net"; nocase; ) # l2dakb12niut2dyghn31rt66pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l2dakb12niut2dyghn31rt66pm|03|net"; nocase; ) # 1uqfjp4efwnu31gqrme511tfc1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uqfjp4efwnu31gqrme511tfc1s|03|com"; nocase; ) # 150ou06ougnsj3djqwg1mytp49.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|150ou06ougnsj3djqwg1mytp49|03|biz"; nocase; ) # rfuc2rw6pjcs17b6vz4tlfhz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rfuc2rw6pjcs17b6vz4tlfhz6|03|net"; nocase; ) # 1xx0dpd1390y371udz0wadexz2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xx0dpd1390y371udz0wadexz2v|03|org"; nocase; ) # 1ucvlmw10vhs8y66dpza1wgd0s9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ucvlmw10vhs8y66dpza1wgd0s9|03|org"; nocase; ) # 16bfg9e1043mz5c3t9kp1i259qn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16bfg9e1043mz5c3t9kp1i259qn|03|org"; nocase; ) # 1gn8vqbjwarky1jhqiin2cq157.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gn8vqbjwarky1jhqiin2cq157|03|org"; nocase; ) # 1lv4mff1ew2rqt176q01gl5ihw0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv4mff1ew2rqt176q01gl5ihw0|03|biz"; nocase; ) # 13sas0a1n64h6c19ldu62cbrmt9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13sas0a1n64h6c19ldu62cbrmt9|03|net"; nocase; ) # 6zvuvtz3lnl1dz7ir8f23q20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6zvuvtz3lnl1dz7ir8f23q20|03|net"; nocase; ) # 1p1nbhq116hvcldv5xzvy1fy2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p1nbhq116hvcldv5xzvy1fy2a|03|org"; nocase; ) # ag5e4l1bu47j8awe0mn11impqn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ag5e4l1bu47j8awe0mn11impqn|03|com"; nocase; ) # 162jh6v61q2a9ux8rjjpycdwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|162jh6v61q2a9ux8rjjpycdwi|03|net"; nocase; ) # 1ogovs91q6mrhc10dn3j51jiqrql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ogovs91q6mrhc10dn3j51jiqrql|03|com"; nocase; ) # 1xchx9i1bu8r6t19jdt0x16352gw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xchx9i1bu8r6t19jdt0x16352gw|03|org"; nocase; ) # 11cplver3g771axa7ad1qh47eo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11cplver3g771axa7ad1qh47eo|03|biz"; nocase; ) # 1biy1m9171p541mhzdorl92b9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1biy1m9171p541mhzdorl92b9|03|com"; nocase; ) # finwnx1r8l30u179syvx1mk19pp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|finwnx1r8l30u179syvx1mk19pp|03|biz"; nocase; ) # 12v5upq437vt11jwz16217zae9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12v5upq437vt11jwz16217zae9b|03|com"; nocase; ) # 5pi46sxv0bww1ibg1fk1cyqq5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5pi46sxv0bww1ibg1fk1cyqq5p|03|org"; nocase; ) # 1dtdznc1o23kxh1ima2ie1vudgar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dtdznc1o23kxh1ima2ie1vudgar|03|com"; nocase; ) # 1iue32mshzqkql5cjme16k3vu1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iue32mshzqkql5cjme16k3vu1|03|net"; nocase; ) # 12g2nj4mqiy44vlr4va138ojub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12g2nj4mqiy44vlr4va138ojub|03|com"; nocase; ) # lnl9vehc733h1gabgynx6g8mx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lnl9vehc733h1gabgynx6g8mx|03|org"; nocase; ) # tkf5ld1dcu40beso2fdvfmoqy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkf5ld1dcu40beso2fdvfmoqy|03|net"; nocase; ) # g7j8zh1ebrrfy9hv0r14drgtk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g7j8zh1ebrrfy9hv0r14drgtk|03|biz"; nocase; ) # ztxjb9dhb0tgq6td39l3bk0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ztxjb9dhb0tgq6td39l3bk0f|03|net"; nocase; ) # qojeid89gf461s8voxg1mo0g9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qojeid89gf461s8voxg1mo0g9i|03|com"; nocase; ) # 1gwvdre1ceer4318kwt3tp01qs3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gwvdre1ceer4318kwt3tp01qs3|03|biz"; nocase; ) # 14bgea5s87rkuu6xbp0192fzky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14bgea5s87rkuu6xbp0192fzky|03|org"; nocase; ) # 18s0vjo1vzbp4qhm0wi21eg7s1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18s0vjo1vzbp4qhm0wi21eg7s1o|03|net"; nocase; ) # f1j2onvcd9di157ups71m2o103.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1j2onvcd9di157ups71m2o103|03|com"; nocase; ) # 1b89047ca2k11prhnll195lrz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b89047ca2k11prhnll195lrz9|03|com"; nocase; ) # dk328t16x2lrp1aj1kilf3c95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dk328t16x2lrp1aj1kilf3c95|03|net"; nocase; ) # 1s4s3so1nlq6v0gi18dv1rmx3s7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s4s3so1nlq6v0gi18dv1rmx3s7|03|org"; nocase; ) # 1ch7xkj1l3wcqi13n8351ixauue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ch7xkj1l3wcqi13n8351ixauue|03|com"; nocase; ) # k6hzfj12nh5d11r24ia91supwgr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k6hzfj12nh5d11r24ia91supwgr|03|net"; nocase; ) # t4xght1f6s1er1wyiwo532419y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t4xght1f6s1er1wyiwo532419y|03|com"; nocase; ) # 5rmf4locieonwas1p31kbpo38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5rmf4locieonwas1p31kbpo38|03|com"; nocase; ) # 147tykh1hn8pf28u9kkt1pc6x1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147tykh1hn8pf28u9kkt1pc6x1|03|biz"; nocase; ) # m0ps0g13ico4ltl8yzq1sy9e3r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0ps0g13ico4ltl8yzq1sy9e3r|03|org"; nocase; ) # k9ejth1h81f7s10imge51wygiq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k9ejth1h81f7s10imge51wygiq8|03|org"; nocase; ) # 1y2gbliujbrqd811vhis10o3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1y2gbliujbrqd811vhis10o3|03|net"; nocase; ) # 1ou66n91u10ydf1o6f39u1pw6j8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ou66n91u10ydf1o6f39u1pw6j8m|03|org"; nocase; ) # tpoz3k1webf5f1gmrw901pfuytl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tpoz3k1webf5f1gmrw901pfuytl|03|com"; nocase; ) # 1wmrlipm2rn3c11589ll11gegs5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wmrlipm2rn3c11589ll11gegs5|03|biz"; nocase; ) # 1dp7ur8ofe2lp1guugau1pg6ck8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dp7ur8ofe2lp1guugau1pg6ck8|03|net"; nocase; ) # tjm0dtd7d9b61w4r2qt1adsclh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tjm0dtd7d9b61w4r2qt1adsclh|03|com"; nocase; ) # e47mi31c43x1m1w4834wmnvbsl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e47mi31c43x1m1w4834wmnvbsl|03|com"; nocase; ) # hzqrzd10svn2vtc6z4y1eecbzv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hzqrzd10svn2vtc6z4y1eecbzv|03|org"; nocase; ) # lqp2qa1pt28z210o2jvk1hz5j4o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lqp2qa1pt28z210o2jvk1hz5j4o|03|com"; nocase; ) # 1wock0p1dszfep1pcyy8s2dwwt9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wock0p1dszfep1pcyy8s2dwwt9|03|com"; nocase; ) # bckeaohkmmlz1xe2hb21f0pevy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bckeaohkmmlz1xe2hb21f0pevy|03|com"; nocase; ) # 1vho47fbgjxn714smnbf18a1og5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vho47fbgjxn714smnbf18a1og5|03|biz"; nocase; ) # 12hvfnv7fi2ww14qoq2zplgko8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12hvfnv7fi2ww14qoq2zplgko8|03|com"; nocase; ) # n8f3s2lfzruoi1kc6r5dz1x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|n8f3s2lfzruoi1kc6r5dz1x|03|org"; nocase; ) # 1eehxznkvnkdp1137ekugbn8ao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eehxznkvnkdp1137ekugbn8ao|03|net"; nocase; ) # 1nde6lxydsk5411sjdgl1f0nrzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nde6lxydsk5411sjdgl1f0nrzn|03|com"; nocase; ) # 1c35qm5jyb0gv20s3xjw4l7ma.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c35qm5jyb0gv20s3xjw4l7ma|03|biz"; nocase; ) # a5306wcpd2wb1enf21p1gac35k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a5306wcpd2wb1enf21p1gac35k|03|net"; nocase; ) # byjv1e1vetprpo3my4l13nb4tw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|byjv1e1vetprpo3my4l13nb4tw|03|net"; nocase; ) # 1ov98g3j6pk9c1w9dq9g1ieycp0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ov98g3j6pk9c1w9dq9g1ieycp0|03|net"; nocase; ) # 1cgytlo1ey5i4y1wig48y17bgiv8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cgytlo1ey5i4y1wig48y17bgiv8|03|biz"; nocase; ) # 1kkxymg1qveott7qpf1d2hrc3n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkxymg1qveott7qpf1d2hrc3n|03|com"; nocase; ) # w9wmgwspkx0cwrr9jf1wpwy8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9wmgwspkx0cwrr9jf1wpwy8q|03|com"; nocase; ) # 1wyvp0q15s44qvf7ul1lho8umn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wyvp0q15s44qvf7ul1lho8umn|03|net"; nocase; ) # qo9t3qymdmrzb4g7tt1fbc3x6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qo9t3qymdmrzb4g7tt1fbc3x6|03|biz"; nocase; ) # 644gmv1ldiq751grg6w21slo36p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|644gmv1ldiq751grg6w21slo36p|03|org"; nocase; ) # cytulir9afjwk69iz5j9xd3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|cytulir9afjwk69iz5j9xd3|03|biz"; nocase; ) # 1kbm60x1xbkfpknjwbplqlczxi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kbm60x1xbkfpknjwbplqlczxi|03|net"; nocase; ) # weg6qcrzlg6n1jva96lvapi9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|weg6qcrzlg6n1jva96lvapi9l|03|net"; nocase; ) # 3bg4jt1hyemq3134l76m15jea2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3bg4jt1hyemq3134l76m15jea2z|03|org"; nocase; ) # we80mn15wzehh1evcadq7hwtr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|we80mn15wzehh1evcadq7hwtr1|03|com"; nocase; ) # qkvblz1fxzi0xfs6943lbr8i0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qkvblz1fxzi0xfs6943lbr8i0|03|biz"; nocase; ) # 1ho2ydw1oulbtx1teblvg1q9tza6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ho2ydw1oulbtx1teblvg1q9tza6|03|net"; nocase; ) # 10rp1fxpidk1f1hrki10113exv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rp1fxpidk1f1hrki10113exv6|03|net"; nocase; ) # 2ykf6d1eslj321deq9gr15ntdo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2ykf6d1eslj321deq9gr15ntdo8|03|net"; nocase; ) # rsujq1spe0odi150qf1nc8q62.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rsujq1spe0odi150qf1nc8q62|03|com"; nocase; ) # 3y790f25qglhm3g2d77orpjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3y790f25qglhm3g2d77orpjc|03|org"; nocase; ) # 1o5i45gq0ddka1mqjhldl4zbnz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o5i45gq0ddka1mqjhldl4zbnz|03|biz"; nocase; ) # 1v7sjjmoz5ftf2d46o41jsmrl9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v7sjjmoz5ftf2d46o41jsmrl9|03|net"; nocase; ) # 1pkc00j1kzzway1hw2am31mjxkz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pkc00j1kzzway1hw2am31mjxkz7|03|com"; nocase; ) # 19yphyqp1qgz9ist29l16uw5zx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19yphyqp1qgz9ist29l16uw5zx|03|com"; nocase; ) # hsofnj1r7j8j316ua5en1gl657j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hsofnj1r7j8j316ua5en1gl657j|03|com"; nocase; ) # 1rmanfd190w4f06xear9cwhb40.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rmanfd190w4f06xear9cwhb40|03|com"; nocase; ) # 1le5d5g1lhz3ez6h095x1oxn2d7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1le5d5g1lhz3ez6h095x1oxn2d7|03|org"; nocase; ) # 10t1a4r1wvgzxiyzq7uc729tc4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10t1a4r1wvgzxiyzq7uc729tc4|03|com"; nocase; ) # 1hbnyia13e4on3zoukev5a47tj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbnyia13e4on3zoukev5a47tj|03|biz"; nocase; ) # n6yuuy18yeb1x1xp4cfp1q4krd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n6yuuy18yeb1x1xp4cfp1q4krd2|03|com"; nocase; ) # 14itx63hlfrpt1wfstwcxl1meh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14itx63hlfrpt1wfstwcxl1meh|03|org"; nocase; ) # 1aw6o2b9mp50c1xydrbbizwas8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aw6o2b9mp50c1xydrbbizwas8|03|com"; nocase; ) # if6qgt16dovf416et80x1lucpjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|if6qgt16dovf416et80x1lucpjw|03|net"; nocase; ) # vv3y9pxeble5wp0o604b60rb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vv3y9pxeble5wp0o604b60rb|03|net"; nocase; ) # 1n1nhxekc5uge1fj5d0v35f88j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1nhxekc5uge1fj5d0v35f88j|03|org"; nocase; ) # 1pcs4ih1af1fruiw7skopfsajh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pcs4ih1af1fruiw7skopfsajh|03|com"; nocase; ) # 10cazhz1be5oi015fo9rn1qh37eo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10cazhz1be5oi015fo9rn1qh37eo|03|com"; nocase; ) # h4y6k31rhx2p1ivf6351xh48nv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h4y6k31rhx2p1ivf6351xh48nv|03|org"; nocase; ) # yibf0n1fj8zfaep0o8r18tbl7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yibf0n1fj8zfaep0o8r18tbl7t|03|org"; nocase; ) # 12vc2umgdq3g3dccvzf14np6m6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vc2umgdq3g3dccvzf14np6m6|03|net"; nocase; ) # v429ph1ln7yu01fxporo181oktg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v429ph1ln7yu01fxporo181oktg|03|org"; nocase; ) # 2m0nyohggkohr59cbp1tj52nw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2m0nyohggkohr59cbp1tj52nw|03|com"; nocase; ) # 41800klcjaxolg2cah172typt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|41800klcjaxolg2cah172typt|03|net"; nocase; ) # 11z02unozv7p9vi8ec0a74922.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11z02unozv7p9vi8ec0a74922|03|net"; nocase; ) # pqkme51c5n18ge8y8i71nfz1xu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pqkme51c5n18ge8y8i71nfz1xu|03|net"; nocase; ) # p13gy93ypobw1ttoytm1drsdth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p13gy93ypobw1ttoytm1drsdth|03|biz"; nocase; ) # ubedc9bvffse1d9zybg1ilwjja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubedc9bvffse1d9zybg1ilwjja|03|org"; nocase; ) # 188cv7fygid62fhkbw0dku1iv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|188cv7fygid62fhkbw0dku1iv|03|net"; nocase; ) # wmld7w1eb3vnn1mljln5f629w9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wmld7w1eb3vnn1mljln5f629w9|03|com"; nocase; ) # 14a818pnahp96xbxacxkiqo3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14a818pnahp96xbxacxkiqo3x|03|com"; nocase; ) # 1cikfbyv22am81ykkzx61qp6dm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cikfbyv22am81ykkzx61qp6dm5|03|net"; nocase; ) # 17egct9hianou1vcsr05118p411.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17egct9hianou1vcsr05118p411|03|biz"; nocase; ) # 1c5rj988s31vpmke4cy0wq7f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1c5rj988s31vpmke4cy0wq7f|03|com"; nocase; ) # 1g89jzkxgfq6a172ovuts8zovu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g89jzkxgfq6a172ovuts8zovu|03|com"; nocase; ) # 1uimisy78ng031xnax25cns5em.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uimisy78ng031xnax25cns5em|03|net"; nocase; ) # iaiaml16lxpqnc8zs1d21z7s8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iaiaml16lxpqnc8zs1d21z7s8|03|net"; nocase; ) # 1pt4tuuwilnxo1mmktnz1mqway3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pt4tuuwilnxo1mmktnz1mqway3|03|biz"; nocase; ) # 1kxcygk1rl921j1g9cccz1rewdro.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kxcygk1rl921j1g9cccz1rewdro|03|biz"; nocase; ) # i7robn1t18g5g53ybeskmete4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i7robn1t18g5g53ybeskmete4|03|org"; nocase; ) # i8ec5b4kr11014eibaaqq31mg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i8ec5b4kr11014eibaaqq31mg|03|com"; nocase; ) # 1jfyxgh4wjsdcnvuo621m2v5z6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jfyxgh4wjsdcnvuo621m2v5z6|03|com"; nocase; ) # 1ywx8x518p7juc1tmehzv1mpwkib.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ywx8x518p7juc1tmehzv1mpwkib|03|org"; nocase; ) # 1ivsidr16jjpaitnn4m5164hc0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ivsidr16jjpaitnn4m5164hc0g|03|biz"; nocase; ) # eovwjfegemh2xekr811vnjkpp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eovwjfegemh2xekr811vnjkpp|03|com"; nocase; ) # hp3op0kez02d1ixo2cd1xkm56q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp3op0kez02d1ixo2cd1xkm56q|03|biz"; nocase; ) # iasy25kg1iw01w03q5n1blqk33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iasy25kg1iw01w03q5n1blqk33|03|net"; nocase; ) # 1sb9eiv2mn42clx1czv1onfn5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sb9eiv2mn42clx1czv1onfn5z|03|org"; nocase; ) # acn898c2dzfgh8b3ir1aptk16.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|acn898c2dzfgh8b3ir1aptk16|03|biz"; nocase; ) # 1yhi2wi1vckh86946a3v12azq2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yhi2wi1vckh86946a3v12azq2t|03|org"; nocase; ) # 1bdppsq1lm5zwt1nhyqnv1gmx7xn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bdppsq1lm5zwt1nhyqnv1gmx7xn|03|org"; nocase; ) # 1g2ua33lunkusizk66o1474ouo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g2ua33lunkusizk66o1474ouo|03|com"; nocase; ) # 6rmhgs1toy7ezz59lg317q70c2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6rmhgs1toy7ezz59lg317q70c2|03|org"; nocase; ) # 9eylyh11pkzpqwtqlyt3rjupt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9eylyh11pkzpqwtqlyt3rjupt|03|net"; nocase; ) # 6monq21ew21mjjy40m8oh288m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6monq21ew21mjjy40m8oh288m|03|com"; nocase; ) # hcszo1d9ubx478ufkq4xi8jb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hcszo1d9ubx478ufkq4xi8jb|03|org"; nocase; ) # 43dz84c257q3h8pzwc79e7mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|43dz84c257q3h8pzwc79e7mi|03|net"; nocase; ) # anw8pux2ax0j1w7gmrr1r4biws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|anw8pux2ax0j1w7gmrr1r4biws|03|com"; nocase; ) # uv599rjco8hin5biqh74kzu9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uv599rjco8hin5biqh74kzu9|03|biz"; nocase; ) # mj2h0v1oxri6q12kt5t32v2fa6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mj2h0v1oxri6q12kt5t32v2fa6|03|org"; nocase; ) # 1mog63cnib6t015zbi2r1dhwe8t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mog63cnib6t015zbi2r1dhwe8t|03|net"; nocase; ) # 17aj9db1vydmjb1c9xzrval12gc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17aj9db1vydmjb1c9xzrval12gc|03|biz"; nocase; ) # 1kzoru5pths731v01ctma0t8cx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kzoru5pths731v01ctma0t8cx|03|net"; nocase; ) # qx8uiwgw0wqtrw8jrj12ed65f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qx8uiwgw0wqtrw8jrj12ed65f|03|org"; nocase; ) # 1cblfkc153fy3z16agl518v71ex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cblfkc153fy3z16agl518v71ex|03|com"; nocase; ) # 162y06oldjc0j9x8d2416gmbm9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|162y06oldjc0j9x8d2416gmbm9|03|org"; nocase; ) # f20blbtbtgz312eiue212zzv1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f20blbtbtgz312eiue212zzv1o|03|net"; nocase; ) # 1lzewxc1axtm1517d8ojm11t60kp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lzewxc1axtm1517d8ojm11t60kp|03|biz"; nocase; ) # 1694inc10lt6bjrblgj119z6qsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1694inc10lt6bjrblgj119z6qsl|03|net"; nocase; ) # fdenvq3d15yi1lezgy015lvj89.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fdenvq3d15yi1lezgy015lvj89|03|net"; nocase; ) # 4fg4klvibx6w10k50ux1emee80.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4fg4klvibx6w10k50ux1emee80|03|org"; nocase; ) # b9uxulvnr7oi19qs7sk1s31k0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9uxulvnr7oi19qs7sk1s31k0u|03|org"; nocase; ) # 1jsm5h01k8uid7172p531s40kkr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsm5h01k8uid7172p531s40kkr|03|net"; nocase; ) # wvjqdiy2nbwja5ajcj2r8xqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wvjqdiy2nbwja5ajcj2r8xqk|03|com"; nocase; ) # 1iazwrp1gqwv971p4258vg966hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iazwrp1gqwv971p4258vg966hr|03|net"; nocase; ) # 1pkutxt1lwo0v0dw4fdx111ogf5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkutxt1lwo0v0dw4fdx111ogf5|03|biz"; nocase; ) # i1fqmz1ov2an31pqrn861rhtxyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i1fqmz1ov2an31pqrn861rhtxyx|03|com"; nocase; ) # 1gemfcc1nlnss9ups1zfy560ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gemfcc1nlnss9ups1zfy560ec|03|org"; nocase; ) # 1tk2pxm1egvl4z95u8uanujy88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tk2pxm1egvl4z95u8uanujy88|03|net"; nocase; ) # 1s3fhzivc5l8b1efl5k31sye3eg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3fhzivc5l8b1efl5k31sye3eg|03|net"; nocase; ) # 1d9bgta124ow74nsfkp818hry9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d9bgta124ow74nsfkp818hry9i|03|net"; nocase; ) # niyflvkw0l8g1ozuvpu1p4mvx5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|niyflvkw0l8g1ozuvpu1p4mvx5|03|net"; nocase; ) # 15pq4xx18fiu7ao59jtizs6ozi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15pq4xx18fiu7ao59jtizs6ozi|03|org"; nocase; ) # pdgxda1rqn52a1rfuhcw1wr3ncf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pdgxda1rqn52a1rfuhcw1wr3ncf|03|com"; nocase; ) # 1wi0engaq3jcoja1hlm3buq00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wi0engaq3jcoja1hlm3buq00|03|org"; nocase; ) # 15nv9yg1umz4ok1yqhvzp19dlj32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15nv9yg1umz4ok1yqhvzp19dlj32|03|com"; nocase; ) # 1h3pk971e98bvi1grg2l8gbnuvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3pk971e98bvi1grg2l8gbnuvg|03|net"; nocase; ) # 1xu2d545ln87jvp88vbep11hi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xu2d545ln87jvp88vbep11hi|03|com"; nocase; ) # acffz0ph6spb1a29o8ysvymqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|acffz0ph6spb1a29o8ysvymqh|03|com"; nocase; ) # c1d0fbu72d6h165fe1x11se7d6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c1d0fbu72d6h165fe1x11se7d6|03|biz"; nocase; ) # 1uahhcy1t043kal2skcy1kwdjhv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uahhcy1t043kal2skcy1kwdjhv|03|net"; nocase; ) # kqjhza1rndd3y9qaz34ysdwzf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kqjhza1rndd3y9qaz34ysdwzf|03|net"; nocase; ) # plyygi16f79fb1upawk71e9p6t4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|plyygi16f79fb1upawk71e9p6t4|03|org"; nocase; ) # td5kkun7olok1301y7e1w96gkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|td5kkun7olok1301y7e1w96gkf|03|org"; nocase; ) # 14juehm5m7l4qh6zzud1mjsl0o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14juehm5m7l4qh6zzud1mjsl0o|03|com"; nocase; ) # 1hkb8cl19qlnn014prj5nugoci1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hkb8cl19qlnn014prj5nugoci1|03|biz"; nocase; ) # fg4ekfwk1x1h1081wtn1mysreh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fg4ekfwk1x1h1081wtn1mysreh|03|net"; nocase; ) # w2fgsx1mwvmea1g9jmb71ufcmm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w2fgsx1mwvmea1g9jmb71ufcmm3|03|org"; nocase; ) # 19vxor31bf9rbj1j7cvlk1ejvec3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19vxor31bf9rbj1j7cvlk1ejvec3|03|com"; nocase; ) # jthpot1atzz80761g3k11z0p3e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jthpot1atzz80761g3k11z0p3e|03|com"; nocase; ) # 89rskl1m0hk4k1rboy8817akyb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|89rskl1m0hk4k1rboy8817akyb8|03|net"; nocase; ) # 1phhj6tv0duwm1eozrq61f18azs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1phhj6tv0duwm1eozrq61f18azs|03|net"; nocase; ) # h92jwo19vsy864l7e7e1u4fx10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h92jwo19vsy864l7e7e1u4fx10|03|net"; nocase; ) # 2saef1ta1c7v1qottzx1375xuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2saef1ta1c7v1qottzx1375xuo|03|net"; nocase; ) # 1tumy7c1e1xhv6kcq4193o0o0z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tumy7c1e1xhv6kcq4193o0o0z|03|com"; nocase; ) # 1fte7b41gv9squ16vm5z71li6qpp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fte7b41gv9squ16vm5z71li6qpp|03|biz"; nocase; ) # c80zydsxzeue37ef6e104xqb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c80zydsxzeue37ef6e104xqb0|03|com"; nocase; ) # 1dodnrs11r7fmk1tog3mlsr3iwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dodnrs11r7fmk1tog3mlsr3iwt|03|org"; nocase; ) # azcwuq1m40qvu168ioq61rj6a04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|azcwuq1m40qvu168ioq61rj6a04|03|com"; nocase; ) # 1gfyk1mabpdxx195yji6nqcp2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gfyk1mabpdxx195yji6nqcp2i|03|net"; nocase; ) # 14ax1511kjbi6z13qy120srwthp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ax1511kjbi6z13qy120srwthp|03|com"; nocase; ) # bmy5xt1ptpa6012a3sgb1hnpigf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bmy5xt1ptpa6012a3sgb1hnpigf|03|biz"; nocase; ) # 1azbera1d4q19c1tebv3xsjx9ql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1azbera1d4q19c1tebv3xsjx9ql|03|net"; nocase; ) # hlzwlfgp1ltf613inhnk83be.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hlzwlfgp1ltf613inhnk83be|03|biz"; nocase; ) # o7p7sn9nwdc51pixum9p668st.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o7p7sn9nwdc51pixum9p668st|03|net"; nocase; ) # 1wbtvfu73va5uafrjbujfq2j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wbtvfu73va5uafrjbujfq2j|03|com"; nocase; ) # 14n0zdl81j1g38k65r1qytmm8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14n0zdl81j1g38k65r1qytmm8|03|biz"; nocase; ) # t8c3xu1q43t9kqv3kz85j35nf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t8c3xu1q43t9kqv3kz85j35nf|03|net"; nocase; ) # 400d7f14zf2q8z9wkuljkbtc4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|400d7f14zf2q8z9wkuljkbtc4|03|com"; nocase; ) # 47tm4l615tyy1fohojv1uc20vz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|47tm4l615tyy1fohojv1uc20vz|03|net"; nocase; ) # 1b94z1qcvd6py1qbt4de1vozucq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b94z1qcvd6py1qbt4de1vozucq|03|org"; nocase; ) # 1o6axwi1q6rvg41ti8hhjxt084j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o6axwi1q6rvg41ti8hhjxt084j|03|net"; nocase; ) # cboz8uabjfl11c2hat71a0fqt3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cboz8uabjfl11c2hat71a0fqt3|03|org"; nocase; ) # 1go525t4sdrw91h1n02xaon202.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1go525t4sdrw91h1n02xaon202|03|com"; nocase; ) # a851zi1tvduk9s2cgdv9qcxaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a851zi1tvduk9s2cgdv9qcxaq|03|com"; nocase; ) # 1hhz1xw1s7to9b4h7r21vdscyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hhz1xw1s7to9b4h7r21vdscyu|03|net"; nocase; ) # 1ut0wjo1myh9y71w7z6n61omoix6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ut0wjo1myh9y71w7z6n61omoix6|03|biz"; nocase; ) # 15l2w2c14ugj71gw9wg01op9h48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15l2w2c14ugj71gw9wg01op9h48|03|com"; nocase; ) # 1gkojc31wpnd9xdwshdn9otlw0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gkojc31wpnd9xdwshdn9otlw0|03|net"; nocase; ) # dwzlei1g9mlye9mb2mb1of2xuz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dwzlei1g9mlye9mb2mb1of2xuz|03|net"; nocase; ) # uknwk41s6mykyx5qkm014o4hn5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uknwk41s6mykyx5qkm014o4hn5|03|com"; nocase; ) # 1h32amyn5re2q1qjew0kyuluzt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h32amyn5re2q1qjew0kyuluzt|03|biz"; nocase; ) # 196ajcqedlohz12dnecb1u9t1gi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|196ajcqedlohz12dnecb1u9t1gi|03|com"; nocase; ) # 1wyl1sc6dzueo1sw9qgzcakmhm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wyl1sc6dzueo1sw9qgzcakmhm|03|org"; nocase; ) # 19fpd6g2v5kzh50grh9lm8zcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19fpd6g2v5kzh50grh9lm8zcq|03|com"; nocase; ) # 3pg1mj1mfd6oz16orx0ck6o4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3pg1mj1mfd6oz16orx0ck6o4e|03|biz"; nocase; ) # 17qd1mg2dftna4nro24a7g5wu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17qd1mg2dftna4nro24a7g5wu|03|net"; nocase; ) # ksafke18rmnro1f5iq6amdtqg7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ksafke18rmnro1f5iq6amdtqg7|03|net"; nocase; ) # gqhol4ig05apqi8gcu2dqkhw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gqhol4ig05apqi8gcu2dqkhw|03|org"; nocase; ) # 1j8eh1s1rb067p1c4l1tm1exxq75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j8eh1s1rb067p1c4l1tm1exxq75|03|net"; nocase; ) # 12csy395kr5f7s5w8gte12jia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12csy395kr5f7s5w8gte12jia|03|org"; nocase; ) # 1lxm9d610gski8jm7pan175zs1b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxm9d610gski8jm7pan175zs1b|03|biz"; nocase; ) # 1wmpxej1aw7kst1kucskm15ehfhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wmpxej1aw7kst1kucskm15ehfhy|03|com"; nocase; ) # 19ep1g4aj2ta9rod6v8cgaogr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ep1g4aj2ta9rod6v8cgaogr|03|com"; nocase; ) # f2t7088xbhrb5sv6dd1u54kpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f2t7088xbhrb5sv6dd1u54kpj|03|com"; nocase; ) # 3smve21m9fxjp15tsah9zve6en.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3smve21m9fxjp15tsah9zve6en|03|net"; nocase; ) # y4xxto1w0fjq1rhrlgb10b4d7q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4xxto1w0fjq1rhrlgb10b4d7q|03|com"; nocase; ) # jsohyn1ea327m1a3g7x97ynp98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jsohyn1ea327m1a3g7x97ynp98|03|net"; nocase; ) # v0n6kjf728ji14z7db68tpsab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0n6kjf728ji14z7db68tpsab|03|com"; nocase; ) # 2ld2saj9upzz9v25g01b9zt22.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ld2saj9upzz9v25g01b9zt22|03|biz"; nocase; ) # gbusge160j4c5pfmlkc3pvsrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbusge160j4c5pfmlkc3pvsrd|03|org"; nocase; ) # 1i492odaqo7e1xv7y8c1ukpm30.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i492odaqo7e1xv7y8c1ukpm30|03|biz"; nocase; ) # ts5gvx5fpmms1tx2gzy12hw6ya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ts5gvx5fpmms1tx2gzy12hw6ya|03|com"; nocase; ) # 8u7byktwum1ujraihn7uqfte.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8u7byktwum1ujraihn7uqfte|03|biz"; nocase; ) # 1gf1oje16lin3hs63ave19zyl6d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gf1oje16lin3hs63ave19zyl6d|03|com"; nocase; ) # 1e40k1d1m5nnl9140whfxk7qcvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e40k1d1m5nnl9140whfxk7qcvb|03|biz"; nocase; ) # 19kzlzc15tsapl5fo3crdqjhe4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19kzlzc15tsapl5fo3crdqjhe4|03|net"; nocase; ) # f49mcc1wqv4ktjdg0ku1ly2uwt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f49mcc1wqv4ktjdg0ku1ly2uwt|03|net"; nocase; ) # 1vps028sxu8h5135kyd07z31zg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vps028sxu8h5135kyd07z31zg|03|org"; nocase; ) # cca0hf9m5f8f19qx3io1x2yyud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cca0hf9m5f8f19qx3io1x2yyud|03|org"; nocase; ) # 30pgm28psiqv1i1f6dh175mywp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|30pgm28psiqv1i1f6dh175mywp|03|biz"; nocase; ) # 1vfic861elatml1dvmlr9c745do.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfic861elatml1dvmlr9c745do|03|biz"; nocase; ) # 1o5pqx4a4upl41woskbq17eo5lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o5pqx4a4upl41woskbq17eo5lg|03|net"; nocase; ) # p5eaz0vhunai1dfg4cchuagip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5eaz0vhunai1dfg4cchuagip|03|org"; nocase; ) # 1tawo7kv5nzmf1kcu3ycqsjols.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tawo7kv5nzmf1kcu3ycqsjols|03|biz"; nocase; ) # hda36i1gbrae21v61jx13v4lyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hda36i1gbrae21v61jx13v4lyf|03|net"; nocase; ) # hnfvkvuaknk3a3lm1uzx0tux.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hnfvkvuaknk3a3lm1uzx0tux|03|biz"; nocase; ) # aovzimrj9ko71dwvwak149jkjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aovzimrj9ko71dwvwak149jkjc|03|net"; nocase; ) # 5333652ve219bvpaydfnkxr6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5333652ve219bvpaydfnkxr6|03|biz"; nocase; ) # cfnm316fr2nf1pxsxwo10jtwtb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cfnm316fr2nf1pxsxwo10jtwtb|03|net"; nocase; ) # q6fqit6zfff61vmbolc6opw6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6fqit6zfff61vmbolc6opw6m|03|org"; nocase; ) # mn9d5x1687cz75er6xg1mc9g8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mn9d5x1687cz75er6xg1mc9g8a|03|org"; nocase; ) # 6zbqvlfnq0cf997hv111sh7m4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6zbqvlfnq0cf997hv111sh7m4|03|net"; nocase; ) # 3nzujbccue471pp8ydrck377o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3nzujbccue471pp8ydrck377o|03|biz"; nocase; ) # 15wnsg8z6mlu6vf12816n8oep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15wnsg8z6mlu6vf12816n8oep|03|net"; nocase; ) # 1a3q6a96wcvhz1703yx52dizg6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a3q6a96wcvhz1703yx52dizg6|03|com"; nocase; ) # 198bnym1wpdeg4afjq081r869zz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|198bnym1wpdeg4afjq081r869zz|03|org"; nocase; ) # 1x87bxx18fgavvy4m4tekxanzu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x87bxx18fgavvy4m4tekxanzu|03|com"; nocase; ) # 383o4o6y6hsl10taj7v1hwijm9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|383o4o6y6hsl10taj7v1hwijm9|03|org"; nocase; ) # ofscx9e786y617pgvix1fq6k1d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ofscx9e786y617pgvix1fq6k1d|03|biz"; nocase; ) # 8oogbq1vuct0u1c99c06k6q61o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8oogbq1vuct0u1c99c06k6q61o|03|net"; nocase; ) # 14uo940zwlsd6f4surf1qyjdls.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14uo940zwlsd6f4surf1qyjdls|03|net"; nocase; ) # 1x99q6u1qyyn8o167xqrax6kg22.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x99q6u1qyyn8o167xqrax6kg22|03|net"; nocase; ) # xoh5oaawbxle9cyeu5qeokgi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xoh5oaawbxle9cyeu5qeokgi|03|org"; nocase; ) # 1a7j311jmxsrqfz37wsjja5bp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a7j311jmxsrqfz37wsjja5bp|03|biz"; nocase; ) # pf0r0fhee9rf1pnv8x7zhd6fz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pf0r0fhee9rf1pnv8x7zhd6fz|03|com"; nocase; ) # 1b1c69p156bk7u1f5714innc6zu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1c69p156bk7u1f5714innc6zu|03|net"; nocase; ) # wp5qno1s7n5te1ockgc51eagzfm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wp5qno1s7n5te1ockgc51eagzfm|03|biz"; nocase; ) # 5d89u01k4i9bu15m0oqge06by6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5d89u01k4i9bu15m0oqge06by6|03|org"; nocase; ) # bj1v711a3dmo6gs6r6f16yexwn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bj1v711a3dmo6gs6r6f16yexwn|03|org"; nocase; ) # 1h4yath1uatvb81wtk81l1avs1pr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h4yath1uatvb81wtk81l1avs1pr|03|net"; nocase; ) # gkby2q16pxf8ffcim7914grm8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gkby2q16pxf8ffcim7914grm8r|03|com"; nocase; ) # ayhzbnps0mnezlcc4a1lz2k36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ayhzbnps0mnezlcc4a1lz2k36|03|net"; nocase; ) # 5bmv876u0utu1mf7h6u15mbebp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5bmv876u0utu1mf7h6u15mbebp|03|org"; nocase; ) # dkaeavknpssl0ljqe1bhp6vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dkaeavknpssl0ljqe1bhp6vi|03|net"; nocase; ) # rw6zn58riwianr5jdq16nu3hl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rw6zn58riwianr5jdq16nu3hl|03|com"; nocase; ) # 17klfauy4paqdfhver61vt1l2k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17klfauy4paqdfhver61vt1l2k|03|net"; nocase; ) # vapx881scv4l91aegkr5jaeqeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vapx881scv4l91aegkr5jaeqeq|03|net"; nocase; ) # 11qop7gck9idp1sb3jxu1915m4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qop7gck9idp1sb3jxu1915m4t|03|net"; nocase; ) # 113a6hirmeljgm63eas18pvrxl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|113a6hirmeljgm63eas18pvrxl|03|com"; nocase; ) # 12pycvpuah76f5pyhy6lpi4hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12pycvpuah76f5pyhy6lpi4hu|03|com"; nocase; ) # 1r1o1i21uc9s0l7biw3z1ftr8iu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r1o1i21uc9s0l7biw3z1ftr8iu|03|org"; nocase; ) # 1ftqgs2uscjgd18yexcxk6czwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftqgs2uscjgd18yexcxk6czwx|03|net"; nocase; ) # 1n0k2nw1i1n3a919sla4c1ka4kqy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n0k2nw1i1n3a919sla4c1ka4kqy|03|biz"; nocase; ) # 9j2hh21g51en21ihxb1arwp1yj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9j2hh21g51en21ihxb1arwp1yj|03|com"; nocase; ) # 17nx2m8nza7821lxhvm81vtyej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17nx2m8nza7821lxhvm81vtyej|03|net"; nocase; ) # 1bzlau0sou5721rjgpz3lbyn61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bzlau0sou5721rjgpz3lbyn61|03|org"; nocase; ) # wjaymjd33r7rci2zaetbg5r5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wjaymjd33r7rci2zaetbg5r5|03|org"; nocase; ) # mrmtvo1g6v8uz6mfec01f48vtb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mrmtvo1g6v8uz6mfec01f48vtb|03|org"; nocase; ) # ymowzs5z20d8125x8om1alqkll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ymowzs5z20d8125x8om1alqkll|03|net"; nocase; ) # 1kdpnoq1779vf16b3s1j1475lu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kdpnoq1779vf16b3s1j1475lu4|03|com"; nocase; ) # dg509h1jufrza1t49saq3ofyqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dg509h1jufrza1t49saq3ofyqw|03|net"; nocase; ) # yn7g9q4x220m168hlpyzpiza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yn7g9q4x220m168hlpyzpiza|03|org"; nocase; ) # 12xk4fx13jquqxyrhesj1gk2d5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12xk4fx13jquqxyrhesj1gk2d5a|03|net"; nocase; ) # fkccnf1445rtllsr8lvv2zigl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fkccnf1445rtllsr8lvv2zigl|03|com"; nocase; ) # 1yg41q0138cuh91sbnh4pyv17k4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yg41q0138cuh91sbnh4pyv17k4|03|org"; nocase; ) # 1nll9bdlw9yy41yi1tp7eh4c67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nll9bdlw9yy41yi1tp7eh4c67|03|com"; nocase; ) # 1vfyyyt1llqzv2192vep28qu8on.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfyyyt1llqzv2192vep28qu8on|03|org"; nocase; ) # wu32j311zcxmoxz94s1dlvrx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wu32j311zcxmoxz94s1dlvrx6|03|com"; nocase; ) # i78hpqlgfnpzn9vb4f1wzols0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i78hpqlgfnpzn9vb4f1wzols0|03|org"; nocase; ) # uh1adlkizpzohid0dpdclppi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uh1adlkizpzohid0dpdclppi|03|net"; nocase; ) # 10wlpif1lyf96n17zd5nhxe89oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wlpif1lyf96n17zd5nhxe89oq|03|net"; nocase; ) # ekmlmexssqtf4409f5uxezco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ekmlmexssqtf4409f5uxezco|03|net"; nocase; ) # xgydqf1yxwdy5dzgazzwpgmyp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xgydqf1yxwdy5dzgazzwpgmyp|03|net"; nocase; ) # 1jcl48fzhs9ro18t8bnixh4jnd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcl48fzhs9ro18t8bnixh4jnd|03|org"; nocase; ) # 186zps310hiub51fpqz3s1m94rct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|186zps310hiub51fpqz3s1m94rct|03|com"; nocase; ) # 1r5d3bq13hnddtqt6vaxfe88l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r5d3bq13hnddtqt6vaxfe88l|03|com"; nocase; ) # 3l4x73o7lq5t1dnby60j31l8j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3l4x73o7lq5t1dnby60j31l8j|03|org"; nocase; ) # 14jde39b5xdpf4nsh5ccc5ori.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14jde39b5xdpf4nsh5ccc5ori|03|biz"; nocase; ) # 1yt4mip1ryhn1k173o7ob12b684e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yt4mip1ryhn1k173o7ob12b684e|03|com"; nocase; ) # 46936z1q4qjb5byt6d81uor2ga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|46936z1q4qjb5byt6d81uor2ga|03|net"; nocase; ) # jbc0lpjs60znnpp9ck1tphf9y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jbc0lpjs60znnpp9ck1tphf9y|03|biz"; nocase; ) # 139gk4vtc3ega6pds4t1filhdm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|139gk4vtc3ega6pds4t1filhdm|03|net"; nocase; ) # 10d4qbq10ryiwy1m3iuwnd2h7ta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10d4qbq10ryiwy1m3iuwnd2h7ta|03|net"; nocase; ) # 1dwlxq1o2ddind6lbyr13eawww.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwlxq1o2ddind6lbyr13eawww|03|org"; nocase; ) # 2tv9pe11y3o8d1vltmvjuyw04v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2tv9pe11y3o8d1vltmvjuyw04v|03|org"; nocase; ) # fjf2s01tphw0t1lmeh9uqjrbj6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjf2s01tphw0t1lmeh9uqjrbj6|03|biz"; nocase; ) # 1ltdwvtuhs8d8g5rpqb1du0mky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ltdwvtuhs8d8g5rpqb1du0mky|03|net"; nocase; ) # 1pd34mh6h5dil1t1w03djli2zd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pd34mh6h5dil1t1w03djli2zd|03|org"; nocase; ) # 1mzcm6gawo3kb30e2ts1m1a0la.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mzcm6gawo3kb30e2ts1m1a0la|03|org"; nocase; ) # 18fi481117zyni1hs23v112q8ex6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18fi481117zyni1hs23v112q8ex6|03|net"; nocase; ) # 1y9xvxisfwj3d1prbh2q1lb87ea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y9xvxisfwj3d1prbh2q1lb87ea|03|com"; nocase; ) # 1mj14v7ew3d7n1rgygw01a4jrff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mj14v7ew3d7n1rgygw01a4jrff|03|org"; nocase; ) # 1lju5nk4rjxhbvyhbio1wtwj13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lju5nk4rjxhbvyhbio1wtwj13|03|net"; nocase; ) # 18soxfd1122ghdgeqn1k1mp3j0z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18soxfd1122ghdgeqn1k1mp3j0z|03|net"; nocase; ) # 5g6ixs1yrjutc1mq4xkry5qbs5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5g6ixs1yrjutc1mq4xkry5qbs5|03|com"; nocase; ) # fdfchl5dzg0yue953x1r8y0zm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fdfchl5dzg0yue953x1r8y0zm|03|org"; nocase; ) # 1jqe9n21wxy73iqqe1ew6qf656.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jqe9n21wxy73iqqe1ew6qf656|03|net"; nocase; ) # oavg011hkny481eg7tkkf1qcq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oavg011hkny481eg7tkkf1qcq9|03|net"; nocase; ) # 11vie65dae745zpjqzh1fvvn9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11vie65dae745zpjqzh1fvvn9g|03|org"; nocase; ) # umhe0p1le5agqs5vesb1dbvbhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|umhe0p1le5agqs5vesb1dbvbhi|03|org"; nocase; ) # k36jz4hjpjvn1nl37l31lbm1q2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k36jz4hjpjvn1nl37l31lbm1q2|03|biz"; nocase; ) # hyuf3y697q51g897bn1az7k34.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hyuf3y697q51g897bn1az7k34|03|biz"; nocase; ) # fx1p38nh5b64181ncrucbgymb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fx1p38nh5b64181ncrucbgymb|03|com"; nocase; ) # ka88yd2ihk47l7x37xdwps1e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ka88yd2ihk47l7x37xdwps1e|03|net"; nocase; ) # 7rfa7wjumo510xsl3kobe7tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7rfa7wjumo510xsl3kobe7tm|03|net"; nocase; ) # 8s1sfl1bo2s5jzw24x31wh620a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8s1sfl1bo2s5jzw24x31wh620a|03|com"; nocase; ) # 1xqcytprhj3rpbzan1s1ea3six.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xqcytprhj3rpbzan1s1ea3six|03|org"; nocase; ) # 1lpw8d6s14cfi6ura20189346z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lpw8d6s14cfi6ura20189346z|03|org"; nocase; ) # 4i4csh387tmm14tmzyu1ijwkzr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4i4csh387tmm14tmzyu1ijwkzr|03|biz"; nocase; ) # ur5wgj9e8ohg19o6tfec930mr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ur5wgj9e8ohg19o6tfec930mr|03|net"; nocase; ) # 122526k113trwt1i5deaz1gjvh6d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|122526k113trwt1i5deaz1gjvh6d|03|com"; nocase; ) # a02evq1uc21pdzvl0ebmla0p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a02evq1uc21pdzvl0ebmla0p|03|org"; nocase; ) # 13ueju2y5exu3g2geyj11ni918.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ueju2y5exu3g2geyj11ni918|03|net"; nocase; ) # i07ddjxj8aeblgkc2x1s4x024.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i07ddjxj8aeblgkc2x1s4x024|03|com"; nocase; ) # 198wt1k13b2gju1sb374x1vglh19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|198wt1k13b2gju1sb374x1vglh19|03|com"; nocase; ) # be4zgw885np12mrgg1j91aeq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|be4zgw885np12mrgg1j91aeq|03|biz"; nocase; ) # 1bt92n5fzdmod1a80s33sb6c7j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bt92n5fzdmod1a80s33sb6c7j|03|net"; nocase; ) # wprnrdiqk2qs1ajrxmf1e0o5ow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wprnrdiqk2qs1ajrxmf1e0o5ow|03|com"; nocase; ) # skzcmacci2l0wt10e1r095px.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|skzcmacci2l0wt10e1r095px|03|org"; nocase; ) # 13fwn9i1yw1yej9c4a3m144afza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13fwn9i1yw1yej9c4a3m144afza|03|org"; nocase; ) # 15e7by53ciyl91eo1cxq1rwxzac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15e7by53ciyl91eo1cxq1rwxzac|03|com"; nocase; ) # bd950zi5pqs0eummpwndt6v5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bd950zi5pqs0eummpwndt6v5|03|org"; nocase; ) # 23wank15pnrpmwpltln1a5mjhe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|23wank15pnrpmwpltln1a5mjhe|03|biz"; nocase; ) # 1hre0cfxweqssyljklc1bij8ec.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hre0cfxweqssyljklc1bij8ec|03|biz"; nocase; ) # p51s16flo0mj1sh0n9m1qpt8jr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p51s16flo0mj1sh0n9m1qpt8jr|03|net"; nocase; ) # 6nyidd1qe12u91k7te1ii2egnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nyidd1qe12u91k7te1ii2egnm|03|biz"; nocase; ) # 1m2riekp3z4sl1puuru9108zgrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m2riekp3z4sl1puuru9108zgrd|03|net"; nocase; ) # 7g0adf1mam9c743wfer3f2kgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7g0adf1mam9c743wfer3f2kgp|03|org"; nocase; ) # 18j8rnn1yrmzyy650n2y8deiq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18j8rnn1yrmzyy650n2y8deiq9|03|net"; nocase; ) # 156xckz14v797782ufxoizis3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156xckz14v797782ufxoizis3y|03|net"; nocase; ) # 14neqyq1sn47usupe1561oxtt8l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14neqyq1sn47usupe1561oxtt8l|03|org"; nocase; ) # m90ch21yzm5dp1itlwnvidsjiq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m90ch21yzm5dp1itlwnvidsjiq|03|net"; nocase; ) # 1aqfh356d2clvmh24ne1kwmjca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqfh356d2clvmh24ne1kwmjca|03|net"; nocase; ) # 1w3j0xr1y70us24sgtat1drelib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w3j0xr1y70us24sgtat1drelib|03|net"; nocase; ) # wz66qb3kf4dp1nzrylz1m0gmag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wz66qb3kf4dp1nzrylz1m0gmag|03|net"; nocase; ) # 1tt2ogrvc3dmf1oqia5k8mdtlb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tt2ogrvc3dmf1oqia5k8mdtlb|03|net"; nocase; ) # e7ihhl18607to1x94opi15ibxql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e7ihhl18607to1x94opi15ibxql|03|com"; nocase; ) # 1lesmjb1xosiv91bdnqgs1fc8vnu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lesmjb1xosiv91bdnqgs1fc8vnu|03|net"; nocase; ) # rpqnca3zeuoc1516khuhzoqpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rpqnca3zeuoc1516khuhzoqpb|03|net"; nocase; ) # 150jlyf8jh8yk12j3vnism436v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|150jlyf8jh8yk12j3vnism436v|03|org"; nocase; ) # 1x71op3e4hcn01mqkk43bl87pu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x71op3e4hcn01mqkk43bl87pu|03|com"; nocase; ) # 1dpq36676jtjy6p08ze1aee8n9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dpq36676jtjy6p08ze1aee8n9|03|net"; nocase; ) # h643xw11o44ax1w0anucvx84d9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h643xw11o44ax1w0anucvx84d9|03|com"; nocase; ) # 1rbnm0t1r4eb0r10115848f90jt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbnm0t1r4eb0r10115848f90jt|03|biz"; nocase; ) # 1qeb7n5ngy5gnfhnbll1w6hwil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qeb7n5ngy5gnfhnbll1w6hwil|03|com"; nocase; ) # xg4alp109p5nfzazuz5p1zytq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xg4alp109p5nfzazuz5p1zytq|03|biz"; nocase; ) # 1f1jf071tazxzk1ai33koiyu94m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f1jf071tazxzk1ai33koiyu94m|03|net"; nocase; ) # ilbl4uglo8611b38v4ecmovkb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ilbl4uglo8611b38v4ecmovkb|03|com"; nocase; ) # 1pumol61hsf14y15wcakz1f7nqyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pumol61hsf14y15wcakz1f7nqyt|03|com"; nocase; ) # 8ol08mu5mt2z12u2mbc11saqaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ol08mu5mt2z12u2mbc11saqaw|03|org"; nocase; ) # 7pxnqc5gkz56lbu72k1aqa3yq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7pxnqc5gkz56lbu72k1aqa3yq|03|biz"; nocase; ) # 135dqy39bbch1m8kilo1a8q4gu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135dqy39bbch1m8kilo1a8q4gu|03|net"; nocase; ) # 8509or140rzcox4jwnmj65z0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8509or140rzcox4jwnmj65z0v|03|net"; nocase; ) # zxdh56myws31axisagok3vth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zxdh56myws31axisagok3vth|03|net"; nocase; ) # mvr21l1irf1v9o6phh1r62hew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mvr21l1irf1v9o6phh1r62hew|03|com"; nocase; ) # 1inkyde1u124qnp9hxav1s6ttt5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1inkyde1u124qnp9hxav1s6ttt5|03|org"; nocase; ) # 1ah230ig5c1zt119sv8kc3p0rd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ah230ig5c1zt119sv8kc3p0rd|03|net"; nocase; ) # 19wivtigf7rv02k67ti16v7fc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19wivtigf7rv02k67ti16v7fc7|03|org"; nocase; ) # lwjdseuuzm9fq458ma1f27nag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lwjdseuuzm9fq458ma1f27nag|03|org"; nocase; ) # 1pvjqvxsqzwl1r7cjhr1jbhplo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pvjqvxsqzwl1r7cjhr1jbhplo|03|net"; nocase; ) # s3u7ne1kwgheq1rok4q7yqa046.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s3u7ne1kwgheq1rok4q7yqa046|03|net"; nocase; ) # 1rmp5u91edwe3q19ytcsh3p53l3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rmp5u91edwe3q19ytcsh3p53l3|03|com"; nocase; ) # 11dngxc1ep1o2h1p7ni8zt0fkz3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11dngxc1ep1o2h1p7ni8zt0fkz3|03|net"; nocase; ) # 1hzf18st5v1lm1vwva3o1hsoubt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hzf18st5v1lm1vwva3o1hsoubt|03|com"; nocase; ) # wxmb951khuqsxbqnmhp1jwasn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxmb951khuqsxbqnmhp1jwasn|03|net"; nocase; ) # 1da2uyfpeo2bz1djsrg8u7gsd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1da2uyfpeo2bz1djsrg8u7gsd0|03|org"; nocase; ) # wc0e6058689d1arco2xawbvc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wc0e6058689d1arco2xawbvc7|03|org"; nocase; ) # 18wlwrh5np2q6p5i6fp6y0fow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18wlwrh5np2q6p5i6fp6y0fow|03|net"; nocase; ) # 1q3ipwfdobplfxh8ekb12darwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q3ipwfdobplfxh8ekb12darwm|03|biz"; nocase; ) # 1pgoi0gpq39ie1q9fupc1r4gwx0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pgoi0gpq39ie1q9fupc1r4gwx0|03|biz"; nocase; ) # tsi186i9nt0qfuv513a4ol45.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tsi186i9nt0qfuv513a4ol45|03|org"; nocase; ) # 1x2ylqs1w6yl2r1e037h517qxb6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x2ylqs1w6yl2r1e037h517qxb6i|03|net"; nocase; ) # vzscfqkvqzzb1pi7zlub6wbcl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzscfqkvqzzb1pi7zlub6wbcl|03|org"; nocase; ) # 1dk37gg1f1z7ak1qqgyrtu19cxo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dk37gg1f1z7ak1qqgyrtu19cxo|03|com"; nocase; ) # bwj5hg7eukivszrze7vpv7tu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bwj5hg7eukivszrze7vpv7tu|03|net"; nocase; ) # 17he9kbhlwf8ijicuacj1864o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17he9kbhlwf8ijicuacj1864o|03|org"; nocase; ) # ihojmb260rd7kfxr151yd348x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ihojmb260rd7kfxr151yd348x|03|biz"; nocase; ) # 1sufucu14plbs119v3seyfd2ec1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sufucu14plbs119v3seyfd2ec1|03|com"; nocase; ) # 13eq17j1h3m6z41rs5ycviadd1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13eq17j1h3m6z41rs5ycviadd1m|03|net"; nocase; ) # zhc2tc14eed1w1c8sjxsq12das.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zhc2tc14eed1w1c8sjxsq12das|03|com"; nocase; ) # 1d1jimt1wpi4hc143mnru11eyvv8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d1jimt1wpi4hc143mnru11eyvv8|03|biz"; nocase; ) # 1qv77fhu1l1x11t0jou9112u65s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv77fhu1l1x11t0jou9112u65s|03|org"; nocase; ) # 1ias89suuzpoa14nqvb716fgl27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ias89suuzpoa14nqvb716fgl27|03|net"; nocase; ) # 15jvwfz4csbmvg1omrn1vdql0j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15jvwfz4csbmvg1omrn1vdql0j|03|com"; nocase; ) # 1kf0ctz1trvmm7tekg4bpd2n29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kf0ctz1trvmm7tekg4bpd2n29|03|com"; nocase; ) # 1cq9s6x1pbf7yp1sm50ni1s5bx1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cq9s6x1pbf7yp1sm50ni1s5bx1t|03|net"; nocase; ) # 12ue0ws1juqmsariwhsi28ric.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ue0ws1juqmsariwhsi28ric|03|org"; nocase; ) # 1qn6kd5akjumsr8l2u31hsd7fb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qn6kd5akjumsr8l2u31hsd7fb|03|net"; nocase; ) # 1mq2cjuwtln68bizmjy1oqc6sb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mq2cjuwtln68bizmjy1oqc6sb|03|biz"; nocase; ) # 1l1cy6ccqe6kp194t9dk1i4sct0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l1cy6ccqe6kp194t9dk1i4sct0|03|org"; nocase; ) # 13zxxoqljao12wd54ve17tqcwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13zxxoqljao12wd54ve17tqcwv|03|net"; nocase; ) # 1hb2qy012c1ztzajxof51m5iuc9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hb2qy012c1ztzajxof51m5iuc9|03|org"; nocase; ) # 1yyb1i1dz98kk1wk6syz117t1kd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yyb1i1dz98kk1wk6syz117t1kd|03|org"; nocase; ) # p8dk7fw3qxzl1x2kxj71eomqu2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8dk7fw3qxzl1x2kxj71eomqu2|03|org"; nocase; ) # 1ie4yoj1u1ff0e1b31tu91k3n711.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ie4yoj1u1ff0e1b31tu91k3n711|03|com"; nocase; ) # 1jgysbekryek94w41f7ht748p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jgysbekryek94w41f7ht748p|03|net"; nocase; ) # 1x6otle1p1ymgh92qyok1dguxo2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x6otle1p1ymgh92qyok1dguxo2|03|com"; nocase; ) # huh5u81bt29xo1c5aceq1mr17wo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|huh5u81bt29xo1c5aceq1mr17wo|03|biz"; nocase; ) # 5p6auc1096pwkfpnctl1i7c38v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5p6auc1096pwkfpnctl1i7c38v|03|org"; nocase; ) # 11n82y6k4rmql1acjv7c1iwdnmy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11n82y6k4rmql1acjv7c1iwdnmy|03|net"; nocase; ) # piuodgbcf2xd15krl75gxegx1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|piuodgbcf2xd15krl75gxegx1|03|com"; nocase; ) # q49gwj1s2wp2yedznyppfb05j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q49gwj1s2wp2yedznyppfb05j|03|org"; nocase; ) # noxypr1riav4acmuqlwv85oyu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|noxypr1riav4acmuqlwv85oyu|03|biz"; nocase; ) # 13t6uev1hs75nx5hpvuo1etnryy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13t6uev1hs75nx5hpvuo1etnryy|03|com"; nocase; ) # 774hil46i0bi1yxsijq121u09z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|774hil46i0bi1yxsijq121u09z|03|net"; nocase; ) # 11xv8yhfcuaxo1b9rf6l1sr1dw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11xv8yhfcuaxo1b9rf6l1sr1dw3|03|biz"; nocase; ) # 1op5yvm4643dx1ybp6vjjdx4o1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1op5yvm4643dx1ybp6vjjdx4o1|03|net"; nocase; ) # 1nbb7n4fvo7go4enzx81lktahc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nbb7n4fvo7go4enzx81lktahc|03|biz"; nocase; ) # 1r16kgf3cso6c1hrhxw263r0hn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r16kgf3cso6c1hrhxw263r0hn|03|net"; nocase; ) # 7g3rnq1cimpf27sxcp91dhz9yx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7g3rnq1cimpf27sxcp91dhz9yx|03|org"; nocase; ) # 120c8kc64f10459w2xq1gz607b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120c8kc64f10459w2xq1gz607b|03|net"; nocase; ) # 1otdrqkmjc22z1bwwesybdx3ja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1otdrqkmjc22z1bwwesybdx3ja|03|com"; nocase; ) # fgafme1204zy41yd7hle3c4dd6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fgafme1204zy41yd7hle3c4dd6|03|com"; nocase; ) # xtctj21c3j4x51whsnce1o2slbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xtctj21c3j4x51whsnce1o2slbs|03|net"; nocase; ) # e2x2q4vo8qlrhp0uer1qexldr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e2x2q4vo8qlrhp0uer1qexldr|03|biz"; nocase; ) # y1t6ad1a4f6lo1f0gbwp1rh4k2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y1t6ad1a4f6lo1f0gbwp1rh4k2|03|net"; nocase; ) # 1o8wzvz1a21kqsm4v5a51shpk70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o8wzvz1a21kqsm4v5a51shpk70|03|org"; nocase; ) # 1ix1uoa1mlo0s9180fhr116clms2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ix1uoa1mlo0s9180fhr116clms2|03|org"; nocase; ) # 1hr6mdmolu8gbasoohq1ysrp02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hr6mdmolu8gbasoohq1ysrp02|03|net"; nocase; ) # 1c0ajehsxevce1nait7tjgm9kq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c0ajehsxevce1nait7tjgm9kq|03|org"; nocase; ) # 1n80og3m9urh1wjkj9y193rbt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n80og3m9urh1wjkj9y193rbt4|03|com"; nocase; ) # 1ys1j8b1hx4oa01g4uhyx1r9ochu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ys1j8b1hx4oa01g4uhyx1r9ochu|03|biz"; nocase; ) # 14fd4uo1fh8or01mo57ig81jsdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14fd4uo1fh8or01mo57ig81jsdy|03|com"; nocase; ) # 1ib1k9x14grobah3qmypy5c5pv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ib1k9x14grobah3qmypy5c5pv|03|org"; nocase; ) # k6hufg1dpriklbw0ocz7u4ivr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k6hufg1dpriklbw0ocz7u4ivr|03|net"; nocase; ) # cj3y4g1f0xl0u14frf1j150ml69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cj3y4g1f0xl0u14frf1j150ml69|03|net"; nocase; ) # 1lrgpdcnnhoilkzqwrxew89m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lrgpdcnnhoilkzqwrxew89m|03|biz"; nocase; ) # w345zw9rqfo012inprtouwtj0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w345zw9rqfo012inprtouwtj0|03|biz"; nocase; ) # 1ers4124tukpw1fk9nsb8l6rig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ers4124tukpw1fk9nsb8l6rig|03|net"; nocase; ) # dtoxwkhmcqy113mi3sh1tfqghk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dtoxwkhmcqy113mi3sh1tfqghk|03|net"; nocase; ) # b8eveg42wiwtqc7gso1pdxpcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b8eveg42wiwtqc7gso1pdxpcy|03|com"; nocase; ) # 3d8wg31iqnif11cyb7abyhp2al.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3d8wg31iqnif11cyb7abyhp2al|03|org"; nocase; ) # 8nh3gttu8wuv1wtnjquwwy3sn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8nh3gttu8wuv1wtnjquwwy3sn|03|biz"; nocase; ) # 13anh7y1pss6tt1wdfamig2dcw6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13anh7y1pss6tt1wdfamig2dcw6|03|com"; nocase; ) # 1npcewv14ztgww1rujrac37pwb1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1npcewv14ztgww1rujrac37pwb1|03|org"; nocase; ) # j594eqxe34dd178vcnx67gd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j594eqxe34dd178vcnx67gd0|03|org"; nocase; ) # 17166d91j4mf6b4s7o7i2twq1a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17166d91j4mf6b4s7o7i2twq1a|03|net"; nocase; ) # p4sst5yvjsl46vaqnqp3f1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|p4sst5yvjsl46vaqnqp3f1|03|com"; nocase; ) # 10ff9yo1dbkfjkfnls7kvnidui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ff9yo1dbkfjkfnls7kvnidui|03|com"; nocase; ) # wlug1vowup61panksosrya7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wlug1vowup61panksosrya7j|03|org"; nocase; ) # wzncb63lom0d9po10w10y5wjm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wzncb63lom0d9po10w10y5wjm|03|net"; nocase; ) # 55ytn0jc99uf1uykt88yp9p08.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|55ytn0jc99uf1uykt88yp9p08|03|biz"; nocase; ) # ern9e218i7opba7g30d6u5rds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ern9e218i7opba7g30d6u5rds|03|net"; nocase; ) # jnl4v21pgprac1sftx6d1oiabr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jnl4v21pgprac1sftx6d1oiabr8|03|com"; nocase; ) # 16oh6n243qyuj14899cx1y5wyo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16oh6n243qyuj14899cx1y5wyo|03|net"; nocase; ) # 1o1d342tzyf119evcdh12s5hgr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o1d342tzyf119evcdh12s5hgr|03|biz"; nocase; ) # 10vewb121bw6r25h41djw6nju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10vewb121bw6r25h41djw6nju|03|net"; nocase; ) # 135imns139dtxwn3brvf1azjt2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|135imns139dtxwn3brvf1azjt2s|03|com"; nocase; ) # 164oh751qb49qum0l8mo1xa04si.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|164oh751qb49qum0l8mo1xa04si|03|biz"; nocase; ) # j7hat8fs0fta7amc231z0awmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j7hat8fs0fta7amc231z0awmz|03|org"; nocase; ) # w6egmw12xxxf53ffjho1p53tk1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w6egmw12xxxf53ffjho1p53tk1|03|org"; nocase; ) # 1oefef0fnhcp7p6bq401agdhax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oefef0fnhcp7p6bq401agdhax|03|com"; nocase; ) # 6w6h86ha5o4cnjmihvun8n0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6w6h86ha5o4cnjmihvun8n0e|03|com"; nocase; ) # 2yxhwu10aopt93dpt0g1fsirt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2yxhwu10aopt93dpt0g1fsirt|03|net"; nocase; ) # cfwbg01ifs4zq3tvh33jfzj76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cfwbg01ifs4zq3tvh33jfzj76|03|org"; nocase; ) # 1r6yhol1op7hw31x990w41bv0lh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r6yhol1op7hw31x990w41bv0lh0|03|org"; nocase; ) # 126yien1isknwt1brbww1xle1e5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|126yien1isknwt1brbww1xle1e5|03|net"; nocase; ) # 12cpcb15zkim01d305ymabigyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12cpcb15zkim01d305ymabigyk|03|org"; nocase; ) # 14i342o4eyjjc17sxpjgbfimak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14i342o4eyjjc17sxpjgbfimak|03|com"; nocase; ) # x7715s2rxs7i1b2ym4p1u5o1y5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x7715s2rxs7i1b2ym4p1u5o1y5|03|biz"; nocase; ) # y4e2mi1o82p53jm1gke1ht019n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4e2mi1o82p53jm1gke1ht019n|03|net"; nocase; ) # 1iw8xbb1ml9nke181ws7k14qbtzr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iw8xbb1ml9nke181ws7k14qbtzr|03|org"; nocase; ) # 124zk3mfyzrimt83l39idzhcr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|124zk3mfyzrimt83l39idzhcr|03|com"; nocase; ) # sp549b1ybld5310rcn0h1tr28pw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sp549b1ybld5310rcn0h1tr28pw|03|net"; nocase; ) # 1w7y8e37lbp68a0xxjwfpocws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w7y8e37lbp68a0xxjwfpocws|03|net"; nocase; ) # lrre1h63hq9bzq0zd1bh9hwf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lrre1h63hq9bzq0zd1bh9hwf|03|biz"; nocase; ) # 1juavwojc5wu741e2fs1fwxbpd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1juavwojc5wu741e2fs1fwxbpd|03|com"; nocase; ) # 91qgj61546twgqp1su61wq11l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91qgj61546twgqp1su61wq11l|03|net"; nocase; ) # zc1xfu188pp665q7fdb1rvkl6c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zc1xfu188pp665q7fdb1rvkl6c|03|org"; nocase; ) # cvswb71cu0g9s1oenki1qmty5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cvswb71cu0g9s1oenki1qmty5e|03|net"; nocase; ) # 7izvt818oxpvpaqp50p5ow5re.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7izvt818oxpvpaqp50p5ow5re|03|com"; nocase; ) # azb15g1yiswke1nqkul2l1ma30.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|azb15g1yiswke1nqkul2l1ma30|03|org"; nocase; ) # 15rxrbt1o5l7ul1re1yvdtebvv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15rxrbt1o5l7ul1re1yvdtebvv0|03|net"; nocase; ) # 8ovoy214calv71h4hmcgcy9zqh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ovoy214calv71h4hmcgcy9zqh|03|net"; nocase; ) # 1t0u6zvgf3d89bgqs2ovzelew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t0u6zvgf3d89bgqs2ovzelew|03|com"; nocase; ) # 8ba8ri1aeejzks3b1qmv1utgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ba8ri1aeejzks3b1qmv1utgm|03|biz"; nocase; ) # 1sh1gb310npf3v18uogd91ienqbe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sh1gb310npf3v18uogd91ienqbe|03|org"; nocase; ) # j7lj6u1kpwuvn13o688p1bow8vq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j7lj6u1kpwuvn13o688p1bow8vq|03|biz"; nocase; ) # 2s2fw7ntphynpqliv81gdfwsu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2s2fw7ntphynpqliv81gdfwsu|03|biz"; nocase; ) # xe1b871m9zumv1naye9t17rzn4j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xe1b871m9zumv1naye9t17rzn4j|03|com"; nocase; ) # 1dg9mm11jwd6b21t4hils5a0y33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dg9mm11jwd6b21t4hils5a0y33|03|net"; nocase; ) # 1nlvdqc1v3yljsiff8vkit3mxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nlvdqc1v3yljsiff8vkit3mxn|03|com"; nocase; ) # qj1lgc1xgrert13huz3yy4d4p4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qj1lgc1xgrert13huz3yy4d4p4|03|org"; nocase; ) # 1hp3mzrnf5u5615l7pmx8i4aad.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hp3mzrnf5u5615l7pmx8i4aad|03|biz"; nocase; ) # 1okcy9g1q5c4cgfuqijjx7wk4i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1okcy9g1q5c4cgfuqijjx7wk4i|03|com"; nocase; ) # cxienpl9id1t1a59dimy4sjqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cxienpl9id1t1a59dimy4sjqo|03|net"; nocase; ) # fu8obkqq4si011bcze5am3rng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fu8obkqq4si011bcze5am3rng|03|org"; nocase; ) # 1usdspe168xww7137pkg0c0y6tq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1usdspe168xww7137pkg0c0y6tq|03|com"; nocase; ) # 1x7xqxm1hf40201ul0wg01mj64v2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x7xqxm1hf40201ul0wg01mj64v2|03|org"; nocase; ) # 1t0kulu1wwqvda1ufhjbg1agyqa0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t0kulu1wwqvda1ufhjbg1agyqa0|03|org"; nocase; ) # 1c3msu81br1hobvd4a3p17nfqyx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c3msu81br1hobvd4a3p17nfqyx|03|biz"; nocase; ) # 3gbi791y4hqbn13mwpowj0lupm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3gbi791y4hqbn13mwpowj0lupm|03|org"; nocase; ) # vnbjypboduq11q1z3cg1qn4wdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vnbjypboduq11q1z3cg1qn4wdd|03|com"; nocase; ) # cj4ob214wkyp415r97yg1y5193i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cj4ob214wkyp415r97yg1y5193i|03|com"; nocase; ) # psdrzx18lvcjx1eilgfwfxio2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|psdrzx18lvcjx1eilgfwfxio2r|03|org"; nocase; ) # pgs4i735w35w30opu7sd2kuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pgs4i735w35w30opu7sd2kuy|03|net"; nocase; ) # 1o9r7lr1gzg6owad07ji1gu48gx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o9r7lr1gzg6owad07ji1gu48gx|03|org"; nocase; ) # 1fy5oym11juf834ha1jn19vp21f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fy5oym11juf834ha1jn19vp21f|03|com"; nocase; ) # h57z469f4amvyq147m11kpb9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h57z469f4amvyq147m11kpb9y|03|org"; nocase; ) # 6cbkijtku0dg1ibv3m015h6ekk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6cbkijtku0dg1ibv3m015h6ekk|03|net"; nocase; ) # ysfibt17f1gmub7gxac1p29tbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ysfibt17f1gmub7gxac1p29tbm|03|net"; nocase; ) # 1f8dszwm43ygmwcx1bedojnv4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f8dszwm43ygmwcx1bedojnv4|03|com"; nocase; ) # qmowmn1vfyeuo1ryzsipngzfzh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qmowmn1vfyeuo1ryzsipngzfzh|03|biz"; nocase; ) # 1aa3zni1pk4xya14j0v12164cpe7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aa3zni1pk4xya14j0v12164cpe7|03|com"; nocase; ) # 19e0wlb145nk3f17hzcqa1nfim9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19e0wlb145nk3f17hzcqa1nfim9c|03|net"; nocase; ) # fbeomnhwp0ae1utmj0l224u4k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fbeomnhwp0ae1utmj0l224u4k|03|org"; nocase; ) # 1s7cz9r14dvjwy3mz1ww1j32py0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s7cz9r14dvjwy3mz1ww1j32py0|03|biz"; nocase; ) # 9yfk9gkb536wcjt5irxu1yil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9yfk9gkb536wcjt5irxu1yil|03|net"; nocase; ) # 66m4701583klsz33bqc1etbbui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|66m4701583klsz33bqc1etbbui|03|org"; nocase; ) # 1uk286g1g2xosc1xi03w3wa3y7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uk286g1g2xosc1xi03w3wa3y7i|03|com"; nocase; ) # y1jm2s17pghw53qfuhb1mo7do2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y1jm2s17pghw53qfuhb1mo7do2|03|biz"; nocase; ) # oii36d5e5rq6itxy911fnwnph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oii36d5e5rq6itxy911fnwnph|03|net"; nocase; ) # 1op4u4x1x5i5vk13ru2q614swyl2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1op4u4x1x5i5vk13ru2q614swyl2|03|net"; nocase; ) # gq18rl18rwousxtz0rg1spzuwf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gq18rl18rwousxtz0rg1spzuwf|03|biz"; nocase; ) # 10vea1v18nvg1g78kli8ox95ce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10vea1v18nvg1g78kli8ox95ce|03|org"; nocase; ) # rn664tz2nngxr9kqjn1gs77lh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rn664tz2nngxr9kqjn1gs77lh|03|net"; nocase; ) # 93rg8g1cvwp4i1i09bi91yv0icy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|93rg8g1cvwp4i1i09bi91yv0icy|03|net"; nocase; ) # 7bgrp11nu4zbgy7s7wixzryk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7bgrp11nu4zbgy7s7wixzryk8|03|net"; nocase; ) # 1v3b7yjrwni131wkpkhy1gav7z6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v3b7yjrwni131wkpkhy1gav7z6|03|com"; nocase; ) # sktppb4zikwxa3o86i1snc5u1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sktppb4zikwxa3o86i1snc5u1|03|org"; nocase; ) # 1rzicgx1bj0x0j10oi27r1i5at02.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rzicgx1bj0x0j10oi27r1i5at02|03|org"; nocase; ) # 14x93qb6v74ku755nr3oe1ooj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14x93qb6v74ku755nr3oe1ooj|03|org"; nocase; ) # dogxmmbx3mqz1htftdd1vtwg6i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dogxmmbx3mqz1htftdd1vtwg6i|03|biz"; nocase; ) # o4edfw1vb5u6v6do8t01oul7h5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4edfw1vb5u6v6do8t01oul7h5|03|biz"; nocase; ) # 1j7d9ok1l63p3x1xaqvu69nkhuf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7d9ok1l63p3x1xaqvu69nkhuf|03|org"; nocase; ) # nu3rbd1otu2o35krzy31kkza97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nu3rbd1otu2o35krzy31kkza97|03|org"; nocase; ) # 1tkv8feya55gz1j629xv1inaurx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tkv8feya55gz1j629xv1inaurx|03|net"; nocase; ) # 5o2c8z12nvhvsb0pn7w1bnvwwl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5o2c8z12nvhvsb0pn7w1bnvwwl|03|biz"; nocase; ) # jl6t8fu2nv84u5zuca1aunhmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jl6t8fu2nv84u5zuca1aunhmy|03|com"; nocase; ) # 1b6ce0y1w7z5o01pm3fp1kg1gfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b6ce0y1w7z5o01pm3fp1kg1gfe|03|net"; nocase; ) # pqvl6bmy0av4gdm37im39dhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pqvl6bmy0av4gdm37im39dhn|03|com"; nocase; ) # 1w0gpd31fsz0rm1jgyc7o1c1h6rw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w0gpd31fsz0rm1jgyc7o1c1h6rw|03|com"; nocase; ) # 2kr6rb62gj1f1uu3lz3pkom6n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2kr6rb62gj1f1uu3lz3pkom6n|03|com"; nocase; ) # 1wesgiv1yfnbv51fts24g7lemcr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wesgiv1yfnbv51fts24g7lemcr|03|net"; nocase; ) # 1ixwdayl5g6cf18mtegx1rcwwlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ixwdayl5g6cf18mtegx1rcwwlc|03|net"; nocase; ) # 1v3pdvtfyxvah17ohv1i1epu6ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v3pdvtfyxvah17ohv1i1epu6ar|03|net"; nocase; ) # 1mnadac1rq4gw68wfe511dl53lq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnadac1rq4gw68wfe511dl53lq|03|org"; nocase; ) # eip1491xsnga3dk369frv9yf1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eip1491xsnga3dk369frv9yf1|03|net"; nocase; ) # bbrzt05kr4ia8s6x3510qcfrp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bbrzt05kr4ia8s6x3510qcfrp|03|com"; nocase; ) # 114tnol17e4tepejca4ug9881e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|114tnol17e4tepejca4ug9881e|03|org"; nocase; ) # 1iapr9t8ol5mjzdykq82okwek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iapr9t8ol5mjzdykq82okwek|03|net"; nocase; ) # 1hcd2g31atnk131vlvcot1hsffhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hcd2g31atnk131vlvcot1hsffhz|03|com"; nocase; ) # htenbmu9s33hgema44nj34t6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|htenbmu9s33hgema44nj34t6|03|net"; nocase; ) # 6j585v1n0qq2k13rysaf8n34u1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6j585v1n0qq2k13rysaf8n34u1|03|net"; nocase; ) # 1aghlc61nyt6lf16clabl1kygirb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aghlc61nyt6lf16clabl1kygirb|03|biz"; nocase; ) # 1epgk5jbiiiex1v2kbjk14i2yd7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epgk5jbiiiex1v2kbjk14i2yd7|03|com"; nocase; ) # 1kvu53u19mux0k1sw0y2911jepbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kvu53u19mux0k1sw0y2911jepbi|03|net"; nocase; ) # xtu6sh18dz7b5164vx9jy7m72y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xtu6sh18dz7b5164vx9jy7m72y|03|com"; nocase; ) # 1n5qg1w1n49q1t12e563t1kblxwu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n5qg1w1n49q1t12e563t1kblxwu|03|com"; nocase; ) # 1txao8g1wu4m3yrnmwgm1q0mai6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1txao8g1wu4m3yrnmwgm1q0mai6|03|net"; nocase; ) # 18rjd49gpicxsx3dksl1yt9m33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18rjd49gpicxsx3dksl1yt9m33|03|net"; nocase; ) # vuussx4q0hgq17650hsgl2nkq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vuussx4q0hgq17650hsgl2nkq|03|org"; nocase; ) # 1u9hmlx117njup1ko14e21lyi5s2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u9hmlx117njup1ko14e21lyi5s2|03|net"; nocase; ) # 8gxigqf62pvd1soio6o1pgvni5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8gxigqf62pvd1soio6o1pgvni5|03|org"; nocase; ) # gf7tcn1qszmzomqxy75139iysa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gf7tcn1qszmzomqxy75139iysa|03|biz"; nocase; ) # 1osalj69q8ko229nz6r12tec10.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osalj69q8ko229nz6r12tec10|03|org"; nocase; ) # 1jycc294shff91ggvdr46w2ft6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jycc294shff91ggvdr46w2ft6|03|org"; nocase; ) # mbz7xs1lpdhd6d0zc6m1wjo3v5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mbz7xs1lpdhd6d0zc6m1wjo3v5|03|biz"; nocase; ) # lw84xe1d7lldgf2ff2h14hx0xm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lw84xe1d7lldgf2ff2h14hx0xm|03|net"; nocase; ) # ngxdan62aif9jvslro13wt1a8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ngxdan62aif9jvslro13wt1a8|03|org"; nocase; ) # qp48zs6y1rn695y96p1rzxg25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qp48zs6y1rn695y96p1rzxg25|03|net"; nocase; ) # xlcrsi122p7kq1vdk0m0lqa1n3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xlcrsi122p7kq1vdk0m0lqa1n3|03|org"; nocase; ) # n2osc5159g4ks5ym69r12s207z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n2osc5159g4ks5ym69r12s207z|03|com"; nocase; ) # xgqcx710fl9e21khoxdv1grhd6n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xgqcx710fl9e21khoxdv1grhd6n|03|com"; nocase; ) # 1kkrsyp1wvqizb3nj7zlz35rvx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkrsyp1wvqizb3nj7zlz35rvx|03|net"; nocase; ) # 1lgbgpv19n2qd71oe3t9k1ri4n12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lgbgpv19n2qd71oe3t9k1ri4n12|03|org"; nocase; ) # 906gvu1o1eefj8wre37qk2xmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|906gvu1o1eefj8wre37qk2xmt|03|com"; nocase; ) # 92rbrqleyhz71nj4k74td8g1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|92rbrqleyhz71nj4k74td8g1g|03|com"; nocase; ) # 1otzzajad7bj4chxgqqgffob9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1otzzajad7bj4chxgqqgffob9|03|net"; nocase; ) # 1pfuyh1kwg93ji24x0v1kazfk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pfuyh1kwg93ji24x0v1kazfk8|03|com"; nocase; ) # 195rufy1le9i07oz5eeub3l3b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|195rufy1le9i07oz5eeub3l3b|03|org"; nocase; ) # 1nramb9buv3cw8o8ku61rxq5mq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nramb9buv3cw8o8ku61rxq5mq|03|biz"; nocase; ) # 1817see1abjrxi1y8wk9e1p00ifw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1817see1abjrxi1y8wk9e1p00ifw|03|net"; nocase; ) # 1x9cnhuwrmsikv67zjaadgnnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x9cnhuwrmsikv67zjaadgnnh|03|org"; nocase; ) # nwvdlryqenjujrvb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028622; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nwvdlryqenjujrvb|02|eu"; nocase; ) # nluuuslaaqyyupxn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028623; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nluuuslaaqyyupxn|02|eu"; nocase; ) # nsnqgtlrkraobvsn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028624; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nsnqgtlrkraobvsn|02|eu"; nocase; ) # nhmidilbgupsmtua.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028625; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nhmidilbgupsmtua|02|eu"; nocase; ) # hiybyjcsnnjsrkdh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028626; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hiybyjcsnnjsrkdh|02|eu"; nocase; ) # haiccbohajegbsws.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028627; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|haiccbohajegbsws|02|eu"; nocase; ) # bbuukcfyhcxssvrm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028628; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bbuukcfyhcxssvrm|02|eu"; nocase; ) # befeefrelupodsjy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028629; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|befeefrelupodsjy|02|eu"; nocase; ) # unvwhiujyraianof.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028630; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|unvwhiujyraianof|02|eu"; nocase; ) # orsyjmxgkqyqcnbl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028631; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|orsyjmxgkqyqcnbl|02|eu"; nocase; ) # ialbeccddlhgnwqr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028632; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ialbeccddlhgnwqr|02|eu"; nocase; ) # ceidggfaowsopwdx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028633; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ceidggfaowsopwdx|02|eu"; nocase; ) # caaqbirnhbwihbnk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028634; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|caaqbirnhbwihbnk|02|eu"; nocase; ) # vyaraivvgebebtgr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028635; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vyaraivvgebebtgr|02|eu"; nocase; ) # vjqjrlusuxtoqifq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028636; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vjqjrlusuxtoqifq|02|eu"; nocase; ) # vxcboaucqbwgpthd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028637; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vxcboaucqbwgpthd|02|eu"; nocase; ) # prvxlnlcnscecfik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028638; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|prvxlnlcnscecfik|02|eu"; nocase; ) # pughfqxhelhamomj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028639; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pughfqxhelhamomj|02|eu"; nocase; ) # dlexgufacnkeihfw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028640; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dlexgufacnkeihfw|02|eu"; nocase; ) # ge2d80554b3dd0e4568255de60c728d877.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge2d80554b3dd0e4568255de60c728d877|02|tk"; nocase; ) # mb3acc8588fb9e8047c282db2e47dece97.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb3acc8588fb9e8047c282db2e47dece97|02|hk"; nocase; ) # pc342e03aff6bfa21b35ad2038a1754533.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc342e03aff6bfa21b35ad2038a1754533|02|so"; nocase; ) # u405391cf4722f494076fa54a4622a1023.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u405391cf4722f494076fa54a4622a1023|02|hk"; nocase; ) # b6b7858891579d51dad012290f31c109eb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6b7858891579d51dad012290f31c109eb|02|in"; nocase; ) # dbe9449ed0f3342691993738112ce2927d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dbe9449ed0f3342691993738112ce2927d|02|cn"; nocase; ) # gc191f79b22575739dfe4d896403546e90.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc191f79b22575739dfe4d896403546e90|02|cc"; nocase; ) # ib9fc8e7df3fc339e136ae8604d684139d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib9fc8e7df3fc339e136ae8604d684139d|02|to"; nocase; ) # q7891b20e1dd5546d71cb75558fb90088c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q7891b20e1dd5546d71cb75558fb90088c|02|to"; nocase; ) # y1edb2182c21e0dbb20bedfd25a1504568.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1edb2182c21e0dbb20bedfd25a1504568|02|to"; nocase; ) # bab598d44cb03f134cc5edbefe5f1be4c2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bab598d44cb03f134cc5edbefe5f1be4c2|02|cn"; nocase; ) # mc882d028b6c8d57583dd017b168f33a06.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc882d028b6c8d57583dd017b168f33a06|02|cc"; nocase; ) # v26de45b766fc4dd9cfd1f9309abe061d6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v26de45b766fc4dd9cfd1f9309abe061d6|02|ws"; nocase; ) # ea72a8b5dd92e53811f92691b347c08e3b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea72a8b5dd92e53811f92691b347c08e3b|02|to"; nocase; ) # g29f2c09c5c561f8e5bd96810ac5804324.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g29f2c09c5c561f8e5bd96810ac5804324|02|hk"; nocase; ) # i19e32e8cf23dc0a809fd71a176ecd41a7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i19e32e8cf23dc0a809fd71a176ecd41a7|02|tk"; nocase; ) # kad39a65002bae78114d200a2fab70640a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kad39a65002bae78114d200a2fab70640a|02|cc"; nocase; ) # nd92ba1268069ed8deb271756d137c542d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd92ba1268069ed8deb271756d137c542d|02|in"; nocase; ) # obc36b1efac722fefb7b645780009345fd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obc36b1efac722fefb7b645780009345fd|02|hk"; nocase; ) # va12545e85cc105ef45369fea4db2a6eda.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va12545e85cc105ef45369fea4db2a6eda|02|in"; nocase; ) # e793b05c9325e4408ac8d6f0858bb7d869.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e793b05c9325e4408ac8d6f0858bb7d869|02|hk"; nocase; ) # u10cae0621f98a4bb39de0ef8c7549bd93.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u10cae0621f98a4bb39de0ef8c7549bd93|02|hk"; nocase; ) # m2ad6ce5f1bb10936ab322aa0cea3ec60e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m2ad6ce5f1bb10936ab322aa0cea3ec60e|02|tk"; nocase; ) # od6d75d74fed5a53194d2b21d42c08a816.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od6d75d74fed5a53194d2b21d42c08a816|02|cc"; nocase; ) # r93cde3d17f41d6c371253d0522b428cc4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r93cde3d17f41d6c371253d0522b428cc4|02|in"; nocase; ) # zdf7fd5e63896be9a0676c5b0b6f3aefe8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zdf7fd5e63896be9a0676c5b0b6f3aefe8|02|in"; nocase; ) # h265894e5f700272a54aee4cd157f7e235.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h265894e5f700272a54aee4cd157f7e235|02|in"; nocase; ) # j7e5cd8c327c5113a65a505cbd14569f44.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j7e5cd8c327c5113a65a505cbd14569f44|02|cn"; nocase; ) # ke27448d96b63b8d428a2098afdf1980c8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke27448d96b63b8d428a2098afdf1980c8|02|tk"; nocase; ) # q1bad38c77d1cdc65e070455deb397f2d5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1bad38c77d1cdc65e070455deb397f2d5|02|hk"; nocase; ) # e3064c49e824e2c835fdd3f091773473b7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028671; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e3064c49e824e2c835fdd3f091773473b7|02|to"; nocase; ) # q2b15ff4789964fc22147775270d090f34.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028672; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2b15ff4789964fc22147775270d090f34|02|tk"; nocase; ) # u8f8a6eb91e800ffc34320cf1164f3ca7e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028673; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8f8a6eb91e800ffc34320cf1164f3ca7e|02|to"; nocase; ) # v8e758a6bfef65ca938d9203b391ab3547.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028674; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8e758a6bfef65ca938d9203b391ab3547|02|in"; nocase; ) # w9dd1fab6a34c96a17147da4e7369dd8e7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028675; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w9dd1fab6a34c96a17147da4e7369dd8e7|02|hk"; nocase; ) # hf5a9e9cc04dc079c92f68404f435868fd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028676; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf5a9e9cc04dc079c92f68404f435868fd|02|so"; nocase; ) # j055b3ffe46cd892c576e91c4552327de2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028677; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j055b3ffe46cd892c576e91c4552327de2|02|ws"; nocase; ) # ka9dd9a038c2a9d0eac5ec8d27c219681f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028678; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka9dd9a038c2a9d0eac5ec8d27c219681f|02|to"; nocase; ) # p9cbad18768c7e396dfa5a9632be2292b1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028679; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p9cbad18768c7e396dfa5a9632be2292b1|02|so"; nocase; ) # wc06c883f93c96d4687d3318fb6dae5111.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028680; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc06c883f93c96d4687d3318fb6dae5111|02|tk"; nocase; ) # bee5e110350f5214b64e139b45f927c405.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028681; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bee5e110350f5214b64e139b45f927c405|02|in"; nocase; ) # j5d41703f1ddd693895c24cfb215423332.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028682; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5d41703f1ddd693895c24cfb215423332|02|in"; nocase; ) # m98f0f2a70cd5694c3429aeef2a2cc0561.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028683; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m98f0f2a70cd5694c3429aeef2a2cc0561|02|tk"; nocase; ) # q5bdce890d101475d2de876b037a4acead.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028684; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5bdce890d101475d2de876b037a4acead|02|to"; nocase; ) # t6d4d24a0839228a3e79567da3bb8ae754.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028685; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6d4d24a0839228a3e79567da3bb8ae754|02|cn"; nocase; ) # v4ec13d2862648d0a9e3a7479639fc6559.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028686; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v4ec13d2862648d0a9e3a7479639fc6559|02|so"; nocase; ) # ae84c3d200fee4d328f45910f355db323d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028687; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ae84c3d200fee4d328f45910f355db323d|02|hk"; nocase; ) # dc9c5948c7d5885eeca964dcdf81b79199.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028688; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dc9c5948c7d5885eeca964dcdf81b79199|02|so"; nocase; ) # g27b82436d4b0323717ee5898ae22e7a36.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028689; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g27b82436d4b0323717ee5898ae22e7a36|02|to"; nocase; ) # j9f9f683c3b3b73568dc0a57b5d55ce5e2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028690; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9f9f683c3b3b73568dc0a57b5d55ce5e2|02|cn"; nocase; ) # ke8856e14f55fba601bbdcfd95fe131da2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028691; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke8856e14f55fba601bbdcfd95fe131da2|02|tk"; nocase; ) # l8944a3167eb5cbad8ae606911aa42d397.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028692; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l8944a3167eb5cbad8ae606911aa42d397|02|so"; nocase; ) # rf484a2557c39043f070807346f4e3f617.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028693; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf484a2557c39043f070807346f4e3f617|02|cn"; nocase; ) # y67db94e22787a7ca253689f2e6b676f67.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028694; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y67db94e22787a7ca253689f2e6b676f67|02|hk"; nocase; ) # i5063aee669b1a61a2d62442268d79da5b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028695; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5063aee669b1a61a2d62442268d79da5b|02|tk"; nocase; ) # jead1f69cee35119ccf2fbc53fee30ec58.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028696; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jead1f69cee35119ccf2fbc53fee30ec58|02|so"; nocase; ) # pb982e668fadd8bbc75d5170064123480e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028697; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb982e668fadd8bbc75d5170064123480e|02|cn"; nocase; ) # r8b9e0488359635f6c4d3b9fd173bb63d3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028698; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r8b9e0488359635f6c4d3b9fd173bb63d3|02|so"; nocase; ) # cc1fe398c6f9ad5c606cb4c175d9883fcf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028699; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc1fe398c6f9ad5c606cb4c175d9883fcf|02|to"; nocase; ) # e64f7df6040f801902ffebfcaaa72b6090.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028700; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e64f7df6040f801902ffebfcaaa72b6090|02|hk"; nocase; ) # j463882b279d64017f60cfc413161d3c53.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028701; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j463882b279d64017f60cfc413161d3c53|02|ws"; nocase; ) # k2a8d1b35d42e23700a19cc4e88a3b931d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028702; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k2a8d1b35d42e23700a19cc4e88a3b931d|02|to"; nocase; ) # a306eb05683d642b1ec1762dc8ed526c28.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028703; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a306eb05683d642b1ec1762dc8ed526c28|02|to"; nocase; ) # c2d902fa3c7a298ce53bf52c8ac14d5cc8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028704; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c2d902fa3c7a298ce53bf52c8ac14d5cc8|02|hk"; nocase; ) # g54063a8653d163bf9f827dbe9537ff1d9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028705; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g54063a8653d163bf9f827dbe9537ff1d9|02|cc"; nocase; ) # n7c67a20a39e20c534c5005f2b90848c5c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028706; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7c67a20a39e20c534c5005f2b90848c5c|02|so"; nocase; ) # o1f2746cd00802c825ea864ded81ae2e98.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028707; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1f2746cd00802c825ea864ded81ae2e98|02|cc"; nocase; ) # ua7b74786466939034b6f78ab45a975a22.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028708; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua7b74786466939034b6f78ab45a975a22|02|tk"; nocase; ) # i413827f88ca67edd4da371b0c6fd39889.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028709; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i413827f88ca67edd4da371b0c6fd39889|02|hk"; nocase; ) # md1205fc535e2825087bca2cbe594eb9f1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028710; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md1205fc535e2825087bca2cbe594eb9f1|02|cc"; nocase; ) # o3aafae0841ebf5c64bbadef876f4f9de3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028711; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o3aafae0841ebf5c64bbadef876f4f9de3|02|to"; nocase; ) # n47781851ba2c8a05a41d141ebdb255c5d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028712; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n47781851ba2c8a05a41d141ebdb255c5d|02|in"; nocase; ) # w51d72f954dd80800c767a688611c21d62.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028713; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w51d72f954dd80800c767a688611c21d62|02|hk"; nocase; ) # y640a2ecf0cd8808d233623755b6cbc99b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028714; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y640a2ecf0cd8808d233623755b6cbc99b|02|tk"; nocase; ) # z48952b42f010e27d6050a7b41f1aa3eed.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028715; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z48952b42f010e27d6050a7b41f1aa3eed|02|so"; nocase; ) # ee01ed6d3121faf5685dcac28888ff4f4d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028716; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ee01ed6d3121faf5685dcac28888ff4f4d|02|hk"; nocase; ) # pa209eafa3244b9e659ae68cd6278e539e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028717; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pa209eafa3244b9e659ae68cd6278e539e|02|so"; nocase; ) # vfbeec3028671b1792119c20b61f153ab3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028718; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vfbeec3028671b1792119c20b61f153ab3|02|cn"; nocase; ) # w706f9b13aa6312f267086b1ac20c4e2df.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028719; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w706f9b13aa6312f267086b1ac20c4e2df|02|tk"; nocase; ) # yeff19256e5f49d2d484c06c13b6cdf271.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028720; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yeff19256e5f49d2d484c06c13b6cdf271|02|cc"; nocase; ) # zbb2cb0d6bb762fb1ac789673d749874e6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028721; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zbb2cb0d6bb762fb1ac789673d749874e6|02|ws"; nocase; ) # g3d00086aea0826dadb1648de1bd2266e8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028722; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g3d00086aea0826dadb1648de1bd2266e8|02|cc"; nocase; ) # kc7e6c3e363081f9bafde87f842b30cf5c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028723; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kc7e6c3e363081f9bafde87f842b30cf5c|02|hk"; nocase; ) # q36df7781ccb1d8336287552b60f2d385d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028724; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q36df7781ccb1d8336287552b60f2d385d|02|to"; nocase; ) # x9312e380dadd624377e57bdeef96cf903.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028725; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x9312e380dadd624377e57bdeef96cf903|02|ws"; nocase; ) # z9d14a70d751ff6f860e84a34b5b45131f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028726; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9d14a70d751ff6f860e84a34b5b45131f|02|in"; nocase; ) # be1e910ec73901b00f358bb404a1af2038.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028727; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be1e910ec73901b00f358bb404a1af2038|02|cn"; nocase; ) # daf837823bdae348596248c511c1ebc11b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028728; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|daf837823bdae348596248c511c1ebc11b|02|so"; nocase; ) # o1eceab0d5e43d8a78dd17d722ef20c796.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028729; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1eceab0d5e43d8a78dd17d722ef20c796|02|to"; nocase; ) # q1fdacb0fe5894dd46f6b467885b832584.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028730; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1fdacb0fe5894dd46f6b467885b832584|02|hk"; nocase; ) # r7163a48423506a4ab083508880bde585b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028731; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r7163a48423506a4ab083508880bde585b|02|cn"; nocase; ) # see886d3dd39dead2f2a3149fb7b84e831.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028732; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|see886d3dd39dead2f2a3149fb7b84e831|02|tk"; nocase; ) # x4865117292c7e8df0ac850fdeca699e1d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028733; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4865117292c7e8df0ac850fdeca699e1d|02|in"; nocase; ) # ef6a49105816ae7471ce5f0bbd7e1be521.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028734; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef6a49105816ae7471ce5f0bbd7e1be521|02|to"; nocase; ) # hcdc623f0d47c856e25f49d91cdd6c1eb2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028735; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hcdc623f0d47c856e25f49d91cdd6c1eb2|02|cn"; nocase; ) # qf017430414713cd1b552f308e21f6beec.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028736; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf017430414713cd1b552f308e21f6beec|02|tk"; nocase; ) # r5a2feb30b2a2553e70e96ee2ded1d96a7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028737; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r5a2feb30b2a2553e70e96ee2ded1d96a7|02|so"; nocase; ) # b200ddf17d3d0e8c501df8345e2e8cbb9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028738; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b200ddf17d3d0e8c501df8345e2e8cbb9e|02|ws"; nocase; ) # w0df0c35ede1cf64029f189cb9178d18ed.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028739; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w0df0c35ede1cf64029f189cb9178d18ed|02|tk"; nocase; ) # z930821ca45fc06caaee0db9e4beda66ae.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028740; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z930821ca45fc06caaee0db9e4beda66ae|02|ws"; nocase; ) # b7acdbb807001cadbeb4ace5c6f31bd9d1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028741; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7acdbb807001cadbeb4ace5c6f31bd9d1|02|in"; nocase; ) # d5b75fd383e9066ad7830615ac9f0bbc59.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028742; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d5b75fd383e9066ad7830615ac9f0bbc59|02|cn"; nocase; ) # h105c04d8d8d6aca9800c1beb00fbcf660.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028743; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h105c04d8d8d6aca9800c1beb00fbcf660|02|ws"; nocase; ) # k738032932419722944ba4386da345c8de.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028744; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k738032932419722944ba4386da345c8de|02|hk"; nocase; ) # pdb46dfd82ec0287527e91036d3028c4aa.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028745; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pdb46dfd82ec0287527e91036d3028c4aa|02|ws"; nocase; ) # t80a750e9a4dbc97cb88fe50d18167c1b3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028746; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t80a750e9a4dbc97cb88fe50d18167c1b3|02|cn"; nocase; ) # x67c71dcf1c7eaca7f11dbca2c0aedd040.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028747; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x67c71dcf1c7eaca7f11dbca2c0aedd040|02|ws"; nocase; ) # v8574bd57fcc19461aa6bb000b76bf6221.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028748; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8574bd57fcc19461aa6bb000b76bf6221|02|ws"; nocase; ) # wd26772bbdb79047bb613c06db3c5fcadc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028749; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd26772bbdb79047bb613c06db3c5fcadc|02|to"; nocase; ) # ib0a8cc2b66559ce1ca813fe37d5c7f966.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028750; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib0a8cc2b66559ce1ca813fe37d5c7f966|02|tk"; nocase; ) # jad9c3a8e96716cc182b7b8a1ca60e9581.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028751; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jad9c3a8e96716cc182b7b8a1ca60e9581|02|so"; nocase; ) # k9458a7ee68233125ec54f03d90d76ac37.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028752; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k9458a7ee68233125ec54f03d90d76ac37|02|cc"; nocase; ) # lc45bd01b2fab654e721f66ed9b0333a1b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028753; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc45bd01b2fab654e721f66ed9b0333a1b|02|ws"; nocase; ) # w68100863107bc01751c93797d0f1ca94c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028754; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w68100863107bc01751c93797d0f1ca94c|02|hk"; nocase; ) # y4eef992db9e54ac4c91696d879fe648b2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028755; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4eef992db9e54ac4c91696d879fe648b2|02|tk"; nocase; ) # a68ed40c008e763bada5a2875645ee175d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028756; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a68ed40c008e763bada5a2875645ee175d|02|cc"; nocase; ) # c9b91e7ee596b8d6196a577b746f5069aa.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028757; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c9b91e7ee596b8d6196a577b746f5069aa|02|to"; nocase; ) # e008b58572a4a059ed9050d9d166ccefde.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028758; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e008b58572a4a059ed9050d9d166ccefde|02|hk"; nocase; ) # j2c7dec356e69afb9aa83dedd9e3d7638c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028759; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2c7dec356e69afb9aa83dedd9e3d7638c|02|ws"; nocase; ) # nc0ed2fee391c301d368a4d51c6de7c93b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028760; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc0ed2fee391c301d368a4d51c6de7c93b|02|cn"; nocase; ) # rc70a62dae6f58057cd2e456b6bbb71f3a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028761; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc70a62dae6f58057cd2e456b6bbb71f3a|02|ws"; nocase; ) # u7d9d6d503236ab77b190daeeff3e362cf.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028762; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u7d9d6d503236ab77b190daeeff3e362cf|02|hk"; nocase; ) # ad92382a014ee27a68b677852eb59b89ef.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028763; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad92382a014ee27a68b677852eb59b89ef|02|to"; nocase; ) # d98266337332fa12e6ef9e2cf04e3cb338.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028764; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d98266337332fa12e6ef9e2cf04e3cb338|02|cn"; nocase; ) # e8c9956af3fcd8f5f2e336c41082142a35.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028765; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8c9956af3fcd8f5f2e336c41082142a35|02|tk"; nocase; ) # l76d9e5db320841188b0ff3e4981e24aa5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028766; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l76d9e5db320841188b0ff3e4981e24aa5|02|cn"; nocase; ) # p22880d06eb9334899fcb5fa71698ae7da.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028767; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p22880d06eb9334899fcb5fa71698ae7da|02|ws"; nocase; ) # vdc3e540b7cf65d53480bcec6dac9f464d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028768; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vdc3e540b7cf65d53480bcec6dac9f464d|02|so"; nocase; ) # w94fe53962dbe1176dbe86931a0f6761a8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028769; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w94fe53962dbe1176dbe86931a0f6761a8|02|cc"; nocase; ) # a6e46fc3998c8a11b639129d549fd600aa.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028770; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a6e46fc3998c8a11b639129d549fd600aa|02|hk"; nocase; ) # l7717419d38ae65c036dcc598f1f1a0c44.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028771; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7717419d38ae65c036dcc598f1f1a0c44|02|so"; nocase; ) # od1ea01757fc8e3dc44e0ac8afb0d798ce.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028772; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od1ea01757fc8e3dc44e0ac8afb0d798ce|02|to"; nocase; ) # z72caecf2967689349c3ead47972303061.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028773; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z72caecf2967689349c3ead47972303061|02|cn"; nocase; ) # c2df3ab479ccbe2f6c5a5c9b6067b35184.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028774; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c2df3ab479ccbe2f6c5a5c9b6067b35184|02|cc"; nocase; ) # h265e49efc0200b9ff21d217461055364b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028775; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h265e49efc0200b9ff21d217461055364b|02|cn"; nocase; ) # k7e0d75b8e14d61ebc161f7066e2a4a057.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028776; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k7e0d75b8e14d61ebc161f7066e2a4a057|02|cc"; nocase; ) # q6f8260b30d3f4aea100a3505a3a573d48.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028777; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q6f8260b30d3f4aea100a3505a3a573d48|02|tk"; nocase; ) # ue8c46fd404da589d9ea8fcc3b4d61f0a3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028778; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue8c46fd404da589d9ea8fcc3b4d61f0a3|02|to"; nocase; ) # wc4bc58ab9562cd03279f186a91f79e015.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028779; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc4bc58ab9562cd03279f186a91f79e015|02|hk"; nocase; ) # ca0454e53bc3ca9e4c879c39457ddc1813.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028780; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca0454e53bc3ca9e4c879c39457ddc1813|02|to"; nocase; ) # j32c863c5cd543c7c9a9be3c271db3769e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028781; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j32c863c5cd543c7c9a9be3c271db3769e|02|ws"; nocase; ) # yf7ddce86d787981a322b2d86ecea8b394.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028782; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yf7ddce86d787981a322b2d86ecea8b394|02|cc"; nocase; ) # c556bc95687ac5bb17bad4d0f9b7673e8a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028783; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c556bc95687ac5bb17bad4d0f9b7673e8a|02|hk"; nocase; ) # e556a5d4f1eeacdb7ce1cd9ade975030ec.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028784; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e556a5d4f1eeacdb7ce1cd9ade975030ec|02|tk"; nocase; ) # f0b49a9e6833a8014ab44ccf4b0965edba.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028785; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0b49a9e6833a8014ab44ccf4b0965edba|02|so"; nocase; ) # l3bd8cbf84c857250dc5442d36b9e48d45.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028786; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l3bd8cbf84c857250dc5442d36b9e48d45|02|cn"; nocase; ) # p0aa3c5117aef4a560f4480e2e3ac383b2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028787; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0aa3c5117aef4a560f4480e2e3ac383b2|02|ws"; nocase; ) # rdc2ae80695edba23df4d7d30e76d6697a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028788; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rdc2ae80695edba23df4d7d30e76d6697a|02|in"; nocase; ) # t930010fdac2b24d5c2c7b8f9d9fb7a066.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028789; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t930010fdac2b24d5c2c7b8f9d9fb7a066|02|cn"; nocase; ) # xa5e2cd79e1b333e41d193e93453212b47.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028790; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa5e2cd79e1b333e41d193e93453212b47|02|ws"; nocase; ) # a1051278458617275dc2e371bf983a5449.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028791; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1051278458617275dc2e371bf983a5449|02|hk"; nocase; ) # bc1305eaad1a858aa2a9e639134e0947ca.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028792; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bc1305eaad1a858aa2a9e639134e0947ca|02|cn"; nocase; ) # ode60b947c453bd9220a5241acf0fb8338.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028793; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ode60b947c453bd9220a5241acf0fb8338|02|to"; nocase; ) # rdc2095decd97833d5375dc7e2b75a7261.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028794; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rdc2095decd97833d5375dc7e2b75a7261|02|cn"; nocase; ) # v5f22b6e26070387d8d5dc8108614e1182.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028795; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v5f22b6e26070387d8d5dc8108614e1182|02|ws"; nocase; ) # e14ba40aa6d35aceab30d4139b493fdd1d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028796; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e14ba40aa6d35aceab30d4139b493fdd1d|02|to"; nocase; ) # k4f8aba5ce86c35c437bb5e9b2d2c5a281.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028797; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k4f8aba5ce86c35c437bb5e9b2d2c5a281|02|cc"; nocase; ) # b63ee208bbebc62f310f45710ff316ac02.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028798; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b63ee208bbebc62f310f45710ff316ac02|02|ws"; nocase; ) # dc3f6370741cb4b84a5d930a72d6571623.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028799; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dc3f6370741cb4b84a5d930a72d6571623|02|in"; nocase; ) # h512d8703bf9e47e46c41e38cde88fe643.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028800; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h512d8703bf9e47e46c41e38cde88fe643|02|so"; nocase; ) # l814841b352e7f9ead21bfd77de7364f81.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028801; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l814841b352e7f9ead21bfd77de7364f81|02|in"; nocase; ) # p6182db1dad7e8baf6df0e94bd6bda50a3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028802; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6182db1dad7e8baf6df0e94bd6bda50a3|02|so"; nocase; ) # r2ff6c77c45352f67d5db4838500c6cad5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028803; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2ff6c77c45352f67d5db4838500c6cad5|02|ws"; nocase; ) # tf0371af48886099f39c9e469d9e0a06e0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028804; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf0371af48886099f39c9e469d9e0a06e0|02|in"; nocase; ) # v3e4b4f68726276118fa33eae70b4ca570.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028805; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v3e4b4f68726276118fa33eae70b4ca570|02|cn"; nocase; ) # zbc0a3434d53e0689d878775cc08ef41f7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028806; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zbc0a3434d53e0689d878775cc08ef41f7|02|ws"; nocase; ) # u7652b0e0faaa718f176215428624af762.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028807; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u7652b0e0faaa718f176215428624af762|02|tk"; nocase; ) # z65ab15ebb4035725c5dbada931f902670.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028808; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z65ab15ebb4035725c5dbada931f902670|02|in"; nocase; ) # d9f744e10a002087a37b44cd5679b928ff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028809; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d9f744e10a002087a37b44cd5679b928ff|02|so"; nocase; ) # g5c53bbd911fa0de0f80e89100816a7adc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028810; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g5c53bbd911fa0de0f80e89100816a7adc|02|to"; nocase; ) # n9abaf4cd17762726889f6d0467ead825f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028811; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9abaf4cd17762726889f6d0467ead825f|02|ws"; nocase; ) # p8562165ade04808af3e79511378af3c17.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028812; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p8562165ade04808af3e79511378af3c17|02|in"; nocase; ) # ub144e1dbb20284595b30270db76155423.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028813; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub144e1dbb20284595b30270db76155423|02|cc"; nocase; ) # v262892f37cca58609651b8ab64ecbb6cd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028814; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v262892f37cca58609651b8ab64ecbb6cd|02|ws"; nocase; ) # jff065e58213c0f079a1f9c921a895dfcf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028815; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jff065e58213c0f079a1f9c921a895dfcf|02|so"; nocase; ) # o072b000ab5916217a459eea52c8e8a8d0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028816; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o072b000ab5916217a459eea52c8e8a8d0|02|hk"; nocase; ) # v1d6973392c428ac8c4e314540668b7b22.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028817; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1d6973392c428ac8c4e314540668b7b22|02|in"; nocase; ) # x3b8f9148a53cfe4e39a748e91aaea3032.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028818; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x3b8f9148a53cfe4e39a748e91aaea3032|02|cn"; nocase; ) # gbe1901966127f88fa73156343eb4a6dbb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028819; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gbe1901966127f88fa73156343eb4a6dbb|02|tk"; nocase; ) # n7ed1e3f8debbc2323bbe388dcd3704abf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028820; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7ed1e3f8debbc2323bbe388dcd3704abf|02|cn"; nocase; ) # rb98722b5c7b9ad2bd02b84b349008afe0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028821; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb98722b5c7b9ad2bd02b84b349008afe0|02|ws"; nocase; ) # tb07cab5d6558402b86521c3fcad22e4a7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028822; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb07cab5d6558402b86521c3fcad22e4a7|02|in"; nocase; ) # lbe6e0850890cfecbb2a1a53db48bdaf55.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028823; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lbe6e0850890cfecbb2a1a53db48bdaf55|02|cn"; nocase; ) # p67cd33435189c2815844f94732ec6621e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028824; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p67cd33435189c2815844f94732ec6621e|02|ws"; nocase; ) # wbfd251f7e4023a942c1bedd56bf4c5c58.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028825; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wbfd251f7e4023a942c1bedd56bf4c5c58|02|cc"; nocase; ) # yf2848e1b7659b39018b09ce964edefd11.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028826; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yf2848e1b7659b39018b09ce964edefd11|02|to"; nocase; ) # d394c423a3c8b3e747e5fb6ac6ab1baef1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028827; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d394c423a3c8b3e747e5fb6ac6ab1baef1|02|so"; nocase; ) # k28daed5ef505e278a17fb343ba2fbb5ea.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028828; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k28daed5ef505e278a17fb343ba2fbb5ea|02|tk"; nocase; ) # e61c6c80453a12e626af0b7f73d1acc07a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028829; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e61c6c80453a12e626af0b7f73d1acc07a|02|hk"; nocase; ) # h16681f97eef74ae0d1c18ef61ceddfd08.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028830; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h16681f97eef74ae0d1c18ef61ceddfd08|02|so"; nocase; ) # ldeeedb904bfc9c9be132320ec3389ef77.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028831; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ldeeedb904bfc9c9be132320ec3389ef77|02|in"; nocase; ) # pb0055f408b577086f5d1c85c4a16e8611.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028832; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb0055f408b577086f5d1c85c4a16e8611|02|so"; nocase; ) # vd288ef77a02161fbc24eb456c1e7c048e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028833; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd288ef77a02161fbc24eb456c1e7c048e|02|cn"; nocase; ) # y70ceaf97f7d2ad49301d44a2308230e49.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028834; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y70ceaf97f7d2ad49301d44a2308230e49|02|cc"; nocase; ) # a352b449e71f735bee84a26aed9f275904.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028835; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a352b449e71f735bee84a26aed9f275904|02|to"; nocase; ) # c6263defd9d8f6c28238c68bbc45c95932.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028836; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6263defd9d8f6c28238c68bbc45c95932|02|hk"; nocase; ) # de6e095bd0fab229774752660f83deabd9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028837; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de6e095bd0fab229774752660f83deabd9|02|cn"; nocase; ) # f3b0a9ba6a4a48fa0a5e1b0acffeea2881.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028838; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f3b0a9ba6a4a48fa0a5e1b0acffeea2881|02|so"; nocase; ) # g3686693c5d00747719175df2b467cbcf1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028839; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g3686693c5d00747719175df2b467cbcf1|02|cc"; nocase; ) # jba9a99c99db71274a7424b2e75a0a4fcb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028840; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jba9a99c99db71274a7424b2e75a0a4fcb|02|in"; nocase; ) # lf8c14da82ade985add558ad2209834209.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028841; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lf8c14da82ade985add558ad2209834209|02|cn"; nocase; ) # m8113c94a472b62752ab2cba6e60e67aae.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028842; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8113c94a472b62752ab2cba6e60e67aae|02|tk"; nocase; ) # w046885a145ec585ce79d2c545b820d4f2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028843; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w046885a145ec585ce79d2c545b820d4f2|02|cc"; nocase; ) # b7dfdc7e7a2fc6b08212623871ad27d117.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028844; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7dfdc7e7a2fc6b08212623871ad27d117|02|cn"; nocase; ) # e1a223d8bdb3575fa323f1b07d9bfd36ba.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028845; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1a223d8bdb3575fa323f1b07d9bfd36ba|02|cc"; nocase; ) # hd0f3adbc9dcd8f0ab286aeae1b574a1b8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028846; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd0f3adbc9dcd8f0ab286aeae1b574a1b8|02|in"; nocase; ) # pf8271f45040a1274735f54f3639e4f0a7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028847; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf8271f45040a1274735f54f3639e4f0a7|02|in"; nocase; ) # aa63d7176a75459bd485700f75e6cbd7ae.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028848; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aa63d7176a75459bd485700f75e6cbd7ae|02|tk"; nocase; ) # b74ab791eda01a2935436811a9d6be0cca.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028849; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b74ab791eda01a2935436811a9d6be0cca|02|so"; nocase; ) # ga028b96ba71c2c7b765a292d8c53741a1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028850; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga028b96ba71c2c7b765a292d8c53741a1|02|hk"; nocase; ) # i9820e3ab7f68a78e1a9ffd4978ac43abe.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028851; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i9820e3ab7f68a78e1a9ffd4978ac43abe|02|tk"; nocase; ) # k21320b6ead5cdee01e2df8673a7fc57fd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028852; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k21320b6ead5cdee01e2df8673a7fc57fd|02|cc"; nocase; ) # o7af22506dedf2c5a8080a886dcf97f810.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028853; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o7af22506dedf2c5a8080a886dcf97f810|02|hk"; nocase; ) # q4babd58d487d06c23ee1aab0e8680453a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028854; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4babd58d487d06c23ee1aab0e8680453a|02|tk"; nocase; ) # s2ea6182f737b6e97d55d059b0894a4afc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028855; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2ea6182f737b6e97d55d059b0894a4afc|02|cc"; nocase; ) # a54de4a7766e01c9b7334ee05fec2f839f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028856; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a54de4a7766e01c9b7334ee05fec2f839f|02|cc"; nocase; ) # k74f36a9f10d9cf74c9b88009531d19b52.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028857; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k74f36a9f10d9cf74c9b88009531d19b52|02|to"; nocase; ) # q1cb5a2e57352235e6bf937bc553f5a71b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028858; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1cb5a2e57352235e6bf937bc553f5a71b|02|cc"; nocase; ) # v1ff8e7c7cce7eef385e1f8c28310f037b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028859; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1ff8e7c7cce7eef385e1f8c28310f037b|02|cn"; nocase; ) # z5287df4746205fbdbdeeffc229f327b4e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028860; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z5287df4746205fbdbdeeffc229f327b4e|02|ws"; nocase; ) # ee2a9a90076922b5e3299be14c33d3cc2b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028861; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ee2a9a90076922b5e3299be14c33d3cc2b|02|tk"; nocase; ) # i18107505d14684222b89855a9cd3062be.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028862; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i18107505d14684222b89855a9cd3062be|02|to"; nocase; ) # ud1aac24d487c8bc5c94ab4ef1fc9b5021.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028863; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ud1aac24d487c8bc5c94ab4ef1fc9b5021|02|tk"; nocase; ) # bb363d82c3707960c4eff47d545f358345.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028864; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb363d82c3707960c4eff47d545f358345|02|cn"; nocase; ) # f1ba5254cfe959cdb799312533941b8e63.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028865; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1ba5254cfe959cdb799312533941b8e63|02|ws"; nocase; ) # r3d56d02d4c606c08d5cc009c0eaf48288.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028866; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3d56d02d4c606c08d5cc009c0eaf48288|02|cn"; nocase; ) # eeb9bdd470a5d6c20efabbf8609c0c362d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028867; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eeb9bdd470a5d6c20efabbf8609c0c362d|02|to"; nocase; ) # i397ec81a19e131697f7104dadc4ef4594.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028868; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i397ec81a19e131697f7104dadc4ef4594|02|tk"; nocase; ) # j7b45774ba703ff2d20281e9bc44a4c020.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028869; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j7b45774ba703ff2d20281e9bc44a4c020|02|so"; nocase; ) # k7e537eaf4326e037b7b4f34513970fa4d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028870; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k7e537eaf4326e037b7b4f34513970fa4d|02|cc"; nocase; ) # nd3c02f63ec24711f7c42fc438b944c575.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028871; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd3c02f63ec24711f7c42fc438b944c575|02|in"; nocase; ) # p2be2f0815bf27457813ebf0120a1a7cb9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028872; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p2be2f0815bf27457813ebf0120a1a7cb9|02|cn"; nocase; ) # tef1c800b53b17ce60d1a82cc63a0fc631.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028873; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tef1c800b53b17ce60d1a82cc63a0fc631|02|ws"; nocase; ) # j1cef675129be60a7d1dd093c896ada647.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028874; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1cef675129be60a7d1dd093c896ada647|02|ws"; nocase; ) # lb2776c8ecb0b1abeab8e95991710652cb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028875; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lb2776c8ecb0b1abeab8e95991710652cb|02|in"; nocase; ) # m96052e924c38198df98f0638e84be364f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028876; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m96052e924c38198df98f0638e84be364f|02|hk"; nocase; ) # i5b9268ece6f699cd109b880499b8408ad.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028877; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5b9268ece6f699cd109b880499b8408ad|02|to"; nocase; ) # pe39668f36f5241267f1e65b569c1de892.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028878; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe39668f36f5241267f1e65b569c1de892|02|ws"; nocase; ) # ecd4f35e27762668fa6f8e4bd5b5deee4c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028879; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ecd4f35e27762668fa6f8e4bd5b5deee4c|02|cc"; nocase; ) # j4b04b9281ea2393eb9ae2450b121e4339.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028880; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4b04b9281ea2393eb9ae2450b121e4339|02|cn"; nocase; ) # ne21327cd1a64a62bf1ee80865628e4fed.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028881; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne21327cd1a64a62bf1ee80865628e4fed|02|ws"; nocase; ) # q111869338cd0c324c54403ab2dab9c80c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028882; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q111869338cd0c324c54403ab2dab9c80c|02|hk"; nocase; ) # uf564b757d18b80caac44aa71d07c92392.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028883; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf564b757d18b80caac44aa71d07c92392|02|cc"; nocase; ) # w236807318c4d8a2814155c47b7159ab39.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028884; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w236807318c4d8a2814155c47b7159ab39|02|to"; nocase; ) # a064060700477dc2056c15da51d87d109b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028885; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a064060700477dc2056c15da51d87d109b|02|tk"; nocase; ) # d99ad499862782a13537ffee28acf52f5a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028886; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d99ad499862782a13537ffee28acf52f5a|02|ws"; nocase; ) # t5ba25698f7b33257d742201e95c13fd5b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028887; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t5ba25698f7b33257d742201e95c13fd5b|02|ws"; nocase; ) # ua0adfd3f68fd7358f39cb9d4c1c4a323e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028888; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua0adfd3f68fd7358f39cb9d4c1c4a323e|02|to"; nocase; ) # g9a494bebbb8cc85ce8139bb9acb1a4c06.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028889; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g9a494bebbb8cc85ce8139bb9acb1a4c06|02|tk"; nocase; ) # h613f5e239a5279208f3965b64cf02022c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028890; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h613f5e239a5279208f3965b64cf02022c|02|so"; nocase; ) # j09152b8f27a5898589620e46338b32501.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028891; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j09152b8f27a5898589620e46338b32501|02|ws"; nocase; ) # na5efb41ff879a8b70ea9c8e535d9241f3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028892; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|na5efb41ff879a8b70ea9c8e535d9241f3|02|cn"; nocase; ) # u04e6fef87dcd7dbe3c5b206c362944995.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028893; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u04e6fef87dcd7dbe3c5b206c362944995|02|hk"; nocase; ) # m4s2wxo0inqj3fy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028894; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|m4s2wxo0inqj3fy|04|ddns|03|net"; nocase; ) # et7na0i0ynghaf5vmlg05lq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028895; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|et7na0i0ynghaf5vmlg05lq|04|ddns|03|net"; nocase; ) # 32upyb7p5latodu4erk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028896; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|32upyb7p5latodu4erk|04|ddns|03|net"; nocase; ) # mf58enm016c0ktgx7byli21.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028897; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|mf58enm016c0ktgx7byli21|04|ddns|03|net"; nocase; ) # ojurcfi854qjmpyfg6ufuxi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028898; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|ojurcfi854qjmpyfg6ufuxi|04|ddns|03|net"; nocase; ) # wpub3lgp387ja27d3xojehi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028899; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|wpub3lgp387ja27d3xojehi|04|ddns|03|net"; nocase; ) # i65b1bk2k058spk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028900; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|i65b1bk2k058spk|04|ddns|03|net"; nocase; ) # shutc2qdu6w4y0c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028901; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|shutc2qdu6w4y0c|04|ddns|03|net"; nocase; ) # wdstq6olu6ov1rovgvw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028902; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|wdstq6olu6ov1rovgvw|04|ddns|03|net"; nocase; ) # qairufxeepaw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028903; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|qairufxeepaw|04|ddns|03|net"; nocase; ) # klolvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028904; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|klolvm|04|info"; nocase; ) # xpfbgqeju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028905; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xpfbgqeju|03|org"; nocase; ) # ztwmybxk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028906; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ztwmybxk|04|info"; nocase; ) # zudwbyzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028907; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zudwbyzr|04|info"; nocase; ) # ljqmtxllqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028908; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ljqmtxllqn|03|biz"; nocase; ) # deovwuatle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028909; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|deovwuatle|03|org"; nocase; ) # yjdhuvt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028910; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yjdhuvt|04|info"; nocase; ) # kzzylfrojfi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028911; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kzzylfrojfi|03|com"; nocase; ) # sqhtnixoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028912; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sqhtnixoe|03|biz"; nocase; ) # izzxnfowv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028913; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|izzxnfowv|04|info"; nocase; ) # rtmnxkjabgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028914; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rtmnxkjabgz|03|com"; nocase; ) # mhsdgpegpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028915; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mhsdgpegpe|03|biz"; nocase; ) # erklejmjxn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028916; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|erklejmjxn|04|info"; nocase; ) # evquqhkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028917; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|evquqhkz|03|org"; nocase; ) # thsvzonp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028918; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|thsvzonp|03|biz"; nocase; ) # oqgbutfogat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028919; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oqgbutfogat|03|com"; nocase; ) # ufqajlkotth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028920; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ufqajlkotth|03|net"; nocase; ) # ieyigbmhexa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028921; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ieyigbmhexa|04|info"; nocase; ) # ahsofjiggt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028922; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ahsofjiggt|03|com"; nocase; ) # ymgwwgozg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028923; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ymgwwgozg|04|info"; nocase; ) # pogosjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028924; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pogosjl|03|org"; nocase; ) # gnifnqqhmsy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028925; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gnifnqqhmsy|03|net"; nocase; ) # lnwbnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028926; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lnwbnx|03|biz"; nocase; ) # viegpwcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028927; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|viegpwcn|03|com"; nocase; ) # iqmnvw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028928; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|iqmnvw|04|info"; nocase; ) # kdibkjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028929; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kdibkjm|03|org"; nocase; ) # nvmpjhxwe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028930; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nvmpjhxwe|04|info"; nocase; ) # oufzpyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028931; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oufzpyf|04|info"; nocase; ) # luomesxuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028932; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|luomesxuo|03|net"; nocase; ) # nxvyomfpcve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028933; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nxvyomfpcve|04|info"; nocase; ) # eaisvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028934; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|eaisvh|04|info"; nocase; ) # lnbcmgzrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028935; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lnbcmgzrv|03|net"; nocase; ) # brjfgxmyvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028936; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|brjfgxmyvm|04|info"; nocase; ) # ppgrcmduuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028937; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ppgrcmduuy|03|net"; nocase; ) # oziqxkxjoii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028938; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oziqxkxjoii|03|com"; nocase; ) # iatozwlskt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028939; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iatozwlskt|03|org"; nocase; ) # kxzgzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028940; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kxzgzx|04|info"; nocase; ) # yqtipnsyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028941; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yqtipnsyu|04|info"; nocase; ) # qaxcrkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028942; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qaxcrkr|03|org"; nocase; ) # dzonmpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028943; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dzonmpx|03|biz"; nocase; ) # ryddwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028944; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ryddwo|04|info"; nocase; ) # teakonhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028945; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|teakonhz|03|com"; nocase; ) # vsvkapig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028946; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vsvkapig|03|com"; nocase; ) # sfkeqyx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028947; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sfkeqyx|04|info"; nocase; ) # aeiksx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028948; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aeiksx|03|net"; nocase; ) # zfhhao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028949; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zfhhao|03|com"; nocase; ) # qtzswe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028950; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qtzswe|04|info"; nocase; ) # wcuxla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028951; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wcuxla|03|org"; nocase; ) # kvtcfkkotr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028952; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kvtcfkkotr|03|net"; nocase; ) # ejaikmywse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028953; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ejaikmywse|03|net"; nocase; ) # huvvuowoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028954; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|huvvuowoe|03|biz"; nocase; ) # dzbpeqyqok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028955; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dzbpeqyqok|03|biz"; nocase; ) # hpysll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028956; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hpysll|03|org"; nocase; ) # elusamwvxq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028957; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|elusamwvxq|04|info"; nocase; ) # hfjvizmkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028958; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hfjvizmkj|03|org"; nocase; ) # xokgoxhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028959; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xokgoxhd|03|com"; nocase; ) # cuvyemvuf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028960; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cuvyemvuf|03|net"; nocase; ) # yihxwszbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028961; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yihxwszbf|03|com"; nocase; ) # ymfdebivs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028962; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ymfdebivs|04|info"; nocase; ) # wfscih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028963; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wfscih|03|com"; nocase; ) # jczdcfxyd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028964; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jczdcfxyd|04|info"; nocase; ) # gtqvsuaqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028965; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gtqvsuaqc|03|biz"; nocase; ) # gftoyugd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028966; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gftoyugd|03|com"; nocase; ) # tcvoiivm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028967; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tcvoiivm|04|info"; nocase; ) # nvygur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028968; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nvygur|03|net"; nocase; ) # jjtsrztyivg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028969; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jjtsrztyivg|04|info"; nocase; ) # qzcefwfzd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028970; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qzcefwfzd|04|info"; nocase; ) # czppqrozc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028971; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|czppqrozc|04|info"; nocase; ) # plheujckxz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028972; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|plheujckxz|04|info"; nocase; ) # bqosmtjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028973; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bqosmtjm|03|org"; nocase; ) # psmzzcxbzdl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028974; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|psmzzcxbzdl|03|com"; nocase; ) # wogsioackd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028975; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wogsioackd|03|org"; nocase; ) # byiipeuqdeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028976; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|byiipeuqdeo|03|com"; nocase; ) # jbmkigkmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028977; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jbmkigkmf|03|org"; nocase; ) # jdbkixjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028978; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jdbkixjl|03|org"; nocase; ) # pjjmzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028979; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pjjmzr|04|info"; nocase; ) # mwzencsqe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028980; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mwzencsqe|03|biz"; nocase; ) # esjrbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028981; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|esjrbd|03|com"; nocase; ) # elihemhyx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028982; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|elihemhyx|04|info"; nocase; ) # yvlqya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028983; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yvlqya|04|info"; nocase; ) # ovofdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028984; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ovofdt|03|com"; nocase; ) # ubvprtflh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028985; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ubvprtflh|03|org"; nocase; ) # fqucmyhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028986; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fqucmyhz|03|com"; nocase; ) # dzwoygff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028987; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dzwoygff|03|com"; nocase; ) # phdvera.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028988; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|phdvera|03|net"; nocase; ) # imcxqshrml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028989; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|imcxqshrml|03|org"; nocase; ) # xiwqqgkuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028990; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xiwqqgkuj|03|net"; nocase; ) # qmocmev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028991; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qmocmev|03|com"; nocase; ) # jmfskenmuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028992; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jmfskenmuy|03|net"; nocase; ) # apppbovgkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028993; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|apppbovgkg|03|org"; nocase; ) # xetubpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028994; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xetubpa|03|biz"; nocase; ) # maaaku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028995; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|maaaku|03|org"; nocase; ) # ipmxwq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028996; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ipmxwq|04|info"; nocase; ) # lnyubwa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028997; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lnyubwa|04|info"; nocase; ) # jnoqgpr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028998; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jnoqgpr|03|biz"; nocase; ) # ybkzmskmyoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000028999; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ybkzmskmyoa|03|biz"; nocase; ) # flymtfanrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029000; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|flymtfanrh|03|net"; nocase; ) # xmoqwhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029001; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xmoqwhn|03|com"; nocase; ) # adqirnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029002; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|adqirnx|03|biz"; nocase; ) # tssgmyrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029003; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tssgmyrk|03|net"; nocase; ) # hdktxjjdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029004; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hdktxjjdf|03|com"; nocase; ) # wyfiduvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029005; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wyfiduvm|04|info"; nocase; ) # oddnxqgpfvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029006; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oddnxqgpfvm|04|info"; nocase; ) # xtufwzvmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029007; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xtufwzvmz|03|org"; nocase; ) # olncxzbrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029008; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|olncxzbrx|03|net"; nocase; ) # efiflvcj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029009; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|efiflvcj|03|com"; nocase; ) # xacscoerxlv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029010; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xacscoerxlv|03|org"; nocase; ) # yfyelfrxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029011; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yfyelfrxp|04|info"; nocase; ) # xyzjot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029012; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xyzjot|03|biz"; nocase; ) # jqrozduz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029013; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jqrozduz|03|net"; nocase; ) # jouttsjcphh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029014; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jouttsjcphh|03|com"; nocase; ) # nkvfpiqamve.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029015; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nkvfpiqamve|04|info"; nocase; ) # imsdrzl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029016; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|imsdrzl|04|info"; nocase; ) # vkasxeojwq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029017; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vkasxeojwq|04|info"; nocase; ) # wxhpzwfmun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029018; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wxhpzwfmun|03|net"; nocase; ) # mxjoehclh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029019; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mxjoehclh|03|org"; nocase; ) # nbapjbaam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029020; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nbapjbaam|03|com"; nocase; ) # osjvnirsvg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029021; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|osjvnirsvg|04|info"; nocase; ) # blbluaagll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029022; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|blbluaagll|03|org"; nocase; ) # uuvzkii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029023; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uuvzkii|03|com"; nocase; ) # nenidn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029024; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nenidn|03|com"; nocase; ) # sgxrdjlnay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029025; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sgxrdjlnay|03|com"; nocase; ) # nkwvchg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029026; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nkwvchg|03|com"; nocase; ) # rknxuaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029027; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rknxuaj|03|com"; nocase; ) # bwtttjolzcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029028; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bwtttjolzcd|03|com"; nocase; ) # tsytfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029029; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tsytfy|03|com"; nocase; ) # lldxyqfogi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029030; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lldxyqfogi|03|com"; nocase; ) # fliuja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029031; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fliuja|03|org"; nocase; ) # euyjgicqtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029032; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|euyjgicqtt|03|net"; nocase; ) # mldkjxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029033; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mldkjxa|04|info"; nocase; ) # kkowlb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029034; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kkowlb|03|org"; nocase; ) # ymsvrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029035; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ymsvrd|03|net"; nocase; ) # ctegzrdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029036; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ctegzrdb|03|com"; nocase; ) # lwinyjmpnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029037; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lwinyjmpnm|03|biz"; nocase; ) # hxrwzgky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029038; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hxrwzgky|03|org"; nocase; ) # pflfteyfyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029039; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pflfteyfyc|04|info"; nocase; ) # mimwwqgyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029040; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mimwwqgyc|04|info"; nocase; ) # ekkcsnfni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029041; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ekkcsnfni|03|biz"; nocase; ) # aqeieoxgwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029042; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aqeieoxgwo|04|info"; nocase; ) # hubgzqhtfiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029043; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hubgzqhtfiq|03|com"; nocase; ) # pzuqgytuftu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029044; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pzuqgytuftu|03|net"; nocase; ) # zlfgkoyeqcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029045; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zlfgkoyeqcx|03|com"; nocase; ) # lzlswy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029046; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lzlswy|04|info"; nocase; ) # dzwgkuhsp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029047; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dzwgkuhsp|03|net"; nocase; ) # edgohtrrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029048; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|edgohtrrw|03|net"; nocase; ) # ewvakjbgop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029049; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ewvakjbgop|03|biz"; nocase; ) # djtpwfzear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029050; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|djtpwfzear|03|com"; nocase; ) # wtojkjgjtfh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029051; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wtojkjgjtfh|03|com"; nocase; ) # papwxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029052; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|papwxg|04|info"; nocase; ) # xmeukxybegq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029053; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xmeukxybegq|03|com"; nocase; ) # wllgha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029054; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wllgha|03|com"; nocase; ) # czlxld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029055; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|czlxld|03|org"; nocase; ) # ostwmbnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029056; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ostwmbnx|03|biz"; nocase; ) # buumqhtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029057; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|buumqhtg|03|net"; nocase; ) # vwlmqadorti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029058; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vwlmqadorti|03|net"; nocase; ) # zmqkvmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029059; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zmqkvmi|03|org"; nocase; ) # wsnzwgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029060; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wsnzwgb|03|com"; nocase; ) # aklcbqzk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029061; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aklcbqzk|04|info"; nocase; ) # poojjmvyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029062; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|poojjmvyn|04|info"; nocase; ) # czicbnr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029063; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|czicbnr|03|biz"; nocase; ) # pfmciqum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029064; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pfmciqum|03|net"; nocase; ) # tabheh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029065; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tabheh|03|com"; nocase; ) # guhbaqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029066; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|guhbaqf|03|biz"; nocase; ) # qzpclfry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029067; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qzpclfry|03|net"; nocase; ) # vccwujmcbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029068; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vccwujmcbp|03|com"; nocase; ) # igrhlrs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029069; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|igrhlrs|03|net"; nocase; ) # feyqoxmqrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029070; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|feyqoxmqrh|03|net"; nocase; ) # jxnjauia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029071; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jxnjauia|03|com"; nocase; ) # ealeqmbfrt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029072; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ealeqmbfrt|03|net"; nocase; ) # fdajnycu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029073; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fdajnycu|03|com"; nocase; ) # ejqvtigjuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029074; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ejqvtigjuj|03|net"; nocase; ) # zcnrezkbelb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029075; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zcnrezkbelb|03|org"; nocase; ) # udncuiwz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029076; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|udncuiwz|04|info"; nocase; ) # wxaxbnj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029077; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wxaxbnj|03|biz"; nocase; ) # ksoczwcac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029078; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ksoczwcac|03|com"; nocase; ) # rvbusuvr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029079; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rvbusuvr|04|info"; nocase; ) # hcbsztuku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029080; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hcbsztuku|03|org"; nocase; ) # vknjvlpw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029081; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vknjvlpw|03|biz"; nocase; ) # hqwnnnfrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029082; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hqwnnnfrg|03|net"; nocase; ) # svjljamoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029083; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|svjljamoz|03|biz"; nocase; ) # tmuletnolf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029084; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tmuletnolf|03|org"; nocase; ) # celalfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029085; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|celalfo|03|com"; nocase; ) # nbxbyhak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029086; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nbxbyhak|03|com"; nocase; ) # lcrchexqlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029087; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lcrchexqlu|03|org"; nocase; ) # btioskwioz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029088; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|btioskwioz|03|biz"; nocase; ) # gjubinkcgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029089; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gjubinkcgk|03|com"; nocase; ) # ttltouhfcor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029090; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ttltouhfcor|03|biz"; nocase; ) # cukzgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029091; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cukzgy|03|com"; nocase; ) # ukxxij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029092; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ukxxij|03|com"; nocase; ) # vgbsedscdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029093; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vgbsedscdw|03|com"; nocase; ) # ajdahdlyldo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029094; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ajdahdlyldo|03|com"; nocase; ) # glxuqklatj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029095; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|glxuqklatj|03|net"; nocase; ) # gkvghvxst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029096; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gkvghvxst|03|net"; nocase; ) # rjxjppvpxsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029097; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rjxjppvpxsc|03|net"; nocase; ) # vmowum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029098; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vmowum|03|net"; nocase; ) # orosxvzekt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029099; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|orosxvzekt|03|org"; nocase; ) # ahkuznp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029100; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ahkuznp|03|biz"; nocase; ) # uvboqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029101; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uvboqr|03|biz"; nocase; ) # nvqsxnqmbmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029102; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nvqsxnqmbmf|03|org"; nocase; ) # tncgcoji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029103; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tncgcoji|03|org"; nocase; ) # tuvmtreyhfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029104; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tuvmtreyhfo|03|com"; nocase; ) # oxminxkvnit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029105; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oxminxkvnit|03|com"; nocase; ) # zjtblsd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029106; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zjtblsd|03|net"; nocase; ) # jrvcdwtqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029107; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jrvcdwtqh|03|biz"; nocase; ) # ndtehu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029108; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ndtehu|03|com"; nocase; ) # gunhgbemmvd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029109; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gunhgbemmvd|04|info"; nocase; ) # tgeyihqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029110; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tgeyihqj|03|biz"; nocase; ) # vtajet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029111; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vtajet|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # mmdeabmdacbfcole.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029112; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mmdeabmdacbfcole|06|online"; nocase; ) # bafeoadnakokmcdn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029113; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bafeoadnakokmcdn|03|com"; nocase; ) # fodkflfccfadooca.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029114; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fodkflfccfadooca|04|info"; nocase; ) # dfodkcafacbaedak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029115; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dfodkcafacbaedak|03|com"; nocase; ) # ncoddmmocknnbdnb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029116; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ncoddmmocknnbdnb|04|info"; nocase; ) # lbdledcnbfkafmcf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029117; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lbdledcnbfkafmcf|03|net"; nocase; ) # acoocbfofdfkddec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029118; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|acoocbfofdfkddec|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # kaddcaddldmnadke.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029119; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kaddcaddldmnadke|02|co|02|uk"; nocase; ) # fbnamfmmdfnedkne.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029120; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fbnamfmmdfnedkne|02|eu"; nocase; ) # dadnealaabkbblbb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029121; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dadnealaabkbblbb|04|info"; nocase; ) # bobmkbmcblmbbcfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029122; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bobmkbmcblmbbcfm|03|com"; nocase; ) # dmebccacbebfnefn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029123; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dmebccacbebfnefn|03|com"; nocase; ) # fcocdmmekbdffcmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029124; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcocdmmekbdffcmm|03|org"; nocase; ) # cablmmbmaekankff.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029125; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cablmmbmaekankff|06|online"; nocase; ) # ebaeodmbmlbadaad.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029126; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ebaeodmbmlbadaad|02|cc"; nocase; ) # odbdmcabfadfafcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029127; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|odbdmcabfadfafcc|03|com"; nocase; ) # flolefkommldonme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029128; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|flolefkommldonme|03|com"; nocase; ) # aedonakcmbfcaddm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029129; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aedonakcmbfcaddm|02|co|02|uk"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # edcmcdelcalffacd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029130; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|edcmcdelcalffacd|02|cc"; nocase; ) # dlfocdedbecdakld.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029131; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dlfocdedbecdakld|02|eu"; nocase; ) # nnclnamkkoabnfle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029132; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nnclnamkkoabnfle|03|com"; nocase; ) # beemjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029133; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|beemjt|03|com"; nocase; ) # nvclox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029134; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nvclox|03|com"; nocase; ) # epuysx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029135; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|epuysx|03|com"; nocase; ) # bezohd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029136; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bezohd|03|com"; nocase; ) # yyqtuk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029137; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yyqtuk|03|com"; nocase; ) # oukyjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029138; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oukyjg|03|com"; nocase; ) # gifspv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029139; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gifspv|03|com"; nocase; ) # jqioog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029140; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|jqioog|03|com"; nocase; ) # uweyog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029141; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uweyog|03|com"; nocase; ) # ueiika.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029142; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ueiika|03|com"; nocase; ) # lyojbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029143; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|lyojbn|03|com"; nocase; ) # fkpnyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029144; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fkpnyu|03|com"; nocase; ) # mzrmhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029145; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mzrmhm|03|com"; nocase; ) # glsbwz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029146; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|glsbwz|03|com"; nocase; ) # owccdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029147; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|owccdx|03|com"; nocase; ) # gfkdnm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029148; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gfkdnm|03|com"; nocase; ) # cykwea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029149; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cykwea|03|com"; nocase; ) # ihvkoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029150; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ihvkoo|03|com"; nocase; ) # oqsavo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029151; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oqsavo|03|com"; nocase; ) # ilrocx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029152; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ilrocx|03|com"; nocase; ) # ewgwyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029153; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ewgwyd|03|com"; nocase; ) # ibkspe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029154; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ibkspe|03|com"; nocase; ) # drqxjvdbdeupaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029155; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|drqxjvdbdeupaw|03|org"; nocase; ) # jxeypkxjttuepxfug.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029156; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|jxeypkxjttuepxfug|02|su"; nocase; ) # stduplsppuxsftigo.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029157; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|stduplsppuxsftigo|02|pl"; nocase; ) # nfoknmpbefjvgxyk.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029158; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|nfoknmpbefjvgxyk|02|su"; nocase; ) # jhcmwshxnpt.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029159; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|jhcmwshxnpt|02|pw"; nocase; ) # ulabmnmcvpwiecig.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029160; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ulabmnmcvpwiecig|03|biz"; nocase; ) # omurdtbnqhxqfja.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029161; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|omurdtbnqhxqfja|03|xyz"; nocase; ) # eqcitluhyagbqrwr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029162; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|eqcitluhyagbqrwr|04|info"; nocase; ) # nkvjdtefnfs.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029163; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|nkvjdtefnfs|04|work"; nocase; ) # hlkpjrw.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029164; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hlkpjrw|02|su"; nocase; ) # oycotlnplt.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029165; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|oycotlnplt|02|pw"; nocase; ) # ihfaootcgshi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029166; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ihfaootcgshi|03|xyz"; nocase; ) # putpuqm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029167; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|putpuqm|03|biz"; nocase; ) # mrlsnkaix.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029168; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|mrlsnkaix|05|click"; nocase; ) # dtysahjv.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029169; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|dtysahjv|02|pl"; nocase; ) # crabgidpmgefqbhw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029170; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|crabgidpmgefqbhw|04|work"; nocase; ) # frhclbtrdpo.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029171; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|frhclbtrdpo|03|xyz"; nocase; ) # lamissq.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029172; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|lamissq|02|su"; nocase; ) # ajnbkyiqihnovxqvg.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029173; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ajnbkyiqihnovxqvg|02|pw"; nocase; ) # shrohjdynlh.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029174; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|shrohjdynlh|02|pl"; nocase; ) # oalftioebn.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029175; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|oalftioebn|04|work"; nocase; ) # yjomgpgvujeouwh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029176; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|yjomgpgvujeouwh|03|biz"; nocase; ) # mnogfqyiqkrf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029177; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|mnogfqyiqkrf|02|su"; nocase; ) # uwdcqerfj.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029178; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|uwdcqerfj|03|xyz"; nocase; ) # mridkussdfpgpruss.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029179; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|mridkussdfpgpruss|05|click"; nocase; ) # sidvwkjcm.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029180; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|sidvwkjcm|05|click"; nocase; ) # eaftwidwebwim.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029181; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|eaftwidwebwim|03|xyz"; nocase; ) # bumoeuejl.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029182; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|bumoeuejl|02|su"; nocase; ) # dmbwknutliarwe.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029183; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|dmbwknutliarwe|05|click"; nocase; ) # rnlgxvdln.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029184; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|rnlgxvdln|03|biz"; nocase; ) # rnrchhpndvxj.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029185; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|rnrchhpndvxj|04|work"; nocase; ) # rtylgtxiyfbjjn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029186; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|rtylgtxiyfbjjn|03|biz"; nocase; ) # frloearjxljgtv.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029187; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|frloearjxljgtv|03|xyz"; nocase; ) # xigpfqyupkhnlhqgl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029188; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|xigpfqyupkhnlhqgl|04|info"; nocase; ) # jknwwfkl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029189; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|jknwwfkl|03|biz"; nocase; ) # suqypftfbke.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029190; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|suqypftfbke|04|info"; nocase; ) # aweapys.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029191; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|aweapys|04|work"; nocase; ) # bjvqnyluxfyjofb.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029192; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|bjvqnyluxfyjofb|02|su"; nocase; ) # jrisdgi.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029193; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|jrisdgi|04|work"; nocase; ) # lfbuqfqgywtvk.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029194; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|lfbuqfqgywtvk|02|pw"; nocase; ) # atjnepkupovtlgty.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029195; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|atjnepkupovtlgty|05|click"; nocase; ) # jhogswx.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029196; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|jhogswx|05|click"; nocase; ) # xrnwgusifjss.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029197; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|xrnwgusifjss|04|info"; nocase; ) # cnmgucens.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029198; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|cnmgucens|04|work"; nocase; ) # dsaflidttjyrfce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029199; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|dsaflidttjyrfce|03|org"; nocase; ) # dsjrtjkmwvmgino.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029200; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|dsjrtjkmwvmgino|05|click"; nocase; ) # gxdeosyumvbixl.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029201; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|gxdeosyumvbixl|02|pl"; nocase; ) # ndpinmkcixwy.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029202; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ndpinmkcixwy|02|pl"; nocase; ) # wqrjuahytlsf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029203; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wqrjuahytlsf|02|co|02|uk"; nocase; ) # tncwqbgunefa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029204; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tncwqbgunefa|03|net"; nocase; ) # nkdamqbeyvag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029205; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nkdamqbeyvag|03|biz"; nocase; ) # dmfeldabojcn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029206; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dmfeldabojcn|03|org"; nocase; ) # cxggirvlivljoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029207; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cxggirvlivljoe|03|org"; nocase; ) # fejmwwjrxfqmva.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029208; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fejmwwjrxfqmva|02|ru"; nocase; ) # gsqsjdxbisufwl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029209; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gsqsjdxbisufwl|02|co|02|uk"; nocase; ) # hflfmickyvjswx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029210; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hflfmickyvjswx|04|info"; nocase; ) # adgiqmppjvhofe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029211; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|adgiqmppjvhofe|04|info"; nocase; ) # pclfidorulmeii.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029212; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pclfidorulmeii|02|ru"; nocase; ) # cvkqvxynmtvkom.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029213; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cvkqvxynmtvkom|03|biz"; nocase; ) # gmpsascifcxhoi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029214; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gmpsascifcxhoi|04|info"; nocase; ) # tfurbjyxmffxon.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029215; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tfurbjyxmffxon|02|ru"; nocase; ) # ubstcaeeugilff.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029216; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ubstcaeeugilff|02|co|02|uk"; nocase; ) # yrxvguhynokibc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029217; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yrxvguhynokibc|03|biz"; nocase; ) # bpaftcqjxbelqk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029218; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bpaftcqjxbelqk|04|info"; nocase; ) # rcxhktafikplca.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029219; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rcxhktafikplca|02|co|02|uk"; nocase; ) # iecjeqkbpyafws.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029220; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iecjeqkbpyafws|02|co|02|uk"; nocase; ) # xaaecbqvkqvdmm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029221; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xaaecbqvkqvdmm|03|com"; nocase; ) # nuydltsplrmisf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029222; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nuydltsplrmisf|02|ru"; nocase; ) # cjdltsupcdiayr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029223; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cjdltsupcdiayr|04|info"; nocase; ) # ghkwkmwcsokjmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029224; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ghkwkmwcsokjmt|03|net"; nocase; ) # nfpoiwkkmobjll.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029225; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nfpoiwkkmobjll|02|co|02|uk"; nocase; ) # opqdfcotalpwcs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029226; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|opqdfcotalpwcs|04|info"; nocase; ) # rkxdisyvovfhlj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029227; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rkxdisyvovfhlj|03|net"; nocase; ) # myhtususehksnb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029228; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|myhtususehksnb|04|info"; nocase; ) # vqsbamolowcqnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029229; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vqsbamolowcqnq|03|net"; nocase; ) # wxylduluddavwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029230; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wxylduluddavwm|03|biz"; nocase; ) # xiaaadyhfudnnj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029231; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xiaaadyhfudnnj|02|ru"; nocase; ) # jhubehmumrmyjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029232; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jhubehmumrmyjq|03|com"; nocase; ) # kyfleryhtcmehd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029233; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kyfleryhtcmehd|03|biz"; nocase; ) # xtffywhlodasip.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029234; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xtffywhlodasip|02|ru"; nocase; ) # mjkprmabixgkhv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029235; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjkprmabixgkhv|04|info"; nocase; ) # dbkgwmuxvbeuiw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029236; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dbkgwmuxvbeuiw|02|co|02|uk"; nocase; ) # akfobthgjjjcsu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029237; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|akfobthgjjjcsu|03|org"; nocase; ) # mcfxqvguwlhqty.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029238; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mcfxqvguwlhqty|02|co|02|uk"; nocase; ) # qhubjvbdijxjsi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029239; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qhubjvbdijxjsi|03|org"; nocase; ) # jbtxatilocgjsr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029240; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jbtxatilocgjsr|02|co|02|uk"; nocase; ) # maopexgatlrssc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029241; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|maopexgatlrssc|03|com"; nocase; ) # metabnmwvskpep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029242; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|metabnmwvskpep|03|org"; nocase; ) # nvekberdjrbdef.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029243; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nvekberdjrbdef|04|info"; nocase; ) # wrjgrccrjnnacf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029244; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wrjgrccrjnnacf|02|co|02|uk"; nocase; ) # dhenxdqhprhqbp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029245; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dhenxdqhprhqbp|03|net"; nocase; ) # etyculeilffdbk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029246; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|etyculeilffdbk|03|biz"; nocase; ) # nxwgblgtsuyjcm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029247; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nxwgblgtsuyjcm|03|org"; nocase; ) # btxeaqmwckpvka.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029248; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|btxeaqmwckpvka|02|co|02|uk"; nocase; ) # vfhyjvlmvuqvnc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029249; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vfhyjvlmvuqvnc|02|co|02|uk"; nocase; ) # xhsaalctmxwfea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029250; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xhsaalctmxwfea|03|net"; nocase; ) # avrufdniofqerm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029251; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|avrufdniofqerm|03|biz"; nocase; ) # nrsseldouoriqr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029252; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nrsseldouoriqr|02|ru"; nocase; ) # ebhtxurcmaxseg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029253; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ebhtxurcmaxseg|03|net"; nocase; ) # nssdwnkhvmvjmo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029254; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nssdwnkhvmvjmo|02|ru"; nocase; ) # mbmwbbypxkvirm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029255; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mbmwbbypxkvirm|03|com"; nocase; ) # hfmxbuwtnomysu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029256; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hfmxbuwtnomysu|04|info"; nocase; ) # hmvrkgxfruwisf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029257; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hmvrkgxfruwisf|03|com"; nocase; ) # ytqcgvhfpkuqya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029258; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ytqcgvhfpkuqya|03|org"; nocase; ) # bobwlmmrbyirwv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029259; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bobwlmmrbyirwv|04|info"; nocase; ) # cycncuashleewq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029260; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cycncuashleewq|03|com"; nocase; ) # sbvydgpwtpewjlt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029261; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sbvydgpwtpewjlt|02|ru"; nocase; ) # tqfamvmhfqihfuw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029262; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tqfamvmhfqihfuw|04|info"; nocase; ) # umdxagywxmwtfpl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029263; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|umdxagywxmwtfpl|03|net"; nocase; ) # hpnuphrnjboojpk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029264; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hpnuphrnjboojpk|03|org"; nocase; ) # joltgrejaqvnqoy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029265; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|joltgrejaqvnqoy|04|info"; nocase; ) # bxvuldefacujtim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029266; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bxvuldefacujtim|03|com"; nocase; ) # ebwgsuvhrbgmykm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029267; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ebwgsuvhrbgmykm|04|info"; nocase; ) # ryaghguvrxwlqem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029268; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ryaghguvrxwlqem|03|com"; nocase; ) # ulgbyksnhafvqdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029269; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ulgbyksnhafvqdh|03|biz"; nocase; ) # vkhhxgvrrmpaylm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029270; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vkhhxgvrrmpaylm|03|com"; nocase; ) # qgbugsgpcouxifk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029271; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qgbugsgpcouxifk|03|com"; nocase; ) # feskrfnjvpyhcxm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029272; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|feskrfnjvpyhcxm|02|co|02|uk"; nocase; ) # qtjwgwtgphhhwro.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029273; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qtjwgwtgphhhwro|02|ru"; nocase; ) # nlrgtskiqnrajpc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029274; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nlrgtskiqnrajpc|04|info"; nocase; ) # odufjuxtledjsen.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029275; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|odufjuxtledjsen|03|biz"; nocase; ) # luiwjlsinvoavai.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029276; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|luiwjlsinvoavai|04|info"; nocase; ) # lxolfixhfthxthc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029277; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lxolfixhfthxthc|03|net"; nocase; ) # ytphkqnchyolsqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029278; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ytphkqnchyolsqj|03|biz"; nocase; ) # kpxcbylommktnfs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029279; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kpxcbylommktnfs|02|ru"; nocase; ) # llvaopqrdxpouyr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029280; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|llvaopqrdxpouyr|02|co|02|uk"; nocase; ) # yhwvtuwgqilgtor.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029281; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yhwvtuwgqilgtor|04|info"; nocase; ) # smxxjyjvvyngwrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029282; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|smxxjyjvvyngwrr|03|com"; nocase; ) # wlexmdatrivgbqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029283; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wlexmdatrivgbqi|03|org"; nocase; ) # jhoioudywmjcpsr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029284; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jhoioudywmjcpsr|03|com"; nocase; ) # xwtotkvribnbovs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029285; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xwtotkvribnbovs|02|ru"; nocase; ) # lgpeetosohhuyhe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029286; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lgpeetosohhuyhe|03|net"; nocase; ) # yebjcvtgoskswgd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029287; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yebjcvtgoskswgd|02|ru"; nocase; ) # srkidfumhywcxlo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029288; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|srkidfumhywcxlo|02|co|02|uk"; nocase; ) # tefwakyhthgkxqb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029289; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tefwakyhthgkxqb|04|info"; nocase; ) # uvpdmbekptvnvbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029290; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uvpdmbekptvnvbr|03|net"; nocase; ) # brgmgrxxbpnnbmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029291; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|brgmgrxxbpnnbmy|03|org"; nocase; ) # lwnaprdfcrvutbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029292; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lwnaprdfcrvutbt|03|com"; nocase; ) # giwuywcuvcwuunu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029293; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|giwuywcuvcwuunu|03|com"; nocase; ) # lrcovduxbnmhxac.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029294; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lrcovduxbnmhxac|04|info"; nocase; ) # yndmulkehwnlwff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029295; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yndmulkehwnlwff|03|com"; nocase; ) # nmmfnnhtxatgvbq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029296; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nmmfnnhtxatgvbq|03|net"; nocase; ) # bindmvwaejukepc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029297; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bindmvwaejukepc|03|biz"; nocase; ) # vtwxvxmxbavksir.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029298; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vtwxvxmxbavksir|03|biz"; nocase; ) # noocxhyeofdcghk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029299; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|noocxhyeofdcghk|03|biz"; nocase; ) # ogyikxehkrsfwcs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029300; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ogyikxehkrsfwcs|03|org"; nocase; ) # obnwqddjmdjtkia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029301; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|obnwqddjmdjtkia|02|ru"; nocase; ) # sjrpvksryrpayex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029302; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sjrpvksryrpayex|03|com"; nocase; ) # anjwhmbepowsxec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029303; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|anjwhmbepowsxec|03|com"; nocase; ) # jxyinvjgkvrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029304; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jxyinvjgkvrq|03|net"; nocase; ) # bqhqwhjqjkdu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029305; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bqhqwhjqjkdu|03|biz"; nocase; ) # qybgigjpfxqw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029306; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qybgigjpfxqw|02|ru"; nocase; ) # flldysqplfao.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029307; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|flldysqplfao|04|info"; nocase; ) # mqspjomylovr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029308; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mqspjomylovr|03|net"; nocase; ) # fqrjvntaqevx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029309; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fqrjvntaqevx|03|biz"; nocase; ) # tfxpameccldx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029310; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tfxpameccldx|03|com"; nocase; ) # fwulllvqetjm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029311; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fwulllvqetjm|03|com"; nocase; ) # cxbrihmpmoay.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029312; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cxbrihmpmoay|02|ru"; nocase; ) # axtqyxmyruyc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029313; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|axtqyxmyruyc|02|ru"; nocase; ) # ciymlfcabgee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029314; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ciymlfcabgee|03|com"; nocase; ) # gpewfyggabda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029315; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gpewfyggabda|03|biz"; nocase; ) # hafmyhalccrt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029316; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hafmyhalccrt|02|ru"; nocase; ) # kyhvvqigiirt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029317; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kyhvvqigiirt|03|net"; nocase; ) # iriwukuwmrjb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029318; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iriwukuwmrjb|03|com"; nocase; ) # sopxarqwpbox.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029319; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sopxarqwpbox|03|org"; nocase; ) # atexvjuojsvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029320; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|atexvjuojsvd|03|net"; nocase; ) # ekjryqmqwfkx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029321; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ekjryqmqwfkx|02|co|02|uk"; nocase; ) # qafxglxgkvqg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029322; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qafxglxgkvqg|03|org"; nocase; ) # uxnvsqbkvsuy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029323; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uxnvsqbkvsuy|03|org"; nocase; ) # fifqxkwpseue.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029324; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fifqxkwpseue|04|info"; nocase; ) # iodekiwygvyr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029325; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iodekiwygvyr|03|org"; nocase; ) # jmnmwugsiopk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029326; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jmnmwugsiopk|03|com"; nocase; ) # lhxhcfsrnstt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029327; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lhxhcfsrnstt|03|biz"; nocase; ) # onepxsdtuifc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029328; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|onepxsdtuifc|02|co|02|uk"; nocase; ) # pfoaxjiaihvp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029329; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pfoaxjiaihvp|03|com"; nocase; ) # gxyslywfxyty.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029330; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gxyslywfxyty|02|ru"; nocase; ) # tvttbejbkdrj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029331; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tvttbejbkdrj|03|org"; nocase; ) # hmjcspmkotnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029332; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hmjcspmkotnv|03|org"; nocase; ) # vjyvixvxeylq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029333; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vjyvixvxeylq|02|co|02|uk"; nocase; ) # tcrdywyngywc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029334; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tcrdywyngywc|03|com"; nocase; ) # uugfqlpipdfm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029335; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uugfqlpipdfm|03|org"; nocase; ) # vfhweqavyoys.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029336; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vfhweqavyoys|02|co|02|uk"; nocase; ) # wflbdsfjyoko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029337; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wflbdsfjyoko|03|net"; nocase; ) # xpmsqxpwiaeu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029338; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xpmsqxpwiaeu|03|biz"; nocase; ) # cpxydajlepsu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029339; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cpxydajlepsu|02|co|02|uk"; nocase; ) # kgginkopcxli.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029340; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kgginkopcxli|04|info"; nocase; ) # cdcrxujqtvbx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029341; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cdcrxujqtvbx|03|biz"; nocase; ) # gdfhfxwherby.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029342; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gdfhfxwherby|04|info"; nocase; ) # xqqmpvulkowm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029343; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqqmpvulkowm|03|org"; nocase; ) # gaqbhehwnrvlv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029344; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gaqbhehwnrvlv|03|biz"; nocase; ) # hvoyuotmgnkxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029345; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hvoyuotmgnkxd|03|org"; nocase; ) # wvndcojhiehmc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029346; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wvndcojhiehmc|03|biz"; nocase; ) # lqtimutodfrje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029347; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lqtimutodfrje|03|org"; nocase; ) # mgdcrkmaxeesa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029348; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mgdcrkmaxeesa|03|com"; nocase; ) # ncbafuypqasfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029349; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ncbafuypqasfa|03|biz"; nocase; ) # mxsxynarciiyf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029350; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mxsxynarciiyf|03|org"; nocase; ) # avnwuvvftnwke.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029351; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|avnwuvvftnwke|02|co|02|uk"; nocase; ) # oawdkidfnautm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029352; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oawdkidfnautm|03|net"; nocase; ) # ewpbwblovuqel.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029353; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ewpbwblovuqel|03|org"; nocase; ) # vpxjgmlkujxqd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029354; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vpxjgmlkujxqd|02|co|02|uk"; nocase; ) # bpbscahvmnepq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029355; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bpbscahvmnepq|03|org"; nocase; ) # ojidocbgvqdbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029356; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ojidocbgvqdbq|03|biz"; nocase; ) # sijbllhglcptf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029357; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sijbllhglcptf|02|co|02|uk"; nocase; ) # srmnswchluudm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029358; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|srmnswchluudm|04|info"; nocase; ) # tpiqxengkhwtt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029359; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tpiqxengkhwtt|02|co|02|uk"; nocase; ) # xtqmwppkjcwxt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029360; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xtqmwppkjcwxt|04|info"; nocase; ) # asolnguaxdnor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029361; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|asolnguaxdnor|03|net"; nocase; ) # dwektegtkclee.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029362; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dwektegtkclee|02|ru"; nocase; ) # qsffcjsbxdixm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029363; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qsffcjsbxdixm|03|org"; nocase; ) # fyipflvujqhxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029364; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fyipflvujqhxa|03|com"; nocase; ) # sujknqicwreri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029365; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sujknqicwreri|03|net"; nocase; ) # olowdhocjorei.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029366; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|olowdhocjorei|02|ru"; nocase; ) # rloqvyfumnrfn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029367; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rloqvyfumnrfn|04|info"; nocase; ) # uunfgrlvfenxl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029368; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uunfgrlvfenxl|03|biz"; nocase; ) # tpdcwxymbilcs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029369; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tpdcwxymbilcs|04|info"; nocase; ) # ulbakoeprtqwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029370; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ulbakoeprtqwq|03|net"; nocase; ) # odpowaoxmdbcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029371; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|odpowaoxmdbcx|03|org"; nocase; ) # njfwatmatdgml.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029372; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|njfwatmatdgml|02|co|02|uk"; nocase; ) # bducwymtgdgok.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029373; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bducwymtgdgok|04|info"; nocase; ) # qdtixycdeyqtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029374; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qdtixycdeyqtj|03|org"; nocase; ) # grwwutmjibxhk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029375; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|grwwutmjibxhk|03|biz"; nocase; ) # ivcqhjjmttuab.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029376; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ivcqhjjmttuab|02|co|02|uk"; nocase; ) # otkocpkpivwln.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029377; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|otkocpkpivwln|04|info"; nocase; ) # qvotnkndtnjgu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029378; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qvotnkndtnjgu|02|ru"; nocase; ) # sqykfuayqaqfl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029379; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sqykfuayqaqfl|02|co|02|uk"; nocase; ) # vfxossaiqmgbt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029380; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vfxossaiqmgbt|02|ru"; nocase; ) # xhctendvcesvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029381; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xhctendvcesvi|03|com"; nocase; ) # qsqfupyqamyqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029382; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qsqfupyqamyqx|03|biz"; nocase; ) # txgnoccsicwqs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029383; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|txgnoccsicwqs|02|co|02|uk"; nocase; ) # hvboekxrelmwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029384; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hvboekxrelmwb|04|info"; nocase; ) # wtygveaaahjyb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029385; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wtygveaaahjyb|02|co|02|uk"; nocase; ) # 4xv22s1pv2vt3ca6zqqpx75zb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4xv22s1pv2vt3ca6zqqpx75zb|03|net"; nocase; ) # 17ijf91goa4k41mqkx21cuxwun.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ijf91goa4k41mqkx21cuxwun|03|biz"; nocase; ) # ijsj3ccnamg568pz3z1thnw62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ijsj3ccnamg568pz3z1thnw62|03|net"; nocase; ) # 1qagvze4dwjkahe8me312l2jsv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qagvze4dwjkahe8me312l2jsv|03|com"; nocase; ) # fmc8nox1m8c8lpn3hyp3961.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|fmc8nox1m8c8lpn3hyp3961|03|org"; nocase; ) # 165uigq1vkwgg61678ayjb0odul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165uigq1vkwgg61678ayjb0odul|03|net"; nocase; ) # 1u9jv9f1aetrir4b1f2s1jdyn3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9jv9f1aetrir4b1f2s1jdyn3p|03|net"; nocase; ) # 1px0gz5txrmmzf2e6n21esl7kf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1px0gz5txrmmzf2e6n21esl7kf|03|com"; nocase; ) # 2mumvi9sstzc16g91t5cfnh6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2mumvi9sstzc16g91t5cfnh6u|03|org"; nocase; ) # 643ubh1qjfowuouxzlabl2nov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|643ubh1qjfowuouxzlabl2nov|03|com"; nocase; ) # 86j301rn7igv19xtsyp1lauwj0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|86j301rn7igv19xtsyp1lauwj0|03|org"; nocase; ) # syh1u3x42kg12l7owa3avzo3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|syh1u3x42kg12l7owa3avzo3|03|org"; nocase; ) # wmatfrfs3kxlj355jxf12x0h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wmatfrfs3kxlj355jxf12x0h|03|com"; nocase; ) # 1a93vo11bpdb4g1n6iq9q78r7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a93vo11bpdb4g1n6iq9q78r7w|03|org"; nocase; ) # 70g3eq130ioke1bgsxpqvhlkrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|70g3eq130ioke1bgsxpqvhlkrt|03|org"; nocase; ) # 1ub6zlv1yzzy2h2nuayydpjufe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ub6zlv1yzzy2h2nuayydpjufe|03|com"; nocase; ) # 168aupf1r6xob717w16yno37aay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|168aupf1r6xob717w16yno37aay|03|net"; nocase; ) # ncu3hq5hfpma19bb4kl1av3dht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ncu3hq5hfpma19bb4kl1av3dht|03|org"; nocase; ) # fgd8lew73ku713x6tml1b68zh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fgd8lew73ku713x6tml1b68zh9|03|net"; nocase; ) # 1b7nhw91x6sgf464j08k147xi4o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b7nhw91x6sgf464j08k147xi4o|03|com"; nocase; ) # 10c6weo1vhel4o68e4gm1d9p94l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10c6weo1vhel4o68e4gm1d9p94l|03|biz"; nocase; ) # i4eh244k4ts71h9szrf1w6tgy8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i4eh244k4ts71h9szrf1w6tgy8|03|org"; nocase; ) # 3vgjm7aylb67mx1tkbkpd4vj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3vgjm7aylb67mx1tkbkpd4vj|03|com"; nocase; ) # 1as91ndvtbschknzxotaxfj0b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1as91ndvtbschknzxotaxfj0b|03|org"; nocase; ) # 14hycwv1w5s1vj1l4g1futnrdso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hycwv1w5s1vj1l4g1futnrdso|03|net"; nocase; ) # wdpck114j9l121kb467t4buyln.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wdpck114j9l121kb467t4buyln|03|biz"; nocase; ) # 1pa5718t489vh137cwk79gpnjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pa5718t489vh137cwk79gpnjs|03|org"; nocase; ) # 147dozfaqiags12crvjm7pjit7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147dozfaqiags12crvjm7pjit7|03|net"; nocase; ) # 1cjr09s1mojixx4bhpsj1564icr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjr09s1mojixx4bhpsj1564icr|03|net"; nocase; ) # d4ml8m1swhq9w4n5sxa1flqzqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d4ml8m1swhq9w4n5sxa1flqzqw|03|org"; nocase; ) # 98dk6hnhmszn6svwqy1vgvlwh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98dk6hnhmszn6svwqy1vgvlwh|03|com"; nocase; ) # 4i6okz1d1vjfpy7recbmjeheg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4i6okz1d1vjfpy7recbmjeheg|03|net"; nocase; ) # aj3hsr19wxr6r130augn777f5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aj3hsr19wxr6r130augn777f5p|03|org"; nocase; ) # 88n21h1ld4xsy10opg5pgb57by.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|88n21h1ld4xsy10opg5pgb57by|03|net"; nocase; ) # 3rbw9l1w42bca1hdo4at1ctyhu1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3rbw9l1w42bca1hdo4at1ctyhu1|03|com"; nocase; ) # 1u4h3dz19diytnvkj4tw4tb45i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u4h3dz19diytnvkj4tw4tb45i|03|net"; nocase; ) # 3yk6y56rqgtx1u0oghj1hdzn55.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3yk6y56rqgtx1u0oghj1hdzn55|03|net"; nocase; ) # d20hp494wgt71043331tfbwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d20hp494wgt71043331tfbwt|03|com"; nocase; ) # 8qrmtd1kmiewf16aq9wc1t2ek34.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8qrmtd1kmiewf16aq9wc1t2ek34|03|com"; nocase; ) # vjaily692942kcgur4vvmiq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vjaily692942kcgur4vvmiq0|03|net"; nocase; ) # mmsmey1a0l4q2wuwdxy11manci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mmsmey1a0l4q2wuwdxy11manci|03|com"; nocase; ) # 1apcuif17ausjvzy5xnw8wab7a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1apcuif17ausjvzy5xnw8wab7a|03|net"; nocase; ) # zuw5fl1g2wgh0u5bur21ddb3ck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zuw5fl1g2wgh0u5bur21ddb3ck|03|com"; nocase; ) # dyfomd1ab904he16jx71t7ycbt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dyfomd1ab904he16jx71t7ycbt|03|net"; nocase; ) # 1po6yp81mb1lln9l9zxd1htjh7w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1po6yp81mb1lln9l9zxd1htjh7w|03|biz"; nocase; ) # 4twhqv13aks261umf016i11tkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4twhqv13aks261umf016i11tkf|03|org"; nocase; ) # 3mianrvc83os3f25131aptr5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3mianrvc83os3f25131aptr5q|03|net"; nocase; ) # thevgm125wdx0v4qryl1j9em3s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|thevgm125wdx0v4qryl1j9em3s|03|org"; nocase; ) # ihzb2jwga4r1ql8m1vribgf3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ihzb2jwga4r1ql8m1vribgf3|03|com"; nocase; ) # 6n2bq82wp7461esudx41uuvz9r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6n2bq82wp7461esudx41uuvz9r|03|net"; nocase; ) # 1872ppo1fpzbk81sbo8ii1w4bivz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1872ppo1fpzbk81sbo8ii1w4bivz|03|biz"; nocase; ) # sftrin15a6fpdziian613tjnbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sftrin15a6fpdziian613tjnbf|03|com"; nocase; ) # slajis6ggghc184wg7z13uko33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|slajis6ggghc184wg7z13uko33|03|org"; nocase; ) # 1gtjmab10r9z5xr1v07mr69f3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gtjmab10r9z5xr1v07mr69f3r|03|net"; nocase; ) # 1kxnvgi1goqwwf116icvm1hjx99f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kxnvgi1goqwwf116icvm1hjx99f|03|org"; nocase; ) # 4lr6je91rloe1b2891ilc10a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4lr6je91rloe1b2891ilc10a|03|com"; nocase; ) # qkxe3ng4irjv1n5lr12hmymof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qkxe3ng4irjv1n5lr12hmymof|03|com"; nocase; ) # 2lmims1ftz0z516wew241r9vw5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2lmims1ftz0z516wew241r9vw5h|03|net"; nocase; ) # 14aysf1h1s2q81rnrje61xypkmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14aysf1h1s2q81rnrje61xypkmp|03|org"; nocase; ) # zfb7ed1p9nebtvubnhzjtpnjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfb7ed1p9nebtvubnhzjtpnjt|03|net"; nocase; ) # wckfmq1y0vsxi1qmeszm1nhmzxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wckfmq1y0vsxi1qmeszm1nhmzxs|03|biz"; nocase; ) # 1wg3wav1j0w0qs1ab8hb2js1k73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wg3wav1j0w0qs1ab8hb2js1k73|03|org"; nocase; ) # 1xeftiw1ka27rd1jlgbqe4plsnu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xeftiw1ka27rd1jlgbqe4plsnu|03|net"; nocase; ) # 16qmj3eg87puh126qjifb3ls14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16qmj3eg87puh126qjifb3ls14|03|net"; nocase; ) # 1ylz6pxkl5k18u7805mriaf45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ylz6pxkl5k18u7805mriaf45|03|net"; nocase; ) # 1q7otkznxiy1y1v098x9gd534m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q7otkznxiy1y1v098x9gd534m|03|com"; nocase; ) # oyeigd17cemzqahhrs81feotu5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oyeigd17cemzqahhrs81feotu5|03|org"; nocase; ) # 12r18l4ja4v9z16p5ihw9uwg4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12r18l4ja4v9z16p5ihw9uwg4u|03|com"; nocase; ) # 367822191aq90da2xsp16w07jx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|367822191aq90da2xsp16w07jx|03|net"; nocase; ) # 1sbqngz1j93euz12ikdfdfn5up4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sbqngz1j93euz12ikdfdfn5up4|03|biz"; nocase; ) # 1qcp1vye8i7ts1c8scuz1uzbpuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qcp1vye8i7ts1c8scuz1uzbpuj|03|com"; nocase; ) # q7i7p3sqayytq24yvs1nispdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q7i7p3sqayytq24yvs1nispdy|03|net"; nocase; ) # wy32sip9orow5btrm71wenc57.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wy32sip9orow5btrm71wenc57|03|biz"; nocase; ) # n3k11j1xq1n7ccgtfnclc2a7b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n3k11j1xq1n7ccgtfnclc2a7b|03|org"; nocase; ) # tvv8wf1jj0t901t2of7p1shc4dq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tvv8wf1jj0t901t2of7p1shc4dq|03|net"; nocase; ) # 1249ixlqn979jvopdkx8t70f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1249ixlqn979jvopdkx8t70f|03|org"; nocase; ) # 1t6nyrc1hzsu2w1l9605g4bnrwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t6nyrc1hzsu2w1l9605g4bnrwq|03|biz"; nocase; ) # kvpi6i1j9tv81mmf3cg1sca61r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvpi6i1j9tv81mmf3cg1sca61r|03|net"; nocase; ) # 9mwywyvd8q3jl9o1vft03u6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9mwywyvd8q3jl9o1vft03u6|03|com"; nocase; ) # 6p536p18ntee41ehwm62kua0p0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6p536p18ntee41ehwm62kua0p0|03|biz"; nocase; ) # 2w6ocexnmr311o6urw1uib37e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2w6ocexnmr311o6urw1uib37e|03|org"; nocase; ) # 1txv1m4d5nxlw1i7e6i9jt44st.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1txv1m4d5nxlw1i7e6i9jt44st|03|net"; nocase; ) # hsk0l5u18lm61ykfzgorjfwo8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hsk0l5u18lm61ykfzgorjfwo8|03|com"; nocase; ) # mkgv2udl5okz161c6mh15qszs7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mkgv2udl5okz161c6mh15qszs7|03|net"; nocase; ) # qgdeef1ek6wpdy12d1eve3zm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qgdeef1ek6wpdy12d1eve3zm|03|org"; nocase; ) # 14ugu1f5vb8ywptyywmodq1gw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14ugu1f5vb8ywptyywmodq1gw|03|com"; nocase; ) # 1pu2g0x1yc4nrt1wuxq8jhrs4hg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pu2g0x1yc4nrt1wuxq8jhrs4hg|03|biz"; nocase; ) # 1hedj491rbhygcqwuc5y1d9d1z8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hedj491rbhygcqwuc5y1d9d1z8|03|net"; nocase; ) # 191z3l9ar13nu10i32cjcbop4l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|191z3l9ar13nu10i32cjcbop4l|03|biz"; nocase; ) # i63ktj1mknwt91x9nfg8ko86xe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i63ktj1mknwt91x9nfg8ko86xe|03|com"; nocase; ) # 6zi550qy5j461p5viml1lxfpkg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6zi550qy5j461p5viml1lxfpkg|03|net"; nocase; ) # svi1o31iiedqunynww17rzoqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|svi1o31iiedqunynww17rzoqr|03|net"; nocase; ) # 11wsqp7oe088m1a1a6931bwkyqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11wsqp7oe088m1a1a6931bwkyqp|03|com"; nocase; ) # 1fkmhlegp6hhe1f76yii19umxem.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fkmhlegp6hhe1f76yii19umxem|03|biz"; nocase; ) # 1b5fcl5fanqwqpdw5yy1tqoagf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b5fcl5fanqwqpdw5yy1tqoagf|03|net"; nocase; ) # cvko95b2zyqxyfb61g1m838nl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cvko95b2zyqxyfb61g1m838nl|03|net"; nocase; ) # m79qw9555guqii51oo1ipvhzj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m79qw9555guqii51oo1ipvhzj|03|org"; nocase; ) # yu37ct3b112v6ua7g61hoxvli.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yu37ct3b112v6ua7g61hoxvli|03|biz"; nocase; ) # 1ttl0bszbh2f01whmap12erxp7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ttl0bszbh2f01whmap12erxp7|03|com"; nocase; ) # 1fx1ncsi8h8ff5x7b68inwnsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fx1ncsi8h8ff5x7b68inwnsa|03|net"; nocase; ) # ek0njw1qoay10gaz46uaxy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|ek0njw1qoay10gaz46uaxy|03|com"; nocase; ) # t07ttemoqxgn18cxpi012djs2d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t07ttemoqxgn18cxpi012djs2d|03|org"; nocase; ) # ewv5rh1kmchvpwl5jqxzf232k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ewv5rh1kmchvpwl5jqxzf232k|03|org"; nocase; ) # y8gxzu1iuknszqybuor19y183p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y8gxzu1iuknszqybuor19y183p|03|com"; nocase; ) # zn4sufbvdxig1xsacc71dyy1vr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zn4sufbvdxig1xsacc71dyy1vr|03|org"; nocase; ) # h3lk0tbl6rkpso6uvg14ss1lr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3lk0tbl6rkpso6uvg14ss1lr|03|com"; nocase; ) # 1gs9f6planmz7bztabo1ydu4p4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gs9f6planmz7bztabo1ydu4p4|03|net"; nocase; ) # 1f19kjp1kslqkja1nhr6us3c1e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f19kjp1kslqkja1nhr6us3c1e|03|net"; nocase; ) # 1b42onp177l30whgrm4izmgxip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b42onp177l30whgrm4izmgxip|03|org"; nocase; ) # yk36e71av0zz8zcggqh1osw2sr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yk36e71av0zz8zcggqh1osw2sr|03|com"; nocase; ) # 9ttaek1qotegj1qt8vithao5r4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ttaek1qotegj1qt8vithao5r4|03|org"; nocase; ) # 1qzadsxoxe848q7lzcbgo0h5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qzadsxoxe848q7lzcbgo0h5l|03|net"; nocase; ) # ull7tug00b9u1cr2rxh1uyzwaa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ull7tug00b9u1cr2rxh1uyzwaa|03|biz"; nocase; ) # o3l5xu28hp0n17g4bkd1bu9693.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o3l5xu28hp0n17g4bkd1bu9693|03|net"; nocase; ) # 1ml51y11h2le7t16xrrrneabjd6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ml51y11h2le7t16xrrrneabjd6|03|biz"; nocase; ) # 13dqroj1hls3za17yf66eib56xk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13dqroj1hls3za17yf66eib56xk|03|com"; nocase; ) # 172qbi1sq84151cxc5enp0bkzs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|172qbi1sq84151cxc5enp0bkzs|03|org"; nocase; ) # 1jbvjbr115krlow3yk7r1kc3izn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jbvjbr115krlow3yk7r1kc3izn|03|com"; nocase; ) # 1g1r0cggbzvdn63kcnd4wxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1g1r0cggbzvdn63kcnd4wxq|03|net"; nocase; ) # 12duq8yipq3m1gm9ppisaetlh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12duq8yipq3m1gm9ppisaetlh|03|com"; nocase; ) # 11dua5p1ymj72nrbhh20nw7f7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11dua5p1ymj72nrbhh20nw7f7v|03|com"; nocase; ) # w4cpwfxksykhc7pfvh6a9hjo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w4cpwfxksykhc7pfvh6a9hjo|03|net"; nocase; ) # egx4opygzm5wd6t7c718obx68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|egx4opygzm5wd6t7c718obx68|03|com"; nocase; ) # dvyz9a1gvsgpu1non6j91ualmhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dvyz9a1gvsgpu1non6j91ualmhb|03|com"; nocase; ) # 1qzrv391erw34ey9nkrxdzt88n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qzrv391erw34ey9nkrxdzt88n|03|biz"; nocase; ) # vc5rb11pn0il21r4cm1atsa9go.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vc5rb11pn0il21r4cm1atsa9go|03|org"; nocase; ) # qx22hdnm3zxnk7ffft14hcr5b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qx22hdnm3zxnk7ffft14hcr5b|03|org"; nocase; ) # 1ff41ic7fqxcpmb8tio1ei8x34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ff41ic7fqxcpmb8tio1ei8x34|03|net"; nocase; ) # ocsdpaj4dt181akhhhzb72z87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ocsdpaj4dt181akhhhzb72z87|03|com"; nocase; ) # 1d0yo4f102fk6y1yj37br17e8e6s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d0yo4f102fk6y1yj37br17e8e6s|03|org"; nocase; ) # vgsr3e1qq9fxnd5smjoc2q9sm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vgsr3e1qq9fxnd5smjoc2q9sm|03|net"; nocase; ) # 1vlodft89rfo61uz9zf9b7qsbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vlodft89rfo61uz9zf9b7qsbu|03|net"; nocase; ) # 1xz2pxe1qzikuim917frrcrbet.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xz2pxe1qzikuim917frrcrbet|03|biz"; nocase; ) # 1i6of71160s4qtz8xaxlkelhc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i6of71160s4qtz8xaxlkelhc7|03|net"; nocase; ) # nfashz17hjp081g5fgy71d22gx5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nfashz17hjp081g5fgy71d22gx5|03|com"; nocase; ) # 13enqpn17e2n6scobngx1rd6dev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13enqpn17e2n6scobngx1rd6dev|03|net"; nocase; ) # 1guuol3fxzstvejvysq19fgo3c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1guuol3fxzstvejvysq19fgo3c|03|org"; nocase; ) # ydv7rux7dyxrd4lhyy11e3uyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ydv7rux7dyxrd4lhyy11e3uyc|03|com"; nocase; ) # 17i2rqc5u5556vow4ztbhh5ry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17i2rqc5u5556vow4ztbhh5ry|03|org"; nocase; ) # ainvrive5exi1galmoa15n02zj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ainvrive5exi1galmoa15n02zj|03|org"; nocase; ) # 1p95lns714styi5pcortcewyr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p95lns714styi5pcortcewyr|03|org"; nocase; ) # jv1d9tz959eo1avlb0xebyvku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jv1d9tz959eo1avlb0xebyvku|03|org"; nocase; ) # 1n9i78y1bbc3hwh0hn3w1fjps7j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9i78y1bbc3hwh0hn3w1fjps7j|03|biz"; nocase; ) # 1fghv2w1lpnpte3yi32137er4y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fghv2w1lpnpte3yi32137er4y|03|biz"; nocase; ) # dcmclpyj85ljcabk0y42yse0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dcmclpyj85ljcabk0y42yse0|03|net"; nocase; ) # 1089h6h1wp7ynf1xulbhn1fut63v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1089h6h1wp7ynf1xulbhn1fut63v|03|com"; nocase; ) # ig96uu1cqccec19ez2kq2yyfx2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ig96uu1cqccec19ez2kq2yyfx2|03|net"; nocase; ) # vaau071gsy8gk1rlngh8lc2e39.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vaau071gsy8gk1rlngh8lc2e39|03|biz"; nocase; ) # 13xsr431nnsw6j19g5ghtolfzfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13xsr431nnsw6j19g5ghtolfzfc|03|com"; nocase; ) # 18lzbugy9dvqwi3yersr8ndwn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18lzbugy9dvqwi3yersr8ndwn|03|org"; nocase; ) # fafxja6o7whw1r44shk1tnnjxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fafxja6o7whw1r44shk1tnnjxf|03|com"; nocase; ) # xlovyp11snxi711r9gymcfdy3m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xlovyp11snxi711r9gymcfdy3m|03|com"; nocase; ) # tn24fu1pgtdz11djx2ex1amvn85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tn24fu1pgtdz11djx2ex1amvn85|03|org"; nocase; ) # mq66ppe5wh3zuien1e1cpuszt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mq66ppe5wh3zuien1e1cpuszt|03|net"; nocase; ) # 16kyjmfbl4gq31o0reqo19w4awx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16kyjmfbl4gq31o0reqo19w4awx|03|org"; nocase; ) # cnabh23ubfoub4m1k5kbx5g9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cnabh23ubfoub4m1k5kbx5g9|03|com"; nocase; ) # h2fn201pmnafnzznv2n17dqw13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2fn201pmnafnzznv2n17dqw13|03|net"; nocase; ) # igyx3j1apb26o1bo7c7xpxcq82.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|igyx3j1apb26o1bo7c7xpxcq82|03|com"; nocase; ) # 133l14q1iit3n1g44uto1k71mk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|133l14q1iit3n1g44uto1k71mk4|03|org"; nocase; ) # 1e3d821120tvn9agg7uy1iix0ab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e3d821120tvn9agg7uy1iix0ab|03|com"; nocase; ) # 139mlun1ngpjys1h1g1fw173p072.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|139mlun1ngpjys1h1g1fw173p072|03|net"; nocase; ) # 87loxvt5ffqbuedl721owsd8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|87loxvt5ffqbuedl721owsd8n|03|net"; nocase; ) # vlm2g17e8sh1jco5xb1ttoash.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vlm2g17e8sh1jco5xb1ttoash|03|org"; nocase; ) # qty0duo3kbhggjgdasmplty9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qty0duo3kbhggjgdasmplty9|03|net"; nocase; ) # ucterjqyzcrk1laq67u132b5pr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ucterjqyzcrk1laq67u132b5pr|03|org"; nocase; ) # 1cb1w3gdrwitu1pd8hxd1fyr7y9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cb1w3gdrwitu1pd8hxd1fyr7y9|03|com"; nocase; ) # 9reehn1ys0vvq1jp82cr1ifqqxc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9reehn1ys0vvq1jp82cr1ifqqxc|03|net"; nocase; ) # 14hbwe91z088104rosnn1vho45e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hbwe91z088104rosnn1vho45e|03|biz"; nocase; ) # 1mvwfe91c1opq3wgk1mpupy18o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvwfe91c1opq3wgk1mpupy18o|03|com"; nocase; ) # 18e7mtx1saews6dajfjftv4c2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18e7mtx1saews6dajfjftv4c2g|03|net"; nocase; ) # 1e06hvk2c0l1o1lf7uv31w09srf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e06hvk2c0l1o1lf7uv31w09srf|03|com"; nocase; ) # pfgw3v1aik08j56bdpn1pvz6on.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pfgw3v1aik08j56bdpn1pvz6on|03|biz"; nocase; ) # mv45kyj6jl8f16kn0qd1mmqcrc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mv45kyj6jl8f16kn0qd1mmqcrc|03|com"; nocase; ) # 151cezwc280vh1hgm0zem7r43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|151cezwc280vh1hgm0zem7r43|03|net"; nocase; ) # 1essqhusahj3u1fuxp4419wps9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1essqhusahj3u1fuxp4419wps9a|03|org"; nocase; ) # 3sgk46f2y84s19l4qw86850rb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3sgk46f2y84s19l4qw86850rb|03|net"; nocase; ) # 1yvv2ii10a1cssh3i4rrqo9szv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yvv2ii10a1cssh3i4rrqo9szv|03|biz"; nocase; ) # 1btu2831yvq32l131o1j3hu4l7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1btu2831yvq32l131o1j3hu4l7g|03|net"; nocase; ) # 10sjts0pqd8yzg4ye5u1lveu8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10sjts0pqd8yzg4ye5u1lveu8|03|com"; nocase; ) # 9gfwtk9s1yuoew8ubgnb2m4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9gfwtk9s1yuoew8ubgnb2m4g|03|net"; nocase; ) # wlaylh1bq3w5w10esxow92zvw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wlaylh1bq3w5w10esxow92zvw4|03|org"; nocase; ) # 1u8ur26xd2mp5q1d1bp1waa5u7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u8ur26xd2mp5q1d1bp1waa5u7|03|com"; nocase; ) # 1j3sxx105wf1v16av1a5916tc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j3sxx105wf1v16av1a5916tc2|03|net"; nocase; ) # 1m60oh8cum9ay1tgmk111olh7kn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m60oh8cum9ay1tgmk111olh7kn|03|org"; nocase; ) # 17jc6d41z0xkby1pojv00gj40o3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17jc6d41z0xkby1pojv00gj40o3|03|com"; nocase; ) # 4ukczo1gvvpxr1g80n5e1lkueg7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4ukczo1gvvpxr1g80n5e1lkueg7|03|biz"; nocase; ) # tvz7yy1i8l61913z6y1f13l2skg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tvz7yy1i8l61913z6y1f13l2skg|03|net"; nocase; ) # 1p3b2wi11mq8n14mcmx2qypx4b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p3b2wi11mq8n14mcmx2qypx4b|03|org"; nocase; ) # 1t9f1k77vi99u1pf5uyy1kwv2ag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t9f1k77vi99u1pf5uyy1kwv2ag|03|net"; nocase; ) # 9if474453atx3unqu717r6hjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9if474453atx3unqu717r6hjm|03|org"; nocase; ) # 1p3r7c21cy90611q48h11pme1ru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3r7c21cy90611q48h11pme1ru|03|net"; nocase; ) # qykdrz1a7wvhm1nphotu134ozeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qykdrz1a7wvhm1nphotu134ozeq|03|net"; nocase; ) # 1avg0qn1o741c51nndo7z5ca15q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1avg0qn1o741c51nndo7z5ca15q|03|net"; nocase; ) # tc6e931vkyrva1ya82cy64oklc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tc6e931vkyrva1ya82cy64oklc|03|biz"; nocase; ) # 1nahbaq1wc11j71m0qk4l1hkzvsx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nahbaq1wc11j71m0qk4l1hkzvsx|03|org"; nocase; ) # 1hzx3d21wp1910h9zbp5ag48x8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hzx3d21wp1910h9zbp5ag48x8|03|org"; nocase; ) # 1wgcrpapcx03x1h2rh5ib8zou6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wgcrpapcx03x1h2rh5ib8zou6|03|org"; nocase; ) # 1vr5izepj0v8i10dx7rr1itdj0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vr5izepj0v8i10dx7rr1itdj0v|03|net"; nocase; ) # 4ira6l1n8w8zs1iqmkor122s4vv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4ira6l1n8w8zs1iqmkor122s4vv|03|com"; nocase; ) # cj1llsmjdpms15nb1uv1p0kaau.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cj1llsmjdpms15nb1uv1p0kaau|03|org"; nocase; ) # lqpntwlqr7q91ed0ozobbfujd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lqpntwlqr7q91ed0ozobbfujd|03|net"; nocase; ) # 1fq5pobbai51pxpqz23x7nda6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fq5pobbai51pxpqz23x7nda6|03|com"; nocase; ) # r7qxvpnbxw3be3yag1m75ojj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r7qxvpnbxw3be3yag1m75ojj|03|net"; nocase; ) # 1ojc92o1wfvwtr1qzez5b14ep91t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ojc92o1wfvwtr1qzez5b14ep91t|03|biz"; nocase; ) # 1egwc1wsc3938243afejq5244.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1egwc1wsc3938243afejq5244|03|net"; nocase; ) # 1ez7r1w1ymgg311n79af1osfl6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ez7r1w1ymgg311n79af1osfl6h|03|net"; nocase; ) # 1my4g9h11i9lg1mxxbd11vxb96x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1my4g9h11i9lg1mxxbd11vxb96x|03|org"; nocase; ) # y9nacd4nkn401k0ldfh1h4nnxi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y9nacd4nkn401k0ldfh1h4nnxi|03|com"; nocase; ) # 1hidvh81hrqaz81ys1adnk3plvp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hidvh81hrqaz81ys1adnk3plvp|03|org"; nocase; ) # nc62d01lzsygbuqin6xzqp9vj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nc62d01lzsygbuqin6xzqp9vj|03|net"; nocase; ) # rx6jla1pe3gkt1jw0hzxba8p9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rx6jla1pe3gkt1jw0hzxba8p9u|03|com"; nocase; ) # 18c3hqwiiy5xoyw6g3l1sih56v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18c3hqwiiy5xoyw6g3l1sih56v|03|biz"; nocase; ) # 12n0igar5uq44xwn8mxbnzizl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12n0igar5uq44xwn8mxbnzizl|03|net"; nocase; ) # jy5obouvcehh55kxdzm43cfv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jy5obouvcehh55kxdzm43cfv|03|net"; nocase; ) # 12im1hnb3a7hu1a7i8bh1t24r4l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12im1hnb3a7hu1a7i8bh1t24r4l|03|biz"; nocase; ) # 1hjw5191upce0n7975xn1xq1n48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hjw5191upce0n7975xn1xq1n48|03|com"; nocase; ) # wos1lm582trj1f5mq7y71qhhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wos1lm582trj1f5mq7y71qhhi|03|org"; nocase; ) # z4ide818v4ujo1p8lhqe1h5c0h9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z4ide818v4ujo1p8lhqe1h5c0h9|03|org"; nocase; ) # 13se1fsoenuhl75evb11t7r7cb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13se1fsoenuhl75evb11t7r7cb|03|org"; nocase; ) # b0kfck16bu86k8m9hj91byfk7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0kfck16bu86k8m9hj91byfk7k|03|biz"; nocase; ) # 1izy62218x0929tjavpsjp4qzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1izy62218x0929tjavpsjp4qzj|03|biz"; nocase; ) # 5nwh1ip3tcd0dcxw14l26wum.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5nwh1ip3tcd0dcxw14l26wum|03|com"; nocase; ) # oz0tkkzgk8qivc1g22f4suj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oz0tkkzgk8qivc1g22f4suj3|03|net"; nocase; ) # v8yqs72lb12qalb3ifpkmedj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v8yqs72lb12qalb3ifpkmedj|03|net"; nocase; ) # t53p2t4ajljlse1ncr1gyi5ij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t53p2t4ajljlse1ncr1gyi5ij|03|biz"; nocase; ) # t9ywm1fprchvsx4f62wu7s73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t9ywm1fprchvsx4f62wu7s73|03|org"; nocase; ) # 1t2xtgu1w0mvbt1l6jtbg9pz4rm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t2xtgu1w0mvbt1l6jtbg9pz4rm|03|com"; nocase; ) # 1fnarpx1kkirzr904pipm00pvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fnarpx1kkirzr904pipm00pvs|03|com"; nocase; ) # fdxermd1tkff114ynds1fzwqiz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fdxermd1tkff114ynds1fzwqiz|03|net"; nocase; ) # 15b4o7y129urko120eqll1ubjfa4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15b4o7y129urko120eqll1ubjfa4|03|net"; nocase; ) # 143ha0c13vejli1bz4pk1152frie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|143ha0c13vejli1bz4pk1152frie|03|org"; nocase; ) # 188p87tvnk2s21tw0ao8178l3cq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|188p87tvnk2s21tw0ao8178l3cq|03|com"; nocase; ) # 1snba2w1d4kx0yutog4q1yzcx7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1snba2w1d4kx0yutog4q1yzcx7|03|org"; nocase; ) # 12z4tt81szhamz18w9yy0uybw9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12z4tt81szhamz18w9yy0uybw9j|03|org"; nocase; ) # 13tex7zmiieu51tvgo8dlh81k1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13tex7zmiieu51tvgo8dlh81k1|03|com"; nocase; ) # ai7ret1vamuwv10hz1myea3m60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ai7ret1vamuwv10hz1myea3m60|03|net"; nocase; ) # 1l41qyu1cod86a5tysc11smefq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l41qyu1cod86a5tysc11smefq8|03|com"; nocase; ) # 83sv0tqrkdr471zejb3rntef.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|83sv0tqrkdr471zejb3rntef|03|biz"; nocase; ) # 12qeb1v130matu6c4wtjjr941.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12qeb1v130matu6c4wtjjr941|03|net"; nocase; ) # hee72sm11suv47i6n14l58ng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hee72sm11suv47i6n14l58ng|03|net"; nocase; ) # bxtk1qxzj5ykkd1x9p1ylb1o1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bxtk1qxzj5ykkd1x9p1ylb1o1|03|org"; nocase; ) # 1ji5oeu1f4a31xl36a84178fcb6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ji5oeu1f4a31xl36a84178fcb6|03|net"; nocase; ) # 1mpmfgf1t3tjc6wvda5mog9vvl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpmfgf1t3tjc6wvda5mog9vvl|03|com"; nocase; ) # 1wc57b0wpxqkm5qvgf2ktvqqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wc57b0wpxqkm5qvgf2ktvqqo|03|org"; nocase; ) # dqwf7vdil3i42sby75zru5jd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dqwf7vdil3i42sby75zru5jd|03|net"; nocase; ) # e4p3wsak9o8w14i5ezkcu9dhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e4p3wsak9o8w14i5ezkcu9dhe|03|com"; nocase; ) # zx3qxs1xqy4go10q06pj1rlegld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zx3qxs1xqy4go10q06pj1rlegld|03|org"; nocase; ) # g74u9h3r72xn1xwih93tnc28e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g74u9h3r72xn1xwih93tnc28e|03|net"; nocase; ) # 6rsqu3e1pq7busq08x1su1ryn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rsqu3e1pq7busq08x1su1ryn|03|com"; nocase; ) # 26zz6h1pl4bcougnyhwbfk1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|26zz6h1pl4bcougnyhwbfk1w|03|net"; nocase; ) # 1xlyskinmugra14ezaj1mmbfug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xlyskinmugra14ezaj1mmbfug|03|net"; nocase; ) # nmv7961iglzdgb9vq4z1fzu6aj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nmv7961iglzdgb9vq4z1fzu6aj|03|net"; nocase; ) # bcytg01xyjboe1qy0tns66mnfv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcytg01xyjboe1qy0tns66mnfv|03|biz"; nocase; ) # ez7vv11j17oja2wgy6v1rkrao1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ez7vv11j17oja2wgy6v1rkrao1|03|biz"; nocase; ) # lxscts1gomcl18gjwoz3eqnrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lxscts1gomcl18gjwoz3eqnrb|03|com"; nocase; ) # 1susglj8xkr5cd40jdl16iwk96.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1susglj8xkr5cd40jdl16iwk96|03|net"; nocase; ) # 9lf3r3ke86qg19wuobyzo8sd0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9lf3r3ke86qg19wuobyzo8sd0|03|biz"; nocase; ) # 1v2wz1cu2siqo19fs2pt1xru668.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v2wz1cu2siqo19fs2pt1xru668|03|org"; nocase; ) # vztvygcoft3e1nmz9zbn0att6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vztvygcoft3e1nmz9zbn0att6|03|org"; nocase; ) # 1ssgqoj1m41w0z15szhx61722hsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ssgqoj1m41w0z15szhx61722hsp|03|org"; nocase; ) # mc5igfzumz5i6ej4qid98ae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mc5igfzumz5i6ej4qid98ae|03|net"; nocase; ) # 1as0ba816f6j311o0jnce19idp2v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1as0ba816f6j311o0jnce19idp2v|03|net"; nocase; ) # 1da8mo21x027351d5hcypwpjlng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1da8mo21x027351d5hcypwpjlng|03|org"; nocase; ) # 18tvc8g1kv5rm215akcr578sg1j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tvc8g1kv5rm215akcr578sg1j|03|net"; nocase; ) # 39z27515rbct41ky8r2c1tqhgfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|39z27515rbct41ky8r2c1tqhgfa|03|biz"; nocase; ) # savqf2ipqk5v1xdsa1wcgeofy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|savqf2ipqk5v1xdsa1wcgeofy|03|org"; nocase; ) # hmbgo11gfjy1zukkl261vno7up.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hmbgo11gfjy1zukkl261vno7up|03|net"; nocase; ) # 1lleqcnrnn2dtbs9l73kulur8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lleqcnrnn2dtbs9l73kulur8|03|com"; nocase; ) # 1h5kv4014my2pdkbqt1v1vkr2t7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5kv4014my2pdkbqt1v1vkr2t7|03|net"; nocase; ) # b2veteaf00g8m58ohhjfpbm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b2veteaf00g8m58ohhjfpbm4|03|org"; nocase; ) # btd4j552stmfsfye1e1442x7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|btd4j552stmfsfye1e1442x7|03|biz"; nocase; ) # 1txf8w5u2gqm2gypo17zez6jl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1txf8w5u2gqm2gypo17zez6jl|03|org"; nocase; ) # 12edbjl1fn2zek1fc4o1i1v92nyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12edbjl1fn2zek1fc4o1i1v92nyk|03|net"; nocase; ) # qn0fdj7q45rm1ub4k9i1ypxeus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qn0fdj7q45rm1ub4k9i1ypxeus|03|net"; nocase; ) # 1hbs8g4qm9tledh2tk8177t4go.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbs8g4qm9tledh2tk8177t4go|03|biz"; nocase; ) # bhy2aoicsm6eisut6q1cluact.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bhy2aoicsm6eisut6q1cluact|03|org"; nocase; ) # 86v1xew5hudsyr0afo1uqmtvw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86v1xew5hudsyr0afo1uqmtvw|03|com"; nocase; ) # xzr9qw2sfdi21rqfwdbjm7hza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzr9qw2sfdi21rqfwdbjm7hza|03|com"; nocase; ) # 1mipvqj1n80ruy174v83z10e2uvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mipvqj1n80ruy174v83z10e2uvv|03|net"; nocase; ) # ms86f61qswudevb077img0w63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ms86f61qswudevb077img0w63|03|com"; nocase; ) # qli3ue1bz0zcdz60bnj1xl8j09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qli3ue1bz0zcdz60bnj1xl8j09|03|org"; nocase; ) # qq6rmvmkx6pv1vtz710ubpeh8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qq6rmvmkx6pv1vtz710ubpeh8|03|net"; nocase; ) # 11ity5t1pgk3zz1rop2mp6wnfxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ity5t1pgk3zz1rop2mp6wnfxo|03|org"; nocase; ) # 3tjoujki38w910kxt2mseue36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3tjoujki38w910kxt2mseue36|03|org"; nocase; ) # 1tut7arcg0cljzepwixmjper2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tut7arcg0cljzepwixmjper2|03|com"; nocase; ) # zo3f9z1eugqro106n3k49ofw51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zo3f9z1eugqro106n3k49ofw51|03|org"; nocase; ) # 6zt5n3i0ftb2yu5rubh593dm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6zt5n3i0ftb2yu5rubh593dm|03|biz"; nocase; ) # 19l8pdu1dfehq2f93e2k1ox47br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19l8pdu1dfehq2f93e2k1ox47br|03|com"; nocase; ) # 3hyx3v1mryftivcw7bq1wm6ud5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3hyx3v1mryftivcw7bq1wm6ud5|03|biz"; nocase; ) # vh177a1vqch8kyvyfbe73axj2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vh177a1vqch8kyvyfbe73axj2|03|net"; nocase; ) # jqcscs1yuc7zw1493zwq11612ul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jqcscs1yuc7zw1493zwq11612ul|03|com"; nocase; ) # 6y66l5cqlx21rq9rnk1jhdx98.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6y66l5cqlx21rq9rnk1jhdx98|03|org"; nocase; ) # rgjhr3m6sslq13qsbdj119ui8q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rgjhr3m6sslq13qsbdj119ui8q|03|net"; nocase; ) # ffdfmf1f20d5h104tqs37g7l4o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ffdfmf1f20d5h104tqs37g7l4o|03|com"; nocase; ) # 4le1qe1mfwqtf1rm147u1pnhlbn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4le1qe1mfwqtf1rm147u1pnhlbn|03|biz"; nocase; ) # 1dymfz0cq9wid10jkvcagt4msn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dymfz0cq9wid10jkvcagt4msn|03|org"; nocase; ) # nn34ld15dxb27caq5ji1ow1gwz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nn34ld15dxb27caq5ji1ow1gwz|03|org"; nocase; ) # kwjuglxgja43102a19x1ismat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kwjuglxgja43102a19x1ismat|03|com"; nocase; ) # 71lkjx21tu6c12jvtrrdvzp0i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|71lkjx21tu6c12jvtrrdvzp0i|03|biz"; nocase; ) # 46c21q8fuopz5wba021bokom4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|46c21q8fuopz5wba021bokom4|03|net"; nocase; ) # 1ny75cb152mykw1pw872v1hjqaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ny75cb152mykw1pw872v1hjqaq|03|com"; nocase; ) # 1qfjpg1c14nabkujjti1tieat0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfjpg1c14nabkujjti1tieat0|03|com"; nocase; ) # 5nj7071afme761hrwervom8o9e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5nj7071afme761hrwervom8o9e|03|net"; nocase; ) # o1w83hbm30ph1ds9yg118j7hbg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o1w83hbm30ph1ds9yg118j7hbg|03|biz"; nocase; ) # 1vy1nyj1mx4aij1rf6pzakhis64.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vy1nyj1mx4aij1rf6pzakhis64|03|biz"; nocase; ) # k2mknxpym3dlrfupz715cvkpo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k2mknxpym3dlrfupz715cvkpo|03|org"; nocase; ) # j2ed1vwltl8o1r2lywq17seeix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2ed1vwltl8o1r2lywq17seeix|03|net"; nocase; ) # 1jgkaf618ig1x1wylrw1hf7g4m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jgkaf618ig1x1wylrw1hf7g4m|03|biz"; nocase; ) # vu1ricfiyvvjo35iif106qu8q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vu1ricfiyvvjo35iif106qu8q|03|org"; nocase; ) # yggr5b11xh6ju1s4rig8eldr3l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yggr5b11xh6ju1s4rig8eldr3l|03|biz"; nocase; ) # qm1g121cz7phl1noip1hz28nhc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qm1g121cz7phl1noip1hz28nhc|03|net"; nocase; ) # 1drvphxt5g5glnrfalq1xbehcx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1drvphxt5g5glnrfalq1xbehcx|03|net"; nocase; ) # mc5wz5186zaq4kyq4gd1dasrna.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mc5wz5186zaq4kyq4gd1dasrna|03|org"; nocase; ) # iuqdn51shd4dr1c16k3t1o8d814.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iuqdn51shd4dr1c16k3t1o8d814|03|com"; nocase; ) # 9xf16a17a23c5lpzcf37xajty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xf16a17a23c5lpzcf37xajty|03|biz"; nocase; ) # 10dntvs4hdo1v1mlh3acw3n4vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10dntvs4hdo1v1mlh3acw3n4vi|03|net"; nocase; ) # 16ewuewiz7h3s89b9ex3kn2ff.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ewuewiz7h3s89b9ex3kn2ff|03|biz"; nocase; ) # 15uircgchn0rf109xx95go8slu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15uircgchn0rf109xx95go8slu|03|net"; nocase; ) # 18yplvv1ny1f707yxfa1krieel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18yplvv1ny1f707yxfa1krieel|03|net"; nocase; ) # f5zefz81hut51kv0o0xxalz7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5zefz81hut51kv0o0xxalz7|03|org"; nocase; ) # q00rev1w37mw3ga1wib9lqips.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q00rev1w37mw3ga1wib9lqips|03|org"; nocase; ) # 12ty2fxzk6rqw913eiyh408r3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ty2fxzk6rqw913eiyh408r3|03|net"; nocase; ) # 13x5wpgv0mosh16k8pb61wj9j6l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13x5wpgv0mosh16k8pb61wj9j6l|03|biz"; nocase; ) # oi2yvnx5ly4n15mmdy91l6mhev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oi2yvnx5ly4n15mmdy91l6mhev|03|com"; nocase; ) # 10ps2np1qfikb256u8171xnb3wr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ps2np1qfikb256u8171xnb3wr|03|org"; nocase; ) # 1x8bybl1lmo6h01otyabhruzq99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x8bybl1lmo6h01otyabhruzq99|03|com"; nocase; ) # 1yy7lrzb01bw8yh11fhe084eh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yy7lrzb01bw8yh11fhe084eh|03|com"; nocase; ) # tbbuwh7ai7131nwmzfm1gxavu8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbbuwh7ai7131nwmzfm1gxavu8|03|org"; nocase; ) # 1r6tnzn138qbseir8n81l98egf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r6tnzn138qbseir8n81l98egf|03|org"; nocase; ) # 9csr3x4yb3b61augzsm1vgpqva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9csr3x4yb3b61augzsm1vgpqva|03|com"; nocase; ) # 13uegctug5dukthl571tngs4s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13uegctug5dukthl571tngs4s|03|org"; nocase; ) # 1p3db0u1d32lvy1syny0l17ovb3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p3db0u1d32lvy1syny0l17ovb3v|03|biz"; nocase; ) # 4lnui02y95xo1k2yk9owu0jx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4lnui02y95xo1k2yk9owu0jx|03|org"; nocase; ) # u4hx26d60hryq03d1b3oo4bs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u4hx26d60hryq03d1b3oo4bs|03|net"; nocase; ) # 115jqdy1advux31g9tbhr1a6ocpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|115jqdy1advux31g9tbhr1a6ocpq|03|biz"; nocase; ) # 1km2fecdm2b8d1s1jb2p8z4q0p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1km2fecdm2b8d1s1jb2p8z4q0p|03|com"; nocase; ) # 13818ngw57j312859onma6glb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13818ngw57j312859onma6glb|03|org"; nocase; ) # v6wi1x1l5kaq716lu69hjhkcvy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v6wi1x1l5kaq716lu69hjhkcvy|03|com"; nocase; ) # 15k8vne3uhwxv1573zdsz4tq5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15k8vne3uhwxv1573zdsz4tq5c|03|net"; nocase; ) # 1dg9uey1owqwb1tjlms2161oy9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dg9uey1owqwb1tjlms2161oy9|03|org"; nocase; ) # 13pgezy1u3rxyg1wmgzrs2cd3xg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13pgezy1u3rxyg1wmgzrs2cd3xg|03|net"; nocase; ) # 9f3dkvjbo51zpgfcri1d0nw38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f3dkvjbo51zpgfcri1d0nw38|03|org"; nocase; ) # tdjq7n1ymqat79jhc3riv0ore.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tdjq7n1ymqat79jhc3riv0ore|03|net"; nocase; ) # 9xcof811omilrmht57j8vt31w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xcof811omilrmht57j8vt31w|03|net"; nocase; ) # kz34u0aucbn716xart51sk3db4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kz34u0aucbn716xart51sk3db4|03|org"; nocase; ) # uqmbk91sec1i6gg72gfhpbxx4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uqmbk91sec1i6gg72gfhpbxx4|03|biz"; nocase; ) # sq2wggxfcz5cev2wsdr9ioix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sq2wggxfcz5cev2wsdr9ioix|03|net"; nocase; ) # 1gx4ycw11q319yepbmos1sw1z6m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gx4ycw11q319yepbmos1sw1z6m|03|biz"; nocase; ) # 4fxs41lsu9541ors6ex1bnyhws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4fxs41lsu9541ors6ex1bnyhws|03|net"; nocase; ) # 1902b581rb91veyvfxi114d3ja4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1902b581rb91veyvfxi114d3ja4|03|net"; nocase; ) # na3ifm1c08bimsxy5kn112t228.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|na3ifm1c08bimsxy5kn112t228|03|org"; nocase; ) # 64lr5dbh87qd1d273e01iiimvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|64lr5dbh87qd1d273e01iiimvc|03|org"; nocase; ) # 1k1prl66lavrmwn7cundyf2do.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k1prl66lavrmwn7cundyf2do|03|org"; nocase; ) # 1eak3d11hw07mi1j84khtkmcy95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eak3d11hw07mi1j84khtkmcy95|03|net"; nocase; ) # 8uzlku1lpypi1tojuuioakibn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8uzlku1lpypi1tojuuioakibn|03|com"; nocase; ) # o4pvxussamj01rvp62va9jfab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o4pvxussamj01rvp62va9jfab|03|org"; nocase; ) # oko04y1zqxs7178e204eairhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oko04y1zqxs7178e204eairhw|03|net"; nocase; ) # rf3rgibg6f2p1td9y3x1qcdnpi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rf3rgibg6f2p1td9y3x1qcdnpi|03|biz"; nocase; ) # 1od103i1jaevmac3mbfh1q1q3et.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1od103i1jaevmac3mbfh1q1q3et|03|com"; nocase; ) # ow8u61c6tk9x1ne9xe9h5h4dn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ow8u61c6tk9x1ne9xe9h5h4dn|03|org"; nocase; ) # hhokjn11ge0m618jid0h1dcc2ul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hhokjn11ge0m618jid0h1dcc2ul|03|com"; nocase; ) # ozdpsp1hzbinf1mp851g1ld67q5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ozdpsp1hzbinf1mp851g1ld67q5|03|net"; nocase; ) # dwwqrxwqxsy61taqdfw1fxake2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dwwqrxwqxsy61taqdfw1fxake2|03|org"; nocase; ) # 12fpo9u9s1r3ww1y746clinw1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12fpo9u9s1r3ww1y746clinw1|03|com"; nocase; ) # e4f8ak1uqpvtlv0mvgs1njyb8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e4f8ak1uqpvtlv0mvgs1njyb8v|03|net"; nocase; ) # 187iuwa1rmnnjccbngah1783j75.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|187iuwa1rmnnjccbngah1783j75|03|org"; nocase; ) # 1t6br1o5tq5lm1k5fzsyd51c0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t6br1o5tq5lm1k5fzsyd51c0|03|net"; nocase; ) # fu94o717xzo2f1yektjst4bn5p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fu94o717xzo2f1yektjst4bn5p|03|com"; nocase; ) # 1vgux5ydkcxh913vmt4zqfc09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgux5ydkcxh913vmt4zqfc09|03|org"; nocase; ) # 1kn2qk218oo0kz15u22l21o1atla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kn2qk218oo0kz15u22l21o1atla|03|org"; nocase; ) # 1nvfkv31t6fn0j1xptj941gs3m9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nvfkv31t6fn0j1xptj941gs3m9c|03|biz"; nocase; ) # 6ws3geay6wv91envqdzb2ns2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ws3geay6wv91envqdzb2ns2l|03|com"; nocase; ) # 18f1ibi17ld9dw1vuyrpe1w109bl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18f1ibi17ld9dw1vuyrpe1w109bl|03|biz"; nocase; ) # 1gz9r8vnk6v191jfb72x1skpqts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gz9r8vnk6v191jfb72x1skpqts|03|net"; nocase; ) # 1snpg3t5kz591lqyqah1rpzxz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1snpg3t5kz591lqyqah1rpzxz3|03|com"; nocase; ) # eekn2lwn2zsnyy4cdhdrt7f9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eekn2lwn2zsnyy4cdhdrt7f9|03|net"; nocase; ) # wpog9m17lyrq84dlsps198izpe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wpog9m17lyrq84dlsps198izpe|03|net"; nocase; ) # 1kxbrxyec38jg1obiesw1h3bw06.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kxbrxyec38jg1obiesw1h3bw06|03|com"; nocase; ) # 7qw7qaoj87e5l1ttjzi56c9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7qw7qaoj87e5l1ttjzi56c9g|03|com"; nocase; ) # 1juc6a7znh8df1i8lyy3aq0g27.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1juc6a7znh8df1i8lyy3aq0g27|03|biz"; nocase; ) # 1vavpsmhz7em4e02a8sr4m0mw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vavpsmhz7em4e02a8sr4m0mw|03|net"; nocase; ) # 1xv52np10qsmya1wku80v17jcr05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xv52np10qsmya1wku80v17jcr05|03|org"; nocase; ) # qtg948vhlys31m64ayzp0byk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qtg948vhlys31m64ayzp0byk8|03|com"; nocase; ) # 1lxhh21i313zz1x1dq1pvt6izd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lxhh21i313zz1x1dq1pvt6izd|03|org"; nocase; ) # 6p7vkscx6y319uu4j7h6sink.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6p7vkscx6y319uu4j7h6sink|03|org"; nocase; ) # 1phxw81ugjgyckhlj84pbpuou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1phxw81ugjgyckhlj84pbpuou|03|net"; nocase; ) # 12tnfhcxvqaiccxpih1qjhwde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12tnfhcxvqaiccxpih1qjhwde|03|com"; nocase; ) # 7we7bh1s9g1ip1gx9z9g1o9bdsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7we7bh1s9g1ip1gx9z9g1o9bdsl|03|net"; nocase; ) # qqcn7l1oo3nakc6adqs1mvnc9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qqcn7l1oo3nakc6adqs1mvnc9x|03|org"; nocase; ) # tpinuu118ixnt1wugjnr3ywq8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tpinuu118ixnt1wugjnr3ywq8u|03|net"; nocase; ) # d2e9xl13961kp1sxcoj1ihfaet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d2e9xl13961kp1sxcoj1ihfaet|03|net"; nocase; ) # 1fxvswj1anlzzsrstud5npcft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fxvswj1anlzzsrstud5npcft|03|net"; nocase; ) # 169jqcp1bjnqmxd1ctsu15obvh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|169jqcp1bjnqmxd1ctsu15obvh4|03|org"; nocase; ) # 1yljij21qs3h841ny4x2e1qttan2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yljij21qs3h841ny4x2e1qttan2|03|net"; nocase; ) # 7gpcn3mmqz63fzt8ubla962l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7gpcn3mmqz63fzt8ubla962l|03|biz"; nocase; ) # 10fb06molwi5mz0x5u0hbipzx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10fb06molwi5mz0x5u0hbipzx|03|biz"; nocase; ) # 1ihx44tmi9cuy11w1qgmvklqnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ihx44tmi9cuy11w1qgmvklqnc|03|com"; nocase; ) # 1rzlfl1g3z6lw117b2rvjspojj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rzlfl1g3z6lw117b2rvjspojj|03|org"; nocase; ) # 1ut2jfcbdjasd18d3fc61g0fvle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ut2jfcbdjasd18d3fc61g0fvle|03|org"; nocase; ) # 1dnlo361chanzylf8k0euafxvr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dnlo361chanzylf8k0euafxvr|03|org"; nocase; ) # 8xwjdbkerg6t5a44t3dfn0hp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8xwjdbkerg6t5a44t3dfn0hp|03|com"; nocase; ) # 94u2yl1ybz6091ba127r1dm4u3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|94u2yl1ybz6091ba127r1dm4u3o|03|net"; nocase; ) # 1dec8yar663af1f5yjr24ihrv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dec8yar663af1f5yjr24ihrv7|03|net"; nocase; ) # 7k77wwpfc0pzsksrts155rlp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7k77wwpfc0pzsksrts155rlp7|03|net"; nocase; ) # opz1i51fd8gwf1n0sypg1dryacg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|opz1i51fd8gwf1n0sypg1dryacg|03|net"; nocase; ) # 15o7qlsf5yyf36qv6xd9rhv9u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15o7qlsf5yyf36qv6xd9rhv9u|03|org"; nocase; ) # l1jtv7106ynr96z6czi7jk5tn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l1jtv7106ynr96z6czi7jk5tn|03|org"; nocase; ) # 1nt57cb1x32cmx3d6mleo675bh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nt57cb1x32cmx3d6mleo675bh|03|net"; nocase; ) # 1fl5hf42oihj5bg7qke17ujxx9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fl5hf42oihj5bg7qke17ujxx9|03|org"; nocase; ) # 1t626qz12h9tsq1tgn7691dqtjdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t626qz12h9tsq1tgn7691dqtjdw|03|net"; nocase; ) # 1ybcw6m141pgrpjg1eqf12e2mmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ybcw6m141pgrpjg1eqf12e2mmi|03|org"; nocase; ) # b31of1gennkp1ebfxmuwj90ri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b31of1gennkp1ebfxmuwj90ri|03|com"; nocase; ) # 14r6hvxppyh14rf3sv01l3dnns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14r6hvxppyh14rf3sv01l3dnns|03|net"; nocase; ) # 13iwesd1549l81twpzw27sm7m1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13iwesd1549l81twpzw27sm7m1|03|com"; nocase; ) # 1ffndqfhmiqcnbg9d4a1joetkh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ffndqfhmiqcnbg9d4a1joetkh|03|net"; nocase; ) # 11bo7nirf1bszp4c73347wnhh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bo7nirf1bszp4c73347wnhh|03|org"; nocase; ) # 1g4mtzc6mmnvn1e8gkz61dejkug.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g4mtzc6mmnvn1e8gkz61dejkug|03|org"; nocase; ) # 91q1cc98d1n9avjpu11i28vxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91q1cc98d1n9avjpu11i28vxk|03|com"; nocase; ) # hw4gpa2ethvn1s4g4mr15dk57d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hw4gpa2ethvn1s4g4mr15dk57d|03|biz"; nocase; ) # 1obkuluslbnyvta3cyx14ya84a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1obkuluslbnyvta3cyx14ya84a|03|org"; nocase; ) # 1o7xr6a1bt17woecwwwy7zpd37.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7xr6a1bt17woecwwwy7zpd37|03|com"; nocase; ) # 1jgtuayoqzf386jxwjgcbwp7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jgtuayoqzf386jxwjgcbwp7k|03|net"; nocase; ) # oqlyox17gs5xu8e8lsb17dpwnr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oqlyox17gs5xu8e8lsb17dpwnr|03|org"; nocase; ) # fufc6etfkcxm2hc1ty18m6ssi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fufc6etfkcxm2hc1ty18m6ssi|03|biz"; nocase; ) # 8jfp5zz342x6197vp71xqv83x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8jfp5zz342x6197vp71xqv83x|03|net"; nocase; ) # q6s2vw1asa5ibojm2b213ye33p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q6s2vw1asa5ibojm2b213ye33p|03|biz"; nocase; ) # tphnp8dbaxftxm9ynb14it1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tphnp8dbaxftxm9ynb14it1b|03|org"; nocase; ) # kwp2p219ftssb12cuy11dpmqas.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kwp2p219ftssb12cuy11dpmqas|03|org"; nocase; ) # 8nu6o6xj6k2qhtmk11kejj51.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8nu6o6xj6k2qhtmk11kejj51|03|net"; nocase; ) # 1m6qv2obqiavsvnwqhf1j56bv7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m6qv2obqiavsvnwqhf1j56bv7|03|net"; nocase; ) # 1o0q1ei14ivhsinpovll1voblrz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o0q1ei14ivhsinpovll1voblrz|03|org"; nocase; ) # e3k62sgzf0xy1g5cqzj1qxod1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e3k62sgzf0xy1g5cqzj1qxod1z|03|com"; nocase; ) # 1fjn5xir05vxn1fggthy17lo7vd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fjn5xir05vxn1fggthy17lo7vd|03|com"; nocase; ) # 2qwy9if0i8ntr1bwju18vjjsl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qwy9if0i8ntr1bwju18vjjsl|03|org"; nocase; ) # 1ehdre7kboawgdh4r843mkgq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ehdre7kboawgdh4r843mkgq0|03|biz"; nocase; ) # vcwrj51fuzndrd2ioyb30jlls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vcwrj51fuzndrd2ioyb30jlls|03|org"; nocase; ) # stqq7c4pm07c1caihp41fsd4qy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|stqq7c4pm07c1caihp41fsd4qy|03|biz"; nocase; ) # oeqim2mntkwga1y5qxkcwj7p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oeqim2mntkwga1y5qxkcwj7p|03|com"; nocase; ) # 1bfqt8b1ix2wqrc7oyt819r6i66.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bfqt8b1ix2wqrc7oyt819r6i66|03|com"; nocase; ) # 1d9js0gao7zvsrlg21bux2f2o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d9js0gao7zvsrlg21bux2f2o|03|biz"; nocase; ) # 1yzoikk9eqm9n1uqkwsp2tdowa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yzoikk9eqm9n1uqkwsp2tdowa|03|net"; nocase; ) # 1qd2ctw1mepwf01n41mpi1xss4s8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qd2ctw1mepwf01n41mpi1xss4s8|03|biz"; nocase; ) # 199qw91uglaz41sr6ul7ftwvjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|199qw91uglaz41sr6ul7ftwvjd|03|biz"; nocase; ) # 1qzy68612alyfb1u1d5pr1x8cdkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qzy68612alyfb1u1d5pr1x8cdkt|03|com"; nocase; ) # 1i8rwbn13cmm1y1lv6w9l1525dl2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i8rwbn13cmm1y1lv6w9l1525dl2|03|org"; nocase; ) # 10sf4uv106r0ltdyeo55zfhp6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10sf4uv106r0ltdyeo55zfhp6t|03|net"; nocase; ) # 19ep7gs14mqzwpyxt1wia3qixo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ep7gs14mqzwpyxt1wia3qixo|03|org"; nocase; ) # h86ktc1t0xbv6t6e26b9m55e3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h86ktc1t0xbv6t6e26b9m55e3|03|org"; nocase; ) # blhbl89bypy8v0nkaz1wi55tk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|blhbl89bypy8v0nkaz1wi55tk|03|com"; nocase; ) # 121mr5v16mrtf361r7izgzkh2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|121mr5v16mrtf361r7izgzkh2a|03|org"; nocase; ) # 1m9d6z72ty0lh18kuqg01dr6aa4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9d6z72ty0lh18kuqg01dr6aa4|03|biz"; nocase; ) # b9brynpogj9p1f3qrrz14hgr33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9brynpogj9p1f3qrrz14hgr33|03|org"; nocase; ) # 1yt668030gdlrivr59afdijt9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yt668030gdlrivr59afdijt9|03|biz"; nocase; ) # l2ny6eavnm9fnkp19y2iqfok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l2ny6eavnm9fnkp19y2iqfok|03|com"; nocase; ) # jcioq51321vb611ngx3o1aevi05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jcioq51321vb611ngx3o1aevi05|03|org"; nocase; ) # d6pna4ac7vymwocd951sdl6rb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d6pna4ac7vymwocd951sdl6rb|03|net"; nocase; ) # 3phpkj33w3dzy07dex2jlvhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3phpkj33w3dzy07dex2jlvhs|03|com"; nocase; ) # 6bhq1x18e506u1tv7wmz5g3egc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6bhq1x18e506u1tv7wmz5g3egc|03|net"; nocase; ) # 1nhejoa1jnymbuetffhx10cd6uq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nhejoa1jnymbuetffhx10cd6uq|03|net"; nocase; ) # wfyrul1iqbepl1hb5flx1fef0vh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wfyrul1iqbepl1hb5flx1fef0vh|03|net"; nocase; ) # 3o1usrn93fnx1r93twufukeg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3o1usrn93fnx1r93twufukeg|03|biz"; nocase; ) # v4627bed3j1o1xtirjxjzeqov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v4627bed3j1o1xtirjxjzeqov|03|com"; nocase; ) # r4bkyr1nkc3njoqsszrv73zin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4bkyr1nkc3njoqsszrv73zin|03|net"; nocase; ) # 1yr6ico1gtlwjp1tkw4j5pe6p0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yr6ico1gtlwjp1tkw4j5pe6p0u|03|org"; nocase; ) # 1xdgsr81attc5ksjvaas1u4skxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xdgsr81attc5ksjvaas1u4skxi|03|biz"; nocase; ) # 12xq7osnsrulctbp07s166zwax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12xq7osnsrulctbp07s166zwax|03|biz"; nocase; ) # 60zasi192hnwx1myecet1b5x0kx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|60zasi192hnwx1myecet1b5x0kx|03|net"; nocase; ) # uktqrmejp6sfdcztd71ne9t9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uktqrmejp6sfdcztd71ne9t9u|03|com"; nocase; ) # vs3hrlz4zayy19eyk7w1oolznx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vs3hrlz4zayy19eyk7w1oolznx|03|com"; nocase; ) # 12f472vx3pij4cjicpg7fy9t7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12f472vx3pij4cjicpg7fy9t7|03|biz"; nocase; ) # 1xl2zc91s34wh8os8jqxlxkxkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xl2zc91s34wh8os8jqxlxkxkn|03|net"; nocase; ) # ov9p5w1oxl6111vslqtycvqqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ov9p5w1oxl6111vslqtycvqqt|03|org"; nocase; ) # 1uefxgjh1jud72fnkcp1xyfkx2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uefxgjh1jud72fnkcp1xyfkx2|03|net"; nocase; ) # r813241jw6u1sex5kcu1xeb5zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r813241jw6u1sex5kcu1xeb5zy|03|net"; nocase; ) # 1849f9obqecx4ho5k4t77gt8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1849f9obqecx4ho5k4t77gt8g|03|com"; nocase; ) # s8uu63ya2bl112gmzl1nq62kf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s8uu63ya2bl112gmzl1nq62kf|03|org"; nocase; ) # 2ka3rq2ut9pe1q1on2yoo88hb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ka3rq2ut9pe1q1on2yoo88hb|03|net"; nocase; ) # n3vmcj8lzduf1eydzy91a6sy30.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3vmcj8lzduf1eydzy91a6sy30|03|net"; nocase; ) # 159zcpue8xpv42h9duqqfgxaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|159zcpue8xpv42h9duqqfgxaj|03|com"; nocase; ) # cwee7913qm1m91g0jdij1pjj4z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cwee7913qm1m91g0jdij1pjj4z7|03|net"; nocase; ) # 13pl5knjmqr9h2s0yta15mgg00.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13pl5knjmqr9h2s0yta15mgg00|03|net"; nocase; ) # xq1bma12wzvwa1v4ywaldvw2is.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xq1bma12wzvwa1v4ywaldvw2is|03|biz"; nocase; ) # tmmdysauvol1qek795undbfa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tmmdysauvol1qek795undbfa|03|net"; nocase; ) # 1838tr01axydubnrfk0rcmjpiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1838tr01axydubnrfk0rcmjpiu|03|com"; nocase; ) # v5ijrhr9wvhj1g9q7um11gmsgz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5ijrhr9wvhj1g9q7um11gmsgz|03|biz"; nocase; ) # mtrm3zjw7rvo12mwe92vapmp1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mtrm3zjw7rvo12mwe92vapmp1|03|net"; nocase; ) # 1adyanx1ikw0q811zjqsmhyi3aq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adyanx1ikw0q811zjqsmhyi3aq|03|org"; nocase; ) # 1qies04v686fu4b9kwu63fu4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qies04v686fu4b9kwu63fu4l|03|net"; nocase; ) # 15g1ths31le40tbefuyfcwc1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15g1ths31le40tbefuyfcwc1m|03|biz"; nocase; ) # edokz51294v8b10jw1g81nxnshu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|edokz51294v8b10jw1g81nxnshu|03|biz"; nocase; ) # cphun3w7f4m11ni013ueabpbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cphun3w7f4m11ni013ueabpbp|03|com"; nocase; ) # m6hfgghqney3oj5r7f17hojqp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6hfgghqney3oj5r7f17hojqp|03|net"; nocase; ) # 1uds1d91pec0s61lnncn01ibii4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uds1d91pec0s61lnncn01ibii4n|03|com"; nocase; ) # 1ajth10ce855us0fhdi92j7ee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ajth10ce855us0fhdi92j7ee|03|biz"; nocase; ) # batr1wlc03wifr5gtc1ltuy8l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|batr1wlc03wifr5gtc1ltuy8l|03|org"; nocase; ) # 1tlj5z813ik1ea1i5xy0l11r1ci.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tlj5z813ik1ea1i5xy0l11r1ci|03|biz"; nocase; ) # 1ptny5f7syre21xuugic13sm8ks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptny5f7syre21xuugic13sm8ks|03|com"; nocase; ) # qeshnraz7rgo8qdls4gorna5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qeshnraz7rgo8qdls4gorna5|03|net"; nocase; ) # f1j0c2ccw8zrcu075nblzqlf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f1j0c2ccw8zrcu075nblzqlf|03|org"; nocase; ) # c6ak0wjyixt71ox0tyh13h2n7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c6ak0wjyixt71ox0tyh13h2n7g|03|net"; nocase; ) # s29e54uxbjeu1jqioex1xdmlan.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s29e54uxbjeu1jqioex1xdmlan|03|biz"; nocase; ) # 1bi34vm1d6lt371rfvoermjjehz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bi34vm1d6lt371rfvoermjjehz|03|net"; nocase; ) # yyuq22srobya19e2fp312opz25.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yyuq22srobya19e2fp312opz25|03|biz"; nocase; ) # 1tdqy3z1egdat3ilrlw71keshrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tdqy3z1egdat3ilrlw71keshrc|03|net"; nocase; ) # 1qv8ghx1oq2r32kzox641hdiyhu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv8ghx1oq2r32kzox641hdiyhu|03|com"; nocase; ) # rbbogjjf2dgt19tqc8r1jfksy3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rbbogjjf2dgt19tqc8r1jfksy3|03|net"; nocase; ) # iwpr9kiq19lhvi0h0n23mtf9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iwpr9kiq19lhvi0h0n23mtf9|03|org"; nocase; ) # xxy2db1op4u11ds5emm1n11m82.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xxy2db1op4u11ds5emm1n11m82|03|biz"; nocase; ) # 1wt4e2grj8jlcdsy1nskjzq15.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wt4e2grj8jlcdsy1nskjzq15|03|org"; nocase; ) # 1i1v1p7mtqak6tq4aztks4m0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i1v1p7mtqak6tq4aztks4m0q|03|biz"; nocase; ) # yp6ztelqmp0gzr04rt1o5a4ht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yp6ztelqmp0gzr04rt1o5a4ht|03|net"; nocase; ) # 1wgpeh91o6773c1441u8u1vjq2c2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wgpeh91o6773c1441u8u1vjq2c2|03|org"; nocase; ) # t32tt11s7t8zm1obaa5v177c9fd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t32tt11s7t8zm1obaa5v177c9fd|03|org"; nocase; ) # 12x53nkwwk36jq3roap132h5dj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12x53nkwwk36jq3roap132h5dj|03|net"; nocase; ) # d6y996u8pei21m4ipim133zhcz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d6y996u8pei21m4ipim133zhcz|03|net"; nocase; ) # 1o17ywpshqde81a5bral1bdjdu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o17ywpshqde81a5bral1bdjdu0|03|net"; nocase; ) # 29ewyr4m8a6y1xkv1udon0pqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|29ewyr4m8a6y1xkv1udon0pqc|03|org"; nocase; ) # bsiffn4kd3ta1d9u4531q4pnrj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bsiffn4kd3ta1d9u4531q4pnrj|03|biz"; nocase; ) # 1nvxux3125owd71orluws3qeqtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nvxux3125owd71orluws3qeqtm|03|net"; nocase; ) # 9sdjdsae6zszgiaxxffhmv8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9sdjdsae6zszgiaxxffhmv8o|03|com"; nocase; ) # 1iqkh7v1u210t51e1szdc1p1orhs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iqkh7v1u210t51e1szdc1p1orhs|03|net"; nocase; ) # q0e8hqqcpj5813g9ei674gvk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q0e8hqqcpj5813g9ei674gvk5|03|org"; nocase; ) # k7zlei1it2v0utb8bzwa1a8o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k7zlei1it2v0utb8bzwa1a8o|03|net"; nocase; ) # 1jr84f51h4t3ntz4akmi11oum2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jr84f51h4t3ntz4akmi11oum2|03|biz"; nocase; ) # 1p06s6l1upf3nu1ad2hof12ual0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p06s6l1upf3nu1ad2hof12ual0o|03|net"; nocase; ) # bc9spm1md0i6o1x62b901s3kopn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bc9spm1md0i6o1x62b901s3kopn|03|biz"; nocase; ) # 5f1kjc10042v462xj5p16b08ac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5f1kjc10042v462xj5p16b08ac|03|com"; nocase; ) # 13ysxb4pscu861s01mjyzsvjub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ysxb4pscu861s01mjyzsvjub|03|com"; nocase; ) # 4iuysm708k5273dojr134ov3b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4iuysm708k5273dojr134ov3b|03|com"; nocase; ) # 1gq5tkz8jsbyaqll7iyfc1o30.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gq5tkz8jsbyaqll7iyfc1o30|03|net"; nocase; ) # 1kauky01x47c41vczcn6nk4fvk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kauky01x47c41vczcn6nk4fvk|03|net"; nocase; ) # 3krdnig0wy81lnr3zu12wybf7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3krdnig0wy81lnr3zu12wybf7|03|net"; nocase; ) # 1c20u1i1j5h0fy1ckf5pv1jr19f8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c20u1i1j5h0fy1ckf5pv1jr19f8|03|com"; nocase; ) # euj4lr1yvgm1la4vi9sgck0vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|euj4lr1yvgm1la4vi9sgck0vi|03|net"; nocase; ) # 15pmdi0vd35q62ta4f8652o6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15pmdi0vd35q62ta4f8652o6p|03|com"; nocase; ) # 1jdtgx9b8vxd41ntzmep10mkwyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jdtgx9b8vxd41ntzmep10mkwyv|03|com"; nocase; ) # 1k1yygii1yn8k1tn4jpkoo5al0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k1yygii1yn8k1tn4jpkoo5al0|03|org"; nocase; ) # n0po04u5t1nmzjrppo1tdw4gu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n0po04u5t1nmzjrppo1tdw4gu|03|net"; nocase; ) # ioerxa1jrr3cj1516kfd1skzqs3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ioerxa1jrr3cj1516kfd1skzqs3|03|biz"; nocase; ) # uclkz8sc2ieb1suddchgq8r2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uclkz8sc2ieb1suddchgq8r2l|03|net"; nocase; ) # gxcvuq1awk2hy10gh82s1mq8jg4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gxcvuq1awk2hy10gh82s1mq8jg4|03|biz"; nocase; ) # 10tihtbve94zb1bnafa7re24y0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10tihtbve94zb1bnafa7re24y0|03|org"; nocase; ) # ioh8f71d0zca2pp4nmkqb6qqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ioh8f71d0zca2pp4nmkqb6qqh|03|biz"; nocase; ) # 7jjjdv1po0o8f1csqj112cx8d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7jjjdv1po0o8f1csqj112cx8d|03|net"; nocase; ) # z7ttf39eucm71t7mp471176zz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7ttf39eucm71t7mp471176zz6|03|net"; nocase; ) # 1fj982o1ykxdgyftb5gx1sop42s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fj982o1ykxdgyftb5gx1sop42s|03|biz"; nocase; ) # tapdbjirfjol.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tapdbjirfjol|02|ru"; nocase; ) # jumkouulidpp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jumkouulidpp|03|org"; nocase; ) # ndqefxnmkfak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ndqefxnmkfak|03|net"; nocase; ) # ousedofkylnl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ousedofkylnl|02|ru"; nocase; ) # sdwkuvvpctfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sdwkuvvpctfg|03|com"; nocase; ) # vgtuoboryaqr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vgtuoboryaqr|03|org"; nocase; ) # fhhhstrlbasb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fhhhstrlbasb|04|info"; nocase; ) # hujkdkqgrrti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hujkdkqgrrti|03|net"; nocase; ) # pvbehwcaykafwd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pvbehwcaykafwd|02|co|02|uk"; nocase; ) # rggiurdtngtlew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rggiurdtngtlew|03|biz"; nocase; ) # scekvcpgotfiuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|scekvcpgotfiuw|03|org"; nocase; ) # idvwwxyuwoolse.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|idvwwxyuwoolse|03|biz"; nocase; ) # jpqjaddenrdysx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jpqjaddenrdysx|02|ru"; nocase; ) # xsbedrovuanifo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xsbedrovuanifo|03|biz"; nocase; ) # mflkreaurbibwb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mflkreaurbibwb|02|co|02|uk"; nocase; ) # obxtofpascswgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|obxtofpascswgt|03|org"; nocase; ) # pnsgrndmklwswx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pnsgrndmklwswx|02|co|02|uk"; nocase; ) # rmqjvxpljhgkwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rmqjvxpljhgkwe|03|com"; nocase; ) # ptnuxjxfegkcgd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ptnuxjxfegkcgd|02|ru"; nocase; ) # toxhyuauedtxof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|toxhyuauedtxof|03|org"; nocase; ) # uvrpoajsrqswoa.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uvrpoajsrqswoa|02|ru"; nocase; ) # itmnniynjlrknj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itmnniynjlrknj|03|org"; nocase; ) # kskqryeapyjlnq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kskqryeapyjlnq|04|info"; nocase; ) # etcqwocecfsdfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|etcqwocecfsdfq|03|biz"; nocase; ) # hiehdgxooloigs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hiehdgxooloigs|02|ru"; nocase; ) # uibnylemcoenxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uibnylemcoenxd|03|org"; nocase; ) # btjopkkgefhjyo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|btjopkkgefhjyo|03|com"; nocase; ) # deosdrcbwvkogh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|deosdrcbwvkogh|03|org"; nocase; ) # dplghwkekmhxgs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dplghwkekmhxgs|02|co|02|uk"; nocase; ) # nggeuqxlfmgvhs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nggeuqxlfmgvhs|02|co|02|uk"; nocase; ) # pfehybkkeipnhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pfehybkkeipnhn|03|com"; nocase; ) # lbosymoimsaxka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lbosymoimsaxka|03|net"; nocase; ) # echtyuymvpulog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|echtyuymvpulog|03|biz"; nocase; ) # rvuqmeasjathsi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rvuqmeasjathsi|03|biz"; nocase; ) # kajqqcpgxtsrwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kajqqcpgxtsrwg|03|org"; nocase; ) # auipabkngmrgve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|auipabkngmrgve|03|com"; nocase; ) # oqosujfouflplf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oqosujfouflplf|03|net"; nocase; ) # cmpoarujwksdko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cmpoarujwksdko|03|biz"; nocase; ) # shtjynvmgrhxwt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|shtjynvmgrhxwt|02|co|02|uk"; nocase; ) # ywwohlqhjqrwuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ywwohlqhjqrwuw|03|org"; nocase; ) # bqfcjrtehfkomw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bqfcjrtehfkomw|03|net"; nocase; ) # esuqwwhkdleayw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|esuqwwhkdleayw|03|com"; nocase; ) # kratdbfbipnkmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kratdbfbipnkmj|03|net"; nocase; ) # mmkoilrantrtkn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mmkoilrantrtkn|02|ru"; nocase; ) # srafwqcwwfrphw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|srafwqcwwfrphw|03|net"; nocase; ) # ijjnaddfbdpvsn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ijjnaddfbdpvsn|02|ru"; nocase; ) # nryaeolghkigan.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nryaeolghkigan|03|biz"; nocase; ) # nqooxsqribtxen.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nqooxsqribtxen|02|co|02|uk"; nocase; ) # quycfiprobmmsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|quycfiprobmmsx|03|net"; nocase; ) # mkobpbwkqrsjbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mkobpbwkqrsjbv|03|net"; nocase; ) # ddydbnkynkdxah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ddydbnkynkdxah|03|org"; nocase; ) # bmtssmluedtpku.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bmtssmluedtpku|04|info"; nocase; ) # ikeeyghdenhawe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ikeeyghdenhawe|04|info"; nocase; ) # yjsamjucjtmqon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yjsamjucjtmqon|03|net"; nocase; ) # ufdlmtxmmwtugh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ufdlmtxmmwtugh|03|biz"; nocase; ) # wpipabphfnwana.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wpipabphfnwana|04|info"; nocase; ) # rwirwdhisjywmn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rwirwdhisjywmn|03|biz"; nocase; ) # kxmisxflwjwrmx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kxmisxflwjwrmx|02|co|02|uk"; nocase; ) # linyjgsmdvsema.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|linyjgsmdvsema|04|info"; nocase; ) # pahofrjrhwxspj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pahofrjrhwxspj|03|biz"; nocase; ) # klqjowihbhyssf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|klqjowihbhyssf|03|biz"; nocase; ) # qmgjxlcbmksmqe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qmgjxlcbmksmqe|02|ru"; nocase; ) # eihhwtrhsttqpc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eihhwtrhsttqpc|03|org"; nocase; ) # vnmqswfxylxfpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vnmqswfxylxfpw|03|net"; nocase; ) # cnjvlfccmajvhuy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cnjvlfccmajvhuy|03|org"; nocase; ) # qrslyuwhxpnxinl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qrslyuwhxpnxinl|03|com"; nocase; ) # epnjxadvoecthkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|epnjxadvoecthkp|03|net"; nocase; ) # skyknlxdvievqbr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000029999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|skyknlxdvievqbr|03|org"; nocase; ) # twtwqqcmmlsjhba.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|twtwqqcmmlsjhba|02|co|02|uk"; nocase; ) # vyxkdldgoplhvwx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vyxkdldgoplhvwx|03|biz"; nocase; ) # daaixxfycgnhiht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|daaixxfycgnhiht|03|org"; nocase; ) # vtksirwlrughygm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vtksirwlrughygm|03|net"; nocase; ) # ygqnavudhwornki.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ygqnavudhwornki|02|ru"; nocase; ) # asladbymxadfnem.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|asladbymxadfnem|03|org"; nocase; ) # kyydkhxfhaqcbxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kyydkhxfhaqcbxm|03|net"; nocase; ) # bjixqtlfvsftcdy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bjixqtlfvsftcdy|03|org"; nocase; ) # iplvleglcattayx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iplvleglcattayx|03|net"; nocase; ) # pnvtgacdybrwjev.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pnvtgacdybrwjev|02|ru"; nocase; ) # bsngbbaxxovksoh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bsngbbaxxovksoh|03|org"; nocase; ) # rduqbmmsfevhxuk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rduqbmmsfevhxuk|02|co|02|uk"; nocase; ) # tcsprwyovtdgvvy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tcsprwyovtdgvvy|03|com"; nocase; ) # woxrbmevgyguvbn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|woxrbmevgyguvbn|02|co|02|uk"; nocase; ) # ooecedcxivhxvhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ooecedcxivhxvhi|03|com"; nocase; ) # tsgswbwjlvsydiy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tsgswbwjlvsydiy|04|info"; nocase; ) # mfvgnboxujqjkwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mfvgnboxujqjkwl|03|net"; nocase; ) # oetfertnjkhabok.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oetfertnjkhabok|02|ru"; nocase; ) # ejbuxqtbjdedxcq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ejbuxqtbjdedxcq|04|info"; nocase; ) # cejfosdogofeitp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cejfosdogofeitp|03|biz"; nocase; ) # udfuufiihswqqqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|udfuufiihswqqqv|03|org"; nocase; ) # kyyobfpovqhopng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kyyobfpovqhopng|03|biz"; nocase; ) # vnkntbmqvfinsyi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vnkntbmqvfinsyi|02|co|02|uk"; nocase; ) # jlfnmjcwruavrwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jlfnmjcwruavrwh|04|info"; nocase; ) # buportjumimprqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|buportjumimprqw|03|com"; nocase; ) # dwtceokoomfnnqu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dwtceokoomfnnqu|03|org"; nocase; ) # pokcolqxivrlfxo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pokcolqxivrlfxo|04|info"; nocase; ) # tjuopvapdlmfffn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tjuopvapdlmfffn|03|com"; nocase; ) # sxffeuqydssbqwn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sxffeuqydssbqwn|03|biz"; nocase; ) # drgiplclcgeusvw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|drgiplclcgeusvw|02|ru"; nocase; ) # kfdtdhqpdnxivln.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kfdtdhqpdnxivln|02|co|02|uk"; nocase; ) # ylgjqjchclhsjnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ylgjqjchclhsjnj|03|net"; nocase; ) # mhhhpoiklbxfrbj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mhhhpoiklbxfrbj|03|biz"; nocase; ) # hsqcythaflyfudv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hsqcythaflyfudv|03|biz"; nocase; ) # idrspyluoefjube.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|idrspyluoefjube|02|ru"; nocase; ) # ikbiletpepwrujs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ikbiletpepwrujs|03|org"; nocase; ) # wlrlhdfxsnkusea.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wlrlhdfxsnkusea|02|co|02|uk"; nocase; ) # fscdqanmnqiytte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fscdqanmnqiytte|03|com"; nocase; ) # jkynxrcorikgxhf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jkynxrcorikgxhf|02|ru"; nocase; ) # namvyksfqqalfor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|namvyksfqqalfor|03|net"; nocase; ) # cwouplspsmkxjnd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cwouplspsmkxjnd|03|org"; nocase; ) # gfsnusixfbqexcw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gfsnusixfbqexcw|03|net"; nocase; ) # evnpmtqmcddyftx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|evnpmtqmcddyftx|03|org"; nocase; ) # xkjfelamrjfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xkjfelamrjfa|03|org"; nocase; ) # lieeaqmtiipt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lieeaqmtiipt|02|co|02|uk"; nocase; ) # yiodprmcrerm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yiodprmcrerm|04|info"; nocase; ) # qkiyqqaeeofi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qkiyqqaeeofi|02|co|02|uk"; nocase; ) # fgqahydhnrsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fgqahydhnrsx|03|net"; nocase; ) # hfodljpgmncp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hfodljpgmncp|02|ru"; nocase; ) # irjorrjlemxj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|irjorrjlemxj|03|org"; nocase; ) # yspmedtatmdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yspmedtatmdx|03|com"; nocase; ) # lixpeoihamsw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lixpeoihamsw|02|ru"; nocase; ) # mevrffnninvk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mevrffnninvk|02|co|02|uk"; nocase; ) # qlxunotksboc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qlxunotksboc|03|net"; nocase; ) # pbptbbcxdqdt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pbptbbcxdqdt|04|info"; nocase; ) # hppmaeymwrny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hppmaeymwrny|03|org"; nocase; ) # ssuxcesunwhq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ssuxcesunwhq|04|info"; nocase; ) # xvdjdhfdehyr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xvdjdhfdehyr|03|org"; nocase; ) # uhwoqxlwbrdr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uhwoqxlwbrdr|02|co|02|uk"; nocase; ) # idxjydxeosal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|idxjydxeosal|04|info"; nocase; ) # dmiltepeumte.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dmiltepeumte|02|co|02|uk"; nocase; ) # eignuocqvafb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eignuocqvafb|03|com"; nocase; ) # xyvnunaasypk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xyvnunaasypk|03|net"; nocase; ) # peahtnxndcst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|peahtnxndcst|03|net"; nocase; ) # jkkilopmlnwv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jkkilopmlnwv|03|com"; nocase; ) # jngyvbadusmo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jngyvbadusmo|03|biz"; nocase; ) # nnjodfosoitn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nnjodfosoitn|04|info"; nocase; ) # oxkewkyucoad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oxkewkyucoad|03|com"; nocase; ) # qiqgfvbottfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qiqgfvbottfu|03|net"; nocase; ) # kyfajktobjpm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kyfajktobjpm|02|co|02|uk"; nocase; ) # xugurspcdfec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xugurspcdfec|04|info"; nocase; ) # mxddnbybhwhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mxddnbybhwhn|03|com"; nocase; ) # uolmxmfhoyud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uolmxmfhoyud|03|net"; nocase; ) # xqtsqllcxygq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqtsqllcxygq|03|org"; nocase; ) # aprvucqoemxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aprvucqoemxr|04|info"; nocase; ) # opactqusmjsd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|opactqusmjsd|03|com"; nocase; ) # fpkjvbwoekov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fpkjvbwoekov|03|com"; nocase; ) # tlsislqwjevs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tlsislqwjevs|02|ru"; nocase; ) # uentfvhxagtq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uentfvhxagtq|02|co|02|uk"; nocase; ) # dxaulptcurwb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dxaulptcurwb|03|biz"; nocase; ) # qvuvbxpbqbmh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qvuvbxpbqbmh|02|ru"; nocase; ) # ubkmsdfntrot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ubkmsdfntrot|03|biz"; nocase; ) # mtsucnmljmbe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mtsucnmljmbe|02|ru"; nocase; ) # fgoilirykadl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fgoilirykadl|03|net"; nocase; ) # ftrkhxapxokc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ftrkhxapxokc|02|co|02|uk"; nocase; ) # jkweksbqakgv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jkweksbqakgv|03|biz"; nocase; ) # kwrrkxlemyfc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kwrrkxlemyfc|02|ru"; nocase; ) # kchokjgwnjwj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kchokjgwnjwj|03|org"; nocase; ) # toobdhqlskxp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|toobdhqlskxp|02|ru"; nocase; ) # wjwlevxtnhrn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjwlevxtnhrn|02|ru"; nocase; ) # anhrhifbtjgw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|anhrhifbtjgw|04|info"; nocase; ) # aaysigwlbrmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aaysigwlbrmf|03|org"; nocase; ) # bsteudaadsrc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bsteudaadsrc|04|info"; nocase; ) # ckeounmmkdrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ckeounmmkdrh|03|net"; nocase; ) # vnbqdiswrekj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vnbqdiswrekj|04|info"; nocase; ) # plyvfifkkgsb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|plyvfifkkgsb|04|info"; nocase; ) # pbtwmfimontt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pbtwmfimontt|03|net"; nocase; ) # rverrpultrxd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rverrpultrxd|02|ru"; nocase; ) # lqhabsijidbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lqhabsijidbw|03|com"; nocase; ) # nbmvnaxkrogy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nbmvnaxkrogy|03|org"; nocase; ) # dumcxlowhurl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dumcxlowhurl|03|org"; nocase; ) # lelsvkywbpja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lelsvkywbpja|03|org"; nocase; ) # llulivtpfdgh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|llulivtpfdgh|02|co|02|uk"; nocase; ) # ehdhrcecoppk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ehdhrcecoppk|02|co|02|uk"; nocase; ) # ulfawwvfsutw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ulfawwvfsutw|03|net"; nocase; ) # ycktaenhghir.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ycktaenhghir|02|co|02|uk"; nocase; ) # utjxqtgtwmurc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|utjxqtgtwmurc|02|co|02|uk"; nocase; ) # icugsykkyjigd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|icugsykkyjigd|04|info"; nocase; ) # oovllajrhssqq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oovllajrhssqq|02|ru"; nocase; ) # sbysojorrspco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sbysojorrspco|03|com"; nocase; ) # tnteuriwjrlvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tnteuriwjrlvo|03|net"; nocase; ) # tqakpcyoetqrd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tqakpcyoetqrd|02|ru"; nocase; ) # onertlarmayqp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|onertlarmayqp|02|co|02|uk"; nocase; ) # oafqhqgfvxxrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oafqhqgfvxxrq|03|net"; nocase; ) # tehyycmjcnuod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tehyycmjcnuod|03|com"; nocase; ) # jmbokdojqncva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jmbokdojqncva|03|net"; nocase; ) # bfjwtoofpcjir.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bfjwtoofpcjir|03|biz"; nocase; ) # gugnsvikcmvka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gugnsvikcmvka|03|biz"; nocase; ) # tqhibburpnsey.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tqhibburpnsey|02|ru"; nocase; ) # pvpmwmyewuxty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pvpmwmyewuxty|03|org"; nocase; ) # brjgvnwywlvxi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|brjgvnwywlvxi|02|co|02|uk"; nocase; ) # svpgphyaoogye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|svpgphyaoogye|03|com"; nocase; ) # vmquxqhrcruxl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vmquxqhrcruxl|02|co|02|uk"; nocase; ) # xkuxbmuatbgms.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xkuxbmuatbgms|02|co|02|uk"; nocase; ) # aaskorfvaxybg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|aaskorfvaxybg|02|ru"; nocase; ) # vfbokdjthfmux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vfbokdjthfmux|03|org"; nocase; ) # pljclopnfushs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pljclopnfushs|03|biz"; nocase; ) # dfyhitphrusjk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dfyhitphrusjk|02|ru"; nocase; ) # fhdxvjvlvnjyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fhdxvjvlvnjyv|03|com"; nocase; ) # crfprxgoefmrm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|crfprxgoefmrm|03|com"; nocase; ) # sxskbatsxgrrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sxskbatsxgrrv|03|com"; nocase; ) # duvefkmunibgp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|duvefkmunibgp|03|net"; nocase; ) # emgkrbrxjuqjp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|emgkrbrxjuqjp|02|ru"; nocase; ) # mtdxiuhbfluyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mtdxiuhbfluyp|03|com"; nocase; ) # mysqugcqojlvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mysqugcqojlvw|03|net"; nocase; ) # fbqxmtsckmwob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fbqxmtsckmwob|03|org"; nocase; ) # ykckivspdpbey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ykckivspdpbey|03|biz"; nocase; ) # 1hpk8113pdldc1t84tyt1ixdoiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpk8113pdldc1t84tyt1ixdoiv|03|org"; nocase; ) # gyn5ulsmzqx11d73y3ocixunn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gyn5ulsmzqx11d73y3ocixunn|03|net"; nocase; ) # 32nhy81a6fs9c3ajcn162ujes.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32nhy81a6fs9c3ajcn162ujes|03|biz"; nocase; ) # 1bc61ch1makeupr2aawk169rgtw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bc61ch1makeupr2aawk169rgtw|03|net"; nocase; ) # 1agn601wac9e51g2q3zm1bdw0mj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1agn601wac9e51g2q3zm1bdw0mj|03|org"; nocase; ) # ftqxnl1mth4ga1h853s711f5sou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ftqxnl1mth4ga1h853s711f5sou|03|net"; nocase; ) # 1ujel211wz5sq41gmibd7tfupu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujel211wz5sq41gmibd7tfupu|03|net"; nocase; ) # 1shmjbgfm9u93zw41ek88yz6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1shmjbgfm9u93zw41ek88yz6u|03|com"; nocase; ) # 52ex9p21ln8z13ory9q1ajyn9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52ex9p21ln8z13ory9q1ajyn9b|03|com"; nocase; ) # 1vcrjtz1pvpn983tr8y017wft7p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vcrjtz1pvpn983tr8y017wft7p|03|biz"; nocase; ) # 1jjjur71u4s8nr1211kip13l5ik0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jjjur71u4s8nr1211kip13l5ik0|03|net"; nocase; ) # 14yhpi3w76akth5db5p16wgh2j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14yhpi3w76akth5db5p16wgh2j|03|net"; nocase; ) # 11oj5f91krdikb1j40fxb1djl2m2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11oj5f91krdikb1j40fxb1djl2m2|03|biz"; nocase; ) # 1tny80qyvbll1q02txn1v7vucq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tny80qyvbll1q02txn1v7vucq|03|com"; nocase; ) # 1p0iwb91oetdfa1ddt849l4vbz5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0iwb91oetdfa1ddt849l4vbz5|03|org"; nocase; ) # 90vpu314dgohxnbnhra5p1vye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|90vpu314dgohxnbnhra5p1vye|03|net"; nocase; ) # 66vu823dvqr81xal2sc6g9ar4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66vu823dvqr81xal2sc6g9ar4|03|net"; nocase; ) # 6xbg451evhwrhas4iqe1smbkov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xbg451evhwrhas4iqe1smbkov|03|biz"; nocase; ) # 1biab2x1vx3pzm17gy5wlnex98e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1biab2x1vx3pzm17gy5wlnex98e|03|com"; nocase; ) # sofl961d7aa6f1w7qmiqv2wjz2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sofl961d7aa6f1w7qmiqv2wjz2|03|net"; nocase; ) # q1un1z1dr942qtnmrqg1m9dmjx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q1un1z1dr942qtnmrqg1m9dmjx|03|com"; nocase; ) # 5eyfc8n5xkymtbb8uv19396tc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5eyfc8n5xkymtbb8uv19396tc|03|net"; nocase; ) # m2i4wu18md4cwu68pq1j8dk9l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m2i4wu18md4cwu68pq1j8dk9l|03|com"; nocase; ) # 16nds49fd4ri448ucho1e41nx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16nds49fd4ri448ucho1e41nx4|03|net"; nocase; ) # 19htppiy2or9r139inhh18w3ut5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19htppiy2or9r139inhh18w3ut5|03|org"; nocase; ) # hidcbnw3oroy140o4k41s7d7bu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hidcbnw3oroy140o4k41s7d7bu|03|biz"; nocase; ) # zbxwjajfpxea1xjy1e0134as8p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zbxwjajfpxea1xjy1e0134as8p|03|com"; nocase; ) # 1pnhbvrr1ha521bglg5c1asagcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnhbvrr1ha521bglg5c1asagcl|03|com"; nocase; ) # 145w1021a7amzb9p6viktiaai4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|145w1021a7amzb9p6viktiaai4|03|biz"; nocase; ) # h2be5i19j3smv2vqjt1mjn0p8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h2be5i19j3smv2vqjt1mjn0p8|03|biz"; nocase; ) # 173tu0p1qs69rm1pdgpd8w5bs3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|173tu0p1qs69rm1pdgpd8w5bs3|03|net"; nocase; ) # 10uov2fy859auqab7dozb342y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10uov2fy859auqab7dozb342y|03|net"; nocase; ) # 153kb1zl19gj7prtqzf15pr481.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|153kb1zl19gj7prtqzf15pr481|03|org"; nocase; ) # 1w2firq1im09maauyf1vrbxhen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w2firq1im09maauyf1vrbxhen|03|net"; nocase; ) # t8ilrc1df1zlm143bod2j9xkdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8ilrc1df1zlm143bod2j9xkdr|03|com"; nocase; ) # 1ogdnub1tp542b154yt83pbezjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ogdnub1tp542b154yt83pbezjc|03|net"; nocase; ) # 6zgy4v1q4thor1msnjrw1r69ukj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6zgy4v1q4thor1msnjrw1r69ukj|03|biz"; nocase; ) # 1oopt1vwda0n3pt0wk2nkbz7a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oopt1vwda0n3pt0wk2nkbz7a|03|net"; nocase; ) # ag32oy1up9zpd163wrlb13jjutx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ag32oy1up9zpd163wrlb13jjutx|03|net"; nocase; ) # pis31mzy2ktw29j8bo4hwqbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pis31mzy2ktw29j8bo4hwqbn|03|com"; nocase; ) # dwbjo61m4wq2e1scdkp5uyl87v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dwbjo61m4wq2e1scdkp5uyl87v|03|net"; nocase; ) # 1pw8mi41tposel1723nmu1xy379u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pw8mi41tposel1723nmu1xy379u|03|com"; nocase; ) # 18f34ybwqpytaglt2qq11xx33y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18f34ybwqpytaglt2qq11xx33y|03|net"; nocase; ) # 1x7hxxh1hx9nus1pxs5f61q2y3t9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x7hxxh1hx9nus1pxs5f61q2y3t9|03|biz"; nocase; ) # gg2063nq0ha165x2021ulgq12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gg2063nq0ha165x2021ulgq12|03|net"; nocase; ) # 1a22uy41ttgmef1azesam98yn2n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a22uy41ttgmef1azesam98yn2n|03|biz"; nocase; ) # 1mnwuvumyw4tm7ae2x714d4144.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnwuvumyw4tm7ae2x714d4144|03|org"; nocase; ) # qd2u5l1nl02v59me5y8f62ba7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qd2u5l1nl02v59me5y8f62ba7|03|net"; nocase; ) # ywmjw6ialria1n004v81u5hkfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ywmjw6ialria1n004v81u5hkfs|03|org"; nocase; ) # 16swizv15f5fgg12748rbik0tca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16swizv15f5fgg12748rbik0tca|03|com"; nocase; ) # 1mr6a9x12ikyb31tx2kzlubvzyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mr6a9x12ikyb31tx2kzlubvzyf|03|net"; nocase; ) # 9f5013rm6a2q6rw0901bpr2c1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f5013rm6a2q6rw0901bpr2c1|03|net"; nocase; ) # mmaw8u1i7y7as93qhue3m30af.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mmaw8u1i7y7as93qhue3m30af|03|org"; nocase; ) # 4hw3ubq9g9p21viv8cxkj7nty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4hw3ubq9g9p21viv8cxkj7nty|03|org"; nocase; ) # 1hbshqh3dg78gpdrfbp1299tgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbshqh3dg78gpdrfbp1299tgz|03|org"; nocase; ) # 1lrx62a1hzyasv9vrd8q5tjmsr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lrx62a1hzyasv9vrd8q5tjmsr|03|biz"; nocase; ) # 4ilz31oek2zcmfrxdmdr0oub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ilz31oek2zcmfrxdmdr0oub|03|net"; nocase; ) # 1cfm131lfbkx4pjqaag1tuk224.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cfm131lfbkx4pjqaag1tuk224|03|com"; nocase; ) # 1v89bxmu0ea3jw3lbpreun7wr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v89bxmu0ea3jw3lbpreun7wr|03|biz"; nocase; ) # 1wq39kq1ff4wt01yl5wjqh4t85h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wq39kq1ff4wt01yl5wjqh4t85h|03|org"; nocase; ) # 9wui2ud94331juig451e0wtqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9wui2ud94331juig451e0wtqo|03|org"; nocase; ) # zq6dzu1lfqvg0164r4ha1hitrsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zq6dzu1lfqvg0164r4ha1hitrsa|03|com"; nocase; ) # tbf1lr1wrhv301mccd8fqfexbu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbf1lr1wrhv301mccd8fqfexbu|03|org"; nocase; ) # gfsd3m4iymxjommjw71e2ipgi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gfsd3m4iymxjommjw71e2ipgi|03|net"; nocase; ) # l9xk001koyw7l1gxony71jh84ah.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l9xk001koyw7l1gxony71jh84ah|03|biz"; nocase; ) # 1ji6ogj1txybiu1j9wipna8bsg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ji6ogj1txybiu1j9wipna8bsg2|03|net"; nocase; ) # 10n2fdf1avs4zg1u5t7dw1dnnjpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10n2fdf1avs4zg1u5t7dw1dnnjpj|03|biz"; nocase; ) # 1czrkf3fledwl17n7m4kbz0uwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1czrkf3fledwl17n7m4kbz0uwe|03|com"; nocase; ) # swytztsiphdqhsifot9x6inh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|swytztsiphdqhsifot9x6inh|03|org"; nocase; ) # t7fp6o2sy2ec1oaqr9qh0n9w9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t7fp6o2sy2ec1oaqr9qh0n9w9|03|net"; nocase; ) # 17z195y1xaf9vnwt7vgh1pzojag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17z195y1xaf9vnwt7vgh1pzojag|03|org"; nocase; ) # riif3w1sjgo6f1ub7icm1cqfv9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|riif3w1sjgo6f1ub7icm1cqfv9x|03|net"; nocase; ) # wjtr0rs8yplb1gew6h1di1w7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wjtr0rs8yplb1gew6h1di1w7k|03|biz"; nocase; ) # x9q9oe1er3w83yb1se8aee21r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x9q9oe1er3w83yb1se8aee21r|03|org"; nocase; ) # 1jhin1ee9mli10z7m70iaj6bq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jhin1ee9mli10z7m70iaj6bq|03|com"; nocase; ) # 1eq9s7tcu9yk118tm39w1emn0o9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eq9s7tcu9yk118tm39w1emn0o9|03|net"; nocase; ) # eeryd71ssl3vr1f2k82lbymkvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eeryd71ssl3vr1f2k82lbymkvc|03|com"; nocase; ) # 1x72rqhv241ma14ownpc1nen8n0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x72rqhv241ma14ownpc1nen8n0|03|org"; nocase; ) # 193twvvmq6l4l1tr1zzgt0ohmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193twvvmq6l4l1tr1zzgt0ohmd|03|net"; nocase; ) # 12y9qas1hbdu0g1trdpml1tmk0h5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12y9qas1hbdu0g1trdpml1tmk0h5|03|com"; nocase; ) # 1oepsqmpxdlwi14mk3v617uruk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oepsqmpxdlwi14mk3v617uruk8|03|net"; nocase; ) # 12xhedoy4ygyj1fs6np31jtzq98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12xhedoy4ygyj1fs6np31jtzq98|03|net"; nocase; ) # 1fxrwng1cwebf357wcdp1neetxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fxrwng1cwebf357wcdp1neetxh|03|biz"; nocase; ) # 6rnuqa1nkiixz1sjxyfk1v7ofhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6rnuqa1nkiixz1sjxyfk1v7ofhi|03|org"; nocase; ) # 145b9m0o93esa1m991u814jgrwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|145b9m0o93esa1m991u814jgrwv|03|org"; nocase; ) # b2l1rw1osee6d1945e26aa1jfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b2l1rw1osee6d1945e26aa1jfd|03|com"; nocase; ) # pu6ojkxec630155p0523gejcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pu6ojkxec630155p0523gejcu|03|com"; nocase; ) # 13cqz9rsimw3u19fkg5jlfsdgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13cqz9rsimw3u19fkg5jlfsdgj|03|net"; nocase; ) # swnquk12robiq13epagb1xt0zn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|swnquk12robiq13epagb1xt0zn2|03|net"; nocase; ) # 14n4z6v1x1fx8cov89t1ub86pc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14n4z6v1x1fx8cov89t1ub86pc|03|com"; nocase; ) # tadk6n86kmzz16y566g1e2oib2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tadk6n86kmzz16y566g1e2oib2|03|net"; nocase; ) # 1jpa7s216yvo7qhsbkskn26qta.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jpa7s216yvo7qhsbkskn26qta|03|org"; nocase; ) # 1pzp476h49wgi1ial8bj1z09hd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pzp476h49wgi1ial8bj1z09hd4|03|net"; nocase; ) # ysn5lk191aqomcr9obl1jn9frz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ysn5lk191aqomcr9obl1jn9frz|03|net"; nocase; ) # 1dp88twapdd44167s0g01h5wkzb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dp88twapdd44167s0g01h5wkzb|03|net"; nocase; ) # 13vbffamwe2ac1aljum611jsu2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13vbffamwe2ac1aljum611jsu2t|03|org"; nocase; ) # 2p3l7oxgn6m1y4htwi1sdk2t3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2p3l7oxgn6m1y4htwi1sdk2t3|03|com"; nocase; ) # hd1tuv6smvnu19rh2rrsd5t8q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hd1tuv6smvnu19rh2rrsd5t8q|03|org"; nocase; ) # qa7jo817htdy9i76irnguh4qw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qa7jo817htdy9i76irnguh4qw|03|biz"; nocase; ) # 2cefgrgm2sqafgrtfxio50c1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2cefgrgm2sqafgrtfxio50c1|03|net"; nocase; ) # nbhtud1mqmet71hj9n5k1ogsoxy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nbhtud1mqmet71hj9n5k1ogsoxy|03|net"; nocase; ) # 1grdwgpcqoju71icud711d4gr87.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grdwgpcqoju71icud711d4gr87|03|net"; nocase; ) # 3c0hhz11ylw8tpl2k26158cano.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3c0hhz11ylw8tpl2k26158cano|03|org"; nocase; ) # ykuu77w944e4jghyya1iidpri.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ykuu77w944e4jghyya1iidpri|03|biz"; nocase; ) # 1nyasewbwmctn1pckdoo1wu8gur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nyasewbwmctn1pckdoo1wu8gur|03|com"; nocase; ) # bi7o9u1d8bh2p1449zb8visp7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bi7o9u1d8bh2p1449zb8visp7|03|com"; nocase; ) # yz4f36gaglh6mrik49riw9vm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yz4f36gaglh6mrik49riw9vm|03|net"; nocase; ) # 3rqkg0hpmvqmvkzmo01pookib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3rqkg0hpmvqmvkzmo01pookib|03|net"; nocase; ) # 1smhd9gerwxgm1yj469813ux3u5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1smhd9gerwxgm1yj469813ux3u5|03|com"; nocase; ) # wyyhon1bcr0iccbkvwi1r0c50v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wyyhon1bcr0iccbkvwi1r0c50v|03|biz"; nocase; ) # 1asxt6p8oeir1o6jdlt3ajyfs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1asxt6p8oeir1o6jdlt3ajyfs|03|org"; nocase; ) # x1wkt31ltk577a42cwkdcn9ls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1wkt31ltk577a42cwkdcn9ls|03|org"; nocase; ) # rdytun3v287f13awkj13qv247.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rdytun3v287f13awkj13qv247|03|net"; nocase; ) # 1ulyxmz1azyknz1sbq7cw1v0ibtp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ulyxmz1azyknz1sbq7cw1v0ibtp|03|com"; nocase; ) # u1qwmk1eayibakap018vevp1i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u1qwmk1eayibakap018vevp1i|03|net"; nocase; ) # hrdtei19h9d38d0815n1d9ff1e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hrdtei19h9d38d0815n1d9ff1e|03|net"; nocase; ) # 1fqz6i4131e1sj1beyo8w1j0fuly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fqz6i4131e1sj1beyo8w1j0fuly|03|net"; nocase; ) # ivtiui18m9dma10jdhafuy9r76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ivtiui18m9dma10jdhafuy9r76|03|com"; nocase; ) # 1vgk0i61nmymxx15sorkl1qlfrk3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vgk0i61nmymxx15sorkl1qlfrk3|03|biz"; nocase; ) # ywfnf5nevspvyy0nne2aiawn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ywfnf5nevspvyy0nne2aiawn|03|com"; nocase; ) # 5zmcjy1si54ly1j50wxsnz7g1i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5zmcjy1si54ly1j50wxsnz7g1i|03|com"; nocase; ) # drgvs01bvxjswt155o1xvwwij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|drgvs01bvxjswt155o1xvwwij|03|biz"; nocase; ) # wm923xcc9i501i012mjr9yhin.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wm923xcc9i501i012mjr9yhin|03|org"; nocase; ) # bu4ybc1hdig4v11rqo3vj8u0a2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bu4ybc1hdig4v11rqo3vj8u0a2|03|net"; nocase; ) # banp231v8ufld1w802uj1f1sz86.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|banp231v8ufld1w802uj1f1sz86|03|biz"; nocase; ) # zbsunts4jugy6xbaq178e83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|zbsunts4jugy6xbaq178e83|03|com"; nocase; ) # 1njvjw8172kogq158durv20bf6q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1njvjw8172kogq158durv20bf6q|03|net"; nocase; ) # 9i2bmu1503mzg1muisfz1svvl1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9i2bmu1503mzg1muisfz1svvl1m|03|biz"; nocase; ) # 1djuoug1p6jsox4ogy1f166epg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1djuoug1p6jsox4ogy1f166epg2|03|net"; nocase; ) # 17mpexg1a65jot1xk3ppd1yz99e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mpexg1a65jot1xk3ppd1yz99e|03|org"; nocase; ) # gvc1s41f7x5ty1rd0jum1xb4ivq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gvc1s41f7x5ty1rd0jum1xb4ivq|03|net"; nocase; ) # 1qk2u5i104og0hhbwbuydpweh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qk2u5i104og0hhbwbuydpweh|03|com"; nocase; ) # 21hnp6z9s9i01fanxne1k38hfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21hnp6z9s9i01fanxne1k38hfx|03|net"; nocase; ) # 1yi47ryrezx1f18dqsuqry5jpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yi47ryrezx1f18dqsuqry5jpt|03|biz"; nocase; ) # cobe49vykkew1k6ex5f1iz0dbw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cobe49vykkew1k6ex5f1iz0dbw|03|org"; nocase; ) # 4qgeb21qxz6y21y1f4bktvjc5m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4qgeb21qxz6y21y1f4bktvjc5m|03|org"; nocase; ) # 1herhv3b9n2kq9aorqe1v0pjv6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1herhv3b9n2kq9aorqe1v0pjv6|03|biz"; nocase; ) # 117lckzodiuun18j6oc5q2jjmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117lckzodiuun18j6oc5q2jjmy|03|com"; nocase; ) # 1cls8w26dd4df1xrmty8nmtsr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cls8w26dd4df1xrmty8nmtsr|03|biz"; nocase; ) # 15f54ifop476avmq5y1sjuw6z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15f54ifop476avmq5y1sjuw6z|03|org"; nocase; ) # qhf8t91598oqu1a7ueb78wxzn5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qhf8t91598oqu1a7ueb78wxzn5|03|net"; nocase; ) # wvjom5x46a2eprn228zwdcle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wvjom5x46a2eprn228zwdcle|03|org"; nocase; ) # xmuy3n5gry4z1jbtayt13x37pq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xmuy3n5gry4z1jbtayt13x37pq|03|com"; nocase; ) # z7zweb18pr0nv92qpjx1xit1g6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7zweb18pr0nv92qpjx1xit1g6|03|com"; nocase; ) # rg6wpjk9ribkkhm51b8gfqt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rg6wpjk9ribkkhm51b8gfqt8|03|net"; nocase; ) # 1xrscs1bzypiul5utn2shgayo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xrscs1bzypiul5utn2shgayo|03|net"; nocase; ) # 13lf6otpkcyuq1bmiyeyog36cu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13lf6otpkcyuq1bmiyeyog36cu|03|org"; nocase; ) # 1wgvf57ja1x4u1af4w9rg2qgkj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wgvf57ja1x4u1af4w9rg2qgkj|03|biz"; nocase; ) # eurr6z8snwpsgi49rl1vbaixy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eurr6z8snwpsgi49rl1vbaixy|03|com"; nocase; ) # daqs5g1jh9vq418w9dnhc5593q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|daqs5g1jh9vq418w9dnhc5593q|03|net"; nocase; ) # 1jf9gik161u6h01ni573or57iek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jf9gik161u6h01ni573or57iek|03|org"; nocase; ) # 1gfjdsr90fva81b1juy01univql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gfjdsr90fva81b1juy01univql|03|net"; nocase; ) # nrbhwplomakv1yagf1g18phc2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nrbhwplomakv1yagf1g18phc2q|03|net"; nocase; ) # azwivowcyfub1g3zn9a1awcwc4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|azwivowcyfub1g3zn9a1awcwc4|03|com"; nocase; ) # 1oqsjzi1bifk3lr87p1w10vdux2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oqsjzi1bifk3lr87p1w10vdux2|03|org"; nocase; ) # s342u41actwnh1k3bzxi1b1qfjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s342u41actwnh1k3bzxi1b1qfjo|03|com"; nocase; ) # 1o7uhxzpo46mk1hvclas1tz4jek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o7uhxzpo46mk1hvclas1tz4jek|03|com"; nocase; ) # yfrta3ewcl7n6iny7zmqezjl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yfrta3ewcl7n6iny7zmqezjl|03|com"; nocase; ) # k6di7115oecl8y4dkvi1oepdho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k6di7115oecl8y4dkvi1oepdho|03|net"; nocase; ) # 1rw04n41mqb43ddhyixs1jgu1xq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rw04n41mqb43ddhyixs1jgu1xq|03|com"; nocase; ) # pt9gji145hg8c11tszrwnax5e7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pt9gji145hg8c11tszrwnax5e7|03|com"; nocase; ) # qxvzkz1gtw3ca1h6km531ycmyoa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qxvzkz1gtw3ca1h6km531ycmyoa|03|net"; nocase; ) # me164o12l7fn3h5gw905tbaw8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|me164o12l7fn3h5gw905tbaw8|03|org"; nocase; ) # z1tjupspisyf1dmpl251gifbr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z1tjupspisyf1dmpl251gifbr2|03|org"; nocase; ) # tjvsh31nzxyy01kqsng8xmdtxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tjvsh31nzxyy01kqsng8xmdtxq|03|net"; nocase; ) # wkevcae8oc401pwq32g13qysza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkevcae8oc401pwq32g13qysza|03|org"; nocase; ) # pueeqz1aemthl1xbsn871yuaew9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pueeqz1aemthl1xbsn871yuaew9|03|org"; nocase; ) # 13rjvzr1ytzndkcpihc5xyph3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13rjvzr1ytzndkcpihc5xyph3|03|net"; nocase; ) # 1i0g5wid4o1e618cpino1ox0bld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i0g5wid4o1e618cpino1ox0bld|03|com"; nocase; ) # f50kviegol511i5r8yjor3ufh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f50kviegol511i5r8yjor3ufh|03|org"; nocase; ) # 3rkghk1ba1whcqkxkvm135gupg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rkghk1ba1whcqkxkvm135gupg|03|net"; nocase; ) # 1s1w59c18oyj6zvrvsznpipeyp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s1w59c18oyj6zvrvsznpipeyp|03|org"; nocase; ) # 1pen2oso4513012jnl08yui99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pen2oso4513012jnl08yui99|03|org"; nocase; ) # 173kjhd15hb1o2sb9j3v11rczva.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173kjhd15hb1o2sb9j3v11rczva|03|com"; nocase; ) # s51tsk16n801u1hq53y23brzcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s51tsk16n801u1hq53y23brzcr|03|org"; nocase; ) # 1bov1ubjj5frv178hla0kmmnx6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bov1ubjj5frv178hla0kmmnx6|03|net"; nocase; ) # edjjv51cpid6h1iadrh01b97my6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|edjjv51cpid6h1iadrh01b97my6|03|net"; nocase; ) # qgnxrxjuxa01tfo1tu1kb9gy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qgnxrxjuxa01tfo1tu1kb9gy|03|org"; nocase; ) # 1cl8vyk74ssnklk94mn1tgt51w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cl8vyk74ssnklk94mn1tgt51w|03|com"; nocase; ) # 14onnujkbfqbs1skrwss1417don.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14onnujkbfqbs1skrwss1417don|03|org"; nocase; ) # 19okrsj1dzsk3x1len53hhtdrup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19okrsj1dzsk3x1len53hhtdrup|03|com"; nocase; ) # hxovjg16qz4we192wmsb168q4dd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hxovjg16qz4we192wmsb168q4dd|03|net"; nocase; ) # 1cyr7kd16tsgqo1o8qdpm14dyw09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cyr7kd16tsgqo1o8qdpm14dyw09|03|org"; nocase; ) # spmkw48ivevc1xyhr6t1buwmsm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|spmkw48ivevc1xyhr6t1buwmsm|03|net"; nocase; ) # 3e27ndswp10d63vogq1qd1ype.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3e27ndswp10d63vogq1qd1ype|03|org"; nocase; ) # 13q88v91sw0qfog9t5la1iswo6t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13q88v91sw0qfog9t5la1iswo6t|03|biz"; nocase; ) # t51wav18yl3td1wwx5al1xz9vts.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t51wav18yl3td1wwx5al1xz9vts|03|com"; nocase; ) # 1fraoyo1nzzz0yornqwl1mepkbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fraoyo1nzzz0yornqwl1mepkbi|03|org"; nocase; ) # 1m5h7wpplsgsmbub1zv1n2vt69.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m5h7wpplsgsmbub1zv1n2vt69|03|org"; nocase; ) # 1fw214u16b3nomk7305314m4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fw214u16b3nomk7305314m4c|03|net"; nocase; ) # 1pe5y8n76j6cg19ayocy1ype21w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pe5y8n76j6cg19ayocy1ype21w|03|org"; nocase; ) # 1gtb9npyxuoz018wym1iys4pli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gtb9npyxuoz018wym1iys4pli|03|com"; nocase; ) # 1p614p2ygm1ai1epf550r68ioj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p614p2ygm1ai1epf550r68ioj|03|net"; nocase; ) # tylb2z51b4kx1hf9zg2ae8xea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tylb2z51b4kx1hf9zg2ae8xea|03|net"; nocase; ) # 16ncvej2if9js1nt1nrdbmsnpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16ncvej2if9js1nt1nrdbmsnpb|03|net"; nocase; ) # 16h7cbv1nssnf73h8osq1q2asqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16h7cbv1nssnf73h8osq1q2asqf|03|net"; nocase; ) # 1wdoqcf1wmvbon1nje7iv12po0d2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wdoqcf1wmvbon1nje7iv12po0d2|03|biz"; nocase; ) # 1u19h3jvd5g31kyturtulvpjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u19h3jvd5g31kyturtulvpjm|03|org"; nocase; ) # 6e6aziwxgsfk1qrjjppr8yew3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6e6aziwxgsfk1qrjjppr8yew3|03|com"; nocase; ) # 2cy28d1jkncz742ghqxtxvoo1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2cy28d1jkncz742ghqxtxvoo1|03|org"; nocase; ) # 1yhhpos1pjp7wkh2lux17ye47c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhhpos1pjp7wkh2lux17ye47c|03|biz"; nocase; ) # 158erq5p6d65i1omwqzlp2q8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|158erq5p6d65i1omwqzlp2q8d|03|org"; nocase; ) # 1kxmyih1h0xfozh9hcno1nouezz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kxmyih1h0xfozh9hcno1nouezz|03|net"; nocase; ) # 12g2uixmkpqv5108gke711a3rsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12g2uixmkpqv5108gke711a3rsp|03|org"; nocase; ) # j2kltl87fwlnduoln1bmypap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j2kltl87fwlnduoln1bmypap|03|biz"; nocase; ) # 113391ytqw8f1uiop8odgyo8r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|113391ytqw8f1uiop8odgyo8r|03|biz"; nocase; ) # 7i7irf1eq6prw1r5cjir1kblt16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7i7irf1eq6prw1r5cjir1kblt16|03|net"; nocase; ) # iopx3lx33q7ptqu3sl1ba8tdi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iopx3lx33q7ptqu3sl1ba8tdi|03|org"; nocase; ) # h2xk2xc3ziwyd5c2hm1rpolqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h2xk2xc3ziwyd5c2hm1rpolqy|03|com"; nocase; ) # 1sxayko1ntxifq1n9ltt21imuy7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sxayko1ntxifq1n9ltt21imuy7v|03|com"; nocase; ) # 1sdnd7l18bqzwg19wluzm1iiizkv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sdnd7l18bqzwg19wluzm1iiizkv|03|net"; nocase; ) # 121y9c916jyqao1n6ggnq1ab8how.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|121y9c916jyqao1n6ggnq1ab8how|03|net"; nocase; ) # 1g96shz1nqqqvk1iz2k0aimllkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g96shz1nqqqvk1iz2k0aimllkt|03|org"; nocase; ) # b9vmp3155lf181tclnvc7msol3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9vmp3155lf181tclnvc7msol3|03|org"; nocase; ) # 7w7c6sxg1w02wgersg1t061gi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7w7c6sxg1w02wgersg1t061gi|03|com"; nocase; ) # 1bbm7h1mnfdq1r2tze61alv1nm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bbm7h1mnfdq1r2tze61alv1nm|03|com"; nocase; ) # nqtexu1pmop0p1bdkhd51q65mtx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nqtexu1pmop0p1bdkhd51q65mtx|03|biz"; nocase; ) # 7iuyqgvcfnbf1h8k2sbx6n48z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7iuyqgvcfnbf1h8k2sbx6n48z|03|net"; nocase; ) # wktdovhnsjfh1ffftz4102s20w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wktdovhnsjfh1ffftz4102s20w|03|com"; nocase; ) # 1jwmsvfi00z34sf5i9m7h97fr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jwmsvfi00z34sf5i9m7h97fr|03|net"; nocase; ) # c0juew1bzornr16wiq93u4jwul.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c0juew1bzornr16wiq93u4jwul|03|org"; nocase; ) # r8z5eb142g37v1egyke7ba1m7p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r8z5eb142g37v1egyke7ba1m7p|03|org"; nocase; ) # wp6m897nrabf19zhk2r1f3fbln.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wp6m897nrabf19zhk2r1f3fbln|03|net"; nocase; ) # wn52aascf56y1ezp6sc1yt8hfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wn52aascf56y1ezp6sc1yt8hfl|03|net"; nocase; ) # 26cuci8lfqde195jnh61bliwex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|26cuci8lfqde195jnh61bliwex|03|biz"; nocase; ) # 3bln4qq7nwpncs8ghr1my9c4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3bln4qq7nwpncs8ghr1my9c4b|03|net"; nocase; ) # 1iwqiqs1g2w51l1lfou7o1062b8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iwqiqs1g2w51l1lfou7o1062b8c|03|com"; nocase; ) # 11npbsnahwm12401dn1wuq6mj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11npbsnahwm12401dn1wuq6mj|03|net"; nocase; ) # 1hx63zgbe09qa1q0yzk5uktjqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hx63zgbe09qa1q0yzk5uktjqq|03|biz"; nocase; ) # 1mu95818g9fcj6q16i21m37p8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mu95818g9fcj6q16i21m37p8h|03|org"; nocase; ) # ku6sdxgx8dvrxn2e6s51r38p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ku6sdxgx8dvrxn2e6s51r38p|03|org"; nocase; ) # 1by6sf1q6ch1lnbgz1c6y5yjv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1by6sf1q6ch1lnbgz1c6y5yjv|03|biz"; nocase; ) # n32s5f1wl2st21gug2b6gupxc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n32s5f1wl2st21gug2b6gupxc3|03|net"; nocase; ) # 4j8sxym9syie1jmp0h81cuxs8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4j8sxym9syie1jmp0h81cuxs8n|03|biz"; nocase; ) # 1a6ardg1hwq1hg20ffh1vyg60z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6ardg1hwq1hg20ffh1vyg60z|03|net"; nocase; ) # uaec2p15rek6jvyudr119bk6d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uaec2p15rek6jvyudr119bk6d|03|org"; nocase; ) # 16wah2h1ufp1nw49qlgr4j1ri3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wah2h1ufp1nw49qlgr4j1ri3|03|org"; nocase; ) # 1q8yj0u1iu7c6tjv67kf1twhamf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q8yj0u1iu7c6tjv67kf1twhamf|03|org"; nocase; ) # ctqtj9h80ukjvfy56i1l8ho1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctqtj9h80ukjvfy56i1l8ho1q|03|org"; nocase; ) # v8h7bddhpt31rwm1cg1jztsrh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v8h7bddhpt31rwm1cg1jztsrh|03|biz"; nocase; ) # 16va5wg1lxa1fp11zc98m1pm8iro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16va5wg1lxa1fp11zc98m1pm8iro|03|com"; nocase; ) # 3b0lmu1n451ch1wlyuut7z665b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3b0lmu1n451ch1wlyuut7z665b|03|org"; nocase; ) # 1lo9ep5ghnoyv1r1hcjze5wa0n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lo9ep5ghnoyv1r1hcjze5wa0n|03|net"; nocase; ) # bvr572vuq3p2leymaty6sdsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bvr572vuq3p2leymaty6sdsc|03|net"; nocase; ) # jido2fucfy8e3qyv0412wfr38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jido2fucfy8e3qyv0412wfr38|03|org"; nocase; ) # 1m1ejad8762ll1odeke3yury2x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1ejad8762ll1odeke3yury2x|03|com"; nocase; ) # 1kgamn618af1um8oznw11glm8n3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kgamn618af1um8oznw11glm8n3|03|org"; nocase; ) # 4zjh811lqdio110ar7fl1sj68bf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4zjh811lqdio110ar7fl1sj68bf|03|biz"; nocase; ) # r2588j19h91c512brf8121ej2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r2588j19h91c512brf8121ej2p|03|biz"; nocase; ) # yf0l7k1suyjea18w6h8q1saw509.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yf0l7k1suyjea18w6h8q1saw509|03|org"; nocase; ) # akvb0lu783fg19f0ylr15ttrvl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|akvb0lu783fg19f0ylr15ttrvl|03|net"; nocase; ) # 1rt3vph1k5vpu5rjsyk6129e90w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rt3vph1k5vpu5rjsyk6129e90w|03|com"; nocase; ) # 1kr06re1upu9im2thfo61si6gis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kr06re1upu9im2thfo61si6gis|03|com"; nocase; ) # 10r3pi812limc9180bls1rydru8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10r3pi812limc9180bls1rydru8|03|net"; nocase; ) # 5hfmbm13pcdbhi97ig61odrx9s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5hfmbm13pcdbhi97ig61odrx9s|03|org"; nocase; ) # dxczg01qhiluo1pfzgcq1wvdzy6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dxczg01qhiluo1pfzgcq1wvdzy6|03|org"; nocase; ) # exqil56w0l59n54brj113dnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|exqil56w0l59n54brj113dnh|03|org"; nocase; ) # w3ouso12gyv2olp96bxvmyn2r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w3ouso12gyv2olp96bxvmyn2r|03|com"; nocase; ) # ba9r3h5i6qcd1exlo9j94llh0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ba9r3h5i6qcd1exlo9j94llh0|03|com"; nocase; ) # fmpg5r1tckjrw1ut9sve86yz7f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fmpg5r1tckjrw1ut9sve86yz7f|03|org"; nocase; ) # gwn35ed8tpg44hlsnwaab0ir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gwn35ed8tpg44hlsnwaab0ir|03|com"; nocase; ) # 1e4vkp01epcb31mmjsqt1j51i4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e4vkp01epcb31mmjsqt1j51i4n|03|net"; nocase; ) # tailym12lo8t9ygny461n2ev47.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tailym12lo8t9ygny461n2ev47|03|net"; nocase; ) # 1ycs5nv1ujjllopks7k75id7tw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ycs5nv1ujjllopks7k75id7tw|03|org"; nocase; ) # 1u7u8zh1903orw291rcz3f0lfs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u7u8zh1903orw291rcz3f0lfs|03|net"; nocase; ) # 17hczq11yy50z5iwh94n1qfa1bl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17hczq11yy50z5iwh94n1qfa1bl|03|com"; nocase; ) # 1gxvs2h8ym9go1pl42141o3707b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gxvs2h8ym9go1pl42141o3707b|03|org"; nocase; ) # 1fn0bqz1sowe7b1589emgx5w0hv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fn0bqz1sowe7b1589emgx5w0hv|03|org"; nocase; ) # 5e1o0m1bzwcpl62imw3pr3dpr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5e1o0m1bzwcpl62imw3pr3dpr|03|net"; nocase; ) # owlrheb1wwvfemlzk3t7ji23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|owlrheb1wwvfemlzk3t7ji23|03|net"; nocase; ) # 1evalb6zn55bt58up3g1y7ff3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evalb6zn55bt58up3g1y7ff3s|03|com"; nocase; ) # g6b2ew1onxx4564hdxjav3fn1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6b2ew1onxx4564hdxjav3fn1|03|com"; nocase; ) # ct4m1b1s7lsfm1hhj07h17hv487.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ct4m1b1s7lsfm1hhj07h17hv487|03|net"; nocase; ) # 10wpajvdq1xgg1gun8x4p6qxxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wpajvdq1xgg1gun8x4p6qxxv|03|net"; nocase; ) # 1plwgkbxdjijg1vvhsna21qg78.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1plwgkbxdjijg1vvhsna21qg78|03|biz"; nocase; ) # 1v2v22617ghf5gtyrkca1shyhm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2v22617ghf5gtyrkca1shyhm|03|org"; nocase; ) # 179qombxio9pkyzfyv3ghvi9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|179qombxio9pkyzfyv3ghvi9f|03|net"; nocase; ) # 1d4zb3rmbjdwm1qkl6sx1otfbun.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4zb3rmbjdwm1qkl6sx1otfbun|03|biz"; nocase; ) # 1fcf9l25hz7zl1ivpy5eg7vxdz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fcf9l25hz7zl1ivpy5eg7vxdz|03|org"; nocase; ) # kwv7yqn5zytt16kncyrjo62nu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kwv7yqn5zytt16kncyrjo62nu|03|com"; nocase; ) # v3qtav1u2p2i7hetjqevomy95.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v3qtav1u2p2i7hetjqevomy95|03|biz"; nocase; ) # 19ghycipmatis13s62j59lye5g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ghycipmatis13s62j59lye5g|03|com"; nocase; ) # 1x83ctz1eh6ouk12a4iyeb72njc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x83ctz1eh6ouk12a4iyeb72njc|03|net"; nocase; ) # f81kk9ypy5csmm779wsrvj47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f81kk9ypy5csmm779wsrvj47|03|org"; nocase; ) # 1piit5w5amdl51qjwo3d16isg0v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1piit5w5amdl51qjwo3d16isg0v|03|org"; nocase; ) # lxi9p61jqukch43cqf4dus40n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lxi9p61jqukch43cqf4dus40n|03|biz"; nocase; ) # 2cjtsy1ewq1a81bg1cow6qvj0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cjtsy1ewq1a81bg1cow6qvj0w|03|net"; nocase; ) # 1f9oqo7wxwu87ahl67rdlhox7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f9oqo7wxwu87ahl67rdlhox7|03|org"; nocase; ) # 12r05xcbatf0r1o1xuvv1ra087n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12r05xcbatf0r1o1xuvv1ra087n|03|biz"; nocase; ) # mqq8skowvdg695xp9r14gwmna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqq8skowvdg695xp9r14gwmna|03|com"; nocase; ) # 1trxc5or0umu91xfiu3l1dmajnb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1trxc5or0umu91xfiu3l1dmajnb|03|org"; nocase; ) # 84r4tnyndqsa1prd1jaeilylu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|84r4tnyndqsa1prd1jaeilylu|03|net"; nocase; ) # 1b3qpt63xys971949x9uwupt51.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3qpt63xys971949x9uwupt51|03|net"; nocase; ) # tduv4okj9ivghvxfweuo9ikn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tduv4okj9ivghvxfweuo9ikn|03|net"; nocase; ) # nla3r71yc3zc73b1ef1hbuna6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nla3r71yc3zc73b1ef1hbuna6|03|org"; nocase; ) # rnuf541belvviegvxqgvzlwmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rnuf541belvviegvxqgvzlwmr|03|com"; nocase; ) # 4f82tk1ra16mv8pdf3wk3m7iu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4f82tk1ra16mv8pdf3wk3m7iu|03|com"; nocase; ) # z1vtzs1u6d9l11euk9no129gmwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z1vtzs1u6d9l11euk9no129gmwo|03|org"; nocase; ) # 1nrtr57tfm2c93wqket9izt7x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nrtr57tfm2c93wqket9izt7x|03|net"; nocase; ) # x1iir9ztsytiiwf5gl152h2p0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1iir9ztsytiiwf5gl152h2p0|03|biz"; nocase; ) # 1tiv4g01m2afup1vlcrqd14h5hn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tiv4g01m2afup1vlcrqd14h5hn7|03|net"; nocase; ) # oe9dme1ceb04p1pdn5na3nsi3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oe9dme1ceb04p1pdn5na3nsi3m|03|org"; nocase; ) # 1888x25c1q91qa7jq6e18k18oc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1888x25c1q91qa7jq6e18k18oc|03|biz"; nocase; ) # rcw9qe2nh0n0ai0oottpsz29.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rcw9qe2nh0n0ai0oottpsz29|03|net"; nocase; ) # ecgvobckxdlv18n4k931kogdh8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecgvobckxdlv18n4k931kogdh8|03|com"; nocase; ) # 1x1uqtog82y7d1a8dhie1e5my9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1uqtog82y7d1a8dhie1e5my9x|03|net"; nocase; ) # 1lokhn6cixy5l19yfm75wycg5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lokhn6cixy5l19yfm75wycg5q|03|com"; nocase; ) # 11wnlbl10gha5dlu8jj31kdwqvj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11wnlbl10gha5dlu8jj31kdwqvj|03|net"; nocase; ) # 1siqlaq1rqrecm194xdnxy2nu4c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1siqlaq1rqrecm194xdnxy2nu4c|03|org"; nocase; ) # ogspqt1p5b301c43xbo1azn1up.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ogspqt1p5b301c43xbo1azn1up|03|com"; nocase; ) # 19zg3lhvxmag21vbqscg1myj853.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19zg3lhvxmag21vbqscg1myj853|03|org"; nocase; ) # 1fry55kst1rre1e7k1x27l9jyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fry55kst1rre1e7k1x27l9jyi|03|com"; nocase; ) # ha63t9146u1mi1vz2q6vwp924.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ha63t9146u1mi1vz2q6vwp924|03|org"; nocase; ) # 1ppmg6012i2npr1850vuoiyfdfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ppmg6012i2npr1850vuoiyfdfg|03|com"; nocase; ) # j9ks3i1qc4hfd1va73801org39d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j9ks3i1qc4hfd1va73801org39d|03|net"; nocase; ) # kksj9kxwzzgrs3a2s71uth378.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kksj9kxwzzgrs3a2s71uth378|03|com"; nocase; ) # ihrgzkgvoq3gznt742u6zsju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ihrgzkgvoq3gznt742u6zsju|03|biz"; nocase; ) # u8volseoj0on1whi91t1uaw7oc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u8volseoj0on1whi91t1uaw7oc|03|net"; nocase; ) # gfzwt71ubrxqqdtmy5m3dc7ut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gfzwt71ubrxqqdtmy5m3dc7ut|03|com"; nocase; ) # 15t5zy2bnfohigxc60z1ylpujw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15t5zy2bnfohigxc60z1ylpujw|03|com"; nocase; ) # 1169xfyrte99f17tj43i1u51dle.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1169xfyrte99f17tj43i1u51dle|03|biz"; nocase; ) # 2gaz9t1jn02gl1xvkk8512xeahb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2gaz9t1jn02gl1xvkk8512xeahb|03|com"; nocase; ) # 1r60qmv1iwop12nv6k8a4vpjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r60qmv1iwop12nv6k8a4vpjc|03|net"; nocase; ) # 7j4uyfphz7qv1qk0d96ebx3mk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7j4uyfphz7qv1qk0d96ebx3mk|03|com"; nocase; ) # 1qle8at4d5srpd73yfckcx6sz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qle8at4d5srpd73yfckcx6sz|03|org"; nocase; ) # oib62x6mv2yo1ap6a3ouktaw9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oib62x6mv2yo1ap6a3ouktaw9|03|biz"; nocase; ) # jwxdlr14g57imx7mclt18444tj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jwxdlr14g57imx7mclt18444tj|03|com"; nocase; ) # mlaijl1syulg6gi6xag17l8ya1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mlaijl1syulg6gi6xag17l8ya1|03|biz"; nocase; ) # 1cdtwqo9vqnhl7kw48x3n8ect.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cdtwqo9vqnhl7kw48x3n8ect|03|net"; nocase; ) # j32g3w1fpdz344q0aqazxq9ut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j32g3w1fpdz344q0aqazxq9ut|03|org"; nocase; ) # 6a9apwkofpq1sixumy1mmc96d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6a9apwkofpq1sixumy1mmc96d|03|net"; nocase; ) # c3aycx7twgaj1jm02gg1abbyft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c3aycx7twgaj1jm02gg1abbyft|03|net"; nocase; ) # li8r9bpwn98sw3e2368f2hbg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|li8r9bpwn98sw3e2368f2hbg|03|biz"; nocase; ) # 1789pbyz31bhcslwvtl1pxqijc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1789pbyz31bhcslwvtl1pxqijc|03|net"; nocase; ) # 59v0q3brf1ccg1kd5rjr313f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|59v0q3brf1ccg1kd5rjr313f|03|net"; nocase; ) # 1tsuwd0kwpzv01ns2czu7larbv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tsuwd0kwpzv01ns2czu7larbv|03|biz"; nocase; ) # 1q43ssk1yt8v41guyz711t2fkfs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q43ssk1yt8v41guyz711t2fkfs|03|net"; nocase; ) # u2yis81wa00su13241ah1ixpzxc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u2yis81wa00su13241ah1ixpzxc|03|biz"; nocase; ) # 1vkrrll1no2bml119bwvqxy1jm7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vkrrll1no2bml119bwvqxy1jm7|03|org"; nocase; ) # o7zba11mg6jblznkhn1siw8yu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o7zba11mg6jblznkhn1siw8yu|03|com"; nocase; ) # cwquhxolxgsufiltp152bego.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cwquhxolxgsufiltp152bego|03|biz"; nocase; ) # r70d641uyomxx1yo7q18va0pwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r70d641uyomxx1yo7q18va0pwe|03|net"; nocase; ) # 1b0yiaa1mnl71c5ez0hm16qbeas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b0yiaa1mnl71c5ez0hm16qbeas|03|net"; nocase; ) # 1qdccoy16mqee41t4nyk0ofbrea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdccoy16mqee41t4nyk0ofbrea|03|com"; nocase; ) # k5v1cb59a2bq1v7q03wi54ykc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5v1cb59a2bq1v7q03wi54ykc|03|net"; nocase; ) # 1xdr5pioanrynbj97bh1y6qw85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xdr5pioanrynbj97bh1y6qw85|03|net"; nocase; ) # 17bceq54bezvm17idl6r7w6xlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17bceq54bezvm17idl6r7w6xlt|03|org"; nocase; ) # 1rbrevnpkfcni1sbsu1kmd38x8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rbrevnpkfcni1sbsu1kmd38x8|03|net"; nocase; ) # 7k72l11bftn3s18f0u9hoeyzsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7k72l11bftn3s18f0u9hoeyzsq|03|org"; nocase; ) # 1nf6b3f1a6f2i4v9a0s11mrz5ej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nf6b3f1a6f2i4v9a0s11mrz5ej|03|net"; nocase; ) # 1xljq2w1702ut11sq3d731dejn26.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xljq2w1702ut11sq3d731dejn26|03|com"; nocase; ) # 1sudyy8c9fvw1ccgvnb12904j4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sudyy8c9fvw1ccgvnb12904j4|03|org"; nocase; ) # 13rmqf41lonjegqcfhwz15v88a3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13rmqf41lonjegqcfhwz15v88a3|03|net"; nocase; ) # 9kjozl1lr0ehn1qs4zoj14vzg9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9kjozl1lr0ehn1qs4zoj14vzg9u|03|com"; nocase; ) # 57wt6hzcpe8k1oxyj6w2k3bm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|57wt6hzcpe8k1oxyj6w2k3bm9|03|net"; nocase; ) # fgye8syrx0jlt1f7kmow4ryu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fgye8syrx0jlt1f7kmow4ryu|03|com"; nocase; ) # belhfyjovkzn10gwsvr1fnpfwv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|belhfyjovkzn10gwsvr1fnpfwv|03|biz"; nocase; ) # byhhs2163p3vf1j5ye6qdfm1bq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|byhhs2163p3vf1j5ye6qdfm1bq|03|net"; nocase; ) # 1bzrshhhwgpdq1lea0os2to36b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bzrshhhwgpdq1lea0os2to36b|03|net"; nocase; ) # c5a0kz1kckq2745emcy31u214.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c5a0kz1kckq2745emcy31u214|03|com"; nocase; ) # 3h3zw317waqgl4js8aw1sax1w0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3h3zw317waqgl4js8aw1sax1w0|03|org"; nocase; ) # 16fxozt4dujomhfn5ke1dv1al8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16fxozt4dujomhfn5ke1dv1al8|03|org"; nocase; ) # pcoyeh1mgs5qu1bwu6yo6pb6hb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pcoyeh1mgs5qu1bwu6yo6pb6hb|03|org"; nocase; ) # 1xjntd2jvhktq15u522c14yiq5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xjntd2jvhktq15u522c14yiq5e|03|net"; nocase; ) # 5p68ge3y2gj81pey500imzcnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5p68ge3y2gj81pey500imzcnc|03|net"; nocase; ) # 1ujlgeo1d4qdc1hqyvl31nf31pw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujlgeo1d4qdc1hqyvl31nf31pw|03|com"; nocase; ) # 11vfu9gq6uwv1n3642y1xb40ni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11vfu9gq6uwv1n3642y1xb40ni|03|net"; nocase; ) # er1ae61x8kkuph083u1sz9qek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|er1ae61x8kkuph083u1sz9qek|03|biz"; nocase; ) # 1773ywckandyn1bqdl461oynk9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1773ywckandyn1bqdl461oynk9r|03|com"; nocase; ) # wgyhmlxd76pzl5c3k91b36riq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wgyhmlxd76pzl5c3k91b36riq|03|org"; nocase; ) # 1sr2efcnb9buvkgucwy1coloux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sr2efcnb9buvkgucwy1coloux|03|org"; nocase; ) # zoe9d3zpgqzywbnr7tbd4drn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zoe9d3zpgqzywbnr7tbd4drn|03|net"; nocase; ) # 1qwfa5j1b7l0aa1vr3b013rbyif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwfa5j1b7l0aa1vr3b013rbyif|03|com"; nocase; ) # 19qp5dwch5u6s1mt2wo21nzuowb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19qp5dwch5u6s1mt2wo21nzuowb|03|net"; nocase; ) # c2hjnza46usrpaefdjlkn7up.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c2hjnza46usrpaefdjlkn7up|03|org"; nocase; ) # jkysjk1hl0w4n14ytb5k1ipx6c3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jkysjk1hl0w4n14ytb5k1ipx6c3|03|net"; nocase; ) # 1ih8qwa18sgs8w37ckwshsf0w8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ih8qwa18sgs8w37ckwshsf0w8|03|net"; nocase; ) # crszr411acsdalq4qnnad88sr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|crszr411acsdalq4qnnad88sr|03|net"; nocase; ) # at0tlf10ghv9fqmn0xm11lce2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|at0tlf10ghv9fqmn0xm11lce2b|03|net"; nocase; ) # 1h1fwrc8virq3ak0oitzdtybm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h1fwrc8virq3ak0oitzdtybm|03|com"; nocase; ) # 1p365bnoau5qa64cigxzw5rlr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p365bnoau5qa64cigxzw5rlr|03|net"; nocase; ) # lhiogv1o9isya132x89db2lg92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhiogv1o9isya132x89db2lg92|03|org"; nocase; ) # 18ekr6910wlc0g4514lp1lwwr81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ekr6910wlc0g4514lp1lwwr81|03|net"; nocase; ) # ui5o1718fix8t1tvmzxd1xdk1vj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ui5o1718fix8t1tvmzxd1xdk1vj|03|com"; nocase; ) # uiuvdd1iivhe8iaxmpjxu2f1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uiuvdd1iivhe8iaxmpjxu2f1w|03|net"; nocase; ) # j30abk9e19bu1jju7k11ml8kga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j30abk9e19bu1jju7k11ml8kga|03|org"; nocase; ) # kqgd4jfjlmzk198s9apck4eju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kqgd4jfjlmzk198s9apck4eju|03|org"; nocase; ) # 1lml5rr1nouku5ajvt1evtyiel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lml5rr1nouku5ajvt1evtyiel|03|com"; nocase; ) # 19o7cigm3wn05955e4clc1evq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19o7cigm3wn05955e4clc1evq|03|org"; nocase; ) # et5v1019cbfgs8tgmfo1603acm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|et5v1019cbfgs8tgmfo1603acm|03|org"; nocase; ) # 1gdzoet1wf1umpmxutw313tmkhk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gdzoet1wf1umpmxutw313tmkhk|03|com"; nocase; ) # 1e5vgxptmptiwkao9mf1blbgeg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5vgxptmptiwkao9mf1blbgeg|03|org"; nocase; ) # 13a8krs1st70ig6ii1k91s3dpm9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13a8krs1st70ig6ii1k91s3dpm9|03|com"; nocase; ) # zmmmla1wpwcil1iv4mpa1e9fubg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zmmmla1wpwcil1iv4mpa1e9fubg|03|net"; nocase; ) # dyhbhznlf1u41dcg4nzb4o5n7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dyhbhznlf1u41dcg4nzb4o5n7|03|org"; nocase; ) # 1xl9cue1sz9b0913edf9t1ujvs68.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xl9cue1sz9b0913edf9t1ujvs68|03|biz"; nocase; ) # 1sgxs3rqf07q5108kpm51tklcq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sgxs3rqf07q5108kpm51tklcq7|03|biz"; nocase; ) # 232i8wvqs2snw31fj4sjjuae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|232i8wvqs2snw31fj4sjjuae|03|net"; nocase; ) # 1gw4gq0pzcxacc03oti1jasgkl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gw4gq0pzcxacc03oti1jasgkl|03|biz"; nocase; ) # 13tvg66xut98akoe3h11vdwys5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13tvg66xut98akoe3h11vdwys5|03|com"; nocase; ) # 1xk4ws113sl493rz4ucf15gw025.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xk4ws113sl493rz4ucf15gw025|03|com"; nocase; ) # 1kfno704fzgpu7n13cx1u3bf6a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfno704fzgpu7n13cx1u3bf6a|03|com"; nocase; ) # 1vz5b8sdq1gi31s3dyndctmtgv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vz5b8sdq1gi31s3dyndctmtgv|03|net"; nocase; ) # 1tglhmcowb8k1130cssx1yodf6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tglhmcowb8k1130cssx1yodf6n|03|org"; nocase; ) # 1gpjqrhvd21tg1n91gbb17iyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpjqrhvd21tg1n91gbb17iyb|03|org"; nocase; ) # 1d7hinoufm9r8k8gmn7pbwaw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d7hinoufm9r8k8gmn7pbwaw2|03|net"; nocase; ) # 1k20kengfxsrcq3xs6taudy0f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k20kengfxsrcq3xs6taudy0f|03|biz"; nocase; ) # hy3u93ex8ysu14wns4g1yhzj74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hy3u93ex8ysu14wns4g1yhzj74|03|net"; nocase; ) # 1v8avzw4quimt1uwdy2l1348bv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8avzw4quimt1uwdy2l1348bv5|03|org"; nocase; ) # 1xj6i9gyxhaz91hpo6pq1lcm121.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xj6i9gyxhaz91hpo6pq1lcm121|03|biz"; nocase; ) # 1w3a00k1r1mgtuok0n45a9x8h6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w3a00k1r1mgtuok0n45a9x8h6|03|net"; nocase; ) # 1n6q4q71aoenis32s7r71plq3r8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n6q4q71aoenis32s7r71plq3r8|03|org"; nocase; ) # 1fpk9v8e9ugid5wuvyck9mpq3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fpk9v8e9ugid5wuvyck9mpq3|03|biz"; nocase; ) # b63uhe104w91612yn25t113fv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b63uhe104w91612yn25t113fv2|03|net"; nocase; ) # 19l70nw16rb1h3yx89djbolr5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19l70nw16rb1h3yx89djbolr5g|03|net"; nocase; ) # 13agoppe30yab2mbb0t1fmfo2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13agoppe30yab2mbb0t1fmfo2m|03|net"; nocase; ) # rpo8o8emr01x11imu1wcspv0s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rpo8o8emr01x11imu1wcspv0s|03|com"; nocase; ) # 1uexg6b1q47q18fhdit1dm9n0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uexg6b1q47q18fhdit1dm9n0y|03|net"; nocase; ) # tk59lff9mnbv1xjc24atrqpw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tk59lff9mnbv1xjc24atrqpw5|03|net"; nocase; ) # 399ovn1aojei1rsvxfuor8zka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|399ovn1aojei1rsvxfuor8zka|03|net"; nocase; ) # 104dmax1mmpdjd1o4g7pdifdubj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|104dmax1mmpdjd1o4g7pdifdubj|03|biz"; nocase; ) # gitei91gkonqj1kxv60mrf0isa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gitei91gkonqj1kxv60mrf0isa|03|biz"; nocase; ) # 1k6tywb4lmf6d1ao93eooapji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k6tywb4lmf6d1ao93eooapji|03|com"; nocase; ) # 23eznw1gtgxda1o8nk281tz87jj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|23eznw1gtgxda1o8nk281tz87jj|03|biz"; nocase; ) # 1d6rw6v19dptaic6ilwd1qnxx7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d6rw6v19dptaic6ilwd1qnxx7i|03|com"; nocase; ) # 1w2m0o38py31pqumzgu1jev8me.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w2m0o38py31pqumzgu1jev8me|03|com"; nocase; ) # 1ovdgj3m46fiz826eqj707wk3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ovdgj3m46fiz826eqj707wk3|03|net"; nocase; ) # 138ay9p1qgaw741gy91no139blkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|138ay9p1qgaw741gy91no139blkd|03|com"; nocase; ) # 1k5k80svlsn3qfybwd21u30v4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k5k80svlsn3qfybwd21u30v4t|03|org"; nocase; ) # 1wi51z6pjvdcr1oyxp451pzs7xb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi51z6pjvdcr1oyxp451pzs7xb|03|biz"; nocase; ) # 1mxzxe1cud24prfrjdc12my6i5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mxzxe1cud24prfrjdc12my6i5|03|net"; nocase; ) # 1ofx37it44hqj13dq5db2wwyyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ofx37it44hqj13dq5db2wwyyu|03|com"; nocase; ) # jj8h7i1rys32r10yqes9a6fysk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jj8h7i1rys32r10yqes9a6fysk|03|com"; nocase; ) # cm7et71wo2kt8zzxhevk326z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cm7et71wo2kt8zzxhevk326z|03|org"; nocase; ) # 5gxn410r10rh1bz10cw15rr6i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5gxn410r10rh1bz10cw15rr6i|03|biz"; nocase; ) # er45tc183orz11rnn1xoeg3hhh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|er45tc183orz11rnn1xoeg3hhh|03|com"; nocase; ) # 1u5e3jg1x206rwk215sh1bh7xtd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u5e3jg1x206rwk215sh1bh7xtd|03|biz"; nocase; ) # 11nu43t1hyayon1swzym9njctlo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nu43t1hyayon1swzym9njctlo|03|net"; nocase; ) # 9fujpe16f21v21dw36pxbxsh48.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9fujpe16f21v21dw36pxbxsh48|03|org"; nocase; ) # 1bn1cea140yhiw19gxh712ddfgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bn1cea140yhiw19gxh712ddfgb|03|org"; nocase; ) # lji96ymdnv7l1bu8vpk1l7109f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lji96ymdnv7l1bu8vpk1l7109f|03|org"; nocase; ) # 13dvoyj1szzdp61c5dbaz9h1wk1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13dvoyj1szzdp61c5dbaz9h1wk1|03|biz"; nocase; ) # 4b7166z9i3bw1my0h24vcxfvt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4b7166z9i3bw1my0h24vcxfvt|03|net"; nocase; ) # ptpda1v5y2001sghb3wuyr0be.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ptpda1v5y2001sghb3wuyr0be|03|com"; nocase; ) # 193jr2x1frbpuj9582cr1eerjz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|193jr2x1frbpuj9582cr1eerjz0|03|org"; nocase; ) # 1oq8nsu2h9lyqi1wis610dla2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oq8nsu2h9lyqi1wis610dla2v|03|biz"; nocase; ) # 1jvdmojykqei7wt6uza6hl7ro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jvdmojykqei7wt6uza6hl7ro|03|org"; nocase; ) # s8y5321s7tci0fiwk0dcnn88v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s8y5321s7tci0fiwk0dcnn88v|03|net"; nocase; ) # 1eyj6j514nb9zf1aro3klgypdh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eyj6j514nb9zf1aro3klgypdh0|03|org"; nocase; ) # 2ir3x918y7v4altg1h3c20p77.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ir3x918y7v4altg1h3c20p77|03|com"; nocase; ) # 1epz4t11hr5aqj1j7xqcbocil6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epz4t11hr5aqj1j7xqcbocil6w|03|net"; nocase; ) # 1yj0rq21i2yvajruvbbsg64qcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yj0rq21i2yvajruvbbsg64qcy|03|net"; nocase; ) # 1ospsaa1my47uv1tor2kj1tqxiyx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ospsaa1my47uv1tor2kj1tqxiyx|03|biz"; nocase; ) # 14s9vdu1iyx581kf45n17zyjwz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14s9vdu1iyx581kf45n17zyjwz|03|net"; nocase; ) # 1paiidlibrvnxml4u6m5dinfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1paiidlibrvnxml4u6m5dinfw|03|com"; nocase; ) # 35vywx9hkxpaqvf1gxmmfddm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|35vywx9hkxpaqvf1gxmmfddm|03|net"; nocase; ) # 13ysawh11sgx9ss566ag15dpe26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ysawh11sgx9ss566ag15dpe26|03|org"; nocase; ) # 1ch6ooo8thste1aj3p9h8rnjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ch6ooo8thste1aj3p9h8rnjb|03|net"; nocase; ) # 1r5r35c1ei68kzyh33eyk8i2ge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r5r35c1ei68kzyh33eyk8i2ge|03|biz"; nocase; ) # 1n8xbgn1sstxa25pm9d41qcs790.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n8xbgn1sstxa25pm9d41qcs790|03|net"; nocase; ) # 1n0fawh16zn5ln8m0w4113iq3hl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n0fawh16zn5ln8m0w4113iq3hl|03|org"; nocase; ) # 146mxgcap0yo61nsw22x1902rkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|146mxgcap0yo61nsw22x1902rkz|03|org"; nocase; ) # nlqbpa1lmdh1t11ommwn10wdami.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nlqbpa1lmdh1t11ommwn10wdami|03|biz"; nocase; ) # o3qznq18vp2ah1t3dgos8naon3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o3qznq18vp2ah1t3dgos8naon3|03|org"; nocase; ) # 1gfsntp1asxpei1kxvd981v6ua3m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gfsntp1asxpei1kxvd981v6ua3m|03|com"; nocase; ) # 1kypddz1onk3ohlfx83s1twqnr8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kypddz1onk3ohlfx83s1twqnr8|03|org"; nocase; ) # 1ep6s5u12iw6xi70btkx1d5ncb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ep6s5u12iw6xi70btkx1d5ncb0|03|com"; nocase; ) # 5ibkvr1cmvouukos6k77rh6o2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ibkvr1cmvouukos6k77rh6o2|03|com"; nocase; ) # 1h5hykb1dl4ipt162xc84rgd2ot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h5hykb1dl4ipt162xc84rgd2ot|03|biz"; nocase; ) # 1q4b0lk1661w3z16l12u4afelyo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4b0lk1661w3z16l12u4afelyo|03|org"; nocase; ) # hlhfdblftud51gfx688gdevyj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hlhfdblftud51gfx688gdevyj|03|biz"; nocase; ) # geydtfrml8npfsvzib15qsx7r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|geydtfrml8npfsvzib15qsx7r|03|biz"; nocase; ) # m68nih1rgwjkc1ds5akv5i2one.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m68nih1rgwjkc1ds5akv5i2one|03|org"; nocase; ) # se7q0pjgavtjnotcnpga333.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|se7q0pjgavtjnotcnpga333|03|org"; nocase; ) # 1xjv2c11bkc9oqgl5culr3wet8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xjv2c11bkc9oqgl5culr3wet8|03|com"; nocase; ) # 10o19zm1hi5vet1twuhzl4sdld1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10o19zm1hi5vet1twuhzl4sdld1|03|net"; nocase; ) # lz5mtr186dx4cvr0vhc1yregl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lz5mtr186dx4cvr0vhc1yregl3|03|org"; nocase; ) # 1lqzdrsya39qds7a4k71gug8zf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lqzdrsya39qds7a4k71gug8zf|03|com"; nocase; ) # 4nq8izo7p0abe10mcrj60dg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4nq8izo7p0abe10mcrj60dg|03|org"; nocase; ) # 1ihne8m17vqcbi1f0e5ey1mwzee5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ihne8m17vqcbi1f0e5ey1mwzee5|03|biz"; nocase; ) # 1f9nmx21d2btuuu988gls6nkkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f9nmx21d2btuuu988gls6nkkr|03|biz"; nocase; ) # 16c3t0l1fda205nelmy01kb0164.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16c3t0l1fda205nelmy01kb0164|03|org"; nocase; ) # 1r41tumiahsrikrdh6u1g91ur7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r41tumiahsrikrdh6u1g91ur7|03|com"; nocase; ) # 14i11rn1a968bxl5mcyk1pa6m1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14i11rn1a968bxl5mcyk1pa6m1s|03|com"; nocase; ) # 1qerwq81qrjwga19b06w4sbg0pc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qerwq81qrjwga19b06w4sbg0pc|03|biz"; nocase; ) # xyd04ry46fem1k8eh3z1sf1d7m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xyd04ry46fem1k8eh3z1sf1d7m|03|org"; nocase; ) # 1ypj70n1r8u8l81bje9rv1fo9o91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ypj70n1r8u8l81bje9rv1fo9o91|03|net"; nocase; ) # og26sm1pkqe5xzro7fm1ig9hba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|og26sm1pkqe5xzro7fm1ig9hba|03|com"; nocase; ) # 77u0zlsb3l3v112e0aw19t6pcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77u0zlsb3l3v112e0aw19t6pcq|03|net"; nocase; ) # uneexthx968410otrkms9ykus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uneexthx968410otrkms9ykus|03|com"; nocase; ) # 1suzsgub9aye91uszebf1ucb6n5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1suzsgub9aye91uszebf1ucb6n5|03|biz"; nocase; ) # ky1gw8oljhuw1jj6fsc1gr06ks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ky1gw8oljhuw1jj6fsc1gr06ks|03|net"; nocase; ) # 1hq84ri8jeiqw1hcbky91n6gfnr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hq84ri8jeiqw1hcbky91n6gfnr|03|org"; nocase; ) # 81uxfgilzas6w80t1fcra46m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|81uxfgilzas6w80t1fcra46m|03|biz"; nocase; ) # fc528w7ihgbp4wqjrf1ran68t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fc528w7ihgbp4wqjrf1ran68t|03|net"; nocase; ) # obgbcmwtn7svo8vncxpg7as2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|obgbcmwtn7svo8vncxpg7as2|03|com"; nocase; ) # 1kgnt6dgzoua6udj22dmpmfy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kgnt6dgzoua6udj22dmpmfy8|03|net"; nocase; ) # af7sjq1ak1r3qaapv85cehwmx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|af7sjq1ak1r3qaapv85cehwmx|03|com"; nocase; ) # 1wz6v5x1mf8geh10wtar51k6pchy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wz6v5x1mf8geh10wtar51k6pchy|03|net"; nocase; ) # 1c6ibhy1xalfsvfrt1pp13xjq4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c6ibhy1xalfsvfrt1pp13xjq4f|03|net"; nocase; ) # 1thd6b81f3uer4mev05jsaj53r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1thd6b81f3uer4mev05jsaj53r|03|org"; nocase; ) # 1dcv932uykzoofktjtqql8dmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dcv932uykzoofktjtqql8dmj|03|net"; nocase; ) # 1wdjmrjwrb9m4kcfg51hoflfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wdjmrjwrb9m4kcfg51hoflfe|03|net"; nocase; ) # 12z9utq111mzb1sqfiamrqcjg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12z9utq111mzb1sqfiamrqcjg|03|com"; nocase; ) # 5qic4tpz5enn6hl0qp11l41zc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5qic4tpz5enn6hl0qp11l41zc|03|org"; nocase; ) # 1aaja7bl5y7j71yy7s6d1jx650u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aaja7bl5y7j71yy7s6d1jx650u|03|net"; nocase; ) # 19m641pwazk1iiahxz51gztqtt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19m641pwazk1iiahxz51gztqtt|03|biz"; nocase; ) # 18p87d6fq8uqd1y2ecqta9emod.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18p87d6fq8uqd1y2ecqta9emod|03|org"; nocase; ) # 1u4bte8htdur61jqmtrt1kskrh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u4bte8htdur61jqmtrt1kskrh|03|biz"; nocase; ) # 16lpjjag5f2w48x4t89n2xj9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|16lpjjag5f2w48x4t89n2xj9|03|org"; nocase; ) # k1qv152e9nr61k0z6ey1irzy91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k1qv152e9nr61k0z6ey1irzy91|03|com"; nocase; ) # 3t59op5ks559ebyuqrqz7yn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3t59op5ks559ebyuqrqz7yn|03|net"; nocase; ) # 1egw2vy1bnebolp87d51ejrc4l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1egw2vy1bnebolp87d51ejrc4l|03|com"; nocase; ) # 1u0btzn18rrkea1ui1xazu281nz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u0btzn18rrkea1ui1xazu281nz|03|com"; nocase; ) # 1lwdnb261r1hyjd3emq1ux25z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lwdnb261r1hyjd3emq1ux25z4|03|org"; nocase; ) # 1dv4v6t1e290hl1grdhwkhed10h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dv4v6t1e290hl1grdhwkhed10h|03|biz"; nocase; ) # rroxov1u9qu1b1qooa5y1omtvmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rroxov1u9qu1b1qooa5y1omtvmy|03|com"; nocase; ) # 160k8oa1lyzaq01vnyzoqaaqjdd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|160k8oa1lyzaq01vnyzoqaaqjdd|03|org"; nocase; ) # 21xbqro18t59mi4gfd1vlx55h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21xbqro18t59mi4gfd1vlx55h|03|com"; nocase; ) # bztp6u1njiih111ws3791jgmqmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bztp6u1njiih111ws3791jgmqmb|03|org"; nocase; ) # 10h0wgd57pk6snal80fmriskz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10h0wgd57pk6snal80fmriskz|03|com"; nocase; ) # 1qjsrd21ogpi4712wgkhf13t07ds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qjsrd21ogpi4712wgkhf13t07ds|03|net"; nocase; ) # 1bufnrn148opio1qk4nsjxu9q60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bufnrn148opio1qk4nsjxu9q60|03|net"; nocase; ) # ae9dwb55d49432vefvwxnjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ae9dwb55d49432vefvwxnjn|03|com"; nocase; ) # 11hm6g4s4ptyo1e9w4h41gvp6wj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hm6g4s4ptyo1e9w4h41gvp6wj|03|net"; nocase; ) # m9jo2g36qm18bdp6sq1ga0t89.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m9jo2g36qm18bdp6sq1ga0t89|03|org"; nocase; ) # mz75xnqg4k3014c9zsf148xoac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mz75xnqg4k3014c9zsf148xoac|03|com"; nocase; ) # acg5uhzib7ia1e53cod1j12hh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|acg5uhzib7ia1e53cod1j12hh|03|biz"; nocase; ) # 1abjafi17m6nzb17j5uco17cumdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abjafi17m6nzb17j5uco17cumdg|03|com"; nocase; ) # 1bv9a6tpr8zkw1328bgl1bysuio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bv9a6tpr8zkw1328bgl1bysuio|03|org"; nocase; ) # 1x0to9l1rwkb40hh2px51w3f6t5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x0to9l1rwkb40hh2px51w3f6t5|03|biz"; nocase; ) # 17bsy1m1mk92oe5rj0sz1g1lckw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17bsy1m1mk92oe5rj0sz1g1lckw|03|com"; nocase; ) # ttv5ebzsaxsf3scec2bp6jrz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ttv5ebzsaxsf3scec2bp6jrz|03|org"; nocase; ) # 15wnyrpvrqob61ty0zi41nutdth.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15wnyrpvrqob61ty0zi41nutdth|03|com"; nocase; ) # 1njdhaofdihim1u1d9wh19j7bw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1njdhaofdihim1u1d9wh19j7bw3|03|biz"; nocase; ) # zql3o31fu6nav12uwpyn1o4oy7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zql3o31fu6nav12uwpyn1o4oy7o|03|com"; nocase; ) # 8sc0h3hrapse8bi380144pyiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sc0h3hrapse8bi380144pyiz|03|com"; nocase; ) # 1gcd7uhxvrmh1e9zhgf2u30i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gcd7uhxvrmh1e9zhgf2u30i3|03|com"; nocase; ) # 13xiz4q14ae5x81c14f7ejw1h6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13xiz4q14ae5x81c14f7ejw1h6p|03|com"; nocase; ) # ft4jos1ivg8n91662bf91e8hhi0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ft4jos1ivg8n91662bf91e8hhi0|03|net"; nocase; ) # 1o0qtlr7nn3qb138clvu183qs0u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o0qtlr7nn3qb138clvu183qs0u|03|net"; nocase; ) # qdkkgvcc9oom3xascq19kytok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qdkkgvcc9oom3xascq19kytok|03|net"; nocase; ) # pucuyg1grh6fu1knz4qlpjngor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pucuyg1grh6fu1knz4qlpjngor|03|biz"; nocase; ) # 1x668341sfzkppsbeip5r2z50q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x668341sfzkppsbeip5r2z50q|03|org"; nocase; ) # 178yi0lckybrh7rh69o1pg9ulw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178yi0lckybrh7rh69o1pg9ulw|03|com"; nocase; ) # dje9lqvn7am01kn2qt3dt89hb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dje9lqvn7am01kn2qt3dt89hb|03|biz"; nocase; ) # v2tyuwhwvxgdyz7yyu1t2u2cx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v2tyuwhwvxgdyz7yyu1t2u2cx|03|org"; nocase; ) # g84mef140c0gibsvr7m5r2ahp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g84mef140c0gibsvr7m5r2ahp|03|com"; nocase; ) # 1nw3qpa1o4hgt1oatd3m153rayj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nw3qpa1o4hgt1oatd3m153rayj|03|com"; nocase; ) # 8ao1rc13v5oba3jongb16czb0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ao1rc13v5oba3jongb16czb0a|03|net"; nocase; ) # 1dvxg1ft1lpg129hmw91vnp04e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dvxg1ft1lpg129hmw91vnp04e|03|net"; nocase; ) # gqpg0r1sfx0phkt2l2s95nnvm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqpg0r1sfx0phkt2l2s95nnvm|03|org"; nocase; ) # 1v6zlju1lqiti91r6nvp7s59dky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6zlju1lqiti91r6nvp7s59dky|03|net"; nocase; ) # qaviyy1il5jat1ngvr341yckhay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qaviyy1il5jat1ngvr341yckhay|03|org"; nocase; ) # 5n8nnh1xinxhf5a83v8qct31z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5n8nnh1xinxhf5a83v8qct31z|03|com"; nocase; ) # 2x42g7wtf1r92lkvi2zi7ssi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2x42g7wtf1r92lkvi2zi7ssi|03|net"; nocase; ) # 18x256t14zf4rn1qumphm11yww25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18x256t14zf4rn1qumphm11yww25|03|org"; nocase; ) # apaglp181oblr1s597j71fbi7eo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|apaglp181oblr1s597j71fbi7eo|03|net"; nocase; ) # 1d7kgjf649ltsvjx5xo1erqc0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d7kgjf649ltsvjx5xo1erqc0l|03|com"; nocase; ) # 19p65xa1466ars19zl7lg1kwfshw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19p65xa1466ars19zl7lg1kwfshw|03|net"; nocase; ) # ztqe938a1gir1iocfae1og4f7s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ztqe938a1gir1iocfae1og4f7s|03|net"; nocase; ) # 1yt1b10lktuyr79720h1isqqs4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yt1b10lktuyr79720h1isqqs4|03|com"; nocase; ) # ch5h91hf2hyr18gj6hl3w7ktw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ch5h91hf2hyr18gj6hl3w7ktw|03|org"; nocase; ) # 19wdhra1ymvh0w13t7pw6182zkrr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19wdhra1ymvh0w13t7pw6182zkrr|03|net"; nocase; ) # 1i6fj5ul4fei81yakxtq1dqasje.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i6fj5ul4fei81yakxtq1dqasje|03|com"; nocase; ) # 1rydt491d18qvh1wq368314ezpsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rydt491d18qvh1wq368314ezpsz|03|com"; nocase; ) # 1vv8k0ht45zkluwz2481jasvjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vv8k0ht45zkluwz2481jasvjt|03|net"; nocase; ) # 1yptiik4gdmz21dzou2hxsjh40.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yptiik4gdmz21dzou2hxsjh40|03|biz"; nocase; ) # 1mqmqac1nlpiqbrunebiknbjsc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqmqac1nlpiqbrunebiknbjsc|03|org"; nocase; ) # 66ccmw22moa9gye6fj177xf63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66ccmw22moa9gye6fj177xf63|03|org"; nocase; ) # 1aiymtduha70v1b40gxe72cn31.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aiymtduha70v1b40gxe72cn31|03|biz"; nocase; ) # wrejxa1ayzwf315ktjbywuws4x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wrejxa1ayzwf315ktjbywuws4x|03|com"; nocase; ) # bidyuy1a5i3gyk7oc1syqackb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bidyuy1a5i3gyk7oc1syqackb|03|org"; nocase; ) # ttd1dl11prlph137r0bu14lj5fj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ttd1dl11prlph137r0bu14lj5fj|03|net"; nocase; ) # 1k908w21f1r4mkez1i8y1pshjne.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k908w21f1r4mkez1i8y1pshjne|03|net"; nocase; ) # 18c250f1mtvu8o7cgj2f1vfhgwf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18c250f1mtvu8o7cgj2f1vfhgwf|03|com"; nocase; ) # aa77r81tuvaei1u2wfqg1wiu307.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aa77r81tuvaei1u2wfqg1wiu307|03|org"; nocase; ) # 101uzzzewn6nzxn704ej284zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|101uzzzewn6nzxn704ej284zw|03|org"; nocase; ) # 1ed98c81cv1b9015jod04wcal0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ed98c81cv1b9015jod04wcal0o|03|net"; nocase; ) # 1u8gnj7ims8clsb3mxyb6i2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1u8gnj7ims8clsb3mxyb6i2p|03|biz"; nocase; ) # m9eu8o18lexchto22rd1y5pwnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m9eu8o18lexchto22rd1y5pwnk|03|com"; nocase; ) # c25tkavgjbtyk6h941rzfcag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c25tkavgjbtyk6h941rzfcag|03|org"; nocase; ) # 145qjjp16whad71fg6d3nuvffdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|145qjjp16whad71fg6d3nuvffdo|03|net"; nocase; ) # czik0o1et387qfm0k0y3wa801.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|czik0o1et387qfm0k0y3wa801|03|biz"; nocase; ) # nrebxet33us11mxnvx7f63etn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nrebxet33us11mxnvx7f63etn|03|net"; nocase; ) # 1keh0dcybgvfi1nh302lnfvmei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1keh0dcybgvfi1nh302lnfvmei|03|biz"; nocase; ) # iftcsxc6v731m1uel4rhjy50.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iftcsxc6v731m1uel4rhjy50|03|com"; nocase; ) # xhlabjo9lq0bxao9hj1oil4mu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xhlabjo9lq0bxao9hj1oil4mu|03|net"; nocase; ) # 1aik2peuesyft19e332n1dc54lb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aik2peuesyft19e332n1dc54lb|03|net"; nocase; ) # xm1svikfcz4umjf315e2nfqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xm1svikfcz4umjf315e2nfqi|03|org"; nocase; ) # 170slxm1q57r2nppl9m09gnqd2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|170slxm1q57r2nppl9m09gnqd2|03|org"; nocase; ) # shiat2c07gr61bsw50sxas74j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|shiat2c07gr61bsw50sxas74j|03|com"; nocase; ) # 1ptb4gfe76e171czfyfj1m87eou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptb4gfe76e171czfyfj1m87eou|03|org"; nocase; ) # 15aka0qa74xedypmgp7ple719.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15aka0qa74xedypmgp7ple719|03|com"; nocase; ) # 1xtkhfnfpwa5j3ujtoy1gbpzmy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xtkhfnfpwa5j3ujtoy1gbpzmy|03|net"; nocase; ) # 1r852r578ujqt1kxpr67yaiep3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r852r578ujqt1kxpr67yaiep3|03|biz"; nocase; ) # 6ixmwz1aroqz4sfs77qqkfup0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ixmwz1aroqz4sfs77qqkfup0|03|org"; nocase; ) # 2vgrwzk8icwcxj4ofyje53b9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2vgrwzk8icwcxj4ofyje53b9|03|org"; nocase; ) # 1xg33kl1baclmr1foeamz1sfwt2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xg33kl1baclmr1foeamz1sfwt2h|03|biz"; nocase; ) # 937d8710uvyk41nwzp9ye66y70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|937d8710uvyk41nwzp9ye66y70|03|net"; nocase; ) # f56cmh1ghzqsp1qjbcxgauwvcv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f56cmh1ghzqsp1qjbcxgauwvcv|03|net"; nocase; ) # 18v0rb91nyt95z17k5vny1w8ovmn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18v0rb91nyt95z17k5vny1w8ovmn|03|biz"; nocase; ) # 1lu51bsmxkh7wifzoo41hjdufk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lu51bsmxkh7wifzoo41hjdufk|03|org"; nocase; ) # dj4jubi7wi7f1ozat1c1d3vn4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dj4jubi7wi7f1ozat1c1d3vn4o|03|net"; nocase; ) # 1trab5f2aafsao2o2xg1k3eh4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1trab5f2aafsao2o2xg1k3eh4d|03|com"; nocase; ) # 1cizk274t2wtc16mu46b1v1w14k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cizk274t2wtc16mu46b1v1w14k|03|net"; nocase; ) # 4cjp1sr5h7zz1vicx31199mh18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4cjp1sr5h7zz1vicx31199mh18|03|org"; nocase; ) # 16m84py1lonnfm1murc3xhxl7br.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16m84py1lonnfm1murc3xhxl7br|03|net"; nocase; ) # 3i1r259qx4n815gh75b12xowax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3i1r259qx4n815gh75b12xowax|03|net"; nocase; ) # mlnz7v181hsncdez95ykvtfve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mlnz7v181hsncdez95ykvtfve|03|org"; nocase; ) # kdnj2p12wenlg1xd7qkj15vdkhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kdnj2p12wenlg1xd7qkj15vdkhp|03|com"; nocase; ) # 1sxdcqmt9hfiusvwo181j18f02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sxdcqmt9hfiusvwo181j18f02|03|net"; nocase; ) # 1969vnberf24r1mcl71fgtr7du.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1969vnberf24r1mcl71fgtr7du|03|biz"; nocase; ) # 3zi480cve5q71x3tx0caovzqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3zi480cve5q71x3tx0caovzqz|03|net"; nocase; ) # lphufe10wtlka1187ioa9iyu1v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lphufe10wtlka1187ioa9iyu1v|03|biz"; nocase; ) # 8w72381jc49mxf1mj9d1tw0rvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8w72381jc49mxf1mj9d1tw0rvq|03|org"; nocase; ) # 1r2zrz3e77ral10fxwv7gc866d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r2zrz3e77ral10fxwv7gc866d|03|org"; nocase; ) # 3wfi1a1tsao9pvexn9v153ulvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3wfi1a1tsao9pvexn9v153ulvs|03|com"; nocase; ) # 1l0yxwr66ka46r4yqlnzw03y3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l0yxwr66ka46r4yqlnzw03y3|03|org"; nocase; ) # a9roz21tfm8gq1k59gsv1qdz13i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a9roz21tfm8gq1k59gsv1qdz13i|03|net"; nocase; ) # rjz59z1eekns4d9h9urtbal3r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rjz59z1eekns4d9h9urtbal3r|03|com"; nocase; ) # 169n08vort9301ggzqk2z0lzsc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|169n08vort9301ggzqk2z0lzsc|03|biz"; nocase; ) # gcx0uynwp9avo2r7y21lvhep3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gcx0uynwp9avo2r7y21lvhep3|03|net"; nocase; ) # 1pfmew0pcr85e8wfzacgffa4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1pfmew0pcr85e8wfzacgffa4|03|biz"; nocase; ) # 1dzsogqd6g3jryu4hgnjkyb53.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dzsogqd6g3jryu4hgnjkyb53|03|com"; nocase; ) # flhs24koziykufiplz1n2ly26.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|flhs24koziykufiplz1n2ly26|03|net"; nocase; ) # 10ta0so18nrkl41u7y5p01gmp8lz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ta0so18nrkl41u7y5p01gmp8lz|03|com"; nocase; ) # 152e31h15pembnf1xpz11hx9ly.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|152e31h15pembnf1xpz11hx9ly|03|biz"; nocase; ) # 1618xqo7nly5m1qbew1w1fj07lk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1618xqo7nly5m1qbew1w1fj07lk|03|org"; nocase; ) # xmr7yv1r8g76y1bihk9g1rxvbkb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xmr7yv1r8g76y1bihk9g1rxvbkb|03|net"; nocase; ) # mgofn71wfwphrt460au11gp30q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mgofn71wfwphrt460au11gp30q|03|com"; nocase; ) # 7jlnjj1qw4rzc1bgnye78wkfds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7jlnjj1qw4rzc1bgnye78wkfds|03|net"; nocase; ) # 15m6h7pbnqneq1vtvbi2acz8xa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15m6h7pbnqneq1vtvbi2acz8xa|03|com"; nocase; ) # 1d84j61gt5aki1kxrg2yxa4zxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d84j61gt5aki1kxrg2yxa4zxm|03|net"; nocase; ) # 1ktaes2vvfws73lqmix8m6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|1ktaes2vvfws73lqmix8m6|03|com"; nocase; ) # 1lnokdj1wf3rwo18pyiuu7ppo8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lnokdj1wf3rwo18pyiuu7ppo8k|03|biz"; nocase; ) # 16evke8m3dqmg1j9yccexf0bsb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16evke8m3dqmg1j9yccexf0bsb|03|org"; nocase; ) # d2wvy31pz9s6x1da6bh11p3vqi7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d2wvy31pz9s6x1da6bh11p3vqi7|03|biz"; nocase; ) # 7w4o0l1iio0nx1b7rejgwx5aja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7w4o0l1iio0nx1b7rejgwx5aja|03|org"; nocase; ) # pr225u1542o6424d7x445q03g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pr225u1542o6424d7x445q03g|03|com"; nocase; ) # d0gz1ya6hm1hkohahkcb7udp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d0gz1ya6hm1hkohahkcb7udp|03|net"; nocase; ) # xtnf0i1a4ros6z82kxdom22xw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtnf0i1a4ros6z82kxdom22xw|03|org"; nocase; ) # 15vy76u1tr00il1ym4jkw9i4ma0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15vy76u1tr00il1ym4jkw9i4ma0|03|com"; nocase; ) # olivsz18kzrfn1l1dwmrabbsg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|olivsz18kzrfn1l1dwmrabbsg5|03|org"; nocase; ) # 1s4dsurcjg4tn11u0j8z8iu3jm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s4dsurcjg4tn11u0j8z8iu3jm|03|net"; nocase; ) # 1rbn8e8fwawg61487tft1ndnvk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbn8e8fwawg61487tft1ndnvk7|03|com"; nocase; ) # l3w9tn10k9nwc1gyvvv514pcv5d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l3w9tn10k9nwc1gyvvv514pcv5d|03|org"; nocase; ) # 1xfcrud1et5zdi1mo4i6ng3vz5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xfcrud1et5zdi1mo4i6ng3vz5u|03|net"; nocase; ) # kbm0vefctzex1r1a668138hdrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbm0vefctzex1r1a668138hdrj|03|net"; nocase; ) # 1yl5qo9s7v0ekn14xtu15a3xeh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yl5qo9s7v0ekn14xtu15a3xeh|03|net"; nocase; ) # 11htgx51qfnbnqyqnx2t151hwc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11htgx51qfnbnqyqnx2t151hwc|03|org"; nocase; ) # rwu5qizlvdqa16w91fi1ln0evw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rwu5qizlvdqa16w91fi1ln0evw|03|org"; nocase; ) # 758k3r1r9utcn1jd93l37k2wam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|758k3r1r9utcn1jd93l37k2wam|03|biz"; nocase; ) # 1gv5k0vbyo3eltau3as1loixzb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gv5k0vbyo3eltau3as1loixzb|03|net"; nocase; ) # 1wnzytd1rsy9vbw6ykv21ns3gcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wnzytd1rsy9vbw6ykv21ns3gcs|03|com"; nocase; ) # 1m1yx9ikpjv6gkk0wla1iuy3b1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1yx9ikpjv6gkk0wla1iuy3b1|03|biz"; nocase; ) # pbyhgasmfgwom879681o7etfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbyhgasmfgwom879681o7etfb|03|net"; nocase; ) # kzghx6tzerzk18r1xll132yd2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kzghx6tzerzk18r1xll132yd2o|03|net"; nocase; ) # d27hu41a0qg401hgwagri82rd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d27hu41a0qg401hgwagri82rd9|03|net"; nocase; ) # 1t5zljv1wmwk594yu9qn1h2fod.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5zljv1wmwk594yu9qn1h2fod|03|org"; nocase; ) # hesw3hf47xft584cds3kv5t2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hesw3hf47xft584cds3kv5t2|03|com"; nocase; ) # qub4z67d7zf91rucywp1ph6wf3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qub4z67d7zf91rucywp1ph6wf3|03|org"; nocase; ) # 10z2axl1vuazk31krauxw1showmh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10z2axl1vuazk31krauxw1showmh|03|biz"; nocase; ) # vne8xmtglke1flp4nr1rtd6xc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vne8xmtglke1flp4nr1rtd6xc|03|net"; nocase; ) # sifr231kqrwfkpkp4kw1qgws2j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sifr231kqrwfkpkp4kw1qgws2j|03|org"; nocase; ) # 1j3go9h1y0ogbgv4w1gt1lgybq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3go9h1y0ogbgv4w1gt1lgybq2|03|net"; nocase; ) # 1i8ktt3brqn16z1h4ta12l9c7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i8ktt3brqn16z1h4ta12l9c7f|03|net"; nocase; ) # sibdl06k4qqqsm3f6dki6g5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sibdl06k4qqqsm3f6dki6g5n|03|net"; nocase; ) # gakwptyehucz1edb6px1sivs4r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gakwptyehucz1edb6px1sivs4r|03|org"; nocase; ) # wu5top131sdyo1l897gk1qeo9cf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wu5top131sdyo1l897gk1qeo9cf|03|org"; nocase; ) # shl5841rvbwhst6clsf1c89t0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shl5841rvbwhst6clsf1c89t0i|03|net"; nocase; ) # ok54ri1qd6zle4lul44zma775.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ok54ri1qd6zle4lul44zma775|03|biz"; nocase; ) # 1s2os8vre0utkorhk6dfqj6x5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s2os8vre0utkorhk6dfqj6x5|03|org"; nocase; ) # 147m5nlbdhjmzw30c95dbnh0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|147m5nlbdhjmzw30c95dbnh0l|03|net"; nocase; ) # ljzimo1aqnkl613cx3fodz1aqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ljzimo1aqnkl613cx3fodz1aqf|03|biz"; nocase; ) # hw6jkm1m5zecj16c4ktkhau5df.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hw6jkm1m5zecj16c4ktkhau5df|03|net"; nocase; ) # uopiep1m0v5jkfvzzt7flnhz3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uopiep1m0v5jkfvzzt7flnhz3|03|biz"; nocase; ) # wzo4ckbuj408swh53i1i1aid4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wzo4ckbuj408swh53i1i1aid4|03|org"; nocase; ) # 1dyt4oufgtncco43hruqavoq9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dyt4oufgtncco43hruqavoq9|03|org"; nocase; ) # 1nwq6oz15weg7uk37xxi139r19k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nwq6oz15weg7uk37xxi139r19k|03|net"; nocase; ) # 15t5xn51w6pw2q1o739mh1y7ymxu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15t5xn51w6pw2q1o739mh1y7ymxu|03|biz"; nocase; ) # 6546pdwsi3m44hsrak12oc58w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6546pdwsi3m44hsrak12oc58w|03|net"; nocase; ) # 1u9dcynx3y3tk1gjvd2z1wk69je.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9dcynx3y3tk1gjvd2z1wk69je|03|biz"; nocase; ) # fjwsca1ieruddhy3nmeixq4u5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fjwsca1ieruddhy3nmeixq4u5|03|net"; nocase; ) # 1nma8asnwxavmqrwa6ifdfrb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1nma8asnwxavmqrwa6ifdfrb|03|net"; nocase; ) # e8kchjx8zaee1m2intp11n7v2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e8kchjx8zaee1m2intp11n7v2q|03|net"; nocase; ) # 1vsztzdpdq0wc1oqqsuo1sb3uv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vsztzdpdq0wc1oqqsuo1sb3uv6|03|com"; nocase; ) # 1yjn5dm1d4pt3nzzxy741kd6cja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yjn5dm1d4pt3nzzxy741kd6cja|03|net"; nocase; ) # 9vca0empb50h1mxn1fpmn54pi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9vca0empb50h1mxn1fpmn54pi|03|org"; nocase; ) # 7k6oq41mur0oo1x905grlbsv1b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7k6oq41mur0oo1x905grlbsv1b|03|com"; nocase; ) # 17gjhygwlkbx2vtfior1vddbw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17gjhygwlkbx2vtfior1vddbw5|03|net"; nocase; ) # j1y5ol1sn3vki12rktv59takvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j1y5ol1sn3vki12rktv59takvs|03|org"; nocase; ) # 70q1uf2cflxvcd298616mh3g8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|70q1uf2cflxvcd298616mh3g8|03|net"; nocase; ) # nsn4pc1vk5hhdkapfn310tm2ln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nsn4pc1vk5hhdkapfn310tm2ln|03|com"; nocase; ) # 78kb7613lt5af9alj0w76wnu5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|78kb7613lt5af9alj0w76wnu5|03|net"; nocase; ) # 1q0fh711x2epq81dqdn1h14v5l75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q0fh711x2epq81dqdn1h14v5l75|03|com"; nocase; ) # 1rwep9f98l2a61cpcieeciseax.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rwep9f98l2a61cpcieeciseax|03|org"; nocase; ) # 5fun951o9qmjk1xvl8q3tjyfr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5fun951o9qmjk1xvl8q3tjyfr8|03|com"; nocase; ) # gj2y39z6qnvf1d88kojo5zutr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gj2y39z6qnvf1d88kojo5zutr|03|org"; nocase; ) # 7qen911ys9jrh3jjoawlf5ior.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7qen911ys9jrh3jjoawlf5ior|03|com"; nocase; ) # 1xyqu1y20s1gn19atm8mfpcs78.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xyqu1y20s1gn19atm8mfpcs78|03|biz"; nocase; ) # 13da834sovvyswhbp1eeo39r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13da834sovvyswhbp1eeo39r|03|biz"; nocase; ) # t3c5ujmabipevowxz01kymdvg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t3c5ujmabipevowxz01kymdvg|03|com"; nocase; ) # uo9ke31xrnlcfl8g9rj191j1kv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uo9ke31xrnlcfl8g9rj191j1kv|03|org"; nocase; ) # ybxs5r1lm9cny1njcf7wfhtdgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ybxs5r1lm9cny1njcf7wfhtdgx|03|com"; nocase; ) # 1w2ccxcjqajjq1jqw5d27wmhbt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w2ccxcjqajjq1jqw5d27wmhbt|03|biz"; nocase; ) # oe4mmuy1yj1sastxmt152jkht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oe4mmuy1yj1sastxmt152jkht|03|net"; nocase; ) # 1ghye6f1wjkip71b1vlh81kiebwb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ghye6f1wjkip71b1vlh81kiebwb|03|org"; nocase; ) # psdroqqf2ihmkqvwqu16km7rx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|psdroqqf2ihmkqvwqu16km7rx|03|net"; nocase; ) # 1gdjzum572b231bt2ds49qrhdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gdjzum572b231bt2ds49qrhdd|03|com"; nocase; ) # 1trh7a71h7me7a8pkjwmf5nhub.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1trh7a71h7me7a8pkjwmf5nhub|03|biz"; nocase; ) # cf874b1nsn8y41m5jkzv1pvcjyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cf874b1nsn8y41m5jkzv1pvcjyd|03|org"; nocase; ) # 1pfqph51snb8i11b4vfgp1li5624.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pfqph51snb8i11b4vfgp1li5624|03|org"; nocase; ) # tft4czqhy8bdo3hp2m11gijm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tft4czqhy8bdo3hp2m11gijm6|03|net"; nocase; ) # 15c3ddx1ib5ex5r9kjtl1nm0wx5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15c3ddx1ib5ex5r9kjtl1nm0wx5|03|biz"; nocase; ) # 1ypf4zg19twn20s3s6xs146fyhk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ypf4zg19twn20s3s6xs146fyhk|03|biz"; nocase; ) # 1by3nx61l3v8rqln9l4v1tan9jh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1by3nx61l3v8rqln9l4v1tan9jh|03|net"; nocase; ) # 1pyjkqsruddum1at0dpd1enns3e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pyjkqsruddum1at0dpd1enns3e|03|com"; nocase; ) # 1hgcyar1v5qe0677wyu6pw36j2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hgcyar1v5qe0677wyu6pw36j2|03|com"; nocase; ) # 1vdwb3hkh6xg1o4nbaeb8ng1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vdwb3hkh6xg1o4nbaeb8ng1u|03|org"; nocase; ) # 128cnet1sebii317j2ahe1hcrza2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|128cnet1sebii317j2ahe1hcrza2|03|com"; nocase; ) # jnadxh1ap0xo91qqn3d9fpjwaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnadxh1ap0xo91qqn3d9fpjwaw|03|net"; nocase; ) # 1gi02kk1hi5ac0161mj5n11qk66m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gi02kk1hi5ac0161mj5n11qk66m|03|com"; nocase; ) # 1lvhullmrztgjxu9zeb1s2pceq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lvhullmrztgjxu9zeb1s2pceq|03|biz"; nocase; ) # qwnle0apgogc17jm4x5oqdlbt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qwnle0apgogc17jm4x5oqdlbt|03|net"; nocase; ) # 11hub0z1rpgl6pv4gm7a140scbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hub0z1rpgl6pv4gm7a140scbh|03|com"; nocase; ) # 1opii4q14hz17a1qi1rxbvzo28q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1opii4q14hz17a1qi1rxbvzo28q|03|org"; nocase; ) # 1bjfimw1e7iuokdg8ohavanxft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bjfimw1e7iuokdg8ohavanxft|03|org"; nocase; ) # jronkg11142cbmxrjh119guc8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jronkg11142cbmxrjh119guc8g|03|com"; nocase; ) # 17krg72b8hyv3y90ydnro1jn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|17krg72b8hyv3y90ydnro1jn|03|biz"; nocase; ) # 2omkx17uwl0ov42zkx10r0wm1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2omkx17uwl0ov42zkx10r0wm1|03|org"; nocase; ) # r84830d0w1m9196muhd1a294jf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r84830d0w1m9196muhd1a294jf|03|com"; nocase; ) # 13tz4201a5iccn19ub70n8jktd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13tz4201a5iccn19ub70n8jktd1|03|net"; nocase; ) # rhmf4slllauv1vt0pym7c3ckx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhmf4slllauv1vt0pym7c3ckx|03|biz"; nocase; ) # 573n6gfqvpw7w22w1rjny9wl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|573n6gfqvpw7w22w1rjny9wl|03|com"; nocase; ) # 1e1lzomleli0i1clsm5v1nupxru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e1lzomleli0i1clsm5v1nupxru|03|biz"; nocase; ) # vwc2ru1t9fp5310hc1ie1i5pnsg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vwc2ru1t9fp5310hc1ie1i5pnsg|03|net"; nocase; ) # uxza3919a8p81cixvub1r967cg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uxza3919a8p81cixvub1r967cg|03|net"; nocase; ) # 1ho51xk1fy3tk1y2wqzw1fe2han.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ho51xk1fy3tk1y2wqzw1fe2han|03|com"; nocase; ) # hvlp6z93125y1x7p4sf1h76a4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hvlp6z93125y1x7p4sf1h76a4v|03|net"; nocase; ) # qsmfj21h70rel7pb7nrr1rq9x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qsmfj21h70rel7pb7nrr1rq9x|03|biz"; nocase; ) # 1pmghlbfrc8mnf69phftwsfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1pmghlbfrc8mnf69phftwsfr|03|com"; nocase; ) # pbux8hgxi5tt1coo3mtjevq1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbux8hgxi5tt1coo3mtjevq1v|03|com"; nocase; ) # sc7r63vnvof41xm3oh81vg6edt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sc7r63vnvof41xm3oh81vg6edt|03|org"; nocase; ) # 1rc49bezofxyr12q83mytksovp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rc49bezofxyr12q83mytksovp|03|net"; nocase; ) # 1g3edx6rlthhv1djjd44k139l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g3edx6rlthhv1djjd44k139l|03|com"; nocase; ) # u592ft1qmfh3i8oelc21xvsvh1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u592ft1qmfh3i8oelc21xvsvh1|03|net"; nocase; ) # evz3jep258v515qv0rj1pj9rp8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|evz3jep258v515qv0rj1pj9rp8|03|com"; nocase; ) # 10jyrdls0uie3krggwa1dwt7gu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10jyrdls0uie3krggwa1dwt7gu|03|biz"; nocase; ) # dm79o07la0f9xr42qb127dq2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dm79o07la0f9xr42qb127dq2w|03|org"; nocase; ) # t1xrxc1xmx1d7pxxrdx1n4o8he.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t1xrxc1xmx1d7pxxrdx1n4o8he|03|com"; nocase; ) # 1jkc2h91rh07243p3vnf1bqa81i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jkc2h91rh07243p3vnf1bqa81i|03|biz"; nocase; ) # rjdg8ekgopux1jttm9z1w5bxvh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rjdg8ekgopux1jttm9z1w5bxvh|03|net"; nocase; ) # z4h03tud0ty1kexv9i15z2wrb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4h03tud0ty1kexv9i15z2wrb|03|org"; nocase; ) # uyt3261tk9w9ynmt6cux7q7yo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uyt3261tk9w9ynmt6cux7q7yo|03|net"; nocase; ) # 1ct260n19lk14v1fp7870m8qefa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ct260n19lk14v1fp7870m8qefa|03|net"; nocase; ) # u9o2wpftszds1wi32hyty8j0f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u9o2wpftszds1wi32hyty8j0f|03|biz"; nocase; ) # zzqdai14bb1z21xuugb7zg3t08.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zzqdai14bb1z21xuugb7zg3t08|03|org"; nocase; ) # 14koxr617juhfnugw6tsczmz35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14koxr617juhfnugw6tsczmz35|03|com"; nocase; ) # 1cmr85sradl4d1rahdd48co5ee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cmr85sradl4d1rahdd48co5ee|03|net"; nocase; ) # 1htlcs4tf6m0f1psufkj2mzpi0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1htlcs4tf6m0f1psufkj2mzpi0|03|com"; nocase; ) # 19xtq0y1ezrxdzjjvmr61na1mbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xtq0y1ezrxdzjjvmr61na1mbr|03|net"; nocase; ) # tm3gkk15yc24tgadvcd12marrw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tm3gkk15yc24tgadvcd12marrw|03|com"; nocase; ) # 8cny5ashi05gvulq7516syw4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8cny5ashi05gvulq7516syw4c|03|com"; nocase; ) # 1j6uojq1il83o1w0pzmx8xsgv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j6uojq1il83o1w0pzmx8xsgv0|03|net"; nocase; ) # 1eeoe2kdd1uc31dvt9mo7fbrjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eeoe2kdd1uc31dvt9mo7fbrjq|03|net"; nocase; ) # 1yhoaew8f556wyeq8dvwx8657.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yhoaew8f556wyeq8dvwx8657|03|com"; nocase; ) # 1n9orx96x3gup1sz8b9i1o8cymb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9orx96x3gup1sz8b9i1o8cymb|03|org"; nocase; ) # pbwsjjsrjven160i4v12eb1s6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbwsjjsrjven160i4v12eb1s6|03|org"; nocase; ) # 3scs1z1g0286d1944xa2xa25s6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3scs1z1g0286d1944xa2xa25s6|03|org"; nocase; ) # 3teqhw1vczcug18kadxjsnkxqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3teqhw1vczcug18kadxjsnkxqy|03|org"; nocase; ) # vn3c8y1638tqb1b449o41feoc0w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vn3c8y1638tqb1b449o41feoc0w|03|org"; nocase; ) # 1wpd4x0193eo0p1v4s78m1br6bgk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wpd4x0193eo0p1v4s78m1br6bgk|03|org"; nocase; ) # qbptar9qlm3wu28b31fuwd6t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qbptar9qlm3wu28b31fuwd6t|03|org"; nocase; ) # vlif0c19z93gjcg25hcu9wihw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vlif0c19z93gjcg25hcu9wihw|03|net"; nocase; ) # 5dlnla1dfo9jbwukz5sgytz2d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5dlnla1dfo9jbwukz5sgytz2d|03|org"; nocase; ) # 1w1mrvo936o2q6qzfvp1woqf98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1mrvo936o2q6qzfvp1woqf98|03|com"; nocase; ) # 1l7thsr616i5x1jfc1cz1rlcxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7thsr616i5x1jfc1cz1rlcxd|03|org"; nocase; ) # 17tks1a1maxvodm3ao3d1eufvcd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tks1a1maxvodm3ao3d1eufvcd|03|net"; nocase; ) # 8a5gd9w2hwg78svlz11gi08mv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8a5gd9w2hwg78svlz11gi08mv|03|biz"; nocase; ) # 1se88n7keutqvk7966xxmoxel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1se88n7keutqvk7966xxmoxel|03|net"; nocase; ) # 1of7tn615q1qao6jwlnr1u43cae.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1of7tn615q1qao6jwlnr1u43cae|03|org"; nocase; ) # zzhxblw7seftera961nmln3z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zzhxblw7seftera961nmln3z|03|org"; nocase; ) # w5igoh1sy4ew9dvevzi6ywknv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5igoh1sy4ew9dvevzi6ywknv|03|net"; nocase; ) # 1axzgmx17zuha2jcbpf3k2sfx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1axzgmx17zuha2jcbpf3k2sfx4|03|com"; nocase; ) # 1wnt6dw1akc10g17vs2znmp9ytl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wnt6dw1akc10g17vs2znmp9ytl|03|net"; nocase; ) # 1rpobk5dhgsfh17md88q8cpisj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rpobk5dhgsfh17md88q8cpisj|03|org"; nocase; ) # veq2t8s2uzdf1fbl9701d3gwiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|veq2t8s2uzdf1fbl9701d3gwiw|03|com"; nocase; ) # 16pd18agulgkbx5ox5y6i4daf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16pd18agulgkbx5ox5y6i4daf|03|net"; nocase; ) # 1fmbkfn1y61bge6bmzuc17vthtz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fmbkfn1y61bge6bmzuc17vthtz|03|org"; nocase; ) # livuqx1oh74srp3xjvkd552zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|livuqx1oh74srp3xjvkd552zh|03|net"; nocase; ) # 1pesr0clduoiv11jv9fee5qv79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pesr0clduoiv11jv9fee5qv79|03|net"; nocase; ) # kiubl31ejt7u91wh394715yyy5r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kiubl31ejt7u91wh394715yyy5r|03|net"; nocase; ) # 1vpxwxg1f4id6perhkg21cnlqwf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vpxwxg1f4id6perhkg21cnlqwf|03|net"; nocase; ) # rsp2hw1uy4liiwexl60gfzk4g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rsp2hw1uy4liiwexl60gfzk4g|03|biz"; nocase; ) # 16ki63v1hux0us12ubx9rn3l129.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ki63v1hux0us12ubx9rn3l129|03|org"; nocase; ) # 5murzx1pjtxg9wyoriadegins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5murzx1pjtxg9wyoriadegins|03|com"; nocase; ) # 17pxnv4k8jmqi1ro8psyws4ziw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17pxnv4k8jmqi1ro8psyws4ziw|03|biz"; nocase; ) # 8eexdpzbeem15m3db6o740w0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8eexdpzbeem15m3db6o740w0|03|net"; nocase; ) # 1ue3yut13gxw9111kg7zq1up342p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ue3yut13gxw9111kg7zq1up342p|03|org"; nocase; ) # 1bcpmz81olsamz5b303prikpof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bcpmz81olsamz5b303prikpof|03|biz"; nocase; ) # jjw4xjcum7aunbzg6e1o49m7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jjw4xjcum7aunbzg6e1o49m7j|03|com"; nocase; ) # 14usqs2ivrvr6ghnl7o17dmcn6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14usqs2ivrvr6ghnl7o17dmcn6|03|net"; nocase; ) # h7ubrs14nl3olrukmup596av9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h7ubrs14nl3olrukmup596av9|03|net"; nocase; ) # 19b3aja5iha1812afelw1gpxr35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19b3aja5iha1812afelw1gpxr35|03|com"; nocase; ) # fkdd9af7aps1rokpu61hikk8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fkdd9af7aps1rokpu61hikk8y|03|org"; nocase; ) # 1rrfvqpj6pl181doexrmakdiyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rrfvqpj6pl181doexrmakdiyi|03|net"; nocase; ) # 1qjnsj2ixhrnkuyjv0a17jun8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qjnsj2ixhrnkuyjv0a17jun8s|03|net"; nocase; ) # 11d4idc7qz2rmr86apa85cax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|11d4idc7qz2rmr86apa85cax|03|net"; nocase; ) # 1s08dwn16ch9en2vpw21quxg8u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s08dwn16ch9en2vpw21quxg8u|03|com"; nocase; ) # 1ys4j2e11v253emoixl9k5ha7o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ys4j2e11v253emoixl9k5ha7o|03|org"; nocase; ) # bh7yhuphiwu61fuamzhc3fy0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bh7yhuphiwu61fuamzhc3fy0f|03|net"; nocase; ) # 1rw8zy1lnns7ck2bo1o1ro5c2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rw8zy1lnns7ck2bo1o1ro5c2e|03|net"; nocase; ) # 42codxyc2wpxl4ion17jezk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|42codxyc2wpxl4ion17jezk0|03|net"; nocase; ) # 1ihkcxvl6l7fq6zj386wft4o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ihkcxvl6l7fq6zj386wft4o|03|org"; nocase; ) # 1wplzu01dh2y8ulh4s371gtqwnk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wplzu01dh2y8ulh4s371gtqwnk|03|org"; nocase; ) # 2871as132eq351xmt4p4itvr85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2871as132eq351xmt4p4itvr85|03|net"; nocase; ) # 10c3e7mvk41xm16t5pv0uup9ba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10c3e7mvk41xm16t5pv0uup9ba|03|org"; nocase; ) # hoi2i5n63lyq1bqyz9p71suf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hoi2i5n63lyq1bqyz9p71suf6|03|com"; nocase; ) # 1t2kl7z1lh5u5hkcwaq11lfeg9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t2kl7z1lh5u5hkcwaq11lfeg9x|03|org"; nocase; ) # 1e6skb71q58gnm1x1845rf7o5jo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6skb71q58gnm1x1845rf7o5jo|03|biz"; nocase; ) # 1qfhr0v3tad3fkurcbn1nlcuuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfhr0v3tad3fkurcbn1nlcuuq|03|org"; nocase; ) # n39haa16p6dnjdqe521d0anj8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n39haa16p6dnjdqe521d0anj8|03|com"; nocase; ) # o3iesm1479fswpfe9t81a8d9eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o3iesm1479fswpfe9t81a8d9eb|03|net"; nocase; ) # xykxegstrpgf2vro31mzknbo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xykxegstrpgf2vro31mzknbo|03|net"; nocase; ) # 1jhk8jbmxif2joi4e6s17ku0id.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhk8jbmxif2joi4e6s17ku0id|03|org"; nocase; ) # 6g62al1we6u0hcc2g21o84y2t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6g62al1we6u0hcc2g21o84y2t|03|org"; nocase; ) # 1je9p18da4ut46590ypkkbdz0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1je9p18da4ut46590ypkkbdz0|03|com"; nocase; ) # 1bnbthxgczw3ynhmszsayejms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bnbthxgczw3ynhmszsayejms|03|net"; nocase; ) # 1xko8zi19gcuxkwou19m1epmn5u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xko8zi19gcuxkwou19m1epmn5u|03|org"; nocase; ) # 17xc5hka2h3uycwmce81pqqakt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17xc5hka2h3uycwmce81pqqakt|03|com"; nocase; ) # fig4f71ennep5gkklfg929efa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fig4f71ennep5gkklfg929efa|03|org"; nocase; ) # vklix4ddsokj1856082vyotga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vklix4ddsokj1856082vyotga|03|net"; nocase; ) # 186tcmxo3mf0p1afja0615mq86a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|186tcmxo3mf0p1afja0615mq86a|03|net"; nocase; ) # 9kped4ob5lnfjr87pdz0d95.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9kped4ob5lnfjr87pdz0d95|03|com"; nocase; ) # 1rib5fg1ii8qww18qf3ap1eh7vd5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rib5fg1ii8qww18qf3ap1eh7vd5|03|com"; nocase; ) # umxpb01kmdzrb11xxrta1ts68ab.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|umxpb01kmdzrb11xxrta1ts68ab|03|biz"; nocase; ) # 1tqe7p71ctjfz9sqauwbuxujny.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqe7p71ctjfz9sqauwbuxujny|03|org"; nocase; ) # zxs62z1hm9lip1i58jjuua5ekx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zxs62z1hm9lip1i58jjuua5ekx|03|org"; nocase; ) # 41xmc5buimln1d5fu1nwatxah.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|41xmc5buimln1d5fu1nwatxah|03|net"; nocase; ) # 1gf1hebhb0uke164g4g55dp4ls.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gf1hebhb0uke164g4g55dp4ls|03|biz"; nocase; ) # 1u3b9vf1n552wk1r2giyieyxoh1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3b9vf1n552wk1r2giyieyxoh1|03|com"; nocase; ) # 168ra7n1cy035j5dw4ms1tt58i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168ra7n1cy035j5dw4ms1tt58i|03|net"; nocase; ) # cug0xd6zwbe9firj6v1wl4yqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cug0xd6zwbe9firj6v1wl4yqn|03|org"; nocase; ) # c7ajp2l14619lrli5z46ntzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c7ajp2l14619lrli5z46ntzv|03|net"; nocase; ) # xrpxsz2lpq961q3fr41lki0pl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrpxsz2lpq961q3fr41lki0pl|03|com"; nocase; ) # 1376s60uswt0t7takid8q0ojy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1376s60uswt0t7takid8q0ojy|03|biz"; nocase; ) # u9ya4smv7mbk1ta08m21sww8rr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u9ya4smv7mbk1ta08m21sww8rr|03|com"; nocase; ) # c8fqw17ewolf6yx4n0ycj61u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c8fqw17ewolf6yx4n0ycj61u|03|net"; nocase; ) # 1y9c4h61u58r1w12jk4zvvexlp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y9c4h61u58r1w12jk4zvvexlp|03|org"; nocase; ) # 1569u611xj2cq31g4x5sum58qz1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1569u611xj2cq31g4x5sum58qz1|03|org"; nocase; ) # 1q4nzr11x0bx3487zvry1jjjmsl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4nzr11x0bx3487zvry1jjjmsl|03|biz"; nocase; ) # 5adcoq5sz8k916mu5le1iso240.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5adcoq5sz8k916mu5le1iso240|03|com"; nocase; ) # c3qqftd26opb9n45y2iphd80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c3qqftd26opb9n45y2iphd80|03|net"; nocase; ) # o6s16z1oqk2r1jswlg81b74swz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o6s16z1oqk2r1jswlg81b74swz|03|biz"; nocase; ) # uoxbseio45jq1ivn89uiij4u1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uoxbseio45jq1ivn89uiij4u1|03|com"; nocase; ) # 56bxcd1a303ti1ojx7se1cbkdti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|56bxcd1a303ti1ojx7se1cbkdti|03|com"; nocase; ) # 5r6r0m114js6y1pq4kgd762c2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5r6r0m114js6y1pq4kgd762c2e|03|com"; nocase; ) # qa9j8i144a0hi14yuqdy16u1ct1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qa9j8i144a0hi14yuqdy16u1ct1|03|org"; nocase; ) # movjftcl4y2vu4d4ae1a51l44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|movjftcl4y2vu4d4ae1a51l44|03|com"; nocase; ) # hs61zn1t2pmemg4oicmfjenxw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hs61zn1t2pmemg4oicmfjenxw|03|net"; nocase; ) # sa7n4c133lijn9m3jqoce8pgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sa7n4c133lijn9m3jqoce8pgp|03|com"; nocase; ) # 131w7tr1xkezy61v7dkj1ivi1t5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000030999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|131w7tr1xkezy61v7dkj1ivi1t5|03|biz"; nocase; ) # 1wj96yb1ek22kofwk70ji50k8r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wj96yb1ek22kofwk70ji50k8r|03|com"; nocase; ) # 13sl4jn1fg8ulacg6unb46j9k6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13sl4jn1fg8ulacg6unb46j9k6|03|net"; nocase; ) # 1knek6xs006l610rmslf9ejklr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1knek6xs006l610rmslf9ejklr|03|com"; nocase; ) # 10nbdxi1kyzd7t12c3xf4ep09st.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10nbdxi1kyzd7t12c3xf4ep09st|03|org"; nocase; ) # 10ebydb9v0huk1oeemdm1csmm4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ebydb9v0huk1oeemdm1csmm4e|03|biz"; nocase; ) # u04csg1629laldmvv46p4dimo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u04csg1629laldmvv46p4dimo|03|net"; nocase; ) # 1sg49rm6pw2hh1nyh9iz100wl5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sg49rm6pw2hh1nyh9iz100wl5j|03|org"; nocase; ) # sj7rue1kuxcrb1ssr95c1dv4nk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sj7rue1kuxcrb1ssr95c1dv4nk5|03|org"; nocase; ) # b09uvs14yu7u510xaba26w8iys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b09uvs14yu7u510xaba26w8iys|03|org"; nocase; ) # 13vtaflpcvds10prn3s8cqx86.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13vtaflpcvds10prn3s8cqx86|03|org"; nocase; ) # jlihuf802ifrpoietmczceqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jlihuf802ifrpoietmczceqq|03|org"; nocase; ) # 1jx45oyczfsl5zis6fn1a2jr21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jx45oyczfsl5zis6fn1a2jr21|03|org"; nocase; ) # p18evo1lmx6a09v8at2wxuwso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p18evo1lmx6a09v8at2wxuwso|03|biz"; nocase; ) # 71hoscjb3f7h1vdrvy11e6jm1s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|71hoscjb3f7h1vdrvy11e6jm1s|03|org"; nocase; ) # 1l0sahlrfkyhcjqlmvs1d6rycd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0sahlrfkyhcjqlmvs1d6rycd|03|net"; nocase; ) # zfoy0b1wzsfem1su742phk2rls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zfoy0b1wzsfem1su742phk2rls|03|org"; nocase; ) # 1oodhry1eu29iu1rj6uy2m8s04o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oodhry1eu29iu1rj6uy2m8s04o|03|net"; nocase; ) # 5r2gy9aqy3ku1w6oqykn8ta6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5r2gy9aqy3ku1w6oqykn8ta6|03|com"; nocase; ) # 1wkf4at1m10dbi8xwcwj1ixmdow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wkf4at1m10dbi8xwcwj1ixmdow|03|biz"; nocase; ) # 521gzm1ju420f15y9q9spy88eh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|521gzm1ju420f15y9q9spy88eh|03|org"; nocase; ) # ae5t2211dd44g1t5zonr1n3wvq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ae5t2211dd44g1t5zonr1n3wvq5|03|com"; nocase; ) # 1iw2efaumiyadcbbhh81vphuqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iw2efaumiyadcbbhh81vphuqo|03|org"; nocase; ) # 1q16b5s1tmboxvyk5bc05xzow1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q16b5s1tmboxvyk5bc05xzow1|03|biz"; nocase; ) # 1u8ea421gl4q641jykp1h1ua6yfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u8ea421gl4q641jykp1h1ua6yfh|03|org"; nocase; ) # 1gh85e151avh01mgcugji6lttn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gh85e151avh01mgcugji6lttn|03|biz"; nocase; ) # 24cas51wv8o2u12r72dp1adqtik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|24cas51wv8o2u12r72dp1adqtik|03|net"; nocase; ) # 1nz765xjhewk8q1q39d1332vhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nz765xjhewk8q1q39d1332vhl|03|net"; nocase; ) # 1gi98t91d7w433cbi4sa19ywh1y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gi98t91d7w433cbi4sa19ywh1y|03|org"; nocase; ) # 1klcjy8ipazuv19k5y6w1871a73.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1klcjy8ipazuv19k5y6w1871a73|03|com"; nocase; ) # ey16ovkq3je8vljslj1nq7we9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ey16ovkq3je8vljslj1nq7we9|03|biz"; nocase; ) # z6egvcy2xq1b6q6jtxzdkx73.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z6egvcy2xq1b6q6jtxzdkx73|03|com"; nocase; ) # 1h0uolo1w575lt5so2wr1r89amg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h0uolo1w575lt5so2wr1r89amg|03|biz"; nocase; ) # 393blr5wgbxqvjn133y1v0yy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|393blr5wgbxqvjn133y1v0yy|03|org"; nocase; ) # wuujqj7dde2uu6q53580k525.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wuujqj7dde2uu6q53580k525|03|net"; nocase; ) # 1x0h79mtxm4sa1jqyc10kmxhca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0h79mtxm4sa1jqyc10kmxhca|03|com"; nocase; ) # 1b5x7ve1pso5dfmjmncd7ucgh8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b5x7ve1pso5dfmjmncd7ucgh8|03|net"; nocase; ) # 1f9qpxz1ryc5w6rdg2ue1o9a6f5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9qpxz1ryc5w6rdg2ue1o9a6f5|03|org"; nocase; ) # hivr9y1mbjqg3w40pp0e7y5dd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hivr9y1mbjqg3w40pp0e7y5dd|03|org"; nocase; ) # 31jou21umh4tkingzujau3qa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|31jou21umh4tkingzujau3qa|03|biz"; nocase; ) # 1agbyya1w0zu7aspuob912gu4wu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1agbyya1w0zu7aspuob912gu4wu|03|net"; nocase; ) # 1li0x9j1makwbghjddai1ks4c84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1li0x9j1makwbghjddai1ks4c84|03|net"; nocase; ) # friy131x2xzmr14opayf1qylnlp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|friy131x2xzmr14opayf1qylnlp|03|com"; nocase; ) # ggz4c69hxw0iie7fo0buodzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ggz4c69hxw0iie7fo0buodzw|03|com"; nocase; ) # gtq01maoyyvmrrbsi015ribtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gtq01maoyyvmrrbsi015ribtj|03|org"; nocase; ) # 1ahbep233v8qc1lgm5mzfo8p4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahbep233v8qc1lgm5mzfo8p4d|03|com"; nocase; ) # te0zdcn0ax3n7h787j1rs6f2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|te0zdcn0ax3n7h787j1rs6f2g|03|net"; nocase; ) # pis6al16a1z285xx8w8dupgbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pis6al16a1z285xx8w8dupgbe|03|net"; nocase; ) # 1hhw1nd160r6abrtwabj1yzx8x7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hhw1nd160r6abrtwabj1yzx8x7|03|org"; nocase; ) # 1nndown140tgf21gdvsbk1v4lmte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nndown140tgf21gdvsbk1v4lmte|03|org"; nocase; ) # jala3rnftovw1t8uj2a8i8h7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jala3rnftovw1t8uj2a8i8h7i|03|org"; nocase; ) # rd5iuof7vpiy41yhx5ptu7f9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rd5iuof7vpiy41yhx5ptu7f9|03|com"; nocase; ) # ssyg551m1j0aw6oh0lkr846xh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssyg551m1j0aw6oh0lkr846xh|03|org"; nocase; ) # 9ltix4h1mofe7by16j1vl9d7o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ltix4h1mofe7by16j1vl9d7o|03|org"; nocase; ) # 1plmnc019ug5pan4i6vj9wrnx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1plmnc019ug5pan4i6vj9wrnx|03|com"; nocase; ) # h9f5op16z43vf1cqjpwvfo6yr5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h9f5op16z43vf1cqjpwvfo6yr5|03|net"; nocase; ) # 68zbhv1xhwtecrmd4bak364m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68zbhv1xhwtecrmd4bak364m7|03|com"; nocase; ) # c4rmng119p2bn1i5gwqwn6ti2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4rmng119p2bn1i5gwqwn6ti2|03|com"; nocase; ) # 1b4t3fp1y8qnqb1nvf3ti1cy9s4v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b4t3fp1y8qnqb1nvf3ti1cy9s4v|03|com"; nocase; ) # 1f76gje1w0iwge11f53uu12548jf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f76gje1w0iwge11f53uu12548jf|03|net"; nocase; ) # 1kumtq91aokl6g6ksqa51v55m5q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kumtq91aokl6g6ksqa51v55m5q|03|org"; nocase; ) # 1eorpt7d41nc0odptiwd52sfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eorpt7d41nc0odptiwd52sfy|03|org"; nocase; ) # 1fps83p1tcwipi9secjcjyq0v1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fps83p1tcwipi9secjcjyq0v1|03|net"; nocase; ) # 9w0l5o49jr5p6nl6f71wq21j2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9w0l5o49jr5p6nl6f71wq21j2|03|com"; nocase; ) # tahhgu15r4lgi1v58jty1oms2qa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tahhgu15r4lgi1v58jty1oms2qa|03|biz"; nocase; ) # 3hvu30xckw097pwkm71xas5t9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3hvu30xckw097pwkm71xas5t9|03|org"; nocase; ) # 1amu921mgxfart4i3xc13uriii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1amu921mgxfart4i3xc13uriii|03|org"; nocase; ) # 17brsr41nit9jv19e5bnszcq7xf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17brsr41nit9jv19e5bnszcq7xf|03|biz"; nocase; ) # p8nsrd7w62o21p3ewtm1k0f1q6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8nsrd7w62o21p3ewtm1k0f1q6|03|net"; nocase; ) # 1hhhc9qzib71myjbtu83c7ezs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hhhc9qzib71myjbtu83c7ezs|03|com"; nocase; ) # g7bb5g95wawu1rs4s8etf0xtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g7bb5g95wawu1rs4s8etf0xtk|03|net"; nocase; ) # 1pbt6q09qflez1tjzokm1428ecb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pbt6q09qflez1tjzokm1428ecb|03|org"; nocase; ) # 1qqa6rq1ntt4m6peoht4k1kqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qqa6rq1ntt4m6peoht4k1kqj|03|com"; nocase; ) # 1scfs0urqpyof1kby5k579fsqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1scfs0urqpyof1kby5k579fsqx|03|com"; nocase; ) # 1fwptwfph57p6m81ulovg4bt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fwptwfph57p6m81ulovg4bt|03|org"; nocase; ) # 1u563hxwz93ymr8asy1yknlq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1u563hxwz93ymr8asy1yknlq|03|net"; nocase; ) # r62au01uzwoluqoyoaii8y5eo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r62au01uzwoluqoyoaii8y5eo|03|com"; nocase; ) # oh87mc10kcpir1qte5r55aft5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oh87mc10kcpir1qte5r55aft5m|03|net"; nocase; ) # ioofnoild014x3lab41s5ctsp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ioofnoild014x3lab41s5ctsp|03|net"; nocase; ) # 1ihoagt19yitdxg144e81t1cc6x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ihoagt19yitdxg144e81t1cc6x|03|com"; nocase; ) # pjg58wb1jfq41e2j5stk96syp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pjg58wb1jfq41e2j5stk96syp|03|org"; nocase; ) # k8kuug1x5419e13vlsv11s76s92.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k8kuug1x5419e13vlsv11s76s92|03|com"; nocase; ) # 4f43ls4yjxg5trd1io4py6c0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4f43ls4yjxg5trd1io4py6c0|03|biz"; nocase; ) # sorgibmpliyz62i0k3dhmg80.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sorgibmpliyz62i0k3dhmg80|03|com"; nocase; ) # 1kch0vp14qvghwhayzr813y0uk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kch0vp14qvghwhayzr813y0uk2|03|net"; nocase; ) # xvedlj1rfauplag2jsi7dih63.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvedlj1rfauplag2jsi7dih63|03|biz"; nocase; ) # rameh5l3g38h193s4ui1eq3lxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rameh5l3g38h193s4ui1eq3lxi|03|biz"; nocase; ) # 11nz58e1wdm04017iiskhbefs3b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nz58e1wdm04017iiskhbefs3b|03|net"; nocase; ) # 1xc3ctl1afxpxn1u81okahcgvdx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xc3ctl1afxpxn1u81okahcgvdx|03|org"; nocase; ) # 990g7n1q6k3pr1jwcmoan6is87.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|990g7n1q6k3pr1jwcmoan6is87|03|net"; nocase; ) # wvib151ujfo3kstpp0ottqvqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvib151ujfo3kstpp0ottqvqm|03|org"; nocase; ) # kiykuqw2ivn17bl7iceyp85d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kiykuqw2ivn17bl7iceyp85d|03|org"; nocase; ) # 17fzfgt1md248l5z1nbvo343r4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17fzfgt1md248l5z1nbvo343r4|03|com"; nocase; ) # 1kpebme1qvdh9scmg8tehg3jlx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kpebme1qvdh9scmg8tehg3jlx|03|net"; nocase; ) # fsde8l1kbekz31nbqf2g135o6pa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fsde8l1kbekz31nbqf2g135o6pa|03|biz"; nocase; ) # 2zaiii1wrn7vf1o10y5ogzhhtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zaiii1wrn7vf1o10y5ogzhhtm|03|net"; nocase; ) # 1c73mj61n343r61xm2c51v57h0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c73mj61n343r61xm2c51v57h0|03|com"; nocase; ) # 1jprsa21xlk9v91ikkgw2anese6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jprsa21xlk9v91ikkgw2anese6|03|biz"; nocase; ) # a64ham1dydvrok9v60wu8fa6k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a64ham1dydvrok9v60wu8fa6k|03|com"; nocase; ) # 7oca0dulfn7b12ha9ec15ff5xk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7oca0dulfn7b12ha9ec15ff5xk|03|org"; nocase; ) # 5b0jxpl82guv1it983e2sidg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5b0jxpl82guv1it983e2sidg1|03|com"; nocase; ) # 1fd5da3137ny8gfdxnoi1hm39aq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fd5da3137ny8gfdxnoi1hm39aq|03|org"; nocase; ) # br6jfoxayv5f1bcp5xm18rhcb3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|br6jfoxayv5f1bcp5xm18rhcb3|03|biz"; nocase; ) # 18vi3oz14q8fcnbkq6ben12phy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18vi3oz14q8fcnbkq6ben12phy|03|net"; nocase; ) # 1gv8nlug2h0t18dohog1cuzh1h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gv8nlug2h0t18dohog1cuzh1h|03|org"; nocase; ) # pg61xb13p61671fb8e6n1k0mjnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pg61xb13p61671fb8e6n1k0mjnz|03|com"; nocase; ) # 13v2fzn1cy8oi8168m44t1bq7c78.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13v2fzn1cy8oi8168m44t1bq7c78|03|org"; nocase; ) # 1mur7b1h8o72u1i9coxm1fj6h8p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mur7b1h8o72u1i9coxm1fj6h8p|03|org"; nocase; ) # zfmiraxfyh9l1n2mmrn8r7fm6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfmiraxfyh9l1n2mmrn8r7fm6|03|org"; nocase; ) # 1766zcl1yptksktlor78s05hpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1766zcl1yptksktlor78s05hpl|03|com"; nocase; ) # 1hssb4911mttht5sw7unt9g0k9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hssb4911mttht5sw7unt9g0k9|03|org"; nocase; ) # 1mdgyqmcvkj3314phx2x1tcgz5k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mdgyqmcvkj3314phx2x1tcgz5k|03|org"; nocase; ) # y0h0kf1gvgcko19khbt21npqtdr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y0h0kf1gvgcko19khbt21npqtdr|03|net"; nocase; ) # mqptob5pgfos7934kg1v116ys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqptob5pgfos7934kg1v116ys|03|org"; nocase; ) # iitafa4cpp1b1p345sxa5t3og.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iitafa4cpp1b1p345sxa5t3og|03|net"; nocase; ) # vl3l9i1hdx8j61o7krevaxvq6o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vl3l9i1hdx8j61o7krevaxvq6o|03|biz"; nocase; ) # 14313c6i1bf7m76ki6q1hxjsjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14313c6i1bf7m76ki6q1hxjsjd|03|biz"; nocase; ) # gazrii3zoc4d18dpveh1rn1q4v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gazrii3zoc4d18dpveh1rn1q4v|03|com"; nocase; ) # kz97lw1g5sevl10gt5b11oo3vlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kz97lw1g5sevl10gt5b11oo3vlc|03|net"; nocase; ) # azvpx0949r1q2qb3rd1avzf3n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|azvpx0949r1q2qb3rd1avzf3n|03|com"; nocase; ) # 1g9klkn1h8ckizs87sdteqkxzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9klkn1h8ckizs87sdteqkxzv|03|net"; nocase; ) # gb1ne31ym1td4183gq3abk1en1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gb1ne31ym1td4183gq3abk1en1|03|net"; nocase; ) # 1poxuo511rxogzyieuls1x4nb3p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1poxuo511rxogzyieuls1x4nb3p|03|com"; nocase; ) # 93co8gb8io8d1sd9bi2ioh43h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93co8gb8io8d1sd9bi2ioh43h|03|net"; nocase; ) # 15qtvzg7h84jv1iz6rxqds9rgq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15qtvzg7h84jv1iz6rxqds9rgq|03|biz"; nocase; ) # vsaoda1kivms8dfzclj9ov4fc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vsaoda1kivms8dfzclj9ov4fc|03|org"; nocase; ) # kr6ve96nslv973c41y1nwxq9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kr6ve96nslv973c41y1nwxq9y|03|org"; nocase; ) # 143ciy11u4u1r21cd6itx1xmli89.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|143ciy11u4u1r21cd6itx1xmli89|03|net"; nocase; ) # eiwx2d1gbkvn91fvt4ok3brcfu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eiwx2d1gbkvn91fvt4ok3brcfu|03|org"; nocase; ) # 1a5p3cv1hxb5hy1it45hd1ljl970.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a5p3cv1hxb5hy1it45hd1ljl970|03|net"; nocase; ) # 1y8q0j0d1nm7r133zl041hh28pz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8q0j0d1nm7r133zl041hh28pz|03|net"; nocase; ) # unnqanoqw1a1qn29f816nr74w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|unnqanoqw1a1qn29f816nr74w|03|org"; nocase; ) # 1sxhj481udavgoqldw8977pgbh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sxhj481udavgoqldw8977pgbh|03|net"; nocase; ) # 17o9hbya4dekns0t65deq382c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17o9hbya4dekns0t65deq382c|03|com"; nocase; ) # tsclt918bifx214lp8aaxb0h1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tsclt918bifx214lp8aaxb0h1|03|com"; nocase; ) # 3oi72ssb5got18qn3n2ie2ooi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3oi72ssb5got18qn3n2ie2ooi|03|biz"; nocase; ) # 1eltl7x10xx9ea79rgp01j3xtzh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eltl7x10xx9ea79rgp01j3xtzh|03|net"; nocase; ) # 6spabj10x014g1jjazon10fm6dp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6spabj10x014g1jjazon10fm6dp|03|biz"; nocase; ) # ry98gd1f0j2wy12vlq9s16b0cmc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ry98gd1f0j2wy12vlq9s16b0cmc|03|org"; nocase; ) # 13it84x182g8bmuvyuksg9xarz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13it84x182g8bmuvyuksg9xarz|03|net"; nocase; ) # 1kyrjs3hx8ved1632jmy18n0qg9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kyrjs3hx8ved1632jmy18n0qg9|03|biz"; nocase; ) # 8w748fsb4hr716sbr65pw4crv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8w748fsb4hr716sbr65pw4crv|03|com"; nocase; ) # 1311w3s1enkkfn1hj762n1hwfxqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1311w3s1enkkfn1hj762n1hwfxqq|03|com"; nocase; ) # u2qk6upjilfwfym8tn1ne4ta3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u2qk6upjilfwfym8tn1ne4ta3|03|org"; nocase; ) # 7r50b6smv8enjncefq1egcqwc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7r50b6smv8enjncefq1egcqwc|03|biz"; nocase; ) # i6az9h6ljt8b4170327f3j0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i6az9h6ljt8b4170327f3j0h|03|net"; nocase; ) # wtpb1017a0i501qclkheucjfbj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wtpb1017a0i501qclkheucjfbj|03|net"; nocase; ) # p6gkjc4q883vbiievy6d1jui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p6gkjc4q883vbiievy6d1jui|03|net"; nocase; ) # 1y5gwc1i3s4b51kdzt06m3jmxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y5gwc1i3s4b51kdzt06m3jmxh|03|com"; nocase; ) # 1dcfi6s174q6gcbfu4brknj5g8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dcfi6s174q6gcbfu4brknj5g8|03|org"; nocase; ) # csz6ics7a9069ywinyhyix93.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|csz6ics7a9069ywinyhyix93|03|biz"; nocase; ) # 13b4b161x082o7fmlyu1emut7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13b4b161x082o7fmlyu1emut7d|03|net"; nocase; ) # 1gzrvs4108ew471f7zg4y140ljaz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gzrvs4108ew471f7zg4y140ljaz|03|org"; nocase; ) # o0tclggelavejdo6i89zsv87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o0tclggelavejdo6i89zsv87|03|org"; nocase; ) # imhpbq3r477px2008ubvviy3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|imhpbq3r477px2008ubvviy3|03|biz"; nocase; ) # vkycal1xyx4556fqelt1cy57ra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vkycal1xyx4556fqelt1cy57ra|03|com"; nocase; ) # 3slf6y1qce5prv4u2uzxbvx2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3slf6y1qce5prv4u2uzxbvx2h|03|biz"; nocase; ) # fuo1vhki6i6125oyap4za4t2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fuo1vhki6i6125oyap4za4t2|03|net"; nocase; ) # 129eye119rk8655xj7p6imdpro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|129eye119rk8655xj7p6imdpro|03|org"; nocase; ) # 1ipnvqv1uhoayo1s2mxt66afmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ipnvqv1uhoayo1s2mxt66afmj|03|net"; nocase; ) # 13s2x7gk4x9zx6ij7yu3zjv5a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13s2x7gk4x9zx6ij7yu3zjv5a|03|biz"; nocase; ) # 16bqgxc1nj9aw91am28go16ffr1y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16bqgxc1nj9aw91am28go16ffr1y|03|org"; nocase; ) # 1tkbm08w6axscpmj2ysvyi1qn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tkbm08w6axscpmj2ysvyi1qn|03|org"; nocase; ) # 1ngq80a1cfld7un4cyhbqy07bo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ngq80a1cfld7un4cyhbqy07bo|03|net"; nocase; ) # 10imkup18ab5ji1cfp7pz1k45f31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10imkup18ab5ji1cfp7pz1k45f31|03|net"; nocase; ) # 1srbjwd1ssltya1tef7do1xrs06m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1srbjwd1ssltya1tef7do1xrs06m|03|net"; nocase; ) # 10x12jl11rp0zqtvqaoi2j58wi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10x12jl11rp0zqtvqaoi2j58wi|03|biz"; nocase; ) # 19wgogr1rwn2sl1yh2qyo1v56yyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19wgogr1rwn2sl1yh2qyo1v56yyg|03|biz"; nocase; ) # 1eerwhl1ffxury1aus4vc1wvno43.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eerwhl1ffxury1aus4vc1wvno43|03|com"; nocase; ) # 1bp0smi1gn2qty1jyj1vw1u09o2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bp0smi1gn2qty1jyj1vw1u09o2|03|net"; nocase; ) # g9fjqb1eo6pji74cydqa3indq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g9fjqb1eo6pji74cydqa3indq|03|org"; nocase; ) # 24dzdixf6vapxh8qdczv838k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|24dzdixf6vapxh8qdczv838k|03|com"; nocase; ) # y9by8ggghizk1jdjkv21240ea5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y9by8ggghizk1jdjkv21240ea5|03|net"; nocase; ) # vq8hcb128y64ms2dacoglqtd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vq8hcb128y64ms2dacoglqtd|03|com"; nocase; ) # 1y9l96qqkp88dbxxr4ed57p8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1y9l96qqkp88dbxxr4ed57p8|03|com"; nocase; ) # 5v24k81wznol915ozm8qbnqrk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5v24k81wznol915ozm8qbnqrk8|03|net"; nocase; ) # 17nypym1o1p145dugsx21ks6g4w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17nypym1o1p145dugsx21ks6g4w|03|biz"; nocase; ) # q9w6751w1lvko172ry6ohersh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q9w6751w1lvko172ry6ohersh5|03|com"; nocase; ) # 1b3bqwc1c19xp41ytsbkm1owqfjo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b3bqwc1c19xp41ytsbkm1owqfjo|03|net"; nocase; ) # 12ajmtz1kfb2wm1if0mtb7vmutl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ajmtz1kfb2wm1if0mtb7vmutl|03|net"; nocase; ) # 11fuwn2hw4378sbk9g63c6afe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11fuwn2hw4378sbk9g63c6afe|03|org"; nocase; ) # 14a4uy1vw7lhfnewj0jwstahm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14a4uy1vw7lhfnewj0jwstahm|03|org"; nocase; ) # 1o7wv9a1puglc7sjukthwzet4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7wv9a1puglc7sjukthwzet4k|03|net"; nocase; ) # y0ikas1w095221pgh39nbxkpn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y0ikas1w095221pgh39nbxkpn6|03|org"; nocase; ) # dxmmwjo96tkc11orflbrsy4cl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dxmmwjo96tkc11orflbrsy4cl|03|org"; nocase; ) # 1021bo27dqrxzvljh3v12nz3o7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1021bo27dqrxzvljh3v12nz3o7|03|org"; nocase; ) # 19s3f3q8jke2r1oh02bgr4p2ha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19s3f3q8jke2r1oh02bgr4p2ha|03|com"; nocase; ) # sdxsuf1qrc06pe1ijszyfzoah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sdxsuf1qrc06pe1ijszyfzoah|03|com"; nocase; ) # 1hwa3xn6wxt141mm1bhotup8am.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hwa3xn6wxt141mm1bhotup8am|03|org"; nocase; ) # me0dsc1r6ahcmdzw12byzwhip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|me0dsc1r6ahcmdzw12byzwhip|03|com"; nocase; ) # 1dqd9ovv0sep21vyz3qu1pg043q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqd9ovv0sep21vyz3qu1pg043q|03|biz"; nocase; ) # lhpw2j14fvjhveqsw8x1dmzhog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhpw2j14fvjhveqsw8x1dmzhog|03|org"; nocase; ) # 1ligk431n0z13e1cqjad518mod5x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ligk431n0z13e1cqjad518mod5x|03|com"; nocase; ) # uq3wza1nvsgcnkou2czv3eq72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uq3wza1nvsgcnkou2czv3eq72|03|net"; nocase; ) # 6co7d87n82xrfcl0hs1eqlt1o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6co7d87n82xrfcl0hs1eqlt1o|03|org"; nocase; ) # 1vvar3a19b32ii3n08vqnraoui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vvar3a19b32ii3n08vqnraoui|03|com"; nocase; ) # xwevrh15to4de9acw1u1fyxlc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwevrh15to4de9acw1u1fyxlc7|03|org"; nocase; ) # 1icn9hd2ia70d1bwv8ox1qfug1x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1icn9hd2ia70d1bwv8ox1qfug1x|03|net"; nocase; ) # 1qfx7x18z065k55fjwc1umqssi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfx7x18z065k55fjwc1umqssi|03|org"; nocase; ) # 1g6szray3fj9q16ptgxwsxs5h4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g6szray3fj9q16ptgxwsxs5h4|03|biz"; nocase; ) # 1yntz061v5q5hoqyy5vy1pc15t6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yntz061v5q5hoqyy5vy1pc15t6|03|com"; nocase; ) # 1lfod631v6sp5gvwy4q0lpsskf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lfod631v6sp5gvwy4q0lpsskf|03|biz"; nocase; ) # 1r8rr015kq054px5ae4y2q4j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r8rr015kq054px5ae4y2q4j6|03|net"; nocase; ) # 1rvm4il1vgroeq8ks0ls15a8a4s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rvm4il1vgroeq8ks0ls15a8a4s|03|biz"; nocase; ) # aa07defb3x8g1k779d326aeg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aa07defb3x8g1k779d326aeg6|03|net"; nocase; ) # 1l4xa9lnpd80f9mhc2o1luysqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l4xa9lnpd80f9mhc2o1luysqb|03|com"; nocase; ) # r5rbwd1o297sn15aj65s1wrkn1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r5rbwd1o297sn15aj65s1wrkn1g|03|com"; nocase; ) # 1r6s7tj1irc86lu7y50p1ijxwrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r6s7tj1irc86lu7y50p1ijxwrd|03|org"; nocase; ) # 4f0iu7t2ht0iu0r1mp1lsuhgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4f0iu7t2ht0iu0r1mp1lsuhgu|03|biz"; nocase; ) # qbdhhg1naazyr11fqnvgiauoiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qbdhhg1naazyr11fqnvgiauoiv|03|org"; nocase; ) # 1a7tmxzctgt1358tckotl2wg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a7tmxzctgt1358tckotl2wg2|03|net"; nocase; ) # 15s6aiiv32gjn18887cx1xx5aqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15s6aiiv32gjn18887cx1xx5aqq|03|org"; nocase; ) # 1f3dfy211i87co1m6h3hzwqoihz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3dfy211i87co1m6h3hzwqoihz|03|com"; nocase; ) # asfrg6w8ckob1q3n9nd15pnf32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|asfrg6w8ckob1q3n9nd15pnf32|03|com"; nocase; ) # 2judnv1nkeo5u1s8qocxduv88f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2judnv1nkeo5u1s8qocxduv88f|03|org"; nocase; ) # mlenmy11tixfw18yewr5wto68d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mlenmy11tixfw18yewr5wto68d|03|com"; nocase; ) # 1krxpqv64yziy2f7ogefgno8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1krxpqv64yziy2f7ogefgno8w|03|org"; nocase; ) # 10db7nh9ksw9esaaozq1eay0xc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10db7nh9ksw9esaaozq1eay0xc|03|com"; nocase; ) # 15tg6t2lpzeh71rek4yzk0xuoe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tg6t2lpzeh71rek4yzk0xuoe|03|org"; nocase; ) # 1gqgkhukp4qvp1nkrit71qit6z9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gqgkhukp4qvp1nkrit71qit6z9|03|net"; nocase; ) # 1f3c2jb1ttqns815l9jpuch48lc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3c2jb1ttqns815l9jpuch48lc|03|biz"; nocase; ) # 166lcvb10i78daitown0bjs1xy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166lcvb10i78daitown0bjs1xy|03|com"; nocase; ) # orn9u2cqn4yk1nb20kjhlr5jh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|orn9u2cqn4yk1nb20kjhlr5jh|03|biz"; nocase; ) # wewbazti0dst1qebwe110iz5y8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wewbazti0dst1qebwe110iz5y8|03|biz"; nocase; ) # 17k28kn1uqkhaddrswygt6xiaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17k28kn1uqkhaddrswygt6xiaf|03|org"; nocase; ) # 1fdj5iy1je3xkvks68ue1ywzkwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fdj5iy1je3xkvks68ue1ywzkwi|03|com"; nocase; ) # 1pwqt4s1djuvvd4dh4mi1r0e4sq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pwqt4s1djuvvd4dh4mi1r0e4sq|03|com"; nocase; ) # 15ajwg51816ild1nimo4y180keuu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15ajwg51816ild1nimo4y180keuu|03|org"; nocase; ) # 6gg67nri5e7nreth9s3rbqt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6gg67nri5e7nreth9s3rbqt9|03|org"; nocase; ) # 1l5y8ecmkp74x1i5hpab1kbnevy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5y8ecmkp74x1i5hpab1kbnevy|03|com"; nocase; ) # 1lsowfeih8c2d1wpultr1jg4tdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsowfeih8c2d1wpultr1jg4tdf|03|com"; nocase; ) # 1cxmwl1135sn7t1b1bcw01s7hzww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cxmwl1135sn7t1b1bcw01s7hzww|03|com"; nocase; ) # 1tk43ds18o88jh1pb6zcu1udemh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tk43ds18o88jh1pb6zcu1udemh8|03|org"; nocase; ) # 1qaszqa15xson21sc1jhh568zj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qaszqa15xson21sc1jhh568zj3|03|com"; nocase; ) # 66eip451v98henb7tbz51s7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|66eip451v98henb7tbz51s7a|03|com"; nocase; ) # 1xae05b1q24txf1wqna1i13mxh9u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xae05b1q24txf1wqna1i13mxh9u|03|org"; nocase; ) # 533nkdnhi6221uy6eu71tzkwl0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|533nkdnhi6221uy6eu71tzkwl0|03|net"; nocase; ) # 1pb8clul88jjqkvyio626u2vv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pb8clul88jjqkvyio626u2vv|03|com"; nocase; ) # 1dieras9f4o181s318x63idmq5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dieras9f4o181s318x63idmq5|03|org"; nocase; ) # m8pbf2g6cyp01mmk59ixzojnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m8pbf2g6cyp01mmk59ixzojnv|03|org"; nocase; ) # s3wakz11ft7ia18osjaa11pc520.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s3wakz11ft7ia18osjaa11pc520|03|org"; nocase; ) # 1cpchqqqdc5xbi02gko1u28cwr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpchqqqdc5xbi02gko1u28cwr|03|com"; nocase; ) # 17mjdia1itd251ykqs2bby9b0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17mjdia1itd251ykqs2bby9b0w|03|net"; nocase; ) # 189ygjq140ooka72uuby1vx8qyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|189ygjq140ooka72uuby1vx8qyv|03|net"; nocase; ) # 1agalreucenfq1v0iqn59ypmd9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1agalreucenfq1v0iqn59ypmd9|03|com"; nocase; ) # 1ixjfnx122ontlpfazd01aczpyl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ixjfnx122ontlpfazd01aczpyl|03|com"; nocase; ) # 1mqax33jkhn8t9mov2l1wdpn0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqax33jkhn8t9mov2l1wdpn0g|03|net"; nocase; ) # m16qv19srz74m3llja1xoq1xt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m16qv19srz74m3llja1xoq1xt|03|org"; nocase; ) # 1tbrjfx1hrlyfl1eht7p6zh0oe9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbrjfx1hrlyfl1eht7p6zh0oe9|03|biz"; nocase; ) # 1tg66no1xna81j1ou21li1ykggr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tg66no1xna81j1ou21li1ykggr8|03|com"; nocase; ) # 6xxfw21w9w4w5ru3pc16a8ddl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6xxfw21w9w4w5ru3pc16a8ddl|03|com"; nocase; ) # 1ynguokumw4vaq481kx1fvoz2y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ynguokumw4vaq481kx1fvoz2y|03|net"; nocase; ) # rbag6s19tb6litdw4c51pulhcr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rbag6s19tb6litdw4c51pulhcr|03|com"; nocase; ) # 657nk9193e9811499khlzlfxw4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|657nk9193e9811499khlzlfxw4|03|com"; nocase; ) # bvhx3w1sxax9g14hsc9h1xsgbdl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bvhx3w1sxax9g14hsc9h1xsgbdl|03|net"; nocase; ) # l9ldost4sg8ll3hgyx19boc3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l9ldost4sg8ll3hgyx19boc3a|03|net"; nocase; ) # zb1r3zllo5qgm8crr5iqsweu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zb1r3zllo5qgm8crr5iqsweu|03|net"; nocase; ) # 1i4msdwapklgn1iguii71gur463.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4msdwapklgn1iguii71gur463|03|net"; nocase; ) # rheavxpuu5g1tjgvsqvzk648.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rheavxpuu5g1tjgvsqvzk648|03|biz"; nocase; ) # dzel1v8ftrwr1yvv87iv7ovh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzel1v8ftrwr1yvv87iv7ovh4|03|org"; nocase; ) # e7u6rf14hoywed840usjd8f91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e7u6rf14hoywed840usjd8f91|03|net"; nocase; ) # qq1i6v11f99va1warsin1tdem3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qq1i6v11f99va1warsin1tdem3l|03|net"; nocase; ) # tcxfgy14geu0zypd3s01vpodji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tcxfgy14geu0zypd3s01vpodji|03|org"; nocase; ) # 1ag0fdr11pl980efmsbl10q4j5x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ag0fdr11pl980efmsbl10q4j5x|03|biz"; nocase; ) # 1pb70q95psudd1twa9v8se2m7i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pb70q95psudd1twa9v8se2m7i|03|biz"; nocase; ) # npe78q9nyn3opk3a7618z4lns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|npe78q9nyn3opk3a7618z4lns|03|com"; nocase; ) # 1axit9gxipdkzlqb257xwgf21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1axit9gxipdkzlqb257xwgf21|03|org"; nocase; ) # 1mvpc1tyl6y0lbjf1mm1th4gyo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvpc1tyl6y0lbjf1mm1th4gyo|03|biz"; nocase; ) # 1mrbe9hdsad6f1uny1if1igsjld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mrbe9hdsad6f1uny1if1igsjld|03|net"; nocase; ) # 1utknts89vvu31x9prtt1yu58je.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1utknts89vvu31x9prtt1yu58je|03|net"; nocase; ) # 1pndw1o2ngmrj1em58dia8n582.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pndw1o2ngmrj1em58dia8n582|03|biz"; nocase; ) # 1yienah1fmdc0i17gdjpyr14ucy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yienah1fmdc0i17gdjpyr14ucy|03|org"; nocase; ) # 15jscyqskgpqsmf3alrby9rca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15jscyqskgpqsmf3alrby9rca|03|net"; nocase; ) # 1ntcwll1g97795bfx3dv14p8zmo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ntcwll1g97795bfx3dv14p8zmo|03|com"; nocase; ) # 22kr0xohjl3e1sp037fcy8ksf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|22kr0xohjl3e1sp037fcy8ksf|03|net"; nocase; ) # 175osfscwk5pyd7t54yrp02dh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|175osfscwk5pyd7t54yrp02dh|03|org"; nocase; ) # veqhml1vgbncfmide6jl45ko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|veqhml1vgbncfmide6jl45ko|03|org"; nocase; ) # 1u1qcsk1mxjcwe16nlgs31s65p37.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u1qcsk1mxjcwe16nlgs31s65p37|03|com"; nocase; ) # adgpym1y25pln1rcxyic1xj3irj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|adgpym1y25pln1rcxyic1xj3irj|03|net"; nocase; ) # xzziwi1ercbtdh5pylgp6timd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzziwi1ercbtdh5pylgp6timd|03|biz"; nocase; ) # 1u9sto314npxmfq3jj791ojrj2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u9sto314npxmfq3jj791ojrj2v|03|org"; nocase; ) # 3gkv7s1qtgc6i1nydnnc14ipfrp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3gkv7s1qtgc6i1nydnnc14ipfrp|03|com"; nocase; ) # 12s3f1d1ocswc612jfiod158lgu2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12s3f1d1ocswc612jfiod158lgu2|03|biz"; nocase; ) # 9s44rkptcd8j12dbyz917z0mb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9s44rkptcd8j12dbyz917z0mb|03|org"; nocase; ) # s17ff21r5lnh9h3bbp1fm43nv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s17ff21r5lnh9h3bbp1fm43nv|03|com"; nocase; ) # uny28a1pimi3s1dtucqzvtlpcb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uny28a1pimi3s1dtucqzvtlpcb|03|net"; nocase; ) # mdmp0v6zre6dfh3p4d1wu88ic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mdmp0v6zre6dfh3p4d1wu88ic|03|net"; nocase; ) # 1hbtq86nqhim41ah9373yjbext.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbtq86nqhim41ah9373yjbext|03|net"; nocase; ) # zav27lgjn2uz1fj6080yt2vkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zav27lgjn2uz1fj6080yt2vkp|03|net"; nocase; ) # gyazmtar142i18wxbjl1yam99m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gyazmtar142i18wxbjl1yam99m|03|org"; nocase; ) # 1nrwq4l16npv9hknk9h1m99dg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nrwq4l16npv9hknk9h1m99dg|03|org"; nocase; ) # 19ghxk11ye4q901muvpl11r1iii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ghxk11ye4q901muvpl11r1iii|03|org"; nocase; ) # dnhmqu1fvvq6b1m40p3tbkg628.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dnhmqu1fvvq6b1m40p3tbkg628|03|net"; nocase; ) # nfntpj5sjb1v10xp9ldb60ige.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nfntpj5sjb1v10xp9ldb60ige|03|net"; nocase; ) # 1flfdrd1ge0zklhaco011yk71by.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1flfdrd1ge0zklhaco011yk71by|03|com"; nocase; ) # su2bnv1kvd9dx1e2i06vb12k9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|su2bnv1kvd9dx1e2i06vb12k9i|03|net"; nocase; ) # 1jmnf4bpniaa99nd5bs1p9va79.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jmnf4bpniaa99nd5bs1p9va79|03|org"; nocase; ) # 1on16quotuja51a2oqa71yvlv88.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1on16quotuja51a2oqa71yvlv88|03|com"; nocase; ) # cnk0xrbyvojm193txjrpk6749.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cnk0xrbyvojm193txjrpk6749|03|net"; nocase; ) # 1cj5s1e9o3oar1voir811nx2d2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cj5s1e9o3oar1voir811nx2d2k|03|org"; nocase; ) # flqdon6ht9y863nsaa62rg4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|flqdon6ht9y863nsaa62rg4u|03|biz"; nocase; ) # 1py6niq19o7fb01e5kqm81hqcmmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1py6niq19o7fb01e5kqm81hqcmmh|03|com"; nocase; ) # 1ixn0t61p6gtl51c6dmq61a4mkrx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ixn0t61p6gtl51c6dmq61a4mkrx|03|org"; nocase; ) # 1gzodhc1wmn3su1ldmy6u3ysizx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gzodhc1wmn3su1ldmy6u3ysizx|03|net"; nocase; ) # 1sf6ff11vvqvu8b0f7711q3vp6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sf6ff11vvqvu8b0f7711q3vp6n|03|net"; nocase; ) # 1bbd3us9se6461prpvt61dvx4uu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bbd3us9se6461prpvt61dvx4uu|03|net"; nocase; ) # d383ho1vlbxvt1j0o7ptcmiab9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d383ho1vlbxvt1j0o7ptcmiab9|03|org"; nocase; ) # 1atxgtg1vvk5xn5q6rkl17rea23.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1atxgtg1vvk5xn5q6rkl17rea23|03|com"; nocase; ) # f6m99z41iaqi1cpa9jgdv28bq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6m99z41iaqi1cpa9jgdv28bq|03|org"; nocase; ) # j9l7sl149yy391hptxikjx3d2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9l7sl149yy391hptxikjx3d2b|03|net"; nocase; ) # 7ww3dg19uw3b31fy3vlucrcwfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ww3dg19uw3b31fy3vlucrcwfe|03|com"; nocase; ) # r8wjjoii7o7n1165x8v1ughly0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r8wjjoii7o7n1165x8v1ughly0|03|org"; nocase; ) # 1s3zvrw2bzkhuzwi4h1wxezpf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s3zvrw2bzkhuzwi4h1wxezpf|03|net"; nocase; ) # aexqht1sc3dt8inco44larzhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aexqht1sc3dt8inco44larzhn|03|net"; nocase; ) # 1tryvzoa1gj95gno88rtf4br6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tryvzoa1gj95gno88rtf4br6|03|net"; nocase; ) # a9349i5tn31o1cxqelc1g6pi0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a9349i5tn31o1cxqelc1g6pi0h|03|net"; nocase; ) # o1nd8o12geq9nzhq8b1u67da3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1nd8o12geq9nzhq8b1u67da3|03|net"; nocase; ) # qd17uh1n9gvua1icsa1basf8tz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qd17uh1n9gvua1icsa1basf8tz|03|org"; nocase; ) # bvd4937r4doj150stfxbtwd4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bvd4937r4doj150stfxbtwd4s|03|net"; nocase; ) # 1usu8781pnmr9912iv8ea1s111sm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1usu8781pnmr9912iv8ea1s111sm|03|org"; nocase; ) # p45zt6t6cylka3o3521vgdy0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p45zt6t6cylka3o3521vgdy0w|03|net"; nocase; ) # yl3jbv14m6fyc14xlcigsvq5lx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yl3jbv14m6fyc14xlcigsvq5lx|03|net"; nocase; ) # 1eiv58q8kvsk21qjzkmb1f9fg64.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eiv58q8kvsk21qjzkmb1f9fg64|03|biz"; nocase; ) # 1o752rnsvgox0n24ejb171j1ul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o752rnsvgox0n24ejb171j1ul|03|net"; nocase; ) # vrrszc1bqwjdsb82ncicnvh2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vrrszc1bqwjdsb82ncicnvh2|03|biz"; nocase; ) # gbjm9y1qacsd61vfd7cu120td40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gbjm9y1qacsd61vfd7cu120td40|03|org"; nocase; ) # 1277ad71ditb8n1ge4nb31f26rp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1277ad71ditb8n1ge4nb31f26rp5|03|net"; nocase; ) # 1xwezr81c8nmudw6zwrouaj7m5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xwezr81c8nmudw6zwrouaj7m5|03|com"; nocase; ) # 18b4hgnck6nle12z9xzt1yeq8u8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18b4hgnck6nle12z9xzt1yeq8u8|03|com"; nocase; ) # ebhoifpj77bv1qyx6fvve74mj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ebhoifpj77bv1qyx6fvve74mj|03|org"; nocase; ) # xnqw9z13zs9atbm31ez232pja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xnqw9z13zs9atbm31ez232pja|03|biz"; nocase; ) # k9yz2y9sesn614c7tp91a8mylx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k9yz2y9sesn614c7tp91a8mylx|03|com"; nocase; ) # 94ddv1imhz3sc55t8elasfou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|94ddv1imhz3sc55t8elasfou|03|net"; nocase; ) # 1f12yw518su2bm1g79zi6dn21ld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f12yw518su2bm1g79zi6dn21ld|03|com"; nocase; ) # ubxbrc15n24jbbmbp0f1w8fkze.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubxbrc15n24jbbmbp0f1w8fkze|03|biz"; nocase; ) # qvmshugl7megz2wsbh94s7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qvmshugl7megz2wsbh94s7b|03|com"; nocase; ) # hqsai72clio91ycv96f52yu75.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hqsai72clio91ycv96f52yu75|03|biz"; nocase; ) # 1pl6am04mn8v6y3zk8et9kw80.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pl6am04mn8v6y3zk8et9kw80|03|org"; nocase; ) # 1s9fcjg6na8i71m28pmefgseex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s9fcjg6na8i71m28pmefgseex|03|com"; nocase; ) # 1w4us781byh25h21pxgz1k5s2gi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w4us781byh25h21pxgz1k5s2gi|03|net"; nocase; ) # kt1h9p1jw8e9a1sui1mt1k8uy40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kt1h9p1jw8e9a1sui1mt1k8uy40|03|org"; nocase; ) # 16xo8mdqu39r712xf6y910xzdzx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xo8mdqu39r712xf6y910xzdzx|03|com"; nocase; ) # yznwvpyvf4he1g4lhr3u4e441.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yznwvpyvf4he1g4lhr3u4e441|03|net"; nocase; ) # 1xqxs93yzxmuc9nsk2y5xqkz6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xqxs93yzxmuc9nsk2y5xqkz6|03|com"; nocase; ) # 1qkhzju1xdlgzntz7ob81mg6y59.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qkhzju1xdlgzntz7ob81mg6y59|03|net"; nocase; ) # 1fd28r711wr1vugq7mtqdesf2g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fd28r711wr1vugq7mtqdesf2g|03|biz"; nocase; ) # 6ehvnw6ihw7g1l34m6exakcjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ehvnw6ihw7g1l34m6exakcjv|03|net"; nocase; ) # 17636wxzb8531brq2u21ykv88b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17636wxzb8531brq2u21ykv88b|03|biz"; nocase; ) # e0o2zmy8k41q1dl05ka1prdkqg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e0o2zmy8k41q1dl05ka1prdkqg|03|com"; nocase; ) # 18t9iwg1kqjxj2zygpe1wudht1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18t9iwg1kqjxj2zygpe1wudht1|03|net"; nocase; ) # 192t5my1rz3eaf1xw2trd1jbnh5v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|192t5my1rz3eaf1xw2trd1jbnh5v|03|biz"; nocase; ) # njb650187ibnba7pdct15afug0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|njb650187ibnba7pdct15afug0|03|org"; nocase; ) # 18kj5f2so3cud1zwpti6khk8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18kj5f2so3cud1zwpti6khk8m|03|net"; nocase; ) # 1p184f9lcd271lmxl4b5ob3sx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p184f9lcd271lmxl4b5ob3sx|03|com"; nocase; ) # 1xe661j9ywb7p1vbg114dq1qj4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xe661j9ywb7p1vbg114dq1qj4|03|net"; nocase; ) # 266fg3py9bja1m2sb01ff0qla.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|266fg3py9bja1m2sb01ff0qla|03|biz"; nocase; ) # 1pq4ofq1gvsytm1c0nb21sl6eaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pq4ofq1gvsytm1c0nb21sl6eaa|03|org"; nocase; ) # 190r0u7dsadlt1wuhnsd10c7sqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|190r0u7dsadlt1wuhnsd10c7sqi|03|com"; nocase; ) # 1592nah5mhi9lqtnb761h8w4sw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1592nah5mhi9lqtnb761h8w4sw|03|org"; nocase; ) # 68ws6g1a02y9ifxameoyc22j6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68ws6g1a02y9ifxameoyc22j6|03|com"; nocase; ) # 1n4j3bl4iwk5qzw5i0l106jzpo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n4j3bl4iwk5qzw5i0l106jzpo|03|net"; nocase; ) # 3wdk4m1ioqfwi1xb6ce4odu8ce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3wdk4m1ioqfwi1xb6ce4odu8ce|03|org"; nocase; ) # 1jvaxdapahky9h3krr6ys3u6g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jvaxdapahky9h3krr6ys3u6g|03|org"; nocase; ) # 12pliih13fjc2k1aaz4oq18zjqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12pliih13fjc2k1aaz4oq18zjqm|03|org"; nocase; ) # is2kad1imd0nlkbja75gbwzho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|is2kad1imd0nlkbja75gbwzho|03|net"; nocase; ) # jddkzvvclm00hxgadk1s2xdus.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jddkzvvclm00hxgadk1s2xdus|03|biz"; nocase; ) # slw9bfaw4coxztilz14gwbe2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|slw9bfaw4coxztilz14gwbe2|03|net"; nocase; ) # 1i3wdmi1kf05v6ooqyp516140hb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i3wdmi1kf05v6ooqyp516140hb|03|org"; nocase; ) # 14t5zp6h3d54g14puvxe7l7crp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14t5zp6h3d54g14puvxe7l7crp|03|net"; nocase; ) # 15ax1i6w6u9p3q5be074tijq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15ax1i6w6u9p3q5be074tijq|03|net"; nocase; ) # 9b3qra165lm4j1l7iwynu4swap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9b3qra165lm4j1l7iwynu4swap|03|org"; nocase; ) # 5icpmn105a4n01jrvzsf1umc6n8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5icpmn105a4n01jrvzsf1umc6n8|03|net"; nocase; ) # i40krv13wpu0h17ilsye9up8cs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i40krv13wpu0h17ilsye9up8cs|03|com"; nocase; ) # r4smkh1nrnbohkotcrs142ovd5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4smkh1nrnbohkotcrs142ovd5|03|biz"; nocase; ) # xmv4r5kfbzccud15ugdrlqce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xmv4r5kfbzccud15ugdrlqce|03|com"; nocase; ) # 1ktge051qg8z2o192bi2y1o09jn1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ktge051qg8z2o192bi2y1o09jn1|03|org"; nocase; ) # rbyokpkcu7iutd7pby6yx7jr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rbyokpkcu7iutd7pby6yx7jr|03|net"; nocase; ) # dmb1zbhds8et1y418tn6mj07c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmb1zbhds8et1y418tn6mj07c|03|org"; nocase; ) # ppi6pns5qfgpwidfmphw2c0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ppi6pns5qfgpwidfmphw2c0v|03|net"; nocase; ) # 1igaud01wxxuwxm511u3oyhb4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1igaud01wxxuwxm511u3oyhb4d|03|com"; nocase; ) # 1mp06wl17gyn31vj2mu71u7kb82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mp06wl17gyn31vj2mu71u7kb82|03|org"; nocase; ) # fpw9hi1eubgthi8dbku1otdd1h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fpw9hi1eubgthi8dbku1otdd1h|03|biz"; nocase; ) # 15jclcy1hsyt53uls6gm12bdlhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15jclcy1hsyt53uls6gm12bdlhb|03|com"; nocase; ) # 1f2cmfti4r8bua9cbdj1sxl3jj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f2cmfti4r8bua9cbdj1sxl3jj|03|org"; nocase; ) # 1pfyi9u1oporwx1ioynhzw1xq81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pfyi9u1oporwx1ioynhzw1xq81|03|net"; nocase; ) # 6obfwhqwz9ze1caawppizov24.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6obfwhqwz9ze1caawppizov24|03|org"; nocase; ) # 1m4t7965gzoqd1e35kwyix4frs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m4t7965gzoqd1e35kwyix4frs|03|net"; nocase; ) # 8pdq251pk9u7d3wm1f91sw50fv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8pdq251pk9u7d3wm1f91sw50fv|03|org"; nocase; ) # 1oefecm1cge1jqdkqlla4r6b7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oefecm1cge1jqdkqlla4r6b7f|03|net"; nocase; ) # pl78qr1q0mhvg1niwnc5gxinbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pl78qr1q0mhvg1niwnc5gxinbj|03|org"; nocase; ) # zm2h2912p1lbw15l7991ic3t10.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zm2h2912p1lbw15l7991ic3t10|03|com"; nocase; ) # 13mu5if1lwdtme1tz94ch1xi9n67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13mu5if1lwdtme1tz94ch1xi9n67|03|net"; nocase; ) # 1livsh51a0chuy1pl7gab1j5faw7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1livsh51a0chuy1pl7gab1j5faw7|03|org"; nocase; ) # ubuaolv2jho672t4rleo8jiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ubuaolv2jho672t4rleo8jiu|03|net"; nocase; ) # 1nn80qo1c0cilumi5kc26tsrjt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nn80qo1c0cilumi5kc26tsrjt|03|biz"; nocase; ) # 8gp58qicmf191e1f10wrl7j6v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8gp58qicmf191e1f10wrl7j6v|03|biz"; nocase; ) # 1war47vo418ja4t4dwv1myad6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1war47vo418ja4t4dwv1myad6j|03|com"; nocase; ) # t8z0eo14ghak746bmr1hsa4i6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t8z0eo14ghak746bmr1hsa4i6|03|biz"; nocase; ) # 13njm5m1jxyhsn1pjcopx1bsd4fq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13njm5m1jxyhsn1pjcopx1bsd4fq|03|net"; nocase; ) # 1kfqo0x1v99z3o1jurdx25xm9ju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kfqo0x1v99z3o1jurdx25xm9ju|03|net"; nocase; ) # ndm1ioib960t194b88g1fkkhte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ndm1ioib960t194b88g1fkkhte|03|net"; nocase; ) # jraz4u1oqj0aayk9d7y188jg0f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jraz4u1oqj0aayk9d7y188jg0f|03|net"; nocase; ) # 1fgojf21d1o9kz1c7tors18f26bf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fgojf21d1o9kz1c7tors18f26bf|03|biz"; nocase; ) # bt9eod1hv8nmi1o381e21xiapn3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bt9eod1hv8nmi1o381e21xiapn3|03|net"; nocase; ) # 1t1f88198l3m182575vuvk6t4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t1f88198l3m182575vuvk6t4|03|org"; nocase; ) # 1aselclz61wyp17690ue1kvp3os.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aselclz61wyp17690ue1kvp3os|03|biz"; nocase; ) # j2chhvparvt51nwo3k2aii80r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j2chhvparvt51nwo3k2aii80r|03|net"; nocase; ) # 1ana8261gimlv61lk8xkk14wr7z2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ana8261gimlv61lk8xkk14wr7z2|03|biz"; nocase; ) # qlduiwjro8vk1pjpgff1j1o7rj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qlduiwjro8vk1pjpgff1j1o7rj|03|org"; nocase; ) # 1evxh4gobieyafzw2rqn1i1p0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1evxh4gobieyafzw2rqn1i1p0|03|net"; nocase; ) # to29ln1qwiinkbbhya653pgh0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|to29ln1qwiinkbbhya653pgh0|03|biz"; nocase; ) # 1ph2oed1g125u0gjgxvxyv61lv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ph2oed1g125u0gjgxvxyv61lv|03|org"; nocase; ) # f2ylhswsjihap8utk8dgbhh3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f2ylhswsjihap8utk8dgbhh3|03|com"; nocase; ) # 1upj77cdx13d015alx3m1bjfu9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1upj77cdx13d015alx3m1bjfu9o|03|net"; nocase; ) # klqlow1tc5eeb141fiiyoas8md.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|klqlow1tc5eeb141fiiyoas8md|03|com"; nocase; ) # 18udwe16laxzjhbgqy5krf881.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18udwe16laxzjhbgqy5krf881|03|org"; nocase; ) # 1deb1jaz8m6oqsjfb9p1y5nvs2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1deb1jaz8m6oqsjfb9p1y5nvs2|03|com"; nocase; ) # 1kmygyooemjbr12d9dwm1ath957.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kmygyooemjbr12d9dwm1ath957|03|org"; nocase; ) # 1mggvwripn5jr16bx4km1aohjq6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mggvwripn5jr16bx4km1aohjq6|03|com"; nocase; ) # 123rxh46uy82018jp9011ol9f04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|123rxh46uy82018jp9011ol9f04|03|org"; nocase; ) # u901nr1xg1mmf12l8ocf1ye5ddf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u901nr1xg1mmf12l8ocf1ye5ddf|03|net"; nocase; ) # 2adsya4rwh98196qioq1l7qjgv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2adsya4rwh98196qioq1l7qjgv|03|biz"; nocase; ) # cwt4skam9rzwuaxcxenmvgbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cwt4skam9rzwuaxcxenmvgbr|03|net"; nocase; ) # a5pt961wgnk7gs3koj5e72o5h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a5pt961wgnk7gs3koj5e72o5h|03|com"; nocase; ) # 1vtar8tauh6binq1j0dcj9abp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vtar8tauh6binq1j0dcj9abp|03|org"; nocase; ) # 133bz2379kfracrf603bzi8sj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|133bz2379kfracrf603bzi8sj|03|biz"; nocase; ) # 1fcnpivf7lsmvbs2l662g5x2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fcnpivf7lsmvbs2l662g5x2h|03|net"; nocase; ) # fgpzyytmld2m604isy1ouit89.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgpzyytmld2m604isy1ouit89|03|net"; nocase; ) # pyllwrrg9wzl9jzll1126jos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pyllwrrg9wzl9jzll1126jos|03|biz"; nocase; ) # 1h5mwvhgmzq8yiruw0pdi37jx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h5mwvhgmzq8yiruw0pdi37jx|03|org"; nocase; ) # xfpftf1l5piha1lxcsof1aez7fu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xfpftf1l5piha1lxcsof1aez7fu|03|org"; nocase; ) # 123u59k1i34ck81snsq321jz4pfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|123u59k1i34ck81snsq321jz4pfk|03|com"; nocase; ) # idu5bbgv4pzi1u6ejzd1aefhuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|idu5bbgv4pzi1u6ejzd1aefhuh|03|com"; nocase; ) # 1g771ec1papiigx8qzr5wxeib9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g771ec1papiigx8qzr5wxeib9|03|net"; nocase; ) # 188zwh1jvzbr311e0binlfshkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|188zwh1jvzbr311e0binlfshkm|03|biz"; nocase; ) # 1ld213810erbs01frec5dem7yps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ld213810erbs01frec5dem7yps|03|com"; nocase; ) # usb93yrob8cxh7yo7c18dziun.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|usb93yrob8cxh7yo7c18dziun|03|org"; nocase; ) # teowen17gtk2ugpdfwk5z2jlc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|teowen17gtk2ugpdfwk5z2jlc|03|com"; nocase; ) # 36tgkdnsrq9v1xmhiggnja95h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|36tgkdnsrq9v1xmhiggnja95h|03|org"; nocase; ) # tpswnaw74zhk1n99l0cckoj5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tpswnaw74zhk1n99l0cckoj5w|03|net"; nocase; ) # 1duuk2u15423kf171py3y6f074j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1duuk2u15423kf171py3y6f074j|03|org"; nocase; ) # 1wp5dq01rqypiih950g31bkk17r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wp5dq01rqypiih950g31bkk17r|03|org"; nocase; ) # yenh8e2upp6smubuaj1hwtoks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yenh8e2upp6smubuaj1hwtoks|03|net"; nocase; ) # 18bwiig1cof2o1457hz1yswn4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18bwiig1cof2o1457hz1yswn4n|03|net"; nocase; ) # 1gj81411n1mngkd1fro11v2jepx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gj81411n1mngkd1fro11v2jepx|03|net"; nocase; ) # 9bhg5t1uwhxicm7utya1qfegk8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9bhg5t1uwhxicm7utya1qfegk8|03|net"; nocase; ) # 1s98dd17rt39b11ia2o5bsylmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s98dd17rt39b11ia2o5bsylmu|03|org"; nocase; ) # 1c3ub3q13fd9bwcv6efolg88e2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c3ub3q13fd9bwcv6efolg88e2|03|net"; nocase; ) # 1hfftfdgcln7o15ncs6y19qb4f1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hfftfdgcln7o15ncs6y19qb4f1|03|com"; nocase; ) # 1bjul56mrai5n1sgvql24c0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bjul56mrai5n1sgvql24c0g|03|biz"; nocase; ) # 1qaflwdkpvf3cohwlv0wdlnkk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qaflwdkpvf3cohwlv0wdlnkk|03|biz"; nocase; ) # 1c3uys6dcdsgh8qugigse0c5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c3uys6dcdsgh8qugigse0c5o|03|net"; nocase; ) # kbn6tm13262qw18xsnkn1tvpt0d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kbn6tm13262qw18xsnkn1tvpt0d|03|com"; nocase; ) # gza4pp1khoxuq1vouqcj2v6r64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gza4pp1khoxuq1vouqcj2v6r64|03|net"; nocase; ) # 19b85x81gtcbmkgscc9lu0h0rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19b85x81gtcbmkgscc9lu0h0rz|03|com"; nocase; ) # 167y8gctip95x2kszxjt9xpgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|167y8gctip95x2kszxjt9xpgt|03|net"; nocase; ) # x6mnb0ttf3l1go7b4q1bvubmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x6mnb0ttf3l1go7b4q1bvubmr|03|com"; nocase; ) # 1mblryzpom3dn1fdl65hgce7dw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mblryzpom3dn1fdl65hgce7dw|03|biz"; nocase; ) # yjayjl1yep2z2db3jw1tf19nw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjayjl1yep2z2db3jw1tf19nw|03|org"; nocase; ) # 1pnhjun1tg2e001xw39wnzqc2cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnhjun1tg2e001xw39wnzqc2cj|03|net"; nocase; ) # 1r5hosc1385731fmja6q1qwhk31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r5hosc1385731fmja6q1qwhk31|03|net"; nocase; ) # 16hstar1e79knm1blje0u1nl6lba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16hstar1e79knm1blje0u1nl6lba|03|biz"; nocase; ) # 1y8rc9w15ncvm11ttllr514ksher.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y8rc9w15ncvm11ttllr514ksher|03|net"; nocase; ) # zmledhafj6us6pt77pxlbs76.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zmledhafj6us6pt77pxlbs76|03|net"; nocase; ) # rj51gb1kqz91u1f36kyl1m9jk5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rj51gb1kqz91u1f36kyl1m9jk5o|03|net"; nocase; ) # 5ndatv1nwkdu9p0q9ovax783t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ndatv1nwkdu9p0q9ovax783t|03|org"; nocase; ) # qi7qrwycuxohx5mssa1og97ri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qi7qrwycuxohx5mssa1og97ri|03|com"; nocase; ) # 83l5fn1vvlvc51fywwof1rh0vb5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|83l5fn1vvlvc51fywwof1rh0vb5|03|org"; nocase; ) # axxye1qirfxoiuzglk1b4bz5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|axxye1qirfxoiuzglk1b4bz5r|03|biz"; nocase; ) # 1upb51zwtkkob184toap1sus9a0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1upb51zwtkkob184toap1sus9a0|03|org"; nocase; ) # 1jg1ya1u7uwzy1vukm47fe8cti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jg1ya1u7uwzy1vukm47fe8cti|03|com"; nocase; ) # jjehcjwofhh3d73zkfepj2e3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jjehcjwofhh3d73zkfepj2e3|03|biz"; nocase; ) # 16jqp8hcu2p9fmi14mmu3oc1r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16jqp8hcu2p9fmi14mmu3oc1r|03|org"; nocase; ) # fap6dcuyunui1esat5d1vq0h9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fap6dcuyunui1esat5d1vq0h9j|03|net"; nocase; ) # iwhbnduanr0d15ogaeo14fcmle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iwhbnduanr0d15ogaeo14fcmle|03|com"; nocase; ) # 8u6c71xed06k1auaa1yindpj4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8u6c71xed06k1auaa1yindpj4|03|net"; nocase; ) # 1eziqbc9dm8ug1o76cprztq28b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eziqbc9dm8ug1o76cprztq28b|03|net"; nocase; ) # jql2i01ivbbac1plxdc86jskxb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jql2i01ivbbac1plxdc86jskxb|03|com"; nocase; ) # 1f0moe3xya35bkcs5zz1keotgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f0moe3xya35bkcs5zz1keotgo|03|net"; nocase; ) # 1mixy071sh4yg81o1xtlgu5pupd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mixy071sh4yg81o1xtlgu5pupd|03|biz"; nocase; ) # 1hv90sdaezya64zflra1eh6sms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hv90sdaezya64zflra1eh6sms|03|net"; nocase; ) # 7018481sydb6k53l2he19epmzx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7018481sydb6k53l2he19epmzx|03|net"; nocase; ) # 71mie4gik4eg1vejxv01cddawf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|71mie4gik4eg1vejxv01cddawf|03|biz"; nocase; ) # 157ughblye421e487w811fmo8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157ughblye421e487w811fmo8f|03|net"; nocase; ) # 1nmd8we6uti6ziur511d1wrfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nmd8we6uti6ziur511d1wrfp|03|com"; nocase; ) # mjugmyf3k97g1l5640m17esrcf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mjugmyf3k97g1l5640m17esrcf|03|net"; nocase; ) # t24kt71fd720f6p9ok5eu3ivn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t24kt71fd720f6p9ok5eu3ivn|03|org"; nocase; ) # oxtnf515930de3dz66j1p5rb4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oxtnf515930de3dz66j1p5rb4u|03|com"; nocase; ) # xepscx1yc0vrq12ynhv2cuavng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xepscx1yc0vrq12ynhv2cuavng|03|net"; nocase; ) # 1awrdoh1svkdgme7jgpm1hj8ko9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awrdoh1svkdgme7jgpm1hj8ko9|03|org"; nocase; ) # 1jg4xeq48wsxp1ykgrlk1rj4th0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jg4xeq48wsxp1ykgrlk1rj4th0|03|net"; nocase; ) # b1givxsg0wf3h2k0ex1ldbyu3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1givxsg0wf3h2k0ex1ldbyu3|03|biz"; nocase; ) # amxi13g7sw5114vapdtqvkqjm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|amxi13g7sw5114vapdtqvkqjm|03|com"; nocase; ) # 17vglan7ig2t7d7z2ob1tz3vtu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17vglan7ig2t7d7z2ob1tz3vtu|03|org"; nocase; ) # 1spfyozyzfbxn1sbfiza1mduw7d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1spfyozyzfbxn1sbfiza1mduw7d|03|org"; nocase; ) # bijqx8yvk13213940ktgkxj5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bijqx8yvk13213940ktgkxj5b|03|com"; nocase; ) # 1h05maf175xiwxzzob401cicdtl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h05maf175xiwxzzob401cicdtl|03|biz"; nocase; ) # zwjvq88iv3c51hqjznyc2ouxj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwjvq88iv3c51hqjznyc2ouxj|03|org"; nocase; ) # ol6yns139c9hpmnvunx14ipo0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ol6yns139c9hpmnvunx14ipo0n|03|org"; nocase; ) # cffsvw1jbbnh91kge91sfceptj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cffsvw1jbbnh91kge91sfceptj|03|com"; nocase; ) # dkuxsx1aiuql91aql5e23uidio.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dkuxsx1aiuql91aql5e23uidio|03|biz"; nocase; ) # ammwpn146uix6np02zosrrdzg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ammwpn146uix6np02zosrrdzg|03|com"; nocase; ) # 3o8srbp6596s1xg7x461l8efx5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3o8srbp6596s1xg7x461l8efx5|03|net"; nocase; ) # wzpb5dk53wej14xk5f0158k00z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzpb5dk53wej14xk5f0158k00z|03|net"; nocase; ) # 1py0axq10bna1cj7rnt51ycffai.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1py0axq10bna1cj7rnt51ycffai|03|biz"; nocase; ) # 1r9lbc2157uqcs10bg6e91260nn1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r9lbc2157uqcs10bg6e91260nn1|03|net"; nocase; ) # 1r49k2lmsngwg1t0s7um1fkxjen.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r49k2lmsngwg1t0s7um1fkxjen|03|biz"; nocase; ) # 1se2aeq5m1dpqc88ud6ak1iu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1se2aeq5m1dpqc88ud6ak1iu0|03|net"; nocase; ) # m0blrw1et5ohzyooqbo14qazrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0blrw1et5ohzyooqbo14qazrd|03|org"; nocase; ) # wvqydh12ew7yd1v2q283t3oxia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wvqydh12ew7yd1v2q283t3oxia|03|com"; nocase; ) # 1nw7d6z1tf6k2ahyk3tr10i7jhy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nw7d6z1tf6k2ahyk3tr10i7jhy|03|net"; nocase; ) # 7gzl3f1e06l3e122jqzh6vs1f0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7gzl3f1e06l3e122jqzh6vs1f0|03|net"; nocase; ) # 1sbfytq1a907igs7671lw87wzc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sbfytq1a907igs7671lw87wzc|03|net"; nocase; ) # 1s2egcy1f79445azhcir1qdyd91.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2egcy1f79445azhcir1qdyd91|03|biz"; nocase; ) # vmopcmd7mexi10v4l9i1cje1db.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vmopcmd7mexi10v4l9i1cje1db|03|org"; nocase; ) # 5sv8o3lzdymg6zc01suleyj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5sv8o3lzdymg6zc01suleyj6|03|net"; nocase; ) # t40mwqj3d5s5h5ms4415xgs5m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t40mwqj3d5s5h5ms4415xgs5m|03|biz"; nocase; ) # 8x39og1cbrkb61f92wyelq8uqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8x39og1cbrkb61f92wyelq8uqv|03|net"; nocase; ) # 1rskyfflm76q6hoifg913cmtu3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rskyfflm76q6hoifg913cmtu3|03|net"; nocase; ) # 1yjprw8y0vmdg1yszw6magcfng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yjprw8y0vmdg1yszw6magcfng|03|net"; nocase; ) # f5eonj18q4tfa16uggjd7vvmqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f5eonj18q4tfa16uggjd7vvmqp|03|com"; nocase; ) # 1e6maj91nsik307o2ypv1do4a10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6maj91nsik307o2ypv1do4a10|03|net"; nocase; ) # f6c7qxsf8t4j1wtrkdo1hf97qx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f6c7qxsf8t4j1wtrkdo1hf97qx|03|com"; nocase; ) # 1sg21cztqs2y81tb1vumxm6mgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sg21cztqs2y81tb1vumxm6mgm|03|biz"; nocase; ) # 1wlsg8s1ir34ap1tdip9dsodioe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wlsg8s1ir34ap1tdip9dsodioe|03|net"; nocase; ) # 10jcgt11x84kdd9j1tro1qgvmk0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10jcgt11x84kdd9j1tro1qgvmk0|03|org"; nocase; ) # 1hmibm1m9id49lmsr7717wjjfb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hmibm1m9id49lmsr7717wjjfb|03|biz"; nocase; ) # dpif7qwzvosecupt9w1bsvkog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dpif7qwzvosecupt9w1bsvkog|03|com"; nocase; ) # 164lvme1wcnf671bw96iuqwxj5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|164lvme1wcnf671bw96iuqwxj5|03|com"; nocase; ) # 1wvmpqlu3n7w5mkqf3sn0dmjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wvmpqlu3n7w5mkqf3sn0dmjg|03|org"; nocase; ) # 1t3ftt1h0ya041ruaqs28j7ooj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t3ftt1h0ya041ruaqs28j7ooj|03|net"; nocase; ) # 1nxi1pn941a5z11qtqu1f7y1at.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nxi1pn941a5z11qtqu1f7y1at|03|biz"; nocase; ) # l0kz7e30h9x91haf8wp18b589d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0kz7e30h9x91haf8wp18b589d|03|org"; nocase; ) # zssyg9lsbakk13gpuign2tn56.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zssyg9lsbakk13gpuign2tn56|03|com"; nocase; ) # zfdcc9xfht0t17alz3zqvays8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfdcc9xfht0t17alz3zqvays8|03|biz"; nocase; ) # 1jg9ob71mo5ac51la9hb09679nu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jg9ob71mo5ac51la9hb09679nu|03|org"; nocase; ) # 1tzyy2vvndyk6gtelevfiff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1tzyy2vvndyk6gtelevfiff|03|org"; nocase; ) # 1yfndpq1rs0825qi252r1kpafd9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yfndpq1rs0825qi252r1kpafd9|03|biz"; nocase; ) # eb4m1hzhhufsd2rlfn1stm50h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eb4m1hzhhufsd2rlfn1stm50h|03|org"; nocase; ) # 1qm40woxcavdt1olgf447abvop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qm40woxcavdt1olgf447abvop|03|com"; nocase; ) # jln6pl1rtem2411vqkkp2l58fi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jln6pl1rtem2411vqkkp2l58fi|03|com"; nocase; ) # 101v6rh574x6w17giqhg6wwsli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|101v6rh574x6w17giqhg6wwsli|03|org"; nocase; ) # 1eyb5q2fwrhrb14t3uiqpm5sy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eyb5q2fwrhrb14t3uiqpm5sy2|03|net"; nocase; ) # 4jvhg3q9wika1tw82myomnmtp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4jvhg3q9wika1tw82myomnmtp|03|net"; nocase; ) # wtty36165xir7na6a5s1qt5bs7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wtty36165xir7na6a5s1qt5bs7|03|net"; nocase; ) # 19c1qvb37mkqc1geampx1dp0xl4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19c1qvb37mkqc1geampx1dp0xl4|03|net"; nocase; ) # edg1451gxgwni1fltkl0181fd3f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|edg1451gxgwni1fltkl0181fd3f|03|biz"; nocase; ) # 1o85nkm8skja9dfzgqgh75i5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1o85nkm8skja9dfzgqgh75i5|03|net"; nocase; ) # 1hluel11sxb8k91j8rve21y9osmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hluel11sxb8k91j8rve21y9osmf|03|biz"; nocase; ) # 6rmqvy1pks68b19n9l43v0tg7z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6rmqvy1pks68b19n9l43v0tg7z|03|org"; nocase; ) # 4yn8fby75a3fsgjxdo1i4rkaf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yn8fby75a3fsgjxdo1i4rkaf|03|biz"; nocase; ) # tscu66ympvfuvvsu8k15z5rx1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tscu66ympvfuvvsu8k15z5rx1|03|org"; nocase; ) # 1xl55koj3px6oyufbga1h67aun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xl55koj3px6oyufbga1h67aun|03|com"; nocase; ) # y2e359u8l5nupi9q2r1kp9p5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2e359u8l5nupi9q2r1kp9p5g|03|org"; nocase; ) # 7o727ix7n5i11ah5osb134ol3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7o727ix7n5i11ah5osb134ol3|03|net"; nocase; ) # ua1wz310c6144zaa8n2id5w6g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ua1wz310c6144zaa8n2id5w6g|03|org"; nocase; ) # 1vnc90319aij6vfoi7g6e98jo8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vnc90319aij6vfoi7g6e98jo8|03|biz"; nocase; ) # tn6u2nhd55i45qdcoi58taxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tn6u2nhd55i45qdcoi58taxs|03|net"; nocase; ) # 1ivkxws17w676j1yu1pj5no3gil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ivkxws17w676j1yu1pj5no3gil|03|net"; nocase; ) # pgbwzrsrp45v15z61fg11iogpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pgbwzrsrp45v15z61fg11iogpw|03|net"; nocase; ) # 1lpsw1owda5dhg2nr7z1rmy8ou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lpsw1owda5dhg2nr7z1rmy8ou|03|org"; nocase; ) # 21kml5nuq4vx1tbx5681dajhom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|21kml5nuq4vx1tbx5681dajhom|03|com"; nocase; ) # 3v2wo91s5maj3brxxznm0x2ru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3v2wo91s5maj3brxxznm0x2ru|03|org"; nocase; ) # 18gmvbm1y22qqy9ptq6h1r1mrzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18gmvbm1y22qqy9ptq6h1r1mrzo|03|net"; nocase; ) # sxt5uo177nkh51jowubi1yy4cuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sxt5uo177nkh51jowubi1yy4cuk|03|net"; nocase; ) # 1qtl0keiymmxa184toy9cxqtcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtl0keiymmxa184toy9cxqtcq|03|com"; nocase; ) # btlla11vrlo92egw42r1p0imhz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|btlla11vrlo92egw42r1p0imhz|03|org"; nocase; ) # 1gl738avwrtv81qe757m19gex3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gl738avwrtv81qe757m19gex3x|03|com"; nocase; ) # 1i0rmnyjlpd7e1v0pbs1122bnra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i0rmnyjlpd7e1v0pbs1122bnra|03|net"; nocase; ) # pnte5taj8w08q61rxa1cjtu2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pnte5taj8w08q61rxa1cjtu2g|03|net"; nocase; ) # 1vipal02ez3vsvmprf91wc8e44.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vipal02ez3vsvmprf91wc8e44|03|org"; nocase; ) # n03gm6tk0bauahq81m1qive7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n03gm6tk0bauahq81m1qive7j|03|com"; nocase; ) # 1bif8o21tf09zg1c9k5ng760xev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bif8o21tf09zg1c9k5ng760xev|03|biz"; nocase; ) # 172zpzjzn9i9il3ggybn1tmwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|172zpzjzn9i9il3ggybn1tmwk|03|org"; nocase; ) # yjq7cr11ine16i965i61ibrw0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yjq7cr11ine16i965i61ibrw0h|03|biz"; nocase; ) # 1s8lp9qut356vay448c1kjc8fa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s8lp9qut356vay448c1kjc8fa|03|biz"; nocase; ) # 10hfe641svvlq21d2lkbi1eg14fo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10hfe641svvlq21d2lkbi1eg14fo|03|com"; nocase; ) # 1qhija7zwkwy91k87on2tpp8yc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qhija7zwkwy91k87on2tpp8yc|03|com"; nocase; ) # 1pqaapu1npl63mgdzetd7kdwou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pqaapu1npl63mgdzetd7kdwou|03|org"; nocase; ) # 15u89dyksmjcj18u1snt1m8ment.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15u89dyksmjcj18u1snt1m8ment|03|com"; nocase; ) # 1qh98kt7u873095oab01ljdnh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qh98kt7u873095oab01ljdnh5|03|net"; nocase; ) # 1s54ymncivywv12i59ru9uqkfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s54ymncivywv12i59ru9uqkfy|03|net"; nocase; ) # 1px18xs1ipeapiswtmulips162.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1px18xs1ipeapiswtmulips162|03|org"; nocase; ) # 3p650wb1r7c5hrbtkl193xnoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3p650wb1r7c5hrbtkl193xnoz|03|net"; nocase; ) # 1mpifw5q3r54d9pcgu91niqhph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpifw5q3r54d9pcgu91niqhph|03|net"; nocase; ) # txt1nn6toewch2h68c1amo9xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|txt1nn6toewch2h68c1amo9xh|03|net"; nocase; ) # 1iylt4gtr9ioa11th48r19t5zoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iylt4gtr9ioa11th48r19t5zoz|03|net"; nocase; ) # 1jtklmu1j00nef1a644x1i1vurb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jtklmu1j00nef1a644x1i1vurb|03|com"; nocase; ) # oz1q6gu7542n1mh33y6ocv859.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oz1q6gu7542n1mh33y6ocv859|03|com"; nocase; ) # 1btpkk91tetsny8xj69n1w9ofw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btpkk91tetsny8xj69n1w9ofw|03|biz"; nocase; ) # caztvip9v5bvwrrhp51dxw9er.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|caztvip9v5bvwrrhp51dxw9er|03|net"; nocase; ) # h0qgzm1ay2g4cpi77y31qywpbm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0qgzm1ay2g4cpi77y31qywpbm|03|org"; nocase; ) # 1c6jpstizffs1160hwys1p98acu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c6jpstizffs1160hwys1p98acu|03|com"; nocase; ) # 1rvrzqs1anb5oab9hifnc3yzva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rvrzqs1anb5oab9hifnc3yzva|03|net"; nocase; ) # 1f34ojxk7n4xp4y3ngjy6kcac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f34ojxk7n4xp4y3ngjy6kcac|03|net"; nocase; ) # bmcr7a1p2pl10nf19r9xy6asv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bmcr7a1p2pl10nf19r9xy6asv|03|org"; nocase; ) # ha1e6f1o0982dqb14q8y4umbz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ha1e6f1o0982dqb14q8y4umbz|03|com"; nocase; ) # 18o2qny1pet2im1avpkpa19oqinw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18o2qny1pet2im1avpkpa19oqinw|03|net"; nocase; ) # avbysa11bsm6p1j5m87b1qk9zbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|avbysa11bsm6p1j5m87b1qk9zbw|03|com"; nocase; ) # q2tfoz1e3zrbq12eznupjabwlg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q2tfoz1e3zrbq12eznupjabwlg|03|net"; nocase; ) # bn023rz715za1tczfcq1yfcml6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bn023rz715za1tczfcq1yfcml6|03|biz"; nocase; ) # opaaz01o2yhzav9lo0x1dvyvcm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|opaaz01o2yhzav9lo0x1dvyvcm|03|biz"; nocase; ) # 1nr4r9ti34q56vpm3fr1orp52k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nr4r9ti34q56vpm3fr1orp52k|03|com"; nocase; ) # qg8rm9abaym31cezx3h1giggy7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qg8rm9abaym31cezx3h1giggy7|03|org"; nocase; ) # 1jrjyt418bcopc1hwsgsz18xro09.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jrjyt418bcopc1hwsgsz18xro09|03|com"; nocase; ) # 1rah4xzzft5vbgfnq1cuwk40j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rah4xzzft5vbgfnq1cuwk40j|03|net"; nocase; ) # 1x6tu0q14sx07614mi9ojpc430r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x6tu0q14sx07614mi9ojpc430r|03|org"; nocase; ) # 16p0yx01woo7pg1iuv0qx1ddj8mj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16p0yx01woo7pg1iuv0qx1ddj8mj|03|com"; nocase; ) # 1ht24tjh5z8aw7udkopv1zjne.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ht24tjh5z8aw7udkopv1zjne|03|org"; nocase; ) # ubpv93hc9k8k1tdfert1uctela.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubpv93hc9k8k1tdfert1uctela|03|net"; nocase; ) # 6tnopy1iy4678c80yl10bqvu9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6tnopy1iy4678c80yl10bqvu9|03|net"; nocase; ) # 1bfl6899b8q7vycvy1j12flngn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfl6899b8q7vycvy1j12flngn|03|com"; nocase; ) # 1dtk5er52e1su1x893az1k41byn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtk5er52e1su1x893az1k41byn|03|net"; nocase; ) # 1whc2a376xrah1632ke9z286pn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1whc2a376xrah1632ke9z286pn|03|biz"; nocase; ) # i80pka1iblotq14o6hp91tlhc4a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i80pka1iblotq14o6hp91tlhc4a|03|org"; nocase; ) # 1h8axz8bz51uy1dtels8wxfizr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h8axz8bz51uy1dtels8wxfizr|03|biz"; nocase; ) # r1lisa11hg48vm3vkh11gx2dyg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r1lisa11hg48vm3vkh11gx2dyg|03|org"; nocase; ) # 1ltiv251mk2acgpyaqnn1sk97ky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ltiv251mk2acgpyaqnn1sk97ky|03|org"; nocase; ) # 1b1yu5k1unh0lwr09gmq1qrkz7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1yu5k1unh0lwr09gmq1qrkz7r|03|com"; nocase; ) # 1b2bi6n1n6hyl15pvwc81ieht7p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b2bi6n1n6hyl15pvwc81ieht7p|03|net"; nocase; ) # 1dbv8g516st74yjioa927kiikv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dbv8g516st74yjioa927kiikv|03|org"; nocase; ) # 1ngyoa0wds13qs2pfmt1pp4aw1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ngyoa0wds13qs2pfmt1pp4aw1|03|com"; nocase; ) # 1f5ayf71pxe9mm4k2s03uvavwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f5ayf71pxe9mm4k2s03uvavwv|03|org"; nocase; ) # 1dd83gm11bctj81m76zgm1q3053g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dd83gm11bctj81m76zgm1q3053g|03|org"; nocase; ) # 10mqr674ovqld1w5a2sv1uigban.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10mqr674ovqld1w5a2sv1uigban|03|biz"; nocase; ) # rxvssauug2q71hax6mos02lwn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxvssauug2q71hax6mos02lwn|03|net"; nocase; ) # du6g8i16v8ade1e8a0er16avpob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|du6g8i16v8ade1e8a0er16avpob|03|net"; nocase; ) # irvzue1ny4tf296820mgat9yj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irvzue1ny4tf296820mgat9yj|03|biz"; nocase; ) # 6ex4ej7sidwjvnvkhxmjc4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|6ex4ej7sidwjvnvkhxmjc4b|03|net"; nocase; ) # 1asbj7kw6g9h3mqkjvgmpv20x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1asbj7kw6g9h3mqkjvgmpv20x|03|biz"; nocase; ) # 114owmg7fqlt1f1wygl67c5gn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|114owmg7fqlt1f1wygl67c5gn|03|com"; nocase; ) # 61duye1xwrkkq1ju4jr21pw8olc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|61duye1xwrkkq1ju4jr21pw8olc|03|net"; nocase; ) # 117bagi1l0gzzsme9n0t1ymxlkz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|117bagi1l0gzzsme9n0t1ymxlkz|03|net"; nocase; ) # 7pdyxatrq069f9d68a1kopx3e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7pdyxatrq069f9d68a1kopx3e|03|org"; nocase; ) # 1nph7v71x02yjc2u76k31kecdgb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nph7v71x02yjc2u76k31kecdgb|03|org"; nocase; ) # 1f1w3a5132vzel1juc891uj2l1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f1w3a5132vzel1juc891uj2l1w|03|net"; nocase; ) # 18i6jwn467l0v8d3hen4s7ncl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18i6jwn467l0v8d3hen4s7ncl|03|org"; nocase; ) # 121x6ojahwdoq1uijxox48knhq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|121x6ojahwdoq1uijxox48knhq|03|biz"; nocase; ) # 1shrnca171oynb1fiuk1s1g5m3bu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1shrnca171oynb1fiuk1s1g5m3bu|03|org"; nocase; ) # 1u7vubn128wrf9uzgbyn10bmsqm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u7vubn128wrf9uzgbyn10bmsqm|03|com"; nocase; ) # 14fdeoy1w8086pud97ip1usctdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14fdeoy1w8086pud97ip1usctdt|03|org"; nocase; ) # bz7awj1jfzda61k5wee6l9tmz9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bz7awj1jfzda61k5wee6l9tmz9|03|org"; nocase; ) # 13h3fp81scrf4e50bqer1gz9eu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13h3fp81scrf4e50bqer1gz9eu7|03|net"; nocase; ) # 1jd569v13k2tb54ai9un1hi611f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jd569v13k2tb54ai9un1hi611f|03|org"; nocase; ) # 1lekx8x1fyhbbdf0btsq1mt32by.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lekx8x1fyhbbdf0btsq1mt32by|03|biz"; nocase; ) # 1dxhhlr1esq2oiao2tv1ji7w7n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dxhhlr1esq2oiao2tv1ji7w7n|03|biz"; nocase; ) # nsoezbypblpgvikzs1wz78ux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nsoezbypblpgvikzs1wz78ux|03|net"; nocase; ) # ll8ktc111mnbf18ff77a1agz5rh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ll8ktc111mnbf18ff77a1agz5rh|03|com"; nocase; ) # kzr7cizixy868bg643mkf20w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kzr7cizixy868bg643mkf20w|03|biz"; nocase; ) # 1dwtwzm1makaun1czvg6u1rmjj3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dwtwzm1makaun1czvg6u1rmjj3r|03|net"; nocase; ) # kjd97rzc86gd1cuy1zu1306556.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kjd97rzc86gd1cuy1zu1306556|03|org"; nocase; ) # f0l0jo1akm4mai2l8ip1q7nvde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f0l0jo1akm4mai2l8ip1q7nvde|03|com"; nocase; ) # a1lww11f9npix4v4im1gp8x1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a1lww11f9npix4v4im1gp8x1u|03|com"; nocase; ) # 6dk7cjpws3bii8q2jzpqbntw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6dk7cjpws3bii8q2jzpqbntw|03|com"; nocase; ) # 17w3ea095a0myub1xat6q6h3e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17w3ea095a0myub1xat6q6h3e|03|net"; nocase; ) # 6ptope1tvs0b3hvbbfq152vfxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ptope1tvs0b3hvbbfq152vfxi|03|org"; nocase; ) # elqetzbuthbrnkprg759n5cz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|elqetzbuthbrnkprg759n5cz|03|org"; nocase; ) # vfhrgi1awpoy43zd5puc5ztv5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vfhrgi1awpoy43zd5puc5ztv5|03|biz"; nocase; ) # nv2rbujkmdzdin8c8zewbaqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nv2rbujkmdzdin8c8zewbaqv|03|org"; nocase; ) # 1xn8yq51yd3w6t1tf5q781ii580y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xn8yq51yd3w6t1tf5q781ii580y|03|net"; nocase; ) # z4sbg81nhg2y02ucn11vbvajl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4sbg81nhg2y02ucn11vbvajl|03|org"; nocase; ) # 1im67zp1vdqq0w85199w1wxn25t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1im67zp1vdqq0w85199w1wxn25t|03|org"; nocase; ) # hvfs311oery731wh8yt61hxfcww.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hvfs311oery731wh8yt61hxfcww|03|org"; nocase; ) # tqkx7ay39mvo1cdcsiz1k0idh2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tqkx7ay39mvo1cdcsiz1k0idh2|03|net"; nocase; ) # hr2tb11m1jgmx18aby2d6dwbnv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hr2tb11m1jgmx18aby2d6dwbnv|03|com"; nocase; ) # 3t6gqykgqbpp194y77n1b721ac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3t6gqykgqbpp194y77n1b721ac|03|org"; nocase; ) # 14qyb7xgn036i1w4d0k61qp3poc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14qyb7xgn036i1w4d0k61qp3poc|03|org"; nocase; ) # 1369wc81jrodnj112ejf71wxuxhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1369wc81jrodnj112ejf71wxuxhi|03|com"; nocase; ) # 1muo1rx1bwdrkj1cnd8yeg0ikk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1muo1rx1bwdrkj1cnd8yeg0ikk|03|biz"; nocase; ) # 9af0ej1xkcr3v69ms7h11zupdx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9af0ej1xkcr3v69ms7h11zupdx|03|com"; nocase; ) # essb9r1lp2i1pin1rd10ppdrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|essb9r1lp2i1pin1rd10ppdrh|03|net"; nocase; ) # 1tjvtxrh4l4ofs4h5dz14fy685.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tjvtxrh4l4ofs4h5dz14fy685|03|com"; nocase; ) # 1kf3fw110fytm61iff67l19na923.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kf3fw110fytm61iff67l19na923|03|biz"; nocase; ) # 1zawtc1cjjbcq1u2u2nn1exall2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1zawtc1cjjbcq1u2u2nn1exall2|03|biz"; nocase; ) # 10v3wjk17is4na190uys91y14xmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10v3wjk17is4na190uys91y14xmm|03|org"; nocase; ) # 153km4p14bxjb91llckfbopq805.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|153km4p14bxjb91llckfbopq805|03|net"; nocase; ) # 1khu3i9f2k6si13qdmnlvai6pi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1khu3i9f2k6si13qdmnlvai6pi|03|biz"; nocase; ) # sa7io2q5ngfp1uhjaz91i04a1s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sa7io2q5ngfp1uhjaz91i04a1s|03|com"; nocase; ) # 1isbuox1jtm0xk1abgsum1um95oz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1isbuox1jtm0xk1abgsum1um95oz|03|net"; nocase; ) # 1i29fcf135fmym1ckaqola8gnet.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i29fcf135fmym1ckaqola8gnet|03|org"; nocase; ) # y2uc1ra1ujel1mlj4si15ao5z6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y2uc1ra1ujel1mlj4si15ao5z6|03|net"; nocase; ) # 13ihazsr3vtypppfnth664sr0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ihazsr3vtypppfnth664sr0|03|com"; nocase; ) # 1682uz9cb17zm1f2ku691j8grsn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1682uz9cb17zm1f2ku691j8grsn|03|biz"; nocase; ) # r3dkzq3aabh119625jp1ffeqws.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r3dkzq3aabh119625jp1ffeqws|03|org"; nocase; ) # qumw19rqi3ez1vhaubw93f3hp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qumw19rqi3ez1vhaubw93f3hp|03|com"; nocase; ) # pd552z1hpwrzlwap6w21moronv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pd552z1hpwrzlwap6w21moronv|03|net"; nocase; ) # 1v5pqdrzmh2gj18vcpnm3tnwms.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5pqdrzmh2gj18vcpnm3tnwms|03|net"; nocase; ) # 1bw5uojh7kk7d11vavpqo7yfr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bw5uojh7kk7d11vavpqo7yfr2|03|org"; nocase; ) # 1k9vas11po46f1yzoyorq2akuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k9vas11po46f1yzoyorq2akuo|03|net"; nocase; ) # clzcq7j6puiw14axp4yllyfr2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|clzcq7j6puiw14axp4yllyfr2|03|com"; nocase; ) # 13qhe40j62yb3trq7yo1cgedz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qhe40j62yb3trq7yo1cgedz8|03|net"; nocase; ) # epax7janqgzg1jq2tqab8sihx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epax7janqgzg1jq2tqab8sihx|03|com"; nocase; ) # 14wc2it1oek3rnourbqw1iv4mxe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wc2it1oek3rnourbqw1iv4mxe|03|biz"; nocase; ) # 1rww7homgzf3jbahgmuzcgc6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rww7homgzf3jbahgmuzcgc6w|03|net"; nocase; ) # 13xz7z1lbgi8u16owbmsvaxmz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13xz7z1lbgi8u16owbmsvaxmz3|03|com"; nocase; ) # 1lgkdai1kacd0v4qjwk3166uyos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lgkdai1kacd0v4qjwk3166uyos|03|com"; nocase; ) # itkey7st6so115lijjnk8ln4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|itkey7st6so115lijjnk8ln4|03|net"; nocase; ) # 3cxmnm1pjrfck1ds5idq71ou2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3cxmnm1pjrfck1ds5idq71ou2f|03|net"; nocase; ) # 13n0gj313kiaa81nrje831b8r6o4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13n0gj313kiaa81nrje831b8r6o4|03|com"; nocase; ) # 1jigl5i76tw1bc3pmh510ll2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1jigl5i76tw1bc3pmh510ll2|03|org"; nocase; ) # 1vezts0tqih36m9fj1v5pp6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1vezts0tqih36m9fj1v5pp6p|03|net"; nocase; ) # 1p5dta8lp7d9c1b8uzvdzfrp1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p5dta8lp7d9c1b8uzvdzfrp1f|03|biz"; nocase; ) # r74uo0181c3orqv5wmu1k4tmwa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r74uo0181c3orqv5wmu1k4tmwa|03|net"; nocase; ) # 1ir3cif1youx8v189a7tu1qe627s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ir3cif1youx8v189a7tu1qe627s|03|org"; nocase; ) # 11nikpp1stj7obz691qc1rx3la.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11nikpp1stj7obz691qc1rx3la|03|net"; nocase; ) # xayac0kk3n0yphija17nehxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xayac0kk3n0yphija17nehxv|03|net"; nocase; ) # t1xlxlw39oo9u58g2o60ruzg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t1xlxlw39oo9u58g2o60ruzg|03|net"; nocase; ) # h3m5f3sas60ugex8em1yg7zzs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3m5f3sas60ugex8em1yg7zzs|03|biz"; nocase; ) # ch7g0pw58oysvuei1811ac8co.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ch7g0pw58oysvuei1811ac8co|03|net"; nocase; ) # xho80p1ykltlh1bl5vm113u9tpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xho80p1ykltlh1bl5vm113u9tpw|03|org"; nocase; ) # 11k20r21yg50z31ap1io77y4vuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11k20r21yg50z31ap1io77y4vuv|03|net"; nocase; ) # 1opa9651owoxie6c57l91q78vdv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1opa9651owoxie6c57l91q78vdv|03|com"; nocase; ) # zx4k151l66g6gzx2w29ucdps8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zx4k151l66g6gzx2w29ucdps8|03|org"; nocase; ) # sxdael131g8vmk69q18mgkdkd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sxdael131g8vmk69q18mgkdkd|03|net"; nocase; ) # 9aqja81i428gzp3l63x1pq79ky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9aqja81i428gzp3l63x1pq79ky|03|com"; nocase; ) # 1g6j2l6d92pl3bou07befbpsm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g6j2l6d92pl3bou07befbpsm|03|org"; nocase; ) # rfeoortyzji95bsfka1v92pbv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rfeoortyzji95bsfka1v92pbv|03|org"; nocase; ) # 1feq75d1str66arfjlaggjop0z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1feq75d1str66arfjlaggjop0z|03|net"; nocase; ) # lo7x0p13sixkgnd6r0k1p5c6ds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lo7x0p13sixkgnd6r0k1p5c6ds|03|biz"; nocase; ) # 1smm7nu1p8hvpi1m6mlfjq89pkq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1smm7nu1p8hvpi1m6mlfjq89pkq|03|biz"; nocase; ) # 12yng9gd92eqnsqqvcj1wpjogm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12yng9gd92eqnsqqvcj1wpjogm|03|net"; nocase; ) # 1m964cj1e4qnd9q78nwwbcb8i2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m964cj1e4qnd9q78nwwbcb8i2|03|org"; nocase; ) # 1jpg7iizle9321j2b7dxrxczls.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jpg7iizle9321j2b7dxrxczls|03|biz"; nocase; ) # jnxl11a425jddq6yi714nrsqo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jnxl11a425jddq6yi714nrsqo|03|com"; nocase; ) # 1ums8ow1ttcx2p1v3fen8kz8uk2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ums8ow1ttcx2p1v3fen8kz8uk2|03|com"; nocase; ) # 540wdj15r8vm9hhy64gxfqibi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|540wdj15r8vm9hhy64gxfqibi|03|org"; nocase; ) # 79nmcmza7mjg10unota1hy6w7q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79nmcmza7mjg10unota1hy6w7q|03|biz"; nocase; ) # 2ftwr0ac0s0tgp5juz17tka0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ftwr0ac0s0tgp5juz17tka0|03|net"; nocase; ) # xi8e4d1n38iqk1964jc8or9w5d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xi8e4d1n38iqk1964jc8or9w5d|03|com"; nocase; ) # 1qyuh9v1tnqfc7ao0x2f9u2yvj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qyuh9v1tnqfc7ao0x2f9u2yvj|03|net"; nocase; ) # fhh9gvla9ghvakuxrw5yi9ux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fhh9gvla9ghvakuxrw5yi9ux|03|net"; nocase; ) # 12nx3yo1aane511ojsp161k0muzh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12nx3yo1aane511ojsp161k0muzh|03|biz"; nocase; ) # 10i2hk01eqgv5hq0a6731eyxspc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10i2hk01eqgv5hq0a6731eyxspc|03|biz"; nocase; ) # 1v2dnx1avqdjc1i955r5gyydxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2dnx1avqdjc1i955r5gyydxo|03|org"; nocase; ) # 1wctdye1a4sgksau6jdo1bk7tc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wctdye1a4sgksau6jdo1bk7tc7|03|org"; nocase; ) # 1fc9zd3n026bk18rn2e8y8mz48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fc9zd3n026bk18rn2e8y8mz48|03|com"; nocase; ) # iknow51oukhdpqejxtq18040ke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iknow51oukhdpqejxtq18040ke|03|net"; nocase; ) # 6phrca1ppgstzyy5ye6199d5hg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6phrca1ppgstzyy5ye6199d5hg|03|net"; nocase; ) # 1j1eoe11ekumfdjzwv6d1s1gke0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j1eoe11ekumfdjzwv6d1s1gke0|03|org"; nocase; ) # 17vk23q1i22xpvpe1yhj96j3d2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17vk23q1i22xpvpe1yhj96j3d2|03|net"; nocase; ) # a1aof08ic51j1ssxpyb5idnvt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a1aof08ic51j1ssxpyb5idnvt|03|org"; nocase; ) # 1hj6bfntzu8om1xfut9lvafxqn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hj6bfntzu8om1xfut9lvafxqn|03|com"; nocase; ) # 2v2bkgryxh7z1mv5c61mv362h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2v2bkgryxh7z1mv5c61mv362h|03|net"; nocase; ) # 1qrs2lmhs9rl3154t24i16pwtz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qrs2lmhs9rl3154t24i16pwtz3|03|org"; nocase; ) # 1n9o6zx163v9r88z72nfpu6cdj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n9o6zx163v9r88z72nfpu6cdj|03|biz"; nocase; ) # l26eqsihzhrpgvr2pozb7eou.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l26eqsihzhrpgvr2pozb7eou|03|biz"; nocase; ) # 10928thchon3owhdhn1fgtijq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10928thchon3owhdhn1fgtijq|03|net"; nocase; ) # 1vwl6lz15p2ydjojg9xo1oey255.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vwl6lz15p2ydjojg9xo1oey255|03|org"; nocase; ) # j8prnpru5v41rc65i113k4ipt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j8prnpru5v41rc65i113k4ipt|03|biz"; nocase; ) # i3e45d1mcpf4snpjeaoh3lz0w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i3e45d1mcpf4snpjeaoh3lz0w|03|org"; nocase; ) # 10m7fle1q6mz6114h43aw1k590ok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10m7fle1q6mz6114h43aw1k590ok|03|net"; nocase; ) # 1c312ccq1wsry1ex0tuur3q7ou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c312ccq1wsry1ex0tuur3q7ou|03|org"; nocase; ) # 1vee3il1efmx2mygaxyg7laj6i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vee3il1efmx2mygaxyg7laj6i|03|com"; nocase; ) # 1b64fjvbvpenz1687vuw1ouvdwl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b64fjvbvpenz1687vuw1ouvdwl|03|biz"; nocase; ) # 1l0d801fgratelnmnze18x1t49.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0d801fgratelnmnze18x1t49|03|org"; nocase; ) # t4npr51uy7a4rytbdi1cbtgur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4npr51uy7a4rytbdi1cbtgur|03|com"; nocase; ) # sfcjju1r0zdxlyzrmr1im9mul.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfcjju1r0zdxlyzrmr1im9mul|03|biz"; nocase; ) # 1eydi9f160y66013502fzztyhgz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eydi9f160y66013502fzztyhgz|03|net"; nocase; ) # 8hsu2f1ymlsmd1xtrkxg1hm5rsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8hsu2f1ymlsmd1xtrkxg1hm5rsp|03|org"; nocase; ) # wsftz81sarjla1w8s3p41dc2p5t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wsftz81sarjla1w8s3p41dc2p5t|03|biz"; nocase; ) # 1w5wlljmbt8p4u4qzkcs7bvcj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w5wlljmbt8p4u4qzkcs7bvcj|03|com"; nocase; ) # 1mfn4hal8uph61oymoh21ro0i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mfn4hal8uph61oymoh21ro0i2|03|net"; nocase; ) # 16noort1kebiq81x7pocd1muoog9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16noort1kebiq81x7pocd1muoog9|03|net"; nocase; ) # 1igxery93e6nu10z535x1lkqla0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1igxery93e6nu10z535x1lkqla0|03|com"; nocase; ) # mapurw1y10ejn10vvofmqeuhrc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mapurw1y10ejn10vvofmqeuhrc|03|com"; nocase; ) # 17g4y3tk46gtu1itle2r18q48ww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17g4y3tk46gtu1itle2r18q48ww|03|com"; nocase; ) # 19j5e2r809wte1n5ka0k14prm8l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19j5e2r809wte1n5ka0k14prm8l|03|com"; nocase; ) # 1yzm37c1ekw6gbhy9k0a3lvy84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yzm37c1ekw6gbhy9k0a3lvy84|03|net"; nocase; ) # 1oauzss1asz1sn1bnr43p6y0ut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oauzss1asz1sn1bnr43p6y0ut|03|com"; nocase; ) # 1jpa8mu4g4fjo1cda8m97q0zso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jpa8mu4g4fjo1cda8m97q0zso|03|net"; nocase; ) # 11i3pnissu40sp0kux714corf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11i3pnissu40sp0kux714corf|03|biz"; nocase; ) # c0hvu2ddapch1razp78c7gn3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c0hvu2ddapch1razp78c7gn3v|03|net"; nocase; ) # g2phecs2cqqu8c9b5cdflqt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g2phecs2cqqu8c9b5cdflqt1|03|org"; nocase; ) # 1izci611y3st8o1rgpt1u10oc3ga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1izci611y3st8o1rgpt1u10oc3ga|03|com"; nocase; ) # 14iu1unq4d7bu1m2z5xwmoydd1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14iu1unq4d7bu1m2z5xwmoydd1|03|com"; nocase; ) # 1gb2ir51g3sqeqv0us6ze4xsoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gb2ir51g3sqeqv0us6ze4xsoz|03|biz"; nocase; ) # rp2iy23kirotuaf3yllijjbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rp2iy23kirotuaf3yllijjbz|03|net"; nocase; ) # s9vail1yc9iqf12arklcndu1ap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s9vail1yc9iqf12arklcndu1ap|03|com"; nocase; ) # 1rhokldpiemevebn6lucnta7i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rhokldpiemevebn6lucnta7i|03|org"; nocase; ) # 13p0th69j4nhv1ge8vzvuo1ocd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13p0th69j4nhv1ge8vzvuo1ocd|03|org"; nocase; ) # 1o23t4f1x7xjea1sif9g51dqhor8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o23t4f1x7xjea1sif9g51dqhor8|03|com"; nocase; ) # 171elv9cnun9y1uuj2861pvk6nz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|171elv9cnun9y1uuj2861pvk6nz|03|org"; nocase; ) # iq9yrx19zjeycppkmx615zgw35.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iq9yrx19zjeycppkmx615zgw35|03|biz"; nocase; ) # 1lz6thtfe1f13124r9w611mkgt6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lz6thtfe1f13124r9w611mkgt6|03|com"; nocase; ) # 2nng1a1t1j04ag2csnh154wjb7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2nng1a1t1j04ag2csnh154wjb7|03|biz"; nocase; ) # 1ud53wsefw2va1crr9cl1c74f0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ud53wsefw2va1crr9cl1c74f0p|03|net"; nocase; ) # wiy5j51qfiu2c1g00ax24bgliz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wiy5j51qfiu2c1g00ax24bgliz|03|net"; nocase; ) # ai1dya3urdz5maffk4101p203.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ai1dya3urdz5maffk4101p203|03|net"; nocase; ) # eu2oue14ri9iyozfjdskntl9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eu2oue14ri9iyozfjdskntl9|03|biz"; nocase; ) # 361wk44tgbgq1aq2wry1v35wwu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|361wk44tgbgq1aq2wry1v35wwu|03|org"; nocase; ) # soqm5ik0nmv9lcv0si1lqte57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|soqm5ik0nmv9lcv0si1lqte57|03|org"; nocase; ) # 4kyqld19rgslr108jiip17i7fl1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4kyqld19rgslr108jiip17i7fl1|03|com"; nocase; ) # o1gxum1hovpr2y266m1x2lg4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1gxum1hovpr2y266m1x2lg4k|03|net"; nocase; ) # 1mmy2iiyml5nf1lhvnv215ug9d8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mmy2iiyml5nf1lhvnv215ug9d8|03|com"; nocase; ) # 11pw9ko1hridyr18bheoo1vpfq5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11pw9ko1hridyr18bheoo1vpfq5r|03|biz"; nocase; ) # k1n9iw1heu1tm1218t3f1mg583i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k1n9iw1heu1tm1218t3f1mg583i|03|net"; nocase; ) # y5rte4u7ryiksxt07nj20zpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y5rte4u7ryiksxt07nj20zpw|03|net"; nocase; ) # 17ounvc1iekxdy4abz03s8eqex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ounvc1iekxdy4abz03s8eqex|03|org"; nocase; ) # 1f6fu0n4f5sukr4n3bo17euf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1f6fu0n4f5sukr4n3bo17euf|03|org"; nocase; ) # 16smbxtatcmos1gbzob3vgllfp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16smbxtatcmos1gbzob3vgllfp|03|biz"; nocase; ) # 1eif5y51xhb2mb3gn5xk1pcxo92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eif5y51xhb2mb3gn5xk1pcxo92|03|net"; nocase; ) # cp6k3t1w0aiu8lzdu2h1k8sx8j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cp6k3t1w0aiu8lzdu2h1k8sx8j|03|net"; nocase; ) # 1fpco4d1r3jnstvut0hnbvivh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpco4d1r3jnstvut0hnbvivh8|03|org"; nocase; ) # 1nu1zyb4apfvd1dwe4r11u8987w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nu1zyb4apfvd1dwe4r11u8987w|03|org"; nocase; ) # i1wo9hx35akn1csq1717rp6pj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i1wo9hx35akn1csq1717rp6pj|03|net"; nocase; ) # 12ds0e6i7ljle1d4v5xqc4lb6e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12ds0e6i7ljle1d4v5xqc4lb6e|03|biz"; nocase; ) # 1q6awen1n1cxk21o9zvsh1184im3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q6awen1n1cxk21o9zvsh1184im3|03|com"; nocase; ) # 1sbaiqwgtm1xbabmqrhdihibb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sbaiqwgtm1xbabmqrhdihibb|03|org"; nocase; ) # 178xr718r3vi311zwz4vv8r3bi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178xr718r3vi311zwz4vv8r3bi|03|com"; nocase; ) # 71la2q1e6clk81g7ivjy1192h2u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|71la2q1e6clk81g7ivjy1192h2u|03|org"; nocase; ) # 1gi3x5h1qxr1mb87dzsqf4ereu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gi3x5h1qxr1mb87dzsqf4ereu|03|net"; nocase; ) # 1j5693vo7gs671hpxq7ruzai1a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j5693vo7gs671hpxq7ruzai1a|03|net"; nocase; ) # 1xcbp8h1ig8go311l12xwodpevv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xcbp8h1ig8go311l12xwodpevv|03|net"; nocase; ) # 13neg634fk3jpp5udb1fjk8ns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13neg634fk3jpp5udb1fjk8ns|03|net"; nocase; ) # hzsc18m9ec0kgr1msvp8v4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|hzsc18m9ec0kgr1msvp8v4j|03|org"; nocase; ) # oruzakv8p4nf1xy7mye14qgl7k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oruzakv8p4nf1xy7mye14qgl7k|03|com"; nocase; ) # b0j8ja134lw2l3efx5wd5ujp5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b0j8ja134lw2l3efx5wd5ujp5|03|biz"; nocase; ) # ia1otj1udktws1m7k8xdbhvwcl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ia1otj1udktws1m7k8xdbhvwcl|03|net"; nocase; ) # 1jkfl5u1gv3n7e1s7bi5s1cst20r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jkfl5u1gv3n7e1s7bi5s1cst20r|03|com"; nocase; ) # 1x9v9z8eiwwff1b7xxffd17268.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x9v9z8eiwwff1b7xxffd17268|03|org"; nocase; ) # nk6c4u95yps51upakbzn6ocns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nk6c4u95yps51upakbzn6ocns|03|net"; nocase; ) # hds9wq11z2m221y13s9eqaxk1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hds9wq11z2m221y13s9eqaxk1b|03|org"; nocase; ) # wi1y9a12ycpdb15wklpr1xn4dum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wi1y9a12ycpdb15wklpr1xn4dum|03|net"; nocase; ) # 1b9z9y41ldkq5g18bm8tu14geqs2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b9z9y41ldkq5g18bm8tu14geqs2|03|org"; nocase; ) # 68x7k7u6k6n71c0n6ebeaa80e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68x7k7u6k6n71c0n6ebeaa80e|03|biz"; nocase; ) # 1j24yhonbnqz9qk0e7euez9n9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j24yhonbnqz9qk0e7euez9n9|03|net"; nocase; ) # 1yiop6b7f1bv718kg4tx1jpjjik.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yiop6b7f1bv718kg4tx1jpjjik|03|org"; nocase; ) # 1tlb0ijzft2mi1nvydtz7tbptr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tlb0ijzft2mi1nvydtz7tbptr|03|net"; nocase; ) # 1g7vv63wtngtd1vg8mhl931moh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7vv63wtngtd1vg8mhl931moh|03|org"; nocase; ) # qqr66o1dtuome6jti4195i5qe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qqr66o1dtuome6jti4195i5qe|03|net"; nocase; ) # 1mj6nf31oao7gi1qjl8yy1ektjs3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mj6nf31oao7gi1qjl8yy1ektjs3|03|com"; nocase; ) # jy9kbs1xewps91ax24xi138ja3u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jy9kbs1xewps91ax24xi138ja3u|03|com"; nocase; ) # e3p1f111z1d6162enc41ygvl8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e3p1f111z1d6162enc41ygvl8w|03|org"; nocase; ) # lloyg0tav6w5pqfckyshae2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lloyg0tav6w5pqfckyshae2h|03|net"; nocase; ) # 1uwszqh1mmexq0nzqf8wq36ziz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwszqh1mmexq0nzqf8wq36ziz|03|com"; nocase; ) # 1i7n9u1ggh2at1ax1iwn1i9hxo0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i7n9u1ggh2at1ax1iwn1i9hxo0|03|org"; nocase; ) # yqg8o81qiaowbp4o8f31axinnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yqg8o81qiaowbp4o8f31axinnz|03|com"; nocase; ) # 147eqs9lmj0oagtd5ni1cilw1r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147eqs9lmj0oagtd5ni1cilw1r|03|biz"; nocase; ) # zjs9bn1shj2xa2tlf191yagutt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zjs9bn1shj2xa2tlf191yagutt|03|net"; nocase; ) # gpbzvb1svu6ln2gi83t13ww2d3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpbzvb1svu6ln2gi83t13ww2d3|03|biz"; nocase; ) # 8mvrf28tfxtimsx2w51bc9j7r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8mvrf28tfxtimsx2w51bc9j7r|03|net"; nocase; ) # 1dhfzgwh77yg5pzsrbe1q0bw1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dhfzgwh77yg5pzsrbe1q0bw1q|03|biz"; nocase; ) # 9897x61j3fhn18urqbw8h88wy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9897x61j3fhn18urqbw8h88wy|03|org"; nocase; ) # zo0f20yig8njztuzgc1qk9lw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zo0f20yig8njztuzgc1qk9lw3|03|net"; nocase; ) # 25kwl71ryd2se534udf1hpaf0n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|25kwl71ryd2se534udf1hpaf0n|03|com"; nocase; ) # 14q6jfs1h6o3zf1t0q7jnx7kvll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14q6jfs1h6o3zf1t0q7jnx7kvll|03|com"; nocase; ) # 1lfa3ahbt1ipb1nyq3oz1fiwuda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lfa3ahbt1ipb1nyq3oz1fiwuda|03|biz"; nocase; ) # kk5xw11473m57an38fp1n6drii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kk5xw11473m57an38fp1n6drii|03|com"; nocase; ) # 1t7ddc1u72z6s1p0rk391e0sv37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t7ddc1u72z6s1p0rk391e0sv37|03|net"; nocase; ) # 1vgxeak1suvsbi1eb3yf81em0rtt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vgxeak1suvsbi1eb3yf81em0rtt|03|com"; nocase; ) # djjcpp1ltt1oifobrq73s3s83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|djjcpp1ltt1oifobrq73s3s83|03|com"; nocase; ) # 9atop22w82xu1am8026353nuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9atop22w82xu1am8026353nuy|03|net"; nocase; ) # 1h9i23i1ia36nsi9cx6kn5rf51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h9i23i1ia36nsi9cx6kn5rf51|03|org"; nocase; ) # 1ykkit49wuk5e7gcjsd1hpvu82.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ykkit49wuk5e7gcjsd1hpvu82|03|org"; nocase; ) # xg943d1k7dht3stu83lql3huv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xg943d1k7dht3stu83lql3huv|03|net"; nocase; ) # 24ijs91d4g5ll1lekk9pelfbq6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24ijs91d4g5ll1lekk9pelfbq6|03|com"; nocase; ) # 2o1xtb1q2j4ka1cfupou1tsoz6c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2o1xtb1q2j4ka1cfupou1tsoz6c|03|org"; nocase; ) # 8jcew02wipih12ntshjmf14su.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8jcew02wipih12ntshjmf14su|03|biz"; nocase; ) # dsfqhm19572ej1gvk23q1tuqt01.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dsfqhm19572ej1gvk23q1tuqt01|03|net"; nocase; ) # 5mn8k28jd3nf14wzhzh1upqs76.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5mn8k28jd3nf14wzhzh1upqs76|03|net"; nocase; ) # zekwb01jx2lvl12t21091t2x6mw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zekwb01jx2lvl12t21091t2x6mw|03|biz"; nocase; ) # 1p5y6fd1kfcls4nestq32b2rk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p5y6fd1kfcls4nestq32b2rk1|03|net"; nocase; ) # 16oh45y1rvd8uv1io7uqcpbigjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16oh45y1rvd8uv1io7uqcpbigjb|03|net"; nocase; ) # u4ky7sd7z1be18vgola1c06jvd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u4ky7sd7z1be18vgola1c06jvd|03|biz"; nocase; ) # 1ves6g81ja7gv9q5k9mrdui661.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ves6g81ja7gv9q5k9mrdui661|03|com"; nocase; ) # 102h913jeijce1knhe2uo18lvl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|102h913jeijce1knhe2uo18lvl|03|biz"; nocase; ) # eq83061t3jkbqpluxjt100ss3w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eq83061t3jkbqpluxjt100ss3w|03|com"; nocase; ) # 12hub7ets8ub014v1w9zspnqow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12hub7ets8ub014v1w9zspnqow|03|biz"; nocase; ) # 2f4cut1lunm4v7xcfht1x6ecs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2f4cut1lunm4v7xcfht1x6ecs|03|net"; nocase; ) # 1fi2h5bek2tu3p767qm1l6dckd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fi2h5bek2tu3p767qm1l6dckd|03|net"; nocase; ) # o9hs4s2noqmyb8rc8p1y9m3sm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o9hs4s2noqmyb8rc8p1y9m3sm|03|biz"; nocase; ) # 1vhqrz310vs0tj13p7hu21cmp03w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vhqrz310vs0tj13p7hu21cmp03w|03|org"; nocase; ) # apqjsw1k4pjz01gigarq13xiec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|apqjsw1k4pjz01gigarq13xiec|03|com"; nocase; ) # 387ievqcbd2e17kmsa81o210m1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|387ievqcbd2e17kmsa81o210m1|03|biz"; nocase; ) # 1exooa33g67sqfeywyo1sc8q9q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1exooa33g67sqfeywyo1sc8q9q|03|net"; nocase; ) # 1mzlj6nquw1jd14hvkg2ab5g6e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mzlj6nquw1jd14hvkg2ab5g6e|03|biz"; nocase; ) # 1bttad216mvj9yyrosm01g83p1h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bttad216mvj9yyrosm01g83p1h|03|biz"; nocase; ) # py8byqv654yb147yakd17zx8zd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|py8byqv654yb147yakd17zx8zd|03|com"; nocase; ) # 1gllz6foqp6nijgbgh31v669o4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gllz6foqp6nijgbgh31v669o4|03|org"; nocase; ) # 12hv95937icdp4clwuc89595v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12hv95937icdp4clwuc89595v|03|net"; nocase; ) # 1diq383haq4ildo2r771msmd9s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1diq383haq4ildo2r771msmd9s|03|net"; nocase; ) # 5ji2hg1y4hzz81r9l7991qsp66i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5ji2hg1y4hzz81r9l7991qsp66i|03|org"; nocase; ) # w0p1c1fdeccz1h20ciy1ecaztm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w0p1c1fdeccz1h20ciy1ecaztm|03|com"; nocase; ) # 1wqq7lt1ysd6oq9hawjgyvirwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wqq7lt1ysd6oq9hawjgyvirwr|03|net"; nocase; ) # 12fgbjh1reo4o01bu2g56rm3mr9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12fgbjh1reo4o01bu2g56rm3mr9|03|net"; nocase; ) # 3tzpksxh70fvppa7rskcyfe1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3tzpksxh70fvppa7rskcyfe1|03|org"; nocase; ) # 15rwbb31mvkc1l1mtqbsu1urn1xu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15rwbb31mvkc1l1mtqbsu1urn1xu|03|net"; nocase; ) # fsj5r31qe32k1739fi31qjbwbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fsj5r31qe32k1739fi31qjbwbf|03|com"; nocase; ) # 9qqmsxi2ku6w1ejtjh71s9rbxq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9qqmsxi2ku6w1ejtjh71s9rbxq|03|org"; nocase; ) # twrihb8cfdw41hfo64w1m648ba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|twrihb8cfdw41hfo64w1m648ba|03|com"; nocase; ) # 104htyuu3k4pwpmxh9cck7x7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|104htyuu3k4pwpmxh9cck7x7w|03|net"; nocase; ) # vfv9p81tsykpw11v3q8x1t1o9bx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vfv9p81tsykpw11v3q8x1t1o9bx|03|net"; nocase; ) # 1y1beimpia5cv19fvgjz1jszpx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y1beimpia5cv19fvgjz1jszpx2|03|org"; nocase; ) # 3knna21fkyg4m5ul2731yhr8r7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3knna21fkyg4m5ul2731yhr8r7|03|net"; nocase; ) # 1jbbxqj9iacos73jmjcnu9fux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jbbxqj9iacos73jmjcnu9fux|03|net"; nocase; ) # 1xm0vbie3709a1ciwc711gdw4bq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xm0vbie3709a1ciwc711gdw4bq|03|com"; nocase; ) # 10tzo251adgajt1lkfdb8z5eyuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10tzo251adgajt1lkfdb8z5eyuw|03|net"; nocase; ) # ujxcqr1tjt7lw172ehsns1uruf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ujxcqr1tjt7lw172ehsns1uruf|03|net"; nocase; ) # mnqmweh0jzznqwxghajepvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mnqmweh0jzznqwxghajepvc|03|biz"; nocase; ) # pou6sy1z7x4efs36um30ry0z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pou6sy1z7x4efs36um30ry0z|03|com"; nocase; ) # 1r33fncporwga630mjy1bzqmc8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r33fncporwga630mjy1bzqmc8|03|com"; nocase; ) # 188n2hz1a0dl7g1kdse7k15zlsa1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|188n2hz1a0dl7g1kdse7k15zlsa1|03|org"; nocase; ) # 13on7f4yy6vvwqd29m33s62bd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13on7f4yy6vvwqd29m33s62bd|03|com"; nocase; ) # 154bt8ab6hj1z15a6whd19q3vh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|154bt8ab6hj1z15a6whd19q3vh9|03|net"; nocase; ) # pmeptn1k85db556pjnz6pajlj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pmeptn1k85db556pjnz6pajlj|03|biz"; nocase; ) # yc8s0r17btoe9u8admh8gzo6y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yc8s0r17btoe9u8admh8gzo6y|03|net"; nocase; ) # 1gw0u85i7duk9euqrcib7db4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gw0u85i7duk9euqrcib7db4c|03|com"; nocase; ) # mzki7pnsszqzuwdwya4rtsp5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mzki7pnsszqzuwdwya4rtsp5|03|com"; nocase; ) # wumkyn1dc7xk9xyvsbc9t5zd1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wumkyn1dc7xk9xyvsbc9t5zd1|03|org"; nocase; ) # 1pnrlxn18uj92o17s5stzfetb8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pnrlxn18uj92o17s5stzfetb8v|03|com"; nocase; ) # 7dys4w19n77sk17jvwc31b42wwl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7dys4w19n77sk17jvwc31b42wwl|03|biz"; nocase; ) # 1m8u8mi1656bj2j2ehvl12956oz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m8u8mi1656bj2j2ehvl12956oz|03|biz"; nocase; ) # tmmfca1b36j5f3g3ksy1fvknrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tmmfca1b36j5f3g3ksy1fvknrf|03|net"; nocase; ) # 1nkd0491c3e0t1hh10b386jcaj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nkd0491c3e0t1hh10b386jcaj|03|org"; nocase; ) # 1sszazscoyqmh2d45ucx4934m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sszazscoyqmh2d45ucx4934m|03|net"; nocase; ) # 1u8gh5d18vlfv9bxv1wg1eljbme.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u8gh5d18vlfv9bxv1wg1eljbme|03|biz"; nocase; ) # 15fb6vx7mjk0s1xhjwdj1kj6bzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15fb6vx7mjk0s1xhjwdj1kj6bzo|03|com"; nocase; ) # 16oc30tbbdrc11x5hf8f1tt3j9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16oc30tbbdrc11x5hf8f1tt3j9j|03|net"; nocase; ) # sp2cqhw1q3h0o4fx0dzphkqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sp2cqhw1q3h0o4fx0dzphkqd|03|biz"; nocase; ) # 100ymr65oxjq21slmfvr14sm6a0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|100ymr65oxjq21slmfvr14sm6a0|03|org"; nocase; ) # agy2mya436ie1xy9xuorsvuum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|agy2mya436ie1xy9xuorsvuum|03|net"; nocase; ) # 1nn8524fmtb3e4yc0ad18sbbtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nn8524fmtb3e4yc0ad18sbbtj|03|org"; nocase; ) # os41wv1feizd7pw0psk1q6olxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|os41wv1feizd7pw0psk1q6olxe|03|com"; nocase; ) # gnq0g9j3wt951fa94vl5dxhaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gnq0g9j3wt951fa94vl5dxhaf|03|org"; nocase; ) # 2w7fi31h11tudf1hsd71iwbk53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2w7fi31h11tudf1hsd71iwbk53|03|net"; nocase; ) # 24mqww1tp7fj21yix3livumt97.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24mqww1tp7fj21yix3livumt97|03|com"; nocase; ) # desfvllee3ol1hjtvs31pi9yja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|desfvllee3ol1hjtvs31pi9yja|03|net"; nocase; ) # 1pcsr810ui3l74n485m14bftlf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pcsr810ui3l74n485m14bftlf|03|net"; nocase; ) # nd1sea95wt4gkprb4ud9gmuo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nd1sea95wt4gkprb4ud9gmuo|03|biz"; nocase; ) # vc57kldldimt5tnp1v1sep3nj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vc57kldldimt5tnp1v1sep3nj|03|net"; nocase; ) # 1mbqqi27xippy1ase5h71xqi8wi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mbqqi27xippy1ase5h71xqi8wi|03|net"; nocase; ) # xjzwalrtxxy7qgcfmirp71p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xjzwalrtxxy7qgcfmirp71p|03|com"; nocase; ) # ki94qj1hoghnn14f62jh1gvwi1x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ki94qj1hoghnn14f62jh1gvwi1x|03|biz"; nocase; ) # 1sr0l01188xplt4ia9wzgx8emt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sr0l01188xplt4ia9wzgx8emt|03|com"; nocase; ) # 14yxzq61a48r8b1gyc1i11avs6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14yxzq61a48r8b1gyc1i11avs6o|03|org"; nocase; ) # 1vbgj541bncoj3kj8xfr9ueo41.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbgj541bncoj3kj8xfr9ueo41|03|org"; nocase; ) # 1iansrm1di05z2yev9p10lv1fu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iansrm1di05z2yev9p10lv1fu|03|com"; nocase; ) # 1rbf0lokcrdbja9cyb210snw1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rbf0lokcrdbja9cyb210snw1n|03|net"; nocase; ) # tzi6xw1302jhf1ppvrt41o41a5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tzi6xw1302jhf1ppvrt41o41a5f|03|org"; nocase; ) # 7h4umn88uv0c1v0czuz2ycuil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7h4umn88uv0c1v0czuz2ycuil|03|org"; nocase; ) # 1t1uko1c0sb1o1hpwtb0wd06ox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1uko1c0sb1o1hpwtb0wd06ox|03|com"; nocase; ) # 19wmj3g152aljlgvh14aksw6jj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19wmj3g152aljlgvh14aksw6jj|03|com"; nocase; ) # 1piu3dd1kp1belp5aaxj1vntcxv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1piu3dd1kp1belp5aaxj1vntcxv|03|org"; nocase; ) # 1db6rikh7cp2ua0v2rfpnllq3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1db6rikh7cp2ua0v2rfpnllq3|03|org"; nocase; ) # 1xdspu11op5chhoxsk4jc18w2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xdspu11op5chhoxsk4jc18w2m|03|net"; nocase; ) # 1f43li81s543aq142le0dpbfe67.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f43li81s543aq142le0dpbfe67|03|biz"; nocase; ) # 1xgjt9i1xdc71h1up6odr1ti0kvh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xgjt9i1xdc71h1up6odr1ti0kvh|03|net"; nocase; ) # ngkx0w1hlcotq7cujak1wo493n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ngkx0w1hlcotq7cujak1wo493n|03|com"; nocase; ) # mndipwce310a9145bb1nef4jl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mndipwce310a9145bb1nef4jl|03|org"; nocase; ) # 117eptj1ko4minjxg41l1newg48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|117eptj1ko4minjxg41l1newg48|03|net"; nocase; ) # g4s9iedem5drk0rzd4jqzhxs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g4s9iedem5drk0rzd4jqzhxs|03|org"; nocase; ) # 141fq7fy3mj00es0nza1eirvaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|141fq7fy3mj00es0nza1eirvaq|03|net"; nocase; ) # 1b3ir0d18uv2qv19mgpi2eqazpd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3ir0d18uv2qv19mgpi2eqazpd|03|com"; nocase; ) # 1cw88jysjakv47qp6m91qgk23a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cw88jysjakv47qp6m91qgk23a|03|net"; nocase; ) # jrlolzn85edq1ttzdyk1og0hgc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jrlolzn85edq1ttzdyk1og0hgc|03|net"; nocase; ) # 1bueogu1xhpzee6p29hl1wvsujw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bueogu1xhpzee6p29hl1wvsujw|03|org"; nocase; ) # 1iehmmv1klo39t1oq06j8k8yryu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iehmmv1klo39t1oq06j8k8yryu|03|com"; nocase; ) # 1d5hpf013zy38ae24jxx19c31sk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5hpf013zy38ae24jxx19c31sk|03|net"; nocase; ) # 1yf9vqn102id77bxiho8mmy6vg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yf9vqn102id77bxiho8mmy6vg|03|net"; nocase; ) # 85un181agkeud1vaumzf16ldz5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|85un181agkeud1vaumzf16ldz5l|03|net"; nocase; ) # tqumh0k5ri8y9t5egoniqh8b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tqumh0k5ri8y9t5egoniqh8b|03|net"; nocase; ) # 1job6wd1obgpg71lzc03c1eecrq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1job6wd1obgpg71lzc03c1eecrq1|03|net"; nocase; ) # 1xbjrgs1hguom47ouyqj1kikjkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xbjrgs1hguom47ouyqj1kikjkf|03|com"; nocase; ) # 6rbw3j9rd58lvsr4ia16iz6un.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rbw3j9rd58lvsr4ia16iz6un|03|org"; nocase; ) # 1l03ozy8b4kvxy9k2bmyqa8ei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l03ozy8b4kvxy9k2bmyqa8ei|03|biz"; nocase; ) # 11vsyca9xj3yby3bx1x1bq50ld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11vsyca9xj3yby3bx1x1bq50ld|03|org"; nocase; ) # d0vsxiaxs6j5w22yg01xka69b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d0vsxiaxs6j5w22yg01xka69b|03|com"; nocase; ) # 1sz8rayfijo55qxjq5y3rmwib.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sz8rayfijo55qxjq5y3rmwib|03|org"; nocase; ) # glt5cg1e38ya4jti14l1d8cgff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|glt5cg1e38ya4jti14l1d8cgff|03|net"; nocase; ) # jwkavgsi4x88yxz5oy1dpmh0w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jwkavgsi4x88yxz5oy1dpmh0w|03|biz"; nocase; ) # ok7nijpc92gt1clnukh1a22ymh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ok7nijpc92gt1clnukh1a22ymh|03|com"; nocase; ) # 2d6x282b9qp71g20h1duvk2d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2d6x282b9qp71g20h1duvk2d|03|com"; nocase; ) # goq9xrnwkgtknslvmv1w353gj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|goq9xrnwkgtknslvmv1w353gj|03|com"; nocase; ) # 13o9w4414i9t1h1u8566413qdg8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13o9w4414i9t1h1u8566413qdg8s|03|com"; nocase; ) # w6n0q51bqfy5l1d77casxszpfm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w6n0q51bqfy5l1d77casxszpfm|03|net"; nocase; ) # 1ou846dxn0svs15qqq9gmokq8r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ou846dxn0svs15qqq9gmokq8r|03|org"; nocase; ) # 11v3bg31mnt2mv1pwp02kid70lm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11v3bg31mnt2mv1pwp02kid70lm|03|org"; nocase; ) # 1lokz1q1w2n7oe1921yzosjo6tn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lokz1q1w2n7oe1921yzosjo6tn|03|net"; nocase; ) # uxws8x1isp49z1viv3231nyuhd1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uxws8x1isp49z1viv3231nyuhd1|03|com"; nocase; ) # 13knc581igpzufhm4iko7x3knt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13knc581igpzufhm4iko7x3knt|03|biz"; nocase; ) # 1ndb2g8lr6eu01vec06u1pozcqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ndb2g8lr6eu01vec06u1pozcqa|03|net"; nocase; ) # 16rjp69tobpnsx6aa184d3c0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16rjp69tobpnsx6aa184d3c0l|03|net"; nocase; ) # yljjpt1lm3o1yqid8s4i059hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yljjpt1lm3o1yqid8s4i059hr|03|net"; nocase; ) # 19nmp93bweqns5nqked1d21qkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19nmp93bweqns5nqked1d21qkp|03|net"; nocase; ) # 7nfta98dklqk1ozumgopvoa7q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7nfta98dklqk1ozumgopvoa7q|03|com"; nocase; ) # 1btt4yhlrmuuf1r3k3lt1xjbxzv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1btt4yhlrmuuf1r3k3lt1xjbxzv|03|net"; nocase; ) # 1sbh6o71hq3nr61ykj4sxbsbkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sbh6o71hq3nr61ykj4sxbsbkn|03|net"; nocase; ) # l9v6gff91frj1kra1auxu7kci.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l9v6gff91frj1kra1auxu7kci|03|org"; nocase; ) # p0zydnqqgz41nqec6615ox7ud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p0zydnqqgz41nqec6615ox7ud|03|org"; nocase; ) # 1i06yne11ksnxg1yiprax1m277gc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i06yne11ksnxg1yiprax1m277gc|03|org"; nocase; ) # 1cpdmfbagxq3fyge8ot1drec1t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpdmfbagxq3fyge8ot1drec1t|03|com"; nocase; ) # fnehw6l4tdh71fpqa4e1o1uogk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fnehw6l4tdh71fpqa4e1o1uogk|03|net"; nocase; ) # 1sjewcv1cihat61wsb3ks11nck7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sjewcv1cihat61wsb3ks11nck7i|03|net"; nocase; ) # g9tre014g7x4o10kdlhb1ircwkt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g9tre014g7x4o10kdlhb1ircwkt|03|biz"; nocase; ) # jxtm6p1knpt7tgggr1u8lzz4q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxtm6p1knpt7tgggr1u8lzz4q|03|net"; nocase; ) # evh22dr3lwjn1i2p0rdcpstao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|evh22dr3lwjn1i2p0rdcpstao|03|biz"; nocase; ) # 1mhegbfd0t8r634dj4j1j6dey1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mhegbfd0t8r634dj4j1j6dey1|03|biz"; nocase; ) # 1fktgtv17kv5hcfa71k91ebiug2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fktgtv17kv5hcfa71k91ebiug2|03|org"; nocase; ) # 1d9t6ai13jp85o1fql77aaiseo4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d9t6ai13jp85o1fql77aaiseo4|03|org"; nocase; ) # 1712os61sly3go1byaaenug22mr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1712os61sly3go1byaaenug22mr|03|org"; nocase; ) # 1wjm8m0wiwrzs1lrf10tdgefih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000031999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjm8m0wiwrzs1lrf10tdgefih|03|net"; nocase; ) # 1yc3djk1ah5mo7zdck1gjue2yw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yc3djk1ah5mo7zdck1gjue2yw|03|net"; nocase; ) # irno6h1381boq1tt9k4o1h4s08p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|irno6h1381boq1tt9k4o1h4s08p|03|biz"; nocase; ) # sl32601caj3jj1cda90avo17rv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sl32601caj3jj1cda90avo17rv|03|net"; nocase; ) # 13f6qyf8m052a9pdfrhqvixgj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13f6qyf8m052a9pdfrhqvixgj|03|org"; nocase; ) # 14ymqjjtw97yuco8wo44oawl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14ymqjjtw97yuco8wo44oawl|03|net"; nocase; ) # 157iz2k5i1jf41i4o4uj1374cxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|157iz2k5i1jf41i4o4uj1374cxx|03|com"; nocase; ) # xts9b1111ud0c1fvf18l2baxjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xts9b1111ud0c1fvf18l2baxjv|03|com"; nocase; ) # 1e6c69pi8r679rib7md1cpkuam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e6c69pi8r679rib7md1cpkuam|03|net"; nocase; ) # zemdk0o817pliceoui1dzu13s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zemdk0o817pliceoui1dzu13s|03|biz"; nocase; ) # luonop1ydt6z41t7w20c1wyjlov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|luonop1ydt6z41t7w20c1wyjlov|03|com"; nocase; ) # 1b1yv9z1q8jxeivuydmz1hw4bxc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1yv9z1q8jxeivuydmz1hw4bxc|03|net"; nocase; ) # 4073xg17fy0mv79z1v5tde65k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4073xg17fy0mv79z1v5tde65k|03|org"; nocase; ) # 1u9wtii2tepunu8ff7zlst6lf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9wtii2tepunu8ff7zlst6lf|03|com"; nocase; ) # xyhfze1dv9f0zw7zlf61w8qhvl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xyhfze1dv9f0zw7zlf61w8qhvl|03|net"; nocase; ) # qv7c971dnu0c8o113kud2acfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qv7c971dnu0c8o113kud2acfw|03|com"; nocase; ) # 1i4vs1p9ouoqf48w2mbkgchat.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i4vs1p9ouoqf48w2mbkgchat|03|biz"; nocase; ) # o78vnnq214g81mqjcncaec4hs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o78vnnq214g81mqjcncaec4hs|03|net"; nocase; ) # 14pwd5n1xra2nj1ma51g3v90srb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14pwd5n1xra2nj1ma51g3v90srb|03|com"; nocase; ) # 1asoxf9ydoisi3qe1wa12u9r54.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1asoxf9ydoisi3qe1wa12u9r54|03|net"; nocase; ) # 5wa5o3kv0yy7ocj99db8xm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5wa5o3kv0yy7ocj99db8xm4|03|org"; nocase; ) # 1i893049t3pg61d4p1v19m08jo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i893049t3pg61d4p1v19m08jo|03|com"; nocase; ) # 1qfgnh916ar7lt112naae1vpooen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qfgnh916ar7lt112naae1vpooen|03|net"; nocase; ) # 1n43a6s10ylo2a1eot75t1a6gc9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n43a6s10ylo2a1eot75t1a6gc9i|03|com"; nocase; ) # 1jo29vx1q9rs04tqrbes1jvgd9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jo29vx1q9rs04tqrbes1jvgd9u|03|com"; nocase; ) # 1xcke491hcnwkmif60951y16opl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xcke491hcnwkmif60951y16opl|03|com"; nocase; ) # 1h1qcam19sfr181j3c0fupo5r90.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h1qcam19sfr181j3c0fupo5r90|03|org"; nocase; ) # djbc8t11ie7oaep10ruv3s2zu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|djbc8t11ie7oaep10ruv3s2zu|03|org"; nocase; ) # ah4n9818q7d6a12iaz7jorf2us.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ah4n9818q7d6a12iaz7jorf2us|03|biz"; nocase; ) # u6q97i8nyv342xivueuwrq4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u6q97i8nyv342xivueuwrq4c|03|com"; nocase; ) # 10x9pzdy5yihf1xmt6y61i07u68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10x9pzdy5yihf1xmt6y61i07u68|03|org"; nocase; ) # cd9tqd1no4xxbizxyxb1jgss28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cd9tqd1no4xxbizxyxb1jgss28|03|org"; nocase; ) # os1qte1pbgfh51nqpdmm8fnu59.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|os1qte1pbgfh51nqpdmm8fnu59|03|biz"; nocase; ) # 1mjev0cju5hmvtsrnrtjoc81d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mjev0cju5hmvtsrnrtjoc81d|03|net"; nocase; ) # m73z9pj4wfrrgr0dfylnrb2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m73z9pj4wfrrgr0dfylnrb2h|03|com"; nocase; ) # 140xv101k7fs4mfrhhd77m6t1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|140xv101k7fs4mfrhhd77m6t1f|03|org"; nocase; ) # 11puwhayjnfmt1dgmsjb16md6os.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11puwhayjnfmt1dgmsjb16md6os|03|org"; nocase; ) # wduzw5a93v501np72vo1cq6ort.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wduzw5a93v501np72vo1cq6ort|03|net"; nocase; ) # 1f1a1r0i0yhl7e4qoo1kiuhok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f1a1r0i0yhl7e4qoo1kiuhok|03|net"; nocase; ) # 10mou0n1as9cr3bzzzd61793dbf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10mou0n1as9cr3bzzzd61793dbf|03|net"; nocase; ) # mzfqaggkltop1620xpu1lu6idi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mzfqaggkltop1620xpu1lu6idi|03|net"; nocase; ) # y9znsp82pok916z0ln4okyzqu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y9znsp82pok916z0ln4okyzqu|03|net"; nocase; ) # shq9w2le6tc61fpqxg11covljk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shq9w2le6tc61fpqxg11covljk|03|org"; nocase; ) # 18w162l13zluh916gx4jy2rq8q7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18w162l13zluh916gx4jy2rq8q7|03|com"; nocase; ) # 1lra8dv18agpfi1vzxvcfb9h4ce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lra8dv18agpfi1vzxvcfb9h4ce|03|biz"; nocase; ) # hyyd1c18hqhre1cwe3ys1cw552x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hyyd1c18hqhre1cwe3ys1cw552x|03|net"; nocase; ) # 1qt1cupcvrscno3n9161vr6fsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qt1cupcvrscno3n9161vr6fsz|03|org"; nocase; ) # 6ykeqp1w83i2y15h8z991xaqeij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ykeqp1w83i2y15h8z991xaqeij|03|net"; nocase; ) # matzeqkg9aei1k0d89e91milk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|matzeqkg9aei1k0d89e91milk|03|com"; nocase; ) # qqtveo97yy7r1w31lwk1s5p5t7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qqtveo97yy7r1w31lwk1s5p5t7|03|com"; nocase; ) # 1jkwy3l1i7sk93k4b972pr417i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jkwy3l1i7sk93k4b972pr417i|03|net"; nocase; ) # w85om21fqg3301yb281v1emeema.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w85om21fqg3301yb281v1emeema|03|org"; nocase; ) # 17mxqn31vhxlefb0umqc1ut6369.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mxqn31vhxlefb0umqc1ut6369|03|net"; nocase; ) # 1di7qf81k4f0oc1u0f3pwdpf36s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1di7qf81k4f0oc1u0f3pwdpf36s|03|com"; nocase; ) # 16xc5eo1cbjxqfdw6pi91t6433n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xc5eo1cbjxqfdw6pi91t6433n|03|com"; nocase; ) # jxwc4u1b38ynsbctuottpurb4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jxwc4u1b38ynsbctuottpurb4|03|biz"; nocase; ) # 1ax06lv1bvpo88uuxaym1gii971.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ax06lv1bvpo88uuxaym1gii971|03|net"; nocase; ) # 1y6vnd61yaiazfisxwdq1p6papo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y6vnd61yaiazfisxwdq1p6papo|03|org"; nocase; ) # 1mmj740m5mxuyadg5vz1c5yo4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mmj740m5mxuyadg5vz1c5yo4k|03|net"; nocase; ) # 1epkgtt1s99iu1vz44yv1g4eg50.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epkgtt1s99iu1vz44yv1g4eg50|03|com"; nocase; ) # 2l90159n8ny1tvv1u21gi6b9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2l90159n8ny1tvv1u21gi6b9|03|net"; nocase; ) # 6tvhu010varme1bcnzy4fs00ch.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6tvhu010varme1bcnzy4fs00ch|03|biz"; nocase; ) # 1sqkp7egvarg21hgute26n1ul6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sqkp7egvarg21hgute26n1ul6|03|net"; nocase; ) # vkbzbfdl90sm115ntxa1uemn99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vkbzbfdl90sm115ntxa1uemn99|03|net"; nocase; ) # nov5bg1pphkad1ngccj717mk0tf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nov5bg1pphkad1ngccj717mk0tf|03|org"; nocase; ) # 1mt1c9mmpbjs1drqnw31lagyfd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mt1c9mmpbjs1drqnw31lagyfd|03|org"; nocase; ) # 1c2kcs61g9xtxo29xaf91vk7msz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c2kcs61g9xtxo29xaf91vk7msz|03|biz"; nocase; ) # 1snsb7a1o53i3hyb8at417l5i9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1snsb7a1o53i3hyb8at417l5i9x|03|net"; nocase; ) # l1zs4xw9fo6f17bsciy2txr4m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l1zs4xw9fo6f17bsciy2txr4m|03|org"; nocase; ) # 1gqluyh1fcxexi1eguas4iyqjii.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gqluyh1fcxexi1eguas4iyqjii|03|biz"; nocase; ) # 1qre6w912i3xs3apfulb147hnwg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qre6w912i3xs3apfulb147hnwg|03|org"; nocase; ) # 16c5ggl1e6rm8qphkmo79bnah5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16c5ggl1e6rm8qphkmo79bnah5|03|biz"; nocase; ) # 1x6um821a7ipxf1vmtmjj1y3uhqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x6um821a7ipxf1vmtmjj1y3uhqn|03|net"; nocase; ) # 1rxz3mmg65hh31yixht61fusysq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rxz3mmg65hh31yixht61fusysq|03|org"; nocase; ) # hb59u94sk748awxpyg1gyj3mf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hb59u94sk748awxpyg1gyj3mf|03|com"; nocase; ) # 1kve7et1wwhbx0dci6w61nqomgm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kve7et1wwhbx0dci6w61nqomgm|03|org"; nocase; ) # 15mi1mu15vlziwnb3npwiq8ns4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mi1mu15vlziwnb3npwiq8ns4|03|com"; nocase; ) # 1v502g41y1jkkg1ffg9a61a88nzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v502g41y1jkkg1ffg9a61a88nzs|03|net"; nocase; ) # 1a5joxt8met5pexu59yyozngr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a5joxt8met5pexu59yyozngr|03|net"; nocase; ) # 1h4l0yjohqi15nnaux05smgjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h4l0yjohqi15nnaux05smgjz|03|org"; nocase; ) # nf0xanh45cdn3cm62s1itlly3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nf0xanh45cdn3cm62s1itlly3|03|net"; nocase; ) # 1ox0qt71wpmosifexqdfvni6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ox0qt71wpmosifexqdfvni6j|03|org"; nocase; ) # 1uwl6tej7xd4s84m6z947dwr4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uwl6tej7xd4s84m6z947dwr4|03|net"; nocase; ) # 1eqfa3w1jra38g2wr8ag1f8jqq4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eqfa3w1jra38g2wr8ag1f8jqq4|03|biz"; nocase; ) # 16igwh221qxmw2xf3o1tdh1kw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16igwh221qxmw2xf3o1tdh1kw|03|biz"; nocase; ) # 1bfpr2q1u2017akjhg1ccw9qf9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfpr2q1u2017akjhg1ccw9qf9|03|com"; nocase; ) # 1ne1rzvvrpkkw171n4361qkdi63.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ne1rzvvrpkkw171n4361qkdi63|03|com"; nocase; ) # jv1whxorxad8au9klsdedop6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jv1whxorxad8au9klsdedop6|03|org"; nocase; ) # 17k5a2v1bnhc1ixbr4xs15zy0e9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17k5a2v1bnhc1ixbr4xs15zy0e9|03|net"; nocase; ) # k1m0e61h691id19hwu271xlcwfy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k1m0e61h691id19hwu271xlcwfy|03|biz"; nocase; ) # 1vrwdsp1xehz8pvtfl5wosvth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vrwdsp1xehz8pvtfl5wosvth|03|biz"; nocase; ) # 191y9r81isd2mn134gk41107ly6f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|191y9r81isd2mn134gk41107ly6f|03|net"; nocase; ) # ipenw814bk2vlsryoyx111qus0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ipenw814bk2vlsryoyx111qus0|03|com"; nocase; ) # 1wq8osd1xg7pby1s7fur71ym8ku8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wq8osd1xg7pby1s7fur71ym8ku8|03|org"; nocase; ) # fujcyvli7wxuqzt1ycy4ooek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fujcyvli7wxuqzt1ycy4ooek|03|com"; nocase; ) # 18gmpgc2qulvm185oroiyz02vb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18gmpgc2qulvm185oroiyz02vb|03|net"; nocase; ) # t5q3zb16b10e811aq1h71ses08h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t5q3zb16b10e811aq1h71ses08h|03|org"; nocase; ) # 16bg8jalf4ly6lnh2gu1a2e9pb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16bg8jalf4ly6lnh2gu1a2e9pb|03|com"; nocase; ) # 1huyo13131ktoe1cemkjjqzehvg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1huyo13131ktoe1cemkjjqzehvg|03|org"; nocase; ) # 6c3zg61is425wtd1l59nl6zff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6c3zg61is425wtd1l59nl6zff|03|com"; nocase; ) # ibtend18mnmc01qfnoho1fwdejq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ibtend18mnmc01qfnoho1fwdejq|03|org"; nocase; ) # 1scrv5a14ighglz47gtas1e1wg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1scrv5a14ighglz47gtas1e1wg|03|biz"; nocase; ) # 1pou0ql1v3yixa77l2j71bdoyhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pou0ql1v3yixa77l2j71bdoyhl|03|net"; nocase; ) # 5cd7jfzpgwzupli0b11uzopis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5cd7jfzpgwzupli0b11uzopis|03|com"; nocase; ) # 1v8f01s1nymc2t1plg52a2fumkm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8f01s1nymc2t1plg52a2fumkm|03|net"; nocase; ) # 5rglb0j7778h1c39b873xf0gd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5rglb0j7778h1c39b873xf0gd|03|com"; nocase; ) # 1itozgd1nkf0h01oukpcysfgznu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1itozgd1nkf0h01oukpcysfgznu|03|net"; nocase; ) # 1cg42e51mcwyqb39un9zxgl2ko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cg42e51mcwyqb39un9zxgl2ko|03|org"; nocase; ) # qds8iljkwnvu70oqtu1yrjrbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qds8iljkwnvu70oqtu1yrjrbg|03|com"; nocase; ) # 10lr61e1hduzn91dbusimlcvwqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10lr61e1hduzn91dbusimlcvwqn|03|net"; nocase; ) # ruj5186662z2ymkxeqo47jte.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ruj5186662z2ymkxeqo47jte|03|com"; nocase; ) # 1ug6kn714bfmm25j6r4ekpskqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ug6kn714bfmm25j6r4ekpskqm|03|org"; nocase; ) # ko9pocpfd9xg50bx8u1ryv6pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ko9pocpfd9xg50bx8u1ryv6pm|03|net"; nocase; ) # md7qvxi2b4391i24oauiylgf1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|md7qvxi2b4391i24oauiylgf1|03|com"; nocase; ) # 5pnyrkcboga21loaxf91nk4msk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5pnyrkcboga21loaxf91nk4msk|03|com"; nocase; ) # 12azygr16gfm011j1tycp1ovy7hd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12azygr16gfm011j1tycp1ovy7hd|03|org"; nocase; ) # ufkfzv1u7u7m91gz2mzr1rys3bg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ufkfzv1u7u7m91gz2mzr1rys3bg|03|org"; nocase; ) # 1s6lt671fum96g1wr5s4iavjs6b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s6lt671fum96g1wr5s4iavjs6b|03|com"; nocase; ) # 1m38yno1enx4o01u0wrx7145g9cs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m38yno1enx4o01u0wrx7145g9cs|03|net"; nocase; ) # ltnplznsv5vclckx4wwwgwm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ltnplznsv5vclckx4wwwgwm5|03|net"; nocase; ) # 1pylox3e451ry1yjdz6h1clp12v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pylox3e451ry1yjdz6h1clp12v|03|biz"; nocase; ) # pkhownvj7mx1ezwg0f1vjkrk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pkhownvj7mx1ezwg0f1vjkrk5|03|com"; nocase; ) # 7uj9t71h0eiml1drprii1xh0z6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7uj9t71h0eiml1drprii1xh0z6t|03|net"; nocase; ) # 1nhpnzm6jooipcp0jyt1vhuyui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nhpnzm6jooipcp0jyt1vhuyui|03|org"; nocase; ) # 4evmrn8edinb1h0zvg6v0ki04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4evmrn8edinb1h0zvg6v0ki04|03|org"; nocase; ) # gqz0cxx3ch5c1egtodj1sj9ymn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gqz0cxx3ch5c1egtodj1sj9ymn|03|com"; nocase; ) # 1hp6d8mpif4ssvcup921vig99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hp6d8mpif4ssvcup921vig99|03|net"; nocase; ) # 153qx0j17wn4m41qg389h6polkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|153qx0j17wn4m41qg389h6polkd|03|com"; nocase; ) # 156rwl11cxtfheldnni13g8eu4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156rwl11cxtfheldnni13g8eu4|03|net"; nocase; ) # 13ilg6sdfe1otsjsy5z1et5w0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ilg6sdfe1otsjsy5z1et5w0z|03|org"; nocase; ) # 1kkb3wm930maj1ynf6ku3r5zsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkb3wm930maj1ynf6ku3r5zsu|03|net"; nocase; ) # 18rodcp1jiysqkj7x6pk15qujed.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18rodcp1jiysqkj7x6pk15qujed|03|biz"; nocase; ) # 16q7vkfgg1rxg18187oz1mp5id0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16q7vkfgg1rxg18187oz1mp5id0|03|net"; nocase; ) # qca24a1wpv2sb1kaxmac1iub90m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qca24a1wpv2sb1kaxmac1iub90m|03|com"; nocase; ) # 117328z1nvlzuje040qx4iiv29.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117328z1nvlzuje040qx4iiv29|03|net"; nocase; ) # xb6yn45tz4c9usya0cxok9cm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xb6yn45tz4c9usya0cxok9cm|03|net"; nocase; ) # 114lsnhja4qh11eekr911ja2kyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|114lsnhja4qh11eekr911ja2kyj|03|org"; nocase; ) # 1ig5dzu12rrzwm1r9wqsy10nm5wc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ig5dzu12rrzwm1r9wqsy10nm5wc|03|biz"; nocase; ) # ky8vu91lq05w1ksd8pb8j4vtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ky8vu91lq05w1ksd8pb8j4vtk|03|net"; nocase; ) # jfr5bm6lvw431u9c1lh1eg1vq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jfr5bm6lvw431u9c1lh1eg1vq3|03|com"; nocase; ) # 71kupe17dc3ec1hdn73b1q6ed0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|71kupe17dc3ec1hdn73b1q6ed0a|03|net"; nocase; ) # 1rhxb4i6n21ml23fctn14s7irl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rhxb4i6n21ml23fctn14s7irl|03|net"; nocase; ) # 1nvl9o82tya8ubwpvwfbzztzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nvl9o82tya8ubwpvwfbzztzk|03|org"; nocase; ) # 1hflq0p13lsr83wjcjjk1p5ytq6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hflq0p13lsr83wjcjjk1p5ytq6|03|net"; nocase; ) # 1bpe6oi1027nl71r5gir11tl1p5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bpe6oi1027nl71r5gir11tl1p5m|03|com"; nocase; ) # 1exfkxwjz9b8oh9irlvzpg80b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1exfkxwjz9b8oh9irlvzpg80b|03|com"; nocase; ) # 6k77l810glhrd74r5ud49q4oy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6k77l810glhrd74r5ud49q4oy|03|org"; nocase; ) # 1fc13cg1cpxti169u0761rtx8kt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fc13cg1cpxti169u0761rtx8kt|03|com"; nocase; ) # wejsx4mlgh171c8gmd1yvrwg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wejsx4mlgh171c8gmd1yvrwg4|03|org"; nocase; ) # wo3gp314ckvsttcbki410lhupa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wo3gp314ckvsttcbki410lhupa|03|net"; nocase; ) # 1ftb4051lanioz995xgy21eqf1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftb4051lanioz995xgy21eqf1|03|net"; nocase; ) # 4npwo7xrmto312th7icxu4dp7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4npwo7xrmto312th7icxu4dp7|03|biz"; nocase; ) # 13hi5b61fpkmpp1bx7p4aou1jo7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13hi5b61fpkmpp1bx7p4aou1jo7|03|com"; nocase; ) # 9tbpn9v0lujbiu1kfeag26qo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9tbpn9v0lujbiu1kfeag26qo|03|org"; nocase; ) # b1qkxwb8zs72w1axt11bsa65g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1qkxwb8zs72w1axt11bsa65g|03|biz"; nocase; ) # d06qn8u65oi51ys9zamxvdjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d06qn8u65oi51ys9zamxvdjs|03|com"; nocase; ) # 1tf0ohz1vxwbgcdkviq3gulr0u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tf0ohz1vxwbgcdkviq3gulr0u|03|biz"; nocase; ) # oajg47159can31rdesp5t9tiyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oajg47159can31rdesp5t9tiyv|03|org"; nocase; ) # 17ui8x71247ukesfzuzal7pj01.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ui8x71247ukesfzuzal7pj01|03|org"; nocase; ) # crzstw174xkm91pj3v3sq08gfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|crzstw174xkm91pj3v3sq08gfc|03|com"; nocase; ) # ow14ug1vrou0a18mysnq10fj6v2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ow14ug1vrou0a18mysnq10fj6v2|03|net"; nocase; ) # 1acvtcm90935murb0w9hnvbyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1acvtcm90935murb0w9hnvbyv|03|net"; nocase; ) # 4yvntwbz6kr11ve3jxtrq81ge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4yvntwbz6kr11ve3jxtrq81ge|03|org"; nocase; ) # 135kn7dun2pt5px7xz91xclfx6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135kn7dun2pt5px7xz91xclfx6|03|biz"; nocase; ) # wriwi1jd38ks46xj0i1vokhq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wriwi1jd38ks46xj0i1vokhq|03|net"; nocase; ) # 17kow9q62v4qg1d61komro12an.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17kow9q62v4qg1d61komro12an|03|net"; nocase; ) # 1vc0u2ac1ijha1jpykkg1idc5ef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vc0u2ac1ijha1jpykkg1idc5ef|03|com"; nocase; ) # ydvie310gjj2e17vba0j1h01xui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ydvie310gjj2e17vba0j1h01xui|03|biz"; nocase; ) # 1w9vmod19ncfc81ckhk9z1hfpehm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w9vmod19ncfc81ckhk9z1hfpehm|03|net"; nocase; ) # 10j2fllx3w6wehb57ngpd0u7p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10j2fllx3w6wehb57ngpd0u7p|03|org"; nocase; ) # uds5em1o1w0ywiieem4388u1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uds5em1o1w0ywiieem4388u1l|03|com"; nocase; ) # jnz1ntbdmsl6t7xaa62ch75x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jnz1ntbdmsl6t7xaa62ch75x|03|biz"; nocase; ) # 1gtqexzr06opfof4tkt44ofv8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gtqexzr06opfof4tkt44ofv8|03|org"; nocase; ) # 1kotjw8ga0vo58sttm01v4nu7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kotjw8ga0vo58sttm01v4nu7d|03|net"; nocase; ) # ckyd241t9pi8717d4hit1sqp3ws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ckyd241t9pi8717d4hit1sqp3ws|03|net"; nocase; ) # hshs4g18r47bd1xi99sa1np26lz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hshs4g18r47bd1xi99sa1np26lz|03|com"; nocase; ) # z0mwd01ij6ct99e4wk09ehlv5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z0mwd01ij6ct99e4wk09ehlv5|03|net"; nocase; ) # 4scrom19n2q5uclho6yk3p4nc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4scrom19n2q5uclho6yk3p4nc|03|org"; nocase; ) # 1gtfqir1awwipzbjxrow1rb1njd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gtfqir1awwipzbjxrow1rb1njd|03|net"; nocase; ) # 1r4i1q130fmkt8adc6q19dseqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4i1q130fmkt8adc6q19dseqz|03|net"; nocase; ) # ssgx7kogwruk10eh1om1j1i4ro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ssgx7kogwruk10eh1om1j1i4ro|03|org"; nocase; ) # s2axm51yotilr14imvlcnizcvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s2axm51yotilr14imvlcnizcvc|03|com"; nocase; ) # czsh781og0mq412rs85x17z1ozr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|czsh781og0mq412rs85x17z1ozr|03|org"; nocase; ) # 2q1xj71jf2b5j1la6yo5106sk2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2q1xj71jf2b5j1la6yo5106sk2e|03|com"; nocase; ) # gp9wxwnn6w72176swj712lcqns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gp9wxwnn6w72176swj712lcqns|03|net"; nocase; ) # 1wvju3arna5431m0dyoj1dno5cz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wvju3arna5431m0dyoj1dno5cz|03|net"; nocase; ) # 1y3zhmy4wyhwkwz95f61krnjwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y3zhmy4wyhwkwz95f61krnjwa|03|org"; nocase; ) # vknpmi1tpinsjdzqiz617derfz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vknpmi1tpinsjdzqiz617derfz|03|com"; nocase; ) # zepcve1uoj81crv3aip1a6slw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zepcve1uoj81crv3aip1a6slw5|03|org"; nocase; ) # aeaqp71y9pia5u5m4t15umert.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aeaqp71y9pia5u5m4t15umert|03|org"; nocase; ) # 1dtgug5jksz2b16usxph1tspqi9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtgug5jksz2b16usxph1tspqi9|03|org"; nocase; ) # ee76wwl4ny4a1xbb1uj1ozzg3r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ee76wwl4ny4a1xbb1uj1ozzg3r|03|com"; nocase; ) # 1hlcyq3wveuibfld8yip96x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|1hlcyq3wveuibfld8yip96x|03|biz"; nocase; ) # 1ribfhpft8gqvdnbn74lx793.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ribfhpft8gqvdnbn74lx793|03|org"; nocase; ) # 1hi7usy1ynj5s7icxtpt1d1fp2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hi7usy1ynj5s7icxtpt1d1fp2i|03|net"; nocase; ) # 19vr4ckce33bvmg48201guc1iu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19vr4ckce33bvmg48201guc1iu|03|net"; nocase; ) # 19v44l813qab5e4up7x01jfo3j6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19v44l813qab5e4up7x01jfo3j6|03|com"; nocase; ) # s3arii1h83yjjosbdaee18wi5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s3arii1h83yjjosbdaee18wi5|03|org"; nocase; ) # 1xwl2f21ouug18101jszgg9ypn7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xwl2f21ouug18101jszgg9ypn7|03|biz"; nocase; ) # 1gwqmxqo73eao1r54tf4vipr5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gwqmxqo73eao1r54tf4vipr5n|03|net"; nocase; ) # 15e7cmg19rstd71tzww6isgpbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15e7cmg19rstd71tzww6isgpbi|03|net"; nocase; ) # 1lp2bd0ht888j8bv3r1aimn1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lp2bd0ht888j8bv3r1aimn1i|03|org"; nocase; ) # 1ywfsavqorcdu17vjh4m1t06303.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ywfsavqorcdu17vjh4m1t06303|03|net"; nocase; ) # nyhz3sfnckz219kstpgb4k7a3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nyhz3sfnckz219kstpgb4k7a3|03|net"; nocase; ) # 1ti9ior1vb4olccscrr9hgifam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ti9ior1vb4olccscrr9hgifam|03|com"; nocase; ) # 1bc9olr1oga9pu1gdxh3qk5a82j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bc9olr1oga9pu1gdxh3qk5a82j|03|org"; nocase; ) # 1d878iy142dgrfhpwta21geb0b7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d878iy142dgrfhpwta21geb0b7|03|com"; nocase; ) # 124kj9xymmfkd7jywu5iijric.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|124kj9xymmfkd7jywu5iijric|03|biz"; nocase; ) # 1tut9tx4d5mwa1bzf4euj5hyw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tut9tx4d5mwa1bzf4euj5hyw8|03|net"; nocase; ) # 2jnelxq92kst1k0nl681ork01k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2jnelxq92kst1k0nl681ork01k|03|org"; nocase; ) # 1xbsw7k10l0srkj1wam3egaqyr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xbsw7k10l0srkj1wam3egaqyr|03|com"; nocase; ) # xnkaz91du8h8o88sop89ztq19.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xnkaz91du8h8o88sop89ztq19|03|biz"; nocase; ) # 1fiamlbowoxyw153a7ycr7mv21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fiamlbowoxyw153a7ycr7mv21|03|net"; nocase; ) # v9l9du17bua391drd9vy9xfz3m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9l9du17bua391drd9vy9xfz3m|03|net"; nocase; ) # ezzoo81dgnb8e1yi2thk1moca5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ezzoo81dgnb8e1yi2thk1moca5z|03|com"; nocase; ) # imionv1l1aepz1v6u40xhzxog8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imionv1l1aepz1v6u40xhzxog8|03|net"; nocase; ) # 8l5t5a11bkhs11vhkd7w1vqgfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8l5t5a11bkhs11vhkd7w1vqgfw|03|net"; nocase; ) # 1or0t49xj47npnnklxu1vc7hd8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1or0t49xj47npnnklxu1vc7hd8|03|org"; nocase; ) # 1ik461c6xfkq3pkv38i15d69tv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ik461c6xfkq3pkv38i15d69tv|03|net"; nocase; ) # 1k0eyphf5qub1oqlh6uxeb2vx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k0eyphf5qub1oqlh6uxeb2vx|03|net"; nocase; ) # 1v9lyhd5mzrnu1sgcbz01odopfc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v9lyhd5mzrnu1sgcbz01odopfc|03|org"; nocase; ) # td37ew1gy9j81uvxdb5gl0c1g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|td37ew1gy9j81uvxdb5gl0c1g|03|com"; nocase; ) # 1o0hlwc1qz4mvy1pl94en1tusq08.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o0hlwc1qz4mvy1pl94en1tusq08|03|org"; nocase; ) # 1wt25a72z7cmj54pdey1b8o4fp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wt25a72z7cmj54pdey1b8o4fp|03|biz"; nocase; ) # 13zhj2w1bwrmf01jtccp1kgqlew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13zhj2w1bwrmf01jtccp1kgqlew|03|org"; nocase; ) # 1emxu7j1fx2tc21gx4cdt161pav8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1emxu7j1fx2tc21gx4cdt161pav8|03|net"; nocase; ) # t6tgngrwhq817mwpt6txq3tm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t6tgngrwhq817mwpt6txq3tm|03|com"; nocase; ) # 1twv24qanimybe64cbv153iu4g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1twv24qanimybe64cbv153iu4g|03|com"; nocase; ) # zb132c1qptn7l15v3gwo1lt49x1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zb132c1qptn7l15v3gwo1lt49x1|03|com"; nocase; ) # 5w5sc081m3ay1snyx447i2xfk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5w5sc081m3ay1snyx447i2xfk|03|org"; nocase; ) # 1pyp7nppwesas17x2ntm1v4d3fo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pyp7nppwesas17x2ntm1v4d3fo|03|org"; nocase; ) # 1x2bqeusoj9s1psf7sz1prwuwt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x2bqeusoj9s1psf7sz1prwuwt|03|biz"; nocase; ) # 1rbnl6zk4bka91hyzota1ido9n2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbnl6zk4bka91hyzota1ido9n2|03|com"; nocase; ) # idwploo5t3mq1gnf1hec3mebv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|idwploo5t3mq1gnf1hec3mebv|03|net"; nocase; ) # 1ubhx964o5dg1f2q93z13i37jv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ubhx964o5dg1f2q93z13i37jv|03|biz"; nocase; ) # 1ypvw3bk5ksmf1mr5zuj1tldu8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ypvw3bk5ksmf1mr5zuj1tldu8d|03|biz"; nocase; ) # i5m6j1vsebmyevh6466epjii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i5m6j1vsebmyevh6466epjii|03|com"; nocase; ) # 12h8judrp001z3bjd2rcnbtbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12h8judrp001z3bjd2rcnbtbq|03|org"; nocase; ) # 1scn3hm10al5f1u95xch1kmkl4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1scn3hm10al5f1u95xch1kmkl4o|03|net"; nocase; ) # 1i5lcfp1ivva4v1nl5iao1nza2mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1i5lcfp1ivva4v1nl5iao1nza2mi|03|net"; nocase; ) # vo7u531lvat4ziftwxb6b3e1c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vo7u531lvat4ziftwxb6b3e1c|03|biz"; nocase; ) # 16yz0vn1pps3eh1k3bqe318w3q2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16yz0vn1pps3eh1k3bqe318w3q2h|03|net"; nocase; ) # i16smtcsdx4b13e4fal1mnvl91.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i16smtcsdx4b13e4fal1mnvl91|03|org"; nocase; ) # 9epwt01yjippk1qc7fh91f96vq9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9epwt01yjippk1qc7fh91f96vq9|03|com"; nocase; ) # 15iy06110zkhzf1tqhl7b1mrueot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15iy06110zkhzf1tqhl7b1mrueot|03|net"; nocase; ) # miroxt1119shghanma1aqgr35.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|miroxt1119shghanma1aqgr35|03|biz"; nocase; ) # 1stqg5d1fxfz9712xqaog1x5cny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1stqg5d1fxfz9712xqaog1x5cny|03|net"; nocase; ) # lihrwxt72v6g6ez9cs137y9u3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lihrwxt72v6g6ez9cs137y9u3|03|com"; nocase; ) # 1reb1ep8y0cxfpot5513saf5m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1reb1ep8y0cxfpot5513saf5m|03|org"; nocase; ) # yeg7wk1dwnt1ta2i19fqsyh8v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yeg7wk1dwnt1ta2i19fqsyh8v|03|net"; nocase; ) # y2imjmjimu5e1czvu00sdksu0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2imjmjimu5e1czvu00sdksu0|03|biz"; nocase; ) # 1tzmy9rgu55tp10t00fjwasxgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzmy9rgu55tp10t00fjwasxgw|03|net"; nocase; ) # 3nr0k8iko7bw80zwfipk1cm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3nr0k8iko7bw80zwfipk1cm|03|org"; nocase; ) # 16lpy2u650q2t1gjfag71hlojtp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16lpy2u650q2t1gjfag71hlojtp|03|biz"; nocase; ) # 1vqmmqkfggqsm1f6v4eq1by3slm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqmmqkfggqsm1f6v4eq1by3slm|03|com"; nocase; ) # o0djmu306k9q12jhrgx1ix6qjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o0djmu306k9q12jhrgx1ix6qjc|03|org"; nocase; ) # 1ui3qncnp8nj11jt1a2rbu7sd1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ui3qncnp8nj11jt1a2rbu7sd1|03|org"; nocase; ) # k4ar7o1ihgqzes0kkvt1366orp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k4ar7o1ihgqzes0kkvt1366orp|03|biz"; nocase; ) # xo6bbc2qfjh4thnm2c4hmxbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xo6bbc2qfjh4thnm2c4hmxbq|03|org"; nocase; ) # nt2fv61gudjhk19hb6j71413a7p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nt2fv61gudjhk19hb6j71413a7p|03|biz"; nocase; ) # 1k49yzh1p5afgololmztwue9jp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k49yzh1p5afgololmztwue9jp|03|net"; nocase; ) # bpu8oj1c5c3ghcbnhtl11aqdot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bpu8oj1c5c3ghcbnhtl11aqdot|03|org"; nocase; ) # 1hck8w91sg2644joy4f2tgwzuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hck8w91sg2644joy4f2tgwzuq|03|net"; nocase; ) # 17e63txe890wdgb1tdj7ixtht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17e63txe890wdgb1tdj7ixtht|03|com"; nocase; ) # 84fycj1ts14cbsl5rti5d9jqp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|84fycj1ts14cbsl5rti5d9jqp|03|org"; nocase; ) # 1bk5zgf4wd6hi1qltw011twfe19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bk5zgf4wd6hi1qltw011twfe19|03|net"; nocase; ) # t8myfl1adf9vhcyqysv1s4rwnd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8myfl1adf9vhcyqysv1s4rwnd|03|org"; nocase; ) # kmsssubiom31guj4bx1jpypm0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmsssubiom31guj4bx1jpypm0|03|net"; nocase; ) # 1jxth2g1k5zs8g1wi5lz9yvnc50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jxth2g1k5zs8g1wi5lz9yvnc50|03|net"; nocase; ) # ntm72b19zg3hr1fkpilpoyo4rt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ntm72b19zg3hr1fkpilpoyo4rt|03|net"; nocase; ) # mv7q961cseq66199ejosso4qqs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mv7q961cseq66199ejosso4qqs|03|com"; nocase; ) # 5emvfaov43o916292fx1ih8bhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5emvfaov43o916292fx1ih8bhr|03|com"; nocase; ) # 1tr04f7wdl2h81lhlca4ehplz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tr04f7wdl2h81lhlca4ehplz8|03|com"; nocase; ) # 1ouw04qhgiktjwfianxz3h1y4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ouw04qhgiktjwfianxz3h1y4|03|org"; nocase; ) # w00ley13py62q1g1em5kdxvdcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w00ley13py62q1g1em5kdxvdcu|03|com"; nocase; ) # 7sc17kt0z5f7186bi9m1cy7nwa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7sc17kt0z5f7186bi9m1cy7nwa|03|net"; nocase; ) # 754m1o15p74fb3v1x031jdwuom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|754m1o15p74fb3v1x031jdwuom|03|com"; nocase; ) # hxg36i13mq1j10zzxppuqqy60.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hxg36i13mq1j10zzxppuqqy60|03|biz"; nocase; ) # tsbeml1614k80jokgkpvrxlei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tsbeml1614k80jokgkpvrxlei|03|org"; nocase; ) # 1svxrhpdvtnufsfn8ks1eqkfl8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1svxrhpdvtnufsfn8ks1eqkfl8|03|net"; nocase; ) # 1279t2ead2utj1hiijnh1f99gpx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1279t2ead2utj1hiijnh1f99gpx|03|org"; nocase; ) # wke1wdz3ctnqecjg7x6jb2dp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wke1wdz3ctnqecjg7x6jb2dp|03|org"; nocase; ) # 1p9lrz3fw8tz11gd5z561rk9y59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p9lrz3fw8tz11gd5z561rk9y59|03|org"; nocase; ) # 17np29e1s6ywk81alf6j8hpv9kr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17np29e1s6ywk81alf6j8hpv9kr|03|net"; nocase; ) # ypdgllddzs5f1w9zv35cybrc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypdgllddzs5f1w9zv35cybrc6|03|com"; nocase; ) # n04oj1dsp8wc1w1x3aq1sr7itz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n04oj1dsp8wc1w1x3aq1sr7itz|03|com"; nocase; ) # c0lnqj1e0ducq9piil714oeco1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c0lnqj1e0ducq9piil714oeco1|03|com"; nocase; ) # 1sm09omb3nu3b13yi62m19zpr8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sm09omb3nu3b13yi62m19zpr8n|03|net"; nocase; ) # 17i5cwk6iryupltqzk01n501ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17i5cwk6iryupltqzk01n501ia|03|net"; nocase; ) # 16nprqmeu0j3ym6shof4w1864.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16nprqmeu0j3ym6shof4w1864|03|com"; nocase; ) # t8ch8z1hm95e67upe01goaol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t8ch8z1hm95e67upe01goaol|03|com"; nocase; ) # e2hfry3a7j2sx7iyq31gllnu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e2hfry3a7j2sx7iyq31gllnu4|03|com"; nocase; ) # 7apq3v7sd0iajgs8d1688fws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7apq3v7sd0iajgs8d1688fws|03|net"; nocase; ) # 17j4s3usdozs6dzx9tn1qcszar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17j4s3usdozs6dzx9tn1qcszar|03|net"; nocase; ) # ari7mwn3vnlr3a3jqmwo7mhe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ari7mwn3vnlr3a3jqmwo7mhe|03|net"; nocase; ) # 1s9wb961f38n8c1om434q1xv9j1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s9wb961f38n8c1om434q1xv9j1m|03|net"; nocase; ) # mfz14b1g0z70s1kx1271s2d18g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mfz14b1g0z70s1kx1271s2d18g|03|org"; nocase; ) # oz3ohavc3oghoh6i8148u6ow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oz3ohavc3oghoh6i8148u6ow|03|com"; nocase; ) # rhqnu2aiklgi12ar4s3a72q7s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhqnu2aiklgi12ar4s3a72q7s|03|biz"; nocase; ) # zdav411seuaoseuz2grfg085b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zdav411seuaoseuz2grfg085b|03|com"; nocase; ) # nnjo511l129rp18nz9k6k240a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nnjo511l129rp18nz9k6k240a|03|biz"; nocase; ) # 1apaiy1pd3npf141ppc2rf2wvj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1apaiy1pd3npf141ppc2rf2wvj|03|net"; nocase; ) # 59g0h4eoc43c1ktc6j61emsvc0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59g0h4eoc43c1ktc6j61emsvc0|03|org"; nocase; ) # 1osl9ac9p0zix1fm1e34abr6hl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osl9ac9p0zix1fm1e34abr6hl|03|biz"; nocase; ) # 72oj1315mvx7h1mjjbzspmagdo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72oj1315mvx7h1mjjbzspmagdo|03|biz"; nocase; ) # 1xpxbr416ciw621x6p72rehs2j9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xpxbr416ciw621x6p72rehs2j9|03|org"; nocase; ) # unpu511sdtj871e8yq0mqg8mkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|unpu511sdtj871e8yq0mqg8mkn|03|com"; nocase; ) # 1a0y5zcbay1331yxy7nrfxjjio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a0y5zcbay1331yxy7nrfxjjio|03|org"; nocase; ) # qiazia1g198wx1qp27sz1xvdiqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qiazia1g198wx1qp27sz1xvdiqi|03|net"; nocase; ) # myf9ks1b7onjr1xeqhbcs02uwb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|myf9ks1b7onjr1xeqhbcs02uwb|03|net"; nocase; ) # g6bwn2kakte67j7hg1l1r9mp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g6bwn2kakte67j7hg1l1r9mp|03|net"; nocase; ) # j2qfsq9smp13csba311soxxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j2qfsq9smp13csba311soxxb|03|org"; nocase; ) # b96czk4gx74d13ui4agscq5xo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b96czk4gx74d13ui4agscq5xo|03|com"; nocase; ) # alt0743mgkvs2mwb481m4nszl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|alt0743mgkvs2mwb481m4nszl|03|net"; nocase; ) # 4g5td51h9lntu4d0qjbxh5nz8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4g5td51h9lntu4d0qjbxh5nz8|03|biz"; nocase; ) # dmc2ti9ks6xza3q8rrejk9at.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dmc2ti9ks6xza3q8rrejk9at|03|net"; nocase; ) # 799u3n16xz0h0mcra569fyety.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|799u3n16xz0h0mcra569fyety|03|com"; nocase; ) # 4s9x0f1wmvtyi1xhwp9d1pqp719.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4s9x0f1wmvtyi1xhwp9d1pqp719|03|net"; nocase; ) # wltqbwa0oj67kc0h5f16dllfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wltqbwa0oj67kc0h5f16dllfq|03|com"; nocase; ) # 12prwxe1x4fsr12923y8lp6x9c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12prwxe1x4fsr12923y8lp6x9c|03|org"; nocase; ) # 14wksk01xg9feg1rvx5spe8chmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wksk01xg9feg1rvx5spe8chmr|03|com"; nocase; ) # 1r5mjza1kneizx1nydp2v1q8avh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r5mjza1kneizx1nydp2v1q8avh0|03|org"; nocase; ) # 11i7jmnkgh49q19gz9tc1nd5dmq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11i7jmnkgh49q19gz9tc1nd5dmq|03|net"; nocase; ) # wrcll1w55vylp1eexw1azhx3a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wrcll1w55vylp1eexw1azhx3a|03|biz"; nocase; ) # s3k0ux9qu0id181a29m19y1hez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s3k0ux9qu0id181a29m19y1hez|03|org"; nocase; ) # 5sjm74rjr5hh1r4otsyu8uppf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5sjm74rjr5hh1r4otsyu8uppf|03|biz"; nocase; ) # 1gazbz71yg4fdr1hqivgg1bwimt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gazbz71yg4fdr1hqivgg1bwimt6|03|net"; nocase; ) # u0g55kqwiediyvmhkm12udak6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u0g55kqwiediyvmhkm12udak6|03|net"; nocase; ) # 70aguvejhtu0dur52q9q6g9u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|70aguvejhtu0dur52q9q6g9u|03|net"; nocase; ) # 14cuzst10z3wkk15bb93s1jt7ybq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14cuzst10z3wkk15bb93s1jt7ybq|03|net"; nocase; ) # fct94wettiph17rspi7681yzf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fct94wettiph17rspi7681yzf|03|biz"; nocase; ) # pted5w1beh7uc6i8i627p05zm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pted5w1beh7uc6i8i627p05zm|03|net"; nocase; ) # 1np7vk61bmuzpiqtbbjakwz05x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1np7vk61bmuzpiqtbbjakwz05x|03|biz"; nocase; ) # nvxmmjxwbkfklfka.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032332; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|nvxmmjxwbkfklfka|02|eu"; nocase; ) # hprwwwowxokukdxt.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032333; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hprwwwowxokukdxt|02|eu"; nocase; ) # hwksixoovdywdvft.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032334; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hwksixoovdywdvft|02|eu"; nocase; ) # heqotlogtramjoat.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032335; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|heqotlogtramjoat|02|eu"; nocase; ) # hscgqaopcupqumcg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032336; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|hscgqaopcupqumcg|02|eu"; nocase; ) # btoyybfhwnjqaqka.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032337; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|btoyybfhwnjqaqka|02|eu"; nocase; ) # bpgmhqruprakrhhm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032338; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|bpgmhqruprakrhhm|02|eu"; nocase; ) # udsfdfvmkxtwjxcg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032339; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|udsfdfvmkxtwjxcg|02|eu"; nocase; ) # uuossvhbwgokssvr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032340; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|uuossvhbwgokssvr|02|eu"; nocase; ) # ohphfjyjvjssyxoy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032341; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ohphfjyjvjssyxoy|02|eu"; nocase; ) # cwchuffiqirmwevx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032342; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|cwchuffiqirmwevx|02|eu"; nocase; ) # vqjfdmuksmiewbaq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032343; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|vqjfdmuksmiewbaq|02|eu"; nocase; ) # pkdpnaykpebcjmnk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032344; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pkdpnaykpebcjmnk|02|eu"; nocase; ) # pgupicllvirindkw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032345; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|pgupicllvirindkw|02|eu"; nocase; ) # dswgrifrmolgbaaw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032346; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dswgrifrmolgbaaw|02|eu"; nocase; ) # dhvxbwrnuebxmxov.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032347; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dhvxbwrnuebxmxov|02|eu"; nocase; ) # cfacc689a8b51695793aba6505ef5decf3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cfacc689a8b51695793aba6505ef5decf3|02|to"; nocase; ) # e80ef3726610b22c3bc987b8ce5afc1bf4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e80ef3726610b22c3bc987b8ce5afc1bf4|02|hk"; nocase; ) # f1f0cced9eddbeababc1addcc3cf5c7fd3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1f0cced9eddbeababc1addcc3cf5c7fd3|02|cn"; nocase; ) # jce367580bc0ca8c715fc9d8ea1b62a870.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jce367580bc0ca8c715fc9d8ea1b62a870|02|ws"; nocase; ) # l37b6080325808de9d089c4c9e59253810.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l37b6080325808de9d089c4c9e59253810|02|in"; nocase; ) # s3c1f522952281085338503e532a307355.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s3c1f522952281085338503e532a307355|02|to"; nocase; ) # j5b0ae265c060b7a7c7bb5195afa410609.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5b0ae265c060b7a7c7bb5195afa410609|02|in"; nocase; ) # ra63fe7287735d99e74704c82f0d79adae.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra63fe7287735d99e74704c82f0d79adae|02|in"; nocase; ) # d14de41325e06036cfa3e050ab3d847e1d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d14de41325e06036cfa3e050ab3d847e1d|02|so"; nocase; ) # e509a8663115ab2e1b4cffd926eacc9ff0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e509a8663115ab2e1b4cffd926eacc9ff0|02|cc"; nocase; ) # h7f102f2535da52aef4949bee59a616d50.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h7f102f2535da52aef4949bee59a616d50|02|in"; nocase; ) # oaa90fa0e9cfabb844fefdecaf2056bcd0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oaa90fa0e9cfabb844fefdecaf2056bcd0|02|to"; nocase; ) # q70bf449192f0a6187276ba955b30c9f48.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q70bf449192f0a6187276ba955b30c9f48|02|hk"; nocase; ) # uc54f0141bc3b396082c22a1a8f9dc21a9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc54f0141bc3b396082c22a1a8f9dc21a9|02|cc"; nocase; ) # de54d1ebea40213d2410ebb53f0397ee48.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de54d1ebea40213d2410ebb53f0397ee48|02|ws"; nocase; ) # fb48fd598d1ac4e85c9ab498fd052d5c38.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb48fd598d1ac4e85c9ab498fd052d5c38|02|in"; nocase; ) # m25ae55b9ea32975f65371bfd925c28e21.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m25ae55b9ea32975f65371bfd925c28e21|02|to"; nocase; ) # q8fc3506252940f1f55dbf954e00b3f29c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8fc3506252940f1f55dbf954e00b3f29c|02|tk"; nocase; ) # s8d6b35a4fcb3c85632999fd215b29f138.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8d6b35a4fcb3c85632999fd215b29f138|02|cc"; nocase; ) # w1c7fa955a8ae0ceba89892c27a59c77b3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1c7fa955a8ae0ceba89892c27a59c77b3|02|hk"; nocase; ) # yc9ee666f7d315c3bf913f2ba5be14620f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc9ee666f7d315c3bf913f2ba5be14620f|02|tk"; nocase; ) # h967bc5a3b7fe76e06275f1104bd34fa42.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h967bc5a3b7fe76e06275f1104bd34fa42|02|so"; nocase; ) # seed964b701c40d17687ba74795e11c3d1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|seed964b701c40d17687ba74795e11c3d1|02|to"; nocase; ) # x0e208b4eb980bc4ce68349c619589d768.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0e208b4eb980bc4ce68349c619589d768|02|so"; nocase; ) # c650eb310e85dc6df25242222d0c1b0b0a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c650eb310e85dc6df25242222d0c1b0b0a|02|hk"; nocase; ) # h1c22ec3983bde3146d159b15ed7c28713.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h1c22ec3983bde3146d159b15ed7c28713|02|ws"; nocase; ) # i2af665d524404b2e4cbeb26c5692b90fe.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2af665d524404b2e4cbeb26c5692b90fe|02|to"; nocase; ) # l5bbbf01791c579d17d60f324a6d06da54.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l5bbbf01791c579d17d60f324a6d06da54|02|cn"; nocase; ) # q6e23079dad42d374f087d5d40d2041d7b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q6e23079dad42d374f087d5d40d2041d7b|02|to"; nocase; ) # s0776dde12c7f626580121a9e79c409637.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0776dde12c7f626580121a9e79c409637|02|hk"; nocase; ) # v004cb5f22f83bf87d8dcc58b9f6c61b12.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v004cb5f22f83bf87d8dcc58b9f6c61b12|02|so"; nocase; ) # y7859b6f947aad235d0333336019381711.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y7859b6f947aad235d0333336019381711|02|to"; nocase; ) # beb1f8d90b24247e586656c0433d37aee3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|beb1f8d90b24247e586656c0433d37aee3|02|cn"; nocase; ) # ed6ae4a6d515ccee14ac55801613590215.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ed6ae4a6d515ccee14ac55801613590215|02|cc"; nocase; ) # m5d8c473c37d0b66150ea892a7d513a6c7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5d8c473c37d0b66150ea892a7d513a6c7|02|cc"; nocase; ) # afaeceefd8bf7a81272c1c093aa0e7463a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|afaeceefd8bf7a81272c1c093aa0e7463a|02|tk"; nocase; ) # ndf3e65e6c03554b7dd5ff4190f5ce4e01.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ndf3e65e6c03554b7dd5ff4190f5ce4e01|02|in"; nocase; ) # acae0d845f8829f91b71b4218836c56a3b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|acae0d845f8829f91b71b4218836c56a3b|02|cc"; nocase; ) # c2029c1a41094aa29fd2f693d4186c79df.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c2029c1a41094aa29fd2f693d4186c79df|02|to"; nocase; ) # e8c421bb6ca7e5b1ba1e305f4128c44dc0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8c421bb6ca7e5b1ba1e305f4128c44dc0|02|hk"; nocase; ) # m081c76f5a3ecc3406d213d123bc6179f0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m081c76f5a3ecc3406d213d123bc6179f0|02|hk"; nocase; ) # o379564345662c46a27e950d1a4226d5a8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o379564345662c46a27e950d1a4226d5a8|02|tk"; nocase; ) # s93930d8707db5ed46b9b045cce9bbe6b6.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s93930d8707db5ed46b9b045cce9bbe6b6|02|to"; nocase; ) # u71fb858468fcc8e9243ecf2ebf7fc59ed.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u71fb858468fcc8e9243ecf2ebf7fc59ed|02|hk"; nocase; ) # a486ba94e12bf4c3700d565be8d90d3950.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a486ba94e12bf4c3700d565be8d90d3950|02|to"; nocase; ) # f344934924cbcd0778cd562ad7b0e68129.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f344934924cbcd0778cd562ad7b0e68129|02|so"; nocase; ) # h97c10ba37308f967bf5466dff5e59e924.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h97c10ba37308f967bf5466dff5e59e924|02|ws"; nocase; ) # nc273e05284871d2cb10ca30b9219878ff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc273e05284871d2cb10ca30b9219878ff|02|so"; nocase; ) # oc436d83692a006839351b46a450db3500.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc436d83692a006839351b46a450db3500|02|cc"; nocase; ) # uf421f46512585ed91a4836af334c9c6d9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf421f46512585ed91a4836af334c9c6d9|02|tk"; nocase; ) # w038b0865efe40ced628cb10d15762f971.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w038b0865efe40ced628cb10d15762f971|02|cc"; nocase; ) # y4a39c6367dd60cd4d866cc3f8281cedde.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4a39c6367dd60cd4d866cc3f8281cedde|02|to"; nocase; ) # z9e8e17531688c6c204039ed2d15454473.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9e8e17531688c6c204039ed2d15454473|02|in"; nocase; ) # e4d564c524969cfcef8382edd1f729eb04.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e4d564c524969cfcef8382edd1f729eb04|02|cc"; nocase; ) # p4d7dc540339837037082e96462aa305eb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p4d7dc540339837037082e96462aa305eb|02|in"; nocase; ) # qf92048f8322bc029beb2e224c812adb86.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf92048f8322bc029beb2e224c812adb86|02|hk"; nocase; ) # tf4ce7033d35a2cc3f1106c546964c3a16.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf4ce7033d35a2cc3f1106c546964c3a16|02|so"; nocase; ) # v3ae9dfeb5d4811fa31d13d254cf76568f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v3ae9dfeb5d4811fa31d13d254cf76568f|02|ws"; nocase; ) # we9a53b43ae1f84bc917ee6674c40ef63a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|we9a53b43ae1f84bc917ee6674c40ef63a|02|to"; nocase; ) # x6f4d9f6223f5c065a99b3ff2c5429c70a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6f4d9f6223f5c065a99b3ff2c5429c70a|02|in"; nocase; ) # z88a60ec5f32d1054ee2d785d286f2bac3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z88a60ec5f32d1054ee2d785d286f2bac3|02|cn"; nocase; ) # c4327d5536308efa7cb0d7f409e83b6bd8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4327d5536308efa7cb0d7f409e83b6bd8|02|cc"; nocase; ) # f727636d99de34a8752a09a6f68137aab5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f727636d99de34a8752a09a6f68137aab5|02|in"; nocase; ) # nb4364e2bc5e9b52c7b9ff5d066c10c180.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb4364e2bc5e9b52c7b9ff5d066c10c180|02|in"; nocase; ) # te642050a115af7c91ef5e82ec34e49d29.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te642050a115af7c91ef5e82ec34e49d29|02|ws"; nocase; ) # xce291335b3e884afb52738fc3169748b6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xce291335b3e884afb52738fc3169748b6|02|cn"; nocase; ) # b05e2b5a7103003fc150b1f2914be009c5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b05e2b5a7103003fc150b1f2914be009c5|02|ws"; nocase; ) # q8e5e09d112851a42d451423dc179754fd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8e5e09d112851a42d451423dc179754fd|02|cc"; nocase; ) # sc291bf82f67e9d370a9e5c62f0e0bc09e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sc291bf82f67e9d370a9e5c62f0e0bc09e|02|to"; nocase; ) # xcc83586191eb5f469c5fcb25bfa8091f5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xcc83586191eb5f469c5fcb25bfa8091f5|02|so"; nocase; ) # zf7226fa29837b3f0d03b844a63ec9905e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zf7226fa29837b3f0d03b844a63ec9905e|02|ws"; nocase; ) # l840ec996794ee4bce5bc26420f1be0ba6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l840ec996794ee4bce5bc26420f1be0ba6|02|cn"; nocase; ) # t924655bd81450b05ab2a59cdb57abff47.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t924655bd81450b05ab2a59cdb57abff47|02|cn"; nocase; ) # xeca27bec47b3aeae5b0b63c2ea7916233.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xeca27bec47b3aeae5b0b63c2ea7916233|02|ws"; nocase; ) # cb2da76157eca316759dd881c8f3238368.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb2da76157eca316759dd881c8f3238368|02|tk"; nocase; ) # dd373a5cc88f23e884122e85d444323750.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd373a5cc88f23e884122e85d444323750|02|so"; nocase; ) # p7dcc102fd08e2472e8f4782b09cb9926f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7dcc102fd08e2472e8f4782b09cb9926f|02|in"; nocase; ) # va723470a7d74b179668bc1bd979abbc74.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|va723470a7d74b179668bc1bd979abbc74|02|ws"; nocase; ) # yc6223b1733333253e2385cbf0808ef836.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc6223b1733333253e2385cbf0808ef836|02|hk"; nocase; ) # f5a99284a5679c94909b7348e2de9470ce.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5a99284a5679c94909b7348e2de9470ce|02|in"; nocase; ) # h2848da6df0d12b336a20f756098adf184.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h2848da6df0d12b336a20f756098adf184|02|cn"; nocase; ) # l1d3cc2a9f17a0c2d093806851d5452134.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1d3cc2a9f17a0c2d093806851d5452134|02|ws"; nocase; ) # r81c0751cc01beb055386e489a1256db73.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r81c0751cc01beb055386e489a1256db73|02|so"; nocase; ) # t7a92a135df35467b762140f1373ba8ac4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t7a92a135df35467b762140f1373ba8ac4|02|ws"; nocase; ) # d6cd36f9e4e0846170c9b77a9097637e55.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6cd36f9e4e0846170c9b77a9097637e55|02|in"; nocase; ) # me6efe1586bef9d4e803012d4e1af89cb2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me6efe1586bef9d4e803012d4e1af89cb2|02|hk"; nocase; ) # r2b936eb389b6bc108db03f0cb1f970962.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2b936eb389b6bc108db03f0cb1f970962|02|ws"; nocase; ) # ce003a727fc68d415fa40dc9eb9c583e45.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ce003a727fc68d415fa40dc9eb9c583e45|02|hk"; nocase; ) # db9d5c00e9da488329503fe21c276fa7d3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|db9d5c00e9da488329503fe21c276fa7d3|02|cn"; nocase; ) # f3f0f0b899a4cee7a82bd95987c341e17a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f3f0f0b899a4cee7a82bd95987c341e17a|02|so"; nocase; ) # ic47bba21632d11c144c1e7a13292e3bc8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ic47bba21632d11c144c1e7a13292e3bc8|02|to"; nocase; ) # jc0d280a10258af192312eaa8e4737cd3b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc0d280a10258af192312eaa8e4737cd3b|02|in"; nocase; ) # md5d5e8e8f275a82510230210ed8c08133.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md5d5e8e8f275a82510230210ed8c08133|02|tk"; nocase; ) # n2bb90455ae2ed71ad875eba3d2051a096.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2bb90455ae2ed71ad875eba3d2051a096|02|so"; nocase; ) # t9c5882684c434407dab6d73b40eb7dce3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9c5882684c434407dab6d73b40eb7dce3|02|cn"; nocase; ) # u821458e5d2cb2fcdd186e863c9a0c17b2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u821458e5d2cb2fcdd186e863c9a0c17b2|02|tk"; nocase; ) # aab2f77c029deec4d5790fe792d4c37262.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aab2f77c029deec4d5790fe792d4c37262|02|hk"; nocase; ) # ea464db56bb961777a5853952e4e5629bb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea464db56bb961777a5853952e4e5629bb|02|cc"; nocase; ) # fac3ffd19ec9d4abaa6339d8c7c811b4bd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fac3ffd19ec9d4abaa6339d8c7c811b4bd|02|ws"; nocase; ) # hc11e390dbfe5a2041ed9dd4244972f12b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc11e390dbfe5a2041ed9dd4244972f12b|02|in"; nocase; ) # pbfc53d72eb50cc1770db77f539c34db75.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbfc53d72eb50cc1770db77f539c34db75|02|in"; nocase; ) # t96bc6ecc841f99da4d9a1742172d18a5b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t96bc6ecc841f99da4d9a1742172d18a5b|02|so"; nocase; ) # v7d31514cf04cf93fc9749507532ff9387.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v7d31514cf04cf93fc9749507532ff9387|02|ws"; nocase; ) # yaf404e87c4be55feef779f002fcdc79e8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yaf404e87c4be55feef779f002fcdc79e8|02|hk"; nocase; ) # a241fd550c85fcddf01fbf7577cd4abe43.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a241fd550c85fcddf01fbf7577cd4abe43|02|tk"; nocase; ) # b78f925fb5fab0d47a2e740a37a1e827b9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b78f925fb5fab0d47a2e740a37a1e827b9|02|so"; nocase; ) # i22b94e468ebe4599d473fecbde7cf3fc4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i22b94e468ebe4599d473fecbde7cf3fc4|02|tk"; nocase; ) # m7818c87fe80460f6c4bbfe95350f5dc06.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m7818c87fe80460f6c4bbfe95350f5dc06|02|to"; nocase; ) # tefeb9f05274cd9c1c7e2d8c4b705737f7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tefeb9f05274cd9c1c7e2d8c4b705737f7|02|ws"; nocase; ) # y3a1278a135b8bf3a1ad07acee8f8ef216.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3a1278a135b8bf3a1ad07acee8f8ef216|02|tk"; nocase; ) # j9e0f52409f23053e37daac6d0a4fc6265.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9e0f52409f23053e37daac6d0a4fc6265|02|ws"; nocase; ) # n5506d500ec3e32ef9706e7f62ecba672f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n5506d500ec3e32ef9706e7f62ecba672f|02|cn"; nocase; ) # ybb8c6bdcfb8208613973ce22b2228cca6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybb8c6bdcfb8208613973ce22b2228cca6|02|cc"; nocase; ) # e1cb37b6da61149320bf8e46d5f10ef8dc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1cb37b6da61149320bf8e46d5f10ef8dc|02|tk"; nocase; ) # l5dfe6f7c5bc5aad598c5c95590acb0abf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l5dfe6f7c5bc5aad598c5c95590acb0abf|02|cn"; nocase; ) # y649e3d0b0989a4c13d81e05b342412e88.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y649e3d0b0989a4c13d81e05b342412e88|02|to"; nocase; ) # e494bc0cfd95217d97f1b4f61510f94573.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e494bc0cfd95217d97f1b4f61510f94573|02|cc"; nocase; ) # f9bf0e3f7cb27b2114eeced6cdf8d4779d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9bf0e3f7cb27b2114eeced6cdf8d4779d|02|ws"; nocase; ) # m88cdc1f008163d2e858dc7d11124d3a48.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m88cdc1f008163d2e858dc7d11124d3a48|02|cc"; nocase; ) # r5e9ae44e226d56b62f7baa64fc3256143.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r5e9ae44e226d56b62f7baa64fc3256143|02|cn"; nocase; ) # b430293260a0f0d4751133fb14b2404a4b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b430293260a0f0d4751133fb14b2404a4b|02|so"; nocase; ) # m1ad16454a5cf7ae23654b6a1bc61a2955.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m1ad16454a5cf7ae23654b6a1bc61a2955|02|to"; nocase; ) # q8e734e2cd9bfa4a9984ace162a70c73f1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8e734e2cd9bfa4a9984ace162a70c73f1|02|tk"; nocase; ) # v64765a2099411d8d25bbace19312829df.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v64765a2099411d8d25bbace19312829df|02|in"; nocase; ) # xf52859af41c7a22b27be196e2bf5d0235.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf52859af41c7a22b27be196e2bf5d0235|02|cn"; nocase; ) # z175088240fda87cf97fae6e55be400093.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z175088240fda87cf97fae6e55be400093|02|so"; nocase; ) # gce018370c85521c3fbc561a767945000e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gce018370c85521c3fbc561a767945000e|02|tk"; nocase; ) # i00471a9422212899a18824ee80c56d223.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i00471a9422212899a18824ee80c56d223|02|cc"; nocase; ) # wc9db0e6974d7d7f22fd5cf6b8e5f5c182.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc9db0e6974d7d7f22fd5cf6b8e5f5c182|02|tk"; nocase; ) # xbea3098c213bb1fd4410bf22a93ff9174.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xbea3098c213bb1fd4410bf22a93ff9174|02|so"; nocase; ) # c6834ef2d80cd32a24b114d38ba6ec17a0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6834ef2d80cd32a24b114d38ba6ec17a0|02|hk"; nocase; ) # fab1dc71a32794dbdce8b6159532d52ba1.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fab1dc71a32794dbdce8b6159532d52ba1|02|so"; nocase; ) # gc05f05a2fded7656b68b9dc8a03788deb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc05f05a2fded7656b68b9dc8a03788deb|02|cc"; nocase; ) # j5b65a6ea4b28c724bcef3431501b72d3d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5b65a6ea4b28c724bcef3431501b72d3d|02|in"; nocase; ) # kd75318a3f26e21c0e8c9bfe0cf3693b61.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd75318a3f26e21c0e8c9bfe0cf3693b61|02|hk"; nocase; ) # maf6a5d081f9ef1240f75e01d17d73904f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|maf6a5d081f9ef1240f75e01d17d73904f|02|tk"; nocase; ) # te214c557b70c1b01a44eabd312834464c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te214c557b70c1b01a44eabd312834464c|02|cn"; nocase; ) # u4e0eb4167eb50a7b2473fee744e7b9e4a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u4e0eb4167eb50a7b2473fee744e7b9e4a|02|tk"; nocase; ) # z112ae6e64d725b3af5c5bbfb95c9a7a31.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z112ae6e64d725b3af5c5bbfb95c9a7a31|02|in"; nocase; ) # eacf3a77db14465038ee4065caddc6a59b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eacf3a77db14465038ee4065caddc6a59b|02|cc"; nocase; ) # p467e980d323e265c69658d6cc70bf503a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p467e980d323e265c69658d6cc70bf503a|02|in"; nocase; ) # q638eba20e9428da0df9d175bd26e8d589.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q638eba20e9428da0df9d175bd26e8d589|02|hk"; nocase; ) # udc0e5c07379294c2fd7c73abd53f07a59.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|udc0e5c07379294c2fd7c73abd53f07a59|02|cc"; nocase; ) # g41b15808872956895659fe5d8c2d593e8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g41b15808872956895659fe5d8c2d593e8|02|hk"; nocase; ) # j91ea599c366c623fdd8cc7a7cf23b01de.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j91ea599c366c623fdd8cc7a7cf23b01de|02|so"; nocase; ) # l2eb68801ed8b2e1a1d711dd84896026ac.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l2eb68801ed8b2e1a1d711dd84896026ac|02|ws"; nocase; ) # nf8ea789cb7be2b9562f47cd27576aa5a0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nf8ea789cb7be2b9562f47cd27576aa5a0|02|in"; nocase; ) # p6043bfdc75289330990a2a8bebaec0415.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6043bfdc75289330990a2a8bebaec0415|02|cn"; nocase; ) # e502a5c3def62c3ebaa9c65f927682d6bf.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e502a5c3def62c3ebaa9c65f927682d6bf|02|hk"; nocase; ) # ic8df1cbf200677b2fc57d822e98b91a7c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ic8df1cbf200677b2fc57d822e98b91a7c|02|cc"; nocase; ) # q81445bc461cdcc155d236c91d808d2707.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q81445bc461cdcc155d236c91d808d2707|02|cc"; nocase; ) # t2133764cc277bd50c2dd5bd10263a2546.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t2133764cc277bd50c2dd5bd10263a2546|02|in"; nocase; ) # w5ff92944056534c535e0f16c7a9de588d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5ff92944056534c535e0f16c7a9de588d|02|tk"; nocase; ) # gc7d1c6607a9bca26af9494425a8d46f24.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc7d1c6607a9bca26af9494425a8d46f24|02|cc"; nocase; ) # m95597664e778d7edc50e7a230185294e7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m95597664e778d7edc50e7a230185294e7|02|tk"; nocase; ) # qaeeb9c2267c720631ca23b99fee051289.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qaeeb9c2267c720631ca23b99fee051289|02|to"; nocase; ) # zab9a085b71790cb1f85cced70070f5bfc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zab9a085b71790cb1f85cced70070f5bfc|02|in"; nocase; ) # ia3a4ad737e42b1f73ef3f95d9ef721602.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia3a4ad737e42b1f73ef3f95d9ef721602|02|hk"; nocase; ) # ne0dfed461fc9934ba9b52ef015a6024f9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne0dfed461fc9934ba9b52ef015a6024f9|02|ws"; nocase; ) # p6749997e521279a6004f73ed93b0cfe12.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6749997e521279a6004f73ed93b0cfe12|02|in"; nocase; ) # t9c9e5e92069b7616d641ea56ae3fc8844.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9c9e5e92069b7616d641ea56ae3fc8844|02|so"; nocase; ) # z873fc5e1db9652b160e674a3654a02ec8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z873fc5e1db9652b160e674a3654a02ec8|02|cn"; nocase; ) # b4c8e415f397311687b135daa1349715d9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b4c8e415f397311687b135daa1349715d9|02|so"; nocase; ) # gc05902eb4f87120278dbbf56371d48ba0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc05902eb4f87120278dbbf56371d48ba0|02|hk"; nocase; ) # h107eebbbc6cca159d61455ba1f4e0769a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h107eebbbc6cca159d61455ba1f4e0769a|02|cn"; nocase; ) # l78fdb6acc5ae42b6f8a740c2fa3c24c5e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l78fdb6acc5ae42b6f8a740c2fa3c24c5e|02|ws"; nocase; ) # n6ecd6f5a22777f7c8e3d309b7b8ac0011.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n6ecd6f5a22777f7c8e3d309b7b8ac0011|02|in"; nocase; ) # w1c2826f64cb4b76c34ba252a1c16686ad.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1c2826f64cb4b76c34ba252a1c16686ad|02|hk"; nocase; ) # x41e57dc678d5310464a4d1d5b05885ce4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x41e57dc678d5310464a4d1d5b05885ce4|02|cn"; nocase; ) # fe0319eebfaa650295940401f9579b50e7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe0319eebfaa650295940401f9579b50e7|02|cn"; nocase; ) # s52ce380ae791dc3ddaf3220c4017cafc2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s52ce380ae791dc3ddaf3220c4017cafc2|02|to"; nocase; ) # xa0eec5d65abb9f2c5c53a45030792d721.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa0eec5d65abb9f2c5c53a45030792d721|02|so"; nocase; ) # g281faca49d6a83f3bc0b54c45220a58d5.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g281faca49d6a83f3bc0b54c45220a58d5|02|cc"; nocase; ) # h13a60abc2fbb287def555707616c8c649.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h13a60abc2fbb287def555707616c8c649|02|ws"; nocase; ) # ifbd9b33ef5bf88d63dcfe9f3fd1eefe93.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifbd9b33ef5bf88d63dcfe9f3fd1eefe93|02|to"; nocase; ) # k76ed61d416882e238e588192df11f296b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k76ed61d416882e238e588192df11f296b|02|hk"; nocase; ) # m8fff33fb5176f68f4b36f6af107f57d6c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8fff33fb5176f68f4b36f6af107f57d6c|02|tk"; nocase; ) # tc9b0eb6b9d541fb50bfa0bf5ec8eb076a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc9b0eb6b9d541fb50bfa0bf5ec8eb076a|02|cn"; nocase; ) # f9a9d74b8fb1980e548a415e4447c73051.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9a9d74b8fb1980e548a415e4447c73051|02|ws"; nocase; ) # i121b4f2e6a8ad3374169ecb9381a140cc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i121b4f2e6a8ad3374169ecb9381a140cc|02|hk"; nocase; ) # k1860aa930344053b57a6f52389dee0bb9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k1860aa930344053b57a6f52389dee0bb9|02|tk"; nocase; ) # w5c547c35915dc3af92f2485909dbc5bb4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5c547c35915dc3af92f2485909dbc5bb4|02|to"; nocase; ) # x1e14681bf94644962cb27fb17c8ccd76d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1e14681bf94644962cb27fb17c8ccd76d|02|in"; nocase; ) # g6ca55f73c4296ecac8f2e2be14a605cbb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6ca55f73c4296ecac8f2e2be14a605cbb|02|hk"; nocase; ) # k88bef53802968c11da25ec545c2d1047c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k88bef53802968c11da25ec545c2d1047c|02|cc"; nocase; ) # a41f065b5ac2bc49e04f4f12a2c7f631f8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a41f065b5ac2bc49e04f4f12a2c7f631f8|02|cc"; nocase; ) # p34d96ab52087f74f8b8bcac73df8a0025.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p34d96ab52087f74f8b8bcac73df8a0025|02|so"; nocase; ) # wb9dd259858b9fa266e2fbe6c6d1f9c514.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb9dd259858b9fa266e2fbe6c6d1f9c514|02|tk"; nocase; ) # zcf824df7db8808d8d991cd0585a10c9ce.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zcf824df7db8808d8d991cd0585a10c9ce|02|ws"; nocase; ) # geb3a0d38a09035016771e68bebb833330.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|geb3a0d38a09035016771e68bebb833330|02|cc"; nocase; ) # mf1861a0654d408c1dce87500c9523d54e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf1861a0654d408c1dce87500c9523d54e|02|tk"; nocase; ) # q6916ac5158656d9dbf790b2d94e0855ea.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q6916ac5158656d9dbf790b2d94e0855ea|02|to"; nocase; ) # rca593acc585c43189afd703325cc5c476.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rca593acc585c43189afd703325cc5c476|02|in"; nocase; ) # a8237b2cd45b24578deaaa698b4c6c95f6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8237b2cd45b24578deaaa698b4c6c95f6|02|hk"; nocase; ) # h1d2fd5ace144cf9e3241707bd92cacda4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h1d2fd5ace144cf9e3241707bd92cacda4|02|in"; nocase; ) # j3f457341c342e2fd8a39e7f65268af2a3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j3f457341c342e2fd8a39e7f65268af2a3|02|cn"; nocase; ) # lb5bfffd62e2d439eca582233f0f2060ab.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lb5bfffd62e2d439eca582233f0f2060ab|02|so"; nocase; ) # aecb9aeb88143421d0c6d348d69239ad86.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aecb9aeb88143421d0c6d348d69239ad86|02|cc"; nocase; ) # d6ba607d349cca755926f1c5b2ebdddf54.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6ba607d349cca755926f1c5b2ebdddf54|02|in"; nocase; ) # mc576718769ae92fa7fe27615e92130268.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc576718769ae92fa7fe27615e92130268|02|hk"; nocase; ) # qe2802bfb0b9038e07acd0453635698587.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe2802bfb0b9038e07acd0453635698587|02|cc"; nocase; ) # tdfe0f19e9b1e7e51ba366456acb99c779.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tdfe0f19e9b1e7e51ba366456acb99c779|02|in"; nocase; ) # wd12e5ec3e461c1c96db26c25da07df18f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd12e5ec3e461c1c96db26c25da07df18f|02|tk"; nocase; ) # z754989cfe42d7a69d19cbe9ddaacab6bf.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z754989cfe42d7a69d19cbe9ddaacab6bf|02|ws"; nocase; ) # e35129d0a0bf16b4793ae9b00a58b90913.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e35129d0a0bf16b4793ae9b00a58b90913|02|tk"; nocase; ) # h326a7de78ecc61bd6053487aaee25ca59.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h326a7de78ecc61bd6053487aaee25ca59|02|ws"; nocase; ) # i3659664a0d2712c95a7c6df644bdcb6d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3659664a0d2712c95a7c6df644bdcb6d2|02|to"; nocase; ) # kf6b728e3fae05ff8ca1fbb7b2920aaa6e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf6b728e3fae05ff8ca1fbb7b2920aaa6e|02|hk"; nocase; ) # ref4b808dae3833739ef7e85fd37e50488.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ref4b808dae3833739ef7e85fd37e50488|02|in"; nocase; ) # scc5f147aae5ee7eadd1dcb515c0877d39.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|scc5f147aae5ee7eadd1dcb515c0877d39|02|hk"; nocase; ) # tb27504a353d93e679e781062cb59e80a9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tb27504a353d93e679e781062cb59e80a9|02|cn"; nocase; ) # u6a9d1aec0b99ea6ceacd2582e8d6a353d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u6a9d1aec0b99ea6ceacd2582e8d6a353d|02|tk"; nocase; ) # g80b68c1431b1c635b2c3ee5b166277a59.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g80b68c1431b1c635b2c3ee5b166277a59|02|to"; nocase; ) # n8d2f172ab8fa4d68bdbcf7250a92239f6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n8d2f172ab8fa4d68bdbcf7250a92239f6|02|ws"; nocase; ) # tc8c0307fd445aa050d07cb64c9dfe0251.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc8c0307fd445aa050d07cb64c9dfe0251|02|so"; nocase; ) # v464af03d013310220d49dff198e417848.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v464af03d013310220d49dff198e417848|02|ws"; nocase; ) # h96fccff92240bbd09281145a26f6c0b6f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h96fccff92240bbd09281145a26f6c0b6f|02|cn"; nocase; ) # jcddd8cf36c48af7f59b69e2b40d4297ee.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jcddd8cf36c48af7f59b69e2b40d4297ee|02|so"; nocase; ) # n3ab9f98ac323cf052242958e9da1b90d7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3ab9f98ac323cf052242958e9da1b90d7|02|in"; nocase; ) # pf0c2226ce895756d8a03bbb48b47dcac7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf0c2226ce895756d8a03bbb48b47dcac7|02|cn"; nocase; ) # u25119848817353c9f09934a818bb3e9b5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u25119848817353c9f09934a818bb3e9b5|02|to"; nocase; ) # f635163d81d57cb2d2d2f2f82abe902064.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f635163d81d57cb2d2d2f2f82abe902064|02|cn"; nocase; ) # i2c8d607f58f0add4a98a12a3870d44d95.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i2c8d607f58f0add4a98a12a3870d44d95|02|cc"; nocase; ) # w609eb0731cd28782af5f8d64afc091c5e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w609eb0731cd28782af5f8d64afc091c5e|02|tk"; nocase; ) # xd8c387f503c3dfd9b978ae33e44c2bddf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd8c387f503c3dfd9b978ae33e44c2bddf|02|so"; nocase; ) # yf0c86e90f6d2c117f422f67dc2bb30d0e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yf0c86e90f6d2c117f422f67dc2bb30d0e|02|cc"; nocase; ) # aca25e55fb9574ad26eef1e450c6e07da0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aca25e55fb9574ad26eef1e450c6e07da0|02|to"; nocase; ) # b6c8147f1c60d36e7f29560f0d1eb59aa5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6c8147f1c60d36e7f29560f0d1eb59aa5|02|in"; nocase; ) # jd54134c6963cc3cd22711e6842388eb79.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd54134c6963cc3cd22711e6842388eb79|02|in"; nocase; ) # o7c9283bb5b5c6ce1342560756137a98b7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o7c9283bb5b5c6ce1342560756137a98b7|02|cc"; nocase; ) # v2ec84ebde5436f5a192dafb44ad9f0716.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v2ec84ebde5436f5a192dafb44ad9f0716|02|so"; nocase; ) # z6ed26251a72a8c27ae30267e65633dd0b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6ed26251a72a8c27ae30267e65633dd0b|02|in"; nocase; ) # eb8154b69bea4fde2199bc8305680fe11d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eb8154b69bea4fde2199bc8305680fe11d|02|cc"; nocase; ) # h412d7bcdee27a9d829875fbe26ea1f230.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h412d7bcdee27a9d829875fbe26ea1f230|02|in"; nocase; ) # s2e468f80bf3af89b3ed6608734d3f3098.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2e468f80bf3af89b3ed6608734d3f3098|02|tk"; nocase; ) # t07646036d6dad5d4d474bb65829e92952.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t07646036d6dad5d4d474bb65829e92952|02|so"; nocase; ) # w9bd77c6f25a1e040af4f9fe3c0040cc64.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w9bd77c6f25a1e040af4f9fe3c0040cc64|02|to"; nocase; ) # g47f7ce5374f3d60eb570c65f0cf7ba449.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g47f7ce5374f3d60eb570c65f0cf7ba449|02|hk"; nocase; ) # o8bad38298530a3837220d2cc22ca764f7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8bad38298530a3837220d2cc22ca764f7|02|hk"; nocase; ) # qfb7c2d6f96af68e362d168b70d54ae462.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qfb7c2d6f96af68e362d168b70d54ae462|02|tk"; nocase; ) # x26f0d50e42cb253c9174fabea1da17983.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x26f0d50e42cb253c9174fabea1da17983|02|cn"; nocase; ) # efc91768bbfb7a61767030da731a929ed0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|efc91768bbfb7a61767030da731a929ed0|02|hk"; nocase; ) # t53f6b41f28f59f1d3d8adfd15380053e9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t53f6b41f28f59f1d3d8adfd15380053e9|02|in"; nocase; ) # uaf1285bd75db34b85f4972d2e25eeb3d6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uaf1285bd75db34b85f4972d2e25eeb3d6|02|hk"; nocase; ) # w7d6461a502c82eabd4b53968877e2f9a9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w7d6461a502c82eabd4b53968877e2f9a9|02|tk"; nocase; ) # z525ac7e4502d5c27ad757ac33fe17eebc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z525ac7e4502d5c27ad757ac33fe17eebc|02|ws"; nocase; ) # b633d44eeee2e8d19d361cd7818454240c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b633d44eeee2e8d19d361cd7818454240c|02|in"; nocase; ) # w389e00206780a39574792875207292bc8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w389e00206780a39574792875207292bc8|02|cc"; nocase; ) # a5fb490307d6ba72ab124ce22dd2e81639.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a5fb490307d6ba72ab124ce22dd2e81639|02|hk"; nocase; ) # d75625f2887c89f7a3ee12f9baa22b6cf9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d75625f2887c89f7a3ee12f9baa22b6cf9|02|so"; nocase; ) # gdff7af8bb5b69a2517f2ba11d6dc7c714.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gdff7af8bb5b69a2517f2ba11d6dc7c714|02|to"; nocase; ) # h3c341c873dc60a5ce2ce4b6549ea63546.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3c341c873dc60a5ce2ce4b6549ea63546|02|in"; nocase; ) # p8ee6bd7c558c3f5e5f2c9c1ed405d2c65.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p8ee6bd7c558c3f5e5f2c9c1ed405d2c65|02|in"; nocase; ) # r6933723f16e743e0c91c4ccc07faf4467.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r6933723f16e743e0c91c4ccc07faf4467|02|cn"; nocase; ) # t5af99a6f090a69a48226fbea94c4ac2f9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t5af99a6f090a69a48226fbea94c4ac2f9|02|so"; nocase; ) # b8a74c370177c7f28f0d3e5ee5a52b212b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8a74c370177c7f28f0d3e5ee5a52b212b|02|so"; nocase; ) # g5262bb4933b92ce92b017c9fd37be46ac.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g5262bb4933b92ce92b017c9fd37be46ac|02|hk"; nocase; ) # he3983af71fbfe8bbdecb5da43a25e9447.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|he3983af71fbfe8bbdecb5da43a25e9447|02|cn"; nocase; ) # q9ce2f63e480ffd082b26dcb5cdb9ba5ec.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9ce2f63e480ffd082b26dcb5cdb9ba5ec|02|tk"; nocase; ) # sd9dc87fe2006b57e12a5aa0146d3fa857.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sd9dc87fe2006b57e12a5aa0146d3fa857|02|to"; nocase; ) # qbo6elwjkx7jel1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032608; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|qbo6elwjkx7jel1|04|ddns|03|net"; nocase; ) # ync2axghi6axu6wf1ba.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032609; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|ync2axghi6axu6wf1ba|04|ddns|03|net"; nocase; ) # yre6udyn7fg45v1hcpmx14w.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032610; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|yre6udyn7fg45v1hcpmx14w|04|ddns|03|net"; nocase; ) # g4s4cjirkd1t5n3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032611; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|g4s4cjirkd1t5n3|04|ddns|03|net"; nocase; ) # cwgkna.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cwgkna|03|biz"; nocase; ) # ickqhqpllyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ickqhqpllyf|04|info"; nocase; ) # thpwbvueke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|thpwbvueke|03|org"; nocase; ) # gezkebnodwz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gezkebnodwz|04|info"; nocase; ) # dwhmjpnkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dwhmjpnkr|03|org"; nocase; ) # iorukmiewu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iorukmiewu|04|info"; nocase; ) # wblobggvch.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wblobggvch|03|com"; nocase; ) # quuuqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|quuuqa|03|biz"; nocase; ) # mplnizxkdtr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mplnizxkdtr|03|net"; nocase; ) # djlbfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|djlbfj|03|com"; nocase; ) # ornpjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ornpjh|03|org"; nocase; ) # njzuyyuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|njzuyyuk|03|net"; nocase; ) # bujonij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bujonij|03|com"; nocase; ) # soxhfaloyhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|soxhfaloyhl|03|com"; nocase; ) # ksmfepuoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ksmfepuoc|03|biz"; nocase; ) # kfcysbmpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kfcysbmpq|03|biz"; nocase; ) # rqnjzxsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rqnjzxsn|03|net"; nocase; ) # ytwdmvngy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ytwdmvngy|03|com"; nocase; ) # owpaqpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|owpaqpk|03|biz"; nocase; ) # vocpgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vocpgv|03|com"; nocase; ) # srcwrhyh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|srcwrhyh|04|info"; nocase; ) # sexhrdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sexhrdq|03|com"; nocase; ) # vajiecfwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vajiecfwh|04|info"; nocase; ) # jpaydjfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jpaydjfl|03|com"; nocase; ) # gpeazkzhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gpeazkzhl|03|com"; nocase; ) # wgduzbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wgduzbj|03|com"; nocase; ) # smdipmzkzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|smdipmzkzb|04|info"; nocase; ) # xxcpzkgesio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xxcpzkgesio|03|com"; nocase; ) # zmnewmicuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zmnewmicuc|03|net"; nocase; ) # bmylmxklqnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bmylmxklqnd|03|biz"; nocase; ) # vfbxpmidoyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vfbxpmidoyw|04|info"; nocase; ) # obgonzzn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|obgonzzn|04|info"; nocase; ) # lfmphi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lfmphi|03|com"; nocase; ) # vxcedul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vxcedul|03|net"; nocase; ) # kziuwhdnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kziuwhdnt|03|biz"; nocase; ) # uptpyfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uptpyfp|03|com"; nocase; ) # rcbzemwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rcbzemwh|04|info"; nocase; ) # fathyxb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fathyxb|04|info"; nocase; ) # ozxdgjfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ozxdgjfl|03|com"; nocase; ) # bthztnbgorx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bthztnbgorx|03|net"; nocase; ) # lwntcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lwntcg|03|com"; nocase; ) # vtmqwwbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vtmqwwbj|03|com"; nocase; ) # iwckmwcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|iwckmwcg|03|com"; nocase; ) # krdnzw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|krdnzw|04|info"; nocase; ) # eramfbxqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eramfbxqt|03|biz"; nocase; ) # xwmklceh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xwmklceh|03|com"; nocase; ) # acwffcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|acwffcn|03|com"; nocase; ) # qaghptoff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qaghptoff|03|com"; nocase; ) # febchv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|febchv|03|com"; nocase; ) # qyjpal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qyjpal|03|com"; nocase; ) # oisixah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oisixah|03|com"; nocase; ) # wwstqjhau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wwstqjhau|03|com"; nocase; ) # sjevixlmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sjevixlmd|03|org"; nocase; ) # caubba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|caubba|03|com"; nocase; ) # yxcerll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yxcerll|03|org"; nocase; ) # jzpakne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jzpakne|03|biz"; nocase; ) # asnbmthrqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|asnbmthrqc|03|biz"; nocase; ) # nsuchpjcbxi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nsuchpjcbxi|04|info"; nocase; ) # ackogmde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ackogmde|03|com"; nocase; ) # xiidlspanb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xiidlspanb|03|biz"; nocase; ) # esvipcv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|esvipcv|03|com"; nocase; ) # lcgtlpohnfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lcgtlpohnfg|03|com"; nocase; ) # tvxasw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tvxasw|03|net"; nocase; ) # rxwekkzkqcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rxwekkzkqcd|03|com"; nocase; ) # hbqxtziz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hbqxtziz|03|com"; nocase; ) # xazejtueg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xazejtueg|03|com"; nocase; ) # uftmkildju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uftmkildju|03|org"; nocase; ) # kcbajt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kcbajt|03|org"; nocase; ) # jlqnidh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jlqnidh|03|com"; nocase; ) # ynsfpuinq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ynsfpuinq|03|biz"; nocase; ) # piczycenzrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|piczycenzrd|03|net"; nocase; ) # drbesfvy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|drbesfvy|04|info"; nocase; ) # jxiviztv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jxiviztv|03|net"; nocase; ) # uskfsrhmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uskfsrhmm|03|org"; nocase; ) # tlloqbfyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tlloqbfyn|04|info"; nocase; ) # elwauhndzhz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|elwauhndzhz|03|com"; nocase; ) # cyymkbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cyymkbj|03|com"; nocase; ) # aslnrecx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aslnrecx|03|com"; nocase; ) # hzdgptbvwpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hzdgptbvwpu|03|biz"; nocase; ) # uefejkdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uefejkdp|03|com"; nocase; ) # rvzrwwmuvl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rvzrwwmuvl|04|info"; nocase; ) # etwiqbwsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|etwiqbwsz|03|net"; nocase; ) # vhmsmhtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vhmsmhtz|03|net"; nocase; ) # ffdwhdkbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ffdwhdkbv|03|com"; nocase; ) # oplcdrk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oplcdrk|03|net"; nocase; ) # rrhlnjb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rrhlnjb|03|org"; nocase; ) # fwalwngftnk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fwalwngftnk|03|biz"; nocase; ) # vrlfjoswoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vrlfjoswoz|03|biz"; nocase; ) # vdgokukdva.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vdgokukdva|04|info"; nocase; ) # wwwjadb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wwwjadb|03|com"; nocase; ) # nhqybw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nhqybw|03|com"; nocase; ) # cijtqybpfe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cijtqybpfe|03|com"; nocase; ) # zevwrcodm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zevwrcodm|03|com"; nocase; ) # fvmkqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fvmkqo|03|biz"; nocase; ) # rhrfnetw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rhrfnetw|03|net"; nocase; ) # jhtjtup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jhtjtup|03|net"; nocase; ) # nhwhroqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nhwhroqc|03|biz"; nocase; ) # rutvkpnxdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rutvkpnxdu|03|com"; nocase; ) # mlbmflqyva.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mlbmflqyva|04|info"; nocase; ) # hypbaevu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hypbaevu|04|info"; nocase; ) # pdvnvjuxm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pdvnvjuxm|04|info"; nocase; ) # nfujchlzpg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nfujchlzpg|03|biz"; nocase; ) # iosnbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|iosnbm|03|com"; nocase; ) # jfrvgvnstcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jfrvgvnstcu|03|com"; nocase; ) # nqcmit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nqcmit|03|com"; nocase; ) # uvdrspyyncd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uvdrspyyncd|03|com"; nocase; ) # swxwagkebuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|swxwagkebuc|03|net"; nocase; ) # ihpfvxz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ihpfvxz|04|info"; nocase; ) # urjsvcz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|urjsvcz|03|com"; nocase; ) # rvkixr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rvkixr|04|info"; nocase; ) # vnndlbxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vnndlbxp|04|info"; nocase; ) # zgxnmxtpbud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zgxnmxtpbud|03|net"; nocase; ) # odhcxedy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|odhcxedy|03|com"; nocase; ) # xkdtgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xkdtgq|03|com"; nocase; ) # hrzdjffdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hrzdjffdr|03|com"; nocase; ) # qslsqbkqgeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qslsqbkqgeo|03|com"; nocase; ) # lejdyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lejdyq|04|info"; nocase; ) # fdcism.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fdcism|03|net"; nocase; ) # sbojluyttc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sbojluyttc|03|net"; nocase; ) # wbglrdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wbglrdf|03|com"; nocase; ) # aodvcnor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aodvcnor|03|biz"; nocase; ) # ofazkxkyeyr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ofazkxkyeyr|04|info"; nocase; ) # yfnyctzdob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yfnyctzdob|03|biz"; nocase; ) # mykbpdvrji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mykbpdvrji|03|org"; nocase; ) # bqetieqvtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bqetieqvtl|03|net"; nocase; ) # sblvokooao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sblvokooao|03|com"; nocase; ) # ziggpoog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ziggpoog|03|biz"; nocase; ) # apydzqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|apydzqv|03|biz"; nocase; ) # nrqtfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nrqtfd|03|com"; nocase; ) # bdfwtrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bdfwtrf|03|net"; nocase; ) # lrftocsfovg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lrftocsfovg|04|info"; nocase; ) # ibcujfzg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ibcujfzg|04|info"; nocase; ) # jdmqlid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jdmqlid|03|com"; nocase; ) # dvqqcuzluo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dvqqcuzluo|03|net"; nocase; ) # fwuyqnxszsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fwuyqnxszsh|03|net"; nocase; ) # mrkycbijmys.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mrkycbijmys|04|info"; nocase; ) # dfhrivi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dfhrivi|04|info"; nocase; ) # ictofjyfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ictofjyfr|03|com"; nocase; ) # uivhcdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uivhcdw|03|com"; nocase; ) # rxkres.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rxkres|03|com"; nocase; ) # rznbdifpl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rznbdifpl|03|biz"; nocase; ) # ocmtzw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ocmtzw|04|info"; nocase; ) # ynzovidqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ynzovidqn|03|biz"; nocase; ) # rtrphy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rtrphy|03|com"; nocase; ) # kgmgrdlfqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kgmgrdlfqz|03|biz"; nocase; ) # bmvygvqsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bmvygvqsc|03|net"; nocase; ) # tpyviwjhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tpyviwjhn|03|com"; nocase; ) # sogyvq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|sogyvq|04|info"; nocase; ) # lvfocuyjlr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lvfocuyjlr|03|org"; nocase; ) # qcadumjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qcadumjz|03|org"; nocase; ) # mknlaih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mknlaih|03|com"; nocase; ) # ettpjbsjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ettpjbsjw|03|org"; nocase; ) # ouxjgjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ouxjgjy|03|org"; nocase; ) # jeokeuf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jeokeuf|03|net"; nocase; ) # byefjfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|byefjfa|03|com"; nocase; ) # jvgqkdkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jvgqkdkh|03|org"; nocase; ) # xemxzwa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xemxzwa|04|info"; nocase; ) # buzgzqnxbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|buzgzqnxbb|03|com"; nocase; ) # wwldqbhov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wwldqbhov|03|biz"; nocase; ) # nourmulgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nourmulgl|03|com"; nocase; ) # dnvsztdoyh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dnvsztdoyh|04|info"; nocase; ) # mvtclwhfi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mvtclwhfi|03|com"; nocase; ) # hvyfnkhcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hvyfnkhcl|03|com"; nocase; ) # zcxoutu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zcxoutu|03|net"; nocase; ) # atevwqqylv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|atevwqqylv|03|org"; nocase; ) # kpcrxwnau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kpcrxwnau|03|com"; nocase; ) # jgtdrnpyp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jgtdrnpyp|04|info"; nocase; ) # aiixped.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|aiixped|03|com"; nocase; ) # jzuigjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jzuigjx|03|org"; nocase; ) # zqlafv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zqlafv|03|com"; nocase; ) # uqkqihbbxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uqkqihbbxa|04|info"; nocase; ) # mmpvzqgsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mmpvzqgsn|03|net"; nocase; ) # hwpsepre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hwpsepre|03|net"; nocase; ) # iwqbpmcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|iwqbpmcq|03|com"; nocase; ) # dgwatfwwu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dgwatfwwu|04|info"; nocase; ) # mycgfpjyum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mycgfpjyum|03|net"; nocase; ) # qtvjyfyxo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qtvjyfyxo|04|info"; nocase; ) # bllkfncmoceoncmc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032789; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bllkfncmoceoncmc|02|eu"; nocase; ) # bclbdenkaancflnd.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032790; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bclbdenkaancflnd|02|co"; nocase; ) # ceddmoncebcolfka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032791; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ceddmoncebcolfka|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # adfccmdbbenlnkdd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032792; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|adfccmdbbenlnkdd|04|info"; nocase; ) # fdnnedofdoemmaec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032793; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdnnedofdoemmaec|03|com"; nocase; ) # nmlfbomoblocecck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032794; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nmlfbomoblocecck|03|com"; nocase; ) # kebbadkaaeanefmc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032795; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kebbadkaaeanefmc|02|eu"; nocase; ) # abblfbconnbdoldl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032796; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|abblfbconnbdoldl|03|net"; nocase; ) # bbcnddcfffecldec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032797; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bbcnddcfffecldec|03|com"; nocase; ) # ndbbcaedbffmfalc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032798; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ndbbcaedbffmfalc|03|com"; nocase; ) # lbfmfefbkakbblnf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032799; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lbfmfefbkakbblnf|03|com"; nocase; ) # kmfkldlbkdmkleff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032800; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kmfkldlbkdmkleff|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # kfbcfbbdmaokefdm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032801; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kfbcfbbdmaokefdm|03|org"; nocase; ) # rhbiat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032802; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rhbiat|03|com"; nocase; ) # vtskdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032803; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|vtskdy|03|com"; nocase; ) # vujikm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032804; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|vujikm|03|com"; nocase; ) # qarsee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032805; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qarsee|03|com"; nocase; ) # soegig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032806; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|soegig|03|com"; nocase; ) # bnaprc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032807; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bnaprc|03|com"; nocase; ) # vyvjkw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032808; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|vyvjkw|03|com"; nocase; ) # ayijqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032809; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ayijqi|03|com"; nocase; ) # tbiimz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032810; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tbiimz|03|com"; nocase; ) # oeticc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032811; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oeticc|03|com"; nocase; ) # pmwduv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032812; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|pmwduv|03|com"; nocase; ) # tcoggz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032813; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tcoggz|03|com"; nocase; ) # tcdnnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032814; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tcdnnc|03|com"; nocase; ) # nrkuyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032815; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nrkuyu|03|com"; nocase; ) # eeiauk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032816; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eeiauk|03|com"; nocase; ) # siimhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032817; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|siimhl|03|com"; nocase; ) # ltuzka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032818; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ltuzka|03|com"; nocase; ) # ziixws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032819; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ziixws|03|com"; nocase; ) # piuzlp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032820; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|piuzlp|03|com"; nocase; ) # dqznnp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032821; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dqznnp|03|com"; nocase; ) # ysuand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032822; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ysuand|03|com"; nocase; ) # dugpiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032823; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dugpiy|03|com"; nocase; ) # awayopnyytn.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032824; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|awayopnyytn|02|pl"; nocase; ) # gaicogjuvwxpg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032825; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|gaicogjuvwxpg|02|ru"; nocase; ) # lnlbyctbv.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032826; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|lnlbyctbv|05|click"; nocase; ) # sbeenfxlvobqmokj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032827; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|sbeenfxlvobqmokj|02|ru"; nocase; ) # seytvoapfdaxcos.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032828; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|seytvoapfdaxcos|02|ru"; nocase; ) # qntogsodgx.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032829; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|qntogsodgx|04|work"; nocase; ) # gsbiglj.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032830; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|gsbiglj|02|pl"; nocase; ) # gxqrrcb.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032831; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|gxqrrcb|02|su"; nocase; ) # asiponl.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032832; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|asiponl|05|click"; nocase; ) # inwcmpl.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032833; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|inwcmpl|02|pw"; nocase; ) # bldjktkeelhlfnx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032834; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|bldjktkeelhlfnx|03|xyz"; nocase; ) # plmsetpupguntcr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032835; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|plmsetpupguntcr|02|ru"; nocase; ) # cllvyrwhj.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032836; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|cllvyrwhj|02|pl"; nocase; ) # ftiheduarerfwmhiu.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032837; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ftiheduarerfwmhiu|03|xyz"; nocase; ) # vrkvwxakidhpikfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032838; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|vrkvwxakidhpikfa|03|biz"; nocase; ) # ekqqtag.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032839; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ekqqtag|04|work"; nocase; ) # myfruoljvftul.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032840; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|myfruoljvftul|05|click"; nocase; ) # dakujicluwap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032841; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dakujicluwap|03|com"; nocase; ) # vfmrcldnlwgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032842; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vfmrcldnlwgg|03|biz"; nocase; ) # wwotaculautl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032843; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wwotaculautl|03|org"; nocase; ) # mgtibcwgqmya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032844; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mgtibcwgqmya|04|info"; nocase; ) # nmsxfoxcwlvi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032845; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nmsxfoxcwlvi|03|biz"; nocase; ) # ugppajyqvuqocr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032846; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ugppajyqvuqocr|03|org"; nocase; ) # amspgbmelkqslu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032847; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|amspgbmelkqslu|02|ru"; nocase; ) # awxgujlstvulla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032848; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|awxgujlstvulla|03|com"; nocase; ) # flxcdvydykrcyw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032849; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|flxcdvydykrcyw|02|co|02|uk"; nocase; ) # hgyliidifttaga.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032850; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hgyliidifttaga|02|co|02|uk"; nocase; ) # frgbsgpmobnwjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032851; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|frgbsgpmobnwjo|03|com"; nocase; ) # jclwxnqndunafo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032852; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jclwxnqndunafo|03|org"; nocase; ) # mfexfgyytaujgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032853; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mfexfgyytaujgv|03|com"; nocase; ) # prrilemourgkeg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032854; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|prrilemourgkeg|04|info"; nocase; ) # pwibeoagjbfiep.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032855; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pwibeoagjbfiep|02|ru"; nocase; ) # dmdmdwtbbevvuf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032856; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dmdmdwtbbevvuf|03|org"; nocase; ) # rvgciffspwwfwh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032857; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rvgciffspwwfwh|02|co|02|uk"; nocase; ) # fdigpewoloeput.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032858; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fdigpewoloeput|03|net"; nocase; ) # uvnnbmvwxhgrgu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032859; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uvnnbmvwxhgrgu|02|co|02|uk"; nocase; ) # pqkqidhyvcytnp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032860; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pqkqidhyvcytnp|03|org"; nocase; ) # delanirnjedlel.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032861; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|delanirnjedlel|02|co|02|uk"; nocase; ) # upqpbdgxniepmq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032862; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|upqpbdgxniepmq|03|biz"; nocase; ) # qbnpbftcvlkjtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032863; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qbnpbftcvlkjtk|03|com"; nocase; ) # eooygnnwxiawks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032864; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eooygnnwxiawks|03|net"; nocase; ) # ulslgalewatlpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032865; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ulslgalewatlpw|03|org"; nocase; ) # cjwldngtcftuty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032866; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cjwldngtcftuty|03|org"; nocase; ) # yktdhvpylucrxc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032867; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yktdhvpylucrxc|03|biz"; nocase; ) # mxummbanywgjxa.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032868; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mxummbanywgjxa|02|ru"; nocase; ) # pkxkamuuetivmj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032869; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pkxkamuuetivmj|03|biz"; nocase; ) # hreviltqqkkcmc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032870; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hreviltqqkkcmc|02|ru"; nocase; ) # kkkrrlvbbdpkui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032871; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kkkrrlvbbdpkui|03|net"; nocase; ) # unympcfbvfhnfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032872; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|unympcfbvfhnfq|03|com"; nocase; ) # phivljpmyxlgww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032873; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|phivljpmyxlgww|03|com"; nocase; ) # qbqqqvvnrpnvde.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032874; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qbqqqvvnrpnvde|02|ru"; nocase; ) # orjmktjfnwaier.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032875; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|orjmktjfnwaier|04|info"; nocase; ) # ttyqplwsjslmnj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032876; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ttyqplwsjslmnj|02|co|02|uk"; nocase; ) # tqobbndrruhkps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032877; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tqobbndrruhkps|03|net"; nocase; ) # uiyjbxpeywslpw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032878; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uiyjbxpeywslpw|02|ru"; nocase; ) # xbtwguesgohnlo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032879; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xbtwguesgohnlo|02|co|02|uk"; nocase; ) # usnmsidugtclhq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032880; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|usnmsidugtclhq|04|info"; nocase; ) # jxdvfkvnpilqjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032881; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jxdvfkvnpilqjt|03|com"; nocase; ) # hnxpohpqnatpji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032882; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hnxpohpqnatpji|03|biz"; nocase; ) # jiimtrcpsvmdju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032883; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jiimtrcpsvmdju|03|org"; nocase; ) # kmdoqaxqorsprx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032884; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kmdoqaxqorsprx|02|co|02|uk"; nocase; ) # ejghpiygghscth.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032885; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ejghpiygghscth|02|co|02|uk"; nocase; ) # sxvguehqpdiyrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032886; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sxvguehqpdiyrl|03|net"; nocase; ) # tpgouumwdtyirh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032887; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tpgouumwdtyirh|02|ru"; nocase; ) # ieqtjwgxxoivwt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032888; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ieqtjwgxxoivwt|04|info"; nocase; ) # khghssqahyrors.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032889; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|khghssqahyrors|03|biz"; nocase; ) # tnkmfhxxmunaac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032890; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tnkmfhxxmunaac|03|com"; nocase; ) # hyawfgpfhgrwxo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032891; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hyawfgpfhgrwxo|02|ru"; nocase; ) # yikxduydycpquj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032892; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yikxduydycpquj|03|org"; nocase; ) # fnlvmseysnvbsp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032893; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fnlvmseysnvbsp|03|biz"; nocase; ) # vthuqitrvxsofw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032894; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vthuqitrvxsofw|02|co|02|uk"; nocase; ) # jxqrrnvbtcfdhx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032895; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jxqrrnvbtcfdhx|04|info"; nocase; ) # swfewhquaaqtoj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032896; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|swfewhquaaqtoj|03|biz"; nocase; ) # urpbcrdtfvjhok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032897; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|urpbcrdtfvjhok|03|org"; nocase; ) # ifqmbawalnsloq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032898; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ifqmbawalnsloq|02|co|02|uk"; nocase; ) # ycuwhmuvgksjdv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032899; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ycuwhmuvgksjdv|03|net"; nocase; ) # cgqboepagmlkcn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032900; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cgqboepagmlkcn|03|org"; nocase; ) # fousdqlbbwhakw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032901; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fousdqlbbwhakw|03|com"; nocase; ) # dwjfjqyunkhfkr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032902; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dwjfjqyunkhfkr|03|net"; nocase; ) # eveqvujpwhpqrb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032903; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eveqvujpwhpqrb|02|ru"; nocase; ) # elnufgcbbnivso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032904; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|elnufgcbbnivso|03|org"; nocase; ) # fnoyvlovkxgarl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032905; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fnoyvlovkxgarl|02|co|02|uk"; nocase; ) # hwrqcfdmfrhjhe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032906; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hwrqcfdmfrhjhe|04|info"; nocase; ) # ukscbnwsljqnxb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032907; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ukscbnwsljqnxb|03|com"; nocase; ) # jnwkoasncfgevs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032908; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jnwkoasncfgevs|02|ru"; nocase; ) # lihhtqxanltjvg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lihhtqxanltjvg|02|co|02|uk"; nocase; ) # tpraufbentbnvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tpraufbentbnvm|04|info"; nocase; ) # keeouonfsekorkg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|keeouonfsekorkg|02|co|02|uk"; nocase; ) # xtyattxtjbqkrio.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xtyattxtjbqkrio|04|info"; nocase; ) # ypwahekjcffbkig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ypwahekjcffbkig|03|net"; nocase; ) # pdjbrjaegelxokb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pdjbrjaegelxokb|03|com"; nocase; ) # qyhbftmtyiaohvb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qyhbftmtyiaohvb|03|biz"; nocase; ) # chyqfjlonghuaun.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|chyqfjlonghuaun|04|info"; nocase; ) # stikkisuxfbcaik.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|stikkisuxfbcaik|03|biz"; nocase; ) # rrlumobotlkvccn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rrlumobotlkvccn|02|co|02|uk"; nocase; ) # woswexsyukpprwj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|woswexsyukpprwj|02|ru"; nocase; ) # xsnwhgolmlclaeq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xsnwhgolmlclaeq|03|org"; nocase; ) # ybjdbjqujtkripc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ybjdbjqujtkripc|04|info"; nocase; ) # qkteyysfgwffqro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qkteyysfgwffqro|03|com"; nocase; ) # ssxomgvsemkhfak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ssxomgvsemkhfak|03|org"; nocase; ) # tovoawbvugegfym.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tovoawbvugegfym|04|info"; nocase; ) # rcuqbnywhcsunjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rcuqbnywhcsunjo|03|com"; nocase; ) # tbsnreemvluhgeq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tbsnreemvluhgeq|03|biz"; nocase; ) # aehkybheqgowfmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aehkybheqgowfmp|03|com"; nocase; ) # bickcjdqihbsntw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bickcjdqihbsntw|03|net"; nocase; ) # wcpkggdngvomhbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wcpkggdngvomhbo|03|org"; nocase; ) # kpqtllnctxsexpo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kpqtllnctxsexpo|02|co|02|uk"; nocase; ) # betpkbupwhggvmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|betpkbupwhggvmb|03|net"; nocase; ) # encdtlupshigmkh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|encdtlupshigmkh|02|ru"; nocase; ) # glbfebtoyqdkukq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|glbfebtoyqdkukq|04|info"; nocase; ) # jrhkulybwxgncxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jrhkulybwxgncxo|03|net"; nocase; ) # keicsunxndpsfwt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|keicsunxndpsfwt|02|co|02|uk"; nocase; ) # pyfcwocltmjjjrx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pyfcwocltmjjjrx|03|biz"; nocase; ) # kyrncnduilaqnbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kyrncnduilaqnbv|03|net"; nocase; ) # ksolsyvolanchry.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ksolsyvolanchry|03|biz"; nocase; ) # lfuvsdgmhwrgfvr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lfuvsdgmhwrgfvr|03|org"; nocase; ) # mbsvgtlpxqlfohl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mbsvgtlpxqlfohl|04|info"; nocase; ) # hgmrdcfkkompvak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hgmrdcfkkompvak|03|net"; nocase; ) # utnbikyfmlcdmir.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|utnbikyfmlcdmir|03|biz"; nocase; ) # sxcwouueeuyqmds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sxcwouueeuyqmds|03|com"; nocase; ) # tuyridehqeglnis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tuyridehqeglnis|03|net"; nocase; ) # uwatflatsebdvwe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uwatflatsebdvwe|03|biz"; nocase; ) # swddkodlvlqqduh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|swddkodlvlqqduh|02|ru"; nocase; ) # eiesugmjasaugxk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eiesugmjasaugxk|03|org"; nocase; ) # faowhqyyyoxdpit.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|faowhqyyyoxdpit|04|info"; nocase; ) # ikixynnkcukpcxr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ikixynnkcukpcxr|03|net"; nocase; ) # ceskebjkfclqkyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ceskebjkfclqkyu|04|info"; nocase; ) # sjijfhwhbcdxtdl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sjijfhwhbcdxtdl|04|info"; nocase; ) # gossyfewtbqxdal.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gossyfewtbqxdal|03|biz"; nocase; ) # kjdfstloligrgme.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kjdfstloligrgme|02|ru"; nocase; ) # brcmfdrwgxvjiov.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|brcmfdrwgxvjiov|04|info"; nocase; ) # abbcelttobqmvjh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|abbcelttobqmvjh|03|com"; nocase; ) # bfvebtpukwwyuso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bfvebtpukwwyuso|03|net"; nocase; ) # ulaqtlrqualughx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ulaqtlrqualughx|02|ru"; nocase; ) # yqgeqfdhewqnjpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yqgeqfdhewqnjpl|03|com"; nocase; ) # dskjuaujuiihjhf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dskjuaujuiihjhf|03|org"; nocase; ) # viuoqkjtjxcalvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|viuoqkjtjxcalvq|03|org"; nocase; ) # kpevjmcjakaynoo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kpevjmcjakaynoo|02|co|02|uk"; nocase; ) # ncbufewqshvsmgn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ncbufewqshvsmgn|03|net"; nocase; ) # typsbjbogwupvem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|typsbjbogwupvem|03|com"; nocase; ) # vsktbtoxqmjkdwm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vsktbtoxqmjkdwm|02|ru"; nocase; ) # dikiprmnuqfxshi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dikiprmnuqfxshi|03|biz"; nocase; ) # eaumcirqqugwuwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eaumcirqqugwuwt|03|org"; nocase; ) # yxjclhdluqxqmit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yxjclhdluqxqmit|03|net"; nocase; ) # uttnevikuljduph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uttnevikuljduph|03|biz"; nocase; ) # vmdcferyixadvuh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vmdcferyixadvuh|02|ru"; nocase; ) # woegvmnaocnpexk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|woegvmnaocnpexk|03|org"; nocase; ) # ohnmjiteemur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ohnmjiteemur|03|com"; nocase; ) # cwiyfnxludnl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cwiyfnxludnl|03|net"; nocase; ) # hrqtdnlwqodw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hrqtdnlwqodw|03|net"; nocase; ) # vbtilpkixvby.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vbtilpkixvby|03|biz"; nocase; ) # ykycfdnsslyj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ykycfdnsslyj|03|biz"; nocase; ) # ephihmnhxsmj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ephihmnhxsmj|03|com"; nocase; ) # ftchnudmpaad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ftchnudmpaad|03|net"; nocase; ) # rrcjueufalas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rrcjueufalas|03|com"; nocase; ) # hliugxuaashg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hliugxuaashg|02|co|02|uk"; nocase; ) # kgivxkcvkrdo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kgivxkcvkrdo|02|ru"; nocase; ) # ksnvxghsftvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ksnvxghsftvm|03|net"; nocase; ) # mrlwcwmflpnj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mrlwcwmflpnj|02|ru"; nocase; ) # owvrpvhwhgbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|owvrpvhwhgbq|03|biz"; nocase; ) # lebvvusbanqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lebvvusbanqk|03|net"; nocase; ) # cgjehkaeeksi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cgjehkaeeksi|03|org"; nocase; ) # pogaapijrwep.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pogaapijrwep|02|co|02|uk"; nocase; ) # wjqfcuaoblui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjqfcuaoblui|03|org"; nocase; ) # ujouxmmosuvh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ujouxmmosuvh|02|co|02|uk"; nocase; ) # bopbbrnlkalf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bopbbrnlkalf|03|org"; nocase; ) # gbviyusyecve.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gbviyusyecve|03|biz"; nocase; ) # ibyqwywbjklh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ibyqwywbjklh|02|co|02|uk"; nocase; ) # jwwuxpchrtoy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jwwuxpchrtoy|03|com"; nocase; ) # npemcbhixejy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|npemcbhixejy|04|info"; nocase; ) # qikrheoinldq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qikrheoinldq|03|org"; nocase; ) # shislututhun.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|shislututhun|04|info"; nocase; ) # lbrbkwyxpjou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lbrbkwyxpjou|03|net"; nocase; ) # mscjkhlkwlav.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mscjkhlkwlav|02|ru"; nocase; ) # plwfoecsntub.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|plwfoecsntub|02|co|02|uk"; nocase; ) # jnikspenbeti.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000032999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jnikspenbeti|02|ru"; nocase; ) # lishxaqmgamv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lishxaqmgamv|02|co|02|uk"; nocase; ) # aisahotjdwci.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aisahotjdwci|04|info"; nocase; ) # dbbpaoakymng.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dbbpaoakymng|04|info"; nocase; ) # kebonxjuwmkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kebonxjuwmkt|03|com"; nocase; ) # ldviyofidtxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ldviyofidtxh|03|biz"; nocase; ) # abenpqhkpcvk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|abenpqhkpcvk|02|co|02|uk"; nocase; ) # bfyopvnxcimq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bfyopvnxcimq|04|info"; nocase; ) # dveqbdorvgqn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dveqbdorvgqn|02|ru"; nocase; ) # mskfnreqqnvh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mskfnreqqnvh|03|net"; nocase; ) # aiftdarpmftn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aiftdarpmftn|03|biz"; nocase; ) # rhxyhaymcowh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rhxyhaymcowh|03|biz"; nocase; ) # nmgdvoewdtuu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nmgdvoewdtuu|02|ru"; nocase; ) # rwlhajtfudia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rwlhajtfudia|03|com"; nocase; ) # bljosiwdioga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bljosiwdioga|03|org"; nocase; ) # dgtlxsjcnkyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dgtlxsjcnkyn|04|info"; nocase; ) # ukodvjsegluj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ukodvjsegluj|03|biz"; nocase; ) # vcylvaxktcls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vcylvaxktcls|03|org"; nocase; ) # bkrkndectwhh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bkrkndectwhh|04|info"; nocase; ) # edxrmdckqfgl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|edxrmdckqfgl|03|org"; nocase; ) # wdyycmsgycrb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wdyycmsgycrb|02|ru"; nocase; ) # wyteiqfobkbt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wyteiqfobkbt|02|co|02|uk"; nocase; ) # ytebnhkbmqoy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ytebnhkbmqoy|03|com"; nocase; ) # plvbxcdyinad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|plvbxcdyinad|03|net"; nocase; ) # twlaonaghikg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|twlaonaghikg|03|com"; nocase; ) # uymfcvpanviu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uymfcvpanviu|03|net"; nocase; ) # mwuoubikodcwh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mwuoubikodcwh|02|ru"; nocase; ) # adxcmgqsqqxtq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|adxcmgqsqqxtq|03|org"; nocase; ) # djepcdhxjcpbo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|djepcdhxjcpbo|04|info"; nocase; ) # ruwclsxuswwlh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ruwclsxuswwlh|03|biz"; nocase; ) # jakobmarxfcte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jakobmarxfcte|03|net"; nocase; ) # jcowpuwbocbaa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jcowpuwbocbaa|02|co|02|uk"; nocase; ) # lbmtgfjwfaiua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lbmtgfjwfaiua|03|com"; nocase; ) # oinjykpbryuru.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oinjykpbryuru|02|ru"; nocase; ) # eqokkodbudikx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eqokkodbudikx|04|info"; nocase; ) # fmmkxfielwcja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fmmkxfielwcja|03|net"; nocase; ) # tonpsbicsamjx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tonpsbicsamjx|03|org"; nocase; ) # khujjxvrjiajd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|khujjxvrjiajd|03|net"; nocase; ) # avnsvwoupoyhv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|avnsvwoupoyhv|03|org"; nocase; ) # ssfuelcfhksfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ssfuelcfhksfu|03|net"; nocase; ) # venllidasoevp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|venllidasoevp|02|ru"; nocase; ) # ntshwiwpnkiml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ntshwiwpnkiml|03|net"; nocase; ) # cutkkrvtnkwmf.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cutkkrvtnkwmf|02|co|02|uk"; nocase; ) # etrhbcipeiehf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|etrhbcipeiehf|03|com"; nocase; ) # rhspjkvdgmkwf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rhspjkvdgmkwf|03|net"; nocase; ) # ivvuewxxlutet.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ivvuewxxlutet|03|org"; nocase; ) # vjwdmfllnyatt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vjwdmfllnyatt|02|co|02|uk"; nocase; ) # kglgtvkxnjrpi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kglgtvkxnjrpi|03|biz"; nocase; ) # llkiyvpfctovf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|llkiyvpfctovf|03|net"; nocase; ) # svpcjyrvllryj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|svpcjyrvllryj|04|info"; nocase; ) # sfvxfdebanrsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sfvxfdebanrsh|03|net"; nocase; ) # uetuvtjqowtfq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uetuvtjqowtfq|02|ru"; nocase; ) # lcdfodqworgba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lcdfodqworgba|03|org"; nocase; ) # xbwvbakvwsubl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xbwvbakvwsubl|04|info"; nocase; ) # yshankwlvosjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yshankwlvosjl|03|net"; nocase; ) # bygiechdvcksy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bygiechdvcksy|03|biz"; nocase; ) # dulnqragheyha.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dulnqragheyha|02|co|02|uk"; nocase; ) # ruurgnewtpxyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ruurgnewtpxyf|04|info"; nocase; ) # mjnawufnkrdwj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mjnawufnkrdwj|03|org"; nocase; ) # orrsjcghrxocq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|orrsjcghrxocq|03|net"; nocase; ) # gkablqpqkkhiq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gkablqpqkkhiq|03|biz"; nocase; ) # evvxygagawbhw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|evvxygagawbhw|02|ru"; nocase; ) # tganonikldqmx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tganonikldqmx|03|com"; nocase; ) # spymjvoudhyul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|spymjvoudhyul|03|net"; nocase; ) # ukjfbmtkwxdhl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ukjfbmtkwxdhl|02|ru"; nocase; ) # ddisxxewvslha.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ddisxxewvslha|04|info"; nocase; ) # trlvynpjtqnpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|trlvynpjtqnpv|03|biz"; nocase; ) # 1i07qqpzesyc8w9rhs914u85o3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i07qqpzesyc8w9rhs914u85o3|03|com"; nocase; ) # 1h0smd8gom2wsnd5lm6o1ihg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1h0smd8gom2wsnd5lm6o1ihg|03|net"; nocase; ) # 1kndrts1knyavmfg1u4czlw0ya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kndrts1knyavmfg1u4czlw0ya|03|com"; nocase; ) # shffc71lqzx14172sh6dxxk6gu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|shffc71lqzx14172sh6dxxk6gu|03|org"; nocase; ) # 1mjdyjy1pxt3be13c60wb1sm67zu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mjdyjy1pxt3be13c60wb1sm67zu|03|org"; nocase; ) # 1hq0zfs4jxn6v11ec98a1bw4sx5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hq0zfs4jxn6v11ec98a1bw4sx5|03|org"; nocase; ) # 1b69cqc5y74yf1w24cnu2yk0f8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b69cqc5y74yf1w24cnu2yk0f8|03|biz"; nocase; ) # ug6m1nfo6sp51od8fhu3xbl85.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ug6m1nfo6sp51od8fhu3xbl85|03|biz"; nocase; ) # 1roz1xcxe7nyx1ta3e8o1h4fa5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1roz1xcxe7nyx1ta3e8o1h4fa5|03|com"; nocase; ) # 88tph51jpaxrs1wc17sp1p66fr3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|88tph51jpaxrs1wc17sp1p66fr3|03|biz"; nocase; ) # 1eixtnsv3uo0bkws4p6zo0eev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eixtnsv3uo0bkws4p6zo0eev|03|net"; nocase; ) # 13pei4dsrz4jpdi58ta1mcxyhr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13pei4dsrz4jpdi58ta1mcxyhr|03|net"; nocase; ) # bw8578qhmhzg11a9jwcuk51ky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bw8578qhmhzg11a9jwcuk51ky|03|org"; nocase; ) # 1fvl64772sp9rtgting57iyf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fvl64772sp9rtgting57iyf|03|net"; nocase; ) # 1y5p7by1vmj7i8ixb5be102tj8y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y5p7by1vmj7i8ixb5be102tj8y|03|biz"; nocase; ) # 1b9gemma7pwgh13ryvvcskwyg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b9gemma7pwgh13ryvvcskwyg|03|org"; nocase; ) # 141uueu1mcs8d8slj3c37q15if.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|141uueu1mcs8d8slj3c37q15if|03|org"; nocase; ) # ik18mni28uof16w5urm10udojq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ik18mni28uof16w5urm10udojq|03|net"; nocase; ) # 177aytsdfg81c1f3ss2f1oaaaaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|177aytsdfg81c1f3ss2f1oaaaaw|03|net"; nocase; ) # 1tti2j4ps8l8p1w04r3d2bbybw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tti2j4ps8l8p1w04r3d2bbybw|03|org"; nocase; ) # 4egltz1is6xmy2ek4wd7tz5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4egltz1is6xmy2ek4wd7tz5h|03|net"; nocase; ) # 1w4rw1fulpgat1ohnk4m16xrh83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w4rw1fulpgat1ohnk4m16xrh83|03|org"; nocase; ) # 1p475211ev3a9ixmfsqy1ydia06.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p475211ev3a9ixmfsqy1ydia06|03|biz"; nocase; ) # mus0ea516z6k19vy5o51im63qs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mus0ea516z6k19vy5o51im63qs|03|net"; nocase; ) # 96g7529k28kenn48vrixnhqm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|96g7529k28kenn48vrixnhqm|03|biz"; nocase; ) # sdk8lrwd7zem1sksf521fjdg05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sdk8lrwd7zem1sksf521fjdg05|03|net"; nocase; ) # 1j8gutx1frl8oy13yxn411fa4yd4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j8gutx1frl8oy13yxn411fa4yd4|03|biz"; nocase; ) # 1y2ampw1dv2aslpyyro1typkyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2ampw1dv2aslpyyro1typkyv|03|net"; nocase; ) # 1ysgaot1f9p89z4dy6gc1vzcedf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ysgaot1f9p89z4dy6gc1vzcedf|03|net"; nocase; ) # 1qmxrue15uyi91122xgp9a26npq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qmxrue15uyi91122xgp9a26npq|03|org"; nocase; ) # 18034ajxacz1x2bjl01uu13a7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18034ajxacz1x2bjl01uu13a7|03|com"; nocase; ) # 18eqj6icvo47c1vp54co19n9l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18eqj6icvo47c1vp54co19n9l|03|biz"; nocase; ) # 1x4n3d21np9noa1s6crk5m4uacl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4n3d21np9noa1s6crk5m4uacl|03|net"; nocase; ) # 77whq8ez79hutv5bk61f273b6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|77whq8ez79hutv5bk61f273b6|03|org"; nocase; ) # 15mnn32lqccqs87lbu61ltytfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mnn32lqccqs87lbu61ltytfq|03|com"; nocase; ) # hzzcc51f0eo70qa1el2ahxk5w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hzzcc51f0eo70qa1el2ahxk5w|03|org"; nocase; ) # u7hxhi1h0uhm1m5p1591si3gpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u7hxhi1h0uhm1m5p1591si3gpy|03|com"; nocase; ) # 1vx88z95k1nf916d98jm167plkq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vx88z95k1nf916d98jm167plkq|03|biz"; nocase; ) # 1578fuv1uhy5nb10r3h2kkqbumy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1578fuv1uhy5nb10r3h2kkqbumy|03|com"; nocase; ) # ze32zv1bq92ta1w5gruqujcqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ze32zv1bq92ta1w5gruqujcqz|03|org"; nocase; ) # 1yb66da1dnxuow1qpklms12f79n5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yb66da1dnxuow1qpklms12f79n5|03|org"; nocase; ) # 15sf1qvg3pi1e2e78hm13qjl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15sf1qvg3pi1e2e78hm13qjl0|03|com"; nocase; ) # m4v2uh1cj711d72eg93134zzos.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m4v2uh1cj711d72eg93134zzos|03|org"; nocase; ) # 1p59z8k1nzwhpd1up6fs31hh79sm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p59z8k1nzwhpd1up6fs31hh79sm|03|com"; nocase; ) # vh2jwn1lgef095pj4811yq9dvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vh2jwn1lgef095pj4811yq9dvn|03|net"; nocase; ) # 1htfxik1k31fcetz10nu2x4uh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1htfxik1k31fcetz10nu2x4uh6|03|biz"; nocase; ) # 1dsk0gj8a36v6rixajf12i054l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dsk0gj8a36v6rixajf12i054l|03|org"; nocase; ) # 1eklgv1hqsnwmkjdtyr1ii6b9t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eklgv1hqsnwmkjdtyr1ii6b9t|03|biz"; nocase; ) # u488tqinge1oyb3fze1nlcqw0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u488tqinge1oyb3fze1nlcqw0|03|net"; nocase; ) # 19hzm3j1yqmuo81rqreisr0co6e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19hzm3j1yqmuo81rqreisr0co6e|03|com"; nocase; ) # 1osy4d8pndu6drzf1ns1xoeipp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osy4d8pndu6drzf1ns1xoeipp|03|biz"; nocase; ) # 1l05r4vla0fev1aqbhcp157m4lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l05r4vla0fev1aqbhcp157m4lr|03|net"; nocase; ) # oquv9b1jtdrif1u1i8jc1ic5jvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oquv9b1jtdrif1u1i8jc1ic5jvn|03|net"; nocase; ) # 1x91p7eqcdzla1kptg1n1kgpvfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x91p7eqcdzla1kptg1n1kgpvfe|03|net"; nocase; ) # 5i4dh91blcsb6wzpjj1tqj57b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5i4dh91blcsb6wzpjj1tqj57b|03|net"; nocase; ) # enju1k8y24pm1n16epnu4rgz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|enju1k8y24pm1n16epnu4rgz5|03|com"; nocase; ) # x8eg4ql7u9s1wwvvaytutzbz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x8eg4ql7u9s1wwvvaytutzbz|03|net"; nocase; ) # 1fb6ypngr0sv8sdzzxdzwb974.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fb6ypngr0sv8sdzzxdzwb974|03|net"; nocase; ) # 1kmb20ezsqo7s1xrhyishp71iq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kmb20ezsqo7s1xrhyishp71iq|03|net"; nocase; ) # 1p75ca5kw71y1qpeshh14q39s3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p75ca5kw71y1qpeshh14q39s3|03|biz"; nocase; ) # 1xf3y5h11ffn1glujojbakaqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xf3y5h11ffn1glujojbakaqt|03|org"; nocase; ) # o4avj21xta1dly41jyr1juhmd7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4avj21xta1dly41jyr1juhmd7|03|biz"; nocase; ) # l53bua12ec8duau2aly1kwqju7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l53bua12ec8duau2aly1kwqju7|03|com"; nocase; ) # 1nbfdgtlj935p1ud9xd618tvnkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nbfdgtlj935p1ud9xd618tvnkt|03|com"; nocase; ) # 1nzpqga1v343ej1v3bjs716cudpi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nzpqga1v343ej1v3bjs716cudpi|03|org"; nocase; ) # ksk4foajwhibj5j0x6l9ygd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ksk4foajwhibj5j0x6l9ygd|03|net"; nocase; ) # rqygqs9a8afnlpwna8jmv8q0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rqygqs9a8afnlpwna8jmv8q0|03|biz"; nocase; ) # 18mrwdu16vh2hx16ulemtpl01fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18mrwdu16vh2hx16ulemtpl01fp|03|net"; nocase; ) # 12qcdgf1ltn6a2np5e41xr7kh0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12qcdgf1ltn6a2np5e41xr7kh0|03|org"; nocase; ) # 1627bt52e8i5z11nlhzl1qyyol8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1627bt52e8i5z11nlhzl1qyyol8|03|com"; nocase; ) # 1yncjs31n6due819u2yj51q4jvct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yncjs31n6due819u2yj51q4jvct|03|net"; nocase; ) # w20mau18tq4n11j2gg9y13p8h97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w20mau18tq4n11j2gg9y13p8h97|03|org"; nocase; ) # 1thif7d1i0rudk1ez9nwyxxxlqn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1thif7d1i0rudk1ez9nwyxxxlqn|03|com"; nocase; ) # dfevgr1l6m8qu133eq8s19twu0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dfevgr1l6m8qu133eq8s19twu0x|03|org"; nocase; ) # luk452jeaoiy196i3taeqr6es.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|luk452jeaoiy196i3taeqr6es|03|biz"; nocase; ) # gh41aa1gb7z0o1qgz2bq44pugu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gh41aa1gb7z0o1qgz2bq44pugu|03|net"; nocase; ) # 1vo66q5e0lgap1ba424h1ljfvp2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vo66q5e0lgap1ba424h1ljfvp2|03|biz"; nocase; ) # 1ky3zbb310iyqtwe96cj80pjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ky3zbb310iyqtwe96cj80pjv|03|org"; nocase; ) # fg53rfwzrngj15hx5fu62ihxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fg53rfwzrngj15hx5fu62ihxg|03|com"; nocase; ) # qu9y0hgnwdl3s447we1jz9ikp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qu9y0hgnwdl3s447we1jz9ikp|03|net"; nocase; ) # nacstl1wu0pnu1g1fbaplngq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nacstl1wu0pnu1g1fbaplngq3|03|com"; nocase; ) # 10cv59g1tc10n73t49oz14hz184.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10cv59g1tc10n73t49oz14hz184|03|org"; nocase; ) # 2xrb7j1tha2b91rsg3firqjt81.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xrb7j1tha2b91rsg3firqjt81|03|biz"; nocase; ) # 6mp5scqgi3ll1f6gix25utjby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6mp5scqgi3ll1f6gix25utjby|03|org"; nocase; ) # zwmrot1yc5gzv7v8exk2uucrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwmrot1yc5gzv7v8exk2uucrk|03|com"; nocase; ) # 1ygle03ezq39evaeii71fcc9uz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygle03ezq39evaeii71fcc9uz|03|com"; nocase; ) # r3rkittzv9tbkkjp6g1ph3x7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r3rkittzv9tbkkjp6g1ph3x7|03|biz"; nocase; ) # fzby591b5raai1femzdm10q8x35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fzby591b5raai1femzdm10q8x35|03|com"; nocase; ) # h3qg5u6957mipkdffi1c67n6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3qg5u6957mipkdffi1c67n6o|03|net"; nocase; ) # 142c0owo25noi1kepyjn1lghfp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142c0owo25noi1kepyjn1lghfp0|03|org"; nocase; ) # t953c71lk9vx417j0ej4ffnnpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t953c71lk9vx417j0ej4ffnnpi|03|com"; nocase; ) # 7j7oqy1f2wrc51qskahh52dwyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7j7oqy1f2wrc51qskahh52dwyb|03|org"; nocase; ) # 19j58outnv1yb1d7nvgb19uk24z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19j58outnv1yb1d7nvgb19uk24z|03|com"; nocase; ) # 1gpt0j3f4p1pb13gzyqp1qyk7pa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gpt0j3f4p1pb13gzyqp1qyk7pa|03|biz"; nocase; ) # 6qbwletvg0qgq77n9c1nowr68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6qbwletvg0qgq77n9c1nowr68|03|com"; nocase; ) # 1t2sw0fnz5hnlr35g3c16r8eqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t2sw0fnz5hnlr35g3c16r8eqa|03|org"; nocase; ) # 1xuta5o133cx511tibuao9yhjzw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xuta5o133cx511tibuao9yhjzw|03|org"; nocase; ) # 1hbybgoog5uyj110p31516ur90w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hbybgoog5uyj110p31516ur90w|03|net"; nocase; ) # 7vgu541eikvp1fdrmxdhpqo1u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7vgu541eikvp1fdrmxdhpqo1u|03|net"; nocase; ) # x3hlw41wxc7v5s3vct48iowr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x3hlw41wxc7v5s3vct48iowr|03|biz"; nocase; ) # 1kyqi84qmc6th1krnf411nf9gkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kyqi84qmc6th1krnf411nf9gkf|03|org"; nocase; ) # h1db1r1l3vskd1xnzbg4ddhgnx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h1db1r1l3vskd1xnzbg4ddhgnx|03|org"; nocase; ) # 1qgqdj71wp4xfu1p92row1axv6qx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qgqdj71wp4xfu1p92row1axv6qx|03|org"; nocase; ) # 1j1t3u3ozghwp8ljspcwwkp3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j1t3u3ozghwp8ljspcwwkp3k|03|com"; nocase; ) # sgbjed1snijh04k26av1wh30rk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sgbjed1snijh04k26av1wh30rk|03|org"; nocase; ) # qe7ldrx71gxl1hna99a1tzp07n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qe7ldrx71gxl1hna99a1tzp07n|03|com"; nocase; ) # 1rzkebi1bllpvm1lihiyy1kp7e0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rzkebi1bllpvm1lihiyy1kp7e0|03|net"; nocase; ) # pkyqh6x01wz9j1olldp1tzfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pkyqh6x01wz9j1olldp1tzfy|03|net"; nocase; ) # 8gqe1kxg586dk7hnvumox2jk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8gqe1kxg586dk7hnvumox2jk|03|org"; nocase; ) # ookgwk1uxavoy10h2dc3gyagu5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ookgwk1uxavoy10h2dc3gyagu5|03|net"; nocase; ) # 1ta9xrh1wevohxhpy4qrg9kmqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ta9xrh1wevohxhpy4qrg9kmqh|03|org"; nocase; ) # 18yyxg8o0ollffdra15fdoi5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18yyxg8o0ollffdra15fdoi5q|03|com"; nocase; ) # 1m9cwiuvahj1u10m2g9q1tjz6nj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m9cwiuvahj1u10m2g9q1tjz6nj|03|net"; nocase; ) # 1m4tpg11ddw4d8zuf9ht1wixob4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4tpg11ddw4d8zuf9ht1wixob4|03|net"; nocase; ) # 1w8h6141q8andn2ycyfdggg9az.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w8h6141q8andn2ycyfdggg9az|03|net"; nocase; ) # 7tnr3j12otq5d1svx21ilgrtn5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7tnr3j12otq5d1svx21ilgrtn5|03|com"; nocase; ) # 1t37m91xzq3hk5xr47ct2gf4h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t37m91xzq3hk5xr47ct2gf4h|03|biz"; nocase; ) # tfpes2khz5pm7x6x85oxkwfl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tfpes2khz5pm7x6x85oxkwfl|03|org"; nocase; ) # 11q0lulihlfy81l73fyqel6rsq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11q0lulihlfy81l73fyqel6rsq|03|biz"; nocase; ) # 1wfsk5f1y1tbmd1mttf36796q9a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfsk5f1y1tbmd1mttf36796q9a|03|com"; nocase; ) # sjuo4h1pxdv1hbrodzd150s0nb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sjuo4h1pxdv1hbrodzd150s0nb|03|org"; nocase; ) # 1qbu6b11kaq04r1dx7y01107ar6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qbu6b11kaq04r1dx7y01107ar6s|03|net"; nocase; ) # 1ta093k1lei2v2zp8ynbwi9pp4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ta093k1lei2v2zp8ynbwi9pp4|03|com"; nocase; ) # z33iofvrl46lfdyz2ypbwxuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z33iofvrl46lfdyz2ypbwxuj|03|com"; nocase; ) # 39nbv7hmnnua17rvqax1h5ja8b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39nbv7hmnnua17rvqax1h5ja8b|03|org"; nocase; ) # kaolym1q1zpex1ldi31hartu1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kaolym1q1zpex1ldi31hartu1w|03|com"; nocase; ) # 2jefww1ju97pn16e9zhhti70bu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2jefww1ju97pn16e9zhhti70bu|03|net"; nocase; ) # 1w0bwhqb7m4fm2009kx1rsq5t7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w0bwhqb7m4fm2009kx1rsq5t7|03|net"; nocase; ) # 14amnbm1asu2cf8gax8a1g015u4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14amnbm1asu2cf8gax8a1g015u4|03|biz"; nocase; ) # 14xm0901tbdw7w1rmhpi51rhlr8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14xm0901tbdw7w1rmhpi51rhlr8d|03|org"; nocase; ) # 1yn60j1mx3lseqy81jz1bzf4ua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yn60j1mx3lseqy81jz1bzf4ua|03|net"; nocase; ) # 11szu1v1p50zendyhra514xt21n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11szu1v1p50zendyhra514xt21n|03|com"; nocase; ) # ssmksd18g5ghw1x5nc5hggp19v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ssmksd18g5ghw1x5nc5hggp19v|03|net"; nocase; ) # a058ru166ab5r1iiy8indz0yi0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a058ru166ab5r1iiy8indz0yi0|03|com"; nocase; ) # 15ueucd9p7dan1c5ysrc17mso0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ueucd9p7dan1c5ysrc17mso0h|03|org"; nocase; ) # 1xqlkhy1v198iu1314ut21mxecs7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xqlkhy1v198iu1314ut21mxecs7|03|org"; nocase; ) # 1wat5yu1fa48rr1oa2ysz182dsa1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wat5yu1fa48rr1oa2ysz182dsa1|03|com"; nocase; ) # 1lusm6lpqekn91g16wfs18u9ymk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lusm6lpqekn91g16wfs18u9ymk|03|biz"; nocase; ) # 16txk24b0wh2jb2msbihqzie0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16txk24b0wh2jb2msbihqzie0|03|org"; nocase; ) # 14ysk1d1i00toyztlgndkgfavt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ysk1d1i00toyztlgndkgfavt|03|net"; nocase; ) # i1l0s315eqk5evhk8o9jafhy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i1l0s315eqk5evhk8o9jafhy|03|org"; nocase; ) # w2nqq51b3qxvs1pn7seq192hjhp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w2nqq51b3qxvs1pn7seq192hjhp|03|net"; nocase; ) # sjd5pd14a8lrhp6h4am1in6y41.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sjd5pd14a8lrhp6h4am1in6y41|03|biz"; nocase; ) # 15jxz1mctrxffqro0sljo686o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15jxz1mctrxffqro0sljo686o|03|net"; nocase; ) # 1kp92zocq22w1e4g67fga8037.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kp92zocq22w1e4g67fga8037|03|com"; nocase; ) # h1xsma855dtu1uu7gf4rv766.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h1xsma855dtu1uu7gf4rv766|03|com"; nocase; ) # 1mq99ggqi1zq11gzn019lfk8il.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mq99ggqi1zq11gzn019lfk8il|03|net"; nocase; ) # 1esm5jrlkgb0xd8q87bcocq7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1esm5jrlkgb0xd8q87bcocq7j|03|org"; nocase; ) # 18jrkb11vzpesc1dvicxw165o4di.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18jrkb11vzpesc1dvicxw165o4di|03|com"; nocase; ) # xhe4f96hj35ejez5t01ug3nxc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xhe4f96hj35ejez5t01ug3nxc|03|net"; nocase; ) # 7cyh3ldv9z62zdjvgt16g1wx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7cyh3ldv9z62zdjvgt16g1wx0|03|net"; nocase; ) # 1s6i27l6ajbro1igtq2liwwpg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s6i27l6ajbro1igtq2liwwpg4|03|org"; nocase; ) # 2dxfzpgheiwiirbjj7aa4p22.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2dxfzpgheiwiirbjj7aa4p22|03|org"; nocase; ) # 1b706fcwxz58m1qxh5ee138rylj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b706fcwxz58m1qxh5ee138rylj|03|com"; nocase; ) # wsqbdbi4ryi7vbk7v0o2jclm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wsqbdbi4ryi7vbk7v0o2jclm|03|net"; nocase; ) # 1dr1vj31u2sdbnvxoxu8b97hey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dr1vj31u2sdbnvxoxu8b97hey|03|org"; nocase; ) # 186fg9xl6oyfy1ydhxo1wwk2xx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|186fg9xl6oyfy1ydhxo1wwk2xx|03|net"; nocase; ) # te1na73zh9mc1eqguy91tbfhlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|te1na73zh9mc1eqguy91tbfhlt|03|org"; nocase; ) # 51l39h117kuk5no7gut1emnlgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|51l39h117kuk5no7gut1emnlgq|03|com"; nocase; ) # yg71gi1kb6dkl1yh1rt61hb1xf3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yg71gi1kb6dkl1yh1rt61hb1xf3|03|com"; nocase; ) # 1dy29399olqva1kkyq7ewhgn6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dy29399olqva1kkyq7ewhgn6e|03|org"; nocase; ) # 18b56cfrh8cyk14x9icd1prxqvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18b56cfrh8cyk14x9icd1prxqvc|03|org"; nocase; ) # nls6ex1xqsguiipjq9r1yrsneg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nls6ex1xqsguiipjq9r1yrsneg|03|net"; nocase; ) # k9rp8o3g6jiz1c80cwsikbsym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k9rp8o3g6jiz1c80cwsikbsym|03|net"; nocase; ) # 198jdn3rg9c711lbj9to1ni8rvy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|198jdn3rg9c711lbj9to1ni8rvy|03|org"; nocase; ) # 1vhd3kq18ekcbfvimlhq16btwzc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vhd3kq18ekcbfvimlhq16btwzc|03|com"; nocase; ) # rhndmn7lp0nl1vjmpy98ckkcy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhndmn7lp0nl1vjmpy98ckkcy|03|biz"; nocase; ) # 1k3oxj029y1se198yk30ta5nfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3oxj029y1se198yk30ta5nfg|03|com"; nocase; ) # 16pgkh6cltx3leym1ucvymczd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16pgkh6cltx3leym1ucvymczd|03|com"; nocase; ) # 1dzyu03lidlzh1k10duc1yolqmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dzyu03lidlzh1k10duc1yolqmb|03|net"; nocase; ) # 1aiaeam1g4vh6ingxhc91twsbvz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aiaeam1g4vh6ingxhc91twsbvz|03|net"; nocase; ) # 1wt7khh1ha4bmju6jokdj4niy2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wt7khh1ha4bmju6jokdj4niy2|03|com"; nocase; ) # 11ig76cnlgaxkj5zxe13mcvjg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11ig76cnlgaxkj5zxe13mcvjg|03|net"; nocase; ) # ufpzan1a65y2z1g88ikh3qbnyp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ufpzan1a65y2z1g88ikh3qbnyp|03|net"; nocase; ) # kngymp1jyeyngk08f8vwx0gf3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kngymp1jyeyngk08f8vwx0gf3|03|com"; nocase; ) # exyw91sq0ab61yuufyvcxd305.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exyw91sq0ab61yuufyvcxd305|03|net"; nocase; ) # vnxcjhia0zzh1tdkl4r5hokn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vnxcjhia0zzh1tdkl4r5hokn9|03|net"; nocase; ) # mejq7dyxwhleu83to21g5som1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mejq7dyxwhleu83to21g5som1|03|com"; nocase; ) # 1ur57ru2p0f0j1yhhoy7197y77i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ur57ru2p0f0j1yhhoy7197y77i|03|com"; nocase; ) # 1vinq5u11l7z171bryu3t1m8uadt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vinq5u11l7z171bryu3t1m8uadt|03|org"; nocase; ) # 1r94rwqrzv8c44j6g7ml8i15k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r94rwqrzv8c44j6g7ml8i15k|03|org"; nocase; ) # 1c11yim15bvqilh9frvp1v3ahrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c11yim15bvqilh9frvp1v3ahrp|03|org"; nocase; ) # 1rt0e1w1l8tk2bp3l9111pl06wf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rt0e1w1l8tk2bp3l9111pl06wf|03|com"; nocase; ) # jltoyj1eucps31q4986pdwxf5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jltoyj1eucps31q4986pdwxf5i|03|biz"; nocase; ) # 1722te1maaq8jdc2b8km8nnna.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1722te1maaq8jdc2b8km8nnna|03|org"; nocase; ) # 17d694j4h1fmjonqtdb1pb2k7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17d694j4h1fmjonqtdb1pb2k7g|03|net"; nocase; ) # 8la9gnoxex3n1cg9s3apmlglz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8la9gnoxex3n1cg9s3apmlglz|03|com"; nocase; ) # 1ksbrht1tkzg7u1sy6nmcbqtx3x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ksbrht1tkzg7u1sy6nmcbqtx3x|03|org"; nocase; ) # 1dugk6a7y901m1r39tvbhzm5xv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dugk6a7y901m1r39tvbhzm5xv|03|com"; nocase; ) # nnkdwy1pud0ds16r2u38pnysnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nnkdwy1pud0ds16r2u38pnysnl|03|biz"; nocase; ) # 16wznm11ufea461u2kt14xhqw3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16wznm11ufea461u2kt14xhqw3l|03|net"; nocase; ) # gcklzb1lm33zk1md92qy1eyqbco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gcklzb1lm33zk1md92qy1eyqbco|03|org"; nocase; ) # 1meg2u1jop4152ak9ll1064ls8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1meg2u1jop4152ak9ll1064ls8|03|net"; nocase; ) # hu0oxppbpegi1ipus6uraujdj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hu0oxppbpegi1ipus6uraujdj|03|net"; nocase; ) # 5ldmnc1yvaa8gy3ty0rl2n9ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ldmnc1yvaa8gy3ty0rl2n9ap|03|net"; nocase; ) # 5qyzb1hz9eab19g3k1wdufqqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5qyzb1hz9eab19g3k1wdufqqm|03|org"; nocase; ) # 12biewy1vl5zd514kg2wh1c4jr9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12biewy1vl5zd514kg2wh1c4jr9|03|net"; nocase; ) # 1y2t86otk9alb1u4d1wp19cz0gg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y2t86otk9alb1u4d1wp19cz0gg|03|biz"; nocase; ) # 17ee5zb1mmt5dy1m64kyz4j5bb2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ee5zb1mmt5dy1m64kyz4j5bb2|03|org"; nocase; ) # 1valxp19xq75tyfrfyb1tqsp5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1valxp19xq75tyfrfyb1tqsp5e|03|net"; nocase; ) # l6glc0bu8v09n6l1itgn019h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l6glc0bu8v09n6l1itgn019h|03|org"; nocase; ) # 1anyuthj210bm19p1u4m1mn67ix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1anyuthj210bm19p1u4m1mn67ix|03|com"; nocase; ) # 1pxzq3uikv23a131814ybtesqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pxzq3uikv23a131814ybtesqi|03|net"; nocase; ) # 3qjg5lvief4bre0fhc1xtdn43.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3qjg5lvief4bre0fhc1xtdn43|03|com"; nocase; ) # cdfiqshshxz41sh9le6vozoiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cdfiqshshxz41sh9le6vozoiw|03|com"; nocase; ) # 17zsj9tte6ng9xcgafh13gowbc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zsj9tte6ng9xcgafh13gowbc|03|net"; nocase; ) # mvgbe91q1w6jtkddck4bt2isr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mvgbe91q1w6jtkddck4bt2isr|03|net"; nocase; ) # 1l2l75x1qgh9f51ki83upvrg1dg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l2l75x1qgh9f51ki83upvrg1dg|03|org"; nocase; ) # 18l0r41daq9zx1kqcy9s10fwsig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18l0r41daq9zx1kqcy9s10fwsig|03|com"; nocase; ) # wb4xa7xovqek4qvsmut0thoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wb4xa7xovqek4qvsmut0thoj|03|org"; nocase; ) # 9gltgv2yb4g1xzm5zh4ddxb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9gltgv2yb4g1xzm5zh4ddxb3|03|net"; nocase; ) # m4k2xfd8fl9l19lywz81oktjk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m4k2xfd8fl9l19lywz81oktjk8|03|com"; nocase; ) # 1rrc7n71pqo05h1fqiohckyzur3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rrc7n71pqo05h1fqiohckyzur3|03|com"; nocase; ) # 13jsh4hiesqevghpx5m1jb2p2l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13jsh4hiesqevghpx5m1jb2p2l|03|com"; nocase; ) # 79nfsoexptvy1aa3qsd1xo49xe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79nfsoexptvy1aa3qsd1xo49xe|03|org"; nocase; ) # 1gy6jkxi05lnzvc6axd1f13yss.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gy6jkxi05lnzvc6axd1f13yss|03|biz"; nocase; ) # hs9ho51y1blvfg89hqo5u8aoo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hs9ho51y1blvfg89hqo5u8aoo|03|net"; nocase; ) # 1rkbtqj1h26r4vcpba8q197he87.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkbtqj1h26r4vcpba8q197he87|03|net"; nocase; ) # t7azby1b9tf6y1a1yl34kfli32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t7azby1b9tf6y1a1yl34kfli32|03|net"; nocase; ) # 143kus57ut4zuj3jno1lvlelr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|143kus57ut4zuj3jno1lvlelr|03|org"; nocase; ) # 1360n7toia92p164cibg1b0qz4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1360n7toia92p164cibg1b0qz4n|03|net"; nocase; ) # 1vbcqsg1qi1d28lfe2l5npquj5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbcqsg1qi1d28lfe2l5npquj5|03|net"; nocase; ) # 1gbull31xmii5j1vmlzit1lccoho.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gbull31xmii5j1vmlzit1lccoho|03|org"; nocase; ) # 1fqq5fv1cl0iqe195f54m127rlh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fqq5fv1cl0iqe195f54m127rlh9|03|com"; nocase; ) # 1alnaf35a77ka1x2tsa3pm6g3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alnaf35a77ka1x2tsa3pm6g3c|03|net"; nocase; ) # 5jyi694nkyz91ek5ocdb0jh5a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5jyi694nkyz91ek5ocdb0jh5a|03|com"; nocase; ) # kff7hs12j8ppafuocgl149vy1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kff7hs12j8ppafuocgl149vy1x|03|com"; nocase; ) # fjsamr5qrmxzkn05bwu6ornf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fjsamr5qrmxzkn05bwu6ornf|03|net"; nocase; ) # 1qwhydw1xla55w1uoqlksplbkzr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwhydw1xla55w1uoqlksplbkzr|03|org"; nocase; ) # 1o6rhbxhrhey41scdhs1xwkwiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o6rhbxhrhey41scdhs1xwkwiy|03|com"; nocase; ) # 1efg9mu17xkajw1bdcvdts0hpww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1efg9mu17xkajw1bdcvdts0hpww|03|net"; nocase; ) # 7nrcul75pryqp4y4oy152t0ci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7nrcul75pryqp4y4oy152t0ci|03|net"; nocase; ) # 2s5aag1ish332l4bo81gd0srk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2s5aag1ish332l4bo81gd0srk|03|com"; nocase; ) # 25q2aj1u7nwg127osy5rhqf8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|25q2aj1u7nwg127osy5rhqf8g|03|org"; nocase; ) # regoakfihblt2fepxq1am1vo9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|regoakfihblt2fepxq1am1vo9|03|biz"; nocase; ) # 1bpx34zfwbc1gp0o76i1ufbn4w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpx34zfwbc1gp0o76i1ufbn4w|03|org"; nocase; ) # kf9d9ncpf8td1wetnetj4v94b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kf9d9ncpf8td1wetnetj4v94b|03|biz"; nocase; ) # z69hivvz7987nfrofrnyjj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|z69hivvz7987nfrofrnyjj|03|biz"; nocase; ) # 67x8lg18ccsqv1ad19do1dlgnef.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|67x8lg18ccsqv1ad19do1dlgnef|03|net"; nocase; ) # 10wwx0ezagvu7g7euct123j6gw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wwx0ezagvu7g7euct123j6gw|03|org"; nocase; ) # aax97d1szxy4l1ssvwqv1nxmq4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aax97d1szxy4l1ssvwqv1nxmq4q|03|biz"; nocase; ) # 1az1qv3vhayzuv15u8uhex2ca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1az1qv3vhayzuv15u8uhex2ca|03|com"; nocase; ) # ebfpxt140ka2hdxy1l01hzacu4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ebfpxt140ka2hdxy1l01hzacu4|03|org"; nocase; ) # h7kms51qka2ld17t2yhf9arsaj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h7kms51qka2ld17t2yhf9arsaj|03|biz"; nocase; ) # 11pgt3ospn3la1rblhde14rhlza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11pgt3ospn3la1rblhde14rhlza|03|net"; nocase; ) # 18g8viu14l3fg3130w11hqihiuk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18g8viu14l3fg3130w11hqihiuk|03|org"; nocase; ) # 2p016a1mtpms51qmmxfzmh5b9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2p016a1mtpms51qmmxfzmh5b9e|03|biz"; nocase; ) # 7q8w631qf6h3q1jqhy0n3lebwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7q8w631qf6h3q1jqhy0n3lebwc|03|com"; nocase; ) # 1sjn2z01slj1z9119jj8c1xezshg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sjn2z01slj1z9119jj8c1xezshg|03|org"; nocase; ) # 10wqrjd1rijock1fw36hmf8utgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10wqrjd1rijock1fw36hmf8utgq|03|com"; nocase; ) # 1o0ogookv7ycpurdm361olzogh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o0ogookv7ycpurdm361olzogh|03|biz"; nocase; ) # k4w5h2gqxdr517oegaa1rd0ft4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k4w5h2gqxdr517oegaa1rd0ft4|03|net"; nocase; ) # 11azhpp6ecamkui4powiukeuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11azhpp6ecamkui4powiukeuj|03|com"; nocase; ) # is45r0nvlhexpq8zt01jrbrnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|is45r0nvlhexpq8zt01jrbrnj|03|net"; nocase; ) # 50958g1pnnolxl3k7rme5zkxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50958g1pnnolxl3k7rme5zkxj|03|net"; nocase; ) # 1xi3oxs6htm0r1lm4uzffpsgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xi3oxs6htm0r1lm4uzffpsgg|03|com"; nocase; ) # g6yabt1cnmnss1sewdgwk9qf8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6yabt1cnmnss1sewdgwk9qf8b|03|com"; nocase; ) # 8zed4vw4xys11diktbg1re0ol0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8zed4vw4xys11diktbg1re0ol0|03|net"; nocase; ) # sy230wgdou1ksek60rk6cjom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sy230wgdou1ksek60rk6cjom|03|org"; nocase; ) # sggidf1vs29fowtvnp815ixasq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sggidf1vs29fowtvnp815ixasq|03|net"; nocase; ) # 1fvjlmmv2peujffz9hk1m0qg3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fvjlmmv2peujffz9hk1m0qg3i|03|com"; nocase; ) # bjyz8ntmhpyxaukbei1q8a00w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjyz8ntmhpyxaukbei1q8a00w|03|com"; nocase; ) # 1kutchi11aztky3k2dan1ldcycb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kutchi11aztky3k2dan1ldcycb|03|org"; nocase; ) # 1q7hsc3mvjl0g14mvga57pr02o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q7hsc3mvjl0g14mvga57pr02o|03|com"; nocase; ) # l8gx9hqtcia11vplip01p1wb1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l8gx9hqtcia11vplip01p1wb1g|03|biz"; nocase; ) # 1p2iu8b1wfree982d1x41ym2m21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p2iu8b1wfree982d1x41ym2m21|03|com"; nocase; ) # tllkdykxzrkg1vmp4ic7xasea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tllkdykxzrkg1vmp4ic7xasea|03|net"; nocase; ) # bqbsgb14q9waqcsaw90hdxow8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bqbsgb14q9waqcsaw90hdxow8|03|org"; nocase; ) # wbrkkh24bo0hhiihfhkbz717.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wbrkkh24bo0hhiihfhkbz717|03|com"; nocase; ) # uekt1lpxlj2pykasnj17y5x3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uekt1lpxlj2pykasnj17y5x3c|03|com"; nocase; ) # 113up0vyzacxg1yu6sjxfid3p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|113up0vyzacxg1yu6sjxfid3p|03|biz"; nocase; ) # kgvfsj10k3ga73bimeu1ypxdqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kgvfsj10k3ga73bimeu1ypxdqk|03|biz"; nocase; ) # ssjin618499151gr1vtu1ssvy0l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ssjin618499151gr1vtu1ssvy0l|03|com"; nocase; ) # ad92cjh77x361hhgjun1802axw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ad92cjh77x361hhgjun1802axw|03|net"; nocase; ) # 1y5uxb116qwe8biszhmt163ql75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y5uxb116qwe8biszhmt163ql75|03|com"; nocase; ) # 1ohl6jf15s07kcq2dux1adilfv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ohl6jf15s07kcq2dux1adilfv|03|org"; nocase; ) # huzwvj1dpmkq71gdp3pp1lcyuch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|huzwvj1dpmkq71gdp3pp1lcyuch|03|org"; nocase; ) # 1oyc1su3yo9hf1dive0u1cua3pp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oyc1su3yo9hf1dive0u1cua3pp|03|com"; nocase; ) # sw7fasv3a4th1ey3e5zn34mnw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sw7fasv3a4th1ey3e5zn34mnw|03|com"; nocase; ) # 154q2ny1u9c3nz15qon301yr88er.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|154q2ny1u9c3nz15qon301yr88er|03|biz"; nocase; ) # 1lvn6wj1eypnox9b8aiwuxrxwo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lvn6wj1eypnox9b8aiwuxrxwo|03|net"; nocase; ) # uokleoqq5bk61ljgur0d6n3qs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uokleoqq5bk61ljgur0d6n3qs|03|net"; nocase; ) # 9xm70nw1qzzh1my388wpsr8ud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xm70nw1qzzh1my388wpsr8ud|03|com"; nocase; ) # 1rinb90sroylo13m5ll41dd7f6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rinb90sroylo13m5ll41dd7f6j|03|org"; nocase; ) # lt2a1i1tvndb15k9oda1r3t7q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lt2a1i1tvndb15k9oda1r3t7q|03|biz"; nocase; ) # 8vv0kgq21l9x19gupicso7jd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8vv0kgq21l9x19gupicso7jd6|03|net"; nocase; ) # yldq8dta2uys1w9xpeio3u4du.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yldq8dta2uys1w9xpeio3u4du|03|biz"; nocase; ) # 12pc8m51evh9hqkogbnn119taa0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12pc8m51evh9hqkogbnn119taa0|03|com"; nocase; ) # 18lndqb1al1bby19yffzbh9uqgs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18lndqb1al1bby19yffzbh9uqgs|03|net"; nocase; ) # qk5nwzawgbkrq4xx7co3usvg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qk5nwzawgbkrq4xx7co3usvg|03|biz"; nocase; ) # q0x14s53wse0n81ivdle2n87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q0x14s53wse0n81ivdle2n87|03|com"; nocase; ) # 7ccxj51vo10qflxqulg17w2iug.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ccxj51vo10qflxqulg17w2iug|03|biz"; nocase; ) # 1ipctyu1ks17t91rqovsv1s1gxm7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ipctyu1ks17t91rqovsv1s1gxm7|03|com"; nocase; ) # 6dxncn1mz36vc1htquba4mnbk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6dxncn1mz36vc1htquba4mnbk7|03|org"; nocase; ) # 1ckdzns1kca0m17we82v1wj4z0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ckdzns1kca0m17we82v1wj4z0p|03|net"; nocase; ) # 8ux7i21kcw2zt1hvd5eyhq1gg5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ux7i21kcw2zt1hvd5eyhq1gg5|03|net"; nocase; ) # thycz9l3i5t91vosbeqtk1b5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thycz9l3i5t91vosbeqtk1b5o|03|net"; nocase; ) # 1ifps671h6ndog4tzivfkg55zc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ifps671h6ndog4tzivfkg55zc|03|net"; nocase; ) # xsrdgc184stas1worluv1h9nktr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xsrdgc184stas1worluv1h9nktr|03|com"; nocase; ) # 17q5g3luq1ocq19im0gzswiroa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17q5g3luq1ocq19im0gzswiroa|03|net"; nocase; ) # 1p6hscoq09u8d11uk6dl1mks22q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p6hscoq09u8d11uk6dl1mks22q|03|org"; nocase; ) # 1kd6c4d18cypps1lqra381h10a8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kd6c4d18cypps1lqra381h10a8u|03|net"; nocase; ) # i0g47j18trv6u8ulfti145eqgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i0g47j18trv6u8ulfti145eqgo|03|net"; nocase; ) # 17sz9d2du6j75ilspq31304bqp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17sz9d2du6j75ilspq31304bqp|03|net"; nocase; ) # pz6yse1mtmfhoygzfny5krepj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pz6yse1mtmfhoygzfny5krepj|03|org"; nocase; ) # mzi4fa1glo7ngq91lo736gttm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mzi4fa1glo7ngq91lo736gttm|03|org"; nocase; ) # sr7s8a1cmkvld5vrs1kocf0ry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sr7s8a1cmkvld5vrs1kocf0ry|03|com"; nocase; ) # 1rqer4t5powj2h7vqep1lopuvr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rqer4t5powj2h7vqep1lopuvr|03|biz"; nocase; ) # 104fs4v157lh2wqqpe11uythz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|104fs4v157lh2wqqpe11uythz|03|net"; nocase; ) # 1wsetld90kuirnfycr1ewtpl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wsetld90kuirnfycr1ewtpl0|03|org"; nocase; ) # w362wp30uwq0ribnp1ekyp2m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w362wp30uwq0ribnp1ekyp2m|03|biz"; nocase; ) # 1h9gt0m4qm1cu1l0q20919gqblm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h9gt0m4qm1cu1l0q20919gqblm|03|com"; nocase; ) # 55kqhyejcrwh136de2a12a3m3h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|55kqhyejcrwh136de2a12a3m3h|03|net"; nocase; ) # tmsti11khvc3p1k8q9ri1uy7v73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tmsti11khvc3p1k8q9ri1uy7v73|03|net"; nocase; ) # 15kpvoo1c1fh6a845sglg46ogc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15kpvoo1c1fh6a845sglg46ogc|03|biz"; nocase; ) # 1vhzf2n5bt8n212cmbn9e1fxnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vhzf2n5bt8n212cmbn9e1fxnx|03|net"; nocase; ) # 1fmhs7joq1w9j4bdgtb12ciy0y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fmhs7joq1w9j4bdgtb12ciy0y|03|org"; nocase; ) # 99j3um2iqv1gis7obheve9sl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|99j3um2iqv1gis7obheve9sl|03|biz"; nocase; ) # 1q6dib0duwf8h91etyyiwsc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1q6dib0duwf8h91etyyiwsc4|03|net"; nocase; ) # 1vhhrmfuu40571oev5fnkghr83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vhhrmfuu40571oev5fnkghr83|03|com"; nocase; ) # seehqy2eyvvymidbti183iwxa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|seehqy2eyvvymidbti183iwxa|03|biz"; nocase; ) # 132ip0yd3lphqol40ztrhjt9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|132ip0yd3lphqol40ztrhjt9j|03|org"; nocase; ) # 6wftyp1ccko5tefiiic2npi77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6wftyp1ccko5tefiiic2npi77|03|net"; nocase; ) # pb1txiv42vdmkygzafx6ort1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pb1txiv42vdmkygzafx6ort1|03|com"; nocase; ) # 1jr5z771wbrrjbvn3kyfk5ovad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jr5z771wbrrjbvn3kyfk5ovad|03|net"; nocase; ) # 6cam3yt7dzz21ep4sbqwzet6g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6cam3yt7dzz21ep4sbqwzet6g|03|biz"; nocase; ) # wh5md410v9gt418t912v175l9x2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wh5md410v9gt418t912v175l9x2|03|com"; nocase; ) # 5uqf0119lrng21jkxdonv5n6xu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5uqf0119lrng21jkxdonv5n6xu|03|biz"; nocase; ) # ctfwkz7xz5dx12xomlz1rhf53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctfwkz7xz5dx12xomlz1rhf53|03|net"; nocase; ) # 1qviya1olrwsuksxz74fgump.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qviya1olrwsuksxz74fgump|03|org"; nocase; ) # 5dw0enx8s09r1cvfvt97a2k7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5dw0enx8s09r1cvfvt97a2k7v|03|org"; nocase; ) # 39cz0e1w3fdgo1tf59tv1nt98tx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|39cz0e1w3fdgo1tf59tv1nt98tx|03|com"; nocase; ) # cfcvcr100lt8g1jtkz3a1fwox5k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cfcvcr100lt8g1jtkz3a1fwox5k|03|biz"; nocase; ) # 1em1az2lk7lmr1go8naqkcp0d6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1em1az2lk7lmr1go8naqkcp0d6|03|biz"; nocase; ) # 1js1kog5tgsmf3ug7uqz8tdm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1js1kog5tgsmf3ug7uqz8tdm|03|org"; nocase; ) # 1ni3toa2pchf1htnuq017m1e6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ni3toa2pchf1htnuq017m1e6h|03|org"; nocase; ) # 1uv887n8i51trcsjuw6o5iwxp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uv887n8i51trcsjuw6o5iwxp|03|com"; nocase; ) # 1ialnsi1q29eun1g26t2xe2nvn1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ialnsi1q29eun1g26t2xe2nvn1|03|net"; nocase; ) # 8a1o471s5glqn1t4q01m1wwrst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8a1o471s5glqn1t4q01m1wwrst|03|net"; nocase; ) # 1w83lsk1m8xric1oiafga8rkrm1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w83lsk1m8xric1oiafga8rkrm1|03|org"; nocase; ) # 1p2ffd41ik0foud3r0hweax8ft.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p2ffd41ik0foud3r0hweax8ft|03|biz"; nocase; ) # 1akvsm7prh4y4jbxbdo5xqygf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1akvsm7prh4y4jbxbdo5xqygf|03|biz"; nocase; ) # 1nmqnlsrs8ff57b14wls2psjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nmqnlsrs8ff57b14wls2psjt|03|com"; nocase; ) # 7y765ubzfdz41mxripqqvaqns.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7y765ubzfdz41mxripqqvaqns|03|biz"; nocase; ) # 1l11cxu1q1wid615b5zfx12sm0l3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l11cxu1q1wid615b5zfx12sm0l3|03|net"; nocase; ) # 1r5cuya1s3rxrp19agjfd1bpz4vs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r5cuya1s3rxrp19agjfd1bpz4vs|03|com"; nocase; ) # 1ulo1ec19oeunu154a59wbt9uba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ulo1ec19oeunu154a59wbt9uba|03|net"; nocase; ) # r3v29n10ijkker2c11u65fsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r3v29n10ijkker2c11u65fsu|03|net"; nocase; ) # 1298bdssakkwrgkjs1g1wi0n2e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1298bdssakkwrgkjs1g1wi0n2e|03|org"; nocase; ) # 1q4lx6rr306tkt5q29iw4s0np.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q4lx6rr306tkt5q29iw4s0np|03|com"; nocase; ) # 1bwzgh5vjkaf41ghcpv9edroc9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bwzgh5vjkaf41ghcpv9edroc9|03|biz"; nocase; ) # ujndrhdgk8ky13vr3ytruq3ef.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ujndrhdgk8ky13vr3ytruq3ef|03|net"; nocase; ) # x6ogj67y99hthrmko6v8gria.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x6ogj67y99hthrmko6v8gria|03|com"; nocase; ) # 13m86w2hayl3j5txv7w1m57cex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13m86w2hayl3j5txv7w1m57cex|03|org"; nocase; ) # 1skcq4g1dyobgg365a131upqz97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skcq4g1dyobgg365a131upqz97|03|net"; nocase; ) # 6my9f3pn1sjnwal6f71tktfpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6my9f3pn1sjnwal6f71tktfpa|03|biz"; nocase; ) # 1qko58ksln3msko7ww31z0gc70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qko58ksln3msko7ww31z0gc70|03|net"; nocase; ) # 14nvihiyn2dcfregffbz7sr5d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14nvihiyn2dcfregffbz7sr5d|03|com"; nocase; ) # st7p4h608by9k8v4nwahsfsc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|st7p4h608by9k8v4nwahsfsc|03|com"; nocase; ) # 1xb96ad37pajn2yvzueqzvdyh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xb96ad37pajn2yvzueqzvdyh|03|net"; nocase; ) # 2evgzb1dxvqv51528991g6hkzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2evgzb1dxvqv51528991g6hkzu|03|net"; nocase; ) # khudqfxcw58k1v12scm56h3vn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|khudqfxcw58k1v12scm56h3vn|03|com"; nocase; ) # 1e15hcg1uf6gaaeug0nv1oqpy46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e15hcg1uf6gaaeug0nv1oqpy46|03|org"; nocase; ) # b4kfvzb3hqid114enq41ondje5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4kfvzb3hqid114enq41ondje5|03|net"; nocase; ) # 19wl3yo1coutixm1o4piyj5l4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19wl3yo1coutixm1o4piyj5l4n|03|org"; nocase; ) # 1rq0g592m5qhb14yqhvv1j4m1fa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rq0g592m5qhb14yqhvv1j4m1fa|03|biz"; nocase; ) # 1feq0c11e8f7rc13e2zqep15y09.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1feq0c11e8f7rc13e2zqep15y09|03|net"; nocase; ) # 1uy30z519ufflfsf8t0317jj0yo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uy30z519ufflfsf8t0317jj0yo|03|org"; nocase; ) # 14206411xeyno7sjoukz2083p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14206411xeyno7sjoukz2083p|03|com"; nocase; ) # 1dokorq27572q1jyxn0e1cjgnbf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dokorq27572q1jyxn0e1cjgnbf|03|net"; nocase; ) # 1m6mvbkubj1odzpq5wx1kkzrtt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m6mvbkubj1odzpq5wx1kkzrtt|03|com"; nocase; ) # 17sce97ertdbs1r794kb1gg62tt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17sce97ertdbs1r794kb1gg62tt|03|net"; nocase; ) # 1usfs27pt6wi0iqcnm41sg7a8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1usfs27pt6wi0iqcnm41sg7a8b|03|com"; nocase; ) # 14m9s4ul9ow1b1a3sa53rhebgb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14m9s4ul9ow1b1a3sa53rhebgb|03|biz"; nocase; ) # 2smp5kbzpgfpxs9j8s129xzjh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2smp5kbzpgfpxs9j8s129xzjh|03|com"; nocase; ) # 1ixz5w1yql8oeg70mrg197lzcj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixz5w1yql8oeg70mrg197lzcj|03|org"; nocase; ) # 6psocpuixm4v19q1l9o10ws2m5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6psocpuixm4v19q1l9o10ws2m5|03|net"; nocase; ) # s8vusd1bkyvcx1o4qdfq17jafgo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s8vusd1bkyvcx1o4qdfq17jafgo|03|com"; nocase; ) # dg3vxs5ypyfjupe7yoxxqxt8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dg3vxs5ypyfjupe7yoxxqxt8|03|biz"; nocase; ) # r1sgzl14omo1txinbgq1xbo1bj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r1sgzl14omo1txinbgq1xbo1bj|03|org"; nocase; ) # rnpwttpbno3usjsnd2cu00r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|rnpwttpbno3usjsnd2cu00r|03|org"; nocase; ) # 199qzy5189e7x71t320s0pbq580.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|199qzy5189e7x71t320s0pbq580|03|net"; nocase; ) # c3jkcplrcqtgslrzurjjg1ow.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c3jkcplrcqtgslrzurjjg1ow|03|org"; nocase; ) # upafqrmt6tr99kn4sz1xp5d9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|upafqrmt6tr99kn4sz1xp5d9j|03|org"; nocase; ) # rem7111ismpxee2pjhj3r6864.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rem7111ismpxee2pjhj3r6864|03|org"; nocase; ) # 1uzmbvp1wnokl36m7bh1uvixvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uzmbvp1wnokl36m7bh1uvixvu|03|net"; nocase; ) # 1uji63lib0rjobu0u611ekc8iy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uji63lib0rjobu0u611ekc8iy|03|com"; nocase; ) # b4nmvar8v73xqkwcl1g9ln21.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b4nmvar8v73xqkwcl1g9ln21|03|net"; nocase; ) # zf2sd617jzgu17y2bue1hf8orm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zf2sd617jzgu17y2bue1hf8orm|03|org"; nocase; ) # 18ogbbl1lot3y71vu0dy18cjm3f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ogbbl1lot3y71vu0dy18cjm3f|03|org"; nocase; ) # uljkhw1tiurodqjkdnzwdf56d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uljkhw1tiurodqjkdnzwdf56d|03|org"; nocase; ) # 4usfrjlmp5uj1m9k63k1jpw7yy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4usfrjlmp5uj1m9k63k1jpw7yy|03|biz"; nocase; ) # o2iw8q11qyxag1q43fmt171fmmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o2iw8q11qyxag1q43fmt171fmmf|03|org"; nocase; ) # 4tehugzbhg9410xkhqn1q21gej.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4tehugzbhg9410xkhqn1q21gej|03|biz"; nocase; ) # 1do70la1qal2hj1g95j2c1d4inhq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1do70la1qal2hj1g95j2c1d4inhq|03|net"; nocase; ) # ul7i7c14tytga19czvhyn517ky.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ul7i7c14tytga19czvhyn517ky|03|biz"; nocase; ) # mf2fpaxx8n1t6yhhgo4huhrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mf2fpaxx8n1t6yhhgo4huhrb|03|com"; nocase; ) # 18i18sdptudyx182wvetb9sfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18i18sdptudyx182wvetb9sfu|03|biz"; nocase; ) # eo6k2o7ctrokewwn9wtquf7b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eo6k2o7ctrokewwn9wtquf7b|03|com"; nocase; ) # 1q15vyw17dnrqe1dxxu9g1ysjsgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q15vyw17dnrqe1dxxu9g1ysjsgb|03|net"; nocase; ) # 1je6rz3l936ru17ilto51r5w6m6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1je6rz3l936ru17ilto51r5w6m6|03|biz"; nocase; ) # 1gu330v13bxwq4mqoeov1wryjyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gu330v13bxwq4mqoeov1wryjyh|03|com"; nocase; ) # 1r4ow4p149dwy7dv36v1zqj3wx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4ow4p149dwy7dv36v1zqj3wx|03|net"; nocase; ) # 172j3fhw0ujpc3v0d26ggplz6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|172j3fhw0ujpc3v0d26ggplz6|03|org"; nocase; ) # 1k1fl51houpdr1w4poorvjv2cv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k1fl51houpdr1w4poorvjv2cv|03|org"; nocase; ) # ucmt3s1ee8n6448rdwz1vfytbj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ucmt3s1ee8n6448rdwz1vfytbj|03|biz"; nocase; ) # e1fvgyzaa83g14lhlsb1hixfi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1fvgyzaa83g14lhlsb1hixfi|03|net"; nocase; ) # i033lj1k7ef2c22fa3bpjy5hn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i033lj1k7ef2c22fa3bpjy5hn|03|com"; nocase; ) # kgnp6a14byg4z1tbc6aa175w4l0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kgnp6a14byg4z1tbc6aa175w4l0|03|biz"; nocase; ) # kgigiwrn733h161nsvz322gsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kgigiwrn733h161nsvz322gsz|03|net"; nocase; ) # 1twqmsvc3bzetlwfd9vd8r596.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1twqmsvc3bzetlwfd9vd8r596|03|org"; nocase; ) # 10vv5y512m34yr1g10bxi1tz7vmv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10vv5y512m34yr1g10bxi1tz7vmv|03|biz"; nocase; ) # 1v0s36mzh8iiv1bfegq2xf2z49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v0s36mzh8iiv1bfegq2xf2z49|03|net"; nocase; ) # a7j1j01egp7gu1mmgq3f1qwuvh4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a7j1j01egp7gu1mmgq3f1qwuvh4|03|com"; nocase; ) # 1mmru2j1ak9zhn1cbr7741qouc99.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mmru2j1ak9zhn1cbr7741qouc99|03|biz"; nocase; ) # d66u2w13c24ee18w1ylg4xj77n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d66u2w13c24ee18w1ylg4xj77n|03|com"; nocase; ) # 40y9af1ibyve0q5rk991rpygz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|40y9af1ibyve0q5rk991rpygz|03|biz"; nocase; ) # ytx0j51mmqeo91tx1qbvlrsd9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ytx0j51mmqeo91tx1qbvlrsd9m|03|net"; nocase; ) # kaqenr1ybozbw1uq837jecnnjo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kaqenr1ybozbw1uq837jecnnjo|03|com"; nocase; ) # 1ebwplqcejx8h1hxgj6mrpg0qq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ebwplqcejx8h1hxgj6mrpg0qq|03|org"; nocase; ) # 1370skf1iw5bw81hd082a17l39kg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1370skf1iw5bw81hd082a17l39kg|03|org"; nocase; ) # emb96m1stiggg7zysph85kdl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|emb96m1stiggg7zysph85kdl|03|net"; nocase; ) # 11v92y3qy4xoo1ssk9ehc951sb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11v92y3qy4xoo1ssk9ehc951sb|03|net"; nocase; ) # 8m9x7qk50s74cavbrradfkoe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8m9x7qk50s74cavbrradfkoe|03|net"; nocase; ) # 10ltq7mwjd12a1lnjknm1h0ps8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ltq7mwjd12a1lnjknm1h0ps8c|03|com"; nocase; ) # 1wsj3b41gftsu9d2gusfsmdik9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wsj3b41gftsu9d2gusfsmdik9|03|net"; nocase; ) # 2pzpqtl133cx19l7n04oecv8a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2pzpqtl133cx19l7n04oecv8a|03|biz"; nocase; ) # 1ch5g06as5cbajdmc3mlutu7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ch5g06as5cbajdmc3mlutu7w|03|com"; nocase; ) # a853utuevuq91h2f3j6l598hp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a853utuevuq91h2f3j6l598hp|03|net"; nocase; ) # ieboox1n4d5ffbrl0ykua7tsi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ieboox1n4d5ffbrl0ykua7tsi|03|org"; nocase; ) # 1h9qyao1p5v1k73d0k63jdvdhs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h9qyao1p5v1k73d0k63jdvdhs|03|org"; nocase; ) # ep91md19g77ce16rxpk9m4ptw8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ep91md19g77ce16rxpk9m4ptw8|03|org"; nocase; ) # fvmfd61qs1oos3xxj8n1lysnxr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fvmfd61qs1oos3xxj8n1lysnxr|03|biz"; nocase; ) # 3recna1x1jws6hwaqfb11e7app.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3recna1x1jws6hwaqfb11e7app|03|net"; nocase; ) # wd7ei9ssvo971urx39x126qosw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wd7ei9ssvo971urx39x126qosw|03|net"; nocase; ) # e4dakx1aadokp1ohjhlk16ircwz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e4dakx1aadokp1ohjhlk16ircwz|03|org"; nocase; ) # ylwtoq75odtabanqcqjawf1a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ylwtoq75odtabanqcqjawf1a|03|org"; nocase; ) # 1oru5x8oa97vzknjlfxd8rggl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oru5x8oa97vzknjlfxd8rggl|03|net"; nocase; ) # rrc5b7bi1ibol26w231lcy5dy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rrc5b7bi1ibol26w231lcy5dy|03|net"; nocase; ) # ov5yqcost2ga1e7r01z1baobo5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ov5yqcost2ga1e7r01z1baobo5|03|com"; nocase; ) # 1fs2ewdd600gf1i8sybn8c5qdx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fs2ewdd600gf1i8sybn8c5qdx|03|biz"; nocase; ) # 1vqtbn3d6n4iv1l6uaed1ee5nse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqtbn3d6n4iv1l6uaed1ee5nse|03|net"; nocase; ) # 1v0yctbi34dudot3h3q1nq0z5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v0yctbi34dudot3h3q1nq0z5|03|net"; nocase; ) # 1oh6wt7pm9tiq5bz1yqhcv91z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oh6wt7pm9tiq5bz1yqhcv91z|03|biz"; nocase; ) # qiaz21xu8bmpkm8hl69pn4ko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qiaz21xu8bmpkm8hl69pn4ko|03|com"; nocase; ) # 2ypi3f1gyntq37ed9cu19vkzjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ypi3f1gyntq37ed9cu19vkzjt|03|net"; nocase; ) # xjpl163myoeo1l89naswmhp0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xjpl163myoeo1l89naswmhp0d|03|net"; nocase; ) # fn872zvs5b6l18fjgcc1ic9hmm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fn872zvs5b6l18fjgcc1ic9hmm|03|biz"; nocase; ) # chldz11fxa7oj1ltnlammuaidc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chldz11fxa7oj1ltnlammuaidc|03|net"; nocase; ) # 4k61xzgfi2ydse6hrf14739r0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4k61xzgfi2ydse6hrf14739r0|03|org"; nocase; ) # 6ajnkh1420v40tin9q3o6ea5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ajnkh1420v40tin9q3o6ea5f|03|com"; nocase; ) # r36g191lcd4a51idpw821faj2g3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r36g191lcd4a51idpw821faj2g3|03|com"; nocase; ) # 16b3efjkg54q91873j21cr6f32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16b3efjkg54q91873j21cr6f32|03|org"; nocase; ) # 1cbw7gn2503n41imkma518suy75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cbw7gn2503n41imkma518suy75|03|net"; nocase; ) # vsw16u1tulber18zd84vjm01p3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vsw16u1tulber18zd84vjm01p3|03|biz"; nocase; ) # rb29c2p76d7tx2od7k1b9hx8c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rb29c2p76d7tx2od7k1b9hx8c|03|org"; nocase; ) # h3u4mpooqle7bb5zid1h5y6jw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3u4mpooqle7bb5zid1h5y6jw|03|org"; nocase; ) # 1pgncafzubzg519b1ya05sinx5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pgncafzubzg519b1ya05sinx5|03|biz"; nocase; ) # 1ee5an03yyc7o1ps0hcs1g0q8v0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ee5an03yyc7o1ps0hcs1g0q8v0|03|org"; nocase; ) # 9wzecf1png571pzpuzmnvg4dh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9wzecf1png571pzpuzmnvg4dh|03|net"; nocase; ) # 1yseqwd1hli3mgdvfas71q8swty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yseqwd1hli3mgdvfas71q8swty|03|com"; nocase; ) # 1r5c2rnlckeb1j5u8pmq0l1el.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r5c2rnlckeb1j5u8pmq0l1el|03|com"; nocase; ) # quxoj1o3hxj31oqagjs18eg3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|quxoj1o3hxj31oqagjs18eg3o|03|net"; nocase; ) # x2i1l61ty006y696sjjraom6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x2i1l61ty006y696sjjraom6l|03|net"; nocase; ) # oytzrn17n40v7i6i9jf1kxjw9v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oytzrn17n40v7i6i9jf1kxjw9v|03|com"; nocase; ) # 1drn2y81v98aoho6p9sx16awzwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1drn2y81v98aoho6p9sx16awzwa|03|org"; nocase; ) # 1drs9qg1wsnvdc1a6rvz1seknpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1drs9qg1wsnvdc1a6rvz1seknpl|03|com"; nocase; ) # 1x5cymp1rydlrk1xgua4sm8usha.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x5cymp1rydlrk1xgua4sm8usha|03|net"; nocase; ) # xeyozr19j97dw1xfzijdvt3m70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xeyozr19j97dw1xfzijdvt3m70|03|org"; nocase; ) # 1of5fuog9xg461fmojokpqhxl2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1of5fuog9xg461fmojokpqhxl2|03|org"; nocase; ) # 5rmv481lchfph1suxqml5ydcgm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5rmv481lchfph1suxqml5ydcgm|03|com"; nocase; ) # mn1xx45jvpz518oyt6kccuz7p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mn1xx45jvpz518oyt6kccuz7p|03|biz"; nocase; ) # zpeyjf13y1k6v158pj7m1uesgvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zpeyjf13y1k6v158pj7m1uesgvu|03|net"; nocase; ) # vwwx9scv7dmk1wmf4yl1hth92g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vwwx9scv7dmk1wmf4yl1hth92g|03|biz"; nocase; ) # 5xbkyp1vm61p31t5lp151r4sei3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5xbkyp1vm61p31t5lp151r4sei3|03|net"; nocase; ) # 3y7mfg1j4jcui1fxt1jj188lw8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3y7mfg1j4jcui1fxt1jj188lw8f|03|net"; nocase; ) # 1if1bdrl9u1kxlb0vycldukzg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1if1bdrl9u1kxlb0vycldukzg|03|biz"; nocase; ) # 1dbtb891mjr3ibhho20rlq8l44.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dbtb891mjr3ibhho20rlq8l44|03|net"; nocase; ) # 1q2rtafkqhjf3sdb8jh1yz7ikt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q2rtafkqhjf3sdb8jh1yz7ikt|03|biz"; nocase; ) # veoa377fjf221fi28fq19uvf99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|veoa377fjf221fi28fq19uvf99|03|org"; nocase; ) # oaft121ag47pa18e9td812478tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oaft121ag47pa18e9td812478tm|03|net"; nocase; ) # nyvx431e8927q1dwa1ktbez9dc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nyvx431e8927q1dwa1ktbez9dc|03|net"; nocase; ) # 18yg0721kskxnuxdjm49py8ye8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18yg0721kskxnuxdjm49py8ye8|03|net"; nocase; ) # 1262sjpnuw5pt1ibajjfhzmb58.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1262sjpnuw5pt1ibajjfhzmb58|03|org"; nocase; ) # xnspac1xyqdmtorxmuuosrj0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xnspac1xyqdmtorxmuuosrj0y|03|net"; nocase; ) # 1jg6fm04khtdnk2q9e51vv91z6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jg6fm04khtdnk2q9e51vv91z6|03|com"; nocase; ) # 10vgh9i13go85ng7wuop1ythifj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10vgh9i13go85ng7wuop1ythifj|03|com"; nocase; ) # egmy1c1tibq0i65s3o0gjh01k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|egmy1c1tibq0i65s3o0gjh01k|03|net"; nocase; ) # 17egacw1azzgpqvo6imxv8ncq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17egacw1azzgpqvo6imxv8ncq|03|biz"; nocase; ) # p0s0401vqrkvc1yzos2g1otke8c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p0s0401vqrkvc1yzos2g1otke8c|03|org"; nocase; ) # dfzm4eyjbb8419qff0ojm7ou4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfzm4eyjbb8419qff0ojm7ou4|03|biz"; nocase; ) # 1iwwn3e3h9fq1ihblkhmpw2zw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iwwn3e3h9fq1ihblkhmpw2zw|03|net"; nocase; ) # fa9jey1wza1zzsv8qw2ie82vb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fa9jey1wza1zzsv8qw2ie82vb|03|biz"; nocase; ) # 9kkjy316n38gyky2r6m1cqwxgm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9kkjy316n38gyky2r6m1cqwxgm|03|com"; nocase; ) # 1dntvfq1g3089me3wa681f895aw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dntvfq1g3089me3wa681f895aw|03|biz"; nocase; ) # 1hrs0e219nkwunqdo0d91gsyyxj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hrs0e219nkwunqdo0d91gsyyxj|03|biz"; nocase; ) # 1ydvq9u1yr251xdsgr6y4a641.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ydvq9u1yr251xdsgr6y4a641|03|com"; nocase; ) # 18kq82bt0rhm8oxg3nv3vxn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18kq82bt0rhm8oxg3nv3vxn7|03|net"; nocase; ) # swcf1d13vh78c1ri56371oib3m9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|swcf1d13vh78c1ri56371oib3m9|03|org"; nocase; ) # zco1uix7gx9a15kmpmd1vwzcs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zco1uix7gx9a15kmpmd1vwzcs2|03|net"; nocase; ) # es53dd182gl11m1ldwa1fjacao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|es53dd182gl11m1ldwa1fjacao|03|com"; nocase; ) # 1tzlxx41i0h5yp17yymaz1t8sy4i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tzlxx41i0h5yp17yymaz1t8sy4i|03|org"; nocase; ) # 2m2udh1su7q9jn935lto2koa8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2m2udh1su7q9jn935lto2koa8|03|com"; nocase; ) # 9huypz1kz3m2qpdqepjt7z55g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9huypz1kz3m2qpdqepjt7z55g|03|net"; nocase; ) # 1iqs7ur1wduzac1bnlogs1psjuf5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iqs7ur1wduzac1bnlogs1psjuf5|03|com"; nocase; ) # 4ik87h5bhvz1xxgfey1420w9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ik87h5bhvz1xxgfey1420w9c|03|biz"; nocase; ) # 142nggs1o54qule8wpkbbqa36p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|142nggs1o54qule8wpkbbqa36p|03|net"; nocase; ) # yv3mft96mislrxlco61vadls1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yv3mft96mislrxlco61vadls1|03|org"; nocase; ) # 10xa62p1wslt311vax0yy1nzp3hu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10xa62p1wslt311vax0yy1nzp3hu|03|net"; nocase; ) # ignagt1tlyti61h59sc3n6gv36.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ignagt1tlyti61h59sc3n6gv36|03|org"; nocase; ) # 1absr8zy2nhwq89fg9mkj3b8s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1absr8zy2nhwq89fg9mkj3b8s|03|net"; nocase; ) # 1wskhu812wn7kdmnf8mn128vkoa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wskhu812wn7kdmnf8mn128vkoa|03|org"; nocase; ) # 1bxbxkwp0rfb8kty9w61o34vaq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bxbxkwp0rfb8kty9w61o34vaq|03|biz"; nocase; ) # 101k3z74chl9b1sueuhk1y8mt5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|101k3z74chl9b1sueuhk1y8mt5b|03|com"; nocase; ) # bmrx0w1d2m5wn1uzi4ou87jl2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bmrx0w1d2m5wn1uzi4ou87jl2h|03|org"; nocase; ) # 136fdsrci8bkm9qqxwk1si1cd6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136fdsrci8bkm9qqxwk1si1cd6|03|biz"; nocase; ) # 1xqhm0k1phvttkpwunxburvdi0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xqhm0k1phvttkpwunxburvdi0|03|org"; nocase; ) # 1d44aij1ier4p01xt2bqbaiqf4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d44aij1ier4p01xt2bqbaiqf4x|03|net"; nocase; ) # g9bua4jbe0iu44z33no4mr1f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g9bua4jbe0iu44z33no4mr1f|03|com"; nocase; ) # f1i3u69lpmlxujehwqqzbhwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f1i3u69lpmlxujehwqqzbhwk|03|org"; nocase; ) # 7fq1971hnajri1vga97rb513hg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7fq1971hnajri1vga97rb513hg|03|biz"; nocase; ) # 4vflsk15sxwt217x6asg1e1zsq7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4vflsk15sxwt217x6asg1e1zsq7|03|org"; nocase; ) # 19ge6hi7bzcs21nj0xbl1yz4e3i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ge6hi7bzcs21nj0xbl1yz4e3i|03|net"; nocase; ) # g3s6wiv2gysovjwnao1ga98k9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3s6wiv2gysovjwnao1ga98k9|03|com"; nocase; ) # 1uwh5uvwlh3peqrzddj1ngl7vy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwh5uvwlh3peqrzddj1ngl7vy|03|net"; nocase; ) # 1i2lc951jh2ji710ojn539jp65r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i2lc951jh2ji710ojn539jp65r|03|com"; nocase; ) # grkfh61puuv1j2g56nrt4yc93.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|grkfh61puuv1j2g56nrt4yc93|03|biz"; nocase; ) # fdgflfffcpb21cimfst1lkzodx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fdgflfffcpb21cimfst1lkzodx|03|net"; nocase; ) # 14q92ypbypvj77ltypb1e3qn91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14q92ypbypvj77ltypb1e3qn91|03|com"; nocase; ) # 184eat66ys0qq1f7te5e3s0mok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184eat66ys0qq1f7te5e3s0mok|03|net"; nocase; ) # yaxhir4i47sw6gqrsbp9920.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|yaxhir4i47sw6gqrsbp9920|03|com"; nocase; ) # 1umpqe4o8w0vpgy5xk515h9e9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1umpqe4o8w0vpgy5xk515h9e9v|03|org"; nocase; ) # 129ox5op378k5au2nhcudd8ll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|129ox5op378k5au2nhcudd8ll|03|net"; nocase; ) # 14be088oy4dr11bv3jhxl1xxpg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14be088oy4dr11bv3jhxl1xxpg|03|com"; nocase; ) # d8hufa1y52hvfksejglg455re.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d8hufa1y52hvfksejglg455re|03|biz"; nocase; ) # 13x44d8k90j9t1uxu7zr6m5x47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13x44d8k90j9t1uxu7zr6m5x47|03|com"; nocase; ) # sdwvij2894kn6pbosv15rdfow.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sdwvij2894kn6pbosv15rdfow|03|org"; nocase; ) # r9ne9d1qt9as16oh5og1fgarxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r9ne9d1qt9as16oh5og1fgarxs|03|biz"; nocase; ) # 1yt2g9a194khgt1g3ok6u1wra47l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yt2g9a194khgt1g3ok6u1wra47l|03|com"; nocase; ) # knc2yl37mqcg10dntn6q69ytu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|knc2yl37mqcg10dntn6q69ytu|03|com"; nocase; ) # u1pont1h8pgi01erx8t518pci1e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u1pont1h8pgi01erx8t518pci1e|03|net"; nocase; ) # 1cq094x1ak8bpej6yhap17j9agp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cq094x1ak8bpej6yhap17j9agp|03|biz"; nocase; ) # 1g6haro9xj6jj8wtm31kiryc4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g6haro9xj6jj8wtm31kiryc4|03|org"; nocase; ) # 1w4hbjb1ppmujb1pdsv6x1ts1nh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w4hbjb1ppmujb1pdsv6x1ts1nh5|03|com"; nocase; ) # 1hazqdb1vd4e50pb5e9lt3l2vn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hazqdb1vd4e50pb5e9lt3l2vn|03|net"; nocase; ) # mrwgaol6635ib7hkp1th8law.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mrwgaol6635ib7hkp1th8law|03|net"; nocase; ) # vp432w8vrp2q4uhz0i1uee3hw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vp432w8vrp2q4uhz0i1uee3hw|03|biz"; nocase; ) # 1t86gbfimmuu21164y7yqjm7xd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t86gbfimmuu21164y7yqjm7xd|03|biz"; nocase; ) # 1l0okv9112zv3mg5lev95vti07.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l0okv9112zv3mg5lev95vti07|03|biz"; nocase; ) # 1dy8d8u1acsiml14wfe2pu041uo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dy8d8u1acsiml14wfe2pu041uo|03|com"; nocase; ) # rqjbe29z7bl1bmityiijw2um.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rqjbe29z7bl1bmityiijw2um|03|com"; nocase; ) # 1on0jov64xyfj96inm11sfpbwj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1on0jov64xyfj96inm11sfpbwj|03|biz"; nocase; ) # uuj6guywaq0o13f6ifcwuts30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uuj6guywaq0o13f6ifcwuts30|03|com"; nocase; ) # wg3or1wo70btcvir6n1rddgfk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wg3or1wo70btcvir6n1rddgfk|03|org"; nocase; ) # zkr3lezun72lddraeumgqufw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zkr3lezun72lddraeumgqufw|03|net"; nocase; ) # q9leu112iyjf93v37ne1xjyv1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q9leu112iyjf93v37ne1xjyv1z|03|com"; nocase; ) # 10m9yi31cnfbpm1ffg23i101p627.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10m9yi31cnfbpm1ffg23i101p627|03|com"; nocase; ) # dpp7ga1put7yqu1skir1v2yxgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpp7ga1put7yqu1skir1v2yxgt|03|net"; nocase; ) # iu6dy1rsdxrf1f8ws2o1k20hqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iu6dy1rsdxrf1f8ws2o1k20hqz|03|biz"; nocase; ) # ta35ea1bk2pa6x19e54pz1xw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ta35ea1bk2pa6x19e54pz1xw|03|com"; nocase; ) # 1vlfmvo1fob8b41bov18c1esb3ue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vlfmvo1fob8b41bov18c1esb3ue|03|org"; nocase; ) # xm6ek3uiocnrmje6tl10kglb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xm6ek3uiocnrmje6tl10kglb1|03|com"; nocase; ) # 1wymm751bhoo9p6b1gh213je8qe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wymm751bhoo9p6b1gh213je8qe|03|net"; nocase; ) # 1m3vp9tz5ozxx1odcgss1119qzb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m3vp9tz5ozxx1odcgss1119qzb|03|org"; nocase; ) # 1kb792912pc3ss1or4sc51k7e6mu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kb792912pc3ss1or4sc51k7e6mu|03|com"; nocase; ) # 1586mvpuflonvqh6y4c1rto5jf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1586mvpuflonvqh6y4c1rto5jf|03|com"; nocase; ) # kfwih81gm8gt11ihg4wwbqkk4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kfwih81gm8gt11ihg4wwbqkk4v|03|net"; nocase; ) # 1yqj2zq1lpdt7h1ue9q6i1nsmvfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yqj2zq1lpdt7h1ue9q6i1nsmvfs|03|com"; nocase; ) # 1csy32x1g6g84d1klxl1ecf217x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1csy32x1g6g84d1klxl1ecf217x|03|biz"; nocase; ) # easv0iic98c81aeui4p256aq4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|easv0iic98c81aeui4p256aq4|03|biz"; nocase; ) # 1b5evt211sopc9432vo6anlhz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b5evt211sopc9432vo6anlhz|03|net"; nocase; ) # 1dalksddiuey01158db21w4li6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dalksddiuey01158db21w4li6|03|biz"; nocase; ) # 1pz6frpmd9lof1e27mc05q1yq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pz6frpmd9lof1e27mc05q1yq4|03|org"; nocase; ) # n0xah67ic48r113e2dhuyqfs6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n0xah67ic48r113e2dhuyqfs6|03|com"; nocase; ) # 1uicrj58mjrks4k6ag6ru7o2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uicrj58mjrks4k6ag6ru7o2y|03|com"; nocase; ) # 8ygoq0smhci21bd2g721h7u9wo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ygoq0smhci21bd2g721h7u9wo|03|net"; nocase; ) # 4ggkdaz95niw1ij32du1149305.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ggkdaz95niw1ij32du1149305|03|com"; nocase; ) # 1msncnf1iji6evhs8lcg1r1mkv9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1msncnf1iji6evhs8lcg1r1mkv9|03|net"; nocase; ) # 1ofuar91st71s9iugp73rkl3bt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ofuar91st71s9iugp73rkl3bt|03|net"; nocase; ) # 17e2txafw34ba1mdmyu0ju0fm6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e2txafw34ba1mdmyu0ju0fm6|03|org"; nocase; ) # 1peb3ht1ogy78f10wqc4w814u20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1peb3ht1ogy78f10wqc4w814u20|03|net"; nocase; ) # g4zbowsbrj6t1njs759ty44u5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g4zbowsbrj6t1njs759ty44u5|03|biz"; nocase; ) # 1ow8qi02w9b8d1fd6zim2iejy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ow8qi02w9b8d1fd6zim2iejy8|03|net"; nocase; ) # jof41s11yjidot0p60k1thlm3z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jof41s11yjidot0p60k1thlm3z|03|com"; nocase; ) # d6a29epe49ut1blquqn1ac89ny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d6a29epe49ut1blquqn1ac89ny|03|com"; nocase; ) # 1e25moq1qagcyk18d2a3x1acll0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e25moq1qagcyk18d2a3x1acll0y|03|net"; nocase; ) # 4t575b140nyok15l19w8137t82q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4t575b140nyok15l19w8137t82q|03|com"; nocase; ) # 15wlk9v5z4wor1ef97f43kxjup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15wlk9v5z4wor1ef97f43kxjup|03|org"; nocase; ) # 12rh1qaah6slck59qgi1eg2jrm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12rh1qaah6slck59qgi1eg2jrm|03|biz"; nocase; ) # 3h2m9gj83rbe1agxfuqjyphwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3h2m9gj83rbe1agxfuqjyphwv|03|org"; nocase; ) # jg2aze144p9mpb0csg1ru24tq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jg2aze144p9mpb0csg1ru24tq|03|net"; nocase; ) # 1qhun6h9hutwh1nnk4441dxmhnv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qhun6h9hutwh1nnk4441dxmhnv|03|org"; nocase; ) # ge17lo8zc7sg10yd1hh1gmrkin.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ge17lo8zc7sg10yd1hh1gmrkin|03|biz"; nocase; ) # 1otbf8n5av3xeyaflyzgn0859.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1otbf8n5av3xeyaflyzgn0859|03|net"; nocase; ) # zgl5cpom5c8nloo17cchp2k7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zgl5cpom5c8nloo17cchp2k7|03|net"; nocase; ) # 17bhz5wz1vlw3oyi9eu1ciuis.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17bhz5wz1vlw3oyi9eu1ciuis|03|biz"; nocase; ) # jhiq54k4a3171qurbt71xl5ukz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhiq54k4a3171qurbt71xl5ukz|03|com"; nocase; ) # ubg6k71igo4pp1xejzmcu9cjos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ubg6k71igo4pp1xejzmcu9cjos|03|biz"; nocase; ) # z86qmz10a2t9c6ifuj4nke9jk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z86qmz10a2t9c6ifuj4nke9jk|03|net"; nocase; ) # 16i5q1l16yk2tmabsorp6ghn0g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16i5q1l16yk2tmabsorp6ghn0g|03|net"; nocase; ) # 1ygmogq1nbktf9w57utx1axem65.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ygmogq1nbktf9w57utx1axem65|03|biz"; nocase; ) # p80rbh1uihvbfd5gfg56dct4v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p80rbh1uihvbfd5gfg56dct4v|03|biz"; nocase; ) # i7f8jp1tmjgqd1knudjb1d42ze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7f8jp1tmjgqd1knudjb1d42ze|03|org"; nocase; ) # qrp9s710vh3yst5d1gk1i3ehb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qrp9s710vh3yst5d1gk1i3ehb4|03|net"; nocase; ) # 10ap0291g1zn7jsksbz61pirs66.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ap0291g1zn7jsksbz61pirs66|03|com"; nocase; ) # uf2iksas8td11ij5ghm1a2r10w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uf2iksas8td11ij5ghm1a2r10w|03|org"; nocase; ) # 1cclc491exbwvb1idk7p81iv6ql4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cclc491exbwvb1idk7p81iv6ql4|03|org"; nocase; ) # nh6uql1kue9656560zauwa0ga.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nh6uql1kue9656560zauwa0ga|03|biz"; nocase; ) # 1dl0b9r181mavt18ezi0m1spoti1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dl0b9r181mavt18ezi0m1spoti1|03|org"; nocase; ) # wj0m52xrze7g1inavx4aeguhf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wj0m52xrze7g1inavx4aeguhf|03|net"; nocase; ) # jmfx6w1iw19e7tg573tuhuvys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmfx6w1iw19e7tg573tuhuvys|03|org"; nocase; ) # 17ow30zuvbvok1l40ovz1cdvuof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ow30zuvbvok1l40ovz1cdvuof|03|com"; nocase; ) # tzataa1jyfpywaceycp1ys4b61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tzataa1jyfpywaceycp1ys4b61|03|net"; nocase; ) # 1ipyuo4zxklr816o7n9016hhp0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ipyuo4zxklr816o7n9016hhp0|03|com"; nocase; ) # 1fbnc3b1ppj6es1bfvpcy1smq3r6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fbnc3b1ppj6es1bfvpcy1smq3r6|03|com"; nocase; ) # 1lxym991urua0z1xon07q1f87a5h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxym991urua0z1xon07q1f87a5h|03|biz"; nocase; ) # upcjowd1tspz1ampb9yiyahar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|upcjowd1tspz1ampb9yiyahar|03|com"; nocase; ) # 13met2t1hs7vvm123a5f018ks17v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13met2t1hs7vvm123a5f018ks17v|03|net"; nocase; ) # jr8e1d5hrsz2hcg71zoujpuv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jr8e1d5hrsz2hcg71zoujpuv|03|biz"; nocase; ) # 1dnvmdi1kpm5n918oi7kn1yib8y6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dnvmdi1kpm5n918oi7kn1yib8y6|03|com"; nocase; ) # 1yqzwhnwp8rii662xy1fuek9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yqzwhnwp8rii662xy1fuek9e|03|biz"; nocase; ) # 1opyidq14c4vw2o6xxiww85bg0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1opyidq14c4vw2o6xxiww85bg0|03|org"; nocase; ) # 1rkejlzuhkmhn1fnhfgl1lz2ykw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkejlzuhkmhn1fnhfgl1lz2ykw|03|com"; nocase; ) # 1popqd5146mlgf1sdtp1h1iqjxu6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1popqd5146mlgf1sdtp1h1iqjxu6|03|net"; nocase; ) # lb7w0k1er3v4g13m40qpts1u31.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lb7w0k1er3v4g13m40qpts1u31|03|biz"; nocase; ) # 1hv1uul1tzhrgd171yikz1y9k9rj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hv1uul1tzhrgd171yikz1y9k9rj|03|com"; nocase; ) # 1645go51xilj208gkgxh1vzvx3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1645go51xilj208gkgxh1vzvx3i|03|com"; nocase; ) # 1wm86cn1s613qjc9vg4dvk3lhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wm86cn1s613qjc9vg4dvk3lhw|03|net"; nocase; ) # le1wix1sybi9u1zp5j49pyrka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|le1wix1sybi9u1zp5j49pyrka|03|org"; nocase; ) # rc51gi1s0oqk113006azm4bty3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rc51gi1s0oqk113006azm4bty3|03|biz"; nocase; ) # 1jub46rrqnvwb1ow3r471ma76rg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jub46rrqnvwb1ow3r471ma76rg|03|org"; nocase; ) # djg4ug14jhbcz1qournkvt8j8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|djg4ug14jhbcz1qournkvt8j8|03|net"; nocase; ) # 1hg958i150oefp50iied1ex5pp2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hg958i150oefp50iied1ex5pp2|03|net"; nocase; ) # 1iauiinevcuf71590ok014id1zb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iauiinevcuf71590ok014id1zb|03|org"; nocase; ) # 8xws52198vi017ji94689mcxr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8xws52198vi017ji94689mcxr|03|com"; nocase; ) # 1bk5x4t1p34f7f156wqe1198a0w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bk5x4t1p34f7f156wqe1198a0w|03|org"; nocase; ) # 16rnj3918ssjzt1brkaw5106vlip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16rnj3918ssjzt1brkaw5106vlip|03|com"; nocase; ) # 1loza313c8t7ad0ko7f1hiwupa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1loza313c8t7ad0ko7f1hiwupa|03|biz"; nocase; ) # 1fn2esdp9whtmyfoklw5n1z47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fn2esdp9whtmyfoklw5n1z47|03|com"; nocase; ) # 1xs5on5lu1wn11qwep27y6fuod.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xs5on5lu1wn11qwep27y6fuod|03|org"; nocase; ) # cg3z401gz7y94bi4c9j1fgzta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cg3z401gz7y94bi4c9j1fgzta|03|net"; nocase; ) # 1iyavm39u5i0n82jk1jzqjrw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iyavm39u5i0n82jk1jzqjrw8|03|net"; nocase; ) # 1vj0ro41w1pyqyhhv1pi3febgx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vj0ro41w1pyqyhhv1pi3febgx|03|org"; nocase; ) # 50jeuo1i28py364lamhdtldso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50jeuo1i28py364lamhdtldso|03|com"; nocase; ) # 1jfrnx1aab1hx18ukrhe1duukxd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfrnx1aab1hx18ukrhe1duukxd|03|biz"; nocase; ) # 1qvbc2z19o9n111xkqdkl1r4epjw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qvbc2z19o9n111xkqdkl1r4epjw|03|com"; nocase; ) # 1lio11i3rjys7h0umsf1okws03.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lio11i3rjys7h0umsf1okws03|03|org"; nocase; ) # o02p071d2p3ra1qqm5bt4rawyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o02p071d2p3ra1qqm5bt4rawyz|03|com"; nocase; ) # g1ma7x16imx0hg13mps1f19dqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g1ma7x16imx0hg13mps1f19dqv|03|net"; nocase; ) # ay09ts1tepch081l8gt8ezhg8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ay09ts1tepch081l8gt8ezhg8|03|biz"; nocase; ) # jnpvs41tarkyr1iet2br6xgj1k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnpvs41tarkyr1iet2br6xgj1k|03|com"; nocase; ) # rh7sy1xsnk9w1q92074rcqza5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rh7sy1xsnk9w1q92074rcqza5|03|com"; nocase; ) # 7csm31ajip7610h3gbt1h6t52e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7csm31ajip7610h3gbt1h6t52e|03|org"; nocase; ) # idmbg1bcyenw71jup81c0ihgm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|idmbg1bcyenw71jup81c0ihgm|03|net"; nocase; ) # mu58ew16eo2o8abh84b13wi2hn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mu58ew16eo2o8abh84b13wi2hn|03|com"; nocase; ) # 1o2pxpai3x0at1iaj3ku15uz1gr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2pxpai3x0at1iaj3ku15uz1gr|03|com"; nocase; ) # 7i0zmjm4jet0123v4wj13dahcf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7i0zmjm4jet0123v4wj13dahcf|03|org"; nocase; ) # xoo02vtcy7m61lh1wyh9m1es3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xoo02vtcy7m61lh1wyh9m1es3|03|net"; nocase; ) # 4fr1ck1050v46nj61l7x9kit0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4fr1ck1050v46nj61l7x9kit0|03|com"; nocase; ) # 8hvf3p1fsi07e1ecibva1mnmsho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8hvf3p1fsi07e1ecibva1mnmsho|03|com"; nocase; ) # 1l7y3c58dkknxha6yp17ntj5i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l7y3c58dkknxha6yp17ntj5i|03|biz"; nocase; ) # 1kjbuf8z08i0osigv4gv9xpmc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kjbuf8z08i0osigv4gv9xpmc|03|net"; nocase; ) # 1xr7uxt162939e1pl3sxrw2zysk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xr7uxt162939e1pl3sxrw2zysk|03|org"; nocase; ) # 12z0w3418ypqa0q09tc71pyz3fa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12z0w3418ypqa0q09tc71pyz3fa|03|com"; nocase; ) # 16dnwha1unl5oofcu34l15i53uo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16dnwha1unl5oofcu34l15i53uo|03|org"; nocase; ) # 1ltjzgb1or4auhcv1uza1ad3wq5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ltjzgb1or4auhcv1uza1ad3wq5|03|net"; nocase; ) # s4o91jn737bfcyxebdjcfkgu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s4o91jn737bfcyxebdjcfkgu|03|com"; nocase; ) # mf6cydytcv6l16vyyr1ac0ue9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mf6cydytcv6l16vyyr1ac0ue9|03|net"; nocase; ) # pwee5iauh8r890zlai1sjn1h7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pwee5iauh8r890zlai1sjn1h7|03|biz"; nocase; ) # 136i3zi1ev8m2l1gyeg5zegxm26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|136i3zi1ev8m2l1gyeg5zegxm26|03|org"; nocase; ) # 18cdobtfdtj22grcjtr2t8o8u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18cdobtfdtj22grcjtr2t8o8u|03|com"; nocase; ) # mk4j2l1kghx3n3rp5yatymn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mk4j2l1kghx3n3rp5yatymn|03|com"; nocase; ) # 1mp955xe9bzgr1044ncdw9guy0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mp955xe9bzgr1044ncdw9guy0|03|biz"; nocase; ) # kj4gbtfwyssrhro5m1c2rxqp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kj4gbtfwyssrhro5m1c2rxqp|03|biz"; nocase; ) # 1j9qz07mtlqi74p4hot146f0oi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9qz07mtlqi74p4hot146f0oi|03|net"; nocase; ) # 1br2ej215o31y3m1gbxb132jx0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1br2ej215o31y3m1gbxb132jx0q|03|biz"; nocase; ) # gut8p71iynyfh1yrmrcw1e403yn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gut8p71iynyfh1yrmrcw1e403yn|03|com"; nocase; ) # hpf2fj02o831856ldw4ygjt3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hpf2fj02o831856ldw4ygjt3|03|net"; nocase; ) # wphh6h1jbeu8d15433rh1ot8wtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wphh6h1jbeu8d15433rh1ot8wtk|03|com"; nocase; ) # 1xj813916jfo3b1bl75v01ohxato.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xj813916jfo3b1bl75v01ohxato|03|org"; nocase; ) # 17fzusb1alukalxglc261q6btqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17fzusb1alukalxglc261q6btqv|03|net"; nocase; ) # 1adjn6m1en4any14igprp1jy72z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1adjn6m1en4any14igprp1jy72z4|03|org"; nocase; ) # 1odudsc1oqvgelwj4n5ng8ij4y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odudsc1oqvgelwj4n5ng8ij4y|03|net"; nocase; ) # mflfxtboeb68119rw9vt484c4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mflfxtboeb68119rw9vt484c4|03|biz"; nocase; ) # hhavun1awkniov50fllh5n9vq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hhavun1awkniov50fllh5n9vq|03|net"; nocase; ) # 13vg8ee1k7wxsrwvq2ii1y5ntrq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13vg8ee1k7wxsrwvq2ii1y5ntrq|03|com"; nocase; ) # 1inaxsk12rv0641epq1q61jzzgdz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1inaxsk12rv0641epq1q61jzzgdz|03|biz"; nocase; ) # 14zkf9s10knww9t0kx8p1o8ivle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14zkf9s10knww9t0kx8p1o8ivle|03|net"; nocase; ) # phau9zk8oj0616pmage1dv36n7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|phau9zk8oj0616pmage1dv36n7|03|com"; nocase; ) # r7zt3gglp98015lcqj5mhzuxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r7zt3gglp98015lcqj5mhzuxf|03|org"; nocase; ) # 5zesjs1hnz1h71khi1pj1nt6nus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5zesjs1hnz1h71khi1pj1nt6nus|03|com"; nocase; ) # 1ilpkgq1chp2b61l5gxvio2nghm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ilpkgq1chp2b61l5gxvio2nghm|03|biz"; nocase; ) # 1xzc4zx10wzskc1jztc0zqxatmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xzc4zx10wzskc1jztc0zqxatmf|03|net"; nocase; ) # 1btpvyf1t4rwpo1b1hh2f14fycgb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1btpvyf1t4rwpo1b1hh2f14fycgb|03|biz"; nocase; ) # 461szw31mhbd48ivwj5s2e5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|461szw31mhbd48ivwj5s2e5s|03|net"; nocase; ) # n981dckq973xygi7k31lrtzj3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n981dckq973xygi7k31lrtzj3|03|net"; nocase; ) # 1ex0u7g99bjn684p149j0fgue.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ex0u7g99bjn684p149j0fgue|03|biz"; nocase; ) # tfnij97kaxrv1bwucjd9i0ojh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tfnij97kaxrv1bwucjd9i0ojh|03|com"; nocase; ) # 14vk62y40ayj1o6ht7hjbnjuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14vk62y40ayj1o6ht7hjbnjuc|03|net"; nocase; ) # d864ev1y1s5jsepn62k1kkgaju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d864ev1y1s5jsepn62k1kkgaju|03|org"; nocase; ) # wyg69s4yxa3h14qz9ahcnymcq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wyg69s4yxa3h14qz9ahcnymcq|03|biz"; nocase; ) # 14bel0abdt9z71w882hd1u025m5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14bel0abdt9z71w882hd1u025m5|03|biz"; nocase; ) # k2kmd61di1u431qynd6ygdvuie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k2kmd61di1u431qynd6ygdvuie|03|org"; nocase; ) # mo6xff1q364jpisv64pbn5qgc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mo6xff1q364jpisv64pbn5qgc|03|org"; nocase; ) # vwepjl1r3vden93qlv21t5dto5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vwepjl1r3vden93qlv21t5dto5|03|com"; nocase; ) # i4xtdxkj6jnrgalutgp44pb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|i4xtdxkj6jnrgalutgp44pb|03|net"; nocase; ) # 1r1iask14x1cc01cpjsc8y87k4f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r1iask14x1cc01cpjsc8y87k4f|03|com"; nocase; ) # rfi56w1q19g3x1ez810h1jhdg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rfi56w1q19g3x1ez810h1jhdg|03|net"; nocase; ) # tx122i14qc8hrt9vrtj1xc0g2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tx122i14qc8hrt9vrtj1xc0g2i|03|org"; nocase; ) # yjosvmuc4lvo1xzu68fnwn293.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjosvmuc4lvo1xzu68fnwn293|03|com"; nocase; ) # m92vahkl2rf1xopr1c1katyse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m92vahkl2rf1xopr1c1katyse|03|org"; nocase; ) # 128jzvp73i8ky1fe95bqmg4d9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|128jzvp73i8ky1fe95bqmg4d9p|03|com"; nocase; ) # 1l28jx83xo19d1p9jywc25fb2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l28jx83xo19d1p9jywc25fb2o|03|net"; nocase; ) # 1gdpg2x1m3tcyk10mtm3dlx7e8c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gdpg2x1m3tcyk10mtm3dlx7e8c|03|biz"; nocase; ) # itur761xv82wz19p47clg1eom6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|itur761xv82wz19p47clg1eom6|03|net"; nocase; ) # 1ag4eme1jjxqxaoq57zgxp4qgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ag4eme1jjxqxaoq57zgxp4qgb|03|com"; nocase; ) # 9zws9bk3o9qtjel45b1ou7fyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9zws9bk3o9qtjel45b1ou7fyz|03|com"; nocase; ) # 1u3llyqn7buh51b80q0g1xisaor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3llyqn7buh51b80q0g1xisaor|03|net"; nocase; ) # 1x6qrilr00n76zz3zyydst7jy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x6qrilr00n76zz3zyydst7jy|03|com"; nocase; ) # cx42e41e4mkku1mlwvrjallnr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cx42e41e4mkku1mlwvrjallnr|03|net"; nocase; ) # 1yzdcl91tf2hzbcity8g1yecaxr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yzdcl91tf2hzbcity8g1yecaxr|03|org"; nocase; ) # 8d4b8311enno4l6i9mc1hcshkw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8d4b8311enno4l6i9mc1hcshkw|03|org"; nocase; ) # 1a0qhaepc94281t9yrl01louotk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a0qhaepc94281t9yrl01louotk|03|biz"; nocase; ) # w8abja18justl1c3hk9h1u71oef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w8abja18justl1c3hk9h1u71oef|03|org"; nocase; ) # p6liz12152ef11xxf7f16dfc96.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p6liz12152ef11xxf7f16dfc96|03|biz"; nocase; ) # p2kfhi1jbnuzhxed9091bibqj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p2kfhi1jbnuzhxed9091bibqj7|03|net"; nocase; ) # 1aw0lynjjvmr141ly0gyfou5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aw0lynjjvmr141ly0gyfou5r|03|biz"; nocase; ) # 2xki8i1qfq8g7u4ymqlj9ja6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2xki8i1qfq8g7u4ymqlj9ja6l|03|net"; nocase; ) # kuz6fz4zgshhg5u9th1yimx0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kuz6fz4zgshhg5u9th1yimx0h|03|biz"; nocase; ) # 1gqpoj916qjqj11ekn5tgu2ex0i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gqpoj916qjqj11ekn5tgu2ex0i|03|com"; nocase; ) # 8ocspg54rgqs45gp1k139z8e8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ocspg54rgqs45gp1k139z8e8|03|net"; nocase; ) # ayajfp1kv69xx1gbrmic1gks96q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ayajfp1kv69xx1gbrmic1gks96q|03|org"; nocase; ) # 8t0jhq1qykrgh1u2ef6z18uv9r3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8t0jhq1qykrgh1u2ef6z18uv9r3|03|org"; nocase; ) # r6okj4yb3pc1e2v5051i3qdtn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6okj4yb3pc1e2v5051i3qdtn|03|com"; nocase; ) # tqf9ho1an29sd1cxqxq2jjuihd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tqf9ho1an29sd1cxqxq2jjuihd|03|com"; nocase; ) # 1bd85ri1ghnvjg1urmdog11ii0ll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bd85ri1ghnvjg1urmdog11ii0ll|03|org"; nocase; ) # 1wa4e9bvbudzlo9sc3ao6n15u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wa4e9bvbudzlo9sc3ao6n15u|03|biz"; nocase; ) # 1cc2vmnfycxsq19c38c31mtdjmg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cc2vmnfycxsq19c38c31mtdjmg|03|com"; nocase; ) # 1dygcso61lcjtb7tovu16egom8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dygcso61lcjtb7tovu16egom8|03|biz"; nocase; ) # vq9uyd1x22srijni4npwy4ibx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vq9uyd1x22srijni4npwy4ibx|03|com"; nocase; ) # herswv13bpc4i1scjk1isrrf04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|herswv13bpc4i1scjk1isrrf04|03|org"; nocase; ) # qz1lr1ljd1371jqqmif12zjid3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qz1lr1ljd1371jqqmif12zjid3|03|net"; nocase; ) # 1jglpcn1bum92hpeu9izpgwnuh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jglpcn1bum92hpeu9izpgwnuh|03|org"; nocase; ) # nztd9d1ske8ks1eoy4m7liqojn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nztd9d1ske8ks1eoy4m7liqojn|03|com"; nocase; ) # 1u07vc4ug6p491aqytuobfvl78.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u07vc4ug6p491aqytuobfvl78|03|net"; nocase; ) # e825s42oi9yzaiudj6d9o7p4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e825s42oi9yzaiudj6d9o7p4|03|org"; nocase; ) # dukkzh1pshlsghj9nmr1b182ub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dukkzh1pshlsghj9nmr1b182ub|03|net"; nocase; ) # 124x3in1d5maodvu1fp21lchayc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124x3in1d5maodvu1fp21lchayc|03|biz"; nocase; ) # xqp8wa2h94uzkuz5j61tiffxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xqp8wa2h94uzkuz5j61tiffxw|03|com"; nocase; ) # 1mvr69zl07amb1l0qkct1023h2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mvr69zl07amb1l0qkct1023h2z|03|org"; nocase; ) # 1vvbq5i1p5zgfs1o7l0xx1tbqy2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vvbq5i1p5zgfs1o7l0xx1tbqy2s|03|net"; nocase; ) # g0wof1o2y3uhf7alqv87izge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g0wof1o2y3uhf7alqv87izge|03|net"; nocase; ) # 1bohxq3cl5vap1kfvcg31hlualm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bohxq3cl5vap1kfvcg31hlualm|03|biz"; nocase; ) # 1dtd7di1be2i0r1u7bkja2grlbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dtd7di1be2i0r1u7bkja2grlbl|03|org"; nocase; ) # 1ii0phy13hyikp122jj1t6wvrpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ii0phy13hyikp122jj1t6wvrpq|03|org"; nocase; ) # w41fnrdp7dlq1aadn1zz49h1r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w41fnrdp7dlq1aadn1zz49h1r|03|biz"; nocase; ) # 7hxsvf1cbfglp18ss8e5mxknq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7hxsvf1cbfglp18ss8e5mxknq|03|com"; nocase; ) # 10ppgzd1raac7budqs7q1duosdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ppgzd1raac7budqs7q1duosdw|03|net"; nocase; ) # 1c4fprs1jauhe61askehx1jc580o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c4fprs1jauhe61askehx1jc580o|03|biz"; nocase; ) # ypf8nqy4mmop1h30alp6b3e23.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypf8nqy4mmop1h30alp6b3e23|03|org"; nocase; ) # i1xew61oruqae18vdq071u2b7la.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i1xew61oruqae18vdq071u2b7la|03|com"; nocase; ) # 1uo42j0kvoslc1waa5df1e2x4h6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uo42j0kvoslc1waa5df1e2x4h6|03|net"; nocase; ) # 1ok9d1e1nu58r1gy0s031avmk9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ok9d1e1nu58r1gy0s031avmk9v|03|org"; nocase; ) # snnydm1h6z6ub1pywpxb1hbx1wc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|snnydm1h6z6ub1pywpxb1hbx1wc|03|biz"; nocase; ) # vb158ec1pv0b1hp83kzc8cngp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vb158ec1pv0b1hp83kzc8cngp|03|com"; nocase; ) # zm4a4brongdc1kikgjf1l1gohj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zm4a4brongdc1kikgjf1l1gohj|03|com"; nocase; ) # gsmxds14iu2z4lxswm6g2i876.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gsmxds14iu2z4lxswm6g2i876|03|com"; nocase; ) # 1c1em6zxa9yhf1j8dlikzaxsd3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c1em6zxa9yhf1j8dlikzaxsd3|03|net"; nocase; ) # 15t8ungqu36c23mc5orc50qhb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15t8ungqu36c23mc5orc50qhb|03|net"; nocase; ) # 1pxzp9lz27rbq1p5byey1hmvi1y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pxzp9lz27rbq1p5byey1hmvi1y|03|net"; nocase; ) # 1rowgkrk3ht77u48f8t1870x7v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rowgkrk3ht77u48f8t1870x7v|03|org"; nocase; ) # 1hb6ki11fmkxqgyg3dpodtcnff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hb6ki11fmkxqgyg3dpodtcnff|03|com"; nocase; ) # 4fkk32kv0qe11i5idg71fr7e2u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4fkk32kv0qe11i5idg71fr7e2u|03|org"; nocase; ) # 1t9uzzq18bu16n1ryp1koucbqk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t9uzzq18bu16n1ryp1koucbqk9|03|com"; nocase; ) # 97cfin1qz9q7r1b1b8oqe4hmbm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|97cfin1qz9q7r1b1b8oqe4hmbm|03|org"; nocase; ) # 6kwhjd9g8f44sjuux61fc3oj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6kwhjd9g8f44sjuux61fc3oj6|03|net"; nocase; ) # yzrbrwban98k12aorbl1rc4udf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yzrbrwban98k12aorbl1rc4udf|03|biz"; nocase; ) # 1gglr3d1oxd47plph8cs1qo05s3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gglr3d1oxd47plph8cs1qo05s3|03|com"; nocase; ) # qoqs3s1bnba1qvuo67a1guwgzj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qoqs3s1bnba1qvuo67a1guwgzj|03|org"; nocase; ) # 1dl9skliciz7m149xup1mb79aw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dl9skliciz7m149xup1mb79aw|03|biz"; nocase; ) # nmqcnoy9plyh1rtktg7rm256d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmqcnoy9plyh1rtktg7rm256d|03|org"; nocase; ) # 1wi5mvm1msqx6iv214c213595un.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi5mvm1msqx6iv214c213595un|03|biz"; nocase; ) # 1d22n50123i57yivngwl1uoisqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d22n50123i57yivngwl1uoisqs|03|net"; nocase; ) # 15rjbus1dx1luc1e37icwggmboi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15rjbus1dx1luc1e37icwggmboi|03|com"; nocase; ) # 1l5ztrcc7auaw1qcyb6p1xdymwi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5ztrcc7auaw1qcyb6p1xdymwi|03|biz"; nocase; ) # 12hfwby1e1gayvmoco46e0q6jt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12hfwby1e1gayvmoco46e0q6jt|03|net"; nocase; ) # 17e76n5bnuj3vevam0m1byj63z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e76n5bnuj3vevam0m1byj63z|03|org"; nocase; ) # 148n2wzcsvzm81egwcju1ev1bi7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|148n2wzcsvzm81egwcju1ev1bi7|03|net"; nocase; ) # g1ni8pwlb8ej8y5mtpb0rqwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g1ni8pwlb8ej8y5mtpb0rqwv|03|net"; nocase; ) # hnhwy7lfuwk6yu6xzkgdhr0z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hnhwy7lfuwk6yu6xzkgdhr0z|03|org"; nocase; ) # 18bthtw1g1fv4gzt26u9z1r04d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18bthtw1g1fv4gzt26u9z1r04d|03|biz"; nocase; ) # 1xz2xe81d7i05h1psx70b1czzz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xz2xe81d7i05h1psx70b1czzz|03|com"; nocase; ) # ii5mwo725xwnmecy1a10cr3x3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ii5mwo725xwnmecy1a10cr3x3|03|net"; nocase; ) # 193z7b41hx5a18mvao7618ukktg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|193z7b41hx5a18mvao7618ukktg|03|net"; nocase; ) # r0tzid9eeail1sd13lr1muir4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r0tzid9eeail1sd13lr1muir4|03|net"; nocase; ) # xwwycn459gm4ja0w7b1bikg1m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xwwycn459gm4ja0w7b1bikg1m|03|com"; nocase; ) # 1jw9r8k1mnn20mi6yspt1xmupwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jw9r8k1mnn20mi6yspt1xmupwg|03|net"; nocase; ) # 11qy3snubztg51slhp9b17rsj23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qy3snubztg51slhp9b17rsj23|03|net"; nocase; ) # 81abv11tb9gpe7ndfmc7srv4z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|81abv11tb9gpe7ndfmc7srv4z|03|biz"; nocase; ) # 14iub5b1fge6w91yjjj0i4i1i2q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14iub5b1fge6w91yjjj0i4i1i2q|03|org"; nocase; ) # 3soqdt10v2xvyy0xqyjounh0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3soqdt10v2xvyy0xqyjounh0s|03|org"; nocase; ) # 1s7h23nddzn0v56dufet1v8j2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s7h23nddzn0v56dufet1v8j2|03|net"; nocase; ) # d9d8ie1xlhn4sw37vs4vn7h0t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d9d8ie1xlhn4sw37vs4vn7h0t|03|com"; nocase; ) # 1bgaba79vaa6c2r02im41bmdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bgaba79vaa6c2r02im41bmdk|03|net"; nocase; ) # bc3gk61tn5czhckenjplgao85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bc3gk61tn5czhckenjplgao85|03|org"; nocase; ) # 92okr11d7nci41n4jz16n33hnv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|92okr11d7nci41n4jz16n33hnv|03|com"; nocase; ) # ttpotu12uc582d0kskj1574dtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ttpotu12uc582d0kskj1574dtf|03|net"; nocase; ) # id6dt01b6c80c1vi4tb01p07n5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|id6dt01b6c80c1vi4tb01p07n5l|03|net"; nocase; ) # 1tp6vhk95qz241r5fyep11wl9dv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tp6vhk95qz241r5fyep11wl9dv|03|com"; nocase; ) # 1sff0r1egaksv1qwp0y2oe18bs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sff0r1egaksv1qwp0y2oe18bs|03|org"; nocase; ) # 1j60bpps1kfj51d8bbzckl3te.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j60bpps1kfj51d8bbzckl3te|03|com"; nocase; ) # ooc73110ou6x1wb0yqg1yj1iox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ooc73110ou6x1wb0yqg1yj1iox|03|com"; nocase; ) # 1qw9m3p1e9f8io7fhz8j1wg8dx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qw9m3p1e9f8io7fhz8j1wg8dx1|03|biz"; nocase; ) # 2nvsuv3z8nju1hce7gl9yhm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2nvsuv3z8nju1hce7gl9yhm4|03|com"; nocase; ) # w9ttf68kg6561yujesigx7san.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9ttf68kg6561yujesigx7san|03|net"; nocase; ) # 1b2oh0v1gvlgcz1jilff3sx938h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b2oh0v1gvlgcz1jilff3sx938h|03|com"; nocase; ) # 1kc5ffn2d6ugy1hm35ey18kvor5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kc5ffn2d6ugy1hm35ey18kvor5|03|net"; nocase; ) # o2ejge410lpv169hzd912d6isi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o2ejge410lpv169hzd912d6isi|03|net"; nocase; ) # tmdhpbh54kt21f6r13u1i1ewmx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tmdhpbh54kt21f6r13u1i1ewmx|03|net"; nocase; ) # 1gttvz1ll1rx31pzaewcdwz9qk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gttvz1ll1rx31pzaewcdwz9qk|03|com"; nocase; ) # 1gtu6c4nniqd21jmk36ib557fm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gtu6c4nniqd21jmk36ib557fm|03|com"; nocase; ) # zfrkjms886gl1azeaauga8oew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfrkjms886gl1azeaauga8oew|03|biz"; nocase; ) # 1y889joqiqm0eavouzu14ecg11.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y889joqiqm0eavouzu14ecg11|03|biz"; nocase; ) # 1bee0hj1tmkbxd1hxdfuhwadzk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bee0hj1tmkbxd1hxdfuhwadzk7|03|net"; nocase; ) # 1ojy3301ymckiq1fytarkb2hr9s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ojy3301ymckiq1fytarkb2hr9s|03|biz"; nocase; ) # 1usy2dt1yqzbz1151x4nc19rdto3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1usy2dt1yqzbz1151x4nc19rdto3|03|biz"; nocase; ) # 1iplpaaexvm9d120ttkn1ogh22y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iplpaaexvm9d120ttkn1ogh22y|03|com"; nocase; ) # 1a4ozxt1xo14p21a8hv0g1dxiiaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a4ozxt1xo14p21a8hv0g1dxiiaa|03|org"; nocase; ) # 2krf2tehabivdb3ev3l31cd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2krf2tehabivdb3ev3l31cd0|03|org"; nocase; ) # t8ybjmlvjtcux55djg1585gg6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t8ybjmlvjtcux55djg1585gg6|03|org"; nocase; ) # 1bj9rwo1upro2r18o5x34uf7yr8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bj9rwo1upro2r18o5x34uf7yr8|03|net"; nocase; ) # 14yt53gbnd7z6rlkil7159mchq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14yt53gbnd7z6rlkil7159mchq|03|net"; nocase; ) # 8dgonoptoxqwbc92yk18l5g7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8dgonoptoxqwbc92yk18l5g7d|03|net"; nocase; ) # 1t576w01kunx4i39z8hmjvhe5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t576w01kunx4i39z8hmjvhe5z|03|com"; nocase; ) # 776n7qer6pcz17kp2l511ui4k1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|776n7qer6pcz17kp2l511ui4k1|03|com"; nocase; ) # 1e1jxbybspwjq6un2oa1cunpq9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e1jxbybspwjq6un2oa1cunpq9|03|com"; nocase; ) # 1u7v8ph1cq8li4v1578xgoh7rk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u7v8ph1cq8li4v1578xgoh7rk|03|com"; nocase; ) # 1jjrkrx1u871olh55ylrtzntzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jjrkrx1u871olh55ylrtzntzn|03|com"; nocase; ) # okscoz1ycuojc1xe3fgmc813p6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|okscoz1ycuojc1xe3fgmc813p6|03|biz"; nocase; ) # 1lszxfmb1xjmsj5fi3w120wzps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lszxfmb1xjmsj5fi3w120wzps|03|net"; nocase; ) # zeck2x1mouqwuechbr8lq9gfo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zeck2x1mouqwuechbr8lq9gfo|03|org"; nocase; ) # oq6q361e7gpmd1h6x66uvohu7k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oq6q361e7gpmd1h6x66uvohu7k|03|org"; nocase; ) # qzbgbe8469drvwg24bkr5q36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qzbgbe8469drvwg24bkr5q36|03|net"; nocase; ) # 1pyops51d1r68hyos3y7kx4dce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pyops51d1r68hyos3y7kx4dce|03|net"; nocase; ) # cj8afzf1y0tq4ks9rxabawf0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cj8afzf1y0tq4ks9rxabawf0|03|org"; nocase; ) # 4usoibmfk50r1xmurig78rn4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4usoibmfk50r1xmurig78rn4n|03|org"; nocase; ) # 1fxovchz1n0b2gobfep1n1mk0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fxovchz1n0b2gobfep1n1mk0m|03|com"; nocase; ) # m11axt6y6ynljq872w60ccm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|m11axt6y6ynljq872w60ccm|03|com"; nocase; ) # navqpkgdpe11k600tg147x6bh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|navqpkgdpe11k600tg147x6bh|03|com"; nocase; ) # 1n351ag1pa3i6u1497vkwg7bnyo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n351ag1pa3i6u1497vkwg7bnyo|03|org"; nocase; ) # mzi60l1urplv21p228hd6rpka8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mzi60l1urplv21p228hd6rpka8|03|com"; nocase; ) # 1rumagmkx1shk16kfhh5jm45y1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rumagmkx1shk16kfhh5jm45y1|03|com"; nocase; ) # 1lbjoh01tobpyy84a70tmos5ge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lbjoh01tobpyy84a70tmos5ge|03|org"; nocase; ) # 1l3ufblebazc02z4mgo11mcosl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l3ufblebazc02z4mgo11mcosl|03|net"; nocase; ) # 13t1ennj378b1r53ghm17puw0y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13t1ennj378b1r53ghm17puw0y|03|com"; nocase; ) # 12pnpbt1wyk17u1eq5xmx1acqtyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12pnpbt1wyk17u1eq5xmx1acqtyr|03|net"; nocase; ) # 1oi1dbf4p8xwlcsideptb9ryw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oi1dbf4p8xwlcsideptb9ryw|03|biz"; nocase; ) # 1iv8v2krw076h7hf148pr0ogv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iv8v2krw076h7hf148pr0ogv|03|org"; nocase; ) # s4ykgpc7iakx1uxyjrlzdvluu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s4ykgpc7iakx1uxyjrlzdvluu|03|com"; nocase; ) # 1aauzw5do0q0lzfueos1r7stga.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aauzw5do0q0lzfueos1r7stga|03|biz"; nocase; ) # 1z0q6843xxqz3lv4wj31ygxvme.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1z0q6843xxqz3lv4wj31ygxvme|03|net"; nocase; ) # zca7gvui76p0odv0uj1x3yj0j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zca7gvui76p0odv0uj1x3yj0j|03|org"; nocase; ) # 1gqgfgu1qqumjs7hleqtwes9n9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gqgfgu1qqumjs7hleqtwes9n9|03|com"; nocase; ) # 1xzoqjfsym22wyby08c15dvclk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xzoqjfsym22wyby08c15dvclk|03|net"; nocase; ) # 1fgjcng9j7c331cv7ldw1ojjfks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fgjcng9j7c331cv7ldw1ojjfks|03|biz"; nocase; ) # 1a376u811e5p3lcs8e313kvrxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a376u811e5p3lcs8e313kvrxj|03|net"; nocase; ) # 15vdhd21eas9ra1axvykvkfijx7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15vdhd21eas9ra1axvykvkfijx7|03|org"; nocase; ) # txcpjloy6jvecbyoi21w5oobw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|txcpjloy6jvecbyoi21w5oobw|03|net"; nocase; ) # r580i6ervpv71iicas3ial4l7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r580i6ervpv71iicas3ial4l7|03|biz"; nocase; ) # 70evlokwkai21gmh72n16s68ta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|70evlokwkai21gmh72n16s68ta|03|com"; nocase; ) # 67vidz7itggr1oscwjk1tpaobo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|67vidz7itggr1oscwjk1tpaobo|03|net"; nocase; ) # 4ez7niixcrq7s9o2uhjmq0gd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4ez7niixcrq7s9o2uhjmq0gd|03|net"; nocase; ) # 1t6npwi1mc598mxgxgeuh3f5bt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t6npwi1mc598mxgxgeuh3f5bt|03|com"; nocase; ) # 75qglwqwpxbm1fe0di2avk7k8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|75qglwqwpxbm1fe0di2avk7k8|03|biz"; nocase; ) # 1pvowmi1x4zs381hbwy6q1nu0wzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pvowmi1x4zs381hbwy6q1nu0wzi|03|org"; nocase; ) # uj6tws18kytvoox98dnahezuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uj6tws18kytvoox98dnahezuy|03|com"; nocase; ) # 1ssvcohjr1iw2718n2h1si0w1j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ssvcohjr1iw2718n2h1si0w1j|03|org"; nocase; ) # zn6xkjlcxlqha6tmyh1mhxcmv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn6xkjlcxlqha6tmyh1mhxcmv|03|net"; nocase; ) # 1ias2l810wn57n1s0vyo4ybe0ec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ias2l810wn57n1s0vyo4ybe0ec|03|com"; nocase; ) # ujrefl116z5o8jn1bba1b7sp7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ujrefl116z5o8jn1bba1b7sp7c|03|org"; nocase; ) # glpcrnhq4m4118fe7mo1ybdlhm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|glpcrnhq4m4118fe7mo1ybdlhm|03|biz"; nocase; ) # d49h69q8dgh916r76ui10t7y7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d49h69q8dgh916r76ui10t7y7w|03|org"; nocase; ) # wxusbv1orwna75cskgv1ud0w7l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wxusbv1orwna75cskgv1ud0w7l|03|com"; nocase; ) # 1cles2d1tvwqsc11qwwpw1uoxnxb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cles2d1tvwqsc11qwwpw1uoxnxb|03|biz"; nocase; ) # 6n4idq1eb2hts1ujpddh1l4ryd4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6n4idq1eb2hts1ujpddh1l4ryd4|03|com"; nocase; ) # 1o0z3bmmfi4iwnv43ennjgtqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o0z3bmmfi4iwnv43ennjgtqc|03|org"; nocase; ) # r4u6ch1mnkaic1cjtpng1p8gvt0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r4u6ch1mnkaic1cjtpng1p8gvt0|03|com"; nocase; ) # 1lj8aw25p2y651xommas17xsvnn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lj8aw25p2y651xommas17xsvnn|03|net"; nocase; ) # 1g1ss1n38y5bhqur4ps1r1fzbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g1ss1n38y5bhqur4ps1r1fzbf|03|com"; nocase; ) # 4nfn0j1z0iuer1uk3myzvmuqnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4nfn0j1z0iuer1uk3myzvmuqnj|03|org"; nocase; ) # uobzn12agagx1r8lx8busc401.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uobzn12agagx1r8lx8busc401|03|biz"; nocase; ) # woypvz1e051x0khlsbnypjh7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|woypvz1e051x0khlsbnypjh7f|03|net"; nocase; ) # bbb270waah1q1fb3bjbaa5g3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bbb270waah1q1fb3bjbaa5g3|03|net"; nocase; ) # cg14yndos6wzilebd1pjvncv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cg14yndos6wzilebd1pjvncv|03|com"; nocase; ) # bbzitvopm6tv1wkltme9smwfr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bbzitvopm6tv1wkltme9smwfr|03|org"; nocase; ) # f1d8ke1bnspff1ewa1j3144b2zg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f1d8ke1bnspff1ewa1j3144b2zg|03|biz"; nocase; ) # 8xh4wd1bwlia01395kpz1334fi2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8xh4wd1bwlia01395kpz1334fi2|03|org"; nocase; ) # psagdm1chyz0ftw2jep14g185o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|psagdm1chyz0ftw2jep14g185o|03|net"; nocase; ) # h5rm0y1wxiga9ul9c361s6iibx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h5rm0y1wxiga9ul9c361s6iibx|03|biz"; nocase; ) # 1e93djfur3mra18qdzjqmvgko2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e93djfur3mra18qdzjqmvgko2|03|net"; nocase; ) # lm28ql1yomevp1y5rchb5nwx92.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lm28ql1yomevp1y5rchb5nwx92|03|com"; nocase; ) # 19tbo481bmmbfx1g5gec21ijhyef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19tbo481bmmbfx1g5gec21ijhyef|03|org"; nocase; ) # nutc8m1wqvaxrcv8ktr15ka3zd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nutc8m1wqvaxrcv8ktr15ka3zd|03|com"; nocase; ) # layrj71a0m9pomus8cngskdg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|layrj71a0m9pomus8cngskdg2|03|net"; nocase; ) # beqs4r1a5muea17uq82p1nrviyz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|beqs4r1a5muea17uq82p1nrviyz|03|biz"; nocase; ) # 1r8kdhy2mhd09qqcd0f1shtuvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r8kdhy2mhd09qqcd0f1shtuvd|03|net"; nocase; ) # 1gsyq7rf1eox1xtzlfpvmbrvj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gsyq7rf1eox1xtzlfpvmbrvj|03|org"; nocase; ) # mhc2wu1jgnskw176ifpy4d7sjg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mhc2wu1jgnskw176ifpy4d7sjg|03|biz"; nocase; ) # 1w7kzhn1qa5a7k19o8ne8zofwfi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w7kzhn1qa5a7k19o8ne8zofwfi|03|org"; nocase; ) # qiryc31cnrkztdlkc1l1sjsqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qiryc31cnrkztdlkc1l1sjsqv|03|net"; nocase; ) # 1rdzy41z4ylscsbiege898lyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rdzy41z4ylscsbiege898lyt|03|org"; nocase; ) # 1kcj9c818xm77ltcoub41rnwr5r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kcj9c818xm77ltcoub41rnwr5r|03|org"; nocase; ) # r2nxha9z7vg0a6qoztpsgb2b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r2nxha9z7vg0a6qoztpsgb2b|03|com"; nocase; ) # 3535ush0vfuw156ras917m3tad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3535ush0vfuw156ras917m3tad|03|org"; nocase; ) # 5mr0px12xxwrqy187l31j5u4g4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5mr0px12xxwrqy187l31j5u4g4|03|org"; nocase; ) # yi3q38p4qabm11gteev1k1rfv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yi3q38p4qabm11gteev1k1rfv|03|biz"; nocase; ) # 1nubgomnu23q71qbbnpq1n0v0d0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nubgomnu23q71qbbnpq1n0v0d0|03|net"; nocase; ) # n46ubu1wx3v651jjez6ypqd3wv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n46ubu1wx3v651jjez6ypqd3wv|03|com"; nocase; ) # h6hwps19ppeax3deff5n5j56m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h6hwps19ppeax3deff5n5j56m|03|biz"; nocase; ) # 5qh5oefewn0teifce1yt8prg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5qh5oefewn0teifce1yt8prg|03|net"; nocase; ) # y896hr1hw90j9em2gzj6d7jns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y896hr1hw90j9em2gzj6d7jns|03|com"; nocase; ) # 14g9gjq9tgz3t1vg0td617iti35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14g9gjq9tgz3t1vg0td617iti35|03|com"; nocase; ) # 6z1rhxxg214tdbjzu1pcge45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6z1rhxxg214tdbjzu1pcge45|03|net"; nocase; ) # 1iu68fhqmkw9rq2yyusk1mj51.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iu68fhqmkw9rq2yyusk1mj51|03|com"; nocase; ) # 1hmgklj18xugkt1mozchmk0pp9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hmgklj18xugkt1mozchmk0pp9|03|org"; nocase; ) # 1sar0co1xzsu4gd7idw250p3jo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sar0co1xzsu4gd7idw250p3jo|03|biz"; nocase; ) # g20fcg11qiaha6pogb91v0my84.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g20fcg11qiaha6pogb91v0my84|03|org"; nocase; ) # 13r39x168sjme1xrgrg3znz841.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13r39x168sjme1xrgrg3znz841|03|org"; nocase; ) # jhg6mw1s6p2ywjolvkqflpeqt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jhg6mw1s6p2ywjolvkqflpeqt|03|com"; nocase; ) # 1tqj48n1mfxvjpai6jcz18ukco5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tqj48n1mfxvjpai6jcz18ukco5|03|org"; nocase; ) # zcslom1wjaqe71apto8u1wxczmz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zcslom1wjaqe71apto8u1wxczmz|03|biz"; nocase; ) # drw8j21qmbp881k6p51yiq4h91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|drw8j21qmbp881k6p51yiq4h91|03|com"; nocase; ) # 1m7hu9413i7g8ii2ozz19omncn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7hu9413i7g8ii2ozz19omncn|03|net"; nocase; ) # 1sm0vws1surh5t1fjbny6bo0sdd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000033999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sm0vws1surh5t1fjbny6bo0sdd|03|net"; nocase; ) # fuj72d6r9fwe3yziqw1oyw4wr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fuj72d6r9fwe3yziqw1oyw4wr|03|com"; nocase; ) # 117p0fzvo5oig1t017zic1p9tz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|117p0fzvo5oig1t017zic1p9tz|03|net"; nocase; ) # qc0dbm1j1mxehwpyq2m1hb4m68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qc0dbm1j1mxehwpyq2m1hb4m68|03|net"; nocase; ) # fmp7x110j17dwlz17rv1wqkkgy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fmp7x110j17dwlz17rv1wqkkgy|03|biz"; nocase; ) # llofwvt1ww1l21en1cv05iot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|llofwvt1ww1l21en1cv05iot|03|net"; nocase; ) # 1ggdao21fb6k2d1cagjkwihajfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ggdao21fb6k2d1cagjkwihajfy|03|com"; nocase; ) # uaksek1ophif612u7jqikzi4zt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uaksek1ophif612u7jqikzi4zt|03|net"; nocase; ) # orabmi19rma2m1ycevczpmn4kt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|orabmi19rma2m1ycevczpmn4kt|03|biz"; nocase; ) # c4qtgf1kdf62za2lmlzjnjw19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4qtgf1kdf62za2lmlzjnjw19|03|com"; nocase; ) # 1r3ttccrv0b1pn6lq581denw7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r3ttccrv0b1pn6lq581denw7y|03|net"; nocase; ) # 1oht1kw1nwrup09uyvuapdj0uo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oht1kw1nwrup09uyvuapdj0uo|03|net"; nocase; ) # 17ncd1mwxfxst9ob4l51nyd2le.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ncd1mwxfxst9ob4l51nyd2le|03|biz"; nocase; ) # axl8mgzlycge1q20zvj1pjdr2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|axl8mgzlycge1q20zvj1pjdr2r|03|net"; nocase; ) # g3em0nufq61u1bcwiuwrqjodi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g3em0nufq61u1bcwiuwrqjodi|03|net"; nocase; ) # n6nk24chqi3u1d70t6v11nuijl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6nk24chqi3u1d70t6v11nuijl|03|net"; nocase; ) # 13dzgyuzrwsxcoi5051rc90b9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13dzgyuzrwsxcoi5051rc90b9|03|net"; nocase; ) # 7gx853usa3vfwkiza99bi9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|7gx853usa3vfwkiza99bi9i|03|com"; nocase; ) # y4o5mntc0y8p119984fpewjp2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y4o5mntc0y8p119984fpewjp2|03|net"; nocase; ) # 99tewt11s48jn5aih881w5g8zk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|99tewt11s48jn5aih881w5g8zk|03|net"; nocase; ) # 1aj5uem12tc92b1f2jmgo1kpje7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aj5uem12tc92b1f2jmgo1kpje7z|03|net"; nocase; ) # 1575yc11tqqpxn467iq8f8sr3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1575yc11tqqpxn467iq8f8sr3z|03|net"; nocase; ) # 16gln7x1rxwq5p1m0tv881itc5rc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16gln7x1rxwq5p1m0tv881itc5rc|03|org"; nocase; ) # 55cujbuysnoa1l4mb8713vk6pe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|55cujbuysnoa1l4mb8713vk6pe|03|com"; nocase; ) # 14yeozvnlenas1ppa50q87z5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14yeozvnlenas1ppa50q87z5t|03|org"; nocase; ) # 1mla1gm8ub5pnp3h2lr1vahvxg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mla1gm8ub5pnp3h2lr1vahvxg|03|net"; nocase; ) # 6xpe0819mjjq1ioxsd21o3ne5v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xpe0819mjjq1ioxsd21o3ne5v|03|biz"; nocase; ) # wm2h1m1nna2bw45nato1o9ensl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wm2h1m1nna2bw45nato1o9ensl|03|org"; nocase; ) # 1dbhyjtzdvw6wu8f7221npps7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dbhyjtzdvw6wu8f7221npps7o|03|com"; nocase; ) # 1nmqnwj1c570qb17v8irs3fflte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nmqnwj1c570qb17v8irs3fflte|03|net"; nocase; ) # bcg76f1r11eyqhah44y1qdznlp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcg76f1r11eyqhah44y1qdznlp|03|biz"; nocase; ) # pjp2cb11gmqhnckgeiub7qdci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pjp2cb11gmqhnckgeiub7qdci|03|com"; nocase; ) # 1xr7w46lokftj1eopg2r16ncyky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xr7w46lokftj1eopg2r16ncyky|03|net"; nocase; ) # 1s6hfo61tunm4y11nb7cb1fxiqit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s6hfo61tunm4y11nb7cb1fxiqit|03|org"; nocase; ) # 1fvx69c1pgpvxzg4kwzeutfnrz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fvx69c1pgpvxzg4kwzeutfnrz|03|com"; nocase; ) # yoobke1m3dg621knovo81oey461.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yoobke1m3dg621knovo81oey461|03|org"; nocase; ) # 7r4cxv21xffpmki0kxhy322o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7r4cxv21xffpmki0kxhy322o|03|net"; nocase; ) # lysjgx1nkgew61ax2uw0y1ckrx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lysjgx1nkgew61ax2uw0y1ckrx|03|org"; nocase; ) # wqr6im1ffmnlu1j02zyd1n4210a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wqr6im1ffmnlu1j02zyd1n4210a|03|biz"; nocase; ) # qmla00boizn91hyt2xi159u3gw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qmla00boizn91hyt2xi159u3gw|03|net"; nocase; ) # 102ldb7j3qbf1100ccmu9w3hk1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|102ldb7j3qbf1100ccmu9w3hk1|03|org"; nocase; ) # bwlhke3d4agg1up8ghnpqib2j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bwlhke3d4agg1up8ghnpqib2j|03|net"; nocase; ) # tk8aiux8ubwy7cnisywulj4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tk8aiux8ubwy7cnisywulj4k|03|com"; nocase; ) # rn7o661ekeqc1vii4w4slv1se.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rn7o661ekeqc1vii4w4slv1se|03|org"; nocase; ) # 1ynxb2913b7zexkab4ou79wpy4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ynxb2913b7zexkab4ou79wpy4|03|net"; nocase; ) # 7uo1031grczcm1g1w92egw92q8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7uo1031grczcm1g1w92egw92q8|03|org"; nocase; ) # agv0cvf24ypf1jcddvu9otvrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|agv0cvf24ypf1jcddvu9otvrp|03|net"; nocase; ) # 1wrl5qr1a90a5s179uabkkfw9mh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wrl5qr1a90a5s179uabkkfw9mh|03|org"; nocase; ) # 3vdgmj5hxclwtf5lh41x5h7qm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3vdgmj5hxclwtf5lh41x5h7qm|03|biz"; nocase; ) # i92lwx11lmfudg46io314qzt1z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i92lwx11lmfudg46io314qzt1z|03|com"; nocase; ) # 123j66pvkiubf195wlun6b43eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|123j66pvkiubf195wlun6b43eb|03|net"; nocase; ) # sp08dlkvz1kb1p71eq61lw2ywn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sp08dlkvz1kb1p71eq61lw2ywn|03|com"; nocase; ) # 11vaa7kia4kedvi0ed18d9il5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11vaa7kia4kedvi0ed18d9il5|03|biz"; nocase; ) # 1soudjm1vs03sy1gb5xjc1t0bb61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1soudjm1vs03sy1gb5xjc1t0bb61|03|org"; nocase; ) # 18pxm9q7h4hyc19ozlw0g1t73d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pxm9q7h4hyc19ozlw0g1t73d|03|biz"; nocase; ) # a8syld1yov3ot1995w5w4xj22t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a8syld1yov3ot1995w5w4xj22t|03|com"; nocase; ) # 1olr43h142aro1dsrzosteb1lk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1olr43h142aro1dsrzosteb1lk|03|biz"; nocase; ) # 19y4e621fn4lac0zn7513k0byb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19y4e621fn4lac0zn7513k0byb|03|com"; nocase; ) # 1hefo5217jg0ti18eaez211qudn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hefo5217jg0ti18eaez211qudn9|03|net"; nocase; ) # fe01pd1fop3hjitf70eyjxiua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fe01pd1fop3hjitf70eyjxiua|03|org"; nocase; ) # fs3q6py3m29q1cj7an18tzjea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fs3q6py3m29q1cj7an18tzjea|03|com"; nocase; ) # 1uqo8ee1lmevcvku14yjp8p4gi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uqo8ee1lmevcvku14yjp8p4gi|03|biz"; nocase; ) # 1tk1v9rril0os17peedx1ncgslv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tk1v9rril0os17peedx1ncgslv|03|org"; nocase; ) # 1qvdrqiy38r0q1vjk3qa96c55r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qvdrqiy38r0q1vjk3qa96c55r|03|net"; nocase; ) # 1shyn9a1usawj4v8e8bn1hnltis.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1shyn9a1usawj4v8e8bn1hnltis|03|biz"; nocase; ) # 11izly21lzvamd169dvb9ava8cz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11izly21lzvamd169dvb9ava8cz|03|biz"; nocase; ) # 1ochg7g1s2wxmq1hca2a4a6p8ds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ochg7g1s2wxmq1hca2a4a6p8ds|03|biz"; nocase; ) # 1leed0p1c2hgup1pi8gx6pc0pmv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1leed0p1c2hgup1pi8gx6pc0pmv|03|com"; nocase; ) # 1a0uuhb1ejzt4112b7u41qs6jc3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a0uuhb1ejzt4112b7u41qs6jc3|03|org"; nocase; ) # 1w172k91epoq03tkg5741i7uww5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w172k91epoq03tkg5741i7uww5|03|net"; nocase; ) # 1s8akux1r2qhkm1srjupf2s73e4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s8akux1r2qhkm1srjupf2s73e4|03|net"; nocase; ) # 1rntx1frk2yoqq7r5y1tq0r7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rntx1frk2yoqq7r5y1tq0r7y|03|net"; nocase; ) # 4bfyjs1hsji5jsmyu1o1so7uqz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4bfyjs1hsji5jsmyu1o1so7uqz|03|com"; nocase; ) # 1igr3pk7qkxh3e7e1q2q70do.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1igr3pk7qkxh3e7e1q2q70do|03|com"; nocase; ) # p29bb21iri50pfg3rz7wbt1jw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p29bb21iri50pfg3rz7wbt1jw|03|org"; nocase; ) # 1p8h7vt15hswrnuuqdfr19p1bsk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p8h7vt15hswrnuuqdfr19p1bsk|03|biz"; nocase; ) # zt8ev2qoa0p318ws0lj1e1zx00.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zt8ev2qoa0p318ws0lj1e1zx00|03|net"; nocase; ) # 10w003mejen1qho5fqn177xdum.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10w003mejen1qho5fqn177xdum|03|biz"; nocase; ) # 1cvy9o41xwpac917bxh074b67f8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cvy9o41xwpac917bxh074b67f8|03|net"; nocase; ) # 1w8559oir4dlabdn3lseumg7p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w8559oir4dlabdn3lseumg7p|03|org"; nocase; ) # ym78m9yzg6g836oig51xfftrs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ym78m9yzg6g836oig51xfftrs|03|org"; nocase; ) # 1vgajb01rc78fm2i8la1h516b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vgajb01rc78fm2i8la1h516b|03|net"; nocase; ) # 1rrxxhm13h941zohrnu2fgunij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rrxxhm13h941zohrnu2fgunij|03|biz"; nocase; ) # f1hz0p16hf1bu1o0tmee182r1d8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f1hz0p16hf1bu1o0tmee182r1d8|03|com"; nocase; ) # 2bsy2k14nmvkrxnb0jw1rnm4m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2bsy2k14nmvkrxnb0jw1rnm4m7|03|com"; nocase; ) # e9u3vf6i25iavniq1l1aohsi0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9u3vf6i25iavniq1l1aohsi0|03|org"; nocase; ) # ypc6p01pzn5s46qblji1l04prx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ypc6p01pzn5s46qblji1l04prx|03|net"; nocase; ) # xuwoul1uf5s7n1o86gmm94wmda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xuwoul1uf5s7n1o86gmm94wmda|03|com"; nocase; ) # 1rd5gekjs65d31ur9wtk15q2jqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rd5gekjs65d31ur9wtk15q2jqo|03|net"; nocase; ) # 1lad1pz1yrgowp1r4yjbr15cnoll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lad1pz1yrgowp1r4yjbr15cnoll|03|net"; nocase; ) # mcr8t61itxk452u7vnw1u9edt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mcr8t61itxk452u7vnw1u9edt|03|org"; nocase; ) # coi1nn6acuoc16r8k1d7k6k5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|coi1nn6acuoc16r8k1d7k6k5z|03|net"; nocase; ) # svk66hwr3kt51x7uxnol66ev6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|svk66hwr3kt51x7uxnol66ev6|03|net"; nocase; ) # 66z5ytzt2ec1h79gxo150t24q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66z5ytzt2ec1h79gxo150t24q|03|biz"; nocase; ) # 1umlq8i1wr4xlgezu7qm1afbjov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1umlq8i1wr4xlgezu7qm1afbjov|03|com"; nocase; ) # 16yu04prfltux17eoq6m1r0p319.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16yu04prfltux17eoq6m1r0p319|03|com"; nocase; ) # 25ujdmqavtpg1g05zx31josdc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|25ujdmqavtpg1g05zx31josdc8|03|net"; nocase; ) # 1m4v00dz6ntmk1gj2r301q3rrko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4v00dz6ntmk1gj2r301q3rrko|03|org"; nocase; ) # 1elkg3a14sqaiwh2t222rkh4xi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1elkg3a14sqaiwh2t222rkh4xi|03|biz"; nocase; ) # 18iwyt11ir27t81602oej10xbxiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18iwyt11ir27t81602oej10xbxiv|03|net"; nocase; ) # 1e82sj014cf5a1gt8xfm12mjuum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e82sj014cf5a1gt8xfm12mjuum|03|org"; nocase; ) # ajtjp91emi3kig781mm1e2tb70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajtjp91emi3kig781mm1e2tb70|03|net"; nocase; ) # x5a5vn13pb4zt1t4lzhg4pkmun.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x5a5vn13pb4zt1t4lzhg4pkmun|03|biz"; nocase; ) # 1doc90fof81lu1wv6cvknbcn7e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1doc90fof81lu1wv6cvknbcn7e|03|net"; nocase; ) # 138stcwmw2s5xs0vkqx1va5pq6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|138stcwmw2s5xs0vkqx1va5pq6|03|com"; nocase; ) # 1gyq3p816hz7zybkmesr1vzgfco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gyq3p816hz7zybkmesr1vzgfco|03|net"; nocase; ) # jozu9a7tqrvxl1ggzh1v98841.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jozu9a7tqrvxl1ggzh1v98841|03|com"; nocase; ) # 1bfkiqj1oyzxco12oj7591ed4zw1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bfkiqj1oyzxco12oj7591ed4zw1|03|org"; nocase; ) # n9es8qlpzpekgrf5sj1l2wbhy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n9es8qlpzpekgrf5sj1l2wbhy|03|net"; nocase; ) # 11m2fhf1q112881oazlkh4gcax7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11m2fhf1q112881oazlkh4gcax7|03|com"; nocase; ) # 12u6ex3jlw3f611wckayr6ezue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12u6ex3jlw3f611wckayr6ezue|03|net"; nocase; ) # 1wnx5u8rniemdg65qgxz648pb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wnx5u8rniemdg65qgxz648pb|03|biz"; nocase; ) # 8t3j8i1mcdzlrzngh6h7y2q26.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8t3j8i1mcdzlrzngh6h7y2q26|03|net"; nocase; ) # agzyb1hx0pzh1fo3sv81hottmx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|agzyb1hx0pzh1fo3sv81hottmx|03|biz"; nocase; ) # 18smd54g8dtgsat40leqzubvt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18smd54g8dtgsat40leqzubvt|03|com"; nocase; ) # uozgbmt1eoga1eax84u1ubga7u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uozgbmt1eoga1eax84u1ubga7u|03|org"; nocase; ) # 133hb2k1smdanir6i2caswh6bs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|133hb2k1smdanir6i2caswh6bs|03|com"; nocase; ) # lmc0d31573lt91a6ytonw3h3v6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmc0d31573lt91a6ytonw3h3v6|03|com"; nocase; ) # 1kgzyk1ipe95l17sihio52kn0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kgzyk1ipe95l17sihio52kn0n|03|org"; nocase; ) # uehy581bwrxrfkk1zxbwo8z7m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uehy581bwrxrfkk1zxbwo8z7m|03|com"; nocase; ) # w1854r76btuq1muuh6g18jcfcn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w1854r76btuq1muuh6g18jcfcn|03|biz"; nocase; ) # 1sqno4z1kix6k617xyihovvt8nw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sqno4z1kix6k617xyihovvt8nw|03|com"; nocase; ) # 1riu89gl5q96mel3tkip0a9u7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1riu89gl5q96mel3tkip0a9u7|03|org"; nocase; ) # w5p48c15jnrgneyhpof7l4c8t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5p48c15jnrgneyhpof7l4c8t|03|net"; nocase; ) # c2ah3x1q86orm1i4rxhbtiw1mo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c2ah3x1q86orm1i4rxhbtiw1mo|03|net"; nocase; ) # 1m37h57xxsb7p19q7paezs054w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m37h57xxsb7p19q7paezs054w|03|biz"; nocase; ) # 27vhxm9lxdpraq4l461lc7w55.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27vhxm9lxdpraq4l461lc7w55|03|net"; nocase; ) # 5s39v1arz6scuya7p0ugey95.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5s39v1arz6scuya7p0ugey95|03|com"; nocase; ) # 1e2b5r6v51qebgpggrg1a620uh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e2b5r6v51qebgpggrg1a620uh|03|biz"; nocase; ) # t4qmbk1l9c6wd1yl2epm147fft6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t4qmbk1l9c6wd1yl2epm147fft6|03|com"; nocase; ) # 1aaeajfs1qbu61rygjpc17by7ul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aaeajfs1qbu61rygjpc17by7ul|03|com"; nocase; ) # i7h4b41qx67kq1qwkr1gda35fo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7h4b41qx67kq1qwkr1gda35fo|03|net"; nocase; ) # 10jieg91uflvvwixbolqqvq3n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10jieg91uflvvwixbolqqvq3n|03|biz"; nocase; ) # 1xmf6x89dbnnv17yug69phgz5y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmf6x89dbnnv17yug69phgz5y|03|net"; nocase; ) # 1qjqv5hkgshdf15ikiqr1bp7si1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qjqv5hkgshdf15ikiqr1bp7si1|03|org"; nocase; ) # 1cff0e3qu1twm1kqpkvq1v4ile0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cff0e3qu1twm1kqpkvq1v4ile0|03|com"; nocase; ) # 4i6yl31lelrm365npr51czhwv0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4i6yl31lelrm365npr51czhwv0|03|com"; nocase; ) # cp011qweg9i94ton5u1lxiggi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cp011qweg9i94ton5u1lxiggi|03|net"; nocase; ) # 18tejaq1mv7r2017e5nnmqwzyfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tejaq1mv7r2017e5nnmqwzyfq|03|biz"; nocase; ) # 6ryl9zcq5fxdy6h76w2trbtm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6ryl9zcq5fxdy6h76w2trbtm|03|com"; nocase; ) # 1815ym91c36ne91dytx9b19h6h4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1815ym91c36ne91dytx9b19h6h4p|03|net"; nocase; ) # 1tao64yknizpn18v9o61nzz8ws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tao64yknizpn18v9o61nzz8ws|03|net"; nocase; ) # mrro3p1fynmko187msh61oek3oy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mrro3p1fynmko187msh61oek3oy|03|org"; nocase; ) # 1fcau4seu5nvjbqgsnm8o147s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fcau4seu5nvjbqgsnm8o147s|03|net"; nocase; ) # 1pqtum8yen65qppdbo01mxsdbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pqtum8yen65qppdbo01mxsdbg|03|com"; nocase; ) # khdn0ftccxz5ybsdrc778joy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|khdn0ftccxz5ybsdrc778joy|03|net"; nocase; ) # nsty2w12fs2f01lp7z1q12uuvsy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nsty2w12fs2f01lp7z1q12uuvsy|03|net"; nocase; ) # 3b4xpgjfk85x1bkn4x5culkw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3b4xpgjfk85x1bkn4x5culkw9|03|net"; nocase; ) # 13rluyyjhrta3vfn2ya1lw59cn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13rluyyjhrta3vfn2ya1lw59cn|03|org"; nocase; ) # emqpknw3mcu5lo7aik77ku9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|emqpknw3mcu5lo7aik77ku9|03|net"; nocase; ) # a5ig1rzhpp1t1wnjxvzcb1h5d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a5ig1rzhpp1t1wnjxvzcb1h5d|03|com"; nocase; ) # dp9raced647u11cxwgorm4ai2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dp9raced647u11cxwgorm4ai2|03|biz"; nocase; ) # 1fdk4mv1ctwlhz1unoxks3otzns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fdk4mv1ctwlhz1unoxks3otzns|03|net"; nocase; ) # 12eleik6qgun41aytkfg1vfqd6o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12eleik6qgun41aytkfg1vfqd6o|03|com"; nocase; ) # ydciq118wbc3t19jhzr21ttuwde.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ydciq118wbc3t19jhzr21ttuwde|03|biz"; nocase; ) # u0yro1t045vyzlmuuqbui09b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u0yro1t045vyzlmuuqbui09b|03|net"; nocase; ) # 1qtyoen1fve1pgq1ghl410tmy2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qtyoen1fve1pgq1ghl410tmy2f|03|com"; nocase; ) # awg0tb1br0zsxdf6ifd1u5roje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|awg0tb1br0zsxdf6ifd1u5roje|03|net"; nocase; ) # uedcut1lhkhclala4d51fabel4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uedcut1lhkhclala4d51fabel4|03|org"; nocase; ) # li7c2i17gd20aei6b64rlutlv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|li7c2i17gd20aei6b64rlutlv|03|net"; nocase; ) # 1osyh541x70r9w50i420fjm4n2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osyh541x70r9w50i420fjm4n2|03|com"; nocase; ) # 193ymaq15uztye134pbqs93q5dz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|193ymaq15uztye134pbqs93q5dz|03|net"; nocase; ) # gqatibhn5ymu183prjq1sa2umx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gqatibhn5ymu183prjq1sa2umx|03|net"; nocase; ) # 1ac4jf1qdm6kakexrr6m9hi7e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ac4jf1qdm6kakexrr6m9hi7e|03|org"; nocase; ) # vyznlr1n3fm0f1jtie3f9m4x9h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vyznlr1n3fm0f1jtie3f9m4x9h|03|org"; nocase; ) # 1ch4fmg1lqh39capgbyn1pfli92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ch4fmg1lqh39capgbyn1pfli92|03|net"; nocase; ) # 5452a314m5dqj1uje2ga3soxhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5452a314m5dqj1uje2ga3soxhi|03|com"; nocase; ) # 10bd5ae1ktxnevihgt317i4xma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10bd5ae1ktxnevihgt317i4xma|03|net"; nocase; ) # 1tjn19510i0w08dma2zu15ndz8p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tjn19510i0w08dma2zu15ndz8p|03|com"; nocase; ) # yis9wpr8ie2h1h8k8tm1i9ub0z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yis9wpr8ie2h1h8k8tm1i9ub0z|03|biz"; nocase; ) # 1s1aqy11dkns3ndkex44o9xk1k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s1aqy11dkns3ndkex44o9xk1k|03|com"; nocase; ) # xqwffhui6bp41rnlt3s1hzw08h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xqwffhui6bp41rnlt3s1hzw08h|03|com"; nocase; ) # jaewhnkchelk10x75wlogikxs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jaewhnkchelk10x75wlogikxs|03|org"; nocase; ) # q5ra1b1oirbxa1eixig818sz1oc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q5ra1b1oirbxa1eixig818sz1oc|03|org"; nocase; ) # 8m6w0prl89z3cgjbl3q2doxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8m6w0prl89z3cgjbl3q2doxj|03|com"; nocase; ) # q3w5gl1l09g7mzymqn1fo4qal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q3w5gl1l09g7mzymqn1fo4qal|03|com"; nocase; ) # zj4evw1nkskyrwgqm3n1wk0p4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zj4evw1nkskyrwgqm3n1wk0p4p|03|net"; nocase; ) # 15oa9absed75r1f7itzr1ntd421.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15oa9absed75r1f7itzr1ntd421|03|org"; nocase; ) # it8grv8ykindbv721hjogj18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|it8grv8ykindbv721hjogj18|03|org"; nocase; ) # khw2o91quaea3zzb29ajh3asi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|khw2o91quaea3zzb29ajh3asi|03|biz"; nocase; ) # 12e8nqx1eb3j8b12h3101nfzvk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12e8nqx1eb3j8b12h3101nfzvk0|03|net"; nocase; ) # 17axibk19fo8zk1xiwfu31dc09jg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17axibk19fo8zk1xiwfu31dc09jg|03|org"; nocase; ) # 2zsuub1bnlk7tb746uz1a8uzja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zsuub1bnlk7tb746uz1a8uzja|03|org"; nocase; ) # 5re99jhli8b710bm5hdy76wae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5re99jhli8b710bm5hdy76wae|03|net"; nocase; ) # mu1y9r1yo5r0t1elf4qa4caueo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mu1y9r1yo5r0t1elf4qa4caueo|03|biz"; nocase; ) # 176zf7a17fgut5b9p9lk1j0ikhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|176zf7a17fgut5b9p9lk1j0ikhi|03|net"; nocase; ) # 1lmqfvk1kve29f1n4w1sy1xf9kmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lmqfvk1kve29f1n4w1sy1xf9kmf|03|net"; nocase; ) # 1eh5a3c1s2owqk153mbtzpjbnz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eh5a3c1s2owqk153mbtzpjbnz4|03|net"; nocase; ) # ix9xjr1jci4fzyf10dhfsni2l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ix9xjr1jci4fzyf10dhfsni2l|03|net"; nocase; ) # 4vw1qruzw5mdefbrdv1av0uf7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vw1qruzw5mdefbrdv1av0uf7|03|org"; nocase; ) # 197d3of1qd3s3efsklwm1ao49f6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|197d3of1qd3s3efsklwm1ao49f6|03|org"; nocase; ) # 1bcjsrf1sfuvko13w3ifpicv7sy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bcjsrf1sfuvko13w3ifpicv7sy|03|com"; nocase; ) # ob5s8x6o71yszjmfh0yxa06x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ob5s8x6o71yszjmfh0yxa06x|03|org"; nocase; ) # fdslqs1kv19dqpzl1spj32abk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fdslqs1kv19dqpzl1spj32abk|03|com"; nocase; ) # vc7f4e1w7iaud89tidw1j8sjk6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vc7f4e1w7iaud89tidw1j8sjk6|03|biz"; nocase; ) # 1ps2euz1p6pf4312ncgwg1fg73s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ps2euz1p6pf4312ncgwg1fg73s|03|org"; nocase; ) # nfd8v01917o7zkgkm4cabfltg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nfd8v01917o7zkgkm4cabfltg|03|net"; nocase; ) # 1wtioc01mdgklnfl70mb5sal8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wtioc01mdgklnfl70mb5sal8k|03|biz"; nocase; ) # 1w0vy8h1y34356xyymqumjaggh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w0vy8h1y34356xyymqumjaggh|03|org"; nocase; ) # xn9k86w70svm826f5yiq81v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xn9k86w70svm826f5yiq81v|03|com"; nocase; ) # 1o6wasofg7vyl1ueiul31bfccs7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o6wasofg7vyl1ueiul31bfccs7|03|net"; nocase; ) # 11djo5mpjt3bonb93exsu4h5l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11djo5mpjt3bonb93exsu4h5l|03|net"; nocase; ) # eh9pdvtw2xqu15h6m8sgv4smw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eh9pdvtw2xqu15h6m8sgv4smw|03|net"; nocase; ) # 1umo8neh7przo3g1dw41juczak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1umo8neh7przo3g1dw41juczak|03|com"; nocase; ) # vxn2jm1l33olt2wf53az69kuy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vxn2jm1l33olt2wf53az69kuy|03|biz"; nocase; ) # xxpvzc17t3wdcnh06cl1tz1std.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xxpvzc17t3wdcnh06cl1tz1std|03|org"; nocase; ) # wnbvzy1i5gcdhkiy30yk8ymkq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wnbvzy1i5gcdhkiy30yk8ymkq|03|net"; nocase; ) # 1q6nd1u186jdlk7nlb0wj2ht8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q6nd1u186jdlk7nlb0wj2ht8r|03|net"; nocase; ) # 1fwu0371rip8r61w57bppzg1uwp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fwu0371rip8r61w57bppzg1uwp|03|biz"; nocase; ) # 15i9rsg1m8a1na1b6u3edzh6js.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15i9rsg1m8a1na1b6u3edzh6js|03|org"; nocase; ) # 11ncmkx14393yqfupum2jplk99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ncmkx14393yqfupum2jplk99|03|net"; nocase; ) # 1cx8tp71f8f3901265e69i9x9c1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cx8tp71f8f3901265e69i9x9c1|03|org"; nocase; ) # 1l8pc301xa82aairks113xalso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l8pc301xa82aairks113xalso|03|biz"; nocase; ) # e1w320zgvggx1c9613h170lg8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e1w320zgvggx1c9613h170lg8x|03|net"; nocase; ) # sj4tirgv1k0j109rhoq1pwycto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sj4tirgv1k0j109rhoq1pwycto|03|biz"; nocase; ) # xdzv9017jxpji13enw6p1c1fmhe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xdzv9017jxpji13enw6p1c1fmhe|03|net"; nocase; ) # 9dm77z1r179mwyyaysbzmtkur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9dm77z1r179mwyyaysbzmtkur|03|net"; nocase; ) # 3ysjv318sfjdffhl8ut1b1r7p8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ysjv318sfjdffhl8ut1b1r7p8|03|org"; nocase; ) # 6bewdyfkyn6x1wh8299tulc4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6bewdyfkyn6x1wh8299tulc4i|03|net"; nocase; ) # 1huexi1y5c1vdi4meeki7poxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1huexi1y5c1vdi4meeki7poxx|03|com"; nocase; ) # cmc2vx5qxenft1ei4x1xjyo6m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cmc2vx5qxenft1ei4x1xjyo6m|03|biz"; nocase; ) # 4qppsy1ex3bapb8jap71idgp2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4qppsy1ex3bapb8jap71idgp2c|03|com"; nocase; ) # nroo4ijbo4lcs4j6qfmmv49g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nroo4ijbo4lcs4j6qfmmv49g|03|net"; nocase; ) # 1135d3az4fg92h6m7njjr0c22.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1135d3az4fg92h6m7njjr0c22|03|net"; nocase; ) # en9xwp17g8hgkxiuzltq2xbu8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|en9xwp17g8hgkxiuzltq2xbu8|03|net"; nocase; ) # pgxoad1vkkduyz81sh9uv3fgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pgxoad1vkkduyz81sh9uv3fgi|03|com"; nocase; ) # 1muyb3x1sv5st513qsvjc1uwa1qy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1muyb3x1sv5st513qsvjc1uwa1qy|03|com"; nocase; ) # fk4x4w19en0b2hhztbd1d2fdbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fk4x4w19en0b2hhztbd1d2fdbp|03|org"; nocase; ) # bxmosc1kio18b41m0az2ho1hz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bxmosc1kio18b41m0az2ho1hz|03|com"; nocase; ) # 1ui5smi1szijyl1vhuye07fx1i9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ui5smi1szijyl1vhuye07fx1i9|03|net"; nocase; ) # wv0ojl1f0i3165hmi8n1umylyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wv0ojl1f0i3165hmi8n1umylyn|03|biz"; nocase; ) # m5f9v8ndmmoymcb9cp1eui99q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5f9v8ndmmoymcb9cp1eui99q|03|org"; nocase; ) # bn4nn11thvcg21cgj3sv1i4ykjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bn4nn11thvcg21cgj3sv1i4ykjy|03|com"; nocase; ) # 1nu9rdx1xycuml100xn3yhm529l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nu9rdx1xycuml100xn3yhm529l|03|org"; nocase; ) # noeiyfuk56sp12s3k7e1eanppy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|noeiyfuk56sp12s3k7e1eanppy|03|net"; nocase; ) # 1l72pz9168ygqhtixfml1uhuc4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l72pz9168ygqhtixfml1uhuc4e|03|biz"; nocase; ) # uo6ga01sbndhe1upzct9fedv6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uo6ga01sbndhe1upzct9fedv6p|03|net"; nocase; ) # 1so8w6wkxgylxmbp9jx1fshm2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1so8w6wkxgylxmbp9jx1fshm2t|03|net"; nocase; ) # 85me51lxvjlps7za2p1e9bkht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|85me51lxvjlps7za2p1e9bkht|03|com"; nocase; ) # oswrbn1quenhlu0iu5182sxd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oswrbn1quenhlu0iu5182sxd9|03|net"; nocase; ) # 165nc0bn0dpda5pyc5b8v6xl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|165nc0bn0dpda5pyc5b8v6xl0|03|com"; nocase; ) # 2oltao13s4aangfnzw31k3tox0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2oltao13s4aangfnzw31k3tox0|03|net"; nocase; ) # j9zuad1mj624j1usc5bm1batyr0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j9zuad1mj624j1usc5bm1batyr0|03|com"; nocase; ) # gyozl71s77axa1jzq8uf1gcjwbj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gyozl71s77axa1jzq8uf1gcjwbj|03|org"; nocase; ) # 1ixg0311rvkscs1c6ouupp8oe8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ixg0311rvkscs1c6ouupp8oe8m|03|com"; nocase; ) # wnogfsoqpik2ohkmp36ge1k8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wnogfsoqpik2ohkmp36ge1k8|03|com"; nocase; ) # x22h1c1aqnqgb137j34v8aks3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x22h1c1aqnqgb137j34v8aks3x|03|com"; nocase; ) # 14n7ilu1sju4oh1f0tbnqx2zlmk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14n7ilu1sju4oh1f0tbnqx2zlmk|03|biz"; nocase; ) # 1tec6fv19vfd3j1re1s4hrir84x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tec6fv19vfd3j1re1s4hrir84x|03|org"; nocase; ) # 1tcuu181gnkm72n1v4t1slwu18.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tcuu181gnkm72n1v4t1slwu18|03|biz"; nocase; ) # 1bbmjyj1m515qm17rtwf01gwqz7h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bbmjyj1m515qm17rtwf01gwqz7h|03|net"; nocase; ) # 6nyuv4qiismm18amwy11uurttf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nyuv4qiismm18amwy11uurttf|03|org"; nocase; ) # 1rpf31jckjgwc13gq9try38cl2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rpf31jckjgwc13gq9try38cl2|03|org"; nocase; ) # 1xmgooz1bsv8d7llu7n1pbhuqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xmgooz1bsv8d7llu7n1pbhuqv|03|biz"; nocase; ) # 4o307v1kgvs2o16hf7mr1khm833.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4o307v1kgvs2o16hf7mr1khm833|03|net"; nocase; ) # 16h09p814rirbv1ebl5qb1th7ewz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16h09p814rirbv1ebl5qb1th7ewz|03|net"; nocase; ) # 1pz891y16aujnt1rlbv321klrtjh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pz891y16aujnt1rlbv321klrtjh|03|net"; nocase; ) # 1npa5jn75lpbolouox9rkd6mg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1npa5jn75lpbolouox9rkd6mg|03|biz"; nocase; ) # 9bh9gchi6gg3fjc5prs1sunx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9bh9gchi6gg3fjc5prs1sunx|03|org"; nocase; ) # u2249h1tw246c149w022keb6r1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2249h1tw246c149w022keb6r1|03|net"; nocase; ) # 14j2xes166kkwn46u6ah17k86go.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14j2xes166kkwn46u6ah17k86go|03|org"; nocase; ) # 16kik4qjhq0hldmrc8z8bo3tt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16kik4qjhq0hldmrc8z8bo3tt|03|com"; nocase; ) # 1iw1xa91rj246v166pu5y107vrj3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iw1xa91rj246v166pu5y107vrj3|03|biz"; nocase; ) # 1amtoqqcftcw4xw6vh514hgwik.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1amtoqqcftcw4xw6vh514hgwik|03|org"; nocase; ) # 131rlra2jfyjg1m91skp1i0t3zt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|131rlra2jfyjg1m91skp1i0t3zt|03|biz"; nocase; ) # 2nyrch2bw7otzyp45711uszw2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2nyrch2bw7otzyp45711uszw2|03|org"; nocase; ) # 6diudcqunnin14uasrj16uw2l4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6diudcqunnin14uasrj16uw2l4|03|net"; nocase; ) # nm0bmmyi6l2r1w9932maz49h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nm0bmmyi6l2r1w9932maz49h|03|net"; nocase; ) # 22jldo1kj0g0s17zeg31y3tj8x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|22jldo1kj0g0s17zeg31y3tj8x|03|org"; nocase; ) # emnd31awc3991h4tipjw7m4oz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|emnd31awc3991h4tipjw7m4oz|03|net"; nocase; ) # 1xtcq81fh0qaz1w3i5ib13fy4gl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xtcq81fh0qaz1w3i5ib13fy4gl|03|org"; nocase; ) # wvw3nzeftc071i38ahi1p2j1k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvw3nzeftc071i38ahi1p2j1k|03|biz"; nocase; ) # k8q5y41fb702uwy7d19mm3o8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k8q5y41fb702uwy7d19mm3o8|03|net"; nocase; ) # 108pbw21t7my18ky8quw1duwq6z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108pbw21t7my18ky8quw1duwq6z|03|com"; nocase; ) # 1cvqdwe1b30jqwusatuf3bqa2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cvqdwe1b30jqwusatuf3bqa2|03|net"; nocase; ) # 1wjymv11ddu6gwnka46t1k58368.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wjymv11ddu6gwnka46t1k58368|03|org"; nocase; ) # 11oo1201dh2yocxce5aeun241k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11oo1201dh2yocxce5aeun241k|03|org"; nocase; ) # fvozcp1srvakt1cq073393do9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fvozcp1srvakt1cq073393do9g|03|org"; nocase; ) # eu5tfy1tizf05zt0hag11bhrh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eu5tfy1tizf05zt0hag11bhrh5|03|com"; nocase; ) # 1nleo5lht9yn210vz0oenmee11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nleo5lht9yn210vz0oenmee11|03|net"; nocase; ) # 1tli4nbxzifpy12yq9fc1yv4d6z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tli4nbxzifpy12yq9fc1yv4d6z|03|com"; nocase; ) # 6ee8kg1prfh1tyrbgjudil5cl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ee8kg1prfh1tyrbgjudil5cl|03|net"; nocase; ) # 1lr8o583ds2do1f6ofmb1i7uq7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lr8o583ds2do1f6ofmb1i7uq7k|03|net"; nocase; ) # nv12es137unh11c45xw01rq8fuh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nv12es137unh11c45xw01rq8fuh|03|biz"; nocase; ) # 27uowisflewrgg6vov1x40d9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27uowisflewrgg6vov1x40d9k|03|net"; nocase; ) # 1bzy3mtvf4qe8102v072daheql.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bzy3mtvf4qe8102v072daheql|03|org"; nocase; ) # 3bm3q4hn6ejh60pbevge1ka1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3bm3q4hn6ejh60pbevge1ka1|03|net"; nocase; ) # 1iyaasfi3ds5c11rp4r31b37ze7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iyaasfi3ds5c11rp4r31b37ze7|03|org"; nocase; ) # opp3h1r652mf1tmo1421vacgkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|opp3h1r652mf1tmo1421vacgkf|03|com"; nocase; ) # 34z6ayn8i6gc1cf8jwvbe98gj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|34z6ayn8i6gc1cf8jwvbe98gj|03|biz"; nocase; ) # 1hhqo8w14gsfxz1dxvg2m6ntn24.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hhqo8w14gsfxz1dxvg2m6ntn24|03|biz"; nocase; ) # ztrclh1576in41mu69uxp8uu72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ztrclh1576in41mu69uxp8uu72|03|net"; nocase; ) # 1xrceh8foah7q1ygdn8dalrulv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xrceh8foah7q1ygdn8dalrulv|03|net"; nocase; ) # 12aeo841ki2aw61u578qf19wmdlo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12aeo841ki2aw61u578qf19wmdlo|03|com"; nocase; ) # 1svk0cum8cgj610d73tk1xz067e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1svk0cum8cgj610d73tk1xz067e|03|com"; nocase; ) # 1i73d61hacym8n8vwvw1mqc2y2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i73d61hacym8n8vwvw1mqc2y2|03|org"; nocase; ) # uiu9uz11v0jk61g2wd8j5pvkw9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uiu9uz11v0jk61g2wd8j5pvkw9|03|org"; nocase; ) # 1tkg8n19om06zwedk3a1lypwon.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tkg8n19om06zwedk3a1lypwon|03|com"; nocase; ) # zqjtcn1xkhg884vrmiin9x37u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zqjtcn1xkhg884vrmiin9x37u|03|net"; nocase; ) # ipxe701a54dmi1y9ixdqn36nrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ipxe701a54dmi1y9ixdqn36nrv|03|org"; nocase; ) # 1742ydribyl09yv7bcsbeaqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1742ydribyl09yv7bcsbeaqi|03|org"; nocase; ) # uo74ita3irae1t6jf0tb6srxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uo74ita3irae1t6jf0tb6srxg|03|com"; nocase; ) # 18hcmsp1sq0cf11l6p3i51g22pid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18hcmsp1sq0cf11l6p3i51g22pid|03|net"; nocase; ) # 16tamoa1gko9i8rjo7j30921t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16tamoa1gko9i8rjo7j30921t|03|org"; nocase; ) # zfxsx01l916ig1v6sjzt1vength.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zfxsx01l916ig1v6sjzt1vength|03|biz"; nocase; ) # q3emo81sbg0jge9b1201pkqi28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q3emo81sbg0jge9b1201pkqi28|03|net"; nocase; ) # 192acjth4eliu1vdwexs1a4h1ep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|192acjth4eliu1vdwexs1a4h1ep|03|com"; nocase; ) # chmdjzepubd3q4qbap1qihhwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|chmdjzepubd3q4qbap1qihhwi|03|net"; nocase; ) # 1xk43a8xy9y59cyhn6o1r5rfl6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xk43a8xy9y59cyhn6o1r5rfl6|03|biz"; nocase; ) # 1hgh9y7gkaaoe1iozl2bd0z3rl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hgh9y7gkaaoe1iozl2bd0z3rl|03|net"; nocase; ) # 1q9lhdt7y7z4mxhj4t11r1fj3c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q9lhdt7y7z4mxhj4t11r1fj3c|03|biz"; nocase; ) # 1iy6yel1baj8a6fsxysw1kfscq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iy6yel1baj8a6fsxysw1kfscq2|03|net"; nocase; ) # djhb8im83tfunxq2bayqvt0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|djhb8im83tfunxq2bayqvt0r|03|net"; nocase; ) # m4mtx11mc71gyml97bwmru58f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m4mtx11mc71gyml97bwmru58f|03|com"; nocase; ) # 18hxh34199ppk811nhs1c17bx4u5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18hxh34199ppk811nhs1c17bx4u5|03|org"; nocase; ) # 1270yc61efdhz1rf902dmuidyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1270yc61efdhz1rf902dmuidyh|03|com"; nocase; ) # 1ol8trlsrjoem78sdau1yeg9w0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ol8trlsrjoem78sdau1yeg9w0|03|org"; nocase; ) # 11avt3620j6gc178o7qwchhkdl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11avt3620j6gc178o7qwchhkdl|03|net"; nocase; ) # 1c2girr166l0tmg6gv9j7a7i3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c2girr166l0tmg6gv9j7a7i3|03|net"; nocase; ) # 1mpzb1eho8k91qbu2js1o3hvao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpzb1eho8k91qbu2js1o3hvao|03|com"; nocase; ) # 2bsn7clv95cr1ylfsn019w9s4s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2bsn7clv95cr1ylfsn019w9s4s|03|biz"; nocase; ) # 1aaihfcntwg251ks7i96bdb1cf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aaihfcntwg251ks7i96bdb1cf|03|net"; nocase; ) # 1crm59q1a2gs05lysv8j1ri608v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1crm59q1a2gs05lysv8j1ri608v|03|net"; nocase; ) # ofvqub1px2iaryqhqd718crx2y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ofvqub1px2iaryqhqd718crx2y|03|org"; nocase; ) # 1q2vqqdglwcwzqtfph3mlfk8k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q2vqqdglwcwzqtfph3mlfk8k|03|com"; nocase; ) # jrcylq1m8pnt7hl2qfajiy09i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jrcylq1m8pnt7hl2qfajiy09i|03|net"; nocase; ) # jjxrg61gpyirqqve8ll1u557zq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jjxrg61gpyirqqve8ll1u557zq|03|biz"; nocase; ) # v2tg5o3f8hdn1m2g7bj1mdihqs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v2tg5o3f8hdn1m2g7bj1mdihqs|03|org"; nocase; ) # 19geta61bv62w91ply5mn1ylci5h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19geta61bv62w91ply5mn1ylci5h|03|com"; nocase; ) # f53qox1z6yjm1acskbmpwtdu9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f53qox1z6yjm1acskbmpwtdu9|03|com"; nocase; ) # 1mlq9a48cf0it37a48a196hpyx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mlq9a48cf0it37a48a196hpyx|03|biz"; nocase; ) # c083nu7og3se19f0jrm1t42e5b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c083nu7og3se19f0jrm1t42e5b|03|net"; nocase; ) # 1cb8d7cm7w4fv1fga37i1gpixkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cb8d7cm7w4fv1fga37i1gpixkt|03|org"; nocase; ) # 1dg18de1497qysjypux81vo8ufj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dg18de1497qysjypux81vo8ufj|03|net"; nocase; ) # fzg4sxv26zgy1q0ks451dma9jm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fzg4sxv26zgy1q0ks451dma9jm|03|biz"; nocase; ) # gio8herbq1rxs50uji662fja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gio8herbq1rxs50uji662fja|03|net"; nocase; ) # 1coiy5te1eu2as6jw1m9ziib1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1coiy5te1eu2as6jw1m9ziib1|03|com"; nocase; ) # 1gpb7mmaflmbm1f9ftakkvgf8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gpb7mmaflmbm1f9ftakkvgf8x|03|biz"; nocase; ) # 13g2rssnvmhkpcd0afdrj4fnx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13g2rssnvmhkpcd0afdrj4fnx|03|org"; nocase; ) # 1276gcqn05yx4ynf9i13qc83q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1276gcqn05yx4ynf9i13qc83q|03|org"; nocase; ) # 5lqehz1l47esbtk6wn6lyze2f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5lqehz1l47esbtk6wn6lyze2f|03|org"; nocase; ) # 80gigv18rt29z1atfe2ytmk3f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|80gigv18rt29z1atfe2ytmk3f6|03|net"; nocase; ) # iqq92dzbdkbq148wtgh1e0eirc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iqq92dzbdkbq148wtgh1e0eirc|03|com"; nocase; ) # 142tafa1bw7j2xifaqf02g0ml5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|142tafa1bw7j2xifaqf02g0ml5|03|org"; nocase; ) # 6c4mam1nckt53ytrbs81nabelw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6c4mam1nckt53ytrbs81nabelw|03|net"; nocase; ) # 1rawed1hq0mn812mkkk9181638r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rawed1hq0mn812mkkk9181638r|03|org"; nocase; ) # qjk5uunpe0bb10tb589e3nrrw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qjk5uunpe0bb10tb589e3nrrw|03|biz"; nocase; ) # ukmv121xld2zrctabfp1qqhhfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ukmv121xld2zrctabfp1qqhhfx|03|com"; nocase; ) # y7wiy919i9w5t1rgnekuf18hrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y7wiy919i9w5t1rgnekuf18hrq|03|net"; nocase; ) # 1300adawzrt4cgree4zadv0b3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1300adawzrt4cgree4zadv0b3|03|org"; nocase; ) # l0qhbt1hijmp01fsjosg1eg2vfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l0qhbt1hijmp01fsjosg1eg2vfy|03|org"; nocase; ) # 17r1f1q1rnqz541xaytl11wa0iek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17r1f1q1rnqz541xaytl11wa0iek|03|biz"; nocase; ) # w2nyra1r3tcez1bcwoxv1hf76bi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w2nyra1r3tcez1bcwoxv1hf76bi|03|net"; nocase; ) # 1lk8ma6fit3vjlfdhbe1mweb98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lk8ma6fit3vjlfdhbe1mweb98|03|net"; nocase; ) # 1pv12po1514mm4w7ykan58hhw6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pv12po1514mm4w7ykan58hhw6|03|org"; nocase; ) # 110myvw1kf7d5l1q7xvll1x3key6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|110myvw1kf7d5l1q7xvll1x3key6|03|com"; nocase; ) # itwift83qf8e1q3xgj818cx83y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|itwift83qf8e1q3xgj818cx83y|03|net"; nocase; ) # 1ecbj8q1cg189uqxfs9y8u4q5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ecbj8q1cg189uqxfs9y8u4q5p|03|net"; nocase; ) # 1syukz8y4saeu1ioz64kc9axvy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1syukz8y4saeu1ioz64kc9axvy|03|biz"; nocase; ) # 17wa0qyk710ko1fztl5fiiy9yw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17wa0qyk710ko1fztl5fiiy9yw|03|net"; nocase; ) # 118gcqqxgarl9awofb9du5j4l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|118gcqqxgarl9awofb9du5j4l|03|org"; nocase; ) # wldzgm1qp0zdc1wdw3rv1yzvpsr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wldzgm1qp0zdc1wdw3rv1yzvpsr|03|biz"; nocase; ) # i2aomg6nyxk51xgg1e9e1bvs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i2aomg6nyxk51xgg1e9e1bvs|03|biz"; nocase; ) # r87j3y1f5jtyx11dkddq1w4hcu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r87j3y1f5jtyx11dkddq1w4hcu|03|net"; nocase; ) # ilgl5h1kkaepdxkt9fbalr8bp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ilgl5h1kkaepdxkt9fbalr8bp|03|com"; nocase; ) # mkidyzx95iqhorrmo31oxk6aw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mkidyzx95iqhorrmo31oxk6aw|03|com"; nocase; ) # upxiy31vxe73frvha191dhyn8c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|upxiy31vxe73frvha191dhyn8c|03|biz"; nocase; ) # s9fp5ddhbe6rx57w4e2osu95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s9fp5ddhbe6rx57w4e2osu95|03|net"; nocase; ) # 1hl0xdjpd77xegcz3vu1j7x01g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hl0xdjpd77xegcz3vu1j7x01g|03|com"; nocase; ) # 1bowmhq1t7twhw13duylqp8oio8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bowmhq1t7twhw13duylqp8oio8|03|biz"; nocase; ) # v9mou7qa1kjv13cef83i1c6ye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9mou7qa1kjv13cef83i1c6ye|03|org"; nocase; ) # onulq41vg58lo1fk0q9ekplxsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|onulq41vg58lo1fk0q9ekplxsf|03|net"; nocase; ) # 1s4wk231x9it03ttjoik1o50rjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s4wk231x9it03ttjoik1o50rjw|03|net"; nocase; ) # 1larr17171u0411996caf174gpwc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1larr17171u0411996caf174gpwc|03|net"; nocase; ) # rgji9o4o1snt1ld3fly11bm0kc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rgji9o4o1snt1ld3fly11bm0kc|03|org"; nocase; ) # 1loakn31p9foa5yacec1b0nh2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1loakn31p9foa5yacec1b0nh2m|03|org"; nocase; ) # s3ckvpqf9x34arby2f1ibwhqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s3ckvpqf9x34arby2f1ibwhqg|03|net"; nocase; ) # 1clbp9p1id3208qujyarry2xtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1clbp9p1id3208qujyarry2xtl|03|com"; nocase; ) # 1jes8ftm4iwqww612emqx7i5k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jes8ftm4iwqww612emqx7i5k|03|org"; nocase; ) # xvmc8e1c0r4b31ndebyntkqvlg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xvmc8e1c0r4b31ndebyntkqvlg|03|biz"; nocase; ) # 1kn9nds1soqgb7htnm5ugf4bxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kn9nds1soqgb7htnm5ugf4bxv|03|net"; nocase; ) # 1f8p9ettwrnxe3ppskq1jixlmi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f8p9ettwrnxe3ppskq1jixlmi|03|net"; nocase; ) # 11o1qv8ozqi2w1ssshh7h0jn6g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11o1qv8ozqi2w1ssshh7h0jn6g|03|org"; nocase; ) # 6jibn3eel50u1nrz1bc14z3b82.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6jibn3eel50u1nrz1bc14z3b82|03|net"; nocase; ) # 181drb91p8qmqs3avxky19zzlbw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|181drb91p8qmqs3avxky19zzlbw|03|net"; nocase; ) # v65nvk1ujsjeg1oscoan1xcowch.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v65nvk1ujsjeg1oscoan1xcowch|03|biz"; nocase; ) # 135fnzggueveovrrdi918ljsm3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|135fnzggueveovrrdi918ljsm3|03|com"; nocase; ) # 1eg1m861mpnle66z8wt215crvnu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eg1m861mpnle66z8wt215crvnu|03|com"; nocase; ) # 1spiqp61y7hxnqnzzitj188t4xo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1spiqp61y7hxnqnzzitj188t4xo|03|com"; nocase; ) # zv01u71jvnlmq2808101ew0m38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zv01u71jvnlmq2808101ew0m38|03|com"; nocase; ) # ydid3v1qz4mwbtwwkxbyqumkq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ydid3v1qz4mwbtwwkxbyqumkq|03|net"; nocase; ) # 1xsnegz1bz0ey11rk5mx3p3vj7n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xsnegz1bz0ey11rk5mx3p3vj7n|03|com"; nocase; ) # 1nenvp5jqjmmc1c3lqhu1w2ani7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nenvp5jqjmmc1c3lqhu1w2ani7|03|biz"; nocase; ) # 142zris15frox8xws8pk1mb6mje.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142zris15frox8xws8pk1mb6mje|03|biz"; nocase; ) # 1v71paydh5tq61nc5rexbrnugy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v71paydh5tq61nc5rexbrnugy|03|net"; nocase; ) # yoh2pl193x92g6j6ooa1ns9i32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yoh2pl193x92g6j6ooa1ns9i32|03|net"; nocase; ) # 8oy0mysg30g2kd4lcg1i3909b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8oy0mysg30g2kd4lcg1i3909b|03|net"; nocase; ) # lo11ic1b0znw91y4pdr7gqhtz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lo11ic1b0znw91y4pdr7gqhtz|03|org"; nocase; ) # m3z8dgcq1cfxpiq57x1qbgqu0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m3z8dgcq1cfxpiq57x1qbgqu0|03|com"; nocase; ) # 1mmmaaq1vu7vejc6gfg014f1jor.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mmmaaq1vu7vejc6gfg014f1jor|03|org"; nocase; ) # 16amoeo1gmwr8q9c4kyj1kin5as.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16amoeo1gmwr8q9c4kyj1kin5as|03|net"; nocase; ) # 1pqpg871wsx46m4fwkn61qi6i7o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pqpg871wsx46m4fwkn61qi6i7o|03|biz"; nocase; ) # 1kyv02t1hyu0be1vhp51najl58p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kyv02t1hyu0be1vhp51najl58p|03|net"; nocase; ) # 1eiqaxj2r54z06aj4eenjs5tb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eiqaxj2r54z06aj4eenjs5tb|03|net"; nocase; ) # 1tul76i12c99mpmuw1l1um38fv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tul76i12c99mpmuw1l1um38fv|03|biz"; nocase; ) # 1xzkwzjx1a4qs1xoyfgej74c0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xzkwzjx1a4qs1xoyfgej74c0q|03|net"; nocase; ) # r3kpup1mv8hj21ye8r3i1vmtlxd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r3kpup1mv8hj21ye8r3i1vmtlxd|03|biz"; nocase; ) # 1koad5lqv55mhugzr1inkzvzh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1koad5lqv55mhugzr1inkzvzh|03|net"; nocase; ) # 1o6cr2waudhep1sh9oa3tjadz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o6cr2waudhep1sh9oa3tjadz|03|biz"; nocase; ) # cc7evfbpw31ng5tg791a5iwxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cc7evfbpw31ng5tg791a5iwxo|03|net"; nocase; ) # 1e0l6bm10kz2yceek8bk1dbhf4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e0l6bm10kz2yceek8bk1dbhf4a|03|net"; nocase; ) # 1s8c1ed4un03c1m4knfi10359y3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s8c1ed4un03c1m4knfi10359y3|03|org"; nocase; ) # 9ega9m1y6l5z21iabbez1m5tlpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9ega9m1y6l5z21iabbez1m5tlpp|03|net"; nocase; ) # 1mxn6vu10ky30c143ofbhzh8adr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mxn6vu10ky30c143ofbhzh8adr|03|com"; nocase; ) # yi67tjbchqahexauqxp9t3dj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yi67tjbchqahexauqxp9t3dj|03|org"; nocase; ) # isj9h61bmv8h31tu93ludtanhu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|isj9h61bmv8h31tu93ludtanhu|03|com"; nocase; ) # 1jykgh8909x56q0cp4z1lsps44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jykgh8909x56q0cp4z1lsps44|03|com"; nocase; ) # sf9thf1npxb8g1dynup71ut3lw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sf9thf1npxb8g1dynup71ut3lw5|03|net"; nocase; ) # 18m39y1ti3ljd6kzj71capbgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18m39y1ti3ljd6kzj71capbgt|03|com"; nocase; ) # 1nnk6bg1l047iun7b57ovjt835.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nnk6bg1l047iun7b57ovjt835|03|net"; nocase; ) # tsuqlqhsgvy21lzga4y1mtwllu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tsuqlqhsgvy21lzga4y1mtwllu|03|com"; nocase; ) # 1r7b0bvq4l3z5ov7loimg7j10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r7b0bvq4l3z5ov7loimg7j10|03|net"; nocase; ) # 120gtdw110x5jv1ajp53bvrhiq2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|120gtdw110x5jv1ajp53bvrhiq2|03|com"; nocase; ) # 1uq9b78n2z2sbs4xzwj41p1fq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uq9b78n2z2sbs4xzwj41p1fq|03|com"; nocase; ) # 1uvbvdhqlr95wf58z6o6tn5ta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uvbvdhqlr95wf58z6o6tn5ta|03|com"; nocase; ) # 89odbv1qigrm8z3v4y3137tq5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89odbv1qigrm8z3v4y3137tq5z|03|org"; nocase; ) # kzj0jurljp3j1otkg5b1lkrpwa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kzj0jurljp3j1otkg5b1lkrpwa|03|net"; nocase; ) # 4vkvx71fbasskegl143nyxaeo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vkvx71fbasskegl143nyxaeo|03|org"; nocase; ) # 1flntcxcyt1edbkwhza17ktndv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1flntcxcyt1edbkwhza17ktndv|03|com"; nocase; ) # mroelp1uyesdbfwq8vu1p12295.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mroelp1uyesdbfwq8vu1p12295|03|org"; nocase; ) # runrgc15629z11699i8tjp33fr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|runrgc15629z11699i8tjp33fr|03|net"; nocase; ) # 1tejr9q1yg8gmg1cxvkl12vyps6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tejr9q1yg8gmg1cxvkl12vyps6|03|net"; nocase; ) # 1twazz01at6361j65q661ngf0rp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twazz01at6361j65q661ngf0rp|03|org"; nocase; ) # 1idwzk51vxjr3i1ihmjx9o7cqyw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1idwzk51vxjr3i1ihmjx9o7cqyw|03|net"; nocase; ) # 798hxz1te5ce01rj3xxsej56z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|798hxz1te5ce01rj3xxsej56z|03|net"; nocase; ) # 1iqonuu1rv23vl1y27u641lii7bu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iqonuu1rv23vl1y27u641lii7bu|03|net"; nocase; ) # 140pkmf1qgjnh51iryrop16wqgxx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|140pkmf1qgjnh51iryrop16wqgxx|03|org"; nocase; ) # 1cw7s1dji0izu1fkoslwrq5sxq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cw7s1dji0izu1fkoslwrq5sxq|03|org"; nocase; ) # wa9idw1k5he9z8asezfg7qt9m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wa9idw1k5he9z8asezfg7qt9m|03|biz"; nocase; ) # bh2nn21qum1ks1wo5cemh7dgqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bh2nn21qum1ks1wo5cemh7dgqr|03|net"; nocase; ) # 1uze2u53fsf0o11wgats535vj7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uze2u53fsf0o11wgats535vj7|03|biz"; nocase; ) # cx0gvj1n8clrc9yycncladf67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cx0gvj1n8clrc9yycncladf67|03|net"; nocase; ) # 1ou8ca317srfan18v3ausc45nbd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ou8ca317srfan18v3ausc45nbd|03|org"; nocase; ) # hn9grcf6d52m1in5r911ipkh9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hn9grcf6d52m1in5r911ipkh9i|03|net"; nocase; ) # xah05a8a13zb1eq8uwcxyu76j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xah05a8a13zb1eq8uwcxyu76j|03|org"; nocase; ) # 1e78i1pcpheev1o8nphejw6t0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e78i1pcpheev1o8nphejw6t0g|03|biz"; nocase; ) # 19y22un6yrtiwrxeokjvkfbt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19y22un6yrtiwrxeokjvkfbt9|03|org"; nocase; ) # 1rbnttqq40gzn19dm6ps1tqnbzc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbnttqq40gzn19dm6ps1tqnbzc|03|org"; nocase; ) # 4b9eqr6337h71n30kiu13u8r9y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4b9eqr6337h71n30kiu13u8r9y|03|biz"; nocase; ) # 1g7emevmia2iy1ygx1gd1nmakii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g7emevmia2iy1ygx1gd1nmakii|03|net"; nocase; ) # 1rozijo58hzr167aofo9ippn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rozijo58hzr167aofo9ippn2|03|net"; nocase; ) # 1n0feluqkbpc013qkw141vtz8vb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n0feluqkbpc013qkw141vtz8vb|03|net"; nocase; ) # 29auiw15e7f0gbyo03p1trv3cl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|29auiw15e7f0gbyo03p1trv3cl|03|net"; nocase; ) # qr9sx51d2pa2li33tmx1wwf2jk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qr9sx51d2pa2li33tmx1wwf2jk|03|com"; nocase; ) # g9qvm3ft1rbd1c8in7811obde6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g9qvm3ft1rbd1c8in7811obde6|03|net"; nocase; ) # 1flpodk4nfr2nm9c3uaquqn14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1flpodk4nfr2nm9c3uaquqn14|03|net"; nocase; ) # 1fes3teeum67n8e8foqwxb370.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fes3teeum67n8e8foqwxb370|03|net"; nocase; ) # emqvm7mcgyc8lzljw4tarn4v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|emqvm7mcgyc8lzljw4tarn4v|03|biz"; nocase; ) # 1h4wv0g1c8dapp1tdie5918spatd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h4wv0g1c8dapp1tdie5918spatd|03|com"; nocase; ) # 1o98htdyjxf0z1rfrew31ht7ls1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o98htdyjxf0z1rfrew31ht7ls1|03|org"; nocase; ) # 1wt4tp61ms0rak1ej8a1j15nmqhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wt4tp61ms0rak1ej8a1j15nmqhb|03|biz"; nocase; ) # xobd5b1b6rgxk10nyse47a4k87.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xobd5b1b6rgxk10nyse47a4k87|03|net"; nocase; ) # pd7hy01r396av1fh7gu2rrk0y7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pd7hy01r396av1fh7gu2rrk0y7|03|com"; nocase; ) # 1acudoi151spn11up59hf13dcft6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1acudoi151spn11up59hf13dcft6|03|org"; nocase; ) # figzqhu2etmz11lpqdf1fjmyke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|figzqhu2etmz11lpqdf1fjmyke|03|org"; nocase; ) # wile9t1c1m2phgv376a1qbqws9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wile9t1c1m2phgv376a1qbqws9|03|biz"; nocase; ) # 2s3oc26n5optr63o2vjul4fw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2s3oc26n5optr63o2vjul4fw|03|com"; nocase; ) # 501fr2lhsm5vh869x61d2e0jr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|501fr2lhsm5vh869x61d2e0jr|03|org"; nocase; ) # df2e6chkr5111e8n0kx1jnpx9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|df2e6chkr5111e8n0kx1jnpx9m|03|net"; nocase; ) # josc4c1orcxicnucc4w5zirh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|josc4c1orcxicnucc4w5zirh|03|org"; nocase; ) # 1yxmpwh1ioax7ileo8ni1eeu1wp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxmpwh1ioax7ileo8ni1eeu1wp|03|net"; nocase; ) # 1bcunv2p0yu8a1bi75pyxbl3de.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bcunv2p0yu8a1bi75pyxbl3de|03|com"; nocase; ) # 1vfg9pc15z8uaqfas8hcoxmcyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vfg9pc15z8uaqfas8hcoxmcyj|03|org"; nocase; ) # 16992r74y61gq138loc91np4o0z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16992r74y61gq138loc91np4o0z|03|biz"; nocase; ) # 1o92kdy1k4p0lf1qefpofee20hu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o92kdy1k4p0lf1qefpofee20hu|03|net"; nocase; ) # 5cosm413nwoe9d89yvk54m9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5cosm413nwoe9d89yvk54m9|03|com"; nocase; ) # x6gs0t1etzgb243969t124pey5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x6gs0t1etzgb243969t124pey5|03|com"; nocase; ) # 14f7fhv9yy2951sm1t5h3get05.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14f7fhv9yy2951sm1t5h3get05|03|com"; nocase; ) # ddfoyj1p8ol56f7iedzrsrbis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ddfoyj1p8ol56f7iedzrsrbis|03|com"; nocase; ) # 10n2cufnbhu8g1o3h7ax101rh84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10n2cufnbhu8g1o3h7ax101rh84|03|net"; nocase; ) # j8el3tr7bny11v9siwi68ye8f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j8el3tr7bny11v9siwi68ye8f|03|biz"; nocase; ) # 13alo5s15xpw7e2zl56nq48eh6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13alo5s15xpw7e2zl56nq48eh6|03|biz"; nocase; ) # 1ghd0ns1ujnb9vnvgr9qgul5eu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ghd0ns1ujnb9vnvgr9qgul5eu|03|net"; nocase; ) # qn5cl61l7dbrxpkl4jn1ur1542.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qn5cl61l7dbrxpkl4jn1ur1542|03|net"; nocase; ) # 115s866ynwq3q1xyaecp1mv4lqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|115s866ynwq3q1xyaecp1mv4lqh|03|org"; nocase; ) # 16zrg8b1u0lrez1mj7354lwamev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16zrg8b1u0lrez1mj7354lwamev|03|net"; nocase; ) # 1d439fi15zfzv41040rx3u3oi8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d439fi15zfzv41040rx3u3oi8i|03|net"; nocase; ) # yjjwxr13ukbllrwk1oqxef26o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjjwxr13ukbllrwk1oqxef26o|03|com"; nocase; ) # 1jcyob01dllqeyrmdofwhqlima.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcyob01dllqeyrmdofwhqlima|03|biz"; nocase; ) # x0ye1z1ht8u23n5qj8k1prf9t2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x0ye1z1ht8u23n5qj8k1prf9t2|03|biz"; nocase; ) # 173guap112lvyh18g4jyq1m0loy9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|173guap112lvyh18g4jyq1m0loy9|03|com"; nocase; ) # arowqy1cbb4eotphvhw1h373im.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|arowqy1cbb4eotphvhw1h373im|03|org"; nocase; ) # 1biszu1568gvz1lpitwt4vvhz6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1biszu1568gvz1lpitwt4vvhz6|03|biz"; nocase; ) # 1qdt7e3as5xeg9fpyw81mraxp6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qdt7e3as5xeg9fpyw81mraxp6|03|org"; nocase; ) # 1rnv4pzytnu0i1s2idu6kx4u6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rnv4pzytnu0i1s2idu6kx4u6x|03|org"; nocase; ) # 128p0y811yqx481e4reqxwsc8x3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|128p0y811yqx481e4reqxwsc8x3|03|org"; nocase; ) # 1m5lweru1urtsejml2hnuhnwc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m5lweru1urtsejml2hnuhnwc|03|biz"; nocase; ) # fzzn0zp0ju5u85e8c8lg4o1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fzzn0zp0ju5u85e8c8lg4o1s|03|net"; nocase; ) # 1bv671q1oq0xn137971h1wokxxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bv671q1oq0xn137971h1wokxxw|03|com"; nocase; ) # uja2bhi1hlioef1tkyjtldx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|uja2bhi1hlioef1tkyjtldx|03|net"; nocase; ) # 1337o7o9pwgsa1v5esejbskmtb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1337o7o9pwgsa1v5esejbskmtb|03|com"; nocase; ) # mm0sua10uuu551g186e9vbe4i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mm0sua10uuu551g186e9vbe4i2|03|net"; nocase; ) # 1pbw8cf16vprzu3ngwyfy69bhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbw8cf16vprzu3ngwyfy69bhi|03|com"; nocase; ) # 12r0otz16r24g4ip1tal1p68rrs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12r0otz16r24g4ip1tal1p68rrs|03|org"; nocase; ) # 1mdhhuj1rgpdoafmxjk99zfm4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mdhhuj1rgpdoafmxjk99zfm4v|03|net"; nocase; ) # hfcx5bh4iht21e8vjqk1wv0yuo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfcx5bh4iht21e8vjqk1wv0yuo|03|org"; nocase; ) # 5tfy082gh2e4pc1v2www1oso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5tfy082gh2e4pc1v2www1oso|03|com"; nocase; ) # 1nqv7l6s16hvbs6opsrxvsk56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nqv7l6s16hvbs6opsrxvsk56|03|net"; nocase; ) # 5e3hkgd0ion3f8omk3t28sbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5e3hkgd0ion3f8omk3t28sbq|03|org"; nocase; ) # wdhu4rk83lb7lshpn62ety2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wdhu4rk83lb7lshpn62ety2l|03|biz"; nocase; ) # m21s9mvepmr51inmfft11spbf8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m21s9mvepmr51inmfft11spbf8|03|org"; nocase; ) # 8lushpiot27s11xzqyhx3s1xj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8lushpiot27s11xzqyhx3s1xj|03|net"; nocase; ) # 1vub08x7g3xy21negnbl115e3ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vub08x7g3xy21negnbl115e3ar|03|net"; nocase; ) # 27y62w1k7e2551urrzdljclsq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27y62w1k7e2551urrzdljclsq|03|org"; nocase; ) # 54kswr45ju6x1bkzr3hpas26d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|54kswr45ju6x1bkzr3hpas26d|03|org"; nocase; ) # 1t1c8wh1ly9dfpzdtbmw1soz3th.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t1c8wh1ly9dfpzdtbmw1soz3th|03|net"; nocase; ) # 14no9kb6boa7d1y73tt5qtu0bp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14no9kb6boa7d1y73tt5qtu0bp|03|net"; nocase; ) # 1tlwazvkygqpi1cjr5h15l83ww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tlwazvkygqpi1cjr5h15l83ww|03|com"; nocase; ) # pwxil41cq82nl2xx4ythinmmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pwxil41cq82nl2xx4ythinmmp|03|org"; nocase; ) # 15lv7tn6cz3t11qyj16b1uasqq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15lv7tn6cz3t11qyj16b1uasqq9|03|net"; nocase; ) # 1j8bn7o13jdyry1d5c2ok1bnv94f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j8bn7o13jdyry1d5c2ok1bnv94f|03|com"; nocase; ) # 17zkvh7vzh485fj09gr106mpto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zkvh7vzh485fj09gr106mpto|03|biz"; nocase; ) # 18ptmmc10u6m2h1krnxr914fd3db.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18ptmmc10u6m2h1krnxr914fd3db|03|com"; nocase; ) # jqe6w41i9edsx1djt9rvdgoi2w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqe6w41i9edsx1djt9rvdgoi2w|03|net"; nocase; ) # 1983vx74uuzmj1hrlies1qasnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1983vx74uuzmj1hrlies1qasnt|03|net"; nocase; ) # 1m41ttyk57r89ee0fqbrv15zb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m41ttyk57r89ee0fqbrv15zb|03|com"; nocase; ) # 1geptvpsh39n57isid47u95wl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1geptvpsh39n57isid47u95wl|03|com"; nocase; ) # sv0emx313i4mam3n4q1kyhbj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sv0emx313i4mam3n4q1kyhbj0|03|com"; nocase; ) # 14nntks1icie6ujoxta717c5nrk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14nntks1icie6ujoxta717c5nrk|03|org"; nocase; ) # zdjmcb1z130xp6tdbqj17nq65u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zdjmcb1z130xp6tdbqj17nq65u|03|biz"; nocase; ) # 1phk4br1vhqs7s10upcb91ujrqog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1phk4br1vhqs7s10upcb91ujrqog|03|net"; nocase; ) # 17cec004z0nye1688lx4167ll9e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17cec004z0nye1688lx4167ll9e|03|net"; nocase; ) # 12vs3j863lqaz1gc8oawnckdwe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12vs3j863lqaz1gc8oawnckdwe|03|biz"; nocase; ) # pxywvf1p3vyyw1nj1tty1shhoqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pxywvf1p3vyyw1nj1tty1shhoqw|03|org"; nocase; ) # lzh0qp1sr3w61p8pfpekabyf6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lzh0qp1sr3w61p8pfpekabyf6|03|org"; nocase; ) # xd1ce51y7lhjd1ddm4xi1rvy3jt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xd1ce51y7lhjd1ddm4xi1rvy3jt|03|org"; nocase; ) # 1m5kjh51ix21oz1sdgecq15m2v6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m5kjh51ix21oz1sdgecq15m2v6e|03|org"; nocase; ) # 1gavwfq1f8qkgjcgc8wa1e92nzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gavwfq1f8qkgjcgc8wa1e92nzs|03|net"; nocase; ) # 1oajusr1576vym10l2hfc1dyyblp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oajusr1576vym10l2hfc1dyyblp|03|net"; nocase; ) # 69cq9mccxmwyanxdoe15rrxtf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|69cq9mccxmwyanxdoe15rrxtf|03|com"; nocase; ) # 1lq3a9v1ocvkziukdal1tlomb9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lq3a9v1ocvkziukdal1tlomb9|03|com"; nocase; ) # 3frjhsol6t9aldhs1qot8t3m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3frjhsol6t9aldhs1qot8t3m|03|biz"; nocase; ) # 1uu3j9b19fiak512arklw11s9dsq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uu3j9b19fiak512arklw11s9dsq|03|net"; nocase; ) # 13miypayofwsx1co36zg17smb69.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13miypayofwsx1co36zg17smb69|03|com"; nocase; ) # 1mmmhh83iyps2kqo9pcehdh6j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mmmhh83iyps2kqo9pcehdh6j|03|org"; nocase; ) # of9wax10jnqu0ae1u4m1iy0bgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|of9wax10jnqu0ae1u4m1iy0bgz|03|com"; nocase; ) # 157zvtd11gyqvp1v1hfzzv08v9u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|157zvtd11gyqvp1v1hfzzv08v9u|03|biz"; nocase; ) # 1vcm3jr1reisfb1kd3iiw1kzk89h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vcm3jr1reisfb1kd3iiw1kzk89h|03|net"; nocase; ) # xik7uj3forvezu5rnlkiv0ol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xik7uj3forvezu5rnlkiv0ol|03|com"; nocase; ) # n8hfhh1gn0ibf1410ds31tcgra7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n8hfhh1gn0ibf1410ds31tcgra7|03|biz"; nocase; ) # 1cgl1jg1qboo951x14ap4o4mcxn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cgl1jg1qboo951x14ap4o4mcxn|03|com"; nocase; ) # 1gyf0d61md6xvs1icxoa1jol2o0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gyf0d61md6xvs1icxoa1jol2o0|03|org"; nocase; ) # ardmuh1w1j7211mgmjiwbcewvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ardmuh1w1j7211mgmjiwbcewvo|03|net"; nocase; ) # 2i51qc1w8ai0fkz4bhkrty72o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2i51qc1w8ai0fkz4bhkrty72o|03|biz"; nocase; ) # jxxjc71mrtwizdx0nqr11a14y1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jxxjc71mrtwizdx0nqr11a14y1|03|net"; nocase; ) # pbfcit1fqlfz1c20eu06ea5w7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbfcit1fqlfz1c20eu06ea5w7|03|org"; nocase; ) # 12svtoqomumqjrzdute1g0e13n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12svtoqomumqjrzdute1g0e13n|03|org"; nocase; ) # 1onhmp01xma3701mpfklsbcghc5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1onhmp01xma3701mpfklsbcghc5|03|net"; nocase; ) # ovj3p817zv5phzwdgevnjy69.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ovj3p817zv5phzwdgevnjy69|03|com"; nocase; ) # 1pkivha167bztr4ir0pw1o6tlpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkivha167bztr4ir0pw1o6tlpk|03|net"; nocase; ) # 1cte6t41i0bswm1mklogx747e14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cte6t41i0bswm1mklogx747e14|03|org"; nocase; ) # a960v6yfkyecorbb7gbyzt0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a960v6yfkyecorbb7gbyzt0y|03|net"; nocase; ) # du218l1frrz59lot5s21hsz6x2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|du218l1frrz59lot5s21hsz6x2|03|com"; nocase; ) # bjhsk8cxd47pq6uqpv1gpa3i4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bjhsk8cxd47pq6uqpv1gpa3i4|03|org"; nocase; ) # 1kxocv71oldp69wac484nbqt95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kxocv71oldp69wac484nbqt95|03|net"; nocase; ) # p1851v1afy9tn1xzdsvgaugu0n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p1851v1afy9tn1xzdsvgaugu0n|03|org"; nocase; ) # wdtgzv1cpn8xo1c1apd418ku0t2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wdtgzv1cpn8xo1c1apd418ku0t2|03|biz"; nocase; ) # kurhool43l5iafe26k3oybhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kurhool43l5iafe26k3oybhn|03|net"; nocase; ) # ot58y01dzry4z4qygfp1srfctf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ot58y01dzry4z4qygfp1srfctf|03|com"; nocase; ) # 1yia22k1ayru2ybcdgm6vf3b1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yia22k1ayru2ybcdgm6vf3b1q|03|org"; nocase; ) # zfecb01x91q591b6ah7eudq3qn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zfecb01x91q591b6ah7eudq3qn|03|biz"; nocase; ) # 1yw1p9k1eiynmqlrj048x3k8l7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yw1p9k1eiynmqlrj048x3k8l7|03|org"; nocase; ) # 1h41nc6uorwvum8tne1eaj8ii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h41nc6uorwvum8tne1eaj8ii|03|net"; nocase; ) # 1fbheahjub6711u0ikz010fpkkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbheahjub6711u0ikz010fpkkm|03|biz"; nocase; ) # 13j3umfld59nhyiqs55nf3y4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13j3umfld59nhyiqs55nf3y4|03|net"; nocase; ) # 75fk1zu74vow1lp2717q6g9ad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|75fk1zu74vow1lp2717q6g9ad|03|com"; nocase; ) # amp4d224vjomjwwysuwi8xk3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|amp4d224vjomjwwysuwi8xk3|03|net"; nocase; ) # d5ahm8y77j9l1hg8scf3jo2oe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d5ahm8y77j9l1hg8scf3jo2oe|03|com"; nocase; ) # 17rujxm11o7mrb1uu8p57vdrdyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17rujxm11o7mrb1uu8p57vdrdyt|03|org"; nocase; ) # wzokikjjtm5a1ol1z6d1qbbzpr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzokikjjtm5a1ol1z6d1qbbzpr|03|com"; nocase; ) # une6og15xgh4t1aqp64a1jgvvk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|une6og15xgh4t1aqp64a1jgvvk6|03|com"; nocase; ) # kdk70818es6if1utoaonxnpybp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kdk70818es6if1utoaonxnpybp|03|org"; nocase; ) # 1g9z2a11qzzf3o1hbb8z3eknx3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9z2a11qzzf3o1hbb8z3eknx3|03|com"; nocase; ) # 1wfb2lmrmtemwkhedbv1c38psv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wfb2lmrmtemwkhedbv1c38psv|03|com"; nocase; ) # t60qd65pu8241xm63ze18xxkd2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t60qd65pu8241xm63ze18xxkd2|03|org"; nocase; ) # r13y0hlwwpz21mu723d1xevd3q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r13y0hlwwpz21mu723d1xevd3q|03|org"; nocase; ) # 1yhntt5x8sqwq183nldzhukcvi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhntt5x8sqwq183nldzhukcvi|03|net"; nocase; ) # 1qjeg8b1mv5ev1v31rf81wb2xew.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qjeg8b1mv5ev1v31rf81wb2xew|03|biz"; nocase; ) # 1suyozyovmw4s1wu8fiz194xgwm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1suyozyovmw4s1wu8fiz194xgwm|03|org"; nocase; ) # jb2fygvagnglh9kqhi15vv1cn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jb2fygvagnglh9kqhi15vv1cn|03|org"; nocase; ) # q6ifx31di8ccywsybv51pqx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|q6ifx31di8ccywsybv51pqx|03|net"; nocase; ) # miltayql4yogsol8gj1fxlab4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|miltayql4yogsol8gj1fxlab4|03|com"; nocase; ) # j8axe19nkcj7sx6bm31tfbsd0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j8axe19nkcj7sx6bm31tfbsd0|03|com"; nocase; ) # fg196018tbw241p5vull10dyxbh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fg196018tbw241p5vull10dyxbh|03|biz"; nocase; ) # b0dco3i3mp5o1hfaz3e14abjnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0dco3i3mp5o1hfaz3e14abjnj|03|net"; nocase; ) # 1pt08q54hjgdj1p60z25m61gyh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pt08q54hjgdj1p60z25m61gyh|03|biz"; nocase; ) # 1h47izuvpv00oijfi001u5l62h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h47izuvpv00oijfi001u5l62h|03|biz"; nocase; ) # thtseh1rlngrr1oti5qf1fwikij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|thtseh1rlngrr1oti5qf1fwikij|03|com"; nocase; ) # 6tjlsvbdhk4j115jq5hz4v3bm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6tjlsvbdhk4j115jq5hz4v3bm|03|biz"; nocase; ) # 1fg6mbds5erlrhllf0i1v3184z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fg6mbds5erlrhllf0i1v3184z|03|net"; nocase; ) # 1jnsnj328kluroewhkv1kji6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jnsnj328kluroewhkv1kji6u|03|org"; nocase; ) # 1tmy6161yknj001fyjvu0b1mxlj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tmy6161yknj001fyjvu0b1mxlj|03|biz"; nocase; ) # 1tszvwh9vymm5fm8phj3l50tv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tszvwh9vymm5fm8phj3l50tv|03|net"; nocase; ) # r1yc2i25u82y1ffo7z31lnglxn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r1yc2i25u82y1ffo7z31lnglxn|03|net"; nocase; ) # srwth1607sogdstv6k1ff8fex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|srwth1607sogdstv6k1ff8fex|03|net"; nocase; ) # zqb3me4iu12w1yzccb2o2upip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zqb3me4iu12w1yzccb2o2upip|03|com"; nocase; ) # 1a8el4eubw94t85tmq71yeemrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a8el4eubw94t85tmq71yeemrj|03|net"; nocase; ) # 1cscjic1a9jqd0a7xmclb83mkn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cscjic1a9jqd0a7xmclb83mkn|03|biz"; nocase; ) # rf8sdq1jed3wyh4r84cy6kxh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rf8sdq1jed3wyh4r84cy6kxh|03|org"; nocase; ) # 1hbxzl8pl1jr1l33rx012ayqqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbxzl8pl1jr1l33rx012ayqqj|03|org"; nocase; ) # 1xmt9b01o3rxrxqhh3pt1kbj74i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xmt9b01o3rxrxqhh3pt1kbj74i|03|biz"; nocase; ) # 1bvy7fa8ghdt119c7z9o4i8ybt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bvy7fa8ghdt119c7z9o4i8ybt|03|net"; nocase; ) # ckixetf2rbyu1plkfwvow35ky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ckixetf2rbyu1plkfwvow35ky|03|net"; nocase; ) # 1soxpxm1otj2hr1jm1q0zofyuhm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1soxpxm1otj2hr1jm1q0zofyuhm|03|org"; nocase; ) # 1bghbw2vz1wvva1go57ig2w3g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bghbw2vz1wvva1go57ig2w3g|03|net"; nocase; ) # oe12hx1i0w5xprrhnge1cv3xgf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oe12hx1i0w5xprrhnge1cv3xgf|03|org"; nocase; ) # 94hx8f11ohf3116ji3691ls4kue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|94hx8f11ohf3116ji3691ls4kue|03|com"; nocase; ) # 1gexneq12ex5r813revkzo63puq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gexneq12ex5r813revkzo63puq|03|org"; nocase; ) # f3x2agopj75t1brkzcs15jf5me.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f3x2agopj75t1brkzcs15jf5me|03|biz"; nocase; ) # bntasuoi6pbr1rqugg01spui5u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bntasuoi6pbr1rqugg01spui5u|03|org"; nocase; ) # qww2nljhg6xoyxgb381x37ihz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qww2nljhg6xoyxgb381x37ihz|03|com"; nocase; ) # 1csll4ihymumo6awcpzatls1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1csll4ihymumo6awcpzatls1u|03|org"; nocase; ) # 1k3dp0aixp2gz1re2yw6k9bbk2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k3dp0aixp2gz1re2yw6k9bbk2|03|com"; nocase; ) # wcpjje1kvk2w9mg16vu1duqsrx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wcpjje1kvk2w9mg16vu1duqsrx|03|com"; nocase; ) # 1tibezm1q2u1171qzhtfk11on3ko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tibezm1q2u1171qzhtfk11on3ko|03|net"; nocase; ) # qtfhb1ntzezy1s24f1w1nd320w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qtfhb1ntzezy1s24f1w1nd320w|03|net"; nocase; ) # dlvb31jgo2t7u8iozy1x25mx5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dlvb31jgo2t7u8iozy1x25mx5|03|biz"; nocase; ) # 1003yjf1uiq9u963jsc10oak02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1003yjf1uiq9u963jsc10oak02|03|net"; nocase; ) # iqg2y9rip21s1bfatrh10b17f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iqg2y9rip21s1bfatrh10b17f6|03|net"; nocase; ) # kkm0cr13jshsf1isspmu158y496.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kkm0cr13jshsf1isspmu158y496|03|org"; nocase; ) # 2ro2wltpin0yscqkky19p2mnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ro2wltpin0yscqkky19p2mnk|03|com"; nocase; ) # 179hzzhstpqee1xq5aw7ku0ky1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|179hzzhstpqee1xq5aw7ku0ky1|03|org"; nocase; ) # 3ahyiu823ormpx4gsmfydcdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ahyiu823ormpx4gsmfydcdi|03|net"; nocase; ) # zvsqri973r9s16b3mnm1ka1mvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zvsqri973r9s16b3mnm1ka1mvc|03|org"; nocase; ) # 18exhp3d6nrb71v9y2r6124r4di.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18exhp3d6nrb71v9y2r6124r4di|03|org"; nocase; ) # 1xl0rti1aacubst3wnxjbw9kjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xl0rti1aacubst3wnxjbw9kjs|03|org"; nocase; ) # 11015jf9vgxc2gmwca7xpobc4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11015jf9vgxc2gmwca7xpobc4|03|org"; nocase; ) # 140fmyl1t9ovj7fuqyaqufs8z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|140fmyl1t9ovj7fuqyaqufs8z|03|biz"; nocase; ) # law9y9dk1y2k3g70x2a9z79b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|law9y9dk1y2k3g70x2a9z79b|03|com"; nocase; ) # 12gz4iqbdyulgao44hipq97ft.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12gz4iqbdyulgao44hipq97ft|03|biz"; nocase; ) # nh6xqk1p62gdl7wxop81ck8dc1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nh6xqk1p62gdl7wxop81ck8dc1|03|org"; nocase; ) # 14t7dd01771ovw16c887cjukrrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14t7dd01771ovw16c887cjukrrk|03|com"; nocase; ) # 4tw6kr1thm3vq1p21gf4ydtceb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4tw6kr1thm3vq1p21gf4ydtceb|03|biz"; nocase; ) # 1t4echt931k95t317u23dp794.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t4echt931k95t317u23dp794|03|org"; nocase; ) # s75ier1c8abn43btbr6oxbyfr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s75ier1c8abn43btbr6oxbyfr|03|com"; nocase; ) # 18a4e2b81vp3upv7eo11sj3vbo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18a4e2b81vp3upv7eo11sj3vbo|03|net"; nocase; ) # 16y7ola10j0z6q1cru3311p27lhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16y7ola10j0z6q1cru3311p27lhi|03|org"; nocase; ) # q2vw5f1r6s1eyrozlv7sqd0o1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2vw5f1r6s1eyrozlv7sqd0o1|03|biz"; nocase; ) # tlsn1r1po0wit1x850vlblt7pa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tlsn1r1po0wit1x850vlblt7pa|03|net"; nocase; ) # 1dx7am4kp2ueast0cxe1ggin20.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dx7am4kp2ueast0cxe1ggin20|03|biz"; nocase; ) # cc42ot1oej8v7ggoxp5xzruv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cc42ot1oej8v7ggoxp5xzruv6|03|com"; nocase; ) # uquh7e1wsi8ryqpruhu16wo4j4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uquh7e1wsi8ryqpruhu16wo4j4|03|org"; nocase; ) # yjjgut10hre7g1w9g1xcrq2tk6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yjjgut10hre7g1w9g1xcrq2tk6|03|biz"; nocase; ) # 1vfrogjnhjot813lndjlm7ezc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vfrogjnhjot813lndjlm7ezc|03|org"; nocase; ) # rxfr9ydo8dsbhnq5vc1bk58fs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxfr9ydo8dsbhnq5vc1bk58fs|03|net"; nocase; ) # gcpvq71nsu0nnze9a8i10kuni1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gcpvq71nsu0nnze9a8i10kuni1|03|net"; nocase; ) # 1dtxspcroth851g0tsyb8un7is.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dtxspcroth851g0tsyb8un7is|03|com"; nocase; ) # 1u5aohd1qu6uoenb1ctw14lkuk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u5aohd1qu6uoenb1ctw14lkuk4|03|org"; nocase; ) # 1ix0xng1dqvn8ioxu0te4rzpcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ix0xng1dqvn8ioxu0te4rzpcq|03|net"; nocase; ) # 1nd7jahw2t64t37f0b83q1am2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nd7jahw2t64t37f0b83q1am2|03|net"; nocase; ) # e6vwr0putza42cifr112vdyd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e6vwr0putza42cifr112vdyd0|03|org"; nocase; ) # e57gy11kkrzb1o89h14bpq2s8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e57gy11kkrzb1o89h14bpq2s8|03|net"; nocase; ) # cxwaoa1v7x91z1j2xs9z1fxj9vk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cxwaoa1v7x91z1j2xs9z1fxj9vk|03|com"; nocase; ) # 1ct8vqh1emwytpjn04ud7bm570.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ct8vqh1emwytpjn04ud7bm570|03|org"; nocase; ) # 1j6d9xh1emdr7vh192ctza4dgr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j6d9xh1emdr7vh192ctza4dgr|03|net"; nocase; ) # 6yr03n165v6d419dofq1ptse4j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6yr03n165v6d419dofq1ptse4j|03|biz"; nocase; ) # 1q4lo1trvwbpb17g64uz1yluf1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q4lo1trvwbpb17g64uz1yluf1f|03|org"; nocase; ) # v8tidw192teyieu0vqm5cyc6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v8tidw192teyieu0vqm5cyc6h|03|org"; nocase; ) # 1wqmrfy19jy8j0ddnr5shst32l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wqmrfy19jy8j0ddnr5shst32l|03|net"; nocase; ) # 1rkruwnbix9x5qiyuk3180wi0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rkruwnbix9x5qiyuk3180wi0x|03|org"; nocase; ) # 5roryu1oxffpy1afd5x9e7l91i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5roryu1oxffpy1afd5x9e7l91i|03|biz"; nocase; ) # sdf0eh1piheta1c4lwpv1lxpcjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sdf0eh1piheta1c4lwpv1lxpcjv|03|org"; nocase; ) # 1ehgri53f4jbd162ibcnxmlv33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ehgri53f4jbd162ibcnxmlv33|03|com"; nocase; ) # bztken1cye3ny1g8whzs19onvvy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bztken1cye3ny1g8whzs19onvvy|03|org"; nocase; ) # 1kv5jsf253eo31b3aw6913z4jwy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kv5jsf253eo31b3aw6913z4jwy|03|biz"; nocase; ) # 1l38v3xedt9r10solpp1xgrbxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l38v3xedt9r10solpp1xgrbxa|03|com"; nocase; ) # 1b2qaeddun8gv1gwncy8xs7bl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b2qaeddun8gv1gwncy8xs7bl4|03|com"; nocase; ) # zddhuub9w75me1ncl020rgs2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zddhuub9w75me1ncl020rgs2|03|biz"; nocase; ) # 5uz2qg3a24fc1et34bs1gelns6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5uz2qg3a24fc1et34bs1gelns6|03|com"; nocase; ) # 1ivxqwa58k4j7inox0010xw3gx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivxqwa58k4j7inox0010xw3gx|03|com"; nocase; ) # 1i1fv4poytm211digriqhp31g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i1fv4poytm211digriqhp31g|03|net"; nocase; ) # 654ekpb87ol5cphvzvkjo3h2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|654ekpb87ol5cphvzvkjo3h2|03|org"; nocase; ) # 1t2j4k81q8gyjh1hpgtofxz2gng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t2j4k81q8gyjh1hpgtofxz2gng|03|biz"; nocase; ) # 1zdt6iun4lftrs9d7114dyo84.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1zdt6iun4lftrs9d7114dyo84|03|biz"; nocase; ) # 1nlsuyv1ly9wiy1qhska9qw5bne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nlsuyv1ly9wiy1qhska9qw5bne|03|com"; nocase; ) # 1cgzxln16xa338884vf4w7e0ze.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cgzxln16xa338884vf4w7e0ze|03|biz"; nocase; ) # 1g2hw632wumddnerg231rf56y9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g2hw632wumddnerg231rf56y9|03|biz"; nocase; ) # 1lo33w9ku3u8mnjosy9ju32bl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lo33w9ku3u8mnjosy9ju32bl|03|org"; nocase; ) # ach6n4iop6nhu8578617oi4qy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ach6n4iop6nhu8578617oi4qy|03|org"; nocase; ) # 207cvqcbrpfu6q312n1nxq0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|207cvqcbrpfu6q312n1nxq0h|03|org"; nocase; ) # 15mlfufzkt0yevspfur1uqiln9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15mlfufzkt0yevspfur1uqiln9|03|com"; nocase; ) # cl4vckr0m8m134v3zc1m6m1df.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cl4vckr0m8m134v3zc1m6m1df|03|com"; nocase; ) # 1wvvxlo1jp2eem1gimk0kjkcjvw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wvvxlo1jp2eem1gimk0kjkcjvw|03|com"; nocase; ) # hp0yy6tm9oxc1963eiohd7hhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hp0yy6tm9oxc1963eiohd7hhy|03|com"; nocase; ) # zats5q10l1amtivr5rnszy2x4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zats5q10l1amtivr5rnszy2x4|03|org"; nocase; ) # 1t8q6a21qpmtbn8b716c1s9yp7b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t8q6a21qpmtbn8b716c1s9yp7b|03|biz"; nocase; ) # kqrmotgh1m231hx0ddc1cyo5b3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kqrmotgh1m231hx0ddc1cyo5b3|03|com"; nocase; ) # 1mh8mruncnxvf1bnn7jj15wzhxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mh8mruncnxvf1bnn7jj15wzhxq|03|net"; nocase; ) # ltvhymwwdavr1wnao1a0xcy0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ltvhymwwdavr1wnao1a0xcy0|03|org"; nocase; ) # ke38we1u064791yuf08fqhaxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ke38we1u064791yuf08fqhaxa|03|com"; nocase; ) # 1qisrwsw27ueaosehb31xcbxfm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qisrwsw27ueaosehb31xcbxfm|03|org"; nocase; ) # ards0r1i78dey1caomfy1vcadgy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ards0r1i78dey1caomfy1vcadgy|03|biz"; nocase; ) # 1di1kcw2gaccdrldb9nzgrcvo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1di1kcw2gaccdrldb9nzgrcvo|03|com"; nocase; ) # 1ykig9hn43aqh43dh45yr5jkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ykig9hn43aqh43dh45yr5jkr|03|org"; nocase; ) # 1sowa4p82jfwu1effft1xchat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sowa4p82jfwu1effft1xchat|03|net"; nocase; ) # 19qa6ea1mdh0vckkgorv1fb2wqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19qa6ea1mdh0vckkgorv1fb2wqy|03|org"; nocase; ) # 1j7zynm1aw9m7xn5jb87ylef6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j7zynm1aw9m7xn5jb87ylef6s|03|com"; nocase; ) # mzafft1do3nkhm9ktndamak2a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mzafft1do3nkhm9ktndamak2a|03|net"; nocase; ) # 66jf3q16qcgar2mh3cj10skqec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|66jf3q16qcgar2mh3cj10skqec|03|org"; nocase; ) # qa49pqlben7v173quia37685z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qa49pqlben7v173quia37685z|03|net"; nocase; ) # kggioskirly5d531701fhmrve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kggioskirly5d531701fhmrve|03|net"; nocase; ) # 13q87v81vvnvbx1ixf6j91e2fdnd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13q87v81vvnvbx1ixf6j91e2fdnd|03|net"; nocase; ) # amlgqu1bdujlz1aw595l1lf15lg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|amlgqu1bdujlz1aw595l1lf15lg|03|org"; nocase; ) # 10rjtqnxtsiam1l1kblj1wpmwbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rjtqnxtsiam1l1kblj1wpmwbo|03|com"; nocase; ) # puazskluekcb14ly6dg1nhp4aj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|puazskluekcb14ly6dg1nhp4aj|03|net"; nocase; ) # hp47pr1m8z9xlru7yez1kixk48.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp47pr1m8z9xlru7yez1kixk48|03|biz"; nocase; ) # 2eu4n716rc6ket75vv7xv70rr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2eu4n716rc6ket75vv7xv70rr|03|com"; nocase; ) # 18b3py41y82hreh146wq1qu8cgn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18b3py41y82hreh146wq1qu8cgn|03|org"; nocase; ) # 1sboozt1cpjhmq87e51li3qkae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sboozt1cpjhmq87e51li3qkae|03|com"; nocase; ) # usicnx1ts9mogjapq3i1nc2ekd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|usicnx1ts9mogjapq3i1nc2ekd|03|org"; nocase; ) # crlxt01x03qf21231zym16u1792.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|crlxt01x03qf21231zym16u1792|03|org"; nocase; ) # ua6z0sa23741gy7svf1ja7r5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ua6z0sa23741gy7svf1ja7r5f|03|org"; nocase; ) # 1nf5o801u6179dwiitk01y1ls4a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nf5o801u6179dwiitk01y1ls4a|03|com"; nocase; ) # 1jijr3e1ffly2h1l42y2118w6de7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jijr3e1ffly2h1l42y2118w6de7|03|net"; nocase; ) # 19ssu0zc5cf0xx1coiu1x1g5ya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ssu0zc5cf0xx1coiu1x1g5ya|03|biz"; nocase; ) # 1odambnp9as3sygzkv51nktkb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odambnp9as3sygzkv51nktkb2|03|net"; nocase; ) # m3fm1q1n29z1yutmclg1ncifri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m3fm1q1n29z1yutmclg1ncifri|03|org"; nocase; ) # 1yc6f8t1iqyghc1vifmeh1g2ve54.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yc6f8t1iqyghc1vifmeh1g2ve54|03|net"; nocase; ) # cnz9e1x1p0o1hm7l91o8r6ue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cnz9e1x1p0o1hm7l91o8r6ue|03|com"; nocase; ) # 9qu27ulw2eyv1g4njxd1k2o5h3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9qu27ulw2eyv1g4njxd1k2o5h3|03|net"; nocase; ) # a28cnq1cs9kca1qmkf5oc52wwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a28cnq1cs9kca1qmkf5oc52wwi|03|net"; nocase; ) # 11wsdobbawunryxynv210tloky.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11wsdobbawunryxynv210tloky|03|biz"; nocase; ) # 1hz4apqfcjubzmbu1z9prb2bc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hz4apqfcjubzmbu1z9prb2bc|03|net"; nocase; ) # 1imnvarlogu8vhind8t3qh1lp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1imnvarlogu8vhind8t3qh1lp|03|biz"; nocase; ) # tk5f4e1p9rg511gw6dwpurfvjk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tk5f4e1p9rg511gw6dwpurfvjk|03|net"; nocase; ) # ijvh4abdcgpy12hpn5x1o2jzr1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ijvh4abdcgpy12hpn5x1o2jzr1|03|org"; nocase; ) # 156xp801epu4x01qr018u1qpztei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|156xp801epu4x01qr018u1qpztei|03|com"; nocase; ) # 1358h8k1udhsuuh9l3edw02jh3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1358h8k1udhsuuh9l3edw02jh3|03|org"; nocase; ) # sp1r81d54no7wykl8yvsdh1c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sp1r81d54no7wykl8yvsdh1c|03|biz"; nocase; ) # 6c4fo310wsyjg1em6u3p1an1z43.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6c4fo310wsyjg1em6u3p1an1z43|03|com"; nocase; ) # f3rok3vjut1t1tw5iga62qycg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3rok3vjut1t1tw5iga62qycg|03|net"; nocase; ) # 141uev7158bgf117v25i91vnr2j6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|141uev7158bgf117v25i91vnr2j6|03|biz"; nocase; ) # 1mboqz41p2g8uezfgzbp1coyuhd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mboqz41p2g8uezfgzbp1coyuhd|03|net"; nocase; ) # j0r7i2esra1z1y8sf3z2ittkq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0r7i2esra1z1y8sf3z2ittkq|03|net"; nocase; ) # qnp361m9dapu1g3ef1313e8hmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qnp361m9dapu1g3ef1313e8hmj|03|net"; nocase; ) # 1tfwn4pfwlyr17zn1q398bli9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tfwn4pfwlyr17zn1q398bli9|03|biz"; nocase; ) # 18eegwd140evniiyrqnnqo0wkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18eegwd140evniiyrqnnqo0wkz|03|com"; nocase; ) # 1ulqni8eybqz216r1qnf1ahcldp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ulqni8eybqz216r1qnf1ahcldp|03|com"; nocase; ) # 8dsdpu4fdtv1qanivhazgp6q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8dsdpu4fdtv1qanivhazgp6q|03|net"; nocase; ) # 10berijdbnlh6y5cbmz7l1u8q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10berijdbnlh6y5cbmz7l1u8q|03|org"; nocase; ) # 1nyfdy81s0xznr1j9wlob3msa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nyfdy81s0xznr1j9wlob3msa|03|net"; nocase; ) # 1xi15tk19228v46gw6g71mx6itn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xi15tk19228v46gw6g71mx6itn|03|org"; nocase; ) # rkq11da1j0a31tp2om813l5q8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rkq11da1j0a31tp2om813l5q8z|03|com"; nocase; ) # qmhizf1np0dhz1mqpzfpzosv7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qmhizf1np0dhz1mqpzfpzosv7q|03|net"; nocase; ) # 11aa125tzy6bc9uqnl9zh6ifi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11aa125tzy6bc9uqnl9zh6ifi|03|org"; nocase; ) # ib46ok1c8xecmmzdal1lnp929.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ib46ok1c8xecmmzdal1lnp929|03|net"; nocase; ) # 36cagla25zgwutif3xptt5ag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|36cagla25zgwutif3xptt5ag|03|biz"; nocase; ) # 1alnwrl1rv2n5ycf0hxi93dy1t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1alnwrl1rv2n5ycf0hxi93dy1t|03|com"; nocase; ) # 1innivt1kv2x2mbmgme71tddf4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1innivt1kv2x2mbmgme71tddf4a|03|net"; nocase; ) # 14xnxtxqjbrfpf5d9uh5wp2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14xnxtxqjbrfpf5d9uh5wp2r|03|net"; nocase; ) # qm2u8515xqdvv1byp8vf1yfbv87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qm2u8515xqdvv1byp8vf1yfbv87|03|com"; nocase; ) # uk08f58mokul1pdk59u1gul22d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uk08f58mokul1pdk59u1gul22d|03|com"; nocase; ) # 1gonq8t1n20gk41rykeq01x12qo8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gonq8t1n20gk41rykeq01x12qo8|03|com"; nocase; ) # jtberjay1jxw1nrvobwkk6f2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtberjay1jxw1nrvobwkk6f2z|03|com"; nocase; ) # y13d8e1yg3fw8rpb99gdo8ndb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y13d8e1yg3fw8rpb99gdo8ndb|03|com"; nocase; ) # x2fbzx1tl6623kd7fop1z1pnu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x2fbzx1tl6623kd7fop1z1pnu|03|biz"; nocase; ) # 1q543qjjo1zv61n1g7ndexkkv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q543qjjo1zv61n1g7ndexkkv4|03|org"; nocase; ) # l081l16n5o8ffggasr17shelz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l081l16n5o8ffggasr17shelz|03|com"; nocase; ) # jem9zywujn711b82xfa7psahp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jem9zywujn711b82xfa7psahp|03|net"; nocase; ) # nkpa5av7n3b85qkvef1hm7aey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nkpa5av7n3b85qkvef1hm7aey|03|org"; nocase; ) # 1076ppk1ejdxii7hhj47156uhqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1076ppk1ejdxii7hhj47156uhqy|03|com"; nocase; ) # slswcs1necynv5lruzd1fx33m9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|slswcs1necynv5lruzd1fx33m9|03|com"; nocase; ) # 9b52wzn1764fnyi2dysd31oi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9b52wzn1764fnyi2dysd31oi|03|biz"; nocase; ) # n1jbqk1pk28951yvsyz5yc38ks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n1jbqk1pk28951yvsyz5yc38ks|03|net"; nocase; ) # 1pbki6x15dj60l1d8irf5y8ykcp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pbki6x15dj60l1d8irf5y8ykcp|03|net"; nocase; ) # 1th0wsw1wih65717u38w3l2oayf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1th0wsw1wih65717u38w3l2oayf|03|com"; nocase; ) # bn3hf3pxpe2l1lxo1m41q5zb1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bn3hf3pxpe2l1lxo1m41q5zb1w|03|net"; nocase; ) # 1qbj14h1rkk57x1lqdhjp1f09ao7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qbj14h1rkk57x1lqdhjp1f09ao7|03|net"; nocase; ) # 1avlyy5u1k1sh1poj4qm1yx8a92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1avlyy5u1k1sh1poj4qm1yx8a92|03|net"; nocase; ) # 1prbyk51u9goezmljzgmp9reh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1prbyk51u9goezmljzgmp9reh8|03|org"; nocase; ) # vf7ddtzrbhjzjmt2nsq36d8l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vf7ddtzrbhjzjmt2nsq36d8l|03|biz"; nocase; ) # 5exkkw426asq180b1kxfdvx4a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5exkkw426asq180b1kxfdvx4a|03|com"; nocase; ) # 16ut2b01rcmsd54bygrh1fiis0x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ut2b01rcmsd54bygrh1fiis0x|03|biz"; nocase; ) # 1gctxca1lcqkwqsbtx914s9p2j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gctxca1lcqkwqsbtx914s9p2j|03|net"; nocase; ) # nkss2g1n6blozpy529oy5ebth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nkss2g1n6blozpy529oy5ebth|03|net"; nocase; ) # oxlymd1wnv5i2w9i0gz1ed8ziu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oxlymd1wnv5i2w9i0gz1ed8ziu|03|net"; nocase; ) # 1sntoam6hyr781o1ljtc7czk55.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sntoam6hyr781o1ljtc7czk55|03|org"; nocase; ) # 1u1wq9ehpckvs1lsboop1vkw3v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u1wq9ehpckvs1lsboop1vkw3v|03|com"; nocase; ) # 1fug7kxs5um1pac67sn1w6709t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fug7kxs5um1pac67sn1w6709t|03|org"; nocase; ) # mf046b1o2cv5i5yxe1t1cbyteq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mf046b1o2cv5i5yxe1t1cbyteq|03|biz"; nocase; ) # crz68xx43xb14uxbyqnac515.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|crz68xx43xb14uxbyqnac515|03|net"; nocase; ) # dgi68g1is2qdh1ibstrhncg2kk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dgi68g1is2qdh1ibstrhncg2kk|03|biz"; nocase; ) # 4p0kl1rqmwnt11hija01lw8zuf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4p0kl1rqmwnt11hija01lw8zuf|03|org"; nocase; ) # 1aabmpb1jwp65f1sf7ktuqug7c4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aabmpb1jwp65f1sf7ktuqug7c4|03|com"; nocase; ) # 9quyddod3vlo1d98pnl1gl7mvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9quyddod3vlo1d98pnl1gl7mvm|03|net"; nocase; ) # 1auvzjt1v4iy0rohg7hqa2e8qi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1auvzjt1v4iy0rohg7hqa2e8qi|03|org"; nocase; ) # 1u57udq1j5txg6j7ldzjzp8dup.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u57udq1j5txg6j7ldzjzp8dup|03|biz"; nocase; ) # 1v9fedanun06qg258ag1liquaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v9fedanun06qg258ag1liquaa|03|com"; nocase; ) # 1uvyig674mvs51c39sdo3ysjt6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvyig674mvs51c39sdo3ysjt6|03|biz"; nocase; ) # 1utbdto15dv4fi1dos6a1zyd8xq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1utbdto15dv4fi1dos6a1zyd8xq|03|org"; nocase; ) # 19ukx0b1d5vujjdh8ri6j5xsq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19ukx0b1d5vujjdh8ri6j5xsq|03|net"; nocase; ) # l9ipz1mzmtea3vdtb6zeczs5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l9ipz1mzmtea3vdtb6zeczs5|03|com"; nocase; ) # ddo27518x1qputpemld6ooxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ddo27518x1qputpemld6ooxj|03|com"; nocase; ) # 1830nejxy8bj61xx1hk8tqxk4u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1830nejxy8bj61xx1hk8tqxk4u|03|org"; nocase; ) # 1gpfxzp1w50sc6ej5y6r7w59h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gpfxzp1w50sc6ej5y6r7w59h|03|net"; nocase; ) # s70hba1a9l92j18089d9kuqpgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s70hba1a9l92j18089d9kuqpgh|03|net"; nocase; ) # 1m87s5e4ay85h1t2ow9x1itx1wn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m87s5e4ay85h1t2ow9x1itx1wn|03|com"; nocase; ) # 19hbww2ghnlex4rkfotw9tqmv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19hbww2ghnlex4rkfotw9tqmv|03|net"; nocase; ) # 1202fhcaz4cdqygvfgj1ybasfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1202fhcaz4cdqygvfgj1ybasfy|03|org"; nocase; ) # 17r4j481amaghu7r5sya1d3cj6g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17r4j481amaghu7r5sya1d3cj6g|03|net"; nocase; ) # 1ufm6pslnl1uptp4hyi1gtltwr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ufm6pslnl1uptp4hyi1gtltwr|03|biz"; nocase; ) # 154583ovdfkza1w543p914tll36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|154583ovdfkza1w543p914tll36|03|net"; nocase; ) # 1b58k5016x9b2anojpqaosfc4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b58k5016x9b2anojpqaosfc4e|03|net"; nocase; ) # 1br8jdnlhqq1317mj00gt5s8zb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1br8jdnlhqq1317mj00gt5s8zb|03|biz"; nocase; ) # 14js0xp1jmitq21cjtosb1s0g62n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14js0xp1jmitq21cjtosb1s0g62n|03|net"; nocase; ) # 1dgp46n1swfq7w56m8h417omy7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dgp46n1swfq7w56m8h417omy7|03|org"; nocase; ) # 1b4eyjf5l4pnkj9o088qel825.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b4eyjf5l4pnkj9o088qel825|03|com"; nocase; ) # 4ypjfr15mnhswv1nfh31ezbuql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ypjfr15mnhswv1nfh31ezbuql|03|net"; nocase; ) # 1pqihss17i9gn71uyhnu41h9fm6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pqihss17i9gn71uyhnu41h9fm6v|03|com"; nocase; ) # 1tio0rc1rtdg9g1hani2k1a0kn6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tio0rc1rtdg9g1hani2k1a0kn6h|03|org"; nocase; ) # 1tn73hu1fnlsd81mjdcpa176xczi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tn73hu1fnlsd81mjdcpa176xczi|03|org"; nocase; ) # g37fcul5eils7qux8bg9calo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g37fcul5eils7qux8bg9calo|03|org"; nocase; ) # 1nm1kb3xh6s411puada11597lt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nm1kb3xh6s411puada11597lt1|03|com"; nocase; ) # 1obwlf9tdthc8wcgsythlke54.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1obwlf9tdthc8wcgsythlke54|03|org"; nocase; ) # 175j36cvoqkys1bbavdh71gh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|175j36cvoqkys1bbavdh71gh|03|biz"; nocase; ) # 1bh7mukjdgrz2q6h6fvqg75d5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bh7mukjdgrz2q6h6fvqg75d5|03|com"; nocase; ) # xnc1dv2nzb49ulcvpbgucjai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xnc1dv2nzb49ulcvpbgucjai|03|net"; nocase; ) # 137szhq14foilr13a4lc5qrnocp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137szhq14foilr13a4lc5qrnocp|03|net"; nocase; ) # 1lfje271mgo0zc1ft04fq1fjbc6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lfje271mgo0zc1ft04fq1fjbc6|03|net"; nocase; ) # opzcqur9iuh510l96g21yypeks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|opzcqur9iuh510l96g21yypeks|03|biz"; nocase; ) # ibp5b9vyg11c64f9091su8mus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ibp5b9vyg11c64f9091su8mus|03|com"; nocase; ) # y7kia32pfn1e14cfydw13d5k65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y7kia32pfn1e14cfydw13d5k65|03|org"; nocase; ) # 67bng112fkce1qczf491ijy54m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|67bng112fkce1qczf491ijy54m|03|net"; nocase; ) # 5w1rtt1smg5wd18owt296o7bmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5w1rtt1smg5wd18owt296o7bmt|03|net"; nocase; ) # 16mvfv91uul80jdwikd71wjqjw7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mvfv91uul80jdwikd71wjqjw7|03|biz"; nocase; ) # 15dh9wbp08kftnd5l93nhaszj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15dh9wbp08kftnd5l93nhaszj|03|com"; nocase; ) # 1ruhhog1gsccyp1k58t6v1prleex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ruhhog1gsccyp1k58t6v1prleex|03|biz"; nocase; ) # 18h0rkq1ht0tkn1wakeo11vast7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18h0rkq1ht0tkn1wakeo11vast7m|03|net"; nocase; ) # 442kdw1gwdquf3588wt58q91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|442kdw1gwdquf3588wt58q91|03|com"; nocase; ) # 1hryrao1aqi3ei1lwuf82whyoup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hryrao1aqi3ei1lwuf82whyoup|03|com"; nocase; ) # 9xvvnr51dtd41021jmrrtzxek.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9xvvnr51dtd41021jmrrtzxek|03|org"; nocase; ) # 1yl5rbb3nla5m1kspi7wh4wm0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yl5rbb3nla5m1kspi7wh4wm0y|03|net"; nocase; ) # hnipwt43lnzt2ndmw51nx0ojj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hnipwt43lnzt2ndmw51nx0ojj|03|net"; nocase; ) # m5f1wqlrousj16sktep1muc4bz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m5f1wqlrousj16sktep1muc4bz|03|net"; nocase; ) # ya4s1lblehzone1nwo1t726ga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ya4s1lblehzone1nwo1t726ga|03|org"; nocase; ) # 2kgw1iuf0uy6mzvghy1bve5ze.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2kgw1iuf0uy6mzvghy1bve5ze|03|com"; nocase; ) # 1kbr7p1cu7udd18nytks1ndf6ck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kbr7p1cu7udd18nytks1ndf6ck|03|com"; nocase; ) # 1kanhjsvus4xuur4tutr3bib0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kanhjsvus4xuur4tutr3bib0|03|org"; nocase; ) # 1kd6suli4v355vh7fxt16y1h32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kd6suli4v355vh7fxt16y1h32|03|net"; nocase; ) # 1239v7f511d1l1ceepomvo7qbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1239v7f511d1l1ceepomvo7qbt|03|com"; nocase; ) # 1uzwzjtsjzwsqoyd3tr3ube4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uzwzjtsjzwsqoyd3tr3ube4a|03|net"; nocase; ) # 1pzkrln14bzgi6znli181p59fw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pzkrln14bzgi6znli181p59fw|03|com"; nocase; ) # 537sjoq1k0l49g7ow91ok2lqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|537sjoq1k0l49g7ow91ok2lqj|03|biz"; nocase; ) # 1lz6hlhluq09tj7mk4xweltsu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lz6hlhluq09tj7mk4xweltsu|03|biz"; nocase; ) # lx8iad1gijhmdb7uuxijh74o9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lx8iad1gijhmdb7uuxijh74o9|03|org"; nocase; ) # 1rjifvj8azg1d1oh4rc2dexn2c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rjifvj8azg1d1oh4rc2dexn2c|03|net"; nocase; ) # 1n23rf71v3g0hz18cnbdzgfxep1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n23rf71v3g0hz18cnbdzgfxep1|03|org"; nocase; ) # zgttfc1h83btu1qa3gie7xe7n2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zgttfc1h83btu1qa3gie7xe7n2|03|com"; nocase; ) # 16o5ryrgwz9n15og4o31oaacey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16o5ryrgwz9n15og4o31oaacey|03|org"; nocase; ) # 1ygcd5gn4z55b1jqucv9o3q58u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygcd5gn4z55b1jqucv9o3q58u|03|biz"; nocase; ) # 8n969y1l21t7uo8o094118u5bk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8n969y1l21t7uo8o094118u5bk|03|org"; nocase; ) # z7ewa81s8hlaef46b9h7sy6pk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z7ewa81s8hlaef46b9h7sy6pk|03|com"; nocase; ) # 16xuz7n1tr68bly2fdx5saiev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16xuz7n1tr68bly2fdx5saiev|03|net"; nocase; ) # 1q89q1116sv82zybt747senx25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q89q1116sv82zybt747senx25|03|org"; nocase; ) # 1temk4y113zdxat724sl1uroix.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1temk4y113zdxat724sl1uroix|03|org"; nocase; ) # 1yrjkhx1m8915t1gogs3gmin6y1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yrjkhx1m8915t1gogs3gmin6y1|03|net"; nocase; ) # cbq42t9zt9r8gfe3cr4shirb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cbq42t9zt9r8gfe3cr4shirb|03|com"; nocase; ) # ilrk322mon8v1p8clbunky24z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ilrk322mon8v1p8clbunky24z|03|org"; nocase; ) # 18td5x117kg6c0x727za18ddxsn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18td5x117kg6c0x727za18ddxsn|03|com"; nocase; ) # e168wc8svg2g141f6l31x10ybl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e168wc8svg2g141f6l31x10ybl|03|com"; nocase; ) # jv5sobbiltx8pp5dqn2ld5ed.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jv5sobbiltx8pp5dqn2ld5ed|03|biz"; nocase; ) # 7nqv901aonzhvwpfgi1c1svrl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7nqv901aonzhvwpfgi1c1svrl|03|org"; nocase; ) # llcic6144sbx217keuw41y2y0j3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|llcic6144sbx217keuw41y2y0j3|03|org"; nocase; ) # 6akj69kkl4041a8040y1qb7npc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6akj69kkl4041a8040y1qb7npc|03|com"; nocase; ) # 1oqftyb10euzzrhthbpy1wfpc1k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oqftyb10euzzrhthbpy1wfpc1k|03|org"; nocase; ) # w9vgk1jrhe711n3nnrspdwp26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9vgk1jrhe711n3nnrspdwp26|03|org"; nocase; ) # 630x2fst3teh1piuhwyanb2ik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|630x2fst3teh1piuhwyanb2ik|03|net"; nocase; ) # 1o3tzmvngnqdos6lkj7u7hcso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o3tzmvngnqdos6lkj7u7hcso|03|org"; nocase; ) # 1m496on17nltp5z70tm21gv3st9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m496on17nltp5z70tm21gv3st9|03|com"; nocase; ) # bhv3wo14ne3ig1gv1bmei8q1zz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bhv3wo14ne3ig1gv1bmei8q1zz|03|org"; nocase; ) # m76v7qqsr9v6175i8i2fpdbf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m76v7qqsr9v6175i8i2fpdbf|03|net"; nocase; ) # 1w7e0m51r4ly1d174rfqq14m14yu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w7e0m51r4ly1d174rfqq14m14yu|03|com"; nocase; ) # ptud074iij3418js5ak18cacxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ptud074iij3418js5ak18cacxv|03|biz"; nocase; ) # 16mq1vkuzepb61q84b5e17kal3c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mq1vkuzepb61q84b5e17kal3c|03|net"; nocase; ) # iyowx91jro3zc18sci15dqyvzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iyowx91jro3zc18sci15dqyvzu|03|org"; nocase; ) # 10qnnhudmkbkvz7ywqd1l0tdwc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10qnnhudmkbkvz7ywqd1l0tdwc|03|org"; nocase; ) # mc4omvo8ur6w1v5ckraugi6oe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mc4omvo8ur6w1v5ckraugi6oe|03|org"; nocase; ) # cgw60p1smsn9m5b0q9f1664ur1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cgw60p1smsn9m5b0q9f1664ur1|03|net"; nocase; ) # 1bk2f421mwyjnwsj8oe0fa0gd6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bk2f421mwyjnwsj8oe0fa0gd6|03|com"; nocase; ) # 1tajrrxrqvb7m1l3lcxyoe5tqp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tajrrxrqvb7m1l3lcxyoe5tqp|03|net"; nocase; ) # zz3s3p1orte8pbhs4qj4yrfni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zz3s3p1orte8pbhs4qj4yrfni|03|org"; nocase; ) # 1cckg7f1xvfudxh0t19gfbt4zp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cckg7f1xvfudxh0t19gfbt4zp|03|biz"; nocase; ) # 1wtzxgk8zykz8mu200wd8q1i9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wtzxgk8zykz8mu200wd8q1i9|03|com"; nocase; ) # 18p8lfmonh4lf1yrl8al1p2bm9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18p8lfmonh4lf1yrl8al1p2bm9z|03|net"; nocase; ) # h76yvz1ejjgj1ify1wmp4swhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h76yvz1ejjgj1ify1wmp4swhi|03|org"; nocase; ) # bgdxefyy5b435mkv1g7ew47o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bgdxefyy5b435mkv1g7ew47o|03|org"; nocase; ) # 1lzfqku1jp2olw12uwow91svolus.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lzfqku1jp2olw12uwow91svolus|03|biz"; nocase; ) # 6u20ug180olgqo91dkr1ol0uxm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6u20ug180olgqo91dkr1ol0uxm|03|biz"; nocase; ) # 1jceovw144wjiu1uny3ul1ay3nlq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jceovw144wjiu1uny3ul1ay3nlq|03|com"; nocase; ) # 1uwg44u12j4yyw1simcka172gol9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uwg44u12j4yyw1simcka172gol9|03|org"; nocase; ) # d21c3154ofw91m80fzq1gimkv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d21c3154ofw91m80fzq1gimkv2|03|net"; nocase; ) # 1wt23np1dbr6bs2vqebq1dlfowb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wt23np1dbr6bs2vqebq1dlfowb|03|com"; nocase; ) # 120ealw1kljauq4bfxsfo9i89w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120ealw1kljauq4bfxsfo9i89w|03|biz"; nocase; ) # 1bk1mmf1gfx2w514d5ypnfl91re.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bk1mmf1gfx2w514d5ypnfl91re|03|com"; nocase; ) # 1owvluk1uzq54u17q0bj81gs5qqm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1owvluk1uzq54u17q0bj81gs5qqm|03|com"; nocase; ) # qpdtk3yoswecdvqfz47k224y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qpdtk3yoswecdvqfz47k224y|03|com"; nocase; ) # 1t8b8zl1rddwgr2pjokey8zp8h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t8b8zl1rddwgr2pjokey8zp8h|03|com"; nocase; ) # 3fxw8i144x57pui8qq3uztu81.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3fxw8i144x57pui8qq3uztu81|03|biz"; nocase; ) # 178mzbu1tpvtljsykysq11k69ab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178mzbu1tpvtljsykysq11k69ab|03|net"; nocase; ) # uv3bgb10diqeo9lojt41n1snsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uv3bgb10diqeo9lojt41n1snsj|03|net"; nocase; ) # pgz41jlijncw2smz361xqy2dm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pgz41jlijncw2smz361xqy2dm|03|org"; nocase; ) # r282d61jcsjd6jpp13o1f3iork.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r282d61jcsjd6jpp13o1f3iork|03|com"; nocase; ) # 16autfgk57cub1zttzkhsv12b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16autfgk57cub1zttzkhsv12b|03|biz"; nocase; ) # c0t4v5vfh4fd1l2ulxdb6fy5o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c0t4v5vfh4fd1l2ulxdb6fy5o|03|org"; nocase; ) # 1p0xv9swzowcs1yhp7mv140omam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0xv9swzowcs1yhp7mv140omam|03|net"; nocase; ) # 1w6vl2pkqo30pr4zd8b721soq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w6vl2pkqo30pr4zd8b721soq|03|biz"; nocase; ) # 1c71rni1nh4vtm2v0y768l393d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c71rni1nh4vtm2v0y768l393d|03|com"; nocase; ) # apwuj11241664wraw9tiduq6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|apwuj11241664wraw9tiduq6|03|net"; nocase; ) # kkcf52q7cypjto2bhm1wvab8f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkcf52q7cypjto2bhm1wvab8f|03|org"; nocase; ) # 1tfaxvv8nm2to17czwql1v1pwh1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tfaxvv8nm2to17czwql1v1pwh1|03|com"; nocase; ) # dcyf7k1jd4fw8atm1j3141ortc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dcyf7k1jd4fw8atm1j3141ortc|03|net"; nocase; ) # 19rd6mc126wsty1n0zzo8179hiww.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19rd6mc126wsty1n0zzo8179hiww|03|org"; nocase; ) # 18s5l4nvwlm85mrd89rg398e9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18s5l4nvwlm85mrd89rg398e9|03|net"; nocase; ) # 1twtj1f1grwmz011ulm8a1my2jbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1twtj1f1grwmz011ulm8a1my2jbl|03|org"; nocase; ) # 7wwng21j8bkon1j3tc9iu8nb5r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7wwng21j8bkon1j3tc9iu8nb5r|03|org"; nocase; ) # 1f17pg61qkmfwf1u3jqu91ri94y5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f17pg61qkmfwf1u3jqu91ri94y5|03|net"; nocase; ) # tyy3zt1vmnnkf9odlc8qjouzl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tyy3zt1vmnnkf9odlc8qjouzl|03|com"; nocase; ) # 13j8l371bbjive19ki0zc1vo9ybe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13j8l371bbjive19ki0zc1vo9ybe|03|org"; nocase; ) # v6e4towq95ju1lspj2zm2orn1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v6e4towq95ju1lspj2zm2orn1|03|net"; nocase; ) # 1vkwt5xl3z9orrvkesyfv5fps.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vkwt5xl3z9orrvkesyfv5fps|03|org"; nocase; ) # yn04at1a3bh9k41ww5s1aw8hqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yn04at1a3bh9k41ww5s1aw8hqa|03|net"; nocase; ) # gzmyyvrlkvqp15ebfk31shfu12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gzmyyvrlkvqp15ebfk31shfu12|03|org"; nocase; ) # zlazypbe7z071gb0g5v8xhv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zlazypbe7z071gb0g5v8xhv6|03|com"; nocase; ) # 1c9tvcu59zrnc3m8pdzxdh0qu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c9tvcu59zrnc3m8pdzxdh0qu|03|net"; nocase; ) # og7fj51rdmom41vuq9eabsy0xe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|og7fj51rdmom41vuq9eabsy0xe|03|com"; nocase; ) # 1vvyvwl1g08hkn1pivg0g1fpayv2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vvyvwl1g08hkn1pivg0g1fpayv2|03|com"; nocase; ) # 16tu36orzqveo15g8kpi1q7694s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16tu36orzqveo15g8kpi1q7694s|03|com"; nocase; ) # 1xjjyn91kkdgyr60slkz1wcd6tj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xjjyn91kkdgyr60slkz1wcd6tj|03|com"; nocase; ) # e0jyg7xl6op7dfcaex1p0e49w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e0jyg7xl6op7dfcaex1p0e49w|03|net"; nocase; ) # 1g65z0tc5pczwh06i6c1am8ab7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g65z0tc5pczwh06i6c1am8ab7|03|org"; nocase; ) # cq2bqgmv278u1xlujky9viqsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cq2bqgmv278u1xlujky9viqsu|03|net"; nocase; ) # 32hmzajxkov4bb2wpp156ll4m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32hmzajxkov4bb2wpp156ll4m|03|org"; nocase; ) # hd5tr61nw031h19k1plk1of9v4v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hd5tr61nw031h19k1plk1of9v4v|03|org"; nocase; ) # y6vbat1kajabw166cy5r29pnw7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6vbat1kajabw166cy5r29pnw7|03|net"; nocase; ) # pxqvif149jbt810366k6qzj29s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pxqvif149jbt810366k6qzj29s|03|org"; nocase; ) # vlyi0v3rgusf1wq0zdyu9hghm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vlyi0v3rgusf1wq0zdyu9hghm|03|net"; nocase; ) # y6g88k1a5z8rpjvdobf1swg1ey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6g88k1a5z8rpjvdobf1swg1ey|03|org"; nocase; ) # gwn0ml1f5o6w51y01cgl3aoen3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gwn0ml1f5o6w51y01cgl3aoen3|03|com"; nocase; ) # fbvi6h169q9ibt7fcdb1b44o09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fbvi6h169q9ibt7fcdb1b44o09|03|org"; nocase; ) # gpcc1y17g8e7s1et5qjjoi26ts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpcc1y17g8e7s1et5qjjoi26ts|03|org"; nocase; ) # fqlcw6165v6351xdvfoa1h6enye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fqlcw6165v6351xdvfoa1h6enye|03|net"; nocase; ) # 1rwttuh1l1hi71uu0yjb137tdt0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rwttuh1l1hi71uu0yjb137tdt0|03|net"; nocase; ) # 1d5606i1cdq438gf0dzayvm3lj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d5606i1cdq438gf0dzayvm3lj|03|com"; nocase; ) # c2xnfyoa0113mp6we71uf2xlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c2xnfyoa0113mp6we71uf2xlw|03|org"; nocase; ) # 1t5l713rbj47k11e7bjr1ary2zf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5l713rbj47k11e7bjr1ary2zf|03|biz"; nocase; ) # 54bc9a151vyudgwie671g5mo5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|54bc9a151vyudgwie671g5mo5r|03|com"; nocase; ) # fw3f0218ugo0mmyn54vs0rucp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fw3f0218ugo0mmyn54vs0rucp|03|org"; nocase; ) # vss5n9ffd34f18yp2jbq01p3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vss5n9ffd34f18yp2jbq01p3c|03|com"; nocase; ) # 1hr0fm71osghejj62qivsrn3j6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hr0fm71osghejj62qivsrn3j6|03|biz"; nocase; ) # 1wb1pj1xftuglond2w01cerug0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wb1pj1xftuglond2w01cerug0|03|net"; nocase; ) # 10rpz6xj818tm9mnpkc1lr7x9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10rpz6xj818tm9mnpkc1lr7x9j|03|org"; nocase; ) # 1a5gzzjhfgy7pd8jxk1c1z2qe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a5gzzjhfgy7pd8jxk1c1z2qe|03|net"; nocase; ) # ywwr4i11pmaryaavhx7b4jy33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ywwr4i11pmaryaavhx7b4jy33|03|org"; nocase; ) # 147toeuidhxub1yvf4xr1ociukq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|147toeuidhxub1yvf4xr1ociukq|03|org"; nocase; ) # 2yovek11pm3mr1b4yel51n6ho4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2yovek11pm3mr1b4yel51n6ho4x|03|org"; nocase; ) # 1j8uglq1sys0rmzr74lzuy9fdn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j8uglq1sys0rmzr74lzuy9fdn|03|biz"; nocase; ) # ysyvmn1n3k0eu1dr1xr91w668uv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ysyvmn1n3k0eu1dr1xr91w668uv|03|net"; nocase; ) # 1fjkd0ge0ew8a18285ppo3czhg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fjkd0ge0ew8a18285ppo3czhg|03|com"; nocase; ) # 6rt3jr3a1kmxkgdp8lh4vcju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6rt3jr3a1kmxkgdp8lh4vcju|03|net"; nocase; ) # 1s9ujll1ouoa4ppns4xh1urqj8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s9ujll1ouoa4ppns4xh1urqj8q|03|com"; nocase; ) # h6ndxy1t9pc5r1r5vaj81a3qew1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h6ndxy1t9pc5r1r5vaj81a3qew1|03|org"; nocase; ) # 6rxkvv1arxlsdgne2cgswvox2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rxkvv1arxlsdgne2cgswvox2|03|org"; nocase; ) # 180i5l11sacm9b119suz7wada3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|180i5l11sacm9b119suz7wada3o|03|net"; nocase; ) # 7h80bg1r4u003h4fno25wb59a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7h80bg1r4u003h4fno25wb59a|03|net"; nocase; ) # t3tuia1ghdb1s1ynhoku1j9fxxb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t3tuia1ghdb1s1ynhoku1j9fxxb|03|com"; nocase; ) # 1ljms9r1yhhbho1hxggit1uf0qi6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ljms9r1yhhbho1hxggit1uf0qi6|03|org"; nocase; ) # 19ml8kc1iwoqrg1jfdvflcvmlhd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ml8kc1iwoqrg1jfdvflcvmlhd|03|biz"; nocase; ) # 2e4hsze4zffni9yi9l1xc8idd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2e4hsze4zffni9yi9l1xc8idd|03|com"; nocase; ) # 1jo2ot014hk4rjbs8im4caifje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jo2ot014hk4rjbs8im4caifje|03|org"; nocase; ) # 1ls3oxy1yzwut51elmztgzg4cqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ls3oxy1yzwut51elmztgzg4cqz|03|biz"; nocase; ) # 1jbfaon5e0d4qohlvie15bo288.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbfaon5e0d4qohlvie15bo288|03|org"; nocase; ) # 1if8g3q1yjbqq2dttyzq11iuinf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1if8g3q1yjbqq2dttyzq11iuinf|03|org"; nocase; ) # 1m55ocztxuljkxrd357pqwne0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m55ocztxuljkxrd357pqwne0|03|com"; nocase; ) # 11ksbhx1yt2ihnmvk9jt92xgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11ksbhx1yt2ihnmvk9jt92xgu|03|org"; nocase; ) # xuxfld9xdihnch9dw21mv54dp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xuxfld9xdihnch9dw21mv54dp|03|biz"; nocase; ) # vdpd7vpu9ihq1yxg4zb1k77oz5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vdpd7vpu9ihq1yxg4zb1k77oz5|03|org"; nocase; ) # 1btlw88k5taqt1cnq8peq6pla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1btlw88k5taqt1cnq8peq6pla|03|com"; nocase; ) # 1j9blbd145do1j4hp1gzgzqq8f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9blbd145do1j4hp1gzgzqq8f|03|org"; nocase; ) # e0h2s614fhi45yugyfl19f2xdc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e0h2s614fhi45yugyfl19f2xdc|03|net"; nocase; ) # j08zfcu9btz7gl9mq3gj296g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j08zfcu9btz7gl9mq3gj296g|03|biz"; nocase; ) # 1ljr8owp9kg6r1tmnm2bcxvqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ljr8owp9kg6r1tmnm2bcxvqi|03|com"; nocase; ) # 184th5uqwv9obwiocv7so2lcv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|184th5uqwv9obwiocv7so2lcv|03|biz"; nocase; ) # 19tx6rcho4xtt1t6wtfe17dhky8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19tx6rcho4xtt1t6wtfe17dhky8|03|net"; nocase; ) # 1cpu55v9gnj90fef0x6onkach.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cpu55v9gnj90fef0x6onkach|03|com"; nocase; ) # 1bxjyy0xvrckidc9w4eoirt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bxjyy0xvrckidc9w4eoirt1|03|org"; nocase; ) # ld7ieis0ow1w1d60u2febf8gu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ld7ieis0ow1w1d60u2febf8gu|03|com"; nocase; ) # 1klyp7ozx3wek1yogwaz7rtwaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1klyp7ozx3wek1yogwaz7rtwaq|03|net"; nocase; ) # 1hfi5df1k5b95215v8zt91as486m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hfi5df1k5b95215v8zt91as486m|03|org"; nocase; ) # w13ny4295ie410e35q5ioglmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w13ny4295ie410e35q5ioglmi|03|org"; nocase; ) # 12q6x3bxvks07tphtvi5574e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|12q6x3bxvks07tphtvi5574e|03|com"; nocase; ) # 1ljjg821oym25n10htsum11g6nin.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000034999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ljjg821oym25n10htsum11g6nin|03|biz"; nocase; ) # 6k5mlcxnqtpf1gim9qz1le912b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6k5mlcxnqtpf1gim9qz1le912b|03|net"; nocase; ) # zqpyii1kvk1qh1rofe41e4pcel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zqpyii1kvk1qh1rofe41e4pcel|03|net"; nocase; ) # 1ufjyxw1t6vygdwwlvjnlsn9hc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ufjyxw1t6vygdwwlvjnlsn9hc|03|org"; nocase; ) # 1u9d967smubsz17zk9pnpal14l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u9d967smubsz17zk9pnpal14l|03|com"; nocase; ) # gfd1x01w18u7w12gv4r71yts5fa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gfd1x01w18u7w12gv4r71yts5fa|03|org"; nocase; ) # 122g7b619j8bau1bzl9a712j8sb3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|122g7b619j8bau1bzl9a712j8sb3|03|org"; nocase; ) # 873kwfj7u7g6jkpjhs1e0whs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|873kwfj7u7g6jkpjhs1e0whs4|03|net"; nocase; ) # 1xuxjsypx7mey17gezed12rwabj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xuxjsypx7mey17gezed12rwabj|03|biz"; nocase; ) # imthxadtyi1y6jv1ag8d4zn0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|imthxadtyi1y6jv1ag8d4zn0|03|org"; nocase; ) # 1uwrzu11hxoj6cw64n814qoghd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwrzu11hxoj6cw64n814qoghd|03|com"; nocase; ) # 1cpd8e1gxzb8e1gig5pub23hjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpd8e1gxzb8e1gig5pub23hjs|03|com"; nocase; ) # cnnuzza9omg91kqq4a258ckx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cnnuzza9omg91kqq4a258ckx|03|biz"; nocase; ) # t5lp5a1jgala4c3u3so1c83s0j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t5lp5a1jgala4c3u3so1c83s0j|03|net"; nocase; ) # 1w8abbs1v43zsz1qp2u8hkulncy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w8abbs1v43zsz1qp2u8hkulncy|03|com"; nocase; ) # 1hfocg118d5tyc1mms4tn15yhcjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hfocg118d5tyc1mms4tn15yhcjo|03|org"; nocase; ) # xx4l8y11tntbu1vngm7o1x9ejin.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xx4l8y11tntbu1vngm7o1x9ejin|03|biz"; nocase; ) # 1kz8dwe1e9vvhl5mu8od10cmdwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kz8dwe1e9vvhl5mu8od10cmdwj|03|net"; nocase; ) # 1silvf11ne6nbv186elclnf3hco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1silvf11ne6nbv186elclnf3hco|03|org"; nocase; ) # 1ylhzncwgyjef1khj4ltuc6o3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ylhzncwgyjef1khj4ltuc6o3k|03|net"; nocase; ) # cr22vvuuvobw1vwaxy04osmqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cr22vvuuvobw1vwaxy04osmqb|03|net"; nocase; ) # csgiut11tw3qbk67pmr1w80pes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csgiut11tw3qbk67pmr1w80pes|03|net"; nocase; ) # 1ajwxhb1hlnu8lgm9yr1r6y92q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ajwxhb1hlnu8lgm9yr1r6y92q|03|org"; nocase; ) # ccvci24rdeeu6j2js819e45zb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccvci24rdeeu6j2js819e45zb|03|net"; nocase; ) # 9lhblpntsvad2tkbuw17g89dj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9lhblpntsvad2tkbuw17g89dj|03|biz"; nocase; ) # 1riirokhtm40xo8iypb1doxy5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1riirokhtm40xo8iypb1doxy5j|03|com"; nocase; ) # 1w29keva62k3s1y6oltjtv05c8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w29keva62k3s1y6oltjtv05c8|03|com"; nocase; ) # 12y54d11w56gmita1zh4y3ob9q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12y54d11w56gmita1zh4y3ob9q|03|biz"; nocase; ) # e60dx3falrww1er5tpndx1xjn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e60dx3falrww1er5tpndx1xjn|03|biz"; nocase; ) # b4zztwq0njt91t6va3g1kgn848.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b4zztwq0njt91t6va3g1kgn848|03|net"; nocase; ) # 1xglpww19mvszb1ghppm3u1apif.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xglpww19mvszb1ghppm3u1apif|03|net"; nocase; ) # y8a1igqck8we6gdy7lw5pkcm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y8a1igqck8we6gdy7lw5pkcm|03|biz"; nocase; ) # 1lc8i8tzkrkytkyi1k1dvtdd2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lc8i8tzkrkytkyi1k1dvtdd2|03|com"; nocase; ) # qxxfji1jqjldz12hx0iwvcsaba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qxxfji1jqjldz12hx0iwvcsaba|03|biz"; nocase; ) # hx7nzy7ih0gs1whm6y11jz6icy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hx7nzy7ih0gs1whm6y11jz6icy|03|biz"; nocase; ) # wq12q1169egmgxgt32615xj0hl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wq12q1169egmgxgt32615xj0hl|03|biz"; nocase; ) # 1vgc6w580sml315kdwhrd3u54h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vgc6w580sml315kdwhrd3u54h|03|net"; nocase; ) # dmcxld10m30bl177qlau8x5ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmcxld10m30bl177qlau8x5ec|03|org"; nocase; ) # zjijrzb8ymrx1exdqwjayghyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjijrzb8ymrx1exdqwjayghyr|03|net"; nocase; ) # v4ev8l11olxhc1tjh8ld4scnvi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4ev8l11olxhc1tjh8ld4scnvi|03|biz"; nocase; ) # nfygxv1l42y8m3osyuyalmhj0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nfygxv1l42y8m3osyuyalmhj0|03|biz"; nocase; ) # 1u5kgnzx84k67yeuxvx1eyi4ix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u5kgnzx84k67yeuxvx1eyi4ix|03|net"; nocase; ) # 1yir3mo10th5hp1htar2v19r0uke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yir3mo10th5hp1htar2v19r0uke|03|com"; nocase; ) # cd5hy21480jkd59vhx1bq7h3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cd5hy21480jkd59vhx1bq7h3a|03|net"; nocase; ) # vbx0c9o5n0c5ox8lt3gdqtpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vbx0c9o5n0c5ox8lt3gdqtpn|03|biz"; nocase; ) # xswjktco0rr4ts18r67qrbap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xswjktco0rr4ts18r67qrbap|03|com"; nocase; ) # xe25w95i60a6z5fj2kp3x8l8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xe25w95i60a6z5fj2kp3x8l8|03|biz"; nocase; ) # 5sv81vymdp8d1ns3mntj2om2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5sv81vymdp8d1ns3mntj2om2|03|org"; nocase; ) # 1wapjzu1q9fpl61gamrrb1k8b6t7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wapjzu1q9fpl61gamrrb1k8b6t7|03|com"; nocase; ) # 11r6xwyw33hje6an4v71lwxpha.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11r6xwyw33hje6an4v71lwxpha|03|biz"; nocase; ) # 4pvwp7ohazqw1lsp9hm1ib7oxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4pvwp7ohazqw1lsp9hm1ib7oxk|03|com"; nocase; ) # gshha31mosvr2ez07am14lggk8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gshha31mosvr2ez07am14lggk8|03|biz"; nocase; ) # cceg8mgngnx9a01gofgk0mmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cceg8mgngnx9a01gofgk0mmb|03|net"; nocase; ) # 1fu6npzsq5r81qrr5u41tcyrwf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fu6npzsq5r81qrr5u41tcyrwf|03|com"; nocase; ) # r2y8fvw7ysqi1ehj6pswhfuk0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r2y8fvw7ysqi1ehj6pswhfuk0|03|biz"; nocase; ) # ppm5qhc58cu818is1nr1x7alkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ppm5qhc58cu818is1nr1x7alkn|03|com"; nocase; ) # d5m8841vagua91sxv1or14iqe8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d5m8841vagua91sxv1or14iqe8c|03|com"; nocase; ) # tcueal14ajcuzkg457xyx8q5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tcueal14ajcuzkg457xyx8q5z|03|com"; nocase; ) # 7ogi031msuzzn1l69ruc2vlvgd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ogi031msuzzn1l69ruc2vlvgd|03|net"; nocase; ) # dapgav811ju51tpobg912w2emy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dapgav811ju51tpobg912w2emy|03|net"; nocase; ) # wu4v13rk3xbfksueng3xf9ce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wu4v13rk3xbfksueng3xf9ce|03|org"; nocase; ) # 1kvl3kcy34xtt1i4x8if1xzppix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kvl3kcy34xtt1i4x8if1xzppix|03|com"; nocase; ) # 1qrtgjnhw812a1ggp6a4uff2at.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qrtgjnhw812a1ggp6a4uff2at|03|biz"; nocase; ) # hq3gahxw7rjf1ts5g4t1y2f24z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hq3gahxw7rjf1ts5g4t1y2f24z|03|org"; nocase; ) # 3v2epwzybaamb08vh1lrvec1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3v2epwzybaamb08vh1lrvec1|03|com"; nocase; ) # 1k3veu51tgdh151y9rror1h3mpud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k3veu51tgdh151y9rror1h3mpud|03|net"; nocase; ) # 1ennne1ad6e0pegdxugvdgr45.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ennne1ad6e0pegdxugvdgr45|03|net"; nocase; ) # wi8euxaj28i61rdrha61r609ni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wi8euxaj28i61rdrha61r609ni|03|org"; nocase; ) # fhs17hux7ol51rw9my417hwq6n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fhs17hux7ol51rw9my417hwq6n|03|biz"; nocase; ) # 1r0xdol1n2scpip7fq78he30ek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r0xdol1n2scpip7fq78he30ek|03|net"; nocase; ) # k8q6nhjaein21aljvepmhxrne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k8q6nhjaein21aljvepmhxrne|03|biz"; nocase; ) # 1y60pfqzeetja2p0b861epar6y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y60pfqzeetja2p0b861epar6y|03|net"; nocase; ) # ypyrlk2qu8t11xc7mol8c0j4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypyrlk2qu8t11xc7mol8c0j4q|03|biz"; nocase; ) # 1ccye6fan7oucl01l174qko0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ccye6fan7oucl01l174qko0d|03|net"; nocase; ) # 1b32eie1hnymziy5njsh1a9ek1s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b32eie1hnymziy5njsh1a9ek1s|03|org"; nocase; ) # 156sc0czf1sc108m2dz1av65rz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156sc0czf1sc108m2dz1av65rz|03|net"; nocase; ) # saer5tbu683u8go33l1mfor69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|saer5tbu683u8go33l1mfor69|03|net"; nocase; ) # f37ghz1ht78n81uv6mhjz7apbo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f37ghz1ht78n81uv6mhjz7apbo|03|biz"; nocase; ) # ns0l3s1u40xgl11p8t77m9is6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ns0l3s1u40xgl11p8t77m9is6|03|org"; nocase; ) # o77o401cbserq77xtsx1o2hd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o77o401cbserq77xtsx1o2hd6|03|net"; nocase; ) # 1e4fh4t1izcx1d105nxwwaen7ea.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e4fh4t1izcx1d105nxwwaen7ea|03|biz"; nocase; ) # 10eplwmjve5pt1n27l9z1llafrh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10eplwmjve5pt1n27l9z1llafrh|03|biz"; nocase; ) # 1sxtg4811wcg5dc8gvqj1szs48u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sxtg4811wcg5dc8gvqj1szs48u|03|biz"; nocase; ) # 1bcitw2163ycqk15ayqjkepargj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bcitw2163ycqk15ayqjkepargj|03|com"; nocase; ) # huww0r95q5qe9iy8yq1qndrqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|huww0r95q5qe9iy8yq1qndrqj|03|biz"; nocase; ) # 1rfb0j6whq6riyze4ohoweks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1rfb0j6whq6riyze4ohoweks|03|net"; nocase; ) # 1axdynj1bzll2ynlnnbhvvhdet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1axdynj1bzll2ynlnnbhvvhdet|03|net"; nocase; ) # 1ipsod11cgslrb12dflbv1raefw5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ipsod11cgslrb12dflbv1raefw5|03|biz"; nocase; ) # 1gt9nl0ddp8tsutl3h714fcu1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gt9nl0ddp8tsutl3h714fcu1p|03|biz"; nocase; ) # 4u1c4icfb3lcqp15fs1o4kxl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4u1c4icfb3lcqp15fs1o4kxl3|03|org"; nocase; ) # h1mfxxvibbxe9pdt7910r4y8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1mfxxvibbxe9pdt7910r4y8x|03|biz"; nocase; ) # mijum31lhu0oj10dmwtex3eq6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mijum31lhu0oj10dmwtex3eq6o|03|net"; nocase; ) # se7oll151vgzd1040u0b7o258u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|se7oll151vgzd1040u0b7o258u|03|com"; nocase; ) # k6fzcqinkknucz0v951qvhhqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k6fzcqinkknucz0v951qvhhqq|03|biz"; nocase; ) # sxbnaq1c82rd71bbr38vrrqyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sxbnaq1c82rd71bbr38vrrqyi|03|net"; nocase; ) # qx4zjfq9ewkvmavsf61q4d40j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qx4zjfq9ewkvmavsf61q4d40j|03|org"; nocase; ) # xzrb94xxaqxw1rnz7vu1pl03jq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xzrb94xxaqxw1rnz7vu1pl03jq|03|org"; nocase; ) # rx2ss5ekpdk51xvz6afukfmns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rx2ss5ekpdk51xvz6afukfmns|03|net"; nocase; ) # fb9wo01qhom901im3hz12661k9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fb9wo01qhom901im3hz12661k9|03|org"; nocase; ) # 1yeja4d1k1thnk12sqbto1veldmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yeja4d1k1thnk12sqbto1veldmz|03|com"; nocase; ) # 1lsbzvl1c5dkn710r6bb3joenuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lsbzvl1c5dkn710r6bb3joenuy|03|net"; nocase; ) # 122hnbs1s4tcb3a73ux7on9f21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|122hnbs1s4tcb3a73ux7on9f21|03|biz"; nocase; ) # 1f16tzh3wnn2s4rxwh21q027ax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f16tzh3wnn2s4rxwh21q027ax|03|com"; nocase; ) # dnu7y9104oizc6b9fs11h1s5e6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dnu7y9104oizc6b9fs11h1s5e6|03|org"; nocase; ) # jqm9bc1f9c7pa1i9ki5s63ov5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqm9bc1f9c7pa1i9ki5s63ov5p|03|net"; nocase; ) # 12m9wxocicwka39ccso1mipmpy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12m9wxocicwka39ccso1mipmpy|03|org"; nocase; ) # 8sl5yl1skpbcy19lcl51nop9j2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8sl5yl1skpbcy19lcl51nop9j2|03|biz"; nocase; ) # 5gu7alm2fjcc5b6x5i1tx5eu5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5gu7alm2fjcc5b6x5i1tx5eu5|03|biz"; nocase; ) # 5j21ko1k8d5lw1q24mxuqov9sj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5j21ko1k8d5lw1q24mxuqov9sj|03|com"; nocase; ) # 7dmrxi1uje1c1k4v3d4ljqqmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7dmrxi1uje1c1k4v3d4ljqqmd|03|org"; nocase; ) # acuceh1vwedgneyelqa1shwz4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|acuceh1vwedgneyelqa1shwz4e|03|net"; nocase; ) # h3joen194vryhbatu2e41510e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3joen194vryhbatu2e41510e|03|biz"; nocase; ) # y0c9x01d7gjry1r96lnw1czv63e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y0c9x01d7gjry1r96lnw1czv63e|03|org"; nocase; ) # 57xdcpixwxaklqc7zr730gji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|57xdcpixwxaklqc7zr730gji|03|net"; nocase; ) # 1ecl3zcosl5qu1qs4jscqxdt2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ecl3zcosl5qu1qs4jscqxdt2z|03|net"; nocase; ) # 12k74akwz2kojgy6fbamr2s38.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12k74akwz2kojgy6fbamr2s38|03|net"; nocase; ) # t6vvzqa3oxqd1la2a3a1qten9y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t6vvzqa3oxqd1la2a3a1qten9y|03|org"; nocase; ) # b9sxazqyywx0x0oedm1rntyo1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b9sxazqyywx0x0oedm1rntyo1|03|com"; nocase; ) # 48z7qp1vuxm3v1tpx06djvs8cb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|48z7qp1vuxm3v1tpx06djvs8cb|03|biz"; nocase; ) # tum9991i3dz821nmbooe1vnie0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tum9991i3dz821nmbooe1vnie0h|03|net"; nocase; ) # 16jpkfa1mdekz41ecffns1u4ft69.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16jpkfa1mdekz41ecffns1u4ft69|03|biz"; nocase; ) # 1e9r2npxe8u2xk02ibxvdetnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e9r2npxe8u2xk02ibxvdetnt|03|biz"; nocase; ) # rjq0ao1tutwcj80apc1nae9ky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rjq0ao1tutwcj80apc1nae9ky|03|net"; nocase; ) # 1spksfdnrob1o1tgnba2bftq51.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1spksfdnrob1o1tgnba2bftq51|03|com"; nocase; ) # 1dzdnzxqp79s71uf0ddb1vh72tx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dzdnzxqp79s71uf0ddb1vh72tx|03|net"; nocase; ) # lkel5fblj0ms1bkyo1bf9x1sh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lkel5fblj0ms1bkyo1bf9x1sh|03|com"; nocase; ) # 32soho1f6q5aq1end7mu10zahsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|32soho1f6q5aq1end7mu10zahsv|03|net"; nocase; ) # 1y02g8b1tgq9t25i5ru752lnzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y02g8b1tgq9t25i5ru752lnzw|03|net"; nocase; ) # 10c8gs11d8zqwo15qtyo5pdrzyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10c8gs11d8zqwo15qtyo5pdrzyc|03|com"; nocase; ) # 1p2eb1im0bzft1boareie5gpyd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p2eb1im0bzft1boareie5gpyd|03|biz"; nocase; ) # 1nmq6ho10r71m31ivbqvn13jh0ru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nmq6ho10r71m31ivbqvn13jh0ru|03|com"; nocase; ) # 1bkt4f7t0swtanhh5jg4bywgn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bkt4f7t0swtanhh5jg4bywgn|03|net"; nocase; ) # y0il0s14frp4ubax2on6ejn1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y0il0s14frp4ubax2on6ejn1x|03|com"; nocase; ) # yfbwy71w7tkaaxhijp416hc0r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yfbwy71w7tkaaxhijp416hc0r|03|org"; nocase; ) # zinwdiyipifw17qnszk16o3j3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zinwdiyipifw17qnszk16o3j3k|03|net"; nocase; ) # 16air5u1nfceh11tvp74u2b4qsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16air5u1nfceh11tvp74u2b4qsd|03|org"; nocase; ) # 15nya6j1avu0vejqy9zz43132b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15nya6j1avu0vejqy9zz43132b|03|biz"; nocase; ) # fa8pg41id1ir9acp37nkqz45j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fa8pg41id1ir9acp37nkqz45j|03|com"; nocase; ) # 2zrkva1ac1zj05ewp3g1f2coiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zrkva1ac1zj05ewp3g1f2coiz|03|org"; nocase; ) # y0o67knl31ckts4brx9imye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y0o67knl31ckts4brx9imye|03|net"; nocase; ) # 1jsw4axk8i4331vz8pms1lucoxa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jsw4axk8i4331vz8pms1lucoxa|03|org"; nocase; ) # 1cqdk5e7fn82tvn4ne91ntxnof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqdk5e7fn82tvn4ne91ntxnof|03|biz"; nocase; ) # ccwf7sssxhsdzxhto7wz5ojg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ccwf7sssxhsdzxhto7wz5ojg|03|com"; nocase; ) # 1wqrs0hbgx6ejxbptmv1uplji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wqrs0hbgx6ejxbptmv1uplji|03|net"; nocase; ) # 1j92qko1otw1wt1glii161tgt2pq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j92qko1otw1wt1glii161tgt2pq|03|org"; nocase; ) # jtxfc11lrqxxp1iicu1rh8k51f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jtxfc11lrqxxp1iicu1rh8k51f|03|net"; nocase; ) # 1c9ikiybwce141o8npzebnmdk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c9ikiybwce141o8npzebnmdk6|03|org"; nocase; ) # 1yd6fmubzxpag1n9kxnxqm5szm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yd6fmubzxpag1n9kxnxqm5szm|03|net"; nocase; ) # 1usjpek1y959n959gaa8h12ruh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1usjpek1y959n959gaa8h12ruh|03|com"; nocase; ) # 5zuvk5s4joq3vg3b0n1baujh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5zuvk5s4joq3vg3b0n1baujh6|03|net"; nocase; ) # 184na6y10c4p28fblmk817sopbb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|184na6y10c4p28fblmk817sopbb|03|org"; nocase; ) # nz8f21dol1ve1jh8xh716ifb1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nz8f21dol1ve1jh8xh716ifb1k|03|net"; nocase; ) # s627fzx7cjdj1mxkniw184cns5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s627fzx7cjdj1mxkniw184cns5|03|net"; nocase; ) # 1hq75a414eqp4j1vcsfxk1nxh4fz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hq75a414eqp4j1vcsfxk1nxh4fz|03|org"; nocase; ) # ang8k41p4w2u557e75120139a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ang8k41p4w2u557e75120139a|03|com"; nocase; ) # 76eyzq94cjh47184nj14grldg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|76eyzq94cjh47184nj14grldg|03|biz"; nocase; ) # 17xzgkw130s024bz9v32zd7mp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17xzgkw130s024bz9v32zd7mp|03|com"; nocase; ) # gxbte61l1w0xoom85sp1nfg0gw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gxbte61l1w0xoom85sp1nfg0gw|03|net"; nocase; ) # wvebc9i04tl1rqhlyp1x3flnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wvebc9i04tl1rqhlyp1x3flnh|03|org"; nocase; ) # 1n8hzwt1nm63pmeix5f514lssuw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n8hzwt1nm63pmeix5f514lssuw|03|biz"; nocase; ) # 11pmfe1j0r114uvkq015xtz7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11pmfe1j0r114uvkq015xtz7a|03|com"; nocase; ) # 168z5oz6h9biz1o1ybdqybmipy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|168z5oz6h9biz1o1ybdqybmipy|03|net"; nocase; ) # 49r1qg1nfid7uxhskxu125gu4s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|49r1qg1nfid7uxhskxu125gu4s|03|biz"; nocase; ) # fl5c081j36bu0gp5v1qscnc99.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fl5c081j36bu0gp5v1qscnc99|03|org"; nocase; ) # 1vz8vqh1vkrye6vq7q10yi9u17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vz8vqh1vkrye6vq7q10yi9u17|03|net"; nocase; ) # odmvy3nmvnwp1rvemti1xp7mye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|odmvy3nmvnwp1rvemti1xp7mye|03|com"; nocase; ) # 1r4kk4l973ug11n54l6jsmhhum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r4kk4l973ug11n54l6jsmhhum|03|org"; nocase; ) # 11km7gb7a790576t36d1iw0z0u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11km7gb7a790576t36d1iw0z0u|03|biz"; nocase; ) # bhymgl1krbf7z111cdgf162cs4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bhymgl1krbf7z111cdgf162cs4p|03|net"; nocase; ) # 1tz0tx51xyffvbl0d096ieevt8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tz0tx51xyffvbl0d096ieevt8|03|net"; nocase; ) # 5yx8v1rk21pq1eikt7nfe8bh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5yx8v1rk21pq1eikt7nfe8bh|03|com"; nocase; ) # 1e1pq6mkqtj9p1x29rba2grbwf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e1pq6mkqtj9p1x29rba2grbwf|03|net"; nocase; ) # 84rv851j7qt0szh8covmz1283.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|84rv851j7qt0szh8covmz1283|03|com"; nocase; ) # p4hk1b1j36b946uschu1nv6zd2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p4hk1b1j36b946uschu1nv6zd2|03|net"; nocase; ) # 1huzxs9a8djr61w3jta5bjpcs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1huzxs9a8djr61w3jta5bjpcs|03|biz"; nocase; ) # asqurg1gsq7vy1hyhsi1ffpsgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|asqurg1gsq7vy1hyhsi1ffpsgh|03|net"; nocase; ) # 1cprcmq1hi6prz1htbhs91ynnlsx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cprcmq1hi6prz1htbhs91ynnlsx|03|biz"; nocase; ) # 4v1xb71ik5xj7kklk9w1ci5wa9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4v1xb71ik5xj7kklk9w1ci5wa9|03|net"; nocase; ) # 1e9oh8u1lq16bd1jm8rcw3mrtmb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e9oh8u1lq16bd1jm8rcw3mrtmb|03|net"; nocase; ) # n7exye1wjpnxt10q29h3cu01n3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n7exye1wjpnxt10q29h3cu01n3|03|biz"; nocase; ) # 7jop071hg9q9n1e8geg1orzexf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7jop071hg9q9n1e8geg1orzexf|03|net"; nocase; ) # bepji1v6oajqxll66xlxho60.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bepji1v6oajqxll66xlxho60|03|org"; nocase; ) # 1klqalao4aj53vmm5wn14uagf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1klqalao4aj53vmm5wn14uagf6|03|com"; nocase; ) # 1nlg03t134lts1qhjef619hdhr6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nlg03t134lts1qhjef619hdhr6|03|biz"; nocase; ) # 1cn2fq41pb7h491cp1pn4cyrx8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cn2fq41pb7h491cp1pn4cyrx8u|03|net"; nocase; ) # 1m2hd4nsu95n918jwuxlemw32l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m2hd4nsu95n918jwuxlemw32l|03|org"; nocase; ) # 16rb9mg1n3ap6c1a7u08t10guv6o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16rb9mg1n3ap6c1a7u08t10guv6o|03|com"; nocase; ) # 1m7e0wn1x1r2fyn3m1f1hmy4xb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7e0wn1x1r2fyn3m1f1hmy4xb|03|net"; nocase; ) # 4cnyp41m93vfuss1palqum61f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4cnyp41m93vfuss1palqum61f|03|com"; nocase; ) # 1ocqi0911nm40ppqqyyt1kz2jup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ocqi0911nm40ppqqyyt1kz2jup|03|org"; nocase; ) # 161wp5i24mr11m7w3rtnvak37.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|161wp5i24mr11m7w3rtnvak37|03|org"; nocase; ) # 14hr6xth9sykb199xegk1sz1j1g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14hr6xth9sykb199xegk1sz1j1g|03|net"; nocase; ) # mqa7ani1i5e22s6ihi57xfdx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mqa7ani1i5e22s6ihi57xfdx|03|biz"; nocase; ) # nsmfhc6heguf1hte6vqipowbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nsmfhc6heguf1hte6vqipowbs|03|com"; nocase; ) # 10f4vfjbgux0y2nw7b1li1le2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10f4vfjbgux0y2nw7b1li1le2|03|com"; nocase; ) # 1k0ykcb2vddu81jpguz4191r3xs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k0ykcb2vddu81jpguz4191r3xs|03|org"; nocase; ) # 1elvxryuemi7jgfpo591qo6zz0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1elvxryuemi7jgfpo591qo6zz0|03|net"; nocase; ) # 1dnfzwiw86bu17rp50ooevuxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dnfzwiw86bu17rp50ooevuxi|03|biz"; nocase; ) # 1agfaeibjsfrvgj1c041rjx1gv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1agfaeibjsfrvgj1c041rjx1gv|03|biz"; nocase; ) # 1ogjodu1gcl7jjtxp4bi16xh5cq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ogjodu1gcl7jjtxp4bi16xh5cq|03|org"; nocase; ) # 17kpfewsapwm2boavmmdtu0w8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17kpfewsapwm2boavmmdtu0w8|03|net"; nocase; ) # 18gcdp31x2mrzx8n7mwe12atn0q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18gcdp31x2mrzx8n7mwe12atn0q|03|org"; nocase; ) # q7z2ix1h3goen7fjk731fd8hdj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q7z2ix1h3goen7fjk731fd8hdj|03|org"; nocase; ) # 7hnbeb1hflftu16ol2401csvjif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7hnbeb1hflftu16ol2401csvjif|03|com"; nocase; ) # 8ryrjn1ynw24nsq0py5etg2cz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ryrjn1ynw24nsq0py5etg2cz|03|net"; nocase; ) # 1ubnypy1sbvf9n127vt9t1xsxufo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ubnypy1sbvf9n127vt9t1xsxufo|03|com"; nocase; ) # 15wugnq5fhdbxijxcds155h9ie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15wugnq5fhdbxijxcds155h9ie|03|net"; nocase; ) # tf3kaz15rrpqh1fpm62z1l1e5s2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tf3kaz15rrpqh1fpm62z1l1e5s2|03|biz"; nocase; ) # 1t5kivrluczukp47ozz1mgibcv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5kivrluczukp47ozz1mgibcv|03|biz"; nocase; ) # 1suidpisxrcrl1i64jkvrab4or.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1suidpisxrcrl1i64jkvrab4or|03|com"; nocase; ) # 1bumnrvj8m6iu12v0x3h1gju6ju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bumnrvj8m6iu12v0x3h1gju6ju|03|org"; nocase; ) # 1cla2e0rfg20f1xngwav1xvzosj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cla2e0rfg20f1xngwav1xvzosj|03|org"; nocase; ) # r4krk4kceyp3olc4uo12967wb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4krk4kceyp3olc4uo12967wb|03|org"; nocase; ) # 110d7xi10j4qqn12j5k9c15za4nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|110d7xi10j4qqn12j5k9c15za4nf|03|com"; nocase; ) # ptiug6eq9x66r3csn91eri55k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ptiug6eq9x66r3csn91eri55k|03|net"; nocase; ) # 1vyuarrhmdy3n105875f177895d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vyuarrhmdy3n105875f177895d|03|biz"; nocase; ) # 15nsd4kbde0y11qvr3pv1hmqztt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15nsd4kbde0y11qvr3pv1hmqztt|03|org"; nocase; ) # u8j2x65utiytz88y351e2ma5n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u8j2x65utiytz88y351e2ma5n|03|com"; nocase; ) # 8kq0ubszynevds7qcr9hgpsv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8kq0ubszynevds7qcr9hgpsv|03|com"; nocase; ) # 14ta0pc62yzso4dmqie1mp3ptj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ta0pc62yzso4dmqie1mp3ptj|03|com"; nocase; ) # 1qsg7l319m3058j1sl4x15xsbtr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qsg7l319m3058j1sl4x15xsbtr|03|org"; nocase; ) # 1c174yia9lcob1yaftdt11b9r79.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c174yia9lcob1yaftdt11b9r79|03|biz"; nocase; ) # 1m6gg831r53indew2fxwwyw0jy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m6gg831r53indew2fxwwyw0jy|03|biz"; nocase; ) # 1eckdfjqkxivd1xbh2d71rrez9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eckdfjqkxivd1xbh2d71rrez9b|03|org"; nocase; ) # 1p56tgxjrzhwd19b9f3p1ipav7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p56tgxjrzhwd19b9f3p1ipav7g|03|com"; nocase; ) # 1hfzlmtqezhhp13vtelh5q1pd5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hfzlmtqezhhp13vtelh5q1pd5|03|com"; nocase; ) # 1ypef421a3huj61lrnub93cfxpm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ypef421a3huj61lrnub93cfxpm|03|org"; nocase; ) # qwpt1q8ns6uv13kez9919wg33y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qwpt1q8ns6uv13kez9919wg33y|03|com"; nocase; ) # 13ya7y617lh0wu4q3j8ra102eh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ya7y617lh0wu4q3j8ra102eh|03|org"; nocase; ) # 3in4fa1tos5ql1mynqvu1gi9zj6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3in4fa1tos5ql1mynqvu1gi9zj6|03|biz"; nocase; ) # stvs0cms79ear67uxc7olzmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|stvs0cms79ear67uxc7olzmn|03|com"; nocase; ) # 7omhs131je0m1p3jq3d1wrtpa9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7omhs131je0m1p3jq3d1wrtpa9|03|com"; nocase; ) # 1y6zgzn19oe5cgvoxomt1i3z1zb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y6zgzn19oe5cgvoxomt1i3z1zb|03|net"; nocase; ) # 1km636ygb6sna1p9ow9n1r4ek5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1km636ygb6sna1p9ow9n1r4ek5e|03|net"; nocase; ) # 1ed6bq41a8r84dnhb0m2mkxh58.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ed6bq41a8r84dnhb0m2mkxh58|03|biz"; nocase; ) # 1oywipp17w24b9a669wo8qwb7n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oywipp17w24b9a669wo8qwb7n|03|com"; nocase; ) # q0qox511d4eym1jwun2d1vpip5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q0qox511d4eym1jwun2d1vpip5g|03|net"; nocase; ) # 6ns1yk1k4tz5b1amzru9lal8zx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ns1yk1k4tz5b1amzru9lal8zx|03|biz"; nocase; ) # m528wo15mnjwtuuvp0vcdhg2s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m528wo15mnjwtuuvp0vcdhg2s|03|org"; nocase; ) # 1u42ka1x6sp771ntjmug7x51bi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u42ka1x6sp771ntjmug7x51bi|03|biz"; nocase; ) # dld0g61eqi56agnw46e7fjmkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dld0g61eqi56agnw46e7fjmkd|03|org"; nocase; ) # 1f3qr4e89u8pd5eiflr15sh2wo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3qr4e89u8pd5eiflr15sh2wo|03|com"; nocase; ) # 1aajw5t1jscro71nxxvfg1898ops.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aajw5t1jscro71nxxvfg1898ops|03|org"; nocase; ) # 11eb6rv7xkxbl1g9t99gyy51m9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11eb6rv7xkxbl1g9t99gyy51m9|03|net"; nocase; ) # 13a5nzgiaf0yije2l0z1jppbm9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13a5nzgiaf0yije2l0z1jppbm9|03|biz"; nocase; ) # 1dndl4vt29gsf5ref5jdmt6wd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dndl4vt29gsf5ref5jdmt6wd|03|biz"; nocase; ) # 1kt7ppixhysv5d2gfrx1of6wjf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kt7ppixhysv5d2gfrx1of6wjf|03|net"; nocase; ) # 1tbjnzty1ufy519149jo1mu4ha0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbjnzty1ufy519149jo1mu4ha0|03|net"; nocase; ) # 1xen19g1pbf4jf6831n31h6u6jj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xen19g1pbf4jf6831n31h6u6jj|03|com"; nocase; ) # nfjwgbivvdv1w8c7591nk5nmw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nfjwgbivvdv1w8c7591nk5nmw|03|org"; nocase; ) # 1d14n2m1edoxlq1l20pm415yl65l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d14n2m1edoxlq1l20pm415yl65l|03|org"; nocase; ) # 1nxx4g1b47rtc15iywv518pkcgk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nxx4g1b47rtc15iywv518pkcgk|03|biz"; nocase; ) # 1h159xwup2e8hhecx718r0kvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h159xwup2e8hhecx718r0kvh|03|org"; nocase; ) # 10mvou4aer0xe12ydfiw1xn4igb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10mvou4aer0xe12ydfiw1xn4igb|03|net"; nocase; ) # s6kylfohgiut11j0zld79a58o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s6kylfohgiut11j0zld79a58o|03|org"; nocase; ) # 1w9m02ap4ooglwvcztqhjs4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1w9m02ap4ooglwvcztqhjs4i|03|net"; nocase; ) # yun1pc14mwxm0fcrdnnbvkta0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yun1pc14mwxm0fcrdnnbvkta0|03|biz"; nocase; ) # snrh1q1h3kqgx18rzha6kdl4l4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|snrh1q1h3kqgx18rzha6kdl4l4|03|org"; nocase; ) # j7jfx5rn8m5p158b2i81rfytql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j7jfx5rn8m5p158b2i81rfytql|03|com"; nocase; ) # 1ezrk310fsmcb1trw4fc14b5j4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ezrk310fsmcb1trw4fc14b5j4u|03|net"; nocase; ) # 1ooqxvy1pgsp2tgh9lgj1xu0ine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ooqxvy1pgsp2tgh9lgj1xu0ine|03|com"; nocase; ) # 18aip4gx1w4kj2566thjtqb69.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18aip4gx1w4kj2566thjtqb69|03|org"; nocase; ) # 166wk4i1yrf1is1bw3x6yatdc5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|166wk4i1yrf1is1bw3x6yatdc5r|03|com"; nocase; ) # ausrb117kolqygwvat3o61gj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ausrb117kolqygwvat3o61gj|03|net"; nocase; ) # qmh31xu23irh1g9kd4akbvbty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmh31xu23irh1g9kd4akbvbty|03|net"; nocase; ) # wkhzwy1tra7vm1619rwfxgiyfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkhzwy1tra7vm1619rwfxgiyfe|03|biz"; nocase; ) # 5qj8mxqi967uy3puxmnttiis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5qj8mxqi967uy3puxmnttiis|03|com"; nocase; ) # 1n59qucnqr8x71utqeahds0xo0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n59qucnqr8x71utqeahds0xo0|03|org"; nocase; ) # 192a4dr10u76dg1daz0autd9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|192a4dr10u76dg1daz0autd9e|03|biz"; nocase; ) # wjtitmioxakcqamp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035268; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wjtitmioxakcqamp|02|eu"; nocase; ) # wqmefnigvolejstc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035269; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wqmefnigvolejstc|02|eu"; nocase; ) # wflvooucerbvuqvo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035270; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wflvooucerbvuqvo|02|eu"; nocase; ) # qxtcnhxixscvvcxh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035271; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qxtcnhxixscvvcxh|02|eu"; nocase; ) # qmstwikrgvraunah.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035272; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qmstwikrgvraunah|02|eu"; nocase; ) # knfagkojbcyaarib.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035273; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|knfagkojbcyaarib|02|eu"; nocase; ) # kuxiexbbydapswpn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035274; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kuxiexbbydapswpn|02|eu"; nocase; ) # kcerplbsjrbrlpkn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035275; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kcerplbsjrbrlpkn|02|eu"; nocase; ) # eyukgcrxwolxuwct.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035276; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|eyukgcrxwolxuwct|02|eu"; nocase; ) # xiyqwfudxyverrha.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035277; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xiyqwfudxyverrha|02|eu"; nocase; ) # rmvsyjxajxuahfhg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035278; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rmvsyjxajxuahfhg|02|eu"; nocase; ) # ringhykbpcytlvqf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035279; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ringhykbpcytlvqf|02|eu"; nocase; ) # rwykqakkxrblkhgf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035280; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rwykqakkxrblkhgf|02|eu"; nocase; ) # lbjagrnhjqahausx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035281; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lbjagrnhjqahausx|02|eu"; nocase; ) # fcvsoseyqjttrxnr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035282; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fcvsoseyqjttrxnr|02|eu"; nocase; ) # ysfuqwhvcisphlnx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035283; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ysfuqwhvcisphlnx|02|eu"; nocase; ) # yowulytjimjjyckk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035284; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yowulytjimjjyckk|02|eu"; nocase; ) # sbxjxyxrhpnrfudr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035285; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|sbxjxyxrhpnrfudr|02|eu"; nocase; ) # seisecxklisnpeuq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035286; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|seisecxklisnpeuq|02|eu"; nocase; ) # f9023a20c056bc9b2bf3ab294a96a41b3f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035287; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f9023a20c056bc9b2bf3ab294a96a41b3f|02|cn"; nocase; ) # g083195cfd4cddf9dff2bd1ceda0697437.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035288; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g083195cfd4cddf9dff2bd1ceda0697437|02|tk"; nocase; ) # qe6f23230278dac6913ea5a912805203b7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035289; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe6f23230278dac6913ea5a912805203b7|02|cc"; nocase; ) # sf4daa80f0ba0ce0f1eba3c5262ddde667.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035290; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sf4daa80f0ba0ce0f1eba3c5262ddde667|02|to"; nocase; ) # l7dacc6f6c4f5cd2a26780da896d5af522.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035291; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7dacc6f6c4f5cd2a26780da896d5af522|02|cn"; nocase; ) # m00d2f4845bcfbd0d5854b4c5db06378dc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035292; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m00d2f4845bcfbd0d5854b4c5db06378dc|02|tk"; nocase; ) # t40b0dae45af034a61992e5b4f09615ccb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035293; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t40b0dae45af034a61992e5b4f09615ccb|02|cn"; nocase; ) # jcf11547ce2a6ce519e49cc0295552d6da.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035294; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jcf11547ce2a6ce519e49cc0295552d6da|02|cn"; nocase; ) # l3853539c756dabbb136df95c4e9d9487f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035295; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l3853539c756dabbb136df95c4e9d9487f|02|so"; nocase; ) # m51589e262268a61b293722c0852e50505.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035296; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m51589e262268a61b293722c0852e50505|02|cc"; nocase; ) # v014f44982895b770f8e29a1e33d975a5b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035297; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v014f44982895b770f8e29a1e33d975a5b|02|ws"; nocase; ) # w1a18c75a22d69f08be728c488270aaa86.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035298; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1a18c75a22d69f08be728c488270aaa86|02|to"; nocase; ) # d6cae1ce4e7e6d79c9a86c2d37ecd4834e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035299; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6cae1ce4e7e6d79c9a86c2d37ecd4834e|02|ws"; nocase; ) # r4df1a1b3e682298da6fbd862f5fbc32d7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035300; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4df1a1b3e682298da6fbd862f5fbc32d7|02|so"; nocase; ) # s64a57a58f6cb5fcd254066d9ea732166d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035301; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s64a57a58f6cb5fcd254066d9ea732166d|02|cc"; nocase; ) # v4b36c2d180f2b8a8fbd4642d782058e51.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035302; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v4b36c2d180f2b8a8fbd4642d782058e51|02|in"; nocase; ) # e7320db5305176410581a0081fb7662459.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035303; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e7320db5305176410581a0081fb7662459|02|hk"; nocase; ) # ff275c97937da0b85b7432ad4019ce2ec9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035304; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ff275c97937da0b85b7432ad4019ce2ec9|02|cn"; nocase; ) # jd967244f845952effce977568f9be982f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035305; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd967244f845952effce977568f9be982f|02|ws"; nocase; ) # lfef1b3e9d10abef0f78eec530c684bed3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lfef1b3e9d10abef0f78eec530c684bed3|02|in"; nocase; ) # ne59390d3d2c8dcbe7f20f03f86d5ec342.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ne59390d3d2c8dcbe7f20f03f86d5ec342|02|cn"; nocase; ) # qf37b79ae43e62666928a72d50e854951a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qf37b79ae43e62666928a72d50e854951a|02|cc"; nocase; ) # v70abe2eef6e7db04ac198eccf699a6092.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v70abe2eef6e7db04ac198eccf699a6092|02|cn"; nocase; ) # wc6c88d75cc7c7017e978405f0e1187783.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc6c88d75cc7c7017e978405f0e1187783|02|tk"; nocase; ) # b541c63dc35ce30c62d14df507ec247b75.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b541c63dc35ce30c62d14df507ec247b75|02|in"; nocase; ) # c18dae4303cc40f66d4e3f56e9366b8ce5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c18dae4303cc40f66d4e3f56e9366b8ce5|02|hk"; nocase; ) # f4276c7f9e360334879160947155cd3c33.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f4276c7f9e360334879160947155cd3c33|02|so"; nocase; ) # j730d127b40fa457da6be5507c9f695b14.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j730d127b40fa457da6be5507c9f695b14|02|in"; nocase; ) # k6238fbb3d99aef49810f6f1531b33847f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k6238fbb3d99aef49810f6f1531b33847f|02|hk"; nocase; ) # l5faa3600b54cf01873ba58024d1b3b605.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l5faa3600b54cf01873ba58024d1b3b605|02|cn"; nocase; ) # n1cc7425fbe80706e5d9ac6cda43f82bc5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1cc7425fbe80706e5d9ac6cda43f82bc5|02|so"; nocase; ) # s6e820e6521313579e69c3406a2e221e56.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s6e820e6521313579e69c3406a2e221e56|02|hk"; nocase; ) # xe5d943f7f97569a0b142c6ff3c511d1f3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe5d943f7f97569a0b142c6ff3c511d1f3|02|ws"; nocase; ) # ca4aa86318f7379b1803838986d822b822.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca4aa86318f7379b1803838986d822b822|02|tk"; nocase; ) # f5c9bbc9b945f2cdf3555ab04652fafb87.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5c9bbc9b945f2cdf3555ab04652fafb87|02|ws"; nocase; ) # j9505f9d711dcf4c4e4e5fce96731dbb24.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9505f9d711dcf4c4e4e5fce96731dbb24|02|cn"; nocase; ) # ta4206efc1c4cdc43747c43f305842f8d3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ta4206efc1c4cdc43747c43f305842f8d3|02|so"; nocase; ) # vabe716e5568aad861b3ff13a5cdd2db73.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vabe716e5568aad861b3ff13a5cdd2db73|02|ws"; nocase; ) # a30591fa6e3fb3181002b9cd1814c527c6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a30591fa6e3fb3181002b9cd1814c527c6|02|tk"; nocase; ) # de08aed48052249b27792329550e7c64c6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de08aed48052249b27792329550e7c64c6|02|ws"; nocase; ) # gf135a069ef6f97ade40980c02ac320068.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gf135a069ef6f97ade40980c02ac320068|02|hk"; nocase; ) # y9e868c07fbd5638260a14a32d4992c155.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9e868c07fbd5638260a14a32d4992c155|02|tk"; nocase; ) # ed7d156981e5965b2a753a6d79df6f694d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ed7d156981e5965b2a753a6d79df6f694d|02|hk"; nocase; ) # p4720c651e404f28c7bd4dbf89ba73193a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p4720c651e404f28c7bd4dbf89ba73193a|02|so"; nocase; ) # ycf2642c0c2bab5c68d240cfe5c0013393.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ycf2642c0c2bab5c68d240cfe5c0013393|02|cc"; nocase; ) # za674504b81fe2307375a9232421bf59f1.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za674504b81fe2307375a9232421bf59f1|02|ws"; nocase; ) # jd8eccadcb95269e9059deff3b60ea9208.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd8eccadcb95269e9059deff3b60ea9208|02|in"; nocase; ) # le52585a1963f6a2c8b65eaad6f16cc7c2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le52585a1963f6a2c8b65eaad6f16cc7c2|02|cn"; nocase; ) # ncdc91e81ff26be034938d1a4967ce7254.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ncdc91e81ff26be034938d1a4967ce7254|02|so"; nocase; ) # y1211193b9e518c3c317bb609e2f53b2f2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1211193b9e518c3c317bb609e2f53b2f2|02|to"; nocase; ) # z9bcee3d5146b315534d19f926c16c9e27.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9bcee3d5146b315534d19f926c16c9e27|02|in"; nocase; ) # b76dc38eab28f16872e56fb39c65cd08bf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b76dc38eab28f16872e56fb39c65cd08bf|02|cn"; nocase; ) # jdd666eb5e19d293aafbfc239712791e3a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jdd666eb5e19d293aafbfc239712791e3a|02|cn"; nocase; ) # lca8be253b44e2fdab1b16ad1c4471a82b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lca8be253b44e2fdab1b16ad1c4471a82b|02|so"; nocase; ) # m89aa3326f1c5162011a78bb9e76e01293.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m89aa3326f1c5162011a78bb9e76e01293|02|cc"; nocase; ) # n9cd6b7b1520114127f625df78ed82b885.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9cd6b7b1520114127f625df78ed82b885|02|ws"; nocase; ) # q2704b99315568466c79cc4abf25df3691.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2704b99315568466c79cc4abf25df3691|02|hk"; nocase; ) # t9ce6a9845e43ff9af30c58d21ff7d5095.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9ce6a9845e43ff9af30c58d21ff7d5095|02|so"; nocase; ) # v0deb8a2fbad8d7b72969fd15269e4e607.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v0deb8a2fbad8d7b72969fd15269e4e607|02|ws"; nocase; ) # x8f57147acd8a701bec5147dd2e6c56432.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x8f57147acd8a701bec5147dd2e6c56432|02|in"; nocase; ) # f048192e1a343563925e0666cab93da3c6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f048192e1a343563925e0666cab93da3c6|02|in"; nocase; ) # gba20f23172b0cef31f906e5f19c4aab06.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gba20f23172b0cef31f906e5f19c4aab06|02|hk"; nocase; ) # l7dbb294e6d1d0c50835222b54e728f691.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7dbb294e6d1d0c50835222b54e728f691|02|ws"; nocase; ) # td41b22f1499970758478e238606983b0f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|td41b22f1499970758478e238606983b0f|02|ws"; nocase; ) # z9ac367aa0307e97c56c16b5e292705396.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9ac367aa0307e97c56c16b5e292705396|02|so"; nocase; ) # a400fed8d5e9b13170eb80a61ed77c129c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a400fed8d5e9b13170eb80a61ed77c129c|02|cc"; nocase; ) # eff21d68ae4521899d080e1b423e0082ca.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eff21d68ae4521899d080e1b423e0082ca|02|hk"; nocase; ) # o6c86b87bca083c53b7cba579389ba6139.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o6c86b87bca083c53b7cba579389ba6139|02|tk"; nocase; ) # u7c7a7621e918cbf1bb32721a55ee4dd5e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u7c7a7621e918cbf1bb32721a55ee4dd5e|02|hk"; nocase; ) # dedf49c09335893504a0a446d5facfec4d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dedf49c09335893504a0a446d5facfec4d|02|cn"; nocase; ) # j1fe16d70f262019cf32d5ff5eb7bd83ec.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1fe16d70f262019cf32d5ff5eb7bd83ec|02|in"; nocase; ) # o37034cf62bf2887f677ccccfaacebd62d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o37034cf62bf2887f677ccccfaacebd62d|02|cc"; nocase; ) # r3c87a17b367a23fce8abfbed0e37bfef9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3c87a17b367a23fce8abfbed0e37bfef9|02|in"; nocase; ) # z41ae79748c9af8656a943c534c70fd614.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z41ae79748c9af8656a943c534c70fd614|02|in"; nocase; ) # f73a2890af2df9b37389abb2745d012b82.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f73a2890af2df9b37389abb2745d012b82|02|ws"; nocase; ) # j8875a7198898412db70be9234e3eaa908.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j8875a7198898412db70be9234e3eaa908|02|cn"; nocase; ) # nfdf4cc61e3517427b10bb1398a6619ffa.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfdf4cc61e3517427b10bb1398a6619ffa|02|ws"; nocase; ) # xd7c479ba10b1d61f4808c54e8bd61ce6c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd7c479ba10b1d61f4808c54e8bd61ce6c|02|in"; nocase; ) # b1f68bc5bba9a74447853e6c146441cb8a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1f68bc5bba9a74447853e6c146441cb8a|02|so"; nocase; ) # c83869adf70fe55566e373b9787c9bdbe1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c83869adf70fe55566e373b9787c9bdbe1|02|cc"; nocase; ) # e55df3447fc9d3f6bf454a640ae164e330.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e55df3447fc9d3f6bf454a640ae164e330|02|to"; nocase; ) # h0a1e2787a86d06a69dd06a763d0a6d95e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h0a1e2787a86d06a69dd06a763d0a6d95e|02|cn"; nocase; ) # m3616c7a327d2c92f4e9111764be1b675d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m3616c7a327d2c92f4e9111764be1b675d|02|to"; nocase; ) # q36dc8aa8a35e25dbcb36ef46341367c8b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q36dc8aa8a35e25dbcb36ef46341367c8b|02|tk"; nocase; ) # refe895865659d22c8c8d9d9123f5ca85c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|refe895865659d22c8c8d9d9123f5ca85c|02|so"; nocase; ) # t813228b10236829cbc7d985653e7dd171.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t813228b10236829cbc7d985653e7dd171|02|ws"; nocase; ) # wa782ac541b779a6b7862c914ad835d7c7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa782ac541b779a6b7862c914ad835d7c7|02|hk"; nocase; ) # z0a787d913cbd994748aaa0604a8d0cf8a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z0a787d913cbd994748aaa0604a8d0cf8a|02|so"; nocase; ) # cfcbb12a3ba5766582e859756339d33280.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cfcbb12a3ba5766582e859756339d33280|02|to"; nocase; ) # i6c8f6151bcc8c76f8fb22e1b55e2bb32a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i6c8f6151bcc8c76f8fb22e1b55e2bb32a|02|cc"; nocase; ) # maa548ab3e0818c400f5be5ec8376cb8d1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|maa548ab3e0818c400f5be5ec8376cb8d1|02|hk"; nocase; ) # n03b06cc0e52ed0abea1a3f603e2de047f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n03b06cc0e52ed0abea1a3f603e2de047f|02|cn"; nocase; ) # o0a967d5e1b443fbbab0d188f3b88152dc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0a967d5e1b443fbbab0d188f3b88152dc|02|tk"; nocase; ) # q4a42c810a7370bfbbbecb2f983c1fd07c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4a42c810a7370bfbbbecb2f983c1fd07c|02|cc"; nocase; ) # xf2bcbd3730c12f7fde70c8e5f4c964e56.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf2bcbd3730c12f7fde70c8e5f4c964e56|02|so"; nocase; ) # gd4fd2ea4a17a30219c37f6b3510ed2bad.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd4fd2ea4a17a30219c37f6b3510ed2bad|02|cc"; nocase; ) # m0173596b4210cb76f1654a14cfc5f68f3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0173596b4210cb76f1654a14cfc5f68f3|02|tk"; nocase; ) # pbc71ceb1b175d6299c7e8dae541331dce.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbc71ceb1b175d6299c7e8dae541331dce|02|ws"; nocase; ) # q8c83157083f72533fece05fe60cb31b2d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8c83157083f72533fece05fe60cb31b2d|02|to"; nocase; ) # t39bae74944f4597e245d61e8ad28ce44d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t39bae74944f4597e245d61e8ad28ce44d|02|cn"; nocase; ) # wd7f0d81106d40f7dc05106b3623f4b502.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd7f0d81106d40f7dc05106b3623f4b502|02|cc"; nocase; ) # q8244225f98e552e5c8e16de5d9e71d995.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8244225f98e552e5c8e16de5d9e71d995|02|hk"; nocase; ) # r68bdbd870e2137e809e66ee41b9130a2e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r68bdbd870e2137e809e66ee41b9130a2e|02|cn"; nocase; ) # wf355b8e3f877a9360f68e5118e03f98f5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wf355b8e3f877a9360f68e5118e03f98f5|02|to"; nocase; ) # xf056e768f51686b384219fffb984e3ca4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf056e768f51686b384219fffb984e3ca4|02|in"; nocase; ) # z173f6da6e1aff56b82aa91839dab4fe0f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z173f6da6e1aff56b82aa91839dab4fe0f|02|cn"; nocase; ) # ad3030e11be8614275572af9a24c707c4c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad3030e11be8614275572af9a24c707c4c|02|tk"; nocase; ) # l276ead7b4ae6cf6b7be68066b14b98450.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l276ead7b4ae6cf6b7be68066b14b98450|02|ws"; nocase; ) # qcb4cdce39c5ac5b32cd5b9d7975934524.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qcb4cdce39c5ac5b32cd5b9d7975934524|02|tk"; nocase; ) # ea9367db4731e55e864d85de2a4eb4bacc.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea9367db4731e55e864d85de2a4eb4bacc|02|hk"; nocase; ) # g692ea5a2de48e8a6c2e4e1d9b74c40f2b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g692ea5a2de48e8a6c2e4e1d9b74c40f2b|02|tk"; nocase; ) # j67310b83c2ff4a45ad01ed5af9f07c604.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j67310b83c2ff4a45ad01ed5af9f07c604|02|ws"; nocase; ) # k52c64b47840159d39da39801f83f66a1e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k52c64b47840159d39da39801f83f66a1e|02|to"; nocase; ) # m2a94fc833502dc0dfabd8768e6f3e708c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m2a94fc833502dc0dfabd8768e6f3e708c|02|hk"; nocase; ) # pe07c8feca6453c61afc8790cb8aa7be77.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe07c8feca6453c61afc8790cb8aa7be77|02|so"; nocase; ) # r799e8772432b6b6c90fee65f605df3db4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r799e8772432b6b6c90fee65f605df3db4|02|ws"; nocase; ) # v89a9a4e740a73a1db5c0236a3066bb2cb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v89a9a4e740a73a1db5c0236a3066bb2cb|02|cn"; nocase; ) # z1d4dfdb7e82dfdbda760811b374b58a36.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z1d4dfdb7e82dfdbda760811b374b58a36|02|ws"; nocase; ) # a2a3bf3aeca9d2740ba748e2bb9a402f5a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a2a3bf3aeca9d2740ba748e2bb9a402f5a|02|to"; nocase; ) # ca806d34284decd7065936addad456e6cd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca806d34284decd7065936addad456e6cd|02|hk"; nocase; ) # i6b6ad9ac19e1f8e844d5f94e6e81590fb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i6b6ad9ac19e1f8e844d5f94e6e81590fb|02|to"; nocase; ) # scc91fdc375be331a8a0030b69afeb4ddb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|scc91fdc375be331a8a0030b69afeb4ddb|02|hk"; nocase; ) # w040021cd43084d9cbeb904e8018a27a23.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w040021cd43084d9cbeb904e8018a27a23|02|cc"; nocase; ) # ze3fc6855ee7d6083e2a0e1886e2febaf2.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ze3fc6855ee7d6083e2a0e1886e2febaf2|02|in"; nocase; ) # k3b511d6a8737536ca4ea23f3ab7f49458.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k3b511d6a8737536ca4ea23f3ab7f49458|02|tk"; nocase; ) # n85e06815e3781503cad9be533b2fc5d4a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n85e06815e3781503cad9be533b2fc5d4a|02|ws"; nocase; ) # p8834e1c1df929713fdaec7363ec23bdd6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p8834e1c1df929713fdaec7363ec23bdd6|02|in"; nocase; ) # wb8ac6bc0a051cfbb110183eee4ec7f47b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb8ac6bc0a051cfbb110183eee4ec7f47b|02|to"; nocase; ) # z830dd1a849b87fd1ced2097f3817ba0b1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z830dd1a849b87fd1ced2097f3817ba0b1|02|cn"; nocase; ) # c4deef1daf561866ec2b7c426fc36ade4b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4deef1daf561866ec2b7c426fc36ade4b|02|cc"; nocase; ) # k24400a49a9215ce161d7b0d6c051edeca.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k24400a49a9215ce161d7b0d6c051edeca|02|cc"; nocase; ) # m4121be849cd9a3f9781e1bf807f3a39f4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m4121be849cd9a3f9781e1bf807f3a39f4|02|to"; nocase; ) # r86f63fd1cf6c2fdb276fb07364ce7820d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r86f63fd1cf6c2fdb276fb07364ce7820d|02|so"; nocase; ) # t62426aa6050a46507118e707ef97baece.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t62426aa6050a46507118e707ef97baece|02|ws"; nocase; ) # w3369136d36f8b2474eb4720786b36dea0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w3369136d36f8b2474eb4720786b36dea0|02|hk"; nocase; ) # c7c79fba761fcfc92af7747be2a5895b0f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c7c79fba761fcfc92af7747be2a5895b0f|02|to"; nocase; ) # dc7097f521838cb163c1a743dd4fa5a3e3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dc7097f521838cb163c1a743dd4fa5a3e3|02|in"; nocase; ) # g91049d959c28243ae83992db903dbd8f5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g91049d959c28243ae83992db903dbd8f5|02|tk"; nocase; ) # h5ac3131288f381a46b4be71bf737ce940.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h5ac3131288f381a46b4be71bf737ce940|02|so"; nocase; ) # s0b06efce4f6a8b10d2b53f40b1f058b1c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0b06efce4f6a8b10d2b53f40b1f058b1c|02|to"; nocase; ) # xf00298003999d3f0628a773c2766ec7b5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xf00298003999d3f0628a773c2766ec7b5|02|so"; nocase; ) # d054730c08449ea8d4bc307655976ae240.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d054730c08449ea8d4bc307655976ae240|02|cn"; nocase; ) # f1baeacfb6bc3c4f9b4edfb0ff9e4a41d3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1baeacfb6bc3c4f9b4edfb0ff9e4a41d3|02|so"; nocase; ) # g0a87c5e7739274e71fa5a8d27267af58e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g0a87c5e7739274e71fa5a8d27267af58e|02|cc"; nocase; ) # i8157aacf343a4a2893db0cadb5060f01e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i8157aacf343a4a2893db0cadb5060f01e|02|to"; nocase; ) # m96816c6d48ee2a5745f160ac7a299e619.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m96816c6d48ee2a5745f160ac7a299e619|02|tk"; nocase; ) # rc2d3750672648ac205eb385d34f2e7a82.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rc2d3750672648ac205eb385d34f2e7a82|02|in"; nocase; ) # bea6032621e2f8efd8db0fa7803c11570d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bea6032621e2f8efd8db0fa7803c11570d|02|cn"; nocase; ) # hea32bbb13d4827de9e532f654c84ccca5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hea32bbb13d4827de9e532f654c84ccca5|02|in"; nocase; ) # y16ed802a86788d030fe7ee80fdc840cb4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y16ed802a86788d030fe7ee80fdc840cb4|02|hk"; nocase; ) # h508f35dd3b09073ee2a3198349debc267.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h508f35dd3b09073ee2a3198349debc267|02|cn"; nocase; ) # s2271423366a6cf58e8bc7d3183b8aee60.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2271423366a6cf58e8bc7d3183b8aee60|02|cc"; nocase; ) # b77628cd29bb203ac57f12f8ddcd663d25.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b77628cd29bb203ac57f12f8ddcd663d25|02|ws"; nocase; ) # d8b20646faa19dde795898c22c605d9760.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8b20646faa19dde795898c22c605d9760|02|in"; nocase; ) # gda551e9abda031a1f59df2029b81770c1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gda551e9abda031a1f59df2029b81770c1|02|tk"; nocase; ) # l61e835fda32f1a18707056c52919875cc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l61e835fda32f1a18707056c52919875cc|02|in"; nocase; ) # rfa414fb82eeb4dbe11944456e785d83ff.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rfa414fb82eeb4dbe11944456e785d83ff|02|ws"; nocase; ) # s212c1739aa7f4b072da62c5390c7bd776.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s212c1739aa7f4b072da62c5390c7bd776|02|to"; nocase; ) # v9ef5d327514a12e2f053570f05901150b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9ef5d327514a12e2f053570f05901150b|02|cn"; nocase; ) # b6fbcfe4c80027755f9a37f90ef79c04c7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6fbcfe4c80027755f9a37f90ef79c04c7|02|in"; nocase; ) # jd757e1fcd0083ea12616cc5dcc1afd500.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd757e1fcd0083ea12616cc5dcc1afd500|02|in"; nocase; ) # kc2d64b9d8fc09ca4f5118dd33a8f8546f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kc2d64b9d8fc09ca4f5118dd33a8f8546f|02|hk"; nocase; ) # nd357eab6ba96434e8c26f0409b793ac99.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd357eab6ba96434e8c26f0409b793ac99|02|so"; nocase; ) # rea07fdaf43afed0a74756a5ab5ade2ca5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rea07fdaf43afed0a74756a5ab5ade2ca5|02|in"; nocase; ) # s6e24e56bf98cc990f806f8c4881ead863.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s6e24e56bf98cc990f806f8c4881ead863|02|hk"; nocase; ) # ub4e2f64e55850e5dd355aa260bbfd827b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub4e2f64e55850e5dd355aa260bbfd827b|02|tk"; nocase; ) # be1d393141623076877130fd5b278e5eeb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be1d393141623076877130fd5b278e5eeb|02|cn"; nocase; ) # udeed6a06c8da2471262092a8fa1c561ac.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|udeed6a06c8da2471262092a8fa1c561ac|02|cc"; nocase; ) # k2c4354be29f8da5cd32e257e0e28df9a9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k2c4354be29f8da5cd32e257e0e28df9a9|02|cc"; nocase; ) # qd404d08b5a9514d33fcaa9ad45a18cfc4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qd404d08b5a9514d33fcaa9ad45a18cfc4|02|tk"; nocase; ) # s88a10de731969622afb2f925a6adbc195.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s88a10de731969622afb2f925a6adbc195|02|cc"; nocase; ) # te709581762c0ba550f0ddbab7c3731a9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te709581762c0ba550f0ddbab7c3731a9e|02|ws"; nocase; ) # db4f00163418c0dd99e29e3a581b0ca336.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|db4f00163418c0dd99e29e3a581b0ca336|02|in"; nocase; ) # rf18bf7d6d97739eaf049a497aee711346.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf18bf7d6d97739eaf049a497aee711346|02|ws"; nocase; ) # c1762fa7c7bbe18204aea36eb350672d8f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c1762fa7c7bbe18204aea36eb350672d8f|02|hk"; nocase; ) # i244e0c9b6ff056e566f26e7bb6d90ca2b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i244e0c9b6ff056e566f26e7bb6d90ca2b|02|to"; nocase; ) # k1b80bfca57f4f05b11ce44963f79ad862.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k1b80bfca57f4f05b11ce44963f79ad862|02|hk"; nocase; ) # md0d6fed7553db1089057e77231f765db4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md0d6fed7553db1089057e77231f765db4|02|tk"; nocase; ) # nda9dd2c3d8ea90be913582b0772503d93.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nda9dd2c3d8ea90be913582b0772503d93|02|so"; nocase; ) # o5a4cec8fd49c96b10a779ea0be72e084c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o5a4cec8fd49c96b10a779ea0be72e084c|02|cc"; nocase; ) # p7647f59922fb7a5dd06e39c3d346c8757.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7647f59922fb7a5dd06e39c3d346c8757|02|ws"; nocase; ) # ef4651b098bdb213074b41f9b87f69a2c7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ef4651b098bdb213074b41f9b87f69a2c7|02|cc"; nocase; ) # g54b1e6bdbb18fbb85aba503f8f3459dcb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g54b1e6bdbb18fbb85aba503f8f3459dcb|02|to"; nocase; ) # h397ebe2d5468baccb515709167c22fc73.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h397ebe2d5468baccb515709167c22fc73|02|in"; nocase; ) # l4a5ea6b4d553fb4b7c30890ac5b6bf3b3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4a5ea6b4d553fb4b7c30890ac5b6bf3b3|02|so"; nocase; ) # ofea43a7b0cad3ed8f5b02d0a8e6d20c70.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ofea43a7b0cad3ed8f5b02d0a8e6d20c70|02|to"; nocase; ) # qfd1889b5765f5e58ef5890748bc799264.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qfd1889b5765f5e58ef5890748bc799264|02|hk"; nocase; ) # b7ab48f9a6250f945d45d3595457e541f9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7ab48f9a6250f945d45d3595457e541f9|02|so"; nocase; ) # f7891e2fc836f581214d32f4cf0ebbefef.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f7891e2fc836f581214d32f4cf0ebbefef|02|in"; nocase; ) # q681acf2122898b79a516ea309ae8ef63d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q681acf2122898b79a516ea309ae8ef63d|02|tk"; nocase; ) # y3590ca368553bd23235f192bd65e42ec0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3590ca368553bd23235f192bd65e42ec0|02|tk"; nocase; ) # c97ed64ab748b38b4bf62f7b640ec32e2f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c97ed64ab748b38b4bf62f7b640ec32e2f|02|to"; nocase; ) # gd16180e8932a9fbc890680d9fe27dd4f1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd16180e8932a9fbc890680d9fe27dd4f1|02|tk"; nocase; ) # ca954356c76094adf78a477acb49c31eca.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca954356c76094adf78a477acb49c31eca|02|hk"; nocase; ) # l1a3946a5760b3cf2d162fdcfaacf10f04.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1a3946a5760b3cf2d162fdcfaacf10f04|02|cn"; nocase; ) # n458ce406efa566d143638b932b2832960.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n458ce406efa566d143638b932b2832960|02|so"; nocase; ) # s2b809245345cc773da86c74abc3ebf8af.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s2b809245345cc773da86c74abc3ebf8af|02|hk"; nocase; ) # t1dec7cec30c2d805c840ef6a7822f4f94.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t1dec7cec30c2d805c840ef6a7822f4f94|02|cn"; nocase; ) # yaaa54c4ddc4ff7072cd52003366ba72ab.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yaaa54c4ddc4ff7072cd52003366ba72ab|02|to"; nocase; ) # a5c8d948e7325316f35e7685f58e7ea4cf.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a5c8d948e7325316f35e7685f58e7ea4cf|02|hk"; nocase; ) # gccd940c1338fcdd6a586653b67cb89675.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gccd940c1338fcdd6a586653b67cb89675|02|to"; nocase; ) # f6d8594248e8fac4d6b04cdc711a4b468f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6d8594248e8fac4d6b04cdc711a4b468f|02|cn"; nocase; ) # hf1bdfa52ab9fd16e15e8718dde28f7283.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf1bdfa52ab9fd16e15e8718dde28f7283|02|so"; nocase; ) # zff0acb96fe9e9c49401f097e1a221f9b4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zff0acb96fe9e9c49401f097e1a221f9b4|02|ws"; nocase; ) # ed3fdff3405055e1da3301ede4a55b0ef5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ed3fdff3405055e1da3301ede4a55b0ef5|02|tk"; nocase; ) # g6d5e95725c07d68c525cff59e00d10b15.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g6d5e95725c07d68c525cff59e00d10b15|02|cc"; nocase; ) # m60168c251bbb12445c0f660a37a7b45d6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m60168c251bbb12445c0f660a37a7b45d6|02|tk"; nocase; ) # obcff6f2855ed818fe158fb7d4547b6d1b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obcff6f2855ed818fe158fb7d4547b6d1b|02|cc"; nocase; ) # ra165abe1f913e840b7a6ecc0862f02fc7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra165abe1f913e840b7a6ecc0862f02fc7|02|in"; nocase; ) # y444a4585753d747e6a113a87e117c0870.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y444a4585753d747e6a113a87e117c0870|02|to"; nocase; ) # za4c0b7f292c5eece936e3e121accb070f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za4c0b7f292c5eece936e3e121accb070f|02|in"; nocase; ) # fd3efdb437909e16d2efaae40111da845b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fd3efdb437909e16d2efaae40111da845b|02|ws"; nocase; ) # jd48755bb759b1d6fc30eb99768f29d577.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd48755bb759b1d6fc30eb99768f29d577|02|cn"; nocase; ) # l59587a5cafdc3f82952725b5df6cc9131.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l59587a5cafdc3f82952725b5df6cc9131|02|so"; nocase; ) # vcacd41c2bc82b671e7912065fa55c6360.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vcacd41c2bc82b671e7912065fa55c6360|02|ws"; nocase; ) # wd2f176a66783c107e5c2ef0608463dc13.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd2f176a66783c107e5c2ef0608463dc13|02|to"; nocase; ) # b3836f821fbea294be31bce505e0481674.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b3836f821fbea294be31bce505e0481674|02|so"; nocase; ) # f5aea1cf4d2438113f55e0b4ce2d23517f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5aea1cf4d2438113f55e0b4ce2d23517f|02|in"; nocase; ) # i5afdb2186f720375bf3dc742310156aea.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i5afdb2186f720375bf3dc742310156aea|02|tk"; nocase; ) # s63eb2d9ca6a4ed1924d61e36999e7906f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s63eb2d9ca6a4ed1924d61e36999e7906f|02|cc"; nocase; ) # ya002207a5e8be1335effcf835fcab83f9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ya002207a5e8be1335effcf835fcab83f9|02|tk"; nocase; ) # bd8fae5bd86428e4781f1013d69089bc58.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd8fae5bd86428e4781f1013d69089bc58|02|ws"; nocase; ) # c13c83df19f38f212edeb96217d45920d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c13c83df19f38f212edeb96217d45920d2|02|to"; nocase; ) # fad96c37a6c4dd617f6123e705122adb4f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fad96c37a6c4dd617f6123e705122adb4f|02|cn"; nocase; ) # ha491d4abfdb48a7dd8a97a7de5890c2dc.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha491d4abfdb48a7dd8a97a7de5890c2dc|02|so"; nocase; ) # l3dfb1194e6162b2114abe070ce53efaee.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l3dfb1194e6162b2114abe070ce53efaee|02|in"; nocase; ) # m23d5aab9b718cbe6480e6a758a42fa733.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m23d5aab9b718cbe6480e6a758a42fa733|02|hk"; nocase; ) # s49ae93e13eba3ae01b81e37da409cc2d2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s49ae93e13eba3ae01b81e37da409cc2d2|02|to"; nocase; ) # v4b6f02730dc06f034f4a0ae34a2669fe7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v4b6f02730dc06f034f4a0ae34a2669fe7|02|cn"; nocase; ) # zafb35c9231e56695051ae3bc89de5b260.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zafb35c9231e56695051ae3bc89de5b260|02|ws"; nocase; ) # bcaa3cae38a3e9f78ac20a1b6598afc436.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bcaa3cae38a3e9f78ac20a1b6598afc436|02|in"; nocase; ) # e311a872bc41734a300d9d9a83dc092731.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e311a872bc41734a300d9d9a83dc092731|02|tk"; nocase; ) # hc455a77c47ed9d78a00a43ae6c0701fda.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc455a77c47ed9d78a00a43ae6c0701fda|02|ws"; nocase; ) # i361c0a6beb93b0b218a5294244dd19319.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i361c0a6beb93b0b218a5294244dd19319|02|to"; nocase; ) # pf7fa0a18d070fd4fa50f3b38ece872f80.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf7fa0a18d070fd4fa50f3b38ece872f80|02|ws"; nocase; ) # q4717b686a073ff496fd46257fa2bf844b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4717b686a073ff496fd46257fa2bf844b|02|to"; nocase; ) # yc9e6f07351964fbd68c0d430209371c9c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc9e6f07351964fbd68c0d430209371c9c|02|to"; nocase; ) # ia9ffdec1725027a2e1adbc3a1514ef29e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia9ffdec1725027a2e1adbc3a1514ef29e|02|hk"; nocase; ) # sf2175d2440e3976b010c3389e02487f62.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sf2175d2440e3976b010c3389e02487f62|02|tk"; nocase; ) # u3fa6d68ceb27a19da1b57b2ccff85acef.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3fa6d68ceb27a19da1b57b2ccff85acef|02|cc"; nocase; ) # x0934ccf5f18a1599dbe6080853904c9b3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0934ccf5f18a1599dbe6080853904c9b3|02|in"; nocase; ) # d0a80859e87ffbefa22b8ff96c788ee0d9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0a80859e87ffbefa22b8ff96c788ee0d9|02|ws"; nocase; ) # j4441e1c2b48d5a565b4f8d8b5eaf61352.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4441e1c2b48d5a565b4f8d8b5eaf61352|02|so"; nocase; ) # p0bc94d2e856b1e48f6f456bb655d06ded.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0bc94d2e856b1e48f6f456bb655d06ded|02|cn"; nocase; ) # sd3c9b18d65b54f3a2823fca2110e2bb7a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sd3c9b18d65b54f3a2823fca2110e2bb7a|02|cc"; nocase; ) # uf3f19d264107b82c98095c4ae048a7141.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf3f19d264107b82c98095c4ae048a7141|02|to"; nocase; ) # a0e7a09d769b79ca513524bb916b68f785.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0e7a09d769b79ca513524bb916b68f785|02|cc"; nocase; ) # bd038f16f046d34b7cf51c926156e32d9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd038f16f046d34b7cf51c926156e32d9e|02|ws"; nocase; ) # c5bd0ba6ab5f88ce559feeecb41552adf8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c5bd0ba6ab5f88ce559feeecb41552adf8|02|to"; nocase; ) # ke177a7f8b667f4c0b1a171f10bc9e6b7c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke177a7f8b667f4c0b1a171f10bc9e6b7c|02|to"; nocase; ) # p6ac76a161858d87c59cc3482dd086684d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6ac76a161858d87c59cc3482dd086684d|02|so"; nocase; ) # ta35a3a2a5afef59f1611df34607d64c2a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ta35a3a2a5afef59f1611df34607d64c2a|02|in"; nocase; ) # yf5c2341a8c2f8f241143bfc922ebf9cb7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yf5c2341a8c2f8f241143bfc922ebf9cb7|02|cc"; nocase; ) # b1e2e6e4984d0b916687da0c559c70fc26.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1e2e6e4984d0b916687da0c559c70fc26|02|in"; nocase; ) # k4473e213b3aaddb7473f554b5d2771367.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k4473e213b3aaddb7473f554b5d2771367|02|hk"; nocase; ) # mca177445ed1caf8cece3ba89e03eb08b8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mca177445ed1caf8cece3ba89e03eb08b8|02|tk"; nocase; ) # o364639a6cfb0ba7066ab599896ef9a520.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o364639a6cfb0ba7066ab599896ef9a520|02|cc"; nocase; ) # sdc043b3117162a43d938a3203d3f6b3a6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sdc043b3117162a43d938a3203d3f6b3a6|02|hk"; nocase; ) # dbf8f79f5892ae5e1dc2470f61c0bdc0bf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dbf8f79f5892ae5e1dc2470f61c0bdc0bf|02|so"; nocase; ) # habf373928eb7ffd9f5312fb83267404ab.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|habf373928eb7ffd9f5312fb83267404ab|02|in"; nocase; ) # i7cb56b38dd32734a5c54f4873eba2b0e8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i7cb56b38dd32734a5c54f4873eba2b0e8|02|hk"; nocase; ) # ma1616ce0fe868998e27aa586c7c482260.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ma1616ce0fe868998e27aa586c7c482260|02|cc"; nocase; ) # q89d904ce536c9411e67297dd7fdc1ea0f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q89d904ce536c9411e67297dd7fdc1ea0f|02|hk"; nocase; ) # d694f6b0a132df7aced5ee99f8e81e9925.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d694f6b0a132df7aced5ee99f8e81e9925|02|ws"; nocase; ) # gdbc08915ba28d0c334778202f862d4969.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gdbc08915ba28d0c334778202f862d4969|02|hk"; nocase; ) # k10fb214614bba2630d9a92e598b5502c2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k10fb214614bba2630d9a92e598b5502c2|02|cc"; nocase; ) # m5600edb680c02d761f9ed1e1c9cca3d4e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5600edb680c02d761f9ed1e1c9cca3d4e|02|to"; nocase; ) # ofb6a1b86011f5fd7aebf77b76a82ae8e2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ofb6a1b86011f5fd7aebf77b76a82ae8e2|02|hk"; nocase; ) # p5c492fa47cb619097b7fcecba6d9a2c9e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5c492fa47cb619097b7fcecba6d9a2c9e|02|cn"; nocase; ) # t90f75b767442198335898ecb258509a86.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t90f75b767442198335898ecb258509a86|02|ws"; nocase; ) # ub78365b6d76431615ba334747d3a0f14a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ub78365b6d76431615ba334747d3a0f14a|02|to"; nocase; ) # v065e326829a0a062eef28af19782d2db7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v065e326829a0a062eef28af19782d2db7|02|in"; nocase; ) # zefca9c591bb5f1c287da321b423756081.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zefca9c591bb5f1c287da321b423756081|02|so"; nocase; ) # b7308eb98a3b064c400f36e9c8b76b3d98.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b7308eb98a3b064c400f36e9c8b76b3d98|02|ws"; nocase; ) # k8a7453e7d8e4c0c656671213d9033eb02.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k8a7453e7d8e4c0c656671213d9033eb02|02|to"; nocase; ) # o4c22e7b9764e925decd37e17b952a3ea7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o4c22e7b9764e925decd37e17b952a3ea7|02|tk"; nocase; ) # p7bc2eb887a747d9e469917fc57b9b3fd7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7bc2eb887a747d9e469917fc57b9b3fd7|02|so"; nocase; ) # rae999416436ca4adfb972e1b0b2b50a70.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rae999416436ca4adfb972e1b0b2b50a70|02|ws"; nocase; ) # tf89fa08daaaa3d22cc2fb040840786b34.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf89fa08daaaa3d22cc2fb040840786b34|02|in"; nocase; ) # kbm2al743ne2mx7heba.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035566; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|kbm2al743ne2mx7heba|04|ddns|03|net"; nocase; ) # mhahapmdo0gps2a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035567; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|mhahapmdo0gps2a|04|ddns|03|net"; nocase; ) # uv50oritc6avqhepkj7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035568; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|uv50oritc6avqhepkj7|04|ddns|03|net"; nocase; ) # 1ta4k6q2alox74e8ct1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035569; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|1ta4k6q2alox74e8ct1|04|ddns|03|net"; nocase; ) # 3p5x7vuxafgli0q.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035570; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|3p5x7vuxafgli0q|04|ddns|03|net"; nocase; ) # olqnabotgrcvu4uvch7nofw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035571; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|olqnabotgrcvu4uvch7nofw|04|ddns|03|net"; nocase; ) # onodalcjgxej1pe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035572; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|onodalcjgxej1pe|04|ddns|03|net"; nocase; ) # 1vmjcbopojc4kdu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035573; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|1vmjcbopojc4kdu|04|ddns|03|net"; nocase; ) # e4m4odqvijovutevy6a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035574; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|e4m4odqvijovutevy6a|04|ddns|03|net"; nocase; ) # woobuvdiiri.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035575; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|woobuvdiiri|04|ddns|03|net"; nocase; ) # qabautma.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035576; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|qabautma|04|ddns|03|net"; nocase; ) # gimexesaokoto.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035577; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0d|gimexesaokoto|04|ddns|03|net"; nocase; ) # qoumirinita.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035578; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0b|qoumirinita|04|ddns|03|net"; nocase; ) # lailfamourobhue.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035579; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0f|lailfamourobhue|04|ddns|03|net"; nocase; ) # roagodhuveof.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035580; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|roagodhuveof|04|ddns|03|net"; nocase; ) # nilepuanp.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035581; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|nilepuanp|04|ddns|03|net"; nocase; ) # wiidodipewul.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035582; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|wiidodipewul|04|ddns|03|net"; nocase; ) # ukaninefo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035583; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|ukaninefo|04|ddns|03|net"; nocase; ) # haopqifeko.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035584; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0a|haopqifeko|04|ddns|03|net"; nocase; ) # c4gpirm25lyr7xc8e6snqba.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035585; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|c4gpirm25lyr7xc8e6snqba|04|ddns|03|net"; nocase; ) # 30ube83vw6gpir7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035586; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|30ube83vw6gpir7|04|ddns|03|net"; nocase; ) # q2u25b5rkxchyfqlsjgh7t1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035587; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|q2u25b5rkxchyfqlsjgh7t1|04|ddns|03|net"; nocase; ) # mjk0y2o2cncn7f7hejs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035588; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|mjk0y2o2cncn7f7hejs|04|ddns|03|net"; nocase; ) # cv1japqneto2kjsvwn1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035589; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|cv1japqneto2kjsvwn1|04|ddns|03|net"; nocase; ) # ztsuexfevx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035590; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ztsuexfevx|04|info"; nocase; ) # fvuvgjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035591; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fvuvgjw|03|org"; nocase; ) # linzyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035592; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|linzyc|04|info"; nocase; ) # hosoor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035593; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hosoor|03|biz"; nocase; ) # yannsha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yannsha|03|com"; nocase; ) # yaymazmvun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yaymazmvun|03|net"; nocase; ) # hdrdqxquzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hdrdqxquzi|04|info"; nocase; ) # kxukkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kxukkg|03|org"; nocase; ) # yrtrreqe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yrtrreqe|03|biz"; nocase; ) # pnuezdpmxpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pnuezdpmxpk|03|biz"; nocase; ) # eybhtroxt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eybhtroxt|04|info"; nocase; ) # hkdigartd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hkdigartd|03|net"; nocase; ) # xcvtnnjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xcvtnnjy|03|org"; nocase; ) # ohclysob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ohclysob|03|biz"; nocase; ) # jljgzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jljgzj|04|info"; nocase; ) # qpcvqiaemq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qpcvqiaemq|03|org"; nocase; ) # qtfsak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qtfsak|03|com"; nocase; ) # axipqmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|axipqmz|03|org"; nocase; ) # ssmafeypb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ssmafeypb|03|biz"; nocase; ) # afdabd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|afdabd|03|com"; nocase; ) # ogoajf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ogoajf|03|org"; nocase; ) # hxlopani.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hxlopani|03|biz"; nocase; ) # oqsaugww.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|oqsaugww|04|info"; nocase; ) # ucatmxit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ucatmxit|03|com"; nocase; ) # byecxhg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|byecxhg|03|com"; nocase; ) # gbxsrmv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gbxsrmv|03|org"; nocase; ) # ykqhic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ykqhic|03|com"; nocase; ) # ovxebw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ovxebw|03|com"; nocase; ) # krhkpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|krhkpa|03|biz"; nocase; ) # ejbckxm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ejbckxm|04|info"; nocase; ) # rsocxcvb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rsocxcvb|04|info"; nocase; ) # cpbgsrara.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cpbgsrara|03|net"; nocase; ) # prfwtk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|prfwtk|03|net"; nocase; ) # cakbqofgm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cakbqofgm|03|com"; nocase; ) # xkhcvtxyey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xkhcvtxyey|03|com"; nocase; ) # ytrdklkcuxz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ytrdklkcuxz|04|info"; nocase; ) # zlbwdya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zlbwdya|04|info"; nocase; ) # andkfvfwpfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|andkfvfwpfa|03|com"; nocase; ) # mxnfkldg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mxnfkldg|03|com"; nocase; ) # tfxpgzpbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tfxpgzpbn|03|com"; nocase; ) # gthgzznpab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gthgzznpab|03|com"; nocase; ) # crmckr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|crmckr|03|org"; nocase; ) # lqchrzrqwe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lqchrzrqwe|04|info"; nocase; ) # bavfkln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bavfkln|03|org"; nocase; ) # kdftcj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kdftcj|03|com"; nocase; ) # zqbwxq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zqbwxq|04|info"; nocase; ) # jknbdadslgv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jknbdadslgv|03|com"; nocase; ) # fuszyls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fuszyls|03|org"; nocase; ) # ribxwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ribxwi|04|info"; nocase; ) # rcdcimqui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rcdcimqui|03|net"; nocase; ) # vjkrltjyetd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vjkrltjyetd|03|net"; nocase; ) # khbbry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|khbbry|03|net"; nocase; ) # itncyk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|itncyk|04|info"; nocase; ) # zgmgaqhiun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zgmgaqhiun|03|net"; nocase; ) # tpxjkwo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tpxjkwo|04|info"; nocase; ) # sxhzmioi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|sxhzmioi|03|biz"; nocase; ) # ajirjatvkwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ajirjatvkwb|04|info"; nocase; ) # yxdpwi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yxdpwi|04|info"; nocase; ) # khxuikt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|khxuikt|03|org"; nocase; ) # duexujbuky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|duexujbuky|03|org"; nocase; ) # tswfebmehed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tswfebmehed|03|com"; nocase; ) # zppzxcmg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zppzxcmg|03|org"; nocase; ) # pwdntmlajb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pwdntmlajb|03|org"; nocase; ) # ofzefnpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ofzefnpq|03|biz"; nocase; ) # fjctbofhgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fjctbofhgx|03|com"; nocase; ) # usrbydw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|usrbydw|03|com"; nocase; ) # bmtfxcpu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bmtfxcpu|03|biz"; nocase; ) # dvschay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dvschay|03|com"; nocase; ) # unuqnqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|unuqnqi|03|biz"; nocase; ) # bfkktzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bfkktzf|04|info"; nocase; ) # wdyjyngjyg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wdyjyngjyg|04|info"; nocase; ) # bxmqjysn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bxmqjysn|03|net"; nocase; ) # ppiiqrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ppiiqrf|03|net"; nocase; ) # kllocaose.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kllocaose|03|net"; nocase; ) # bqjzrmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bqjzrmu|03|org"; nocase; ) # sfzddo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|sfzddo|03|com"; nocase; ) # ojogpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ojogpe|03|biz"; nocase; ) # uxuaerxkfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uxuaerxkfk|03|com"; nocase; ) # lesjkglyzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lesjkglyzm|04|info"; nocase; ) # ddftjasvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ddftjasvu|04|info"; nocase; ) # atiwoxcmtzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|atiwoxcmtzm|04|info"; nocase; ) # wpinbljoydh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wpinbljoydh|03|com"; nocase; ) # nqdauklad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nqdauklad|03|com"; nocase; ) # nwtfbaagp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nwtfbaagp|03|com"; nocase; ) # ywzovbxxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ywzovbxxp|04|info"; nocase; ) # gyldeoetnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gyldeoetnb|03|biz"; nocase; ) # yuaeaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yuaeaq|03|com"; nocase; ) # saakduiogw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|saakduiogw|03|com"; nocase; ) # erqfxatkxtx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|erqfxatkxtx|03|net"; nocase; ) # bcqfemqppgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bcqfemqppgr|03|com"; nocase; ) # yhdijepwgaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yhdijepwgaa|03|com"; nocase; ) # gsbluzfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gsbluzfx|03|com"; nocase; ) # xjtbirfmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xjtbirfmr|03|org"; nocase; ) # afubnts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|afubnts|03|net"; nocase; ) # gdhxxj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gdhxxj|04|info"; nocase; ) # yzihyqldzwx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yzihyqldzwx|04|info"; nocase; ) # kzsshz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kzsshz|03|com"; nocase; ) # cjshmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cjshmp|03|org"; nocase; ) # hsbjosqksdz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hsbjosqksdz|03|com"; nocase; ) # dojrcit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dojrcit|03|com"; nocase; ) # okcixjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|okcixjt|03|org"; nocase; ) # zughfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zughfg|03|com"; nocase; ) # wuljoezb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wuljoezb|04|info"; nocase; ) # hnysyyysuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hnysyyysuv|03|net"; nocase; ) # jajdkdtkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jajdkdtkf|03|org"; nocase; ) # vgajoizpyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vgajoizpyu|04|info"; nocase; ) # oikykobwyic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oikykobwyic|03|com"; nocase; ) # wjgaclrgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wjgaclrgn|03|com"; nocase; ) # ywvxgnj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ywvxgnj|03|biz"; nocase; ) # tfrcgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tfrcgn|03|com"; nocase; ) # skfpmdkjr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|skfpmdkjr|03|org"; nocase; ) # adkkanngln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|adkkanngln|03|org"; nocase; ) # bezcqennv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bezcqennv|03|biz"; nocase; ) # znzpebofi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|znzpebofi|03|com"; nocase; ) # gugzcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gugzcy|03|com"; nocase; ) # ugwxtgrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ugwxtgrp|03|net"; nocase; ) # tngzsvemt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tngzsvemt|03|org"; nocase; ) # zxsypjtdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zxsypjtdg|03|com"; nocase; ) # xslkxhtxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xslkxhtxw|04|info"; nocase; ) # pzkzadyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pzkzadyl|04|info"; nocase; ) # loudlxerkk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|loudlxerkk|03|org"; nocase; ) # czrkfhpdemo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|czrkfhpdemo|03|org"; nocase; ) # deviivngev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|deviivngev|03|com"; nocase; ) # nxxfkuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nxxfkuk|03|net"; nocase; ) # wrytjtrsdqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wrytjtrsdqf|03|biz"; nocase; ) # bsuzhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bsuzhq|03|com"; nocase; ) # aypqkiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|aypqkiz|03|com"; nocase; ) # tvkiddk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tvkiddk|03|com"; nocase; ) # regoulxqp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|regoulxqp|03|biz"; nocase; ) # hzvhkzbxydu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hzvhkzbxydu|03|com"; nocase; ) # jzrktshzwa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jzrktshzwa|04|info"; nocase; ) # yximats.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yximats|03|net"; nocase; ) # ddltqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ddltqw|03|biz"; nocase; ) # royfmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|royfmy|03|org"; nocase; ) # dhpxtifmkib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dhpxtifmkib|03|com"; nocase; ) # glpcexycl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|glpcexycl|03|com"; nocase; ) # rpkxvtq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rpkxvtq|03|net"; nocase; ) # hoafnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hoafnm|03|biz"; nocase; ) # radrkzn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|radrkzn|04|info"; nocase; ) # vstvtxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vstvtxp|04|info"; nocase; ) # eizyvtgu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eizyvtgu|03|com"; nocase; ) # yoawdzogy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yoawdzogy|03|com"; nocase; ) # oomkuucig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|oomkuucig|03|com"; nocase; ) # ebsevzxd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ebsevzxd|04|info"; nocase; ) # dfuhda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dfuhda|03|com"; nocase; ) # smgwiweoase.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|smgwiweoase|03|net"; nocase; ) # dihlrtspdva.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dihlrtspdva|04|info"; nocase; ) # htsnyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|htsnyq|04|info"; nocase; ) # edabytsopw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|edabytsopw|03|biz"; nocase; ) # ufjsxrwnww.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ufjsxrwnww|04|info"; nocase; ) # ginabx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ginabx|03|com"; nocase; ) # wftcreztqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wftcreztqj|03|biz"; nocase; ) # hfllbamuygh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hfllbamuygh|03|com"; nocase; ) # harrvufyjs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|harrvufyjs|03|org"; nocase; ) # gwjglhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gwjglhf|03|com"; nocase; ) # znuonidut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|znuonidut|03|net"; nocase; ) # wxsbrlkywr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wxsbrlkywr|04|info"; nocase; ) # feezkos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|feezkos|03|biz"; nocase; ) # qpogfzjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qpogfzjd|03|org"; nocase; ) # lthgzb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lthgzb|04|info"; nocase; ) # bnfxsbtryk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bnfxsbtryk|04|info"; nocase; ) # tyraqqstjdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tyraqqstjdp|03|com"; nocase; ) # ifgbicj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ifgbicj|03|com"; nocase; ) # gijazwg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gijazwg|04|info"; nocase; ) # iddrdzixd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iddrdzixd|04|info"; nocase; ) # qczoodcmfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qczoodcmfu|03|com"; nocase; ) # gxjnpyj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gxjnpyj|04|info"; nocase; ) # qzgzhyudrf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qzgzhyudrf|03|net"; nocase; ) # olozpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|olozpj|03|biz"; nocase; ) # nibqqyptrhh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nibqqyptrhh|03|com"; nocase; ) # bacfqpz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bacfqpz|03|biz"; nocase; ) # bjwjhwkbze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bjwjhwkbze|04|info"; nocase; ) # zkzynrqsiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zkzynrqsiy|03|com"; nocase; ) # zmanywz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zmanywz|04|info"; nocase; ) # hdsvmkhpdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hdsvmkhpdu|03|com"; nocase; ) # hyrpymqje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hyrpymqje|03|org"; nocase; ) # zzuqzaweew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zzuqzaweew|03|com"; nocase; ) # iokdojmlpzt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|iokdojmlpzt|04|info"; nocase; ) # iqmsofybp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iqmsofybp|03|com"; nocase; ) # ilxmzev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ilxmzev|03|com"; nocase; ) # wnqgzahe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wnqgzahe|03|com"; nocase; ) # gbqedwqwy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gbqedwqwy|04|info"; nocase; ) # aqlspx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|aqlspx|03|biz"; nocase; ) # fbnvrkn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fbnvrkn|03|org"; nocase; ) # eiefauu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eiefauu|03|net"; nocase; ) # dgjzzyuep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dgjzzyuep|03|com"; nocase; ) # yxelkdwg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|yxelkdwg|04|info"; nocase; ) # vjngcmuiobo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vjngcmuiobo|03|com"; nocase; ) # uacqbjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uacqbjh|03|org"; nocase; ) # odlfdwxuzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|odlfdwxuzj|04|info"; nocase; ) # xpwpkhrcz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xpwpkhrcz|03|com"; nocase; ) # bhdxyiehfvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bhdxyiehfvx|04|info"; nocase; ) # eenatfsio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eenatfsio|03|com"; nocase; ) # gjjwsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gjjwsf|03|net"; nocase; ) # ziaipq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ziaipq|03|biz"; nocase; ) # vhqwiuaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vhqwiuaz|03|com"; nocase; ) # wmxljlfkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wmxljlfkm|03|org"; nocase; ) # iowkgafoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iowkgafoa|03|biz"; nocase; ) # qwiopodc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qwiopodc|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # ckennndcnbmefncd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035789; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ckennndcnbmefncd|02|cc"; nocase; ) # mocaabfflbmlaffd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035790; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mocaabfflbmlaffd|03|com"; nocase; ) # adeccabcaleecanb.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035791; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|adeccabcaleecanb|02|de"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # kffbccdekmoedndf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035792; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kffbccdekmoedndf|03|com"; nocase; ) # emkbndobdkalmaka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035793; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|emkbndobdkalmaka|03|net"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # kaffdaockldfomod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035794; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kaffdaockldfomod|03|com"; nocase; ) # ldkcllolkfffebao.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035795; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ldkcllolkfffebao|02|co|02|uk"; nocase; ) # fccfockdekkmbmac.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035796; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fccfockdekkmbmac|02|eu"; nocase; ) # kobmnamafdaddaca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035797; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kobmnamafdaddaca|03|com"; nocase; ) # accboffbcflkklfd.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035798; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|accboffbcflkklfd|02|de"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # mefbfeaboddcnccf.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035799; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mefbfeaboddcnccf|02|de"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # amcnoccfddlafaac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035800; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|amcnoccfddlafaac|03|com"; nocase; ) # afameamcmdbacddc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035801; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|afameamcmdbacddc|03|com"; nocase; ) # rieeuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035802; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rieeuo|03|com"; nocase; ) # wjynel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035803; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wjynel|03|com"; nocase; ) # yhguim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035804; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yhguim|03|com"; nocase; ) # xymeqd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035805; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xymeqd|03|com"; nocase; ) # rjoqen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035806; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rjoqen|03|com"; nocase; ) # euucna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035807; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|euucna|03|com"; nocase; ) # xtlghi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035808; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xtlghi|03|com"; nocase; ) # ouuwie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035809; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ouuwie|03|com"; nocase; ) # baxxaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035810; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|baxxaz|03|com"; nocase; ) # xvsegv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035811; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xvsegv|03|com"; nocase; ) # gqlvan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035812; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gqlvan|03|com"; nocase; ) # aiejaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035813; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aiejaj|03|com"; nocase; ) # kwqybi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035814; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|kwqybi|03|com"; nocase; ) # ievjac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035815; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ievjac|03|com"; nocase; ) # puabmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035816; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|puabmy|03|com"; nocase; ) # snudez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035817; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|snudez|03|com"; nocase; ) # uhirmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035818; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uhirmz|03|com"; nocase; ) # okjdek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035819; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|okjdek|03|com"; nocase; ) # rdobam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035820; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|rdobam|03|com"; nocase; ) # nephrj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035821; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nephrj|03|com"; nocase; ) # iohefj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035822; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iohefj|03|com"; nocase; ) # nonywv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035823; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nonywv|03|com"; nocase; ) # aschajax.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035824; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|aschajax|02|it"; nocase; ) # kwjbaswhse.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035825; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|kwjbaswhse|03|biz"; nocase; ) # paebvppjhdvfdikdm.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035826; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|paebvppjhdvfdikdm|04|work"; nocase; ) # newscqocqkwmri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035827; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|newscqocqkwmri|03|org"; nocase; ) # yhchnlodfaigxl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035828; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|yhchnlodfaigxl|03|biz"; nocase; ) # wwcbhgeiamuxr.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035829; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|wwcbhgeiamuxr|05|click"; nocase; ) # ejihrpsespsmiaj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035830; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|ejihrpsespsmiaj|02|ru"; nocase; ) # kvolewe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035831; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|kvolewe|03|biz"; nocase; ) # sqdqltddfkfkkftc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035832; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|sqdqltddfkfkkftc|03|org"; nocase; ) # lwtnnrsjdvh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035833; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|lwtnnrsjdvh|02|ru"; nocase; ) # wastgkelametbgy.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035834; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|wastgkelametbgy|02|su"; nocase; ) # qjwdefle.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035835; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|qjwdefle|03|xyz"; nocase; ) # exytjyycriqv.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035836; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|exytjyycriqv|05|click"; nocase; ) # jkxddbtlmdwf.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035837; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|jkxddbtlmdwf|05|click"; nocase; ) # bhtvntkjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035838; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|bhtvntkjt|03|org"; nocase; ) # bxyimkg.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035839; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|bxyimkg|02|su"; nocase; ) # idghmxr.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035840; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|idghmxr|02|su"; nocase; ) # xwmqaqknrwyvr.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035841; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|xwmqaqknrwyvr|02|pl"; nocase; ) # jvranpdbswehvm.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035842; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|jvranpdbswehvm|04|work"; nocase; ) # ydruolobg.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035843; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ydruolobg|05|click"; nocase; ) # ajorvun.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035844; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ajorvun|04|info"; nocase; ) # lfftvqjathkvcktju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035845; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|lfftvqjathkvcktju|03|org"; nocase; ) # nomilsowcrjdep.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035846; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|nomilsowcrjdep|03|xyz"; nocase; ) # jnhqbvgpu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035847; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|jnhqbvgpu|04|info"; nocase; ) # efcnixvp.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035848; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|efcnixvp|02|pl"; nocase; ) # hnclyodoe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035849; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|hnclyodoe|03|biz"; nocase; ) # xbshgniml.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035850; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|xbshgniml|04|work"; nocase; ) # boqmwmnpwh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035851; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|boqmwmnpwh|03|biz"; nocase; ) # etdiaiq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035852; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|etdiaiq|04|info"; nocase; ) # ncfeiknxxnr.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035853; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ncfeiknxxnr|02|pw"; nocase; ) # hndiacwngixl.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035854; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|hndiacwngixl|02|pw"; nocase; ) # hgkctpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035855; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hgkctpe|03|biz"; nocase; ) # lhlnbhuarglsiiel.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035856; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|lhlnbhuarglsiiel|02|su"; nocase; ) # mvesipyjdyuocqfwm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035857; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|mvesipyjdyuocqfwm|03|org"; nocase; ) # ssrbcqckbyyjjaax.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035858; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ssrbcqckbyyjjaax|02|su"; nocase; ) # jhpgtprokvl.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035859; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|jhpgtprokvl|03|xyz"; nocase; ) # ltbgdradshhfppgkq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035860; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ltbgdradshhfppgkq|03|biz"; nocase; ) # ejigmsfochgjtmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035861; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|ejigmsfochgjtmr|03|org"; nocase; ) # btsgttam.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035862; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|btsgttam|04|info"; nocase; ) # vnsdygoikm.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035863; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|vnsdygoikm|05|click"; nocase; ) # gqhgkkdggw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035864; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|gqhgkkdggw|04|work"; nocase; ) # xsffnwwfqyfpwveqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035865; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|xsffnwwfqyfpwveqc|03|org"; nocase; ) # kigkmokrdulspaeh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035866; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|kigkmokrdulspaeh|03|org"; nocase; ) # vpjtaljttxunbq.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035867; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|vpjtaljttxunbq|05|click"; nocase; ) # hxflsyptdxqhklqhi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035868; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|hxflsyptdxqhklqhi|03|xyz"; nocase; ) # cbgjvqjiokfe.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035869; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|cbgjvqjiokfe|02|pw"; nocase; ) # scwaduqecwehkhge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035870; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|scwaduqecwehkhge|03|biz"; nocase; ) # ptgtgtrjcanll.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035871; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ptgtgtrjcanll|04|work"; nocase; ) # cgfbujcaoutoxffn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035872; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|cgfbujcaoutoxffn|03|org"; nocase; ) # vmgivgqhnxyabvky.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035873; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|vmgivgqhnxyabvky|05|click"; nocase; ) # skvqgmgenkcyrsh.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035874; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|skvqgmgenkcyrsh|02|su"; nocase; ) # vcsjecgpmqx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035875; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|vcsjecgpmqx|03|org"; nocase; ) # lttrpluu.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035876; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|lttrpluu|04|work"; nocase; ) # nkacstydkitdogv.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035877; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|nkacstydkitdogv|02|su"; nocase; ) # kdalokhikklsmh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035878; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|kdalokhikklsmh|03|org"; nocase; ) # delreixncds.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035879; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|delreixncds|02|ru"; nocase; ) # ijxyuedfxtci.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035880; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ijxyuedfxtci|02|su"; nocase; ) # gnsstmowbxtrhy.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035881; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|gnsstmowbxtrhy|02|pw"; nocase; ) # pxbycuqakasw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035882; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|pxbycuqakasw|04|info"; nocase; ) # aaeadlxbvjodkcs.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035883; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|aaeadlxbvjodkcs|05|click"; nocase; ) # jxphqujgfxhsajpb.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035884; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|jxphqujgfxhsajpb|05|click"; nocase; ) # tanmxma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035885; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|tanmxma|03|org"; nocase; ) # ymubedesqqxmig.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035886; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|ymubedesqqxmig|03|biz"; nocase; ) # gmmmedqbfjrjopkef.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035887; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|gmmmedqbfjrjopkef|02|ru"; nocase; ) # ohwxxrwcqpbhsdvd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035888; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ohwxxrwcqpbhsdvd|03|biz"; nocase; ) # ltdholbegrsf.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035889; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|ltdholbegrsf|04|work"; nocase; ) # nmusdmichlysxnwvl.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035890; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|nmusdmichlysxnwvl|02|pl"; nocase; ) # eohsevaxlnj.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035891; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|eohsevaxlnj|04|work"; nocase; ) # ssxldrk.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035892; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ssxldrk|04|work"; nocase; ) # cfbsmctepykkn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035893; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|cfbsmctepykkn|02|ru"; nocase; ) # kjfabvudgorm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035894; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|kjfabvudgorm|04|info"; nocase; ) # ymbcafgdjy.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035895; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|ymbcafgdjy|02|su"; nocase; ) # hlqnpkwposqseuxnl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035896; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|hlqnpkwposqseuxnl|04|info"; nocase; ) # frhxjwoe.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035897; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|frhxjwoe|02|su"; nocase; ) # rledxdxuoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035898; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|rledxdxuoa|03|biz"; nocase; ) # lmgattx.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035899; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|lmgattx|02|su"; nocase; ) # shggseccchs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035900; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|shggseccchs|03|biz"; nocase; ) # jduothetgmoxf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035901; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|jduothetgmoxf|02|su"; nocase; ) # xfjtekbpjc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035902; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|xfjtekbpjc|02|ru"; nocase; ) # favsqusnxp.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035903; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|favsqusnxp|02|pl"; nocase; ) # rbsgfvhyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035904; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|rbsgfvhyn|03|biz"; nocase; ) # wjsppqfs.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035905; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|wjsppqfs|02|pw"; nocase; ) # nyeoqxtxxe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035906; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|nyeoqxtxxe|03|biz"; nocase; ) # liuveyn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035907; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|liuveyn|02|ru"; nocase; ) # kwontdmplpnbl.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035908; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|kwontdmplpnbl|02|pw"; nocase; ) # saxiyxixmhb.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035909; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|saxiyxixmhb|02|pl"; nocase; ) # rkyragwrswtsxwcs.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035910; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|rkyragwrswtsxwcs|04|work"; nocase; ) # tmscpsmxqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035911; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|tmscpsmxqq|03|org"; nocase; ) # bjfntny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035912; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|bjfntny|03|biz"; nocase; ) # udwladrolfgxvcne.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035913; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|udwladrolfgxvcne|02|pw"; nocase; ) # lcuutwko.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035914; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|lcuutwko|02|pl"; nocase; ) # memudbwauwdhv.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035915; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|memudbwauwdhv|05|click"; nocase; ) # qxaqsqsoovg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035916; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|qxaqsqsoovg|03|biz"; nocase; ) # ppthdape.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035917; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ppthdape|04|info"; nocase; ) # dmbkagkhql.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035918; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|dmbkagkhql|02|ru"; nocase; ) # wrunygjafompjr.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035919; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|wrunygjafompjr|03|xyz"; nocase; ) # jenludbcpqjhcvpgh.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035920; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|jenludbcpqjhcvpgh|05|click"; nocase; ) # lriduqdopkpoyqwwm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035921; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|lriduqdopkpoyqwwm|03|org"; nocase; ) # eegymqmsl.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035922; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|eegymqmsl|05|click"; nocase; ) # yunberdx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035923; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|yunberdx|02|ru"; nocase; ) # nebudihagaoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nebudihagaoc|03|biz"; nocase; ) # ivkbyojfmrwkcw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ivkbyojfmrwkcw|02|co|02|uk"; nocase; ) # yqulfqarkoqrjo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yqulfqarkoqrjo|03|net"; nocase; ) # mgpwevkgblwnjm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mgpwevkgblwnjm|03|biz"; nocase; ) # bbsgxoxckqryki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bbsgxoxckqryki|03|net"; nocase; ) # fhbkexqjgpymno.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fhbkexqjgpymno|02|ru"; nocase; ) # iuycayxxfgugre.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iuycayxxfgugre|02|ru"; nocase; ) # wvwnemtaeyaqpg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wvwnemtaeyaqpg|03|biz"; nocase; ) # aialrkctwslcpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aialrkctwslcpi|03|net"; nocase; ) # owksanohsqbiru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owksanohsqbiru|03|org"; nocase; ) # rnnuqvdttlncel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rnnuqvdttlncel|03|com"; nocase; ) # tmlvumigahfyek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tmlvumigahfyek|03|biz"; nocase; ) # vqqocufwmclsav.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vqqocufwmclsav|04|info"; nocase; ) # wmshntykirolud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wmshntykirolud|03|biz"; nocase; ) # ylqirkewongiea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ylqirkewongiea|03|org"; nocase; ) # xxiahdnyhttipr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xxiahdnyhttipr|04|info"; nocase; ) # bbywtqfaiibmmt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bbywtqfaiibmmt|04|info"; nocase; ) # cwwbuhkgqreevn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cwwbuhkgqreevn|03|net"; nocase; ) # jpdcghlgmythnk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jpdcghlgmythnk|04|info"; nocase; ) # jijpugjrnxjwmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jijpugjrnxjwmn|03|com"; nocase; ) # kehtvwoxvhmovv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kehtvwoxvhmovv|03|biz"; nocase; ) # soblllaopjpqdm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|soblllaopjpqdm|02|co|02|uk"; nocase; ) # oklwebgmucobdo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oklwebgmucobdo|04|info"; nocase; ) # qjjxirlybxgxfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qjjxirlybxgxfe|03|net"; nocase; ) # scoipbkgcqallo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|scoipbkgcqallo|02|ru"; nocase; ) # teehesdjmgbdqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|teehesdjmgbdqa|03|biz"; nocase; ) # lxdltoqrcttsfi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lxdltoqrcttsfi|04|info"; nocase; ) # nsniyydqhpmgxt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nsniyydqhpmgxt|03|net"; nocase; ) # hmgljgbrkxrmub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hmgljgbrkxrmub|03|org"; nocase; ) # iqbnglnmwojudh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iqbnglnmwojudh|02|co|02|uk"; nocase; ) # hdfaxpreicwiap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hdfaxpreicwiap|03|net"; nocase; ) # vepgroblwfvthf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vepgroblwfvthf|03|org"; nocase; ) # ayasldioomwjvy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ayasldioomwjvy|02|co|02|uk"; nocase; ) # sbmhlxocclunjp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sbmhlxocclunjp|02|ru"; nocase; ) # kullbkcdhgjaba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kullbkcdhgjaba|03|com"; nocase; ) # gqvwtyhchbumjn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gqvwtyhchbumjn|03|net"; nocase; ) # ilgtyjtbmwnall.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ilgtyjtbmwnall|02|ru"; nocase; ) # gjolqloeayurrh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gjolqloeayurrh|02|co|02|uk"; nocase; ) # umstebtcnouagm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|umstebtcnouagm|03|net"; nocase; ) # iatfdgefwmtmgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iatfdgefwmtmgg|03|biz"; nocase; ) # jrendwjlkdkvgc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jrendwjlkdkvgc|03|org"; nocase; ) # jrcnhviyqxuoak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jrcnhviyqxuoak|03|net"; nocase; ) # wfdygecfwpesaq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wfdygecfwpesaq|03|biz"; nocase; ) # wbxvnimtiwpimw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wbxvnimtiwpimw|03|org"; nocase; ) # rymgikldqgcsow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rymgikldqgcsow|03|biz"; nocase; ) # ruhdpovrcnnivn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ruhdpovrcnnivn|03|org"; nocase; ) # urselnwftxoaep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|urselnwftxoaep|03|com"; nocase; ) # lsivxhyjglsgtvu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lsivxhyjglsgtvu|03|org"; nocase; ) # oyoboenupjokgwb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oyoboenupjokgwb|04|info"; nocase; ) # msgipqfxffjmadk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|msgipqfxffjmadk|02|ru"; nocase; ) # orefgbrtvdqhask.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|orefgbrtvdqhask|02|co|02|uk"; nocase; ) # qukntxgyhhthhab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qukntxgyhhthhab|03|com"; nocase; ) # ekfysgatykkuxii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ekfysgatykkuxii|03|net"; nocase; ) # upuanngdemiuyai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|upuanngdemiuyai|03|net"; nocase; ) # vtpaqvcpvnuqxxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vtpaqvcpvnuqxxh|03|biz"; nocase; ) # llorceggswevikp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|llorceggswevikp|02|co|02|uk"; nocase; ) # mhmrpuljjqxukab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mhmrpuljjqxukab|03|com"; nocase; ) # awhdoavxaneqbvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|awhdoavxaneqbvf|03|net"; nocase; ) # ntscpljtqmjxigw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ntscpljtqmjxigw|03|biz"; nocase; ) # qcwejklygvcqkbn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qcwejklygvcqkbn|03|net"; nocase; ) # frpcavsryfjieya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|frpcavsryfjieya|03|net"; nocase; ) # tkybouckfrxwnim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tkybouckfrxwnim|03|org"; nocase; ) # hatmndvfwuokeqt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hatmndvfwuokeqt|02|co|02|uk"; nocase; ) # yaxaocadkrvqrhb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yaxaocadkrvqrhb|03|org"; nocase; ) # yjenlsxbtxygeal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yjenlsxbtxygeal|04|info"; nocase; ) # jtstxbbmbtenxon.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jtstxbbmbtenxon|02|ru"; nocase; ) # fjadhvhfllwwvji.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fjadhvhfllwwvji|02|co|02|uk"; nocase; ) # tmdxbiuobvdtavg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tmdxbiuobvdtavg|03|biz"; nocase; ) # lgjepdjkpdkkeus.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lgjepdjkpdkkeus|04|info"; nocase; ) # ogmhwpfaeohmmsn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ogmhwpfaeohmmsn|03|biz"; nocase; ) # pinjtxbmgocelxq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pinjtxbmgocelxq|02|ru"; nocase; ) # qfkenarvumohfpo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qfkenarvumohfpo|03|org"; nocase; ) # bpgsesmtpqlsqnm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bpgsesmtpqlsqnm|04|info"; nocase; ) # dxkdrncuchjvfcp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dxkdrncuchjvfcp|02|ru"; nocase; ) # etidfehxsbduoyr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|etidfehxsbduoyr|02|co|02|uk"; nocase; ) # wcrlvfogycagbhp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000035999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wcrlvfogycagbhp|04|info"; nocase; ) # antgbrfrilkbddh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|antgbrfrilkbddh|02|ru"; nocase; ) # ggwpiiklhevlroh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ggwpiiklhevlroh|02|ru"; nocase; ) # ibhiaswheidotuq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ibhiaswheidotuq|02|co|02|uk"; nocase; ) # lnxhpyxjxyxafji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lnxhpyxjxyxafji|03|org"; nocase; ) # xbbicnrgqktjhlq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xbbicnrgqktjhlq|03|net"; nocase; ) # ywrtnmmhmhrwghc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ywrtnmmhmhrwghc|03|org"; nocase; ) # espxnhxlmubcycb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|espxnhxlmubcycb|04|info"; nocase; ) # qcevsqsrdoaausa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qcevsqsrdoaausa|03|org"; nocase; ) # kwflbdjyqwfbpbq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kwflbdjyqwfbpbq|04|info"; nocase; ) # xboeooeyddhnysg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xboeooeyddhnysg|03|com"; nocase; ) # eklmgwyiebdcbgq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eklmgwyiebdcbgq|02|ru"; nocase; ) # giywpdhrdleacmg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|giywpdhrdleacmg|03|net"; nocase; ) # lwoyquytvyuvavq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lwoyquytvyuvavq|02|co|02|uk"; nocase; ) # ykpkpdsacqeaacx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ykpkpdsacqeaacx|04|info"; nocase; ) # teyrrjcxvhcaoil.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|teyrrjcxvhcaoil|04|info"; nocase; ) # nlpiixhrdquq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nlpiixhrdquq|02|co|02|uk"; nocase; ) # tcvhhfxjyrgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tcvhhfxjyrgl|03|com"; nocase; ) # alympwndvghf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|alympwndvghf|04|info"; nocase; ) # bjwdjnarrptw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bjwdjnarrptw|03|org"; nocase; ) # cqjhdcbiyorv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cqjhdcbiyorv|02|co|02|uk"; nocase; ) # igpsqoqnlhil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|igpsqoqnlhil|03|com"; nocase; ) # jcnwrfvttqld.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jcnwrfvttqld|03|biz"; nocase; ) # vrdgihtmdsob.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vrdgihtmdsob|02|co|02|uk"; nocase; ) # mgqpeogdniwt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mgqpeogdniwt|02|co|02|uk"; nocase; ) # pjjponbullck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pjjponbullck|03|net"; nocase; ) # pbqqvewcynok.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pbqqvewcynok|02|ru"; nocase; ) # qvtstmmjncsn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qvtstmmjncsn|03|org"; nocase; ) # osivyfvwqbeo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|osivyfvwqbeo|02|ru"; nocase; ) # uwkispduxvvt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uwkispduxvvt|02|ru"; nocase; ) # xlrivagqojjx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xlrivagqojjx|02|co|02|uk"; nocase; ) # arsdqpqrnonl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|arsdqpqrnonl|02|ru"; nocase; ) # byuglyecyqdv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|byuglyecyqdv|03|com"; nocase; ) # omvoteijmarp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|omvoteijmarp|03|net"; nocase; ) # iuvrekvfevaj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iuvrekvfevaj|04|info"; nocase; ) # lncwjktcfilw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lncwjktcfilw|03|org"; nocase; ) # smwlhtqppxhy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|smwlhtqppxhy|04|info"; nocase; ) # pgjonvydlsgw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pgjonvydlsgw|02|ru"; nocase; ) # ywjxmuywhnsb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ywjxmuywhnsb|02|co|02|uk"; nocase; ) # myyrwahncdxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|myyrwahncdxr|04|info"; nocase; ) # nwwkkmrxjrqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nwwkkmrxjrqc|03|org"; nocase; ) # psxlchtheksc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|psxlchtheksc|03|biz"; nocase; ) # cwgoagkqdbov.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cwgoagkqdbov|02|co|02|uk"; nocase; ) # hlgtevdfwwtm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hlgtevdfwwtm|02|ru"; nocase; ) # vwvrxcaswjna.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vwvrxcaswjna|03|org"; nocase; ) # xnbtjjbmqhrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xnbtjjbmqhrw|03|net"; nocase; ) # yflcjagsexig.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yflcjagsexig|02|ru"; nocase; ) # xnuwxjmdbygi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xnuwxjmdbygi|03|com"; nocase; ) # ojphyyfkklae.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ojphyyfkklae|02|co|02|uk"; nocase; ) # pgdfaxvbtlhs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pgdfaxvbtlhs|03|net"; nocase; ) # qsnglwhbrxmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qsnglwhbrxmf|03|org"; nocase; ) # snxdqnmndeak.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|snxdqnmndeak|04|info"; nocase; ) # syihhklyjqii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|syihhklyjqii|03|org"; nocase; ) # iecsjpkykjwx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iecsjpkykjwx|02|co|02|uk"; nocase; ) # ncpgitkvbcep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ncpgitkvbcep|03|org"; nocase; ) # oeqlvyqjkvgv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oeqlvyqjkvgv|02|co|02|uk"; nocase; ) # sovpatgrcftb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sovpatgrcftb|03|biz"; nocase; ) # uplcuegxmkla.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uplcuegxmkla|02|co|02|uk"; nocase; ) # mnrqbhjfkcql.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mnrqbhjfkcql|02|ru"; nocase; ) # cnktgqmwoceo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cnktgqmwoceo|02|co|02|uk"; nocase; ) # isaupvoelhkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|isaupvoelhkh|03|org"; nocase; ) # tltjkfgpgnou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tltjkfgpgnou|03|com"; nocase; ) # ixpnxowapaix.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ixpnxowapaix|02|ru"; nocase; ) # dbwmyxvwhlef.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dbwmyxvwhlef|02|ru"; nocase; ) # fuiamthqevwu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fuiamthqevwu|04|info"; nocase; ) # lgdqlywcgiws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lgdqlywcgiws|04|info"; nocase; ) # flbwkbwkjeqrp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|flbwkbwkjeqrp|04|info"; nocase; ) # hnmltshnloqnd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hnmltshnloqnd|03|com"; nocase; ) # lyilrwmnodjow.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lyilrwmnodjow|02|ru"; nocase; ) # yodxnfabgagaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yodxnfabgagaw|03|org"; nocase; ) # kgjvvdmggjoty.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kgjvvdmggjoty|04|info"; nocase; ) # mfhsmnycwhvoi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mfhsmnycwhvoi|03|net"; nocase; ) # pdqhjmmrqposo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pdqhjmmrqposo|03|org"; nocase; ) # qhlgpucwiwcmw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qhlgpucwiwcmw|02|co|02|uk"; nocase; ) # schwtkmlcnudq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|schwtkmlcnudq|03|biz"; nocase; ) # gysdwveucjtpx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gysdwveucjtpx|02|ru"; nocase; ) # huqdkmjxsdnoh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|huqdkmjxsdnoh|02|co|02|uk"; nocase; ) # jyrfijjsnqbig.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jyrfijjsnqbig|03|net"; nocase; ) # jqugpuitnjdva.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jqugpuitnjdva|03|biz"; nocase; ) # kupfvaovekuhy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kupfvaovekuhy|02|ru"; nocase; ) # kdbyolekevucm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kdbyolekevucm|03|org"; nocase; ) # mgsgaobhxrcvv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mgsgaobhxrcvv|02|ru"; nocase; ) # cerliepowukmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cerliepowukmd|03|net"; nocase; ) # oldfbnvvlufng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oldfbnvvlufng|03|biz"; nocase; ) # knmthxtwychgp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|knmthxtwychgp|04|info"; nocase; ) # jybllxdcxjyct.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jybllxdcxjyct|03|biz"; nocase; ) # tkygvuypwbsyr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tkygvuypwbsyr|02|ru"; nocase; ) # klctnhaaxufcw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|klctnhaaxufcw|04|info"; nocase; ) # nmbtxacbqljqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nmbtxacbqljqf|03|biz"; nocase; ) # pphkkkfnharsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pphkkkfnharsd|03|org"; nocase; ) # kaidnhjyqfwyc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kaidnhjyqfwyc|02|ru"; nocase; ) # lmovmlvqdwfga.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lmovmlvqdwfga|02|co|02|uk"; nocase; ) # mimvacbttqyfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mimvacbttqyfj|03|com"; nocase; ) # heisvksukykdq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|heisvksukykdq|03|biz"; nocase; ) # jdgpmbxkyimpj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jdgpmbxkyimpj|03|org"; nocase; ) # jmmlifkpnkmjf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jmmlifkpnkmjf|04|info"; nocase; ) # rtoypqcqjsufb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rtoypqcqjsufb|02|co|02|uk"; nocase; ) # gionylbmegcua.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gionylbmegcua|02|co|02|uk"; nocase; ) # tkedvqjgqptsj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tkedvqjgqptsj|04|info"; nocase; ) # hayrlvncdcada.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hayrlvncdcada|03|com"; nocase; ) # kksbcsehpvish.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kksbcsehpvish|03|biz"; nocase; ) # xomynfqxjicdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xomynfqxjicdm|03|com"; nocase; ) # cqqmqmtsuxibb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cqqmqmtsuxibb|03|org"; nocase; ) # ujsejpucouixh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ujsejpucouixh|03|com"; nocase; ) # ylwrmwxwakovo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ylwrmwxwakovo|03|org"; nocase; ) # mcbmleeahhjip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mcbmleeahhjip|03|net"; nocase; ) # nsqedgbciarbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nsqedgbciarbq|03|biz"; nocase; ) # owlfdoqvelqly.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|owlfdoqvelqly|02|ru"; nocase; ) # qefaolhuswpgl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qefaolhuswpgl|02|co|02|uk"; nocase; ) # oxwqwqlnwyrvp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oxwqwqlnwyrvp|02|co|02|uk"; nocase; ) # qgbjjxmhefdbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qgbjjxmhefdbw|03|biz"; nocase; ) # qhutwonbvbnpw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qhutwonbvbnpw|03|org"; nocase; ) # hfmgbstfdfbev.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hfmgbstfdfbev|02|ru"; nocase; ) # 41trg41fqpwip1p4g8caiya674.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|41trg41fqpwip1p4g8caiya674|03|com"; nocase; ) # nc44h9qk31p1baj51c10av9fa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nc44h9qk31p1baj51c10av9fa|03|net"; nocase; ) # 8vyzdu1n7k3ybme5b8zbw1291.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8vyzdu1n7k3ybme5b8zbw1291|03|biz"; nocase; ) # 547fm7b608qy1fmxh7oskt920.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|547fm7b608qy1fmxh7oskt920|03|net"; nocase; ) # towi7oldro6s1l6rqjf1bxh60r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|towi7oldro6s1l6rqjf1bxh60r|03|org"; nocase; ) # vazsv81kkw11c1llrykj1e3sr36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vazsv81kkw11c1llrykj1e3sr36|03|com"; nocase; ) # pisgu631z5gv1nqpcey1im7s6a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pisgu631z5gv1nqpcey1im7s6a|03|net"; nocase; ) # fi69vy1yh9rmyskfyapzglw02.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fi69vy1yh9rmyskfyapzglw02|03|biz"; nocase; ) # uh6wpu1n4r0lsmd5v9o1le62hj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uh6wpu1n4r0lsmd5v9o1le62hj|03|net"; nocase; ) # srbws1vf2vai1xuhg9ncff1la.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|srbws1vf2vai1xuhg9ncff1la|03|com"; nocase; ) # zjnr17z6d37p1beaos71kl51c1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zjnr17z6d37p1beaos71kl51c1|03|com"; nocase; ) # 1lqrv351ww7e8f17a08zxqr3qts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lqrv351ww7e8f17a08zxqr3qts|03|net"; nocase; ) # 5rq56c1mj3wev1c7mvm9vnxkxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5rq56c1mj3wev1c7mvm9vnxkxv|03|net"; nocase; ) # 2pdbb81h2xir61qy1w93mn4us7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2pdbb81h2xir61qy1w93mn4us7|03|org"; nocase; ) # 1q545s61frjtvy1wegikhexcdn8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q545s61frjtvy1wegikhexcdn8|03|net"; nocase; ) # lr30zzfejd7kqf2vr1ocew7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lr30zzfejd7kqf2vr1ocew7a|03|com"; nocase; ) # 10bkfvsjzcsju1fyelpiwwlq8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10bkfvsjzcsju1fyelpiwwlq8n|03|biz"; nocase; ) # 10ttnsrav1k2hrovrnp3ufb67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10ttnsrav1k2hrovrnp3ufb67|03|net"; nocase; ) # okorn2h1znk19vpjly1ukpttf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|okorn2h1znk19vpjly1ukpttf|03|net"; nocase; ) # sbd7t71wihvuuugyp2wymgaha.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbd7t71wihvuuugyp2wymgaha|03|biz"; nocase; ) # 1boacsjtwzpubu05qtc1a4n79d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1boacsjtwzpubu05qtc1a4n79d|03|org"; nocase; ) # 1v0quwvx7baik1kqm8lirixihc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v0quwvx7baik1kqm8lirixihc|03|biz"; nocase; ) # 1dxkfbeuun66psxdvoc3a12dz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dxkfbeuun66psxdvoc3a12dz|03|net"; nocase; ) # 81lqcv5uqlrs19a4zye63v7w8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|81lqcv5uqlrs19a4zye63v7w8|03|org"; nocase; ) # 18pbz84215ang1eb41xbv4e351.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pbz84215ang1eb41xbv4e351|03|org"; nocase; ) # g6ybqz12hhn0cq5zcxq1xsm5yu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6ybqz12hhn0cq5zcxq1xsm5yu|03|net"; nocase; ) # 1mtvyokgyjwik1bhp2st1uki501.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mtvyokgyjwik1bhp2st1uki501|03|biz"; nocase; ) # w587he67rfhp15x1xgl18h3zpy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w587he67rfhp15x1xgl18h3zpy|03|org"; nocase; ) # 2pxhg71x44i9d1mnf78mau71sf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2pxhg71x44i9d1mnf78mau71sf|03|net"; nocase; ) # 13v4q4j1hz94u11gv3ouw8pab8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13v4q4j1hz94u11gv3ouw8pab8c|03|com"; nocase; ) # 1dolvxqjtyzql1dvn5t4159bwiw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dolvxqjtyzql1dvn5t4159bwiw|03|org"; nocase; ) # lphtcy115ja1sp10n9114ng3n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lphtcy115ja1sp10n9114ng3n|03|net"; nocase; ) # 1u2fhwsakyrm4q0q0o4l4i8p1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u2fhwsakyrm4q0q0o4l4i8p1|03|biz"; nocase; ) # bwnn1z1j69nawnj6gnv1rpzj89.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwnn1z1j69nawnj6gnv1rpzj89|03|org"; nocase; ) # 10ov52nn55iev1o0d3caf0oh02.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ov52nn55iev1o0d3caf0oh02|03|net"; nocase; ) # 1cjae061q5dn0motyrwg12zk6nf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjae061q5dn0motyrwg12zk6nf|03|net"; nocase; ) # 6jca1n1vmf6tmeoquux1k91rzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6jca1n1vmf6tmeoquux1k91rzk|03|org"; nocase; ) # 1c82orv1rlelr11qt2dkl11uime1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c82orv1rlelr11qt2dkl11uime1|03|net"; nocase; ) # u1tosd1mkl0ec1lw7njv1dmut2v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u1tosd1mkl0ec1lw7njv1dmut2v|03|com"; nocase; ) # wxvtwa11odvz7wnhijx1aywhjf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wxvtwa11odvz7wnhijx1aywhjf|03|net"; nocase; ) # m0wmdu1tbg4831o73xg5lnpchn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0wmdu1tbg4831o73xg5lnpchn|03|biz"; nocase; ) # 1q02qrr1v3ogvfmvsfqahhnn4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q02qrr1v3ogvfmvsfqahhnn4|03|org"; nocase; ) # 16wj6px15rtkhq1v7jae91ib1rx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16wj6px15rtkhq1v7jae91ib1rx4|03|net"; nocase; ) # 17s5an31ebzwntmqb6dj1trfb41.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17s5an31ebzwntmqb6dj1trfb41|03|biz"; nocase; ) # tetzka1e7nie01w7gb64w9yy57.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tetzka1e7nie01w7gb64w9yy57|03|org"; nocase; ) # 1slwakd1shnanvhtgo801ulxrho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1slwakd1shnanvhtgo801ulxrho|03|com"; nocase; ) # 563roubdnla05bvwyrjj87mb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|563roubdnla05bvwyrjj87mb|03|org"; nocase; ) # dzaamu1f2vpny19vprpqis6kfq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dzaamu1f2vpny19vprpqis6kfq|03|org"; nocase; ) # sqwpkk1rilhi1lvr0bpx2luag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sqwpkk1rilhi1lvr0bpx2luag|03|biz"; nocase; ) # 1nveieo1fbzkhdrz1anq1whc665.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nveieo1fbzkhdrz1anq1whc665|03|org"; nocase; ) # 1ucxva31wmhho1xdusvsfa1zse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ucxva31wmhho1xdusvsfa1zse|03|org"; nocase; ) # f1e70511mim1r1mk81rr1ypxgjw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f1e70511mim1r1mk81rr1ypxgjw|03|biz"; nocase; ) # et4z1yqca6i038ftpr1y9tf5s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|et4z1yqca6i038ftpr1y9tf5s|03|com"; nocase; ) # 10s63191ih4jej20gown16avo04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10s63191ih4jej20gown16avo04|03|org"; nocase; ) # kc4uqr3i2b8l1gza1zq1x7o5q0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kc4uqr3i2b8l1gza1zq1x7o5q0|03|com"; nocase; ) # js983z1y75v611p0uve17h2mpw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|js983z1y75v611p0uve17h2mpw|03|com"; nocase; ) # 14kv1gf1f031ilyzryemozhxi8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14kv1gf1f031ilyzryemozhxi8|03|org"; nocase; ) # gkt9xmjty1m2hoj6fhk5uox0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gkt9xmjty1m2hoj6fhk5uox0|03|com"; nocase; ) # 6i0hn21jqu15m16gkrkzlzrtby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6i0hn21jqu15m16gkrkzlzrtby|03|org"; nocase; ) # 160nidypczyg71czq3doke0kb2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|160nidypczyg71czq3doke0kb2|03|org"; nocase; ) # hp88wg1e8ugd81ynnf6r1hc44a5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hp88wg1e8ugd81ynnf6r1hc44a5|03|org"; nocase; ) # 3plabt7qk5ag16z25hokwohsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3plabt7qk5ag16z25hokwohsz|03|org"; nocase; ) # 194saqh1tct2eidlmlnj1i5klyn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|194saqh1tct2eidlmlnj1i5klyn|03|net"; nocase; ) # 1k6jss013kmtjkmnlc6rxoaq7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k6jss013kmtjkmnlc6rxoaq7r|03|com"; nocase; ) # 12homyw1tqcjbynthup7dn5kkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12homyw1tqcjbynthup7dn5kkl|03|com"; nocase; ) # 1eukq5lyq0eoe1yal1ao15cgn4d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eukq5lyq0eoe1yal1ao15cgn4d|03|net"; nocase; ) # 1a87ru7138qdsd4ilipm1g2vv6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a87ru7138qdsd4ilipm1g2vv6m|03|org"; nocase; ) # vv550fjv5cc137lr46shcujn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vv550fjv5cc137lr46shcujn|03|com"; nocase; ) # 1k8ve6b17v7adfxuqecu107g6re.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k8ve6b17v7adfxuqecu107g6re|03|net"; nocase; ) # 14tlb9y1sf66c5id1zm1zx0z3c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14tlb9y1sf66c5id1zm1zx0z3c|03|org"; nocase; ) # ex3ttw13tvmp1hq06j49b07ws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ex3ttw13tvmp1hq06j49b07ws|03|com"; nocase; ) # 1o525qr1aav86y1su93m5oye4mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o525qr1aav86y1su93m5oye4mi|03|net"; nocase; ) # 8nej1h1hwe8yvqkekwjjwskkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8nej1h1hwe8yvqkekwjjwskkh|03|org"; nocase; ) # kape181se8yrn1nq0e0ord2q5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kape181se8yrn1nq0e0ord2q5t|03|net"; nocase; ) # bd4piztuljd9hsifzp1idxvga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bd4piztuljd9hsifzp1idxvga|03|org"; nocase; ) # 495j5yjx3q3n94mott1ioxhfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|495j5yjx3q3n94mott1ioxhfo|03|com"; nocase; ) # jfkbd9661whj1v1sw11bp3pxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jfkbd9661whj1v1sw11bp3pxm|03|com"; nocase; ) # r26ot11tgiirhl6852m1dx5n5c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r26ot11tgiirhl6852m1dx5n5c|03|biz"; nocase; ) # if8sg9v0xyxu1q85xxsxk7llh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|if8sg9v0xyxu1q85xxsxk7llh|03|biz"; nocase; ) # pzm5c01ummbgmkyndl31j6o29w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pzm5c01ummbgmkyndl31j6o29w|03|net"; nocase; ) # 172kbdpp3lp8wwr4z90qapsrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|172kbdpp3lp8wwr4z90qapsrq|03|net"; nocase; ) # 1vrj65zw36epq12o2gzzv03wy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vrj65zw36epq12o2gzzv03wy|03|net"; nocase; ) # smxobp1kxmbn91ho5f50w3r25h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|smxobp1kxmbn91ho5f50w3r25h|03|net"; nocase; ) # 1x5eiz21kq72k66eh0nejhb9d5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5eiz21kq72k66eh0nejhb9d5|03|org"; nocase; ) # 1upuale29oxrw11cuyxwaas3n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1upuale29oxrw11cuyxwaas3n|03|com"; nocase; ) # 1yw8npqy25n1lv0jdvoajpmbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yw8npqy25n1lv0jdvoajpmbc|03|com"; nocase; ) # 1g6rkqu1tqsy2n1uac0gnww1t83.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g6rkqu1tqsy2n1uac0gnww1t83|03|biz"; nocase; ) # 1mfzyw786d1mdtaanr5ptf6uo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mfzyw786d1mdtaanr5ptf6uo|03|net"; nocase; ) # cq6vob19ylm2z10ftl8t1wdtwk8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cq6vob19ylm2z10ftl8t1wdtwk8|03|biz"; nocase; ) # x4egsz1mmvgtj13qf9qn1n4vxfc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x4egsz1mmvgtj13qf9qn1n4vxfc|03|net"; nocase; ) # 12or6sy1s5nhs0nhhrqk1w67fsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12or6sy1s5nhs0nhhrqk1w67fsj|03|net"; nocase; ) # 1iju5p11povt2w1bxjiyyfgy8d9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iju5p11povt2w1bxjiyyfgy8d9|03|com"; nocase; ) # m1dapc1xn1sgt1np1u3c1ggdqvz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m1dapc1xn1sgt1np1u3c1ggdqvz|03|biz"; nocase; ) # 1o3hzjy11v0smpovqfy2edbxiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o3hzjy11v0smpovqfy2edbxiv|03|com"; nocase; ) # 1ap80y61on0usw1rle3pf2dlwe6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ap80y61on0usw1rle3pf2dlwe6|03|org"; nocase; ) # 331zz4ogandiq5t4fsxu7mhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|331zz4ogandiq5t4fsxu7mhw|03|net"; nocase; ) # 1lvsjbqk9ygup1a97wsr1yi9jlm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lvsjbqk9ygup1a97wsr1yi9jlm|03|net"; nocase; ) # 1qso1ak1i3k9l71u059xe145t4mw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qso1ak1i3k9l71u059xe145t4mw|03|com"; nocase; ) # pzxphn84fyiygxwl6clmrisu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pzxphn84fyiygxwl6clmrisu|03|biz"; nocase; ) # qkst7wcbnsnt97va40h5cxnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qkst7wcbnsnt97va40h5cxnl|03|biz"; nocase; ) # 183hw011q2gba51vylluj8swbfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|183hw011q2gba51vylluj8swbfh|03|net"; nocase; ) # 1mh5f0i1noq5c7juloc9ht82gc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mh5f0i1noq5c7juloc9ht82gc|03|biz"; nocase; ) # 1bl7ljc113xft61elt1s41ui61l8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bl7ljc113xft61elt1s41ui61l8|03|org"; nocase; ) # m9qcjywmd8bh13xp3hyz89a74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m9qcjywmd8bh13xp3hyz89a74|03|net"; nocase; ) # t1jyb318pqzxlxa7idr9ljsxu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t1jyb318pqzxlxa7idr9ljsxu|03|com"; nocase; ) # 1xpce3dxhgybezrhstyto3upg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xpce3dxhgybezrhstyto3upg|03|biz"; nocase; ) # simpnt15r08nc1cfegmb151bars.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|simpnt15r08nc1cfegmb151bars|03|com"; nocase; ) # 7tvzbl8xvvxo1f3i59l1ygb7gr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7tvzbl8xvvxo1f3i59l1ygb7gr|03|org"; nocase; ) # 1t39g4p1wbm5kishvcua1bff2cb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t39g4p1wbm5kishvcua1bff2cb|03|net"; nocase; ) # ne14hx5c756519k6rcs1lf367r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ne14hx5c756519k6rcs1lf367r|03|net"; nocase; ) # 1h2yyzl1cfec561lmkdz91g2uz9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h2yyzl1cfec561lmkdz91g2uz9c|03|biz"; nocase; ) # 1ldg9ok147p7szagejgpi8i9z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ldg9ok147p7szagejgpi8i9z4|03|org"; nocase; ) # 1ah1c5miqz55v1bthdyors9l0u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ah1c5miqz55v1bthdyors9l0u|03|com"; nocase; ) # dkuxbhm8e9wz11sqcv3e0nu4f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dkuxbhm8e9wz11sqcv3e0nu4f|03|net"; nocase; ) # ij5ktubgkuc6182alhlhud6vz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ij5ktubgkuc6182alhlhud6vz|03|org"; nocase; ) # 1n7996uy7o2k61w4smbr1ucjz64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n7996uy7o2k61w4smbr1ucjz64|03|net"; nocase; ) # 1664tq8v2a22cxzpi3o1xklchp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1664tq8v2a22cxzpi3o1xklchp|03|biz"; nocase; ) # dezi91t9vi8q8cpp1b4d7fd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|dezi91t9vi8q8cpp1b4d7fd|03|org"; nocase; ) # hcah8fp921vh1n7mrx91rspq3e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hcah8fp921vh1n7mrx91rspq3e|03|net"; nocase; ) # 1u6mutzb34qo2jb8x09thtjt0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u6mutzb34qo2jb8x09thtjt0|03|net"; nocase; ) # hlhn4s13jvem51deklvt1qnp9i6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hlhn4s13jvem51deklvt1qnp9i6|03|biz"; nocase; ) # 1sfmyjh1imj67lh101d71bjcu7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sfmyjh1imj67lh101d71bjcu7t|03|net"; nocase; ) # 1rc1wwd1lbmmvi9g9hhv1rf02y8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rc1wwd1lbmmvi9g9hhv1rf02y8|03|com"; nocase; ) # in05r11hhekqej5x7431rcj9eo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|in05r11hhekqej5x7431rcj9eo|03|org"; nocase; ) # bbsgn55erljvwwqps91fw0l4a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bbsgn55erljvwwqps91fw0l4a|03|biz"; nocase; ) # 1wt7gwp1f8lsj41cttfct1fbd6sl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wt7gwp1f8lsj41cttfct1fbd6sl|03|org"; nocase; ) # 1yx5tlzzp2gb51d31eb61wywo15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yx5tlzzp2gb51d31eb61wywo15|03|net"; nocase; ) # otq1j21uzvq3j1bvhm2y32qewr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|otq1j21uzvq3j1bvhm2y32qewr|03|org"; nocase; ) # 1jwn6m8q1uv3eyqfvbd1g14esa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jwn6m8q1uv3eyqfvbd1g14esa|03|net"; nocase; ) # 19wvtrmwt4roh2g1vnllorpjw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19wvtrmwt4roh2g1vnllorpjw|03|com"; nocase; ) # gz8ells7g9r31su8fn67jqbyk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gz8ells7g9r31su8fn67jqbyk|03|biz"; nocase; ) # qreps2658mqn1l1sv8h1ljqaay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qreps2658mqn1l1sv8h1ljqaay|03|org"; nocase; ) # 1pden5j1flgao6w4qk3zaa5tw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pden5j1flgao6w4qk3zaa5tw9|03|net"; nocase; ) # 1ge1j1x1b6sq0g19kgqtz1r601ed.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ge1j1x1b6sq0g19kgqtz1r601ed|03|org"; nocase; ) # z7qpkaywk3a1xlhgfv18pk8b9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z7qpkaywk3a1xlhgfv18pk8b9|03|biz"; nocase; ) # 1pdn6j391jrpq1xzm0to7whr7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pdn6j391jrpq1xzm0to7whr7w|03|net"; nocase; ) # 1dlp0bk10288yeaacdl1s21p7f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlp0bk10288yeaacdl1s21p7f|03|biz"; nocase; ) # h5w5ns19ypyrc2s8uvu1ibbxz3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h5w5ns19ypyrc2s8uvu1ibbxz3|03|net"; nocase; ) # ajzc60ryiqhs155e9episc2d9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ajzc60ryiqhs155e9episc2d9|03|net"; nocase; ) # 1o08csm1f85mbahowsb8kh6p6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o08csm1f85mbahowsb8kh6p6p|03|com"; nocase; ) # 8i9co21tufsc51f9l3t6v72u0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8i9co21tufsc51f9l3t6v72u0o|03|net"; nocase; ) # 1mr18by1jpntxfof9mhc91s4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mr18by1jpntxfof9mhc91s4g|03|net"; nocase; ) # fg8dxm1m9t6l31ay4951gn3918.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fg8dxm1m9t6l31ay4951gn3918|03|com"; nocase; ) # 2uaqubcwmwwkrcssz01i3mwi5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2uaqubcwmwwkrcssz01i3mwi5|03|org"; nocase; ) # 1sb7eub1a2su5i7zwsb0178ltpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sb7eub1a2su5i7zwsb0178ltpj|03|com"; nocase; ) # 189qoxibxwcr61o3eg932m8d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|189qoxibxwcr61o3eg932m8d|03|org"; nocase; ) # 1qje4b5fb8z2oxut5oal3y564.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qje4b5fb8z2oxut5oal3y564|03|com"; nocase; ) # 13h2561cbvz4mqghbuoerb18u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13h2561cbvz4mqghbuoerb18u|03|net"; nocase; ) # 1og0l2w1ek0020owh9xr1a0y32r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1og0l2w1ek0020owh9xr1a0y32r|03|org"; nocase; ) # 3hn3c19yzsr2k34w8b1oyf09x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3hn3c19yzsr2k34w8b1oyf09x|03|net"; nocase; ) # kp3dan10722vh1sv71gvo97yod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kp3dan10722vh1sv71gvo97yod|03|com"; nocase; ) # 1isuzvh63d2ui7sna3y1i6ofdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1isuzvh63d2ui7sna3y1i6ofdt|03|com"; nocase; ) # ijvbk31he16xf9ehv8na431f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ijvbk31he16xf9ehv8na431f|03|net"; nocase; ) # 17xzt5z1evwt2n1l65g4zwj5289.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17xzt5z1evwt2n1l65g4zwj5289|03|biz"; nocase; ) # kfywrk1e0wfuvuydk7f1ww2nun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kfywrk1e0wfuvuydk7f1ww2nun|03|net"; nocase; ) # zc7ufz2yxyizw61ky71j2um8a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zc7ufz2yxyizw61ky71j2um8a|03|net"; nocase; ) # mk89sphldalq1yt72pt19x5kky.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mk89sphldalq1yt72pt19x5kky|03|biz"; nocase; ) # 129c1i065efhg1vl8byv167kgdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129c1i065efhg1vl8byv167kgdu|03|net"; nocase; ) # b1tl9n1d7y8k4pypv3vrc6mj6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1tl9n1d7y8k4pypv3vrc6mj6|03|com"; nocase; ) # obs3vj1sf1di81m2henj1rlsn62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|obs3vj1sf1di81m2henj1rlsn62|03|net"; nocase; ) # fhew8ar30xzqdo39xmez7d86.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fhew8ar30xzqdo39xmez7d86|03|org"; nocase; ) # t0e9j1vku60cwllrg81pgnaxd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t0e9j1vku60cwllrg81pgnaxd|03|com"; nocase; ) # s0mo6gavdhu31q1mjp37ggvrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s0mo6gavdhu31q1mjp37ggvrn|03|net"; nocase; ) # 16fgb8txw2div1vot9nxayx93v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16fgb8txw2div1vot9nxayx93v|03|com"; nocase; ) # 1ivezenh5m9b91hnkc2g1woemjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ivezenh5m9b91hnkc2g1woemjz|03|org"; nocase; ) # 1b3jg4a1ywz1qn1vjorfl158gdt2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b3jg4a1ywz1qn1vjorfl158gdt2|03|org"; nocase; ) # 1ka0ih4t49bbq1kj5ax01crrqtf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ka0ih4t49bbq1kj5ax01crrqtf|03|com"; nocase; ) # 1red0ra1e3xnie1ce9v674fe81y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1red0ra1e3xnie1ce9v674fe81y|03|biz"; nocase; ) # 1r1zdj71oi0s601yjyuyw1z05cu9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r1zdj71oi0s601yjyuyw1z05cu9|03|net"; nocase; ) # 1lqco4a1jrmtyn1fhtagn1imylsv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lqco4a1jrmtyn1fhtagn1imylsv|03|biz"; nocase; ) # 1c15cmidrvcym1alubluq9qgj7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c15cmidrvcym1alubluq9qgj7|03|com"; nocase; ) # advjtlip9vxxab64ba16lg1e3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|advjtlip9vxxab64ba16lg1e3|03|biz"; nocase; ) # 125p3iq13hztxp1jj4oun3zepek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|125p3iq13hztxp1jj4oun3zepek|03|net"; nocase; ) # 1ia9b2312wms1wqgd2wp1fpfhjh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ia9b2312wms1wqgd2wp1fpfhjh|03|net"; nocase; ) # 1suyatq1a9wxcde0rw81e1gxw4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1suyatq1a9wxcde0rw81e1gxw4|03|biz"; nocase; ) # 1ohrmn8otjp2xgczfjfoqx2h4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ohrmn8otjp2xgczfjfoqx2h4|03|com"; nocase; ) # 1dzh8g91cwfoiqkqhhv7tc14ys.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dzh8g91cwfoiqkqhhv7tc14ys|03|org"; nocase; ) # 10ytvki1xx60zb1bkibnh59i89r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ytvki1xx60zb1bkibnh59i89r|03|com"; nocase; ) # woa3cg78a8hdo6z3cq1iotvqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|woa3cg78a8hdo6z3cq1iotvqz|03|net"; nocase; ) # 1g882krz4hcdh19hqu0h1mcagoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g882krz4hcdh19hqu0h1mcagoj|03|org"; nocase; ) # 1ylkant142x8if9fv7wy1trmtpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ylkant142x8if9fv7wy1trmtpe|03|biz"; nocase; ) # 1ns86xrcmcgcl1oa7veh12wwi5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ns86xrcmcgcl1oa7veh12wwi5e|03|net"; nocase; ) # 1uxti3a4pkov8tqtnx6l2su0s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uxti3a4pkov8tqtnx6l2su0s|03|com"; nocase; ) # 1x3inorf0u5vco5x486itidkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x3inorf0u5vco5x486itidkv|03|org"; nocase; ) # 1pt9bse1ejv4m5ngw4c21wc18wd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pt9bse1ejv4m5ngw4c21wc18wd|03|net"; nocase; ) # 1wuxoaxmv620371y5mg1hyaekx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wuxoaxmv620371y5mg1hyaekx|03|org"; nocase; ) # oaeifrgfdr7gta8x8612qat3x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oaeifrgfdr7gta8x8612qat3x|03|com"; nocase; ) # 4n5ps3106d42ht4x4bqhdh9pn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4n5ps3106d42ht4x4bqhdh9pn|03|com"; nocase; ) # 12iug9m54gghp1y0be4h1rgvu9w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12iug9m54gghp1y0be4h1rgvu9w|03|org"; nocase; ) # 1vipq55102ywmf1mbl3sk1g24r1l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vipq55102ywmf1mbl3sk1g24r1l|03|biz"; nocase; ) # 1lxjhfy138jvgi1ob832f1bya48l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxjhfy138jvgi1ob832f1bya48l|03|org"; nocase; ) # 48ys7r17mg6lpwzwipgl7pivt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|48ys7r17mg6lpwzwipgl7pivt|03|net"; nocase; ) # vkhyf1ybvblroeqshjj0j2m8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vkhyf1ybvblroeqshjj0j2m8|03|net"; nocase; ) # tkc7h31rjj1yl1n7xc29qztdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tkc7h31rjj1yl1n7xc29qztdu|03|net"; nocase; ) # y4bha41gckmsl7hmki21rv2081.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4bha41gckmsl7hmki21rv2081|03|net"; nocase; ) # 18rldys1u2mm6qor7qjf1781kho.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18rldys1u2mm6qor7qjf1781kho|03|biz"; nocase; ) # dmn6es10lehz111e22941zzm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dmn6es10lehz111e22941zzm5|03|net"; nocase; ) # 1ubqvbe107biije7c8351tvfiyb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ubqvbe107biije7c8351tvfiyb|03|net"; nocase; ) # 1uzsshppdd2om1i6tffs141qiru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uzsshppdd2om1i6tffs141qiru|03|com"; nocase; ) # nubc0dn2s5nnoq9sspc05bde.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nubc0dn2s5nnoq9sspc05bde|03|org"; nocase; ) # fc7n6r177cfjr5r886gjdxp21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fc7n6r177cfjr5r886gjdxp21|03|org"; nocase; ) # w9nfau10ir861tsbxo81r0udo0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w9nfau10ir861tsbxo81r0udo0|03|biz"; nocase; ) # 1490u56l40jyb1mbbna11yi0iv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1490u56l40jyb1mbbna11yi0iv|03|net"; nocase; ) # 1owx60a1oo4jev1g52ky3yvbtsw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1owx60a1oo4jev1g52ky3yvbtsw|03|org"; nocase; ) # 1nl94121lywo9w1mdk5jj6zzluw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nl94121lywo9w1mdk5jj6zzluw|03|com"; nocase; ) # 1s6pg8t1rdn2vx1s235931bup5wd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s6pg8t1rdn2vx1s235931bup5wd|03|com"; nocase; ) # fuk64h18xwtj1r6q8e41dho5qv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fuk64h18xwtj1r6q8e41dho5qv|03|biz"; nocase; ) # pklnxc1nliam8spky5qd4y4lp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pklnxc1nliam8spky5qd4y4lp|03|org"; nocase; ) # 1jptb3o17yc7n51xz9ep58cz1ni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jptb3o17yc7n51xz9ep58cz1ni|03|net"; nocase; ) # d4gojf1gfdzdb1cebmm2pkl1c7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d4gojf1gfdzdb1cebmm2pkl1c7|03|org"; nocase; ) # 1p3zog8162ygsj1y4apq1aths08.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3zog8162ygsj1y4apq1aths08|03|biz"; nocase; ) # 13ic6q8qnrfgw1jjevxh1mmtxr2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ic6q8qnrfgw1jjevxh1mmtxr2|03|net"; nocase; ) # xwilrxsgtw6hazkac8iu9351.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xwilrxsgtw6hazkac8iu9351|03|com"; nocase; ) # uyfc6i1bjl1im26yb4h13iowxi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uyfc6i1bjl1im26yb4h13iowxi|03|org"; nocase; ) # 1r2rhfa16vc3r11bz76oinzahn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r2rhfa16vc3r11bz76oinzahn|03|net"; nocase; ) # 1jwa6tf16lpvgmwzu94w1bxrk7v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jwa6tf16lpvgmwzu94w1bxrk7v|03|biz"; nocase; ) # 1wg4g9xc9ufvu8ryqi212p5ygn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wg4g9xc9ufvu8ryqi212p5ygn|03|com"; nocase; ) # mf0rh916hpxe017aw0puts5dho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mf0rh916hpxe017aw0puts5dho|03|net"; nocase; ) # u165fk19fu8xm1hranahgpye69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u165fk19fu8xm1hranahgpye69|03|net"; nocase; ) # 6160kk1equjtj12pr1x1oj1b7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6160kk1equjtj12pr1x1oj1b7w|03|com"; nocase; ) # 1x9bmpt1ob6ab41ju45t2mxxmcc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x9bmpt1ob6ab41ju45t2mxxmcc|03|net"; nocase; ) # 1bo078c1ymt33ujdb76s4i55xz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bo078c1ymt33ujdb76s4i55xz|03|net"; nocase; ) # q9xarw1rovipi7g0c751aogpf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q9xarw1rovipi7g0c751aogpf2|03|org"; nocase; ) # 9sly7n5gkqyg1nw7jou16ynvdp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9sly7n5gkqyg1nw7jou16ynvdp|03|com"; nocase; ) # b9g36ktno3lw1hj6fxc1vfa71v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9g36ktno3lw1hj6fxc1vfa71v|03|com"; nocase; ) # tdil8yb1rr21v1wj4scst5zj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tdil8yb1rr21v1wj4scst5zj|03|org"; nocase; ) # 17tmh9u13369vzo0tos0d7zext.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17tmh9u13369vzo0tos0d7zext|03|com"; nocase; ) # 566788t5n55p1f2crrk3autyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|566788t5n55p1f2crrk3autyu|03|com"; nocase; ) # 1mvh0p9vcmy49z1gc9m1l3q81q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mvh0p9vcmy49z1gc9m1l3q81q|03|net"; nocase; ) # 1oibspm1qze65b1yc309k7ku2r3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oibspm1qze65b1yc309k7ku2r3|03|org"; nocase; ) # gqamr31edhgcp1hls4kuvj257.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gqamr31edhgcp1hls4kuvj257|03|com"; nocase; ) # hyuyc1tvfwj6ih90q3hd00cm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hyuyc1tvfwj6ih90q3hd00cm|03|net"; nocase; ) # 1e0ni0r6fzlw418a5ctor9cb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1e0ni0r6fzlw418a5ctor9cb|03|biz"; nocase; ) # 1hhxwi61t3j11h1esna5w1y32goc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hhxwi61t3j11h1esna5w1y32goc|03|org"; nocase; ) # 1scpd2i8bmyuci09ieuf46cr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1scpd2i8bmyuci09ieuf46cr|03|biz"; nocase; ) # 1gp5bn91ker90b1n48iyh1v2ebs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gp5bn91ker90b1n48iyh1v2ebs4|03|net"; nocase; ) # 55maysgwbdsqmnpxps1fcutmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|55maysgwbdsqmnpxps1fcutmk|03|org"; nocase; ) # 1rjlvim13mdxyw1cv21lj1ce1own.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rjlvim13mdxyw1cv21lj1ce1own|03|org"; nocase; ) # d2qwj7qd9mkikzxwnu1ga2o4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d2qwj7qd9mkikzxwnu1ga2o4k|03|com"; nocase; ) # 11053cg12upk10173jjn0p6ix8v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11053cg12upk10173jjn0p6ix8v|03|biz"; nocase; ) # xmkso81k0rwba87dxzsr89bp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xmkso81k0rwba87dxzsr89bp|03|net"; nocase; ) # 11q9cotsz7lkr1qqse2efwfvz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11q9cotsz7lkr1qqse2efwfvz5|03|com"; nocase; ) # 1wh1jfxdjzoxrmtupz5xpxfyg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wh1jfxdjzoxrmtupz5xpxfyg|03|net"; nocase; ) # 1trw7h01xzftceyb5oec4jvgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1trw7h01xzftceyb5oec4jvgb|03|com"; nocase; ) # 158ycc51d6cnj2z0mysdnob3bw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|158ycc51d6cnj2z0mysdnob3bw|03|org"; nocase; ) # jvs0sn154gv1j1jy365vnm03zk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jvs0sn154gv1j1jy365vnm03zk|03|org"; nocase; ) # 1vjnuuw11quc9s1sxj81i1hlf19w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vjnuuw11quc9s1sxj81i1hlf19w|03|com"; nocase; ) # afi7edp3622eduwct116dvdom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|afi7edp3622eduwct116dvdom|03|com"; nocase; ) # 1sx2ejsiusa341g47fn6qymom6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sx2ejsiusa341g47fn6qymom6|03|com"; nocase; ) # 1kujjjk1bajgnmum8u1ec2mtjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kujjjk1bajgnmum8u1ec2mtjy|03|com"; nocase; ) # gzgcu118bmaso1ka2wcw187mji2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gzgcu118bmaso1ka2wcw187mji2|03|net"; nocase; ) # snit001ligme316x84lxt97ew2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|snit001ligme316x84lxt97ew2|03|org"; nocase; ) # 1ovfe008a3ski1bqcfb5dwiejm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ovfe008a3ski1bqcfb5dwiejm|03|com"; nocase; ) # 18clwx6h6311rixh8xfydu3z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18clwx6h6311rixh8xfydu3z|03|org"; nocase; ) # 13ow5wwyfcm7dlw041j3cbt3q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ow5wwyfcm7dlw041j3cbt3q|03|org"; nocase; ) # 1yv5v9m1xrnoy910x9brb14r5k2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yv5v9m1xrnoy910x9brb14r5k2f|03|net"; nocase; ) # v0askt1ci77q51xlcz2i4v4e35.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v0askt1ci77q51xlcz2i4v4e35|03|biz"; nocase; ) # meyx8r1h44ay34docwz1g5syzv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|meyx8r1h44ay34docwz1g5syzv|03|org"; nocase; ) # 1r5uzcb1splsqnw3inluwjvnf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r5uzcb1splsqnw3inluwjvnf|03|net"; nocase; ) # zudznaifpsre1jtg53b1k69jbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zudznaifpsre1jtg53b1k69jbi|03|com"; nocase; ) # of44oz1op99o31yi396r1v3024o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|of44oz1op99o31yi396r1v3024o|03|org"; nocase; ) # 18yz3ukgqxj0r1itwjzo13tqfsk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18yz3ukgqxj0r1itwjzo13tqfsk|03|org"; nocase; ) # 1bpntha2wq9l01vzqlv8rqr13z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpntha2wq9l01vzqlv8rqr13z|03|org"; nocase; ) # t8xc1z1f7ik321umn7j81tnskno.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t8xc1z1f7ik321umn7j81tnskno|03|net"; nocase; ) # 1w10b1bcr7qeq120oaga1akzlmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w10b1bcr7qeq120oaga1akzlmq|03|org"; nocase; ) # n0pra4mgh4y28d6e271yjm1nb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n0pra4mgh4y28d6e271yjm1nb|03|com"; nocase; ) # c5lj3molzkd11ikxv781fhm5nf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c5lj3molzkd11ikxv781fhm5nf|03|com"; nocase; ) # mqc18rks1afdrcqkm4149be9a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqc18rks1afdrcqkm4149be9a|03|net"; nocase; ) # y4h3quwgkpqltw91w8d168j4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y4h3quwgkpqltw91w8d168j4|03|net"; nocase; ) # btmmqs1fv2sjm1njb8d31fel9xa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|btmmqs1fv2sjm1njb8d31fel9xa|03|com"; nocase; ) # 10ml3vo1ss0hkf13wsofg1pd0jxj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ml3vo1ss0hkf13wsofg1pd0jxj|03|org"; nocase; ) # hig1u5orfib01eg7ww9co4b7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hig1u5orfib01eg7ww9co4b7a|03|com"; nocase; ) # 37aqnp1pje7cf1ch1i0fh69sro.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|37aqnp1pje7cf1ch1i0fh69sro|03|org"; nocase; ) # 1oejedv13zl19svfu9c5eqoc19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oejedv13zl19svfu9c5eqoc19|03|net"; nocase; ) # 1y84ku5p7q0xc1n7vlmeshizpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y84ku5p7q0xc1n7vlmeshizpx|03|biz"; nocase; ) # zcz54zjeu9l9xujpju6n6b4d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zcz54zjeu9l9xujpju6n6b4d|03|net"; nocase; ) # 1c92vza1d4jn55x47003igs8kx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c92vza1d4jn55x47003igs8kx|03|net"; nocase; ) # ihi48zlonxtjc43nhc1bad6ic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ihi48zlonxtjc43nhc1bad6ic|03|biz"; nocase; ) # 1i0f2741rj1kj3ye737u4sjzic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i0f2741rj1kj3ye737u4sjzic|03|org"; nocase; ) # evn0oy1lu4iv81kiemzi8qi971.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|evn0oy1lu4iv81kiemzi8qi971|03|net"; nocase; ) # 7y5rkd15p73undi9hr0s8rkjr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7y5rkd15p73undi9hr0s8rkjr|03|net"; nocase; ) # 1lfrava1nwcrpy1otn3tvy46kxt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lfrava1nwcrpy1otn3tvy46kxt|03|org"; nocase; ) # 8ej4r3p9kccurul9oo173nhua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ej4r3p9kccurul9oo173nhua|03|net"; nocase; ) # 1nsn5ni3jrf4qp9w1hc1umjdm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nsn5ni3jrf4qp9w1hc1umjdm9|03|net"; nocase; ) # 6oamw66t5ihmipf3ije2lt4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6oamw66t5ihmipf3ije2lt4v|03|net"; nocase; ) # ymixs81d114k71fl55sl15xcpo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ymixs81d114k71fl55sl15xcpo7|03|net"; nocase; ) # 1n3bhf61mhlxn1o9m6nw1stp4e1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n3bhf61mhlxn1o9m6nw1stp4e1|03|biz"; nocase; ) # vj88pnidca161sv70jb19t9jlv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vj88pnidca161sv70jb19t9jlv|03|net"; nocase; ) # 19nlora16txsvaymtxuhw0gws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19nlora16txsvaymtxuhw0gws|03|com"; nocase; ) # 1d7eb0k1w9ljm192pgzkozl7p7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d7eb0k1w9ljm192pgzkozl7p7|03|biz"; nocase; ) # vrgegu1f0sz1912wo01s18yj3m7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vrgegu1f0sz1912wo01s18yj3m7|03|biz"; nocase; ) # je42v619p3zvf12hp4xsdtxzzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|je42v619p3zvf12hp4xsdtxzzj|03|com"; nocase; ) # 6eu1h2a9gaai1q1mppiv2uhgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6eu1h2a9gaai1q1mppiv2uhgp|03|org"; nocase; ) # 8dhppx16s3yd713kd6fhct863l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8dhppx16s3yd713kd6fhct863l|03|com"; nocase; ) # 15nwd9110xpjgq1bwowlk1dnuv2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15nwd9110xpjgq1bwowlk1dnuv2b|03|net"; nocase; ) # cyvj7j9lyq4b1qzd9ue1kuj2v7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cyvj7j9lyq4b1qzd9ue1kuj2v7|03|net"; nocase; ) # 302n9s4rzfypus4hbbx6ivlk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|302n9s4rzfypus4hbbx6ivlk|03|net"; nocase; ) # gdma0j1ixmk471tzpgi0yz0o5v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gdma0j1ixmk471tzpgi0yz0o5v|03|org"; nocase; ) # neudhyuw0r3j13o2zedq0c9bb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|neudhyuw0r3j13o2zedq0c9bb|03|net"; nocase; ) # 1stqb41c05k0n14rrxpt1j1ln4v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1stqb41c05k0n14rrxpt1j1ln4v|03|com"; nocase; ) # 10ichjm1htfgn5yjzdcd12k39rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ichjm1htfgn5yjzdcd12k39rz|03|com"; nocase; ) # 1ys3w4811q2jfh1w9fqveo9pz8e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ys3w4811q2jfh1w9fqveo9pz8e|03|net"; nocase; ) # 1wq8c2b1gz6k6mbway5d1td5dwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wq8c2b1gz6k6mbway5d1td5dwt|03|org"; nocase; ) # 1x0o7p6tyh5v9tbcolu16ba8ls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0o7p6tyh5v9tbcolu16ba8ls|03|org"; nocase; ) # 19n97mihtv2v1z1quiw3ixpxu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19n97mihtv2v1z1quiw3ixpxu|03|net"; nocase; ) # 1ki0dqldk8uud1ls93kvkbq10f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ki0dqldk8uud1ls93kvkbq10f|03|com"; nocase; ) # ejxgbf1howml4124a1kv5h9nah.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ejxgbf1howml4124a1kv5h9nah|03|biz"; nocase; ) # 14x6ywb8r1hcq7c4g62mqo73n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14x6ywb8r1hcq7c4g62mqo73n|03|net"; nocase; ) # tnv6m21stb6bw1d978kr1so9iuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tnv6m21stb6bw1d978kr1so9iuc|03|net"; nocase; ) # awaaxh1hsq1qr1scjoiv1fi3c7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|awaaxh1hsq1qr1scjoiv1fi3c7t|03|org"; nocase; ) # mi1xtgxy5ijjv0awiz1h6bhw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mi1xtgxy5ijjv0awiz1h6bhw|03|org"; nocase; ) # 1atf9kysj1hrmvnie6i1gce5dv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1atf9kysj1hrmvnie6i1gce5dv|03|net"; nocase; ) # 1t5ojd11mdttquebxjh18x0xme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5ojd11mdttquebxjh18x0xme|03|com"; nocase; ) # 1ewxnox1vorova19n3yu6ixov2n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ewxnox1vorova19n3yu6ixov2n|03|biz"; nocase; ) # lmrxw117601je907osn1i7tgsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmrxw117601je907osn1i7tgsn|03|net"; nocase; ) # nbbicweks3fp1vih8ydv3ck59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nbbicweks3fp1vih8ydv3ck59|03|org"; nocase; ) # gh2fs1158571n1pwo24j1x2j26f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gh2fs1158571n1pwo24j1x2j26f|03|com"; nocase; ) # 9cn1up1ahcjmsvz06y310mhngo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9cn1up1ahcjmsvz06y310mhngo|03|net"; nocase; ) # 1hcbeka3x2ztt1gsab5t4wx9pd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hcbeka3x2ztt1gsab5t4wx9pd|03|org"; nocase; ) # zakgdg12nxo681wph17f1xt2s49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zakgdg12nxo681wph17f1xt2s49|03|net"; nocase; ) # k48qzuqf9b7v1jg9av51tqkjl0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k48qzuqf9b7v1jg9av51tqkjl0|03|org"; nocase; ) # u499gb1bgguad1jymvit39gmu0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u499gb1bgguad1jymvit39gmu0|03|com"; nocase; ) # yfqeemp7cxyx1ykqa6sqrt7ck.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yfqeemp7cxyx1ykqa6sqrt7ck|03|org"; nocase; ) # 15h8p7qm9jiu0rzq9n31wgfx97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15h8p7qm9jiu0rzq9n31wgfx97|03|net"; nocase; ) # mkmy381rck1zu1axyadrus1xtm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mkmy381rck1zu1axyadrus1xtm|03|org"; nocase; ) # h46b618v6coput8u74dt7zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|h46b618v6coput8u74dt7zy|03|net"; nocase; ) # oy06zv1hc6mpu1ot0iynzcxw23.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oy06zv1hc6mpu1ot0iynzcxw23|03|com"; nocase; ) # 1l1kkctipy5qaynp6911pqrv1l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l1kkctipy5qaynp6911pqrv1l|03|net"; nocase; ) # 1lxiuuamg76ww1j5ygxz1g7bnct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxiuuamg76ww1j5ygxz1g7bnct|03|com"; nocase; ) # 1ptfnes41psnj13jfcdt19jkh0w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptfnes41psnj13jfcdt19jkh0w|03|org"; nocase; ) # 1wfso1m1c3rnpf9o6uk916itg3q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfso1m1c3rnpf9o6uk916itg3q|03|net"; nocase; ) # 1eobo3y525kpyshsslt1qoab0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eobo3y525kpyshsslt1qoab0u|03|org"; nocase; ) # dkahfs1fgwsi2i2fk66154o08i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dkahfs1fgwsi2i2fk66154o08i|03|net"; nocase; ) # mhhwlq1t9moe8o8a6ik4414z0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mhhwlq1t9moe8o8a6ik4414z0|03|net"; nocase; ) # 1fbb7lo1wvk3zi1fa18eary0n3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbb7lo1wvk3zi1fa18eary0n3d|03|net"; nocase; ) # 7656o6ryoqscjmb5o6196z692.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7656o6ryoqscjmb5o6196z692|03|net"; nocase; ) # k4xkq7bjfv06n26fz1fr43kf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k4xkq7bjfv06n26fz1fr43kf|03|org"; nocase; ) # 302r40qhcuut10b0xn7puznru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|302r40qhcuut10b0xn7puznru|03|biz"; nocase; ) # 14cfifb1c9w74l1m8t1m4f1ntey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cfifb1c9w74l1m8t1m4f1ntey|03|com"; nocase; ) # 1upxx0r7spbog1vxqgjqscxvv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1upxx0r7spbog1vxqgjqscxvv4|03|net"; nocase; ) # 8vf3ec1hz2z275d5tcn1sakjyi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8vf3ec1hz2z275d5tcn1sakjyi|03|org"; nocase; ) # 1s24olb1ocyhnn1gcgtai5ftj07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s24olb1ocyhnn1gcgtai5ftj07|03|com"; nocase; ) # 1mo23ojnzsej3ml3pti1cftw9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mo23ojnzsej3ml3pti1cftw9p|03|com"; nocase; ) # 1ge1mkf4c6q8vihuoxjygdxl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ge1mkf4c6q8vihuoxjygdxl0|03|com"; nocase; ) # wwxjcxqdposl1s57vlvw79dn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wwxjcxqdposl1s57vlvw79dn6|03|org"; nocase; ) # 13tj3g7gckjpoxfaaun13p3pkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13tj3g7gckjpoxfaaun13p3pkl|03|com"; nocase; ) # rgctwe1wrovex1mxj9re4v1k92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rgctwe1wrovex1mxj9re4v1k92|03|org"; nocase; ) # u4z636l09855zsftuc36fufb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u4z636l09855zsftuc36fufb|03|net"; nocase; ) # 1ipwafq1dx2ehd5y78dp16m2nu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ipwafq1dx2ehd5y78dp16m2nu4|03|com"; nocase; ) # 1unp51lcpqzf51w6704jstvuc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1unp51lcpqzf51w6704jstvuc1|03|net"; nocase; ) # kufvsp1ygusdq1r4brsb1olym5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kufvsp1ygusdq1r4brsb1olym5a|03|net"; nocase; ) # 1dcghj73igkormheyb11lvm8bm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dcghj73igkormheyb11lvm8bm|03|com"; nocase; ) # abnw6f1oxq2u2y61cd95idb4s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abnw6f1oxq2u2y61cd95idb4s|03|org"; nocase; ) # 1wvmkxorim6bm971pdzs9a180.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wvmkxorim6bm971pdzs9a180|03|biz"; nocase; ) # 1qzg420x6orwnr5wr6jqr8jcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qzg420x6orwnr5wr6jqr8jcs|03|net"; nocase; ) # 7slg7wbwjzqg1chbdzz1l6x8oc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7slg7wbwjzqg1chbdzz1l6x8oc|03|net"; nocase; ) # ddj0cxyw0c5wcz74891dn4ilc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ddj0cxyw0c5wcz74891dn4ilc|03|org"; nocase; ) # apa17ww6u35re1vd8o17w826a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|apa17ww6u35re1vd8o17w826a|03|org"; nocase; ) # 18w62ns1vvap89og5e8z1plbuhl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18w62ns1vvap89og5e8z1plbuhl|03|biz"; nocase; ) # 1he77hh1wb5nr48iff21v1wzrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1he77hh1wb5nr48iff21v1wzrh|03|net"; nocase; ) # 154zgj3cc6oeav6ql3q1921rx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|154zgj3cc6oeav6ql3q1921rx1|03|biz"; nocase; ) # egg0w21xeb6h4ia1djh1nt69nl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|egg0w21xeb6h4ia1djh1nt69nl|03|org"; nocase; ) # 19yr422rxap6vkhmkuo1t2ypef.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19yr422rxap6vkhmkuo1t2ypef|03|net"; nocase; ) # vuakpq8d58kh1hy8p8fzndc0e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vuakpq8d58kh1hy8p8fzndc0e|03|com"; nocase; ) # 1l4ytfmoqfiymawvdyd8udsmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l4ytfmoqfiymawvdyd8udsmf|03|biz"; nocase; ) # 1fpksd61ixu9nwn45snn1pcekm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fpksd61ixu9nwn45snn1pcekm8|03|net"; nocase; ) # 1uqy1m61vmhs851lze4eqkm5xqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uqy1m61vmhs851lze4eqkm5xqq|03|biz"; nocase; ) # 10c2old11jiid5zfl4tty7uxr6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10c2old11jiid5zfl4tty7uxr6|03|net"; nocase; ) # kh78ww1ya831q1tf8lkydfu9ua.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kh78ww1ya831q1tf8lkydfu9ua|03|biz"; nocase; ) # e4pn551koq9wg1z0mq2t1ttoxm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e4pn551koq9wg1z0mq2t1ttoxm|03|biz"; nocase; ) # 1lki9a2h615q7zhfugg13c7n3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lki9a2h615q7zhfugg13c7n3f|03|com"; nocase; ) # nkk8mwp0eexbacde8j1elxtkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nkk8mwp0eexbacde8j1elxtkr|03|com"; nocase; ) # 134z40mzhvjebor5virfbmnnk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|134z40mzhvjebor5virfbmnnk|03|org"; nocase; ) # 1s3abw5mynh67zbzoehh5re0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s3abw5mynh67zbzoehh5re0b|03|net"; nocase; ) # 1ae1p16vppf29ph23x1gmz9dl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ae1p16vppf29ph23x1gmz9dl|03|org"; nocase; ) # 1j8jy9e1q06b3oanpqjr1338i7h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j8jy9e1q06b3oanpqjr1338i7h|03|net"; nocase; ) # 1lxi15h1fqg1h5j06oem1f1qb5l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxi15h1fqg1h5j06oem1f1qb5l|03|com"; nocase; ) # 1dwxglo1163n8tgn5bldvraqpf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwxglo1163n8tgn5bldvraqpf|03|com"; nocase; ) # 1szyo001rjftpegsktqp1g5qx2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1szyo001rjftpegsktqp1g5qx2k|03|org"; nocase; ) # j335ba16ego4j1kuenwlyweqv7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j335ba16ego4j1kuenwlyweqv7|03|org"; nocase; ) # 18xayks4h18c014k9vabgoiup3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18xayks4h18c014k9vabgoiup3|03|com"; nocase; ) # gpycpv1hx3x861axyy7go7y6e2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpycpv1hx3x861axyy7go7y6e2|03|com"; nocase; ) # q9qb19lptfh5awdsof183qkxu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q9qb19lptfh5awdsof183qkxu|03|biz"; nocase; ) # ctqk1hfjpgbr1rrhssq179f5nk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ctqk1hfjpgbr1rrhssq179f5nk|03|com"; nocase; ) # 1tblp409r2ucrqoc5ps12eyc2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tblp409r2ucrqoc5ps12eyc2t|03|net"; nocase; ) # 10xgb291b4qm5h2vezwj2j95e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xgb291b4qm5h2vezwj2j95e0|03|biz"; nocase; ) # 1iqmsv2146ya3k1rds2id51xel9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iqmsv2146ya3k1rds2id51xel9|03|org"; nocase; ) # m0mmpl1e2m3wttoluto3fo1gf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m0mmpl1e2m3wttoluto3fo1gf|03|com"; nocase; ) # 18b9frqulrju9n79fos190tk3k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18b9frqulrju9n79fos190tk3k|03|org"; nocase; ) # 1gqodru4xm5bx1yyxywmbil576.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gqodru4xm5bx1yyxywmbil576|03|org"; nocase; ) # cr9pmrfvg64e1jj8jh2kpjndc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cr9pmrfvg64e1jj8jh2kpjndc|03|com"; nocase; ) # 1714nny1oqzliw12ppj4q1i4yccn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1714nny1oqzliw12ppj4q1i4yccn|03|org"; nocase; ) # 33d3igxgsqdtnfvnw41o031cv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|33d3igxgsqdtnfvnw41o031cv|03|com"; nocase; ) # ojgng61o1yliz1i4oj0m1fraxjb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ojgng61o1yliz1i4oj0m1fraxjb|03|com"; nocase; ) # g3y2cz19st1m9p95a9kagb52.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g3y2cz19st1m9p95a9kagb52|03|org"; nocase; ) # 16w03rxfrywpl1vkwci01ahlvqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16w03rxfrywpl1vkwci01ahlvqh|03|com"; nocase; ) # ibmjqh1v7td3f11d2t7e13di5m8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ibmjqh1v7td3f11d2t7e13di5m8|03|net"; nocase; ) # l7z04n164rn7y1x5ngf81w3mxqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l7z04n164rn7y1x5ngf81w3mxqi|03|org"; nocase; ) # 1sjitbz18u7t8u1b3ri5walicnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sjitbz18u7t8u1b3ri5walicnh|03|org"; nocase; ) # iq2bjtq2iikw1iiydnd1h6oqtp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iq2bjtq2iikw1iiydnd1h6oqtp|03|net"; nocase; ) # sf9k2471okog1z0ilw24gno7q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sf9k2471okog1z0ilw24gno7q|03|com"; nocase; ) # 11cdn8m15q4txe13vu511vpb5fo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11cdn8m15q4txe13vu511vpb5fo|03|net"; nocase; ) # f3hgg512fmsej3noe4m1xvdoy6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f3hgg512fmsej3noe4m1xvdoy6|03|com"; nocase; ) # 20eua91f64722f1zam26dq9ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|20eua91f64722f1zam26dq9ip|03|net"; nocase; ) # jzc5sp1b179tc1a5p897zzutx2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jzc5sp1b179tc1a5p897zzutx2|03|com"; nocase; ) # 1479n5e183uydw125ichkn4qd8e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1479n5e183uydw125ichkn4qd8e|03|net"; nocase; ) # 2zu55zwxevlb1me4ih6f12va.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2zu55zwxevlb1me4ih6f12va|03|net"; nocase; ) # 1mjth6xtzqvolvma71in6rrpy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mjth6xtzqvolvma71in6rrpy|03|org"; nocase; ) # i006cbi0xx0x12yddvk1fjaj2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i006cbi0xx0x12yddvk1fjaj2a|03|org"; nocase; ) # 5cfxpu1fa8bci1ml0urg5esmg1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5cfxpu1fa8bci1ml0urg5esmg1|03|biz"; nocase; ) # wft7im1s7gbg01m0c7l1qx7idw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wft7im1s7gbg01m0c7l1qx7idw|03|org"; nocase; ) # 8l1voa1dyrwyb13nfqzn1emgl9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8l1voa1dyrwyb13nfqzn1emgl9q|03|com"; nocase; ) # 1glrs2fssvxvvmyhtdnozkwke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1glrs2fssvxvvmyhtdnozkwke|03|com"; nocase; ) # 6o5u4p1kwye31g65udyakn45g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6o5u4p1kwye31g65udyakn45g|03|net"; nocase; ) # 1o7zw9n1g3cwif1utcw70twjoaq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o7zw9n1g3cwif1utcw70twjoaq|03|net"; nocase; ) # y9aghp1atzm6t5z1ua0jf5q61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y9aghp1atzm6t5z1ua0jf5q61|03|org"; nocase; ) # 13t5g9wmpvtdtqkn8671qe27tw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13t5g9wmpvtdtqkn8671qe27tw|03|biz"; nocase; ) # hfubi116a3rry30wxli1xqp7mj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfubi116a3rry30wxli1xqp7mj|03|com"; nocase; ) # 15yuh1agaol2q9d18v29fraw7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15yuh1agaol2q9d18v29fraw7|03|org"; nocase; ) # ipgh2iho299ygqt5jkgexlhw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ipgh2iho299ygqt5jkgexlhw|03|biz"; nocase; ) # 17kgohb1whldf21g87ci352tizh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17kgohb1whldf21g87ci352tizh|03|net"; nocase; ) # 15cotd71km5hw81yd6cpw1mj3da2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15cotd71km5hw81yd6cpw1mj3da2|03|net"; nocase; ) # 1oo714yb7gkjmoqvhwc1sxc7jt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oo714yb7gkjmoqvhwc1sxc7jt|03|org"; nocase; ) # pfo9681x09lkx3gxe2jkivfb4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pfo9681x09lkx3gxe2jkivfb4|03|com"; nocase; ) # 1bhnlby6lb2u1r7f4c21wr36v6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bhnlby6lb2u1r7f4c21wr36v6|03|com"; nocase; ) # 1dwfrj811s75c3g68zoi92cxqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwfrj811s75c3g68zoi92cxqi|03|org"; nocase; ) # 1uqok2u1ohc05m4oegccbdnm35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uqok2u1ohc05m4oegccbdnm35|03|net"; nocase; ) # 16wbmzglm7sog688t4k1c95zq5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wbmzglm7sog688t4k1c95zq5|03|com"; nocase; ) # saogx03vmya519hbhsq11g7iet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|saogx03vmya519hbhsq11g7iet|03|com"; nocase; ) # 1krerzq1dw8dlweeld9o16q7qid.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1krerzq1dw8dlweeld9o16q7qid|03|biz"; nocase; ) # yj57d2gvwin4dndiowrqfyzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yj57d2gvwin4dndiowrqfyzm|03|com"; nocase; ) # 12zyqy3c434g41g5uqgg525k92.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12zyqy3c434g41g5uqgg525k92|03|org"; nocase; ) # vd1vxnk1sbwy1m2zwy58uxx3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vd1vxnk1sbwy1m2zwy58uxx3y|03|net"; nocase; ) # 1bien9eh9lwmvy83wvrr6i9cs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bien9eh9lwmvy83wvrr6i9cs|03|com"; nocase; ) # 1e93bekfyzqtj1hkhk661e5hff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e93bekfyzqtj1hkhk661e5hff|03|org"; nocase; ) # tqhaju1m1re341d5h608uwjw6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tqhaju1m1re341d5h608uwjw6|03|com"; nocase; ) # tthnta1hvkxlg149ztcf42qph2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tthnta1hvkxlg149ztcf42qph2|03|com"; nocase; ) # 18850827tq5z14qf6ml11oo060.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18850827tq5z14qf6ml11oo060|03|net"; nocase; ) # 15hyzdq1h2cpxj1u7z88p16b2efa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15hyzdq1h2cpxj1u7z88p16b2efa|03|net"; nocase; ) # xn2sztq9eglr1d1s9md1n95gtb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xn2sztq9eglr1d1s9md1n95gtb|03|org"; nocase; ) # 1uma4jsi95r6vn8axp8y4ow4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1uma4jsi95r6vn8axp8y4ow4|03|biz"; nocase; ) # c223sk1ahmy8emf1ti4i3ycm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c223sk1ahmy8emf1ti4i3ycm5|03|net"; nocase; ) # 1o80a2n1q2voat1b5ow5t17jzfz3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o80a2n1q2voat1b5ow5t17jzfz3|03|org"; nocase; ) # 998xcy1abonlqjbmc1l12grmwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|998xcy1abonlqjbmc1l12grmwl|03|net"; nocase; ) # 1nek32c4hjitcwsv44d1x4msae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nek32c4hjitcwsv44d1x4msae|03|biz"; nocase; ) # f3bsgpno2a8j1la6l8nug9kgv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3bsgpno2a8j1la6l8nug9kgv|03|org"; nocase; ) # 166kvephgrx36xe6mdk1onwqvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166kvephgrx36xe6mdk1onwqvn|03|com"; nocase; ) # d565py1m6nhzv1otatblxalfl6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d565py1m6nhzv1otatblxalfl6|03|biz"; nocase; ) # 1ginwuo1x9l1g2uc0vgz16akex7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ginwuo1x9l1g2uc0vgz16akex7|03|net"; nocase; ) # qmxlr81qvr43a5d5q0nsehmo2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmxlr81qvr43a5d5q0nsehmo2|03|biz"; nocase; ) # 11p15uf1xogvqpf98ea819emiks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11p15uf1xogvqpf98ea819emiks|03|net"; nocase; ) # 1c7mogu1j7kgdjoat8od112210l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c7mogu1j7kgdjoat8od112210l|03|net"; nocase; ) # 178toe81lkjzu5yj6jucyvp7ix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178toe81lkjzu5yj6jucyvp7ix|03|com"; nocase; ) # 1k8fpw2rg980l1vnmbz31vyiox0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k8fpw2rg980l1vnmbz31vyiox0|03|org"; nocase; ) # 1h38dzbrfnq9lv0fh3fyg8g9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h38dzbrfnq9lv0fh3fyg8g9j|03|net"; nocase; ) # a6h2vq1uza8y410ufasbjkxvug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a6h2vq1uza8y410ufasbjkxvug|03|com"; nocase; ) # 1wczrontnkgnnv3yzwz3txsu5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wczrontnkgnnv3yzwz3txsu5|03|biz"; nocase; ) # 2ygju51nlczkuwgo7hyfz64gk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ygju51nlczkuwgo7hyfz64gk|03|com"; nocase; ) # 12qjxsl1y5mimq192g9ur1cryanm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12qjxsl1y5mimq192g9ur1cryanm|03|org"; nocase; ) # codtm1ustvpsx6anabd75gwh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|codtm1ustvpsx6anabd75gwh|03|net"; nocase; ) # 1jaoos7p29eln1p6bjth1e0wl6l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jaoos7p29eln1p6bjth1e0wl6l|03|org"; nocase; ) # 1hdkaw11nxhz751kxtnstbvdztu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hdkaw11nxhz751kxtnstbvdztu|03|biz"; nocase; ) # wn6qpv1385sna1q3sksctq6b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wn6qpv1385sna1q3sksctq6b|03|org"; nocase; ) # tdic8w14v9kv51n2si4v1gh889m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tdic8w14v9kv51n2si4v1gh889m|03|org"; nocase; ) # 18vgoi51keivjk1luzrkeohruv2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18vgoi51keivjk1luzrkeohruv2|03|net"; nocase; ) # i9d1vt1i1myyhx6zvmw1w6xim1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i9d1vt1i1myyhx6zvmw1w6xim1|03|net"; nocase; ) # ogcgfh1oy60051c6hbbx4z5rjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ogcgfh1oy60051c6hbbx4z5rjb|03|biz"; nocase; ) # 1ko2rrswvjeod1xlaiec8dri6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ko2rrswvjeod1xlaiec8dri6r|03|net"; nocase; ) # 1y26w5il0q2o61hdpq241eqzdbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y26w5il0q2o61hdpq241eqzdbw|03|biz"; nocase; ) # qe6rrqdrl1n2dx9ngw172xswh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qe6rrqdrl1n2dx9ngw172xswh|03|org"; nocase; ) # 1o714afl9kmpj1q1lxzj1pkir9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o714afl9kmpj1q1lxzj1pkir9p|03|net"; nocase; ) # b6mdekmfiemw9z47yes1oi5g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b6mdekmfiemw9z47yes1oi5g|03|biz"; nocase; ) # 6kigu91iv6mu31owj2d1m197w5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6kigu91iv6mu31owj2d1m197w5|03|net"; nocase; ) # 12vd84s1nsp5a51ooho2q1ukmceu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12vd84s1nsp5a51ooho2q1ukmceu|03|net"; nocase; ) # 1irrpvh1zq1261izefka1ssmpci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1irrpvh1zq1261izefka1ssmpci|03|net"; nocase; ) # cuiz69k3rgzl1afp7aspp448r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cuiz69k3rgzl1afp7aspp448r|03|org"; nocase; ) # 1kzneqz10a2w001mgakc1lrn6s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kzneqz10a2w001mgakc1lrn6s|03|com"; nocase; ) # 1y2qpf819wbl8i141v67t1qyrfyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y2qpf819wbl8i141v67t1qyrfyv|03|com"; nocase; ) # 14ltqya1544hzbj1g0poh8c0nc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ltqya1544hzbj1g0poh8c0nc|03|biz"; nocase; ) # uk7bxr2g87d91jh9k58ksocxa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uk7bxr2g87d91jh9k58ksocxa|03|net"; nocase; ) # 1d4weew525ulr1pw00v211r846l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4weew525ulr1pw00v211r846l|03|net"; nocase; ) # p8vxhx1nwq8kxid7y9kv92xs1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p8vxhx1nwq8kxid7y9kv92xs1|03|biz"; nocase; ) # 1l4rznhncqkm21f81gke1t6y17k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4rznhncqkm21f81gke1t6y17k|03|com"; nocase; ) # wzh0tt1umndrx1ecdwio1c079j9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wzh0tt1umndrx1ecdwio1c079j9|03|org"; nocase; ) # t4ffhue5v7ifk0y56ionoi6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t4ffhue5v7ifk0y56ionoi6a|03|org"; nocase; ) # 1lckesg18caeg11dju5315d9g4w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lckesg18caeg11dju5315d9g4w|03|com"; nocase; ) # 44xdsf19jp91m3l47cj666u27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|44xdsf19jp91m3l47cj666u27|03|net"; nocase; ) # lhrnmw1kdrspc1hvjhek17713d3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lhrnmw1kdrspc1hvjhek17713d3|03|biz"; nocase; ) # 254bor17zcyyzm89rhs5mo1fx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|254bor17zcyyzm89rhs5mo1fx|03|biz"; nocase; ) # pv70st12o3wrv1f9x583opudcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pv70st12o3wrv1f9x583opudcg|03|com"; nocase; ) # iv6vkm12v3j0x1s6grwa1mzmxg8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iv6vkm12v3j0x1s6grwa1mzmxg8|03|net"; nocase; ) # 1j288tg151qeca2hepek1mqhudl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j288tg151qeca2hepek1mqhudl|03|net"; nocase; ) # kfm1ft1y10prj1ry42ac3ekrvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kfm1ft1y10prj1ry42ac3ekrvc|03|com"; nocase; ) # 1nwq8ra16fr8pp10qlcyxjpv8g3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nwq8ra16fr8pp10qlcyxjpv8g3|03|net"; nocase; ) # 1kfyszaruaupe13k475u1xreyr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kfyszaruaupe13k475u1xreyr|03|net"; nocase; ) # 1iygh6jvjw7e9mrpklgcngyn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1iygh6jvjw7e9mrpklgcngyn|03|net"; nocase; ) # e9wgb71el9lst13od8mxp2wfql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e9wgb71el9lst13od8mxp2wfql|03|com"; nocase; ) # put9ao182sbcn442ozl1vrvd04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|put9ao182sbcn442ozl1vrvd04|03|com"; nocase; ) # 1fjoo5t1m28ttl1ao7c2l9rmj94.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fjoo5t1m28ttl1ao7c2l9rmj94|03|com"; nocase; ) # 1nltgmxkj0yw91z06a9j1gngo7c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nltgmxkj0yw91z06a9j1gngo7c|03|org"; nocase; ) # xjzrhnimwv5p1bk0k6n7201z6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xjzrhnimwv5p1bk0k6n7201z6|03|net"; nocase; ) # 1b4nsg61a30g311gdclie96p7g3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b4nsg61a30g311gdclie96p7g3|03|biz"; nocase; ) # 18ighis1wuhx0irady1ycoukgg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ighis1wuhx0irady1ycoukgg|03|org"; nocase; ) # 4d1quv43jqj11ftur07190t2sz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4d1quv43jqj11ftur07190t2sz|03|org"; nocase; ) # 1avetf11st1pom9qkfon6gaiza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1avetf11st1pom9qkfon6gaiza|03|org"; nocase; ) # 1moo2oz1i5pon8acb9lxc0q7ee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1moo2oz1i5pon8acb9lxc0q7ee|03|org"; nocase; ) # lxbwfgax3uhznmb8w01d7l92m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lxbwfgax3uhznmb8w01d7l92m|03|net"; nocase; ) # 19u4nex1hoxkgkmiqx66awjep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19u4nex1hoxkgkmiqx66awjep|03|com"; nocase; ) # 1p0hoal1br06zbt5sjhv1u2kr3i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0hoal1br06zbt5sjhv1u2kr3i|03|biz"; nocase; ) # 1s6t807b17z791tylaheijtiqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s6t807b17z791tylaheijtiqv|03|net"; nocase; ) # je789817nedxoe8uh8o13hvjkm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|je789817nedxoe8uh8o13hvjkm|03|net"; nocase; ) # 1kzc6bv1758vpu1f1s794j6o63c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzc6bv1758vpu1f1s794j6o63c|03|org"; nocase; ) # 7nnuh5i5um1f1yt9i2o19anmum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7nnuh5i5um1f1yt9i2o19anmum|03|net"; nocase; ) # 169rfq91hp96e01jkfrdk1qqt63h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|169rfq91hp96e01jkfrdk1qqt63h|03|org"; nocase; ) # ymh3tz177y2d9qf8zwpr4ns2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ymh3tz177y2d9qf8zwpr4ns2h|03|net"; nocase; ) # 77sxavtav8gs103ubfdykoilt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|77sxavtav8gs103ubfdykoilt|03|org"; nocase; ) # 192ja0lkhgnpwst5v91vd2n6m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|192ja0lkhgnpwst5v91vd2n6m|03|com"; nocase; ) # 1rxj8pp1p7ena864vvyc2zouo7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rxj8pp1p7ena864vvyc2zouo7|03|org"; nocase; ) # k2jol1wefqsbonno6ancon3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k2jol1wefqsbonno6ancon3c|03|com"; nocase; ) # jousdctc1t74fe8397kt05rq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jousdctc1t74fe8397kt05rq|03|net"; nocase; ) # 1ljiw721aebjrc1swibt91da3kl4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ljiw721aebjrc1swibt91da3kl4|03|net"; nocase; ) # e1bwsko1p0qcvdnyrx1isgbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e1bwsko1p0qcvdnyrx1isgbt|03|com"; nocase; ) # 1i3zqwdeg06gb1ng5jdu1056eyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i3zqwdeg06gb1ng5jdu1056eyc|03|net"; nocase; ) # s6sp7716v0hh24wiahc1y79jto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s6sp7716v0hh24wiahc1y79jto|03|net"; nocase; ) # pzw9f96mjys91g5fdw8s1x36l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pzw9f96mjys91g5fdw8s1x36l|03|biz"; nocase; ) # 1uiwrve1yw1nr51lcyz5u1djas7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uiwrve1yw1nr51lcyz5u1djas7i|03|net"; nocase; ) # a06geicx8sh313qognr18h7xtj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a06geicx8sh313qognr18h7xtj|03|com"; nocase; ) # 1q9nbk31ut3oyf1mg6so1wa4iyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q9nbk31ut3oyf1mg6so1wa4iyj|03|org"; nocase; ) # 1qqhwv91x4infz1hwpge3iuyf8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qqhwv91x4infz1hwpge3iuyf8x|03|net"; nocase; ) # m5czej1qvwpi81l3avmu1fny440.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m5czej1qvwpi81l3avmu1fny440|03|com"; nocase; ) # 1dxe33w13ro1051ysia9iu8l055.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dxe33w13ro1051ysia9iu8l055|03|com"; nocase; ) # 93t5z815fjn2d3y2n6zadhq2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93t5z815fjn2d3y2n6zadhq2w|03|org"; nocase; ) # 1iekb5b1ov6qdl4o94613a2bdx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iekb5b1ov6qdl4o94613a2bdx|03|net"; nocase; ) # 78oufxbwle9151c6x2f7uy60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|78oufxbwle9151c6x2f7uy60|03|net"; nocase; ) # olzxhr6p5xels1vyvyb0935e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|olzxhr6p5xels1vyvyb0935e|03|org"; nocase; ) # 1rublq310302onek7tal1grmpl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rublq310302onek7tal1grmpl7|03|org"; nocase; ) # 14v7jk41onvkjk1h6b5nrkypdsm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14v7jk41onvkjk1h6b5nrkypdsm|03|biz"; nocase; ) # 1lkr7a37elpco1puaet4ehb782.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lkr7a37elpco1puaet4ehb782|03|net"; nocase; ) # 16ek897hx3uljhe6z8m9rnb6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ek897hx3uljhe6z8m9rnb6i|03|org"; nocase; ) # 1dtv27912f3b9j16iameo13al6dl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dtv27912f3b9j16iameo13al6dl|03|org"; nocase; ) # tg040p7259ac18wfhe48lyvvw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tg040p7259ac18wfhe48lyvvw|03|biz"; nocase; ) # 1gws84s1qlq52lm4mvyl5dtc0i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gws84s1qlq52lm4mvyl5dtc0i|03|com"; nocase; ) # 1h375hz1dr8edb1p2n8yvzkqajw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h375hz1dr8edb1p2n8yvzkqajw|03|net"; nocase; ) # j1q8zh1r9ms1ab3u101tonn8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j1q8zh1r9ms1ab3u101tonn8p|03|net"; nocase; ) # 1b51oja1pfegiy1m7vtcm15a68y5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b51oja1pfegiy1m7vtcm15a68y5|03|net"; nocase; ) # 1gdvc8u10qpf0e1uqb9ui1qcns4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gdvc8u10qpf0e1uqb9ui1qcns4u|03|com"; nocase; ) # 42rq3bsrz0iv20sczv1ecuc1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|42rq3bsrz0iv20sczv1ecuc1i|03|org"; nocase; ) # 95lmce1t9og5926a9qu1fs6tzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|95lmce1t9og5926a9qu1fs6tzw|03|net"; nocase; ) # yt14e3ukvi2ft42nwep8u3hb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yt14e3ukvi2ft42nwep8u3hb|03|net"; nocase; ) # 1vqf0pr1g7iglt1pq7tpkqnz5rs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqf0pr1g7iglt1pq7tpkqnz5rs|03|com"; nocase; ) # 8w0ahl10yqoqt1yi5ivn79cenw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8w0ahl10yqoqt1yi5ivn79cenw|03|biz"; nocase; ) # 1wh9eg4baz5po2q5ota1qklnl6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wh9eg4baz5po2q5ota1qklnl6|03|net"; nocase; ) # fzhnx51ug2cjn5l31lior5b5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzhnx51ug2cjn5l31lior5b5t|03|org"; nocase; ) # souwfd1bo6s5mx2k87xxqonca.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|souwfd1bo6s5mx2k87xxqonca|03|org"; nocase; ) # 1wbmput1kjstf61ree6ihzt2vfq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wbmput1kjstf61ree6ihzt2vfq|03|net"; nocase; ) # jfko931bya9i11scvr7drbkw1q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jfko931bya9i11scvr7drbkw1q|03|com"; nocase; ) # 5mjyg01b5jt0ns9fv1ewv2qd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5mjyg01b5jt0ns9fv1ewv2qd|03|com"; nocase; ) # w3m9seqw59wy15ucj1inrrdq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w3m9seqw59wy15ucj1inrrdq|03|org"; nocase; ) # 1a1hqmj15z67cbjx4913rkz18l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a1hqmj15z67cbjx4913rkz18l|03|net"; nocase; ) # 1dr68fy15com9akgyn0f8yvg5g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dr68fy15com9akgyn0f8yvg5g|03|com"; nocase; ) # 41gzhssb62vbcdyur8bgpcf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|41gzhssb62vbcdyur8bgpcf|03|net"; nocase; ) # 1l9jeiedvvvse2hmpi28zxh34.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l9jeiedvvvse2hmpi28zxh34|03|biz"; nocase; ) # 1re5ffh32zj7dzdelmw1kuub6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1re5ffh32zj7dzdelmw1kuub6a|03|org"; nocase; ) # vhud3r1s07f7d1dlq4h7oh2okt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vhud3r1s07f7d1dlq4h7oh2okt|03|net"; nocase; ) # ecxkje12cebeqgy10ge1ow75xa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecxkje12cebeqgy10ge1ow75xa|03|com"; nocase; ) # 3pnxyebo1rhx1los0ku5ngxx7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3pnxyebo1rhx1los0ku5ngxx7|03|net"; nocase; ) # 1q6xa0f1vubov6jo3xh11f9fun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q6xa0f1vubov6jo3xh11f9fun|03|net"; nocase; ) # 52y4lscfdbox1hhn1pc1soi85q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52y4lscfdbox1hhn1pc1soi85q|03|org"; nocase; ) # sl4w331n5jpaofqna8y1ui4wv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sl4w331n5jpaofqna8y1ui4wv6|03|net"; nocase; ) # 1ur9vojedcfs211jnk7n12ul9e9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ur9vojedcfs211jnk7n12ul9e9|03|net"; nocase; ) # 17ah5b51dvyxcq1g5lytp19xlbqb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17ah5b51dvyxcq1g5lytp19xlbqb|03|org"; nocase; ) # 1q0fuviyi26r8nps6dkxy24x1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q0fuviyi26r8nps6dkxy24x1|03|org"; nocase; ) # 1pj5dq5yf36g5i86srw14t25kb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pj5dq5yf36g5i86srw14t25kb|03|com"; nocase; ) # 30hxkwlrottzu5hxr31x7e56o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30hxkwlrottzu5hxr31x7e56o|03|biz"; nocase; ) # k4q8z51383li91e5wtuf1gac784.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k4q8z51383li91e5wtuf1gac784|03|org"; nocase; ) # 68wl9o1dqo5qbw5wx2x1s1a5wy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|68wl9o1dqo5qbw5wx2x1s1a5wy|03|net"; nocase; ) # 1h97tdx1prrueuvc98n91q4y2ek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h97tdx1prrueuvc98n91q4y2ek|03|net"; nocase; ) # 1n22er696444xc2npq1iv48zy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n22er696444xc2npq1iv48zy|03|net"; nocase; ) # 6e3nhalhfm58kekywl1i0c4xp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6e3nhalhfm58kekywl1i0c4xp|03|biz"; nocase; ) # a8us04f7pz20ajvahdpcs2q0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a8us04f7pz20ajvahdpcs2q0|03|net"; nocase; ) # 7dooku8l7st89wqu8i11srhxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7dooku8l7st89wqu8i11srhxp|03|net"; nocase; ) # 1wg0mvh1b3z2rc1crc6fg1v2ppy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wg0mvh1b3z2rc1crc6fg1v2ppy2|03|net"; nocase; ) # 16fxfrkir9u8e1julm411pigaah.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16fxfrkir9u8e1julm411pigaah|03|com"; nocase; ) # 1qfv592lh9lu1ij0m6l1b40xc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfv592lh9lu1ij0m6l1b40xc8|03|net"; nocase; ) # 18oex5268u1zt18v0vja196y2n3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18oex5268u1zt18v0vja196y2n3|03|org"; nocase; ) # xwri0374vi141cd5c6j1a1fp7r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwri0374vi141cd5c6j1a1fp7r|03|biz"; nocase; ) # y24rr51gte1sk1833c213wa8bj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y24rr51gte1sk1833c213wa8bj|03|net"; nocase; ) # 9o43r5g3gdu0d62h8m2pi4o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9o43r5g3gdu0d62h8m2pi4o|03|biz"; nocase; ) # 10h5h2paohoib14soixh1a1yhzg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10h5h2paohoib14soixh1a1yhzg|03|net"; nocase; ) # 8fsheg1vq4cc4193zsgualnsd0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8fsheg1vq4cc4193zsgualnsd0|03|org"; nocase; ) # 1843gxofv3n3f96iuy015deeat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1843gxofv3n3f96iuy015deeat|03|com"; nocase; ) # ujn80owc4fbwaberv1ifqp46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ujn80owc4fbwaberv1ifqp46|03|org"; nocase; ) # 9bdjc6y00k1hee3rz5s7qai2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9bdjc6y00k1hee3rz5s7qai2|03|org"; nocase; ) # 1t09mxbbpjk9lg5jyciakwy18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t09mxbbpjk9lg5jyciakwy18|03|org"; nocase; ) # 1d8a1t9ql91ob18r0ea31kqd0x8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d8a1t9ql91ob18r0ea31kqd0x8|03|net"; nocase; ) # 1xxveaw1rsyqeekr2h317xdmr7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xxveaw1rsyqeekr2h317xdmr7|03|biz"; nocase; ) # org8loh34mhc2csej31i16hxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|org8loh34mhc2csej31i16hxv|03|net"; nocase; ) # 1dxk2b912yvp6ie34ayx49pcvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dxk2b912yvp6ie34ayx49pcvd|03|net"; nocase; ) # 1e4fsw06zyvzg1sgnh1m11j8304.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e4fsw06zyvzg1sgnh1m11j8304|03|org"; nocase; ) # en479glnqz5y1ja1f3b1y8m15w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|en479glnqz5y1ja1f3b1y8m15w|03|org"; nocase; ) # 10uazz1eu4ntb1yivz5d1m02j8p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10uazz1eu4ntb1yivz5d1m02j8p|03|org"; nocase; ) # 1fjfguh6ztvu4po0xivd5rc4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fjfguh6ztvu4po0xivd5rc4s|03|net"; nocase; ) # ouot8z13hprwl2zwg2f4e95iu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ouot8z13hprwl2zwg2f4e95iu|03|org"; nocase; ) # 1v6q3dcfhw9ki1lqnn9a1cyonwx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6q3dcfhw9ki1lqnn9a1cyonwx|03|org"; nocase; ) # 1corle518s6bc2xdnikw46p3i1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1corle518s6bc2xdnikw46p3i1|03|net"; nocase; ) # 3n0ry06ewbiszq0pb964m3ar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3n0ry06ewbiszq0pb964m3ar|03|net"; nocase; ) # 1m7h9rb1f4rp0575mk0upwokb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7h9rb1f4rp0575mk0upwokb4|03|org"; nocase; ) # bd55vp1qvkl3319l7wnr14tdtpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bd55vp1qvkl3319l7wnr14tdtpl|03|com"; nocase; ) # jknjsn1sq18hf1u6whkn12odbwm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jknjsn1sq18hf1u6whkn12odbwm|03|com"; nocase; ) # 10xpj5wpo5ufnt8t15812cayl3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xpj5wpo5ufnt8t15812cayl3|03|net"; nocase; ) # 1npfm556viol18abuw5h77jre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1npfm556viol18abuw5h77jre|03|com"; nocase; ) # bajbvr1i2bmidziahnbc2x4zj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bajbvr1i2bmidziahnbc2x4zj|03|biz"; nocase; ) # f79oo31gr9h5l1h85kcidsybpz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f79oo31gr9h5l1h85kcidsybpz|03|com"; nocase; ) # 6wo608mujqdj193xfby1vu8kh9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6wo608mujqdj193xfby1vu8kh9|03|org"; nocase; ) # 6utfls1d1tc0tor0oo8u21kvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6utfls1d1tc0tor0oo8u21kvs|03|com"; nocase; ) # 1son4oittwqosc64qhmyqedyz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1son4oittwqosc64qhmyqedyz|03|net"; nocase; ) # f5l9818e3rkoebt77hk7ih8y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5l9818e3rkoebt77hk7ih8y|03|net"; nocase; ) # eg9pqnm6r2sjpulz210wfpgq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eg9pqnm6r2sjpulz210wfpgq|03|biz"; nocase; ) # sfpyqw1l4akkusxcfx4nuktyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfpyqw1l4akkusxcfx4nuktyv|03|net"; nocase; ) # xn9dgty6rj2kf66j9e2s5186.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xn9dgty6rj2kf66j9e2s5186|03|com"; nocase; ) # 1s2nt4a1vhygyj91nd7519xkolp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2nt4a1vhygyj91nd7519xkolp|03|biz"; nocase; ) # 1s57gqtb9jg81rbns8etybt68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s57gqtb9jg81rbns8etybt68|03|net"; nocase; ) # ocfhvtazkbwcni1ov419x5ai3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ocfhvtazkbwcni1ov419x5ai3|03|org"; nocase; ) # 1kom5fx1xmnalj1574hf414dq8v6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kom5fx1xmnalj1574hf414dq8v6|03|net"; nocase; ) # tuzl4q17bbj718vj2j91ypnw51.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tuzl4q17bbj718vj2j91ypnw51|03|net"; nocase; ) # 1soahwg1pdmpnn45ab6y1ff45jn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1soahwg1pdmpnn45ab6y1ff45jn|03|com"; nocase; ) # p2foky8735a41whogzz4zg6om.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p2foky8735a41whogzz4zg6om|03|net"; nocase; ) # e4y3siz54x7w1hosmgh1bahz9z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e4y3siz54x7w1hosmgh1bahz9z|03|biz"; nocase; ) # 17c6f4s1oijjm13n6ehq1tta0mi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17c6f4s1oijjm13n6ehq1tta0mi|03|com"; nocase; ) # u5qowpt6upw51r6nd931mqfv55.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u5qowpt6upw51r6nd931mqfv55|03|net"; nocase; ) # utjjhq14utgsw1y7bhrd15qjt2b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|utjjhq14utgsw1y7bhrd15qjt2b|03|org"; nocase; ) # 6z9np31i4cofpi9oah7k9ila1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6z9np31i4cofpi9oah7k9ila1|03|net"; nocase; ) # 5hfeuc1bwxozh107fn2gyxumzh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5hfeuc1bwxozh107fn2gyxumzh|03|org"; nocase; ) # 4b4s83163p7lwr9k0z7vdenyj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4b4s83163p7lwr9k0z7vdenyj|03|net"; nocase; ) # 1aoms2713r1vewrmcvjeeaw0al.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aoms2713r1vewrmcvjeeaw0al|03|com"; nocase; ) # 1o2mnf813g5x011ixtq3i1nz6fte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o2mnf813g5x011ixtq3i1nz6fte|03|org"; nocase; ) # 1ewmul1zo4tdf1xfea8k14e3vej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ewmul1zo4tdf1xfea8k14e3vej|03|net"; nocase; ) # pdcwwbxnqz481m5jzi71pk5egu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pdcwwbxnqz481m5jzi71pk5egu|03|com"; nocase; ) # jt37tqptk8b7p4d9i51425d90.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jt37tqptk8b7p4d9i51425d90|03|net"; nocase; ) # xfqxea105svmto2x35ry75rik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xfqxea105svmto2x35ry75rik|03|net"; nocase; ) # wipcbyd4w7cdijaazq1fudbza.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wipcbyd4w7cdijaazq1fudbza|03|biz"; nocase; ) # 123vtla12f8ccuneawlghj0q6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|123vtla12f8ccuneawlghj0q6s|03|net"; nocase; ) # vjx4fm7g6nov1t0fu0xp4c2iv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vjx4fm7g6nov1t0fu0xp4c2iv|03|org"; nocase; ) # 1c8jd9a1h3aztv4r2mqm12tjtnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c8jd9a1h3aztv4r2mqm12tjtnh|03|biz"; nocase; ) # qxhltmoahtckycny3g19atcai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qxhltmoahtckycny3g19atcai|03|com"; nocase; ) # p2c8c11eby87816dj1951akshit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p2c8c11eby87816dj1951akshit|03|org"; nocase; ) # tsm45n14zi8v51k6uyip1rkrl5p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tsm45n14zi8v51k6uyip1rkrl5p|03|com"; nocase; ) # h236hu34l5a291fpamojtpq4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h236hu34l5a291fpamojtpq4|03|com"; nocase; ) # 54gtnrhzp0x51qcapp0izmmd5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|54gtnrhzp0x51qcapp0izmmd5|03|org"; nocase; ) # 17iycfmkmh0yb1eflvut15lb810.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17iycfmkmh0yb1eflvut15lb810|03|net"; nocase; ) # 130phgb1m4zxri1y03u30dnid2v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|130phgb1m4zxri1y03u30dnid2v|03|com"; nocase; ) # hpv85b3z3nettqqqve5tb39l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hpv85b3z3nettqqqve5tb39l|03|org"; nocase; ) # ln9vbb18z1lp0wksv64x8txia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ln9vbb18z1lp0wksv64x8txia|03|net"; nocase; ) # 1utjmz1tukapo1nq5ukhcpawo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1utjmz1tukapo1nq5ukhcpawo|03|com"; nocase; ) # 1bi6wom1qfp4ze1gcm2i4rtyk0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bi6wom1qfp4ze1gcm2i4rtyk0|03|com"; nocase; ) # 3bka6l1wqej5nbgjp26rulyo2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3bka6l1wqej5nbgjp26rulyo2|03|org"; nocase; ) # 7v744o63vdeo1cjrr4qm0cl4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7v744o63vdeo1cjrr4qm0cl4w|03|net"; nocase; ) # 10598287eyygl13h55cm1oy3bub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10598287eyygl13h55cm1oy3bub|03|org"; nocase; ) # tr95el1dsbj3z1lv1yemrexezk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tr95el1dsbj3z1lv1yemrexezk|03|net"; nocase; ) # 8q7oowcw6yrq1r9xuxrm5cker.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8q7oowcw6yrq1r9xuxrm5cker|03|org"; nocase; ) # 1izvvls1w0t5551jjjb1yi3q7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1izvvls1w0t5551jjjb1yi3q7k|03|biz"; nocase; ) # 1fman1e1b085td100935qp8e7j2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fman1e1b085td100935qp8e7j2|03|com"; nocase; ) # 1mxzqf1iae6bji8vohzfmypg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mxzqf1iae6bji8vohzfmypg4|03|org"; nocase; ) # t6lgbh1m8roczjiq6g8iaisvm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6lgbh1m8roczjiq6g8iaisvm|03|org"; nocase; ) # 1ct1n7830czqo2a1y5960bwcd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ct1n7830czqo2a1y5960bwcd|03|biz"; nocase; ) # yfvcur1xf92r7198gz5ga2ylcz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yfvcur1xf92r7198gz5ga2ylcz|03|biz"; nocase; ) # 72tkzxfzottfa9qlgo16udvgp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72tkzxfzottfa9qlgo16udvgp|03|com"; nocase; ) # 14yf1gdfh193yfmdsueaby3k8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14yf1gdfh193yfmdsueaby3k8|03|org"; nocase; ) # 8jr4np5v1vtdgv0umsqvyz22.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8jr4np5v1vtdgv0umsqvyz22|03|com"; nocase; ) # myy6ny1rd2wfd1uoxkfi1bywuxh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|myy6ny1rd2wfd1uoxkfi1bywuxh|03|biz"; nocase; ) # 1gyjtpg1q7vmq0pxuh5a1twddcg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gyjtpg1q7vmq0pxuh5a1twddcg|03|org"; nocase; ) # q475kkwk0f0o1iggvt71867tmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q475kkwk0f0o1iggvt71867tmu|03|net"; nocase; ) # 7zvkhgaqrmpf1d5zs51ews2q9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7zvkhgaqrmpf1d5zs51ews2q9|03|net"; nocase; ) # ez1jl2ds5zc51s6cp0zc4lz6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ez1jl2ds5zc51s6cp0zc4lz6e|03|net"; nocase; ) # 1ki4xs61my6pvi1cttbwdzesgnl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ki4xs61my6pvi1cttbwdzesgnl|03|org"; nocase; ) # 3icpqq12iychs5poxka1umjrnu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3icpqq12iychs5poxka1umjrnu|03|org"; nocase; ) # 1tejmmntx50de2o6u2mpg6wdb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tejmmntx50de2o6u2mpg6wdb|03|net"; nocase; ) # 1i5v8jhkxdv4ta5z5cpas7xut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i5v8jhkxdv4ta5z5cpas7xut|03|org"; nocase; ) # v1h9zgrt94k2b4czvl1pipurn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v1h9zgrt94k2b4czvl1pipurn|03|net"; nocase; ) # 7d90fe17g4m8c9bf1wckgrroq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7d90fe17g4m8c9bf1wckgrroq|03|com"; nocase; ) # 344toou2bxea13a0y3z2iz4wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|344toou2bxea13a0y3z2iz4wk|03|net"; nocase; ) # anzx8pma3g721icnokk10kg4dg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|anzx8pma3g721icnokk10kg4dg|03|org"; nocase; ) # 1ykby9miy62aco3y9is1sw74sf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ykby9miy62aco3y9is1sw74sf|03|com"; nocase; ) # 1gh14mciqjpl6gbozjexl8ue8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gh14mciqjpl6gbozjexl8ue8|03|org"; nocase; ) # 1mggd4t12a53dg27xsmq1jb104f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mggd4t12a53dg27xsmq1jb104f|03|biz"; nocase; ) # g5k5cm1o854gezqyzz21j7vaab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g5k5cm1o854gezqyzz21j7vaab|03|org"; nocase; ) # 1u97o7o1nb9rigubfrxcf5v0fr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u97o7o1nb9rigubfrxcf5v0fr|03|com"; nocase; ) # 97hdh9zd25tn8vd2i71twxh1n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|97hdh9zd25tn8vd2i71twxh1n|03|org"; nocase; ) # b1h68b12lj8pd1qjhsz21b9vav1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b1h68b12lj8pd1qjhsz21b9vav1|03|net"; nocase; ) # 1xk0sxb1v3y0m1122z3iz174xmzc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xk0sxb1v3y0m1122z3iz174xmzc|03|biz"; nocase; ) # 1it0sl219equgodl5umaw2nu2k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1it0sl219equgodl5umaw2nu2k|03|com"; nocase; ) # 1uxvouyhv2qtihb3v251x2agcy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxvouyhv2qtihb3v251x2agcy|03|org"; nocase; ) # uzefzg14typwn10lob6ziyhrkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uzefzg14typwn10lob6ziyhrkr|03|biz"; nocase; ) # 1tljnt6xwhwxc1xibe4c17b18yg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tljnt6xwhwxc1xibe4c17b18yg|03|net"; nocase; ) # l7i5b3j5j8oulsteb01ff6r7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l7i5b3j5j8oulsteb01ff6r7m|03|net"; nocase; ) # dfadjr1pdcxrbv4iazv1smp2nb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dfadjr1pdcxrbv4iazv1smp2nb|03|com"; nocase; ) # 1h9v1uv1wzadlnmbnah01jzed6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h9v1uv1wzadlnmbnah01jzed6a|03|org"; nocase; ) # 1k1bzem1arr2mkw70guat4fjle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k1bzem1arr2mkw70guat4fjle|03|net"; nocase; ) # vo15hn14cdesw13yp79g13aevp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vo15hn14cdesw13yp79g13aevp|03|biz"; nocase; ) # 1jomjwsaksqrmaz3zfchnp9km.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jomjwsaksqrmaz3zfchnp9km|03|biz"; nocase; ) # jezdugzohiwp1rk6acc1p0l758.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jezdugzohiwp1rk6acc1p0l758|03|org"; nocase; ) # 11i3ubq1jorxpm16tf2771rghohd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11i3ubq1jorxpm16tf2771rghohd|03|org"; nocase; ) # 10cedur1k40opwcxpiol0hek7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10cedur1k40opwcxpiol0hek7|03|net"; nocase; ) # 8wxd0612qbwiy15w4jpvcnmsrf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8wxd0612qbwiy15w4jpvcnmsrf|03|org"; nocase; ) # lwqfqa10kq9hkd6dhsn14ddj12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lwqfqa10kq9hkd6dhsn14ddj12|03|org"; nocase; ) # 1yon4a426hvvc1h1fo9b1mavves.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yon4a426hvvc1h1fo9b1mavves|03|net"; nocase; ) # 73oro71j48iow10lx7vfjammkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|73oro71j48iow10lx7vfjammkf|03|net"; nocase; ) # havd461g7cmelb7pxcvus8sch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|havd461g7cmelb7pxcvus8sch|03|org"; nocase; ) # 1wfp45xwi5a8o6h35jgmakda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wfp45xwi5a8o6h35jgmakda|03|com"; nocase; ) # se7awzhpdsaf2a332r1i1sz02.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|se7awzhpdsaf2a332r1i1sz02|03|com"; nocase; ) # 4t6pat1fztlinqud4p3k5asa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4t6pat1fztlinqud4p3k5asa|03|org"; nocase; ) # fiqvg31f182p3knzozq3lm0k4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fiqvg31f182p3knzozq3lm0k4|03|com"; nocase; ) # 1cnxtk71gh7zz1nfum5iq5iygf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cnxtk71gh7zz1nfum5iq5iygf|03|net"; nocase; ) # qv38u2uvsfxj113b7mkmyq5v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qv38u2uvsfxj113b7mkmyq5v|03|biz"; nocase; ) # nvwo341jnv76n13vpwsl1gg2pso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nvwo341jnv76n13vpwsl1gg2pso|03|biz"; nocase; ) # teurctz2d8mxrhv6215tbimg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|teurctz2d8mxrhv6215tbimg|03|net"; nocase; ) # ld95d713wnsoc199mta51xcn4v9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ld95d713wnsoc199mta51xcn4v9|03|net"; nocase; ) # 1fi9pjn1h5ktc21dob6r71qw557i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fi9pjn1h5ktc21dob6r71qw557i|03|com"; nocase; ) # 16tbqtjdl671616dvk9ppd2ix6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16tbqtjdl671616dvk9ppd2ix6|03|org"; nocase; ) # rngna81eoq2u118ixn1vq4fr68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rngna81eoq2u118ixn1vq4fr68|03|org"; nocase; ) # 19ek5ef14s1e831et7ncttab48k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ek5ef14s1e831et7ncttab48k|03|biz"; nocase; ) # 1x10wi716mazabfjcl7x7hdyqh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x10wi716mazabfjcl7x7hdyqh|03|net"; nocase; ) # 1whddv3s21g6y1rpvlhh156ww0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1whddv3s21g6y1rpvlhh156ww0|03|com"; nocase; ) # zgwyrp3zczi43sfur4o1hncc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zgwyrp3zczi43sfur4o1hncc|03|com"; nocase; ) # 1t577711bhqcjy1ni8loozmwu0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t577711bhqcjy1ni8loozmwu0k|03|org"; nocase; ) # z7wa0d1u14fr8m1mo2uvy8xj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z7wa0d1u14fr8m1mo2uvy8xj|03|net"; nocase; ) # c7upav7ubjns19lgj51st07j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c7upav7ubjns19lgj51st07j|03|com"; nocase; ) # 1brhb2e1bwvd4r1jhjmpn1h8rxwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1brhb2e1bwvd4r1jhjmpn1h8rxwe|03|com"; nocase; ) # pvmb9f15iihutq0i86x1om4kqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvmb9f15iihutq0i86x1om4kqj|03|net"; nocase; ) # 3pbu9bv7yxbougfam71ujao8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3pbu9bv7yxbougfam71ujao8a|03|org"; nocase; ) # h2fynglaayan19n8l6kb1lfzd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h2fynglaayan19n8l6kb1lfzd|03|net"; nocase; ) # 996jvmwe5jn2hcsvn91qvvkxt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|996jvmwe5jn2hcsvn91qvvkxt|03|org"; nocase; ) # 10tfeohxil7i11ohphj17hdquf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10tfeohxil7i11ohphj17hdquf|03|net"; nocase; ) # 68gyix1dey0en9vnu071u6w8mt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|68gyix1dey0en9vnu071u6w8mt|03|net"; nocase; ) # qzisrn10s7u681gpgf456nk364.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qzisrn10s7u681gpgf456nk364|03|org"; nocase; ) # 1jk4tve1616fn1sfzanomwfjnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jk4tve1616fn1sfzanomwfjnd|03|biz"; nocase; ) # dlqdxrgz5o1f15wysozee4210.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dlqdxrgz5o1f15wysozee4210|03|com"; nocase; ) # 1m54pv61m26j8q2p0k8r1tgza11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m54pv61m26j8q2p0k8r1tgza11|03|net"; nocase; ) # 1496bvqtqeczgdhnnfl6otgh7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1496bvqtqeczgdhnnfl6otgh7|03|org"; nocase; ) # 1gqdn4ap2d61xru7psuullq34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gqdn4ap2d61xru7psuullq34|03|net"; nocase; ) # 129l7b7fw04sg1r8zc78b4r4j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|129l7b7fw04sg1r8zc78b4r4j6|03|net"; nocase; ) # y9aimqly8hhjk9abl91pd13o9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y9aimqly8hhjk9abl91pd13o9|03|org"; nocase; ) # 4yi231janory15471p912huam3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4yi231janory15471p912huam3|03|com"; nocase; ) # 1qk3nbj1jgqm41mmtnqz5s90xm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qk3nbj1jgqm41mmtnqz5s90xm|03|org"; nocase; ) # c2ah8p1c6e4fq1s34zzzu4vz1p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c2ah8p1c6e4fq1s34zzzu4vz1p|03|net"; nocase; ) # 18o04v9yv8ekiiqijw71kw2g4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18o04v9yv8ekiiqijw71kw2g4g|03|net"; nocase; ) # 1lpaqorghyonw1g6i1eb1n5o5ib.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lpaqorghyonw1g6i1eb1n5o5ib|03|org"; nocase; ) # t20e981tejyk1atp3o84mpyoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t20e981tejyk1atp3o84mpyoo|03|com"; nocase; ) # kjj4sr1pt5vai18jp8701ykaml4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kjj4sr1pt5vai18jp8701ykaml4|03|net"; nocase; ) # 14z6chegmx9re1nawq6ws8cb83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14z6chegmx9re1nawq6ws8cb83|03|org"; nocase; ) # ganb2it2zsoleskzvd4j1jq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ganb2it2zsoleskzvd4j1jq3|03|com"; nocase; ) # 4rjzrn8yrj914susaf1797p2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rjzrn8yrj914susaf1797p2p|03|org"; nocase; ) # 1dhom84eg5dbm1koxjw4g9wst2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dhom84eg5dbm1koxjw4g9wst2|03|net"; nocase; ) # 12k8w8m13yxbzcoeup27knc1g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12k8w8m13yxbzcoeup27knc1g|03|net"; nocase; ) # 1pflg3w1bad0kexwr2oh12zi10q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pflg3w1bad0kexwr2oh12zi10q|03|net"; nocase; ) # 1otdu5ied7t9c4h71yzsg2x4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1otdu5ied7t9c4h71yzsg2x4l|03|net"; nocase; ) # e1xotp1ugr0u6hficfwnjtjc3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1xotp1ugr0u6hficfwnjtjc3|03|com"; nocase; ) # 1hbt35m14q8guydaqz8a12qzdqt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hbt35m14q8guydaqz8a12qzdqt|03|com"; nocase; ) # 1l16usinsydg3181luti67c5bi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l16usinsydg3181luti67c5bi|03|net"; nocase; ) # 12186rvye890neqova11xsicyz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12186rvye890neqova11xsicyz|03|biz"; nocase; ) # irmibf1sc7oppdrxm7xo4ap77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irmibf1sc7oppdrxm7xo4ap77|03|net"; nocase; ) # 4awyxgju8th611gt6ei1yb422o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4awyxgju8th611gt6ei1yb422o|03|net"; nocase; ) # 1s13tkn18zkjjwlhlpmq1kmspja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s13tkn18zkjjwlhlpmq1kmspja|03|biz"; nocase; ) # 29rmzj15uarc01ns41ec1xw2npo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|29rmzj15uarc01ns41ec1xw2npo|03|com"; nocase; ) # 614fmax48lqbealt12oa5xbe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|614fmax48lqbealt12oa5xbe|03|com"; nocase; ) # 1f8lvyp1yjlcge179q0kr1q3f1i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f8lvyp1yjlcge179q0kr1q3f1i2|03|net"; nocase; ) # hnbsljea1ggm17c1smb1yyh9dn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hnbsljea1ggm17c1smb1yyh9dn|03|com"; nocase; ) # ac9t3w1rnb8lft5n5wiy07df.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ac9t3w1rnb8lft5n5wiy07df|03|biz"; nocase; ) # yddyk411nnn471p9a1kz1i048xn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yddyk411nnn471p9a1kz1i048xn|03|net"; nocase; ) # 1x4l3w01yw8xbq14020aos0qt1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x4l3w01yw8xbq14020aos0qt1s|03|biz"; nocase; ) # mybmmcbpg9e5ixoi7f7u2139.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mybmmcbpg9e5ixoi7f7u2139|03|org"; nocase; ) # 1cet47z15u4x201946lpav92yid.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cet47z15u4x201946lpav92yid|03|biz"; nocase; ) # urv5lu1jzkboz7j8z691wkixld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|urv5lu1jzkboz7j8z691wkixld|03|org"; nocase; ) # 1taedp349wnb9zb04w1ege6ll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1taedp349wnb9zb04w1ege6ll|03|net"; nocase; ) # 4bd7ttfqj2v410v062lm4rlm2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4bd7ttfqj2v410v062lm4rlm2|03|org"; nocase; ) # nkalj3tdjzdwg5uwhf2v3w4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nkalj3tdjzdwg5uwhf2v3w4u|03|net"; nocase; ) # 1eslqw5k0lpfvmqrc1319u9euv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eslqw5k0lpfvmqrc1319u9euv|03|com"; nocase; ) # ndu8d7u57tb312qywa91p81ars.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ndu8d7u57tb312qywa91p81ars|03|org"; nocase; ) # eaytwtpcbadv12k2hao1vouf6m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eaytwtpcbadv12k2hao1vouf6m|03|net"; nocase; ) # 1vzswsc1arcfxb996arl1jtn5ge.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vzswsc1arcfxb996arl1jtn5ge|03|biz"; nocase; ) # 1h0fqx15qnyvqvpp91emvzl0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h0fqx15qnyvqvpp91emvzl0a|03|net"; nocase; ) # 6e44drd8tuk7mqn5419uo72a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6e44drd8tuk7mqn5419uo72a|03|com"; nocase; ) # 1ao4mpp5u9ylz1tgjakg18i52j7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ao4mpp5u9ylz1tgjakg18i52j7|03|net"; nocase; ) # 1pzm80jdv6r1o1qc587r1lpmzgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pzm80jdv6r1o1qc587r1lpmzgl|03|com"; nocase; ) # ua2v2mjjm6cd1g5pmz31ktvt9d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ua2v2mjjm6cd1g5pmz31ktvt9d|03|net"; nocase; ) # 4b9umluqj3ghabajvkmlay8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4b9umluqj3ghabajvkmlay8g|03|com"; nocase; ) # 1lv5y4r13wd6g21t8ief31jcnjft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lv5y4r13wd6g21t8ief31jcnjft|03|net"; nocase; ) # 1szk9chb8wqhjqj1e0p1irnjir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1szk9chb8wqhjqj1e0p1irnjir|03|org"; nocase; ) # cpia836gvv30acvx041rtk8ht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cpia836gvv30acvx041rtk8ht|03|com"; nocase; ) # lytsp31l461u3ftud1j1dslq88.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lytsp31l461u3ftud1j1dslq88|03|biz"; nocase; ) # 1okeqmgr74htxcqfa2s15k19qq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1okeqmgr74htxcqfa2s15k19qq|03|net"; nocase; ) # vt2ourkuweamlnzwno13ikzya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vt2ourkuweamlnzwno13ikzya|03|net"; nocase; ) # u4a30u2krd4fu2wgi1243tf5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u4a30u2krd4fu2wgi1243tf5|03|com"; nocase; ) # 1ephmxg1fwvaoqrwq9grke4mx2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ephmxg1fwvaoqrwq9grke4mx2|03|com"; nocase; ) # 5f3bg1qnb2pr1pf1td4nx39yn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5f3bg1qnb2pr1pf1td4nx39yn|03|com"; nocase; ) # 1ifjif1c70m8m1b9intt1t7xn0l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ifjif1c70m8m1b9intt1t7xn0l|03|biz"; nocase; ) # fv9haihroosn28tfxlrab5h6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fv9haihroosn28tfxlrab5h6|03|org"; nocase; ) # lcuz70efj5wh1xmp1x017pgsfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lcuz70efj5wh1xmp1x017pgsfy|03|net"; nocase; ) # 1wwi8ih12ihwh91yvdyhv2w0fed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wwi8ih12ihwh91yvdyhv2w0fed|03|net"; nocase; ) # up6ajz1gcllqbz0ad94gnyrr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|up6ajz1gcllqbz0ad94gnyrr|03|net"; nocase; ) # balkwff6mm5or2aan1vjbljx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|balkwff6mm5or2aan1vjbljx|03|org"; nocase; ) # 185ns7wcoeqeqh02c4b1dfvyf9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|185ns7wcoeqeqh02c4b1dfvyf9|03|biz"; nocase; ) # o9h7z364pfmw5gqush1tj3ral.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o9h7z364pfmw5gqush1tj3ral|03|org"; nocase; ) # 1uq0xxydy89ji181jm9p7inlns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uq0xxydy89ji181jm9p7inlns|03|net"; nocase; ) # 115tabvhh3zm183tlcp1tulf31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|115tabvhh3zm183tlcp1tulf31|03|net"; nocase; ) # 14navvldg2dy22jofb7201u6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14navvldg2dy22jofb7201u6u|03|org"; nocase; ) # lqb3vw1lupw0b7l8q5u1i0qos9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lqb3vw1lupw0b7l8q5u1i0qos9|03|com"; nocase; ) # nfvfto17lawa171vv6k13iftt4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nfvfto17lawa171vv6k13iftt4|03|com"; nocase; ) # vxzbie11q9b1y1lt0wtb86fjy5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vxzbie11q9b1y1lt0wtb86fjy5|03|net"; nocase; ) # 16frpvdbscctymw1y58c4cs0y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16frpvdbscctymw1y58c4cs0y|03|com"; nocase; ) # krocqp10e2wsmn9znue1ekqc9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|krocqp10e2wsmn9znue1ekqc9f|03|net"; nocase; ) # 6ztrbh1rvave014grw25ukq2bd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ztrbh1rvave014grw25ukq2bd|03|com"; nocase; ) # 16km0a5d57sluyfvqtz1jvgeed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16km0a5d57sluyfvqtz1jvgeed|03|com"; nocase; ) # 1i4z8gm15i9j4jlx9gn11gzxm56.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4z8gm15i9j4jlx9gn11gzxm56|03|com"; nocase; ) # 13o42sz18ha7y51mviaw31624y7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13o42sz18ha7y51mviaw31624y7|03|biz"; nocase; ) # dpd7mc1appbjj1jrq3zmechkwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpd7mc1appbjj1jrq3zmechkwr|03|net"; nocase; ) # teypcj1m29kfu1lbml081be79zd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|teypcj1m29kfu1lbml081be79zd|03|net"; nocase; ) # yjky0rfwsa4l1pd3qmexj9i6u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjky0rfwsa4l1pd3qmexj9i6u|03|com"; nocase; ) # 5na5ptz99tvj1kgkaud6l03k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5na5ptz99tvj1kgkaud6l03k|03|net"; nocase; ) # 9p7rfp11gg7qw1xccoal1j8cct2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9p7rfp11gg7qw1xccoal1j8cct2|03|net"; nocase; ) # 1cntg2w1pevavj18fu642jz050i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cntg2w1pevavj18fu642jz050i|03|com"; nocase; ) # jotsak1v8iic61y0hcfhj35eol.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jotsak1v8iic61y0hcfhj35eol|03|biz"; nocase; ) # 1rfoved1fbxvdi1mimmyydyqrlv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rfoved1fbxvdi1mimmyydyqrlv|03|net"; nocase; ) # 1bnt96ccl1a12vqcqb612ym7sr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bnt96ccl1a12vqcqb612ym7sr|03|net"; nocase; ) # 1gh8tyk13hvo6u1n8i2og4yh11f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gh8tyk13hvo6u1n8i2og4yh11f|03|net"; nocase; ) # 1awm95n18dleq71efsw6w1xpz589.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1awm95n18dleq71efsw6w1xpz589|03|com"; nocase; ) # 1x751n01ai8mkv6av6on9g0kwk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x751n01ai8mkv6av6on9g0kwk|03|biz"; nocase; ) # 176t3m71a79vg3eint6d1xfchcn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|176t3m71a79vg3eint6d1xfchcn|03|org"; nocase; ) # 15sy6rwrgzx0w1wo78nxlom690.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15sy6rwrgzx0w1wo78nxlom690|03|com"; nocase; ) # 1jfdwfp11lqrov1qdzk63171569q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jfdwfp11lqrov1qdzk63171569q|03|net"; nocase; ) # zkks177k6l6l1xa0paawea2cp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zkks177k6l6l1xa0paawea2cp|03|com"; nocase; ) # ssmqtufaztf7oofvev1gp871l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssmqtufaztf7oofvev1gp871l|03|net"; nocase; ) # 14nwn443f8xnl10o12k3h3bpa4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14nwn443f8xnl10o12k3h3bpa4|03|biz"; nocase; ) # 9ib0vfve2vl1ltd02i122j8rs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ib0vfve2vl1ltd02i122j8rs|03|org"; nocase; ) # nrem57157w5fcervb6k1ag8xga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nrem57157w5fcervb6k1ag8xga|03|net"; nocase; ) # 1fpz0c91mnd4ffd6q4lgu87fvf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpz0c91mnd4ffd6q4lgu87fvf|03|org"; nocase; ) # sq2mxuqjxrx61nqdyhfft4gnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sq2mxuqjxrx61nqdyhfft4gnq|03|net"; nocase; ) # 1lbvay51im97f716r8cdh11mxyil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lbvay51im97f716r8cdh11mxyil|03|biz"; nocase; ) # 1ng6keh1nx010a10zf857fcs9yj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ng6keh1nx010a10zf857fcs9yj|03|org"; nocase; ) # s281ip1ptwt00qhodgb1hzeu0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s281ip1ptwt00qhodgb1hzeu0l|03|net"; nocase; ) # 15y6ee0vxjzsa14hjr6w1sp2z72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15y6ee0vxjzsa14hjr6w1sp2z72|03|net"; nocase; ) # 4p12oasahibo1ysmuh01hll21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4p12oasahibo1ysmuh01hll21|03|biz"; nocase; ) # 1xiq7hze6bwnizqvm7q1ocga4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xiq7hze6bwnizqvm7q1ocga4h|03|net"; nocase; ) # gkwvlb1ch19ym16gbhn01ed7jya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gkwvlb1ch19ym16gbhn01ed7jya|03|biz"; nocase; ) # 2i5f201rcec8k1mze4ikptm5y0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2i5f201rcec8k1mze4ikptm5y0|03|biz"; nocase; ) # 1vj9mze1yk3tu9mwt5qqxj5it.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vj9mze1yk3tu9mwt5qqxj5it|03|org"; nocase; ) # 1xrd1kl7dsok1djyrq91ydrbh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xrd1kl7dsok1djyrq91ydrbh5|03|net"; nocase; ) # 1lrlmn51artln114irsrul519uh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lrlmn51artln114irsrul519uh|03|net"; nocase; ) # 5a4j5qs43uk5fqfc8t11ymj48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5a4j5qs43uk5fqfc8t11ymj48|03|net"; nocase; ) # pqxb001uf934n1fkwzj416t2ka6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pqxb001uf934n1fkwzj416t2ka6|03|com"; nocase; ) # 1tzlk0lhfy4921i5we8812qubxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tzlk0lhfy4921i5we8812qubxp|03|net"; nocase; ) # mud58tk2upol1p9aop077no8p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mud58tk2upol1p9aop077no8p|03|biz"; nocase; ) # p71swbuc4ausosnmiq1u67ihe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p71swbuc4ausosnmiq1u67ihe|03|com"; nocase; ) # 1ph522d1p2o1ss1az919c1glfoa6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ph522d1p2o1ss1az919c1glfoa6|03|net"; nocase; ) # 13wf2ocdeauz01g470sj7q7ygc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13wf2ocdeauz01g470sj7q7ygc|03|org"; nocase; ) # 1yd70fb1y6m3cw1yt52p7k4i70r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yd70fb1y6m3cw1yt52p7k4i70r|03|com"; nocase; ) # lg7l4p1ujkq93f105jm1stcz8c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lg7l4p1ujkq93f105jm1stcz8c|03|biz"; nocase; ) # 1jkua9x1d42ivi176x4np1gl6ws7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jkua9x1d42ivi176x4np1gl6ws7|03|net"; nocase; ) # 1cjebx9p6gh4h1csi7ph1u16t8v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjebx9p6gh4h1csi7ph1u16t8v|03|com"; nocase; ) # wza7res7jvoi155rnvn1vd6amd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wza7res7jvoi155rnvn1vd6amd|03|net"; nocase; ) # 1736k0l259pjtwvcjo3i26gin.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1736k0l259pjtwvcjo3i26gin|03|org"; nocase; ) # i5dfaa1frcc5o4dyfg919jtx8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5dfaa1frcc5o4dyfg919jtx8d|03|biz"; nocase; ) # 19awlyj1us48ehif8hc0xej7i9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19awlyj1us48ehif8hc0xej7i9|03|net"; nocase; ) # 12xt1xxataoui13cbr6b19mb2ad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12xt1xxataoui13cbr6b19mb2ad|03|net"; nocase; ) # na6pupgneevn1w9bxhk1kx6rri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|na6pupgneevn1w9bxhk1kx6rri|03|com"; nocase; ) # y1zr5n153x7l212kptq1v79uta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y1zr5n153x7l212kptq1v79uta|03|net"; nocase; ) # 18fvmy8unk68uyeekgl1hpxbwr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18fvmy8unk68uyeekgl1hpxbwr|03|biz"; nocase; ) # 1jmqmzsxz7hrh1q5lmdmv8qcu6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jmqmzsxz7hrh1q5lmdmv8qcu6|03|com"; nocase; ) # 965vdmhl7x4d1ch7cbb13mgdji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|965vdmhl7x4d1ch7cbb13mgdji|03|net"; nocase; ) # 1xnw2bi15hm6pz147n21n15eyx2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xnw2bi15hm6pz147n21n15eyx2y|03|com"; nocase; ) # 1so133eoa3oee1n9qkt51fga0c4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1so133eoa3oee1n9qkt51fga0c4|03|org"; nocase; ) # 1i7b0tq1y1hkin3if2g6mz04sq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i7b0tq1y1hkin3if2g6mz04sq|03|org"; nocase; ) # trelfj1ypsx0o1652ilnf1zr7m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|trelfj1ypsx0o1652ilnf1zr7m|03|com"; nocase; ) # 1kq4ljt11wcuu3nucuplcsh04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kq4ljt11wcuu3nucuplcsh04|03|net"; nocase; ) # 77s6qz8br4md19gr1vr13y5v4g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77s6qz8br4md19gr1vr13y5v4g|03|net"; nocase; ) # 1aa388i1y2rdi41sydpnl34wrt0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa388i1y2rdi41sydpnl34wrt0|03|biz"; nocase; ) # 44tw6c7e6nnq13whtzbyvveqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|44tw6c7e6nnq13whtzbyvveqn|03|net"; nocase; ) # zjufqsm9y51519bg8ygcwfmwx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjufqsm9y51519bg8ygcwfmwx|03|org"; nocase; ) # q385w4aup7cg1fclb3a16hs75h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q385w4aup7cg1fclb3a16hs75h|03|net"; nocase; ) # 1a74lk6uki96t1n8xsn11gogdss.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a74lk6uki96t1n8xsn11gogdss|03|org"; nocase; ) # fgfyq214f2cemjr8omzc3cjc2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fgfyq214f2cemjr8omzc3cjc2|03|org"; nocase; ) # ezzex61hqf2jgb8djnf14o9eeq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ezzex61hqf2jgb8djnf14o9eeq|03|net"; nocase; ) # 1ua4yh31ae8j5bkbrnej4dxzfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ua4yh31ae8j5bkbrnej4dxzfw|03|net"; nocase; ) # 2vy55012uc0ye1bpcbiy1lry19f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2vy55012uc0ye1bpcbiy1lry19f|03|biz"; nocase; ) # 176gyxkrkhamk5wh38tz209wa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|176gyxkrkhamk5wh38tz209wa|03|com"; nocase; ) # 1759rwy3nkydrv2tncztojxep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1759rwy3nkydrv2tncztojxep|03|com"; nocase; ) # 162e0n6vl79p914rsrsg1dz3x5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|162e0n6vl79p914rsrsg1dz3x5o|03|net"; nocase; ) # 174dphvk5s761cfxzpovg1jjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000036999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|174dphvk5s761cfxzpovg1jjh|03|org"; nocase; ) # c54wns1ik8tei4qyx4s7stbyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c54wns1ik8tei4qyx4s7stbyi|03|com"; nocase; ) # owe5061yogda31px7g3dp58wan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|owe5061yogda31px7g3dp58wan|03|org"; nocase; ) # t4zohg7ee56q1oow9j1kh6611.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4zohg7ee56q1oow9j1kh6611|03|com"; nocase; ) # fasjvl176bj8m1ycia5tbowoyv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fasjvl176bj8m1ycia5tbowoyv|03|org"; nocase; ) # 15g1la01412oqbexrr4q75pnnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15g1la01412oqbexrr4q75pnnz|03|com"; nocase; ) # 1uj59b334mmnz16lme7g6bwtl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uj59b334mmnz16lme7g6bwtl6|03|org"; nocase; ) # vxfy511tr3x8hcyze6in59k9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vxfy511tr3x8hcyze6in59k9y|03|net"; nocase; ) # 3izku11c9rbo1ac2uut1iyvx1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3izku11c9rbo1ac2uut1iyvx1o|03|net"; nocase; ) # 1c0g5w0120fyntnc9m0p5ojbtv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c0g5w0120fyntnc9m0p5ojbtv|03|biz"; nocase; ) # 1v71n4kkuc21eefthg215rnpv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v71n4kkuc21eefthg215rnpv4|03|org"; nocase; ) # 2xpwp0101q8aqmnulvt1e6xdnz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xpwp0101q8aqmnulvt1e6xdnz|03|org"; nocase; ) # jjduqp1auf2no15w01t7hot00o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jjduqp1auf2no15w01t7hot00o|03|biz"; nocase; ) # 1jhk71gpljfeqmxejqx1bm05ey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jhk71gpljfeqmxejqx1bm05ey|03|com"; nocase; ) # kzihov1p6tp8i4s0chxpjxjqg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kzihov1p6tp8i4s0chxpjxjqg|03|com"; nocase; ) # 6otyrkw1pkr81d049s58q5b3b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6otyrkw1pkr81d049s58q5b3b|03|com"; nocase; ) # 1gbbqqr1qyzvb81o7xkuvbfdz64.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gbbqqr1qyzvb81o7xkuvbfdz64|03|org"; nocase; ) # 12tbk811j6i2rd4fj3qm1fw8lsx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12tbk811j6i2rd4fj3qm1fw8lsx|03|com"; nocase; ) # 5ho3x998vbt418pyp5lowycwa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ho3x998vbt418pyp5lowycwa|03|org"; nocase; ) # 10m0oiv1lamool1pvb9og1mu0hfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10m0oiv1lamool1pvb9og1mu0hfq|03|biz"; nocase; ) # 1bviapggqubbioq6axm1lj54mv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bviapggqubbioq6axm1lj54mv|03|org"; nocase; ) # 778wve3n6mdk130tioy1p4c2me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|778wve3n6mdk130tioy1p4c2me|03|net"; nocase; ) # mfn82w1klrbh71dbjny71esmrew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mfn82w1klrbh71dbjny71esmrew|03|net"; nocase; ) # 10lrcxf16igv26cnykhhjj43ve.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10lrcxf16igv26cnykhhjj43ve|03|biz"; nocase; ) # 1h04ict1t0m9rm1q5i3ixql7w2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h04ict1t0m9rm1q5i3ixql7w2i|03|net"; nocase; ) # 1c328rhd2vtf111w6ckr9ddpf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c328rhd2vtf111w6ckr9ddpf|03|org"; nocase; ) # 1atvlfrlvn4f21nqkeox1djigll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1atvlfrlvn4f21nqkeox1djigll|03|net"; nocase; ) # g2i9jk17qy3n112qa532udrrsd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g2i9jk17qy3n112qa532udrrsd|03|com"; nocase; ) # skhuv89moub914q9k71pqw9ze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|skhuv89moub914q9k71pqw9ze|03|org"; nocase; ) # 112m0rw6b6b3e7rwffz1dr61ay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|112m0rw6b6b3e7rwffz1dr61ay|03|net"; nocase; ) # 1ij6oxr1cs9wdu1tfu2btssxxwa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ij6oxr1cs9wdu1tfu2btssxxwa|03|biz"; nocase; ) # imi22l1ag4urz1ia628roll3gp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imi22l1ag4urz1ia628roll3gp|03|org"; nocase; ) # xf77de1v3n3khcz7wmo1ofc1og.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xf77de1v3n3khcz7wmo1ofc1og|03|org"; nocase; ) # cvxl2a1m0ybl21u1mi0n1nyy18v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cvxl2a1m0ybl21u1mi0n1nyy18v|03|com"; nocase; ) # 1ryzt251z0jmcz1q6q40j7m0g4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ryzt251z0jmcz1q6q40j7m0g4n|03|net"; nocase; ) # 1u5ckkatotvpvwiy0w21hbndfl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u5ckkatotvpvwiy0w21hbndfl|03|org"; nocase; ) # hqluau112nrhc1krgy2l1mwh26q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hqluau112nrhc1krgy2l1mwh26q|03|biz"; nocase; ) # zj374qbsbvelumxx47cdrutq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zj374qbsbvelumxx47cdrutq|03|com"; nocase; ) # 1wv57scssqu69aszkxv1bgadc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wv57scssqu69aszkxv1bgadc7|03|net"; nocase; ) # 10tquotqshm7j15i137sfotnef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10tquotqshm7j15i137sfotnef|03|org"; nocase; ) # i2975xz15nvr7emjnhax0g0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i2975xz15nvr7emjnhax0g0l|03|net"; nocase; ) # 1idhqc23dsk9s15bvrmocv9hy4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1idhqc23dsk9s15bvrmocv9hy4|03|com"; nocase; ) # 16l7j3o1h3s3jwbcyu0y1vcc3ka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16l7j3o1h3s3jwbcyu0y1vcc3ka|03|org"; nocase; ) # go7h6d1zr045x8jegwa1wlfg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|go7h6d1zr045x8jegwa1wlfg|03|biz"; nocase; ) # m3hv2t135a4vh56t73e1knkmpb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m3hv2t135a4vh56t73e1knkmpb|03|net"; nocase; ) # fnqjzk1r4okbi13231e716bfc70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fnqjzk1r4okbi13231e716bfc70|03|net"; nocase; ) # 1tpyy691fip5ms1oujo8p1hi18sg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tpyy691fip5ms1oujo8p1hi18sg|03|org"; nocase; ) # vk76r610iae9j1n8uml91ak9x6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vk76r610iae9j1n8uml91ak9x6h|03|net"; nocase; ) # swhj1n18b9zxkh2t7orlwbmi8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|swhj1n18b9zxkh2t7orlwbmi8|03|com"; nocase; ) # bfo3tzbgy9m1nb06gp1x8sk6m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bfo3tzbgy9m1nb06gp1x8sk6m|03|net"; nocase; ) # uxszlq1eaepr61qvcxyy1dthzeu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uxszlq1eaepr61qvcxyy1dthzeu|03|com"; nocase; ) # 7552pdkoc2e61pa2fy21syyqlw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7552pdkoc2e61pa2fy21syyqlw|03|biz"; nocase; ) # ru1qgy1acvasgrvtjuj165pe69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ru1qgy1acvasgrvtjuj165pe69|03|net"; nocase; ) # 9dochw47pz0l1mx6021vl00q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9dochw47pz0l1mx6021vl00q|03|biz"; nocase; ) # 1m65gq0ob2h281dlc2mq54cbvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m65gq0ob2h281dlc2mq54cbvf|03|net"; nocase; ) # yxuuvr1uvtw4g1k8uxzl1i3vlzv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yxuuvr1uvtw4g1k8uxzl1i3vlzv|03|biz"; nocase; ) # lr4e4v68qcd19airef9xppyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lr4e4v68qcd19airef9xppyc|03|net"; nocase; ) # ow1zr190l1451n7cbvo1asqv41.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ow1zr190l1451n7cbvo1asqv41|03|org"; nocase; ) # u113wv28r1vujc3mhm1v7nk7a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u113wv28r1vujc3mhm1v7nk7a|03|org"; nocase; ) # hrmla61lr6qa11yhfc7iuvc646.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hrmla61lr6qa11yhfc7iuvc646|03|com"; nocase; ) # qltcz6w3kva6s1as4hqocps2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qltcz6w3kva6s1as4hqocps2|03|com"; nocase; ) # 19wvu51xjnkmk3lvnwciv1ass.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19wvu51xjnkmk3lvnwciv1ass|03|com"; nocase; ) # 1yb2fbdixls881cgw21o1hf9gsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yb2fbdixls881cgw21o1hf9gsw|03|net"; nocase; ) # wyc3y9s8jrw11yzv3km17hjjrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wyc3y9s8jrw11yzv3km17hjjrq|03|net"; nocase; ) # ovfxazgx5mze1ydhl64zi7n9x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovfxazgx5mze1ydhl64zi7n9x|03|com"; nocase; ) # 17g2z6hvti6rc1mzcs0zhg2gz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17g2z6hvti6rc1mzcs0zhg2gz8|03|net"; nocase; ) # rj9ww4104wax2jvq93y1nlmnt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rj9ww4104wax2jvq93y1nlmnt2|03|net"; nocase; ) # 15tqic7pm8unpjgk78m1kfutn9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tqic7pm8unpjgk78m1kfutn9|03|com"; nocase; ) # 19en9hjah3t7j616m2c1jxn1oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19en9hjah3t7j616m2c1jxn1oq|03|net"; nocase; ) # ae4fioxocdktt6mxu510v4mj5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ae4fioxocdktt6mxu510v4mj5|03|biz"; nocase; ) # 353oe55pd91b1mifojt1lcj1pl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|353oe55pd91b1mifojt1lcj1pl|03|org"; nocase; ) # rggqwbq87yqxd4qrqz3948z6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rggqwbq87yqxd4qrqz3948z6|03|org"; nocase; ) # x3hj061sr34lo9zs6n1gvcbuf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x3hj061sr34lo9zs6n1gvcbuf|03|com"; nocase; ) # c31b9d1vhir1bqyenq51e7vdkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c31b9d1vhir1bqyenq51e7vdkp|03|org"; nocase; ) # 1j0kjl9i4d6h91coqudx1ocn7nv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j0kjl9i4d6h91coqudx1ocn7nv|03|com"; nocase; ) # oseqsbjf7la8wbunx14kbbnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oseqsbjf7la8wbunx14kbbnx|03|net"; nocase; ) # usst6o7sk24h1kx6lj41iptnio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|usst6o7sk24h1kx6lj41iptnio|03|org"; nocase; ) # tuodvo1nq7tyvutke6k16lgpuz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tuodvo1nq7tyvutke6k16lgpuz|03|org"; nocase; ) # 12af2ckab6lu518gewxb7bf905.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12af2ckab6lu518gewxb7bf905|03|net"; nocase; ) # wbhlo712bpick1txiaf23obm6i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wbhlo712bpick1txiaf23obm6i|03|biz"; nocase; ) # 5pzciu1suaiq01uhwgh31vr3gtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5pzciu1suaiq01uhwgh31vr3gtn|03|net"; nocase; ) # 4xjvw11otiiaw190yedm38qpex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4xjvw11otiiaw190yedm38qpex|03|biz"; nocase; ) # 6kcj4419c8bvvkmppr1t8rgex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6kcj4419c8bvvkmppr1t8rgex|03|com"; nocase; ) # 9rq68u1wvog7h3euj41ikohhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9rq68u1wvog7h3euj41ikohhk|03|net"; nocase; ) # orspbgjxtrcxrr3xpf1us2x9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|orspbgjxtrcxrr3xpf1us2x9x|03|net"; nocase; ) # 1mv8ktactw8ybw2gmjc1slkslk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mv8ktactw8ybw2gmjc1slkslk|03|biz"; nocase; ) # 1w6xs7mxc2g05zyh9gm1lvce64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w6xs7mxc2g05zyh9gm1lvce64|03|net"; nocase; ) # iel41k1mn7ch8as7ist1eyxa85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iel41k1mn7ch8as7ist1eyxa85|03|net"; nocase; ) # 1dhukxy1gonbc1p1nwonpa91ap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dhukxy1gonbc1p1nwonpa91ap|03|com"; nocase; ) # 66h4zeijwi97w7cau96plwlf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|66h4zeijwi97w7cau96plwlf|03|org"; nocase; ) # 1ym3qhlc4smyigcfv8f1lwvr63.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ym3qhlc4smyigcfv8f1lwvr63|03|net"; nocase; ) # tsit0esnkdgtdqwury1e238v7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tsit0esnkdgtdqwury1e238v7|03|org"; nocase; ) # xp3inn15tgvw91m4rbp110icbvl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xp3inn15tgvw91m4rbp110icbvl|03|biz"; nocase; ) # v5s0xparbwe0q8hqw1lfdyd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v5s0xparbwe0q8hqw1lfdyd9|03|net"; nocase; ) # 100io4ldkqotndrezzb1g4phh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|100io4ldkqotndrezzb1g4phh4|03|net"; nocase; ) # 1nangmh7zlii392wgk1yh9jw8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nangmh7zlii392wgk1yh9jw8|03|com"; nocase; ) # l61wtb63iyrdugitep1y1zb9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l61wtb63iyrdugitep1y1zb9k|03|net"; nocase; ) # 1furlan2h3ul01s3zwc6167k4t8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1furlan2h3ul01s3zwc6167k4t8|03|net"; nocase; ) # w7e5rrl3ytknvg78m019nhf2a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w7e5rrl3ytknvg78m019nhf2a|03|org"; nocase; ) # 1hwhugv1thj0zh1ih0rd3nxftyq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwhugv1thj0zh1ih0rd3nxftyq|03|net"; nocase; ) # 1lc1pe31aqoi3q1r0suf4sslrtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lc1pe31aqoi3q1r0suf4sslrtj|03|net"; nocase; ) # mpj5yz106jv4a1iyl1o71rdxu62.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mpj5yz106jv4a1iyl1o71rdxu62|03|net"; nocase; ) # 10fcqip7imt1h1d36vbw1o1vde3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10fcqip7imt1h1d36vbw1o1vde3|03|net"; nocase; ) # kg922w1c4818irdk4c0cqbl71.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kg922w1c4818irdk4c0cqbl71|03|net"; nocase; ) # 1sbzji49kd50d1yd2td1idyhvi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sbzji49kd50d1yd2td1idyhvi|03|net"; nocase; ) # i5vj671odumfm4nadtv1ord09r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i5vj671odumfm4nadtv1ord09r|03|com"; nocase; ) # irmuv21g04d221madm7q1daaocc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|irmuv21g04d221madm7q1daaocc|03|com"; nocase; ) # wxwyjqiy3wmg1dpq20r1gub4e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wxwyjqiy3wmg1dpq20r1gub4e0|03|biz"; nocase; ) # 279rjq1ammptm14nc17mqlblwy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|279rjq1ammptm14nc17mqlblwy|03|com"; nocase; ) # 1tl0qw21yt4qe81xkaabw6rrz3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tl0qw21yt4qe81xkaabw6rrz3i|03|com"; nocase; ) # 1llsekzjfnexgscnhxbkbas4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1llsekzjfnexgscnhxbkbas4|03|org"; nocase; ) # 1r5v6nu1f80wtdmcq0apb6h3z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r5v6nu1f80wtdmcq0apb6h3z|03|biz"; nocase; ) # 1rh6g0c1rup9r6h371tu1tt0oo3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rh6g0c1rup9r6h371tu1tt0oo3|03|biz"; nocase; ) # 1fbmuv11ozra5v6gffg3rna5z2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fbmuv11ozra5v6gffg3rna5z2|03|net"; nocase; ) # 1j1a15czzrn8i13wr08u5imaw6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j1a15czzrn8i13wr08u5imaw6|03|org"; nocase; ) # 1oep7gt13ut6gu1b016t55ui5tm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oep7gt13ut6gu1b016t55ui5tm|03|biz"; nocase; ) # lv40q9cevqft1bamrk41t0foz8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lv40q9cevqft1bamrk41t0foz8|03|com"; nocase; ) # 1pbbubt16qnn371wznltr1uz92g3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pbbubt16qnn371wznltr1uz92g3|03|com"; nocase; ) # 12i7q7vo9c7qv1ht72td8guc7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12i7q7vo9c7qv1ht72td8guc7|03|biz"; nocase; ) # 1kxrr8m16jrpft145l4f91hjo6g1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kxrr8m16jrpft145l4f91hjo6g1|03|biz"; nocase; ) # 7pk9sa4vbaa2s0jmz0rcxk4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7pk9sa4vbaa2s0jmz0rcxk4t|03|com"; nocase; ) # 4c10hcgj8whzg937ij1mwarsw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4c10hcgj8whzg937ij1mwarsw|03|com"; nocase; ) # 1axy8ipj8t358vvif71pghexg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1axy8ipj8t358vvif71pghexg|03|net"; nocase; ) # 1nrn8ol1s9modo1biun5rg1lmry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nrn8ol1s9modo1biun5rg1lmry|03|net"; nocase; ) # dzspyz124g3d09sl8i13lb77o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzspyz124g3d09sl8i13lb77o|03|net"; nocase; ) # 1wbwsy1iamxaf14njrovgd5m7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbwsy1iamxaf14njrovgd5m7w|03|org"; nocase; ) # 11hv5b2hgi18mwhe78ou1qqa6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11hv5b2hgi18mwhe78ou1qqa6|03|biz"; nocase; ) # 1w8cng33igpbz1wc5sta8vt89p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w8cng33igpbz1wc5sta8vt89p|03|net"; nocase; ) # 6aokkl9x63d8ybmpkg18kfxp8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6aokkl9x63d8ybmpkg18kfxp8|03|com"; nocase; ) # 1ae5bhpho12wy5s1o4rwpqg5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ae5bhpho12wy5s1o4rwpqg5i|03|net"; nocase; ) # 19404thpa420j3pupy35wl2io.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19404thpa420j3pupy35wl2io|03|biz"; nocase; ) # 1w6lkj81yjxgo136n6b71yg1xmg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6lkj81yjxgo136n6b71yg1xmg|03|com"; nocase; ) # 1bvvdd84lhd3v1fxurpt1wacgxi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bvvdd84lhd3v1fxurpt1wacgxi|03|com"; nocase; ) # 1vx2xx0lrw34w1fl5ecj1cs9a7t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vx2xx0lrw34w1fl5ecj1cs9a7t|03|com"; nocase; ) # 6ojzqs1e0fqc91bc8sdg1njzci5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ojzqs1e0fqc91bc8sdg1njzci5|03|net"; nocase; ) # 415w9s59yb1qbb1nrej8gyvs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|415w9s59yb1qbb1nrej8gyvs|03|net"; nocase; ) # 1t4nqyq179eimm1b2sqw4ueztek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4nqyq179eimm1b2sqw4ueztek|03|net"; nocase; ) # 1clzl5t1a03w9y1xzgkeo61mx4o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1clzl5t1a03w9y1xzgkeo61mx4o|03|com"; nocase; ) # bxgp4vjalcgovcspyj1s8ctc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bxgp4vjalcgovcspyj1s8ctc|03|org"; nocase; ) # zjcl2pupu7k1wc5imxxahnuv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zjcl2pupu7k1wc5imxxahnuv|03|com"; nocase; ) # ct1e0x15rw4eg1svobwl135cmog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ct1e0x15rw4eg1svobwl135cmog|03|org"; nocase; ) # 8agfds1h3qzerv5erq0m3v3i5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8agfds1h3qzerv5erq0m3v3i5|03|biz"; nocase; ) # dfqdyg2uassd7rcuasqdk59l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dfqdyg2uassd7rcuasqdk59l|03|biz"; nocase; ) # 1q3sdc8tsi64mxhofy7t5akmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q3sdc8tsi64mxhofy7t5akmu|03|net"; nocase; ) # 18w8zr9lm02pk1a7cmrz6w2a2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18w8zr9lm02pk1a7cmrz6w2a2f|03|net"; nocase; ) # vdllcqyvlv6z1vmdrdhkf1nlq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vdllcqyvlv6z1vmdrdhkf1nlq|03|biz"; nocase; ) # 1osayl1643yuif51lek1ca2258.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1osayl1643yuif51lek1ca2258|03|com"; nocase; ) # 1ggl9ja6cxxtp9de8fw8l1r5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ggl9ja6cxxtp9de8fw8l1r5|03|com"; nocase; ) # 1fwfl0xxixo7zfn5ag1ciegq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fwfl0xxixo7zfn5ag1ciegq2|03|net"; nocase; ) # aeuf81o2xcu71wzbkkd7uptmh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aeuf81o2xcu71wzbkkd7uptmh|03|net"; nocase; ) # bp3ihu13gkk7cfucl215bnrou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bp3ihu13gkk7cfucl215bnrou|03|com"; nocase; ) # b5hy0617uewpqa0q7wj792kvy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b5hy0617uewpqa0q7wj792kvy|03|biz"; nocase; ) # eucflc16tiyxx1vxptzu10s6h4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eucflc16tiyxx1vxptzu10s6h4j|03|org"; nocase; ) # e3xeqvzg2ju7b3y0731hjn6no.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e3xeqvzg2ju7b3y0731hjn6no|03|com"; nocase; ) # 10wnqirc5jfmwjblfkp1prh6c6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wnqirc5jfmwjblfkp1prh6c6|03|com"; nocase; ) # wxjivp57lo4evn1c2s1fxlqz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxjivp57lo4evn1c2s1fxlqz6|03|net"; nocase; ) # 1g9gfh01aerkgr3m0zy7dqtc8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g9gfh01aerkgr3m0zy7dqtc8|03|biz"; nocase; ) # 144f103p2rr9h6haru733yy1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|144f103p2rr9h6haru733yy1u|03|com"; nocase; ) # 15vunqyngsbsy1hn174zdo357.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15vunqyngsbsy1hn174zdo357|03|net"; nocase; ) # 1rs8hjvp6lr7aoxzbsklpmsaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rs8hjvp6lr7aoxzbsklpmsaa|03|org"; nocase; ) # 1dftvawgpdxniy6ye1wp20zlg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dftvawgpdxniy6ye1wp20zlg|03|net"; nocase; ) # 1xl535c1o52hev1dytrpit9e3cy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xl535c1o52hev1dytrpit9e3cy|03|org"; nocase; ) # 1t9qlco5s1n8k1uzff4i16tg2m5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t9qlco5s1n8k1uzff4i16tg2m5|03|com"; nocase; ) # 1fynpx51yb2hzg1lotxfppfilbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fynpx51yb2hzg1lotxfppfilbr|03|net"; nocase; ) # xbp1o21o6w2r51r4qbsqio48gc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xbp1o21o6w2r51r4qbsqio48gc|03|net"; nocase; ) # cte2f1da271v2q8ios4alk9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cte2f1da271v2q8ios4alk9l|03|net"; nocase; ) # 1b4hua27dwqduq9bruq1kbdo4y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4hua27dwqduq9bruq1kbdo4y|03|net"; nocase; ) # 1026c4s1k76hhx5y8s85vpuplw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1026c4s1k76hhx5y8s85vpuplw|03|org"; nocase; ) # 9h9oul1pdfp426fynye1s2bakz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9h9oul1pdfp426fynye1s2bakz|03|biz"; nocase; ) # 1jjkxe512o08ki13hojso1dzkw71.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jjkxe512o08ki13hojso1dzkw71|03|net"; nocase; ) # 13rjavtofgm9j1b8pcr9hkdw2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13rjavtofgm9j1b8pcr9hkdw2q|03|net"; nocase; ) # sfsbtj4f6jyoq7w0n69e1zq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|sfsbtj4f6jyoq7w0n69e1zq|03|org"; nocase; ) # 14a75v81580ug9133nmoe16y5nsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14a75v81580ug9133nmoe16y5nsa|03|net"; nocase; ) # 1ln8e3u1mihew22fqeu11934ob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ln8e3u1mihew22fqeu11934ob|03|org"; nocase; ) # 2jhcefbtqvb91xee0lklwg6vg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2jhcefbtqvb91xee0lklwg6vg|03|org"; nocase; ) # np8a04pajaargnclxlku34xk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|np8a04pajaargnclxlku34xk|03|net"; nocase; ) # 1axc2xn64gu541f0bwzn1nmx9bg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1axc2xn64gu541f0bwzn1nmx9bg|03|com"; nocase; ) # 1chscx810nhwz715qm491ps9zmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1chscx810nhwz715qm491ps9zmf|03|biz"; nocase; ) # bv6jnk1mkdq2kmxpe1quvkxwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bv6jnk1mkdq2kmxpe1quvkxwv|03|org"; nocase; ) # g0gfqt49l9a61vr63uq156j7g9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g0gfqt49l9a61vr63uq156j7g9|03|net"; nocase; ) # 1q60b3zue1pc0gauhsn4kpyom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q60b3zue1pc0gauhsn4kpyom|03|com"; nocase; ) # 1xyanvl1o5m85i1aeskxu104j2hh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xyanvl1o5m85i1aeskxu104j2hh|03|org"; nocase; ) # 1hdr6r4or6w5xl5nmih1147im.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hdr6r4or6w5xl5nmih1147im|03|com"; nocase; ) # 1haveip1b0d5oj1q74wnp1pqsg1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1haveip1b0d5oj1q74wnp1pqsg1y|03|com"; nocase; ) # 41gn9p1mhmw2v1dw6lob1bzm4lw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|41gn9p1mhmw2v1dw6lob1bzm4lw|03|biz"; nocase; ) # e4vsp3i8gvk2m7da5zd4ewcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e4vsp3i8gvk2m7da5zd4ewcr|03|org"; nocase; ) # 6lvt3xmawl0p1k6o882h7yx7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6lvt3xmawl0p1k6o882h7yx7g|03|com"; nocase; ) # 1n2i31s1p3ak141otxcgb1nsa4ry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n2i31s1p3ak141otxcgb1nsa4ry|03|com"; nocase; ) # 182cbun13t9s791fkmr5wu4ruly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182cbun13t9s791fkmr5wu4ruly|03|net"; nocase; ) # yr67ux1m4hrabyg266nwq7wkh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yr67ux1m4hrabyg266nwq7wkh|03|biz"; nocase; ) # ayaohp13ff7np1fki21b1ubr4s1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ayaohp13ff7np1fki21b1ubr4s1|03|net"; nocase; ) # 16bi3zw1gh1f11cfkvzaz8d0fg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16bi3zw1gh1f11cfkvzaz8d0fg|03|net"; nocase; ) # 82yxag1qtwsge1hk4cle10jtpre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|82yxag1qtwsge1hk4cle10jtpre|03|com"; nocase; ) # p7ykybvtklv4rcdrxaj1qlpm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p7ykybvtklv4rcdrxaj1qlpm|03|org"; nocase; ) # 8gagw413nfqia1tw4l4tenxmgw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8gagw413nfqia1tw4l4tenxmgw|03|net"; nocase; ) # 6j2g74qfde07bno2ur1yzurof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6j2g74qfde07bno2ur1yzurof|03|com"; nocase; ) # ezaovr52qtx613x8n71q0g5v9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ezaovr52qtx613x8n71q0g5v9|03|net"; nocase; ) # 1q41dul1p1xk1h1qha66kmv6lx6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q41dul1p1xk1h1qha66kmv6lx6|03|org"; nocase; ) # 1t80wpugk2nnk107c1do1b3pej8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t80wpugk2nnk107c1do1b3pej8|03|com"; nocase; ) # q4v2zbj30bq71bc1dc2am2ulo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q4v2zbj30bq71bc1dc2am2ulo|03|org"; nocase; ) # r3jvlwtykzj1bsinjb15392ct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r3jvlwtykzj1bsinjb15392ct|03|com"; nocase; ) # 10y3xoswc0176179naxxlxy24r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10y3xoswc0176179naxxlxy24r|03|org"; nocase; ) # 1thonaf1e85zq515hs4ha1boll94.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1thonaf1e85zq515hs4ha1boll94|03|net"; nocase; ) # 19ly8qh12nu6311ftntv6i317nz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ly8qh12nu6311ftntv6i317nz|03|biz"; nocase; ) # 136gt4vn4evye1he9ubkrflfp3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136gt4vn4evye1he9ubkrflfp3|03|net"; nocase; ) # qqpzr610qz2blfp78tabmqmlu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qqpzr610qz2blfp78tabmqmlu|03|biz"; nocase; ) # fzszqp14c6lbepcwo5yy1cz9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzszqp14c6lbepcwo5yy1cz9l|03|net"; nocase; ) # 1tqr48g1ic0wwilop2o1g89zli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqr48g1ic0wwilop2o1g89zli|03|net"; nocase; ) # 1gb3vg01xrqcer1fsfh15erlaq9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gb3vg01xrqcer1fsfh15erlaq9|03|biz"; nocase; ) # 1ezk2l5eo4w24e6a8u1mrpl7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ezk2l5eo4w24e6a8u1mrpl7d|03|net"; nocase; ) # 1xnnpi1o6b3ym1glpomm2u97ti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnnpi1o6b3ym1glpomm2u97ti|03|org"; nocase; ) # v03doz1vao32ndr982j12l6uzf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v03doz1vao32ndr982j12l6uzf|03|org"; nocase; ) # b1p5oz4od9ib1y0fxrd1yi9edb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b1p5oz4od9ib1y0fxrd1yi9edb|03|net"; nocase; ) # 13q86d2q75md01dfcllr15v1gzx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13q86d2q75md01dfcllr15v1gzx|03|net"; nocase; ) # 12y0orwyn6ys213jq3fq1g6xh50.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12y0orwyn6ys213jq3fq1g6xh50|03|biz"; nocase; ) # 1m1s7ehiq8uwd1sa5014c9enp0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1s7ehiq8uwd1sa5014c9enp0|03|net"; nocase; ) # 157i7jp1m2jhfn1qot4ai162vvgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|157i7jp1m2jhfn1qot4ai162vvgz|03|com"; nocase; ) # 105wjfjvn0co9m07xj015j71y6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|105wjfjvn0co9m07xj015j71y6|03|biz"; nocase; ) # p87r221npmx1p1d7lj6bv7oxtf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p87r221npmx1p1d7lj6bv7oxtf|03|org"; nocase; ) # 1xl066dj7kmv61anfggm19t6o74.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xl066dj7kmv61anfggm19t6o74|03|biz"; nocase; ) # 106x8wevee88ee02fgw82bqtr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|106x8wevee88ee02fgw82bqtr|03|net"; nocase; ) # 1psq0611s7xe1zqbs9ym1ryx8ff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1psq0611s7xe1zqbs9ym1ryx8ff|03|net"; nocase; ) # 1kkcyfi1af1gi113fdfjr1oyjrgd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kkcyfi1af1gi113fdfjr1oyjrgd|03|org"; nocase; ) # wmxkx2fnaytr1sg8wl31w1k64h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wmxkx2fnaytr1sg8wl31w1k64h|03|com"; nocase; ) # 40xjra1h93u8a1sgz7uv1yn10pa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|40xjra1h93u8a1sgz7uv1yn10pa|03|net"; nocase; ) # r6f4k2gf6x451pzcz1w3r3w2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6f4k2gf6x451pzcz1w3r3w2z|03|org"; nocase; ) # vemtjx1njvasy1gwbq131rb8yoh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vemtjx1njvasy1gwbq131rb8yoh|03|com"; nocase; ) # 11y5oepb5ztx51r17kk4yac7qm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11y5oepb5ztx51r17kk4yac7qm|03|net"; nocase; ) # 1cdlj3h170m6ncegug92jj7mzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cdlj3h170m6ncegug92jj7mzm|03|net"; nocase; ) # z7tosg178i8nis7apgc1j7ai10.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7tosg178i8nis7apgc1j7ai10|03|com"; nocase; ) # 1k2j10qqrr3mv16770xb1sd56i5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k2j10qqrr3mv16770xb1sd56i5|03|biz"; nocase; ) # dasnnw1jausuk1fnh277qz5rr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dasnnw1jausuk1fnh277qz5rr0|03|net"; nocase; ) # 17joasv8w0bcosm7xz61smw9rl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17joasv8w0bcosm7xz61smw9rl|03|net"; nocase; ) # 1iscmd1bjxaz11nmip3cd2cdrq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iscmd1bjxaz11nmip3cd2cdrq|03|org"; nocase; ) # 1anitpm13u7xpqnfbhdyhnucn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1anitpm13u7xpqnfbhdyhnucn|03|com"; nocase; ) # 178ohlw1v1lel2falwsa2xa091.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178ohlw1v1lel2falwsa2xa091|03|net"; nocase; ) # u87r831fclkzz1otodbk8byi34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u87r831fclkzz1otodbk8byi34|03|org"; nocase; ) # 11a8082boaupd1kxzjx01adidt1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11a8082boaupd1kxzjx01adidt1|03|net"; nocase; ) # 1v91ystnk7abd1qnqil61vrnfhb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v91ystnk7abd1qnqil61vrnfhb|03|org"; nocase; ) # 189y2xsnhti8k16x0buv10skdex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|189y2xsnhti8k16x0buv10skdex|03|org"; nocase; ) # 1avjyl9xundbp3ab53ph7dtgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1avjyl9xundbp3ab53ph7dtgo|03|net"; nocase; ) # 1qt4eryevee8s1fi2ffga8mjgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qt4eryevee8s1fi2ffga8mjgg|03|biz"; nocase; ) # n4ukokc0z1tytu2zqfi03spf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n4ukokc0z1tytu2zqfi03spf|03|org"; nocase; ) # 1kuhdl41iyy4mnzpz0zoupttza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kuhdl41iyy4mnzpz0zoupttza|03|com"; nocase; ) # 1iwo8vm7xmjcp1099dot1w25kk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iwo8vm7xmjcp1099dot1w25kk6|03|net"; nocase; ) # 13c7s5yyg72zn1hrcl1pbddrug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13c7s5yyg72zn1hrcl1pbddrug|03|net"; nocase; ) # v8z3ebbpdp3l9hu2fgk13amp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v8z3ebbpdp3l9hu2fgk13amp|03|org"; nocase; ) # 1md5fx3d1q61sf7wfc1wop5de.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1md5fx3d1q61sf7wfc1wop5de|03|org"; nocase; ) # q3eyrnx8jehr10wzxsb14kqp4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q3eyrnx8jehr10wzxsb14kqp4p|03|biz"; nocase; ) # 1oltmf61ueornd52vy60qdqmz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oltmf61ueornd52vy60qdqmz6|03|net"; nocase; ) # 126t9r3f6k04g50oaawy6v2sn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|126t9r3f6k04g50oaawy6v2sn|03|net"; nocase; ) # 1sazsq8z2oo7c1vtyoly1x110h2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sazsq8z2oo7c1vtyoly1x110h2|03|net"; nocase; ) # 1bvobdb1hcpu7vg5cp1b1lco4mk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bvobdb1hcpu7vg5cp1b1lco4mk|03|com"; nocase; ) # ec40061vwb29q1bai59i1om2i5o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ec40061vwb29q1bai59i1om2i5o|03|org"; nocase; ) # o5ga8j1u3m1w01j4h5ewihktrr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o5ga8j1u3m1w01j4h5ewihktrr|03|biz"; nocase; ) # 9mi1ki1yks7qt183giwet6vxhi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9mi1ki1yks7qt183giwet6vxhi|03|net"; nocase; ) # 17eif6913q7r481br7cu81nwjuvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17eif6913q7r481br7cu81nwjuvf|03|net"; nocase; ) # 1218lv2187ivbj1326fajomfy06.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1218lv2187ivbj1326fajomfy06|03|org"; nocase; ) # 15zdf5a5q6soxerptkp1hjsk6l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15zdf5a5q6soxerptkp1hjsk6l|03|net"; nocase; ) # zbol0hvklqwu1r6z7xe1y6i27m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zbol0hvklqwu1r6z7xe1y6i27m|03|com"; nocase; ) # 2zzi7le5mtvm1snffaz1w1fsrl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zzi7le5mtvm1snffaz1w1fsrl|03|biz"; nocase; ) # rispyxq1c629zpl4l21fmh8vv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rispyxq1c629zpl4l21fmh8vv|03|net"; nocase; ) # q8ol8r1nhsbht1nuaawmwlhmh7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8ol8r1nhsbht1nuaawmwlhmh7|03|biz"; nocase; ) # 14usmyz1srt8semh798ijboc2v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14usmyz1srt8semh798ijboc2v|03|org"; nocase; ) # fv0xkb1fcf8byhp3yr7ls837t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fv0xkb1fcf8byhp3yr7ls837t|03|biz"; nocase; ) # ic1t7xhqoed5uw2p1b74f397.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ic1t7xhqoed5uw2p1b74f397|03|org"; nocase; ) # yyhaesjkeavme8nz5rlc1sv7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yyhaesjkeavme8nz5rlc1sv7|03|biz"; nocase; ) # 1l88ak1oc8bgv1sx2d9318qwu0l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l88ak1oc8bgv1sx2d9318qwu0l|03|biz"; nocase; ) # 1bbufbk13wtxafud1r0z1wzeqbb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bbufbk13wtxafud1r0z1wzeqbb|03|net"; nocase; ) # 1ulg586136d1p1hbelhs3bahuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ulg586136d1p1hbelhs3bahuw|03|net"; nocase; ) # 9re1f25lh5141qrdvfv1vb1asg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9re1f25lh5141qrdvfv1vb1asg|03|biz"; nocase; ) # 1h14w881735szi1po4nlx1q2kagi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h14w881735szi1po4nlx1q2kagi|03|org"; nocase; ) # uk25c7f5hknp5gniyq1g70mn1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uk25c7f5hknp5gniyq1g70mn1|03|org"; nocase; ) # qwbyrw1mm9y7b1hj9llfosk868.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qwbyrw1mm9y7b1hj9llfosk868|03|net"; nocase; ) # lv8f3016auc01155n6rzl6s4lg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lv8f3016auc01155n6rzl6s4lg|03|org"; nocase; ) # 1cjse9o1o9jg6xxm91zdq8a00v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cjse9o1o9jg6xxm91zdq8a00v|03|org"; nocase; ) # h794dedzziblhhgrxe1bolekc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h794dedzziblhhgrxe1bolekc|03|com"; nocase; ) # kqdppbangcys82wcfr4p2ael.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kqdppbangcys82wcfr4p2ael|03|com"; nocase; ) # g0fubst58ld71p9qcc81e0o7mn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g0fubst58ld71p9qcc81e0o7mn|03|net"; nocase; ) # 12m4lzd15s0u33mzwv661mptknu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12m4lzd15s0u33mzwv661mptknu|03|com"; nocase; ) # tybef653rzic16966fu8wn7kf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tybef653rzic16966fu8wn7kf|03|biz"; nocase; ) # g8vqw1ul93eic7vm8i1jl12rt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g8vqw1ul93eic7vm8i1jl12rt|03|com"; nocase; ) # 1j78n5b6qivez8wgsm9k4uzhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j78n5b6qivez8wgsm9k4uzhp|03|com"; nocase; ) # r9w5yeva6kwzcyxhtqjeyic0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r9w5yeva6kwzcyxhtqjeyic0|03|net"; nocase; ) # 82mwrpabsqdp9ofh0ff3rakl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|82mwrpabsqdp9ofh0ff3rakl|03|com"; nocase; ) # 8y9gxs1ebom0cu3hgfdr0h8d5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8y9gxs1ebom0cu3hgfdr0h8d5|03|org"; nocase; ) # 41n9fi1xondiy19xg92b17ylfe9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|41n9fi1xondiy19xg92b17ylfe9|03|net"; nocase; ) # 2de9ny1ema2c2b9h4l1h2j0vs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2de9ny1ema2c2b9h4l1h2j0vs|03|org"; nocase; ) # 3n7u2nhnyqmz1wqdbv94yjbnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3n7u2nhnyqmz1wqdbv94yjbnh|03|com"; nocase; ) # 56finw1faflyy1seowge134110d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|56finw1faflyy1seowge134110d|03|net"; nocase; ) # snw2trhb8vol1nlroww1f32zge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|snw2trhb8vol1nlroww1f32zge|03|net"; nocase; ) # 1ilah3bfauhww1ioobo614io6sl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ilah3bfauhww1ioobo614io6sl|03|net"; nocase; ) # 1ryf85g37ck4ohnf4jv1hyzipq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ryf85g37ck4ohnf4jv1hyzipq|03|org"; nocase; ) # sgq5pky70ggejjlojkxg4jzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sgq5pky70ggejjlojkxg4jzm|03|com"; nocase; ) # 17p2kwf16v382m1de9pevyjjo6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17p2kwf16v382m1de9pevyjjo6i|03|org"; nocase; ) # 91xudgq758nt14vwv82dfotfl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91xudgq758nt14vwv82dfotfl|03|biz"; nocase; ) # 1wul8to18bbdhu7mrojrndzdw5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wul8to18bbdhu7mrojrndzdw5|03|com"; nocase; ) # 1x32j7gm9cpzy1hd1q4ifd588t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x32j7gm9cpzy1hd1q4ifd588t|03|org"; nocase; ) # 1pti4zx1pky5j7wuo3jc1m2snga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pti4zx1pky5j7wuo3jc1m2snga|03|net"; nocase; ) # 9lyvav1joon7c1d3bqjek4r6y2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9lyvav1joon7c1d3bqjek4r6y2|03|com"; nocase; ) # 1ikzdac1n3jm6k1d9d44m7todj9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ikzdac1n3jm6k1d9d44m7todj9|03|biz"; nocase; ) # 4ggg3wrl1h3njzhsud1jhtxfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ggg3wrl1h3njzhsud1jhtxfl|03|net"; nocase; ) # psbhnc1ysk9zu1epfy1q13a4te.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|psbhnc1ysk9zu1epfy1q13a4te|03|com"; nocase; ) # dg6m492b6ceh1smd6kommo8gw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dg6m492b6ceh1smd6kommo8gw|03|biz"; nocase; ) # aiartpawgzkb2vxpk6aijgu9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aiartpawgzkb2vxpk6aijgu9|03|net"; nocase; ) # 10luxydshks59i7ywj49i10k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|10luxydshks59i7ywj49i10k|03|net"; nocase; ) # urbbvj1rk0a6a3mawo31f5pkje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|urbbvj1rk0a6a3mawo31f5pkje|03|org"; nocase; ) # 1j9aq2dv9x9ca1cs3hg0cav7v4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j9aq2dv9x9ca1cs3hg0cav7v4|03|com"; nocase; ) # 2pzy10j8avfskvvhqn1poc8zx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2pzy10j8avfskvvhqn1poc8zx|03|org"; nocase; ) # gbs99qpvfz0w1uq2tb4ed11px.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbs99qpvfz0w1uq2tb4ed11px|03|net"; nocase; ) # 1bc42vr1riorlx1kx2sdj1r5n3hs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bc42vr1riorlx1kx2sdj1r5n3hs|03|biz"; nocase; ) # 2vk3l41996eu4mowqr112gc6zd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2vk3l41996eu4mowqr112gc6zd|03|com"; nocase; ) # w8z0gphpga46196gu6ki0o20j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w8z0gphpga46196gu6ki0o20j|03|org"; nocase; ) # 5lp46mrlfqdb17gcq646l37nr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5lp46mrlfqdb17gcq646l37nr|03|com"; nocase; ) # 178ekcceoo6zr37er5wn3dsu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|178ekcceoo6zr37er5wn3dsu2|03|net"; nocase; ) # cs370u1ud7fjqqxiqu1vbo2fq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs370u1ud7fjqqxiqu1vbo2fq|03|biz"; nocase; ) # 1vxjvj595sjl757jal81lmkuj0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxjvj595sjl757jal81lmkuj0|03|com"; nocase; ) # 1s3hzq313o5wkjxuy49a1cq3m1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3hzq313o5wkjxuy49a1cq3m1v|03|com"; nocase; ) # rhqsdpbu1p0keuwlx91x0hs1g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rhqsdpbu1p0keuwlx91x0hs1g|03|net"; nocase; ) # 13wneakj0z1bo1jrif4s1sj6hl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13wneakj0z1bo1jrif4s1sj6hl7|03|org"; nocase; ) # 35ptttjrtgpb13p0zsp4qbpjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|35ptttjrtgpb13p0zsp4qbpjf|03|org"; nocase; ) # o4q7l712phrd36osg0i13gakyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4q7l712phrd36osg0i13gakyk|03|net"; nocase; ) # ce85yk1e2ie2at44e8a1jrkd60.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ce85yk1e2ie2at44e8a1jrkd60|03|org"; nocase; ) # q2jhxqzxmzvg24w3wevoh9rz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q2jhxqzxmzvg24w3wevoh9rz|03|biz"; nocase; ) # 1y7k3ax93rjh16q0uqu5wzptd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y7k3ax93rjh16q0uqu5wzptd|03|com"; nocase; ) # qg2lr215fzaunzh3u00ehbx3x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qg2lr215fzaunzh3u00ehbx3x|03|org"; nocase; ) # f22n7lz85we6qyckhr18358xz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f22n7lz85we6qyckhr18358xz|03|com"; nocase; ) # 1377w261ml16aa1jycst1zoltd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1377w261ml16aa1jycst1zoltd6|03|net"; nocase; ) # 1ycmhfczpab519im6vp16kq10g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ycmhfczpab519im6vp16kq10g|03|com"; nocase; ) # 1627ov91yb45q1sdxbulo3sh4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1627ov91yb45q1sdxbulo3sh4u|03|biz"; nocase; ) # 1ohzu291w8o1y913atb361mc4jq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ohzu291w8o1y913atb361mc4jq4|03|org"; nocase; ) # 1yug3z21gt5opquje3z71x5j65n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yug3z21gt5opquje3z71x5j65n|03|com"; nocase; ) # 1jwvprdj1iqsuwm7p141bbbn20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jwvprdj1iqsuwm7p141bbbn20|03|net"; nocase; ) # drb5oddd4p046lcn5an8r6ay.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|drb5oddd4p046lcn5an8r6ay|03|biz"; nocase; ) # py2e811q8cay177hnl81nsxstc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|py2e811q8cay177hnl81nsxstc|03|com"; nocase; ) # 89if7o19bm1u61g9j0pyqqaww7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89if7o19bm1u61g9j0pyqqaww7|03|org"; nocase; ) # 1p0zmah1l7ssydipdylihh55kk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p0zmah1l7ssydipdylihh55kk|03|com"; nocase; ) # oi1vhs16olbd1e989611up1d7n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oi1vhs16olbd1e989611up1d7n|03|net"; nocase; ) # 1xg0rpt1y60pti1qme8a62dytk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xg0rpt1y60pti1qme8a62dytk9|03|org"; nocase; ) # p7xvbh1bz86usvzi0ld1auvn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p7xvbh1bz86usvzi0ld1auvn7|03|net"; nocase; ) # 1kl05cr034syq3fxgu16wsyx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kl05cr034syq3fxgu16wsyx6|03|com"; nocase; ) # 1x5xu061stytnzh0pi3fvnrc53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x5xu061stytnzh0pi3fvnrc53|03|net"; nocase; ) # 1obnww51ofd3r9eksp8n1l7juxd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obnww51ofd3r9eksp8n1l7juxd|03|biz"; nocase; ) # kmv37m8y5g89nwfmu21gfq238.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmv37m8y5g89nwfmu21gfq238|03|net"; nocase; ) # 17zo79y1aqyrm3i2k01hytoj8g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zo79y1aqyrm3i2k01hytoj8g|03|com"; nocase; ) # c7lsspyr7d351nye4puoczxxh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c7lsspyr7d351nye4puoczxxh|03|org"; nocase; ) # zpdrst1ja2n0h5kigcrmz7pms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zpdrst1ja2n0h5kigcrmz7pms|03|biz"; nocase; ) # 56zb6zs76gu9l6pw7mth2uc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|56zb6zs76gu9l6pw7mth2uc|03|net"; nocase; ) # 1chdscw17ti1vj1xvbcekexd4mh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1chdscw17ti1vj1xvbcekexd4mh|03|com"; nocase; ) # z1bcur8apzf6639iun4wn628.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z1bcur8apzf6639iun4wn628|03|biz"; nocase; ) # 1lnbm2y4xo0xe1bd3qkviianp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnbm2y4xo0xe1bd3qkviianp0|03|org"; nocase; ) # 1pfaq8v15krppo16e8n3u1i50ygv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pfaq8v15krppo16e8n3u1i50ygv|03|net"; nocase; ) # irklhk1prncxrzp2e51lci4vf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irklhk1prncxrzp2e51lci4vf|03|net"; nocase; ) # 14fbapge37s7t10h1xd0ftim24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14fbapge37s7t10h1xd0ftim24|03|net"; nocase; ) # oyodc2vfztl3mquepk1o3dx2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oyodc2vfztl3mquepk1o3dx2r|03|net"; nocase; ) # ruzn2y13ydhfe1s12kue1ujrpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ruzn2y13ydhfe1s12kue1ujrpq|03|biz"; nocase; ) # e3999tw4azzj1gboy7l1m6p95r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e3999tw4azzj1gboy7l1m6p95r|03|net"; nocase; ) # 1ezhk2k1xs7u61iy4ua71h93b6h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ezhk2k1xs7u61iy4ua71h93b6h|03|biz"; nocase; ) # u7gd41cxs4xg1ic6vrs116ugp5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u7gd41cxs4xg1ic6vrs116ugp5|03|net"; nocase; ) # 1p6elp2p1gyke1r2ubenxwp8q2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p6elp2p1gyke1r2ubenxwp8q2|03|com"; nocase; ) # zh0x58mefrbwycba55146ud9a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zh0x58mefrbwycba55146ud9a|03|biz"; nocase; ) # v786eb1gphdjoqj7cehx4vcib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v786eb1gphdjoqj7cehx4vcib|03|net"; nocase; ) # 1pl4fmv1mwl6iq1fi14iaq60duc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pl4fmv1mwl6iq1fi14iaq60duc|03|com"; nocase; ) # 1qfxxc91mxzhyv16yv3uhbdamdz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qfxxc91mxzhyv16yv3uhbdamdz|03|biz"; nocase; ) # bdxbptpykc8514ouqbg09k95.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bdxbptpykc8514ouqbg09k95|03|biz"; nocase; ) # g07pb9czxp81ay21l81gnejhv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g07pb9czxp81ay21l81gnejhv|03|org"; nocase; ) # rk67bn18zv4mr18r5aq7bekeh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rk67bn18zv4mr18r5aq7bekeh|03|biz"; nocase; ) # 5x77fi7ezfvkimakg5ynn2gl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5x77fi7ezfvkimakg5ynn2gl|03|net"; nocase; ) # 1r0id8h6jwefb7f7ewjzsi19d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r0id8h6jwefb7f7ewjzsi19d|03|net"; nocase; ) # 1kcvthp1t2lu7p10xumh1693jx2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kcvthp1t2lu7p10xumh1693jx2|03|biz"; nocase; ) # u3qbps2k970d3uwemjr8zynl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u3qbps2k970d3uwemjr8zynl|03|com"; nocase; ) # fd6y9ax2s3lg1k88own19mt917.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fd6y9ax2s3lg1k88own19mt917|03|net"; nocase; ) # 1j2ubmv1xdpjrfc6yxdl10uy23z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j2ubmv1xdpjrfc6yxdl10uy23z|03|org"; nocase; ) # 10s9pn51yq40ru12nhleap826is.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10s9pn51yq40ru12nhleap826is|03|net"; nocase; ) # 85n2aoudp1ngjzeybmhqmkhp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|85n2aoudp1ngjzeybmhqmkhp|03|org"; nocase; ) # is78d0oygzdg1v436n4urfbwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|is78d0oygzdg1v436n4urfbwp|03|com"; nocase; ) # 1hyoahv1wgekgh11cp9wb8bkxr2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hyoahv1wgekgh11cp9wb8bkxr2|03|biz"; nocase; ) # 4cqetv1q27jjqqv4g6w1fo6pjl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4cqetv1q27jjqqv4g6w1fo6pjl|03|org"; nocase; ) # j136lpjn60ns2ockcl16glgaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j136lpjn60ns2ockcl16glgaz|03|com"; nocase; ) # 1dmed2v10fffru1xl6cgawq8wu5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dmed2v10fffru1xl6cgawq8wu5|03|org"; nocase; ) # ar6smp5ivpyw1x7neyot58w2i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ar6smp5ivpyw1x7neyot58w2i|03|biz"; nocase; ) # rucht71ebtuwu1c0hxx14ysrd1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rucht71ebtuwu1c0hxx14ysrd1|03|org"; nocase; ) # o05a0vsdibdebepozxloyzxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o05a0vsdibdebepozxloyzxo|03|net"; nocase; ) # 10ww2xu8sxn5ruwekk1d0mpan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10ww2xu8sxn5ruwekk1d0mpan|03|com"; nocase; ) # 7jp2kl1d7suqouf3ylh1sncnm7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7jp2kl1d7suqouf3ylh1sncnm7|03|net"; nocase; ) # 1jqg8j1s1r8iz15tz9nf1l6xcz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jqg8j1s1r8iz15tz9nf1l6xcz|03|net"; nocase; ) # hp42o81dklxmps3ejwf20otog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hp42o81dklxmps3ejwf20otog|03|net"; nocase; ) # 1p96jgc340xq1jk4tyca92pc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p96jgc340xq1jk4tyca92pc6|03|org"; nocase; ) # x7axoegrof39mwur85vgwzt0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x7axoegrof39mwur85vgwzt0|03|com"; nocase; ) # j9fl3lp0n0dm1cy4n5c154xpo6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j9fl3lp0n0dm1cy4n5c154xpo6|03|biz"; nocase; ) # 1lducc418lda3zmpvgfx16tst7d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lducc418lda3zmpvgfx16tst7d|03|com"; nocase; ) # pi8t1phhqyhiertf90224nel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pi8t1phhqyhiertf90224nel|03|net"; nocase; ) # 18ymlbdkggrghmaco6ve5m4wz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18ymlbdkggrghmaco6ve5m4wz|03|com"; nocase; ) # 17xppw5rd7og717fv9bu1dscmk3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17xppw5rd7og717fv9bu1dscmk3|03|com"; nocase; ) # 5rg653s3ebh7158ldt51auftpc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5rg653s3ebh7158ldt51auftpc|03|com"; nocase; ) # 1xvk0sfu2ks2r1r5d0ev1by58fh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvk0sfu2ks2r1r5d0ev1by58fh|03|biz"; nocase; ) # 2df9ekojhb4o1fucfmx1d7loms.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2df9ekojhb4o1fucfmx1d7loms|03|biz"; nocase; ) # 1dy68wi5r0m6z1y9f82za421xb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dy68wi5r0m6z1y9f82za421xb|03|net"; nocase; ) # 4b6y931s2vux6i4y3gi1e9od3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4b6y931s2vux6i4y3gi1e9od3p|03|net"; nocase; ) # vkq6v59gnyrvrus7xc1uxl2uw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vkq6v59gnyrvrus7xc1uxl2uw|03|net"; nocase; ) # 9q9ho31k2ejz2d23r5n137niji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9q9ho31k2ejz2d23r5n137niji|03|net"; nocase; ) # wppp5uq2b1dcz2utu4ibpm1b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wppp5uq2b1dcz2utu4ibpm1b|03|net"; nocase; ) # tx70oi1klxmeb10fsmorsz4k1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tx70oi1klxmeb10fsmorsz4k1|03|org"; nocase; ) # u1nzs616x73cp1s6nnidmiqqk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u1nzs616x73cp1s6nnidmiqqk6|03|net"; nocase; ) # 1gfr6x41sgvqbw1pac0fb1qryuyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gfr6x41sgvqbw1pac0fb1qryuyc|03|com"; nocase; ) # zn715sdcpawe1r1n1erslt580.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn715sdcpawe1r1n1erslt580|03|biz"; nocase; ) # 1uqhg11k2syccc7lhbo1ag7043.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uqhg11k2syccc7lhbo1ag7043|03|net"; nocase; ) # 1hlrvqrngnp19vx3to719x1mmp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hlrvqrngnp19vx3to719x1mmp|03|org"; nocase; ) # 1px4fk1c6d20du9p0cvb9p2uq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1px4fk1c6d20du9p0cvb9p2uq|03|biz"; nocase; ) # 1yu5n9f19kwadc1g5csx11t3p4tf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yu5n9f19kwadc1g5csx11t3p4tf|03|net"; nocase; ) # 18qjik915ag51hhkuatf1iksz6e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18qjik915ag51hhkuatf1iksz6e|03|org"; nocase; ) # vst57r1hkfxunnivr518i0iqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vst57r1hkfxunnivr518i0iqg|03|biz"; nocase; ) # p3fxcg1lizhva9jg53ggs5ck0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p3fxcg1lizhva9jg53ggs5ck0|03|com"; nocase; ) # 146n8gwhbmyak16tlohz77vhzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146n8gwhbmyak16tlohz77vhzk|03|org"; nocase; ) # rf9vrwqaimrg9evuvq3oofhz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rf9vrwqaimrg9evuvq3oofhz|03|biz"; nocase; ) # vqu1xx1cwjlej1cvsls44lwd3i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vqu1xx1cwjlej1cvsls44lwd3i|03|org"; nocase; ) # 1dntzfy1uq10fv1lvyl69188ruyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dntzfy1uq10fv1lvyl69188ruyj|03|com"; nocase; ) # jhjgf21aa87a51syot4jfumyyf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhjgf21aa87a51syot4jfumyyf|03|com"; nocase; ) # 6ownaizotnh31ffpo3hdleh1j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ownaizotnh31ffpo3hdleh1j|03|com"; nocase; ) # 1h1u4oy1g7av74tzzzop1xjzmnf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h1u4oy1g7av74tzzzop1xjzmnf|03|com"; nocase; ) # dxsws5t80r0l1h9mkh1z96bi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dxsws5t80r0l1h9mkh1z96bi7|03|com"; nocase; ) # nmpsu2w2gwff3t64c91ch917n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmpsu2w2gwff3t64c91ch917n|03|org"; nocase; ) # 1p3vwtd13sm24e159818xrxzuw2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p3vwtd13sm24e159818xrxzuw2|03|com"; nocase; ) # 8jhne7f3ohhl30660j1p6c0ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8jhne7f3ohhl30660j1p6c0ec|03|org"; nocase; ) # 1h9bhi01hccfjonzh3ve18cd62.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h9bhi01hccfjonzh3ve18cd62|03|org"; nocase; ) # 1aw23ucs6ep611i791n7stli8t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aw23ucs6ep611i791n7stli8t|03|com"; nocase; ) # gnlk071y5yj9qwp8xni1b86puh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gnlk071y5yj9qwp8xni1b86puh|03|net"; nocase; ) # s7b7av1nd79f9tc34z61hzua9k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s7b7av1nd79f9tc34z61hzua9k|03|com"; nocase; ) # yc9r7i191hstn1d3ow2xm3myp5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yc9r7i191hstn1d3ow2xm3myp5|03|org"; nocase; ) # 1mf2rv1962021rxxfgm542i1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mf2rv1962021rxxfgm542i1y|03|com"; nocase; ) # 1k1wzhe1ckcn7ovi039j1xr2vhf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k1wzhe1ckcn7ovi039j1xr2vhf|03|net"; nocase; ) # 1pixfro1xapubl2xrt5r1hd3dwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pixfro1xapubl2xrt5r1hd3dwk|03|com"; nocase; ) # 1lxfzcm1ez2tor3bdned17nd7el.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxfzcm1ez2tor3bdned17nd7el|03|net"; nocase; ) # wmcy2t1f8jxki1umy5ki1mkl4em.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wmcy2t1f8jxki1umy5ki1mkl4em|03|biz"; nocase; ) # m1sf431jbe9st5ojisw1byamfr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m1sf431jbe9st5ojisw1byamfr|03|net"; nocase; ) # dc54rc1tmeo9ka0h18vyre62j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dc54rc1tmeo9ka0h18vyre62j|03|com"; nocase; ) # 1rh1g6x1ouue72w12ucv1361h6i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rh1g6x1ouue72w12ucv1361h6i|03|biz"; nocase; ) # bpmhv1yzvfq2jpwie1k66rwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bpmhv1yzvfq2jpwie1k66rwh|03|org"; nocase; ) # 1ylmw3mx8niz41m99e891hq82e6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ylmw3mx8niz41m99e891hq82e6|03|net"; nocase; ) # 1j56mqh127s2ei1dw0jn311v05oo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j56mqh127s2ei1dw0jn311v05oo|03|org"; nocase; ) # zp20pe165fibo2iizgc1qr35qz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zp20pe165fibo2iizgc1qr35qz|03|org"; nocase; ) # 180njro4d0eyo1q6tv9y1guldox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|180njro4d0eyo1q6tv9y1guldox|03|biz"; nocase; ) # 15ukjkr18fax675r1v1867wdaz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ukjkr18fax675r1v1867wdaz|03|org"; nocase; ) # 1qv8sln1kh19cd157jfglx32369.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv8sln1kh19cd157jfglx32369|03|org"; nocase; ) # 1wacmthaz0hp0kh2yxb1a0zptj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wacmthaz0hp0kh2yxb1a0zptj|03|com"; nocase; ) # 9bqfta17t7r0d1ee9zjzq268i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9bqfta17t7r0d1ee9zjzq268i2|03|net"; nocase; ) # 1eeomau1n8aj50xxiq13p50ago.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eeomau1n8aj50xxiq13p50ago|03|com"; nocase; ) # 1pjidu312gcnwt1qye20512pp30o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pjidu312gcnwt1qye20512pp30o|03|com"; nocase; ) # 9it1xd1th9org18268gw12i3uws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9it1xd1th9org18268gw12i3uws|03|com"; nocase; ) # w373amaqbnus5rm3q4pc48tb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w373amaqbnus5rm3q4pc48tb|03|net"; nocase; ) # 57wfal1t5ufkq17zw8iq3u8ygg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|57wfal1t5ufkq17zw8iq3u8ygg|03|biz"; nocase; ) # dn63821lkmnl11u6w6xh8s8qry.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dn63821lkmnl11u6w6xh8s8qry|03|biz"; nocase; ) # hpli5g1f4w691eh6loe1tqxv54.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hpli5g1f4w691eh6loe1tqxv54|03|com"; nocase; ) # 2d4dzq1e4o0w21h4q85zxsgm34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2d4dzq1e4o0w21h4q85zxsgm34|03|org"; nocase; ) # 1rebjjh1k7aodqwk6ewaksl75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rebjjh1k7aodqwk6ewaksl75|03|net"; nocase; ) # ws1llv9aflz2ockybran5t5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ws1llv9aflz2ockybran5t5q|03|net"; nocase; ) # pfyyoq4vncdy1eqn3t5l6lqw6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pfyyoq4vncdy1eqn3t5l6lqw6|03|com"; nocase; ) # tmjigcoazxym7mcg4hxwpum2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tmjigcoazxym7mcg4hxwpum2|03|biz"; nocase; ) # i42x95iabfufyqvrsb1uabpcj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i42x95iabfufyqvrsb1uabpcj|03|net"; nocase; ) # 14c3uh712f4xvu13g6dvdh6i9k8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14c3uh712f4xvu13g6dvdh6i9k8|03|org"; nocase; ) # cnn1y41wtryqvq1b2n2dl811c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cnn1y41wtryqvq1b2n2dl811c|03|net"; nocase; ) # j2xlbc1qif4qwq3msnb1oj3a0f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j2xlbc1qif4qwq3msnb1oj3a0f|03|org"; nocase; ) # 96dqh310fob0say9hlw1sdhiun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|96dqh310fob0say9hlw1sdhiun|03|net"; nocase; ) # 1nxiiq7ks8m0ndwj4t21dc250l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nxiiq7ks8m0ndwj4t21dc250l|03|com"; nocase; ) # ddnljyeobvreecyi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037463; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ddnljyeobvreecyi|02|eu"; nocase; ) # qnqkvqlljyvksayi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037464; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qnqkvqlljyvksayi|02|eu"; nocase; ) # qcpcsflurolcrlbi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037465; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qcpcsflurolcrlbi|02|eu"; nocase; ) # qfalyukavhqxoufh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037466; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qfalyukavhqxoufh|02|eu"; nocase; ) # kygijvoasyvibggo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037467; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kygijvoasyvibggo|02|eu"; nocase; ) # ekjgwnrooyvgjyah.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037468; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ekjgwnrooyvgjyah|02|eu"; nocase; ) # egbtrpepudanbdkt.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037469; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|egbtrpepudanbdkt|02|eu"; nocase; ) # entcdqehsrbptirg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037470; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|entcdqehsrbptirg|02|eu"; nocase; ) # ecstmrqdbuqtftts.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037471; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ecstmrqdbuqtftts|02|eu"; nocase; ) # xwkitthmgcyvddwm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037472; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xwkitthmgcyvddwm|02|eu"; nocase; ) # xljaqihvorbncoyy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037473; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xljaqihvorbncoyy|02|eu"; nocase; ) # rtookkxrtyvcaxos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037474; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rtookkxrtyvcaxos|02|eu"; nocase; ) # rbukvxkjrnkrsdjs.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037475; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rbukvxkjrnkrsdjs|02|eu"; nocase; ) # ljamdnoswuftqmyy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037476; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ljamdnoswuftqmyy|02|eu"; nocase; ) # lxlqmobcsxuxcxby.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037477; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lxlqmobcsxuxcxby|02|eu"; nocase; ) # yetdhvumtfdlvall.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037478; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yetdhvumtfdlvall|02|eu"; nocase; ) # ylmyfjuertenossx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037479; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ylmyfjuertenossx|02|eu"; nocase; ) # yhemnlhfxxutsjpk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037480; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yhemnlhfxxutsjpk|02|eu"; nocase; ) # yvpqwmtbgbxlrurw.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037481; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yvpqwmtbgbxlrurw|02|eu"; nocase; ) # slboppkcjwtpiwcq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037482; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|slboppkcjwtpiwcq|02|eu"; nocase; ) # sstwndkttxurbpwd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037483; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|sstwndkttxurbpwd|02|eu"; nocase; ) # bbb5c59b063a880c1e81369efbe7fab588.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bbb5c59b063a880c1e81369efbe7fab588|02|ws"; nocase; ) # kf74813751000e4c27b95147eee7abaded.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf74813751000e4c27b95147eee7abaded|02|to"; nocase; ) # n6e55aedc2e8c31bad62a68c1319238d6a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n6e55aedc2e8c31bad62a68c1319238d6a|02|cn"; nocase; ) # o9d290b658cddfd966da81280ff3770245.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9d290b658cddfd966da81280ff3770245|02|tk"; nocase; ) # y8a92dd602a4a151df2aad988b83165194.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8a92dd602a4a151df2aad988b83165194|02|cc"; nocase; ) # a5292f1f01d651439fb8c4021bc83a4141.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a5292f1f01d651439fb8c4021bc83a4141|02|to"; nocase; ) # d5a90b5cebdcf4d156c875d77c68b5414f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d5a90b5cebdcf4d156c875d77c68b5414f|02|cn"; nocase; ) # ja9dfc708eb73d3b4de1ee34c2da28f61d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ja9dfc708eb73d3b4de1ee34c2da28f61d|02|in"; nocase; ) # zce673afc1209ca362a43817a3822be6f7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zce673afc1209ca362a43817a3822be6f7|02|in"; nocase; ) # c499bf90a1fbd9b2e558e1151d53121a8a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c499bf90a1fbd9b2e558e1151d53121a8a|02|tk"; nocase; ) # d67b1d6388c24476ed720a7527fe01527d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d67b1d6388c24476ed720a7527fe01527d|02|so"; nocase; ) # ecbfff99e8b4095efee30d533c41d414a2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ecbfff99e8b4095efee30d533c41d414a2|02|cc"; nocase; ) # fdb10d88bcb46dfb373e90f551310069fe.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fdb10d88bcb46dfb373e90f551310069fe|02|ws"; nocase; ) # of950f1e0ffd1dec7e99f410b543027496.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|of950f1e0ffd1dec7e99f410b543027496|02|to"; nocase; ) # pd7bccedb77a6ea8fe5740263b43f4b51c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd7bccedb77a6ea8fe5740263b43f4b51c|02|in"; nocase; ) # a40efad5d279733a5504e27af31de4eeaf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a40efad5d279733a5504e27af31de4eeaf|02|tk"; nocase; ) # h547447f7e8f8745c27fd128d126bcc6a0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h547447f7e8f8745c27fd128d126bcc6a0|02|cn"; nocase; ) # i89ce67321addbc700a2eab684b99e2188.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i89ce67321addbc700a2eab684b99e2188|02|tk"; nocase; ) # jd900ea007989e370631e208d6f065de45.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd900ea007989e370631e208d6f065de45|02|so"; nocase; ) # afb642c26f14b3484224a0a3508a2096c1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|afb642c26f14b3484224a0a3508a2096c1|02|cc"; nocase; ) # b267a7528e09c23cd3a8832db32535efb8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b267a7528e09c23cd3a8832db32535efb8|02|ws"; nocase; ) # cb8bb838dca237657e119097bcddba33bf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb8bb838dca237657e119097bcddba33bf|02|to"; nocase; ) # h3cc2cbcb7bbce7997eef9c2a0322f2640.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3cc2cbcb7bbce7997eef9c2a0322f2640|02|so"; nocase; ) # pd860f8f2e261e0c1b1ced3f48d0ef4917.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pd860f8f2e261e0c1b1ced3f48d0ef4917|02|so"; nocase; ) # ra262e65def299b2cb83b855841a87adca.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra262e65def299b2cb83b855841a87adca|02|ws"; nocase; ) # y3f8284e84f6e7f919187c3a1f05adcc24.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3f8284e84f6e7f919187c3a1f05adcc24|02|cc"; nocase; ) # q9e4f5a5b8dd1605238b20406fe872c64c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9e4f5a5b8dd1605238b20406fe872c64c|02|to"; nocase; ) # y604c9babab97a30ee38c24606712d9602.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y604c9babab97a30ee38c24606712d9602|02|to"; nocase; ) # o7933360756d0a752f9c19507ccef3900e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o7933360756d0a752f9c19507ccef3900e|02|to"; nocase; ) # p33a27327f15891a53d64e0799a4119c65.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p33a27327f15891a53d64e0799a4119c65|02|in"; nocase; ) # wae64a48875ed4152633bc00c855141b2e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wae64a48875ed4152633bc00c855141b2e|02|to"; nocase; ) # x7b565c4f487ee00078c07555fc145803e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7b565c4f487ee00078c07555fc145803e|02|in"; nocase; ) # c8d1d28ecc382e6f56195a2169b625933b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c8d1d28ecc382e6f56195a2169b625933b|02|cc"; nocase; ) # e0254c93d4f133810c9d6a0b685de52bed.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e0254c93d4f133810c9d6a0b685de52bed|02|to"; nocase; ) # l10c45dd58b821a4fc8a554426c2b368da.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l10c45dd58b821a4fc8a554426c2b368da|02|ws"; nocase; ) # n2f6df351cddd6047b8a3f4772682bfa2a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n2f6df351cddd6047b8a3f4772682bfa2a|02|in"; nocase; ) # vad6c3e0dffebe371212db994bea4631df.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vad6c3e0dffebe371212db994bea4631df|02|in"; nocase; ) # zdcfd32189c0d31a94a0b548314697dd14.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zdcfd32189c0d31a94a0b548314697dd14|02|so"; nocase; ) # c3bf543890aa0a616c8f82c2aff3a1ec67.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3bf543890aa0a616c8f82c2aff3a1ec67|02|to"; nocase; ) # g1dba4c271558cd253ca93926f067825b9.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g1dba4c271558cd253ca93926f067825b9|02|tk"; nocase; ) # m66da63adbe963f2478e2f59506a7a1388.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m66da63adbe963f2478e2f59506a7a1388|02|hk"; nocase; ) # s73faeb348dcf19bfb3e5a516bf0239399.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s73faeb348dcf19bfb3e5a516bf0239399|02|to"; nocase; ) # t114a1bb5fb297874ecee482b931b1943c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t114a1bb5fb297874ecee482b931b1943c|02|in"; nocase; ) # w9f5b54b4ee14e193ba9cbc0eff2f2116b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w9f5b54b4ee14e193ba9cbc0eff2f2116b|02|tk"; nocase; ) # ad94951dcb1cf5f436c9882fa25fbae39b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad94951dcb1cf5f436c9882fa25fbae39b|02|to"; nocase; ) # f0e1f42ac7cc660c0d9af801ddb5b06413.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0e1f42ac7cc660c0d9af801ddb5b06413|02|so"; nocase; ) # m98bf195ca6e73bcc62efb2954ed75a6f3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m98bf195ca6e73bcc62efb2954ed75a6f3|02|tk"; nocase; ) # sdc0ecf289043da216a871582374c7297d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sdc0ecf289043da216a871582374c7297d|02|hk"; nocase; ) # w3fa356afd4687fa8acf43a4ace21acd91.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w3fa356afd4687fa8acf43a4ace21acd91|02|cc"; nocase; ) # xa5608f1ee54bcf9009c5cb7b4373806a4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xa5608f1ee54bcf9009c5cb7b4373806a4|02|ws"; nocase; ) # f5d8a5c937a3552768b975d258801086e3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5d8a5c937a3552768b975d258801086e3|02|ws"; nocase; ) # gbdc45e39251c7e96c5464cb919f6df27d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gbdc45e39251c7e96c5464cb919f6df27d|02|to"; nocase; ) # pbfb7384a07546d44f99064e7ec3b99f01.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbfb7384a07546d44f99064e7ec3b99f01|02|in"; nocase; ) # m8f8a13b39ae0e82501ac21fcceef88660.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8f8a13b39ae0e82501ac21fcceef88660|02|to"; nocase; ) # uf4ef6d030eb00c007adbc01478dd638f1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uf4ef6d030eb00c007adbc01478dd638f1|02|to"; nocase; ) # xd899045100823f1850388bf0cb7131041.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd899045100823f1850388bf0cb7131041|02|cn"; nocase; ) # b8e70b03dcec9a837f1b8a03c1e42c1e98.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b8e70b03dcec9a837f1b8a03c1e42c1e98|02|ws"; nocase; ) # idbcde53ed9597fbfc3c841427973cd44c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|idbcde53ed9597fbfc3c841427973cd44c|02|cc"; nocase; ) # k983e7c25c07d7f93f08ae535ca372c64f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k983e7c25c07d7f93f08ae535ca372c64f|02|to"; nocase; ) # s1efa0491379af93d6312205e9d0b76eb3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s1efa0491379af93d6312205e9d0b76eb3|02|to"; nocase; ) # v6a07bc79c0f5eedafdedcc6a3cdda8211.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v6a07bc79c0f5eedafdedcc6a3cdda8211|02|cn"; nocase; ) # yce2b6001eed0cc29ee7d50fd3cf602568.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yce2b6001eed0cc29ee7d50fd3cf602568|02|cc"; nocase; ) # zcc0d0216fca17f09f592ef27b1ca0b40e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zcc0d0216fca17f09f592ef27b1ca0b40e|02|ws"; nocase; ) # abef2a195c56bbdd43389c5ba43a074e4d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|abef2a195c56bbdd43389c5ba43a074e4d|02|to"; nocase; ) # ca29298e23a2e72b63a16a71a491192856.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca29298e23a2e72b63a16a71a491192856|02|hk"; nocase; ) # l6751d0495a5a509161047bdbe150fcca5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l6751d0495a5a509161047bdbe150fcca5|02|cn"; nocase; ) # mc588a6dbc18cfa88976db8fe273879f64.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc588a6dbc18cfa88976db8fe273879f64|02|tk"; nocase; ) # n1b65b09e83ab2fdd29b6a71dfec300309.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1b65b09e83ab2fdd29b6a71dfec300309|02|so"; nocase; ) # pf55a6a41231e966ebac1eea6ad08c9d86.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf55a6a41231e966ebac1eea6ad08c9d86|02|ws"; nocase; ) # t88cdc7c782ea97911d1c5ad5796cd27dc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t88cdc7c782ea97911d1c5ad5796cd27dc|02|cn"; nocase; ) # db129a01cccebda86d238380eef0ea5fbf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|db129a01cccebda86d238380eef0ea5fbf|02|so"; nocase; ) # lff4bd408b97119c4dc0e38f026bfb1524.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lff4bd408b97119c4dc0e38f026bfb1524|02|so"; nocase; ) # r82f687db991e932df22ead8bf39c03a06.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r82f687db991e932df22ead8bf39c03a06|02|cn"; nocase; ) # f5bbce3a2fef18fb90cbebcf8f591031b5.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f5bbce3a2fef18fb90cbebcf8f591031b5|02|in"; nocase; ) # k3ba92ce426e91386fb3519ed54adb0e82.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k3ba92ce426e91386fb3519ed54adb0e82|02|cc"; nocase; ) # u8dceadb05aabef5defb7c1687415d3df1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8dceadb05aabef5defb7c1687415d3df1|02|to"; nocase; ) # v80dd1dfc5e963802d07e403b66fa4856d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v80dd1dfc5e963802d07e403b66fa4856d|02|in"; nocase; ) # a0930258b4679d8756e91fd68d87f23d80.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a0930258b4679d8756e91fd68d87f23d80|02|cc"; nocase; ) # g2d55482464923cbf452f6b4d6e413d4aa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g2d55482464923cbf452f6b4d6e413d4aa|02|tk"; nocase; ) # j1bfc5b34ba07108a55dda8463ef8504f0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j1bfc5b34ba07108a55dda8463ef8504f0|02|ws"; nocase; ) # r5c6adaf19cfe3ecf94d35a015890c4f21.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r5c6adaf19cfe3ecf94d35a015890c4f21|02|ws"; nocase; ) # se53abbb441ef41e8d4160a97f54bf6e68.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|se53abbb441ef41e8d4160a97f54bf6e68|02|to"; nocase; ) # tc811d7ad0cf6ca68a48224d6f3dc303ae.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc811d7ad0cf6ca68a48224d6f3dc303ae|02|in"; nocase; ) # c3bb1f702d79be41cfcd3d354383ee7b6d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3bb1f702d79be41cfcd3d354383ee7b6d|02|hk"; nocase; ) # k7f5c550ba3a3127cfabebd302a07ab010.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k7f5c550ba3a3127cfabebd302a07ab010|02|hk"; nocase; ) # r8bd2c233f80ec26122b0de6673d59d69f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r8bd2c233f80ec26122b0de6673d59d69f|02|in"; nocase; ) # vd4c932bc12847615585eeb188caed9f72.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vd4c932bc12847615585eeb188caed9f72|02|so"; nocase; ) # y28184db2fd1c93c17392203c291d70652.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y28184db2fd1c93c17392203c291d70652|02|to"; nocase; ) # gc6ab390dbd291437a082b951901ee5057.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc6ab390dbd291437a082b951901ee5057|02|to"; nocase; ) # ib01198705ea53580ae0e6cf7274ae4a71.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib01198705ea53580ae0e6cf7274ae4a71|02|hk"; nocase; ) # t00307ac2ffd5e8abd1a0da3b4c63127a6.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t00307ac2ffd5e8abd1a0da3b4c63127a6|02|so"; nocase; ) # u5d9b808ae3328f33c8c25f5605540da90.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u5d9b808ae3328f33c8c25f5605540da90|02|cc"; nocase; ) # g26ff8a3de252b8eb0bf7b3214614d6720.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g26ff8a3de252b8eb0bf7b3214614d6720|02|hk"; nocase; ) # he6d9adbb06cfa23f3d933d87df9731edb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|he6d9adbb06cfa23f3d933d87df9731edb|02|cn"; nocase; ) # kdbc84696e353bb4b80a08aa0fb6a0af7b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kdbc84696e353bb4b80a08aa0fb6a0af7b|02|cc"; nocase; ) # m535258f912b139146e6c1db9826202ffc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m535258f912b139146e6c1db9826202ffc|02|to"; nocase; ) # o6ec15cb202c6c8dc255515d393cc28d49.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o6ec15cb202c6c8dc255515d393cc28d49|02|hk"; nocase; ) # t09f81ce49d094fc9f3d65b3dcb9de2835.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t09f81ce49d094fc9f3d65b3dcb9de2835|02|ws"; nocase; ) # z07d4e5ac381e7eb87710d9cad329f9481.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z07d4e5ac381e7eb87710d9cad329f9481|02|so"; nocase; ) # ib1aa61b8cf7dfe2f1c3893ab57d6b0a82.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037583; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib1aa61b8cf7dfe2f1c3893ab57d6b0a82|02|cc"; nocase; ) # ndc30c0cf9ccaecbae2f785016f7937ca0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037584; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ndc30c0cf9ccaecbae2f785016f7937ca0|02|cn"; nocase; ) # j24a75fb4707e63c0f706f1b10c87d9fcc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037585; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j24a75fb4707e63c0f706f1b10c87d9fcc|02|in"; nocase; ) # q161e96104d861f3959edaf9fa1940558e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037586; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q161e96104d861f3959edaf9fa1940558e|02|to"; nocase; ) # r4f84b305859fdaeb3f80c1b54f9754266.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037587; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4f84b305859fdaeb3f80c1b54f9754266|02|in"; nocase; ) # y90ef94379a16277bd99199aa016954bbf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037588; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y90ef94379a16277bd99199aa016954bbf|02|to"; nocase; ) # i7c21015b51afebe5bbc6cd1485ddbf74a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037589; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i7c21015b51afebe5bbc6cd1485ddbf74a|02|hk"; nocase; ) # ldd49c277370abafe6a73a1ee8e69f5cf8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037590; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ldd49c277370abafe6a73a1ee8e69f5cf8|02|so"; nocase; ) # r3c62c3e5a230a61958e00a24b018859fc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037591; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r3c62c3e5a230a61958e00a24b018859fc|02|cn"; nocase; ) # u4ccd3fa24abf524fb839cc88dfa8315f8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037592; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u4ccd3fa24abf524fb839cc88dfa8315f8|02|cc"; nocase; ) # x1c56b1026a8d30bb4be7682b32bedd1e0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037593; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1c56b1026a8d30bb4be7682b32bedd1e0|02|in"; nocase; ) # i61ab1938425ac2598e484952acc48205d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037594; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i61ab1938425ac2598e484952acc48205d|02|tk"; nocase; ) # l2723d8b697abd39bda29f00cd3bab52eb.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037595; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l2723d8b697abd39bda29f00cd3bab52eb|02|ws"; nocase; ) # p7a479053b9a735733f507b2e08b6b5d60.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037596; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7a479053b9a735733f507b2e08b6b5d60|02|cn"; nocase; ) # x5ede7d6adc463a08107d25093e11e4e73.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037597; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x5ede7d6adc463a08107d25093e11e4e73|02|cn"; nocase; ) # aea0eae7bc6b980712e04a9410abe7a221.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037598; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aea0eae7bc6b980712e04a9410abe7a221|02|cc"; nocase; ) # f45c6ef17515fa1d72f1373832927199d9.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037599; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f45c6ef17515fa1d72f1373832927199d9|02|cn"; nocase; ) # jfd82b048a47d9bd8bd8d23b242b413652.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037600; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jfd82b048a47d9bd8bd8d23b242b413652|02|ws"; nocase; ) # la644fd544939672eb9a5dd14e738d19a3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037601; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la644fd544939672eb9a5dd14e738d19a3|02|in"; nocase; ) # m94aa65ba9464ab4d8f769882c05679117.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037602; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m94aa65ba9464ab4d8f769882c05679117|02|hk"; nocase; ) # v28d7b5f5cc870ad91935add85fb3d7210.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037603; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v28d7b5f5cc870ad91935add85fb3d7210|02|cn"; nocase; ) # y3541e9128db9a1f6732f8586ef1ffa81d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037604; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3541e9128db9a1f6732f8586ef1ffa81d|02|cc"; nocase; ) # z15c2e1bce17761a1b8e3d388859d08de8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037605; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z15c2e1bce17761a1b8e3d388859d08de8|02|ws"; nocase; ) # k5e368f17628aa4554cda184ceb44ddbbb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037606; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k5e368f17628aa4554cda184ceb44ddbbb|02|hk"; nocase; ) # w176ee45842abbc4518520ed05514b7b2b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037607; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w176ee45842abbc4518520ed05514b7b2b|02|cc"; nocase; ) # f504afea361c9271dba4772bd1d7e67f02.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037608; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f504afea361c9271dba4772bd1d7e67f02|02|ws"; nocase; ) # rb4054e92fc89b1b344ecc0961604b5695.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037609; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb4054e92fc89b1b344ecc0961604b5695|02|cn"; nocase; ) # tedb6021d7617e200b737caafdf96c19fe.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037610; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tedb6021d7617e200b737caafdf96c19fe|02|so"; nocase; ) # uce22b3e7a97085f63ceae22debfad7cbf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037611; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uce22b3e7a97085f63ceae22debfad7cbf|02|cc"; nocase; ) # z1c170eddec9d33c49aea573bc024c8c17.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037612; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z1c170eddec9d33c49aea573bc024c8c17|02|cn"; nocase; ) # g83412e88f961ccfbf8806364e51fd9f6e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037613; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g83412e88f961ccfbf8806364e51fd9f6e|02|hk"; nocase; ) # i46cb9ef14936bcafc94e9f66c84d0f98c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037614; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i46cb9ef14936bcafc94e9f66c84d0f98c|02|tk"; nocase; ) # l0a8c8f0526b1167dd03aa2046d8ab7a9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037615; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l0a8c8f0526b1167dd03aa2046d8ab7a9e|02|ws"; nocase; ) # q698c36b2e88fd84d04e4c6148a2ed02fb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037616; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q698c36b2e88fd84d04e4c6148a2ed02fb|02|tk"; nocase; ) # ce732b0e8f2b7ffe0a2043a5286e9f618d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037617; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ce732b0e8f2b7ffe0a2043a5286e9f618d|02|to"; nocase; ) # h569e1b9beabcd836905940cdf89b202a2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037618; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h569e1b9beabcd836905940cdf89b202a2|02|so"; nocase; ) # i411ce85c7f7d3608d360caa07b6c61270.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037619; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i411ce85c7f7d3608d360caa07b6c61270|02|cc"; nocase; ) # m35edbce7ccbd894d144eccaf9a03dfdb3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037620; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m35edbce7ccbd894d144eccaf9a03dfdb3|02|hk"; nocase; ) # p5a47635011d7830dcee6855aeddaabc80.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037621; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5a47635011d7830dcee6855aeddaabc80|02|so"; nocase; ) # c2d8037529249c3f068f388288d3b74070.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037622; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c2d8037529249c3f068f388288d3b74070|02|hk"; nocase; ) # md197e43800c48375b38e889819e4b3179.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037623; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|md197e43800c48375b38e889819e4b3179|02|tk"; nocase; ) # p38ed5dd81e8620f63d900b52804f17352.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037624; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p38ed5dd81e8620f63d900b52804f17352|02|ws"; nocase; ) # q615101202533d956f9f590bcaf1f5b75d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037625; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q615101202533d956f9f590bcaf1f5b75d|02|to"; nocase; ) # tf63a4a8fa457b26f16434fbee2472703c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037626; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf63a4a8fa457b26f16434fbee2472703c|02|cn"; nocase; ) # c02a2bd7da5372a87b550cb687e116010b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037627; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c02a2bd7da5372a87b550cb687e116010b|02|tk"; nocase; ) # dbe71bdc3d989c6c7cb1fa5be5d1f51ff8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037628; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dbe71bdc3d989c6c7cb1fa5be5d1f51ff8|02|so"; nocase; ) # f2af070e4fea11ad35defd3b0f358c333a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037629; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2af070e4fea11ad35defd3b0f358c333a|02|ws"; nocase; ) # gedba5b51b716e7b491de21f9c33aea0e8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037630; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gedba5b51b716e7b491de21f9c33aea0e8|02|to"; nocase; ) # h6b47a18be89bbbe52319f71858070ede1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037631; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h6b47a18be89bbbe52319f71858070ede1|02|in"; nocase; ) # j0cce3772c78ed7d4e3a9551a2b70ab2a3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037632; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0cce3772c78ed7d4e3a9551a2b70ab2a3|02|cn"; nocase; ) # oc7008f8fa4489168519d795ef564b892c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037633; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc7008f8fa4489168519d795ef564b892c|02|to"; nocase; ) # s56cf0d31025807be7e66e8507c4a8fdfd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037634; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s56cf0d31025807be7e66e8507c4a8fdfd|02|tk"; nocase; ) # w13dc88fbc9cd4a8a9e5b8d82063367718.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037635; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w13dc88fbc9cd4a8a9e5b8d82063367718|02|to"; nocase; ) # ae8594d6091b5b8bfcd9c3fe59ee9c1ebd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037636; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ae8594d6091b5b8bfcd9c3fe59ee9c1ebd|02|tk"; nocase; ) # p892b5d9fb1b484b8ceeee7ac6afbb8421.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037637; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p892b5d9fb1b484b8ceeee7ac6afbb8421|02|cn"; nocase; ) # wd53fbed97198424c0805e88d2f429c208.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037638; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wd53fbed97198424c0805e88d2f429c208|02|hk"; nocase; ) # y20fdbbe6b5f6bf4eda51b26d9b7ef891b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037639; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y20fdbbe6b5f6bf4eda51b26d9b7ef891b|02|tk"; nocase; ) # j454454e530d04ff444d16678247f572a6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037640; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j454454e530d04ff444d16678247f572a6|02|ws"; nocase; ) # k1cf37bc3e8d2accaf0100046d8230afbb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037641; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k1cf37bc3e8d2accaf0100046d8230afbb|02|to"; nocase; ) # me84b4526f8e9b03d9c3263f5e023daf73.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037642; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me84b4526f8e9b03d9c3263f5e023daf73|02|hk"; nocase; ) # o8caa35289090c3a1c19d29fbeaf0d70df.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037643; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8caa35289090c3a1c19d29fbeaf0d70df|02|tk"; nocase; ) # qa572e6dc7bf76bd4af33cbe2aff6ea475.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037644; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qa572e6dc7bf76bd4af33cbe2aff6ea475|02|cc"; nocase; ) # u936ce9602dc0ec88f17861767f616df5a.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037645; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u936ce9602dc0ec88f17861767f616df5a|02|hk"; nocase; ) # w92185d06637dbbbb8bbeee66d0f3d889f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037646; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w92185d06637dbbbb8bbeee66d0f3d889f|02|tk"; nocase; ) # y8c564537f9b71bb34e494aee89a402bb1.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037647; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8c564537f9b71bb34e494aee89a402bb1|02|cc"; nocase; ) # f874b6f1657cca03da689da7d774eba337.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037648; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f874b6f1657cca03da689da7d774eba337|02|so"; nocase; ) # h8ce3f85e5de653952096d95278f5bac4b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037649; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h8ce3f85e5de653952096d95278f5bac4b|02|ws"; nocase; ) # lc7de6b1fb11a8e067965719b1ea4fe90e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037650; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc7de6b1fb11a8e067965719b1ea4fe90e|02|cn"; nocase; ) # qa6bee8fa65d8083f0a0e4888f4e1843f9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037651; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qa6bee8fa65d8083f0a0e4888f4e1843f9|02|to"; nocase; ) # s945671e6ca046a889e27c9c890ed8afc6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037652; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s945671e6ca046a889e27c9c890ed8afc6|02|hk"; nocase; ) # tde5eec1dac67ab2dd4ba6f053fe144abf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037653; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tde5eec1dac67ab2dd4ba6f053fe144abf|02|cn"; nocase; ) # w1f099bb011506cd78b27552819c21c3d4.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037654; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1f099bb011506cd78b27552819c21c3d4|02|cc"; nocase; ) # j4ba8e6908fbcb1f4c0de245eaf7e3e8f3.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037655; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4ba8e6908fbcb1f4c0de245eaf7e3e8f3|02|cn"; nocase; ) # c3700e57f3865d7c6dbcae9cae9d2adf9b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037656; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c3700e57f3865d7c6dbcae9cae9d2adf9b|02|cc"; nocase; ) # j859570012c635173e45b7c59f8b1d1c47.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037657; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j859570012c635173e45b7c59f8b1d1c47|02|so"; nocase; ) # k4a9490fe1f60d1de9c71b6f61f19e440b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037658; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k4a9490fe1f60d1de9c71b6f61f19e440b|02|cc"; nocase; ) # v02c4ee95f3a1e30a27529dd3511a5e0ff.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037659; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v02c4ee95f3a1e30a27529dd3511a5e0ff|02|in"; nocase; ) # l72e66c7b3151976373740975d0808064f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037660; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l72e66c7b3151976373740975d0808064f|02|in"; nocase; ) # m3a91ce7ec3e85bb10676fc07ded855931.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037661; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m3a91ce7ec3e85bb10676fc07ded855931|02|hk"; nocase; ) # qa3f18f46bcf44d21ecec57adcd8e76f9e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037662; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qa3f18f46bcf44d21ecec57adcd8e76f9e|02|cc"; nocase; ) # s083b5a56fd6268762f66b66380a704cf3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037663; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s083b5a56fd6268762f66b66380a704cf3|02|to"; nocase; ) # y71a18cf3df9dff04242d44dfb3900c279.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037664; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y71a18cf3df9dff04242d44dfb3900c279|02|cc"; nocase; ) # hc46b4277bdb217e6934556d87bacaa15f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037665; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc46b4277bdb217e6934556d87bacaa15f|02|ws"; nocase; ) # jfa5d8e99ddd312bc76ebbfe3a804835d7.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037666; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jfa5d8e99ddd312bc76ebbfe3a804835d7|02|in"; nocase; ) # o20ba11e03132d57650a108096713b0445.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037667; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o20ba11e03132d57650a108096713b0445|02|cc"; nocase; ) # p5f4511ba51aeb6f0fc1ab14a3eb03b985.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037668; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5f4511ba51aeb6f0fc1ab14a3eb03b985|02|ws"; nocase; ) # qe0adc9fb5da558af2dae7e7de8ce90bcb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037669; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe0adc9fb5da558af2dae7e7de8ce90bcb|02|to"; nocase; ) # ude75586854fbf9527bb5523c5a8423b28.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037670; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ude75586854fbf9527bb5523c5a8423b28|02|tk"; nocase; ) # zdbf76af14cc0898c968b039d06550710b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037671; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zdbf76af14cc0898c968b039d06550710b|02|in"; nocase; ) # f8c99c8041a447ddf6fa091b007c2c5568.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037672; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8c99c8041a447ddf6fa091b007c2c5568|02|ws"; nocase; ) # i34ffe1831bd9db3d0402393dcbfca91b6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037673; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i34ffe1831bd9db3d0402393dcbfca91b6|02|hk"; nocase; ) # j633140a98e67ba34bb01bacb7853db8d0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037674; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j633140a98e67ba34bb01bacb7853db8d0|02|cn"; nocase; ) # a8aaf731a29362b1c228ff2b235f781e67.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037675; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8aaf731a29362b1c228ff2b235f781e67|02|cc"; nocase; ) # j5317addb489862dd1d44a2616ad6e7ee2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037676; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j5317addb489862dd1d44a2616ad6e7ee2|02|ws"; nocase; ) # peeb341f9a3c2f071a59f58a5b43073398.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037677; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|peeb341f9a3c2f071a59f58a5b43073398|02|so"; nocase; ) # q324596973b48405145417295dd594eff8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037678; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q324596973b48405145417295dd594eff8|02|cc"; nocase; ) # pf0b4130d1f0525930c681f5741256720b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037679; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf0b4130d1f0525930c681f5741256720b|02|ws"; nocase; ) # sdfd0864fb59139bec7bd210b1ea3d3a7b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037680; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sdfd0864fb59139bec7bd210b1ea3d3a7b|02|hk"; nocase; ) # w7e839a5a6f8aeb69b3fd7824542887b17.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037681; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w7e839a5a6f8aeb69b3fd7824542887b17|02|cc"; nocase; ) # b3b97fdcf558d93c9d6070ca5aeebcb2cb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037682; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b3b97fdcf558d93c9d6070ca5aeebcb2cb|02|cn"; nocase; ) # eed14cd4ffe731bc0ff14c84281b1dd90a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037683; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eed14cd4ffe731bc0ff14c84281b1dd90a|02|cc"; nocase; ) # qa2739cc591f7fd530ac86fe93ddcc36b6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037684; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qa2739cc591f7fd530ac86fe93ddcc36b6|02|hk"; nocase; ) # teac0c2827f5973986abe358f00be4e27d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037685; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|teac0c2827f5973986abe358f00be4e27d|02|so"; nocase; ) # x4066df80073859382aced0f7bd18722e3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037686; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4066df80073859382aced0f7bd18722e3|02|in"; nocase; ) # re99e0fd79316ac54fcd5162c9bc35b981.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037687; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|re99e0fd79316ac54fcd5162c9bc35b981|02|so"; nocase; ) # t11681a599723eb5ce8e88020a9a2e4a65.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037688; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t11681a599723eb5ce8e88020a9a2e4a65|02|ws"; nocase; ) # w9852460693b3be628f1289908c64a3922.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037689; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w9852460693b3be628f1289908c64a3922|02|hk"; nocase; ) # p04e11b26a37c287f9fae04505785aeb34.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037690; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p04e11b26a37c287f9fae04505785aeb34|02|so"; nocase; ) # y3a62b97263a5fa7c52a8435b280164760.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037691; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3a62b97263a5fa7c52a8435b280164760|02|cc"; nocase; ) # dfc518ae7c6fd6bb64180b2526d4ae2296.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037692; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dfc518ae7c6fd6bb64180b2526d4ae2296|02|cn"; nocase; ) # j626ec43109b0a471e176f65574aa2e5eb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037693; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j626ec43109b0a471e176f65574aa2e5eb|02|in"; nocase; ) # of6daad58652c09273188707aaaa473017.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037694; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|of6daad58652c09273188707aaaa473017|02|cc"; nocase; ) # ueaa2bead24f33432af511e58740762a97.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037695; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ueaa2bead24f33432af511e58740762a97|02|tk"; nocase; ) # vddbf4f92727aac8f4ebba8c2aec3e4f5f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037696; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vddbf4f92727aac8f4ebba8c2aec3e4f5f|02|so"; nocase; ) # z6b78d42eecec56189eb124e1195a308fd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037697; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6b78d42eecec56189eb124e1195a308fd|02|in"; nocase; ) # db6ab1ea38f3ae413d5dd0b0369472a60d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037698; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|db6ab1ea38f3ae413d5dd0b0369472a60d|02|so"; nocase; ) # g57265a74a39c854dc41500a06cf69be1a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037699; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g57265a74a39c854dc41500a06cf69be1a|02|to"; nocase; ) # m7adc1c2ff660f682cc9936817092067b2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037700; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m7adc1c2ff660f682cc9936817092067b2|02|cc"; nocase; ) # q275fd37822a6c1e8d5ade60bbc42bc51d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037701; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q275fd37822a6c1e8d5ade60bbc42bc51d|02|hk"; nocase; ) # r092ffd2cf68dbaece8587085363c9283c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037702; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r092ffd2cf68dbaece8587085363c9283c|02|cn"; nocase; ) # v99c2c91579ffbc2c4eada56e7087992ca.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037703; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v99c2c91579ffbc2c4eada56e7087992ca|02|ws"; nocase; ) # waabd2a2703a9c88ff4bac5d42172b64e3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037704; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|waabd2a2703a9c88ff4bac5d42172b64e3|02|to"; nocase; ) # o145508b20d91bbabbfb442138c343aaa8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037705; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o145508b20d91bbabbfb442138c343aaa8|02|hk"; nocase; ) # w41dd5e14c6d71536a154586fac523ee2e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037706; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w41dd5e14c6d71536a154586fac523ee2e|02|hk"; nocase; ) # z415f168a5d1dea9ad83ad1df38ec85159.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037707; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z415f168a5d1dea9ad83ad1df38ec85159|02|so"; nocase; ) # m63cbbdf3a3c848ece240aa0b686bd7a36.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037708; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m63cbbdf3a3c848ece240aa0b686bd7a36|02|hk"; nocase; ) # u732b8df0000b37c08c2ba49b8bc750451.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037709; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u732b8df0000b37c08c2ba49b8bc750451|02|hk"; nocase; ) # i07a5eb5fc3aa93acf9d00d08c7e59a4e0.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037710; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i07a5eb5fc3aa93acf9d00d08c7e59a4e0|02|to"; nocase; ) # qe67e48d3c4eba4a1c717ad6aac7193df9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037711; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe67e48d3c4eba4a1c717ad6aac7193df9|02|to"; nocase; ) # v25aadd7ccebd681deb876310ade604edc.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037712; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v25aadd7ccebd681deb876310ade604edc|02|so"; nocase; ) # y61333bda10f29115463b6af5664fd1aa7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037713; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y61333bda10f29115463b6af5664fd1aa7|02|to"; nocase; ) # c13e42ab7b4ffda49bccc3a768d9c711e4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037714; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c13e42ab7b4ffda49bccc3a768d9c711e4|02|tk"; nocase; ) # jefeb786abc398683fcc89747d37b40fb0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037715; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jefeb786abc398683fcc89747d37b40fb0|02|cn"; nocase; ) # o8801b331533d2d2f18580c9e1689efba3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037716; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8801b331533d2d2f18580c9e1689efba3|02|to"; nocase; ) # r4653e04190b1c809e2b8dd29ccd889d2d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037717; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4653e04190b1c809e2b8dd29ccd889d2d|02|cn"; nocase; ) # nf2c893bcd61678e62c35bba09b0f38fc4.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037718; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nf2c893bcd61678e62c35bba09b0f38fc4|02|in"; nocase; ) # wc5e4f3daafa428de364976c1594ca0e45.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037719; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc5e4f3daafa428de364976c1594ca0e45|02|hk"; nocase; ) # f180f63729e12af18da3e6ca53454a715f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037720; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f180f63729e12af18da3e6ca53454a715f|02|cn"; nocase; ) # j43db3192c0306c5e1cef6bcaf6feda305.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037721; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j43db3192c0306c5e1cef6bcaf6feda305|02|ws"; nocase; ) # n1094823884230a633521b9f1d84d71142.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037722; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1094823884230a633521b9f1d84d71142|02|cn"; nocase; ) # u22012384f5c4dc58d8d05bee35305933f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037723; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u22012384f5c4dc58d8d05bee35305933f|02|hk"; nocase; ) # kt7bwdqne2qfm6i81n7litc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037724; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|kt7bwdqne2qfm6i81n7litc|04|ddns|03|net"; nocase; ) # kx14cxmbqxar5456wbg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037725; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|kx14cxmbqxar5456wbg|04|ddns|03|net"; nocase; ) # sx5bsj1lm6y652mra4y.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037726; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|sx5bsj1lm6y652mra4y|04|ddns|03|net"; nocase; ) # a4gtmreliby8slcla2i.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037727; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|a4gtmreliby8slcla2i|04|ddns|03|net"; nocase; ) # 7de4svg2qdunafu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037728; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7de4svg2qdunafu|04|ddns|03|net"; nocase; ) # ch54mlg6a0sxiry.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037729; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|ch54mlg6a0sxiry|04|ddns|03|net"; nocase; ) # 1hcde612kh1jarsly2o0knu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037730; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|1hcde612kh1jarsly2o0knu|04|ddns|03|net"; nocase; ) # 56cxkl18k4c652qhuvejc2c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037731; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|56cxkl18k4c652qhuvejc2c|04|ddns|03|net"; nocase; ) # ahsadaasobepxi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037732; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|ahsadaasobepxi|04|ddns|03|net"; nocase; ) # beutulerxiuh.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037733; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|beutulerxiuh|04|ddns|03|net"; nocase; ) # gaoserur.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037734; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|gaoserur|04|ddns|03|net"; nocase; ) # biicaxwug.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037735; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|biicaxwug|04|ddns|03|net"; nocase; ) # cuxuokeb.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037736; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|08|cuxuokeb|04|ddns|03|net"; nocase; ) # m2od3rupmp74mrmvm23.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037737; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|m2od3rupmp74mrmvm23|04|ddns|03|net"; nocase; ) # m2m0g2unydsrw6w.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037738; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|m2m0g2unydsrw6w|04|ddns|03|net"; nocase; ) # 70ihwdqlinidc67x56axohq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037739; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|70ihwdqlinidc67x56axohq|04|ddns|03|net"; nocase; ) # 1nepytsnubaf7fw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037740; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|1nepytsnubaf7fw|04|ddns|03|net"; nocase; ) # avepu6u8yt1vefs4g8q.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037741; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|avepu6u8yt1vefs4g8q|04|ddns|03|net"; nocase; ) # m4clangfgb5xudg6obk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037742; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|m4clangfgb5xudg6obk|04|ddns|03|net"; nocase; ) # o41jkn3nsdwx327.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037743; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|o41jkn3nsdwx327|04|ddns|03|net"; nocase; ) # uv1fudcxmtybkpc438s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037744; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|uv1fudcxmtybkpc438s|04|ddns|03|net"; nocase; ) # mr1fov1denerurq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037745; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|mr1fov1denerurq|04|ddns|03|net"; nocase; ) # tmlfjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tmlfjf|03|org"; nocase; ) # aneycboat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aneycboat|03|com"; nocase; ) # qkouyn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qkouyn|04|info"; nocase; ) # nfegmifbrxo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nfegmifbrxo|04|info"; nocase; ) # nahfdfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nahfdfk|03|com"; nocase; ) # kbqquixu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kbqquixu|04|info"; nocase; ) # vdqjuunci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vdqjuunci|03|com"; nocase; ) # xkaqpkshogu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xkaqpkshogu|03|com"; nocase; ) # gwjgqjwl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gwjgqjwl|04|info"; nocase; ) # zxlhfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zxlhfk|03|com"; nocase; ) # wdhmmxmhbz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wdhmmxmhbz|03|com"; nocase; ) # gkgpwcdmjvj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gkgpwcdmjvj|04|info"; nocase; ) # oysojbbnifr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oysojbbnifr|03|com"; nocase; ) # rmjuthcdak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rmjuthcdak|03|com"; nocase; ) # qiptkofguy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qiptkofguy|03|net"; nocase; ) # lnxmsjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lnxmsjy|03|org"; nocase; ) # lpwsxnvpx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lpwsxnvpx|03|biz"; nocase; ) # bfacexf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bfacexf|04|info"; nocase; ) # apcsrxclkxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|apcsrxclkxr|04|info"; nocase; ) # bebqzbukaso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bebqzbukaso|03|net"; nocase; ) # gcinta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gcinta|03|net"; nocase; ) # wkgtecuyjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wkgtecuyjc|03|org"; nocase; ) # skwppiguz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|skwppiguz|03|net"; nocase; ) # nfxvvdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nfxvvdy|03|com"; nocase; ) # gdtrvj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gdtrvj|04|info"; nocase; ) # jhcvhgxe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jhcvhgxe|04|info"; nocase; ) # zhnkow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zhnkow|03|biz"; nocase; ) # ifddepecp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ifddepecp|03|com"; nocase; ) # rufmldwur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rufmldwur|03|net"; nocase; ) # aaylasapnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aaylasapnl|03|biz"; nocase; ) # iomnorekavh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|iomnorekavh|04|info"; nocase; ) # mssouqqoxu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mssouqqoxu|04|info"; nocase; ) # ikxhqerpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ikxhqerpe|03|biz"; nocase; ) # osjyesd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|osjyesd|03|net"; nocase; ) # ntkbnrfvo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ntkbnrfvo|04|info"; nocase; ) # kyfvolyrsi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kyfvolyrsi|03|net"; nocase; ) # hjrpboe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hjrpboe|03|biz"; nocase; ) # rgwsprlgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rgwsprlgy|03|com"; nocase; ) # waqxceesiis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|waqxceesiis|03|com"; nocase; ) # dupmjxfwesw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|dupmjxfwesw|03|net"; nocase; ) # yptxqgeyhvx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yptxqgeyhvx|04|info"; nocase; ) # movwraohyy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|movwraohyy|04|info"; nocase; ) # meabwyi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|meabwyi|04|info"; nocase; ) # bcrint.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bcrint|03|biz"; nocase; ) # tvzgacbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tvzgacbw|03|com"; nocase; ) # xhamnzzhiv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xhamnzzhiv|03|com"; nocase; ) # grpjcoxzrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|grpjcoxzrv|03|net"; nocase; ) # qdrjgzpphm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037793; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qdrjgzpphm|03|com"; nocase; ) # qybdpibghxh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037794; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qybdpibghxh|04|info"; nocase; ) # xlfngancipg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037795; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xlfngancipg|03|biz"; nocase; ) # qzgjnxmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037796; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qzgjnxmr|03|org"; nocase; ) # wpqvyttdg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037797; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wpqvyttdg|03|com"; nocase; ) # pizqgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037798; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pizqgt|03|com"; nocase; ) # aqsrqqafxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037799; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aqsrqqafxa|04|info"; nocase; ) # udyvrvvqvpo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037800; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|udyvrvvqvpo|03|biz"; nocase; ) # rhyplon.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037801; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rhyplon|03|biz"; nocase; ) # vitinqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037802; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vitinqx|03|biz"; nocase; ) # pjiqyjyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037803; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pjiqyjyq|04|info"; nocase; ) # irlthw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037804; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|irlthw|03|com"; nocase; ) # onarsoiao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037805; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|onarsoiao|03|com"; nocase; ) # eoftkws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037806; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eoftkws|04|info"; nocase; ) # bhqxxsznh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037807; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bhqxxsznh|03|biz"; nocase; ) # vvebujjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037808; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vvebujjz|03|org"; nocase; ) # ythqcrcaic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037809; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ythqcrcaic|03|com"; nocase; ) # thpouwn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037810; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|thpouwn|04|info"; nocase; ) # afiiod.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037811; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|afiiod|03|biz"; nocase; ) # bvjashvormi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037812; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bvjashvormi|03|org"; nocase; ) # xbbaeoynfk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037813; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xbbaeoynfk|03|com"; nocase; ) # orcijljcovy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037814; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|orcijljcovy|04|info"; nocase; ) # qolpswaqkv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037815; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qolpswaqkv|03|org"; nocase; ) # kebvzeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037816; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kebvzeq|03|com"; nocase; ) # lgyfyhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037817; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lgyfyhd|03|com"; nocase; ) # prvqqpw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037818; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|prvqqpw|03|biz"; nocase; ) # gewftmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037819; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gewftmq|03|org"; nocase; ) # mkfqzwz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037820; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mkfqzwz|04|info"; nocase; ) # ykgfbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037821; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ykgfbr|03|com"; nocase; ) # kpiiqixojib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037822; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kpiiqixojib|03|com"; nocase; ) # yvlpocpqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037823; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yvlpocpqn|03|biz"; nocase; ) # dvsxwujtoo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037824; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dvsxwujtoo|03|biz"; nocase; ) # jxvdqv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037825; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jxvdqv|03|biz"; nocase; ) # hmlfcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037826; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hmlfcg|03|com"; nocase; ) # fnddccfz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037827; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fnddccfz|03|com"; nocase; ) # mqzmvt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037828; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mqzmvt|04|info"; nocase; ) # lwhjniwmjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037829; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lwhjniwmjn|03|org"; nocase; ) # ilaecbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037830; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ilaecbf|03|com"; nocase; ) # xdcdcuhpbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037831; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xdcdcuhpbj|03|com"; nocase; ) # kojafgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037832; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kojafgz|03|com"; nocase; ) # wfapwd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037833; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wfapwd|04|info"; nocase; ) # wyfywn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037834; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wyfywn|04|info"; nocase; ) # rvhsver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037835; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rvhsver|03|com"; nocase; ) # inbhae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037836; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|inbhae|03|com"; nocase; ) # ygxxbvhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037837; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ygxxbvhq|03|com"; nocase; ) # kfniswljp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037838; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kfniswljp|03|org"; nocase; ) # cavbum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037839; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|cavbum|03|net"; nocase; ) # uzsgdcgkdpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037840; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uzsgdcgkdpa|03|biz"; nocase; ) # yrsxluteze.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037841; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yrsxluteze|04|info"; nocase; ) # wglzmxzpcgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037842; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wglzmxzpcgy|03|com"; nocase; ) # uhlbmwouyel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037843; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uhlbmwouyel|03|com"; nocase; ) # gfznglbvv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037844; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gfznglbvv|04|info"; nocase; ) # pdpuaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037845; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|pdpuaq|03|com"; nocase; ) # cqjbmlsma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037846; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cqjbmlsma|03|org"; nocase; ) # uxbxaqggt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037847; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uxbxaqggt|03|com"; nocase; ) # xpexohchrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037848; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xpexohchrx|03|net"; nocase; ) # mxlgcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037849; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mxlgcp|03|com"; nocase; ) # ywnfvp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037850; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ywnfvp|04|info"; nocase; ) # krgrlrgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037851; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|krgrlrgl|03|com"; nocase; ) # jsszjieogc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037852; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jsszjieogc|03|com"; nocase; ) # rkymtsiosw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037853; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rkymtsiosw|03|net"; nocase; ) # hwqdquyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037854; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hwqdquyf|04|info"; nocase; ) # ehvsgtvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037855; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ehvsgtvh|04|info"; nocase; ) # magvspjuhv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037856; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|magvspjuhv|03|com"; nocase; ) # esuliulueb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037857; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|esuliulueb|03|com"; nocase; ) # qzlifktm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037858; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qzlifktm|03|net"; nocase; ) # urajcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037859; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|urajcc|03|com"; nocase; ) # ehahdoyrw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037860; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ehahdoyrw|03|net"; nocase; ) # mmorintqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037861; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mmorintqo|03|biz"; nocase; ) # octcssowyj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037862; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|octcssowyj|04|info"; nocase; ) # fvumka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037863; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fvumka|03|org"; nocase; ) # vyhzyihqnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037864; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vyhzyihqnw|03|biz"; nocase; ) # hsnywnpfh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037865; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hsnywnpfh|03|com"; nocase; ) # mnvfpdojct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037866; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mnvfpdojct|03|com"; nocase; ) # mcociplc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037867; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mcociplc|03|org"; nocase; ) # kohnjdizk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037868; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kohnjdizk|04|info"; nocase; ) # nacnku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037869; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|nacnku|03|org"; nocase; ) # wxdczzaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037870; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wxdczzaf|03|com"; nocase; ) # gunmdj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037871; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gunmdj|03|com"; nocase; ) # zicoux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037872; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zicoux|03|net"; nocase; ) # ivwqgyxjkc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037873; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ivwqgyxjkc|03|org"; nocase; ) # bssnkbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037874; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bssnkbx|03|com"; nocase; ) # aycarjgct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037875; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|aycarjgct|03|com"; nocase; ) # uikwfzgonn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037876; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uikwfzgonn|03|biz"; nocase; ) # uisnosu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037877; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uisnosu|03|net"; nocase; ) # folgxcfoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037878; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|folgxcfoz|03|biz"; nocase; ) # toxovaguucq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037879; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|toxovaguucq|03|com"; nocase; ) # wjaintw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037880; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wjaintw|03|net"; nocase; ) # ndbuxsuxdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037881; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ndbuxsuxdd|03|com"; nocase; ) # swskfkldc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037882; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|swskfkldc|03|com"; nocase; ) # scfzshexsep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037883; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|scfzshexsep|03|com"; nocase; ) # andccph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037884; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|andccph|03|biz"; nocase; ) # naoubpsuhrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037885; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|naoubpsuhrh|03|net"; nocase; ) # plbwubm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037886; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|plbwubm|03|com"; nocase; ) # iqawvxhht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037887; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iqawvxhht|03|com"; nocase; ) # oevnyc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037888; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oevnyc|04|info"; nocase; ) # yqjukbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037889; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yqjukbm|03|com"; nocase; ) # hxopqnz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037890; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hxopqnz|03|biz"; nocase; ) # kyfcgan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037891; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kyfcgan|03|com"; nocase; ) # zlssee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037892; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zlssee|03|com"; nocase; ) # swevhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037893; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|swevhp|03|com"; nocase; ) # wlgwkqzy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037894; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wlgwkqzy|04|info"; nocase; ) # iwytqjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037895; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|iwytqjo|03|org"; nocase; ) # hnsghmnienu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037896; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hnsghmnienu|03|biz"; nocase; ) # yaiiptrmhpq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037897; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yaiiptrmhpq|03|biz"; nocase; ) # zrhsptejn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037898; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zrhsptejn|03|org"; nocase; ) # wthfeon.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037899; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wthfeon|03|biz"; nocase; ) # shbrwj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037900; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|shbrwj|04|info"; nocase; ) # msobkpirf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037901; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|msobkpirf|03|net"; nocase; ) # aukwkhea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037902; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aukwkhea|03|com"; nocase; ) # jzvnyfdiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037903; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jzvnyfdiy|03|com"; nocase; ) # bplvmhburs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037904; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bplvmhburs|03|net"; nocase; ) # mpbmcqegzh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037905; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mpbmcqegzh|04|info"; nocase; ) # qtiobevuba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037906; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qtiobevuba|03|com"; nocase; ) # uuyadkpm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037907; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uuyadkpm|03|biz"; nocase; ) # bqjuos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037908; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bqjuos|03|biz"; nocase; ) # zeovdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037909; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zeovdc|03|com"; nocase; ) # hfunvdhgcsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037910; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hfunvdhgcsu|03|net"; nocase; ) # hshlnjrtfgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037911; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hshlnjrtfgb|03|com"; nocase; ) # lezoggnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037912; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lezoggnn|03|biz"; nocase; ) # mrsbseg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037913; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mrsbseg|03|com"; nocase; ) # fvpxrvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037914; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fvpxrvh|04|info"; nocase; ) # tqprub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037915; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tqprub|03|net"; nocase; ) # zbxtrmnpxe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037916; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zbxtrmnpxe|04|info"; nocase; ) # ljamqfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037917; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ljamqfn|03|com"; nocase; ) # mvangmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037918; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mvangmn|03|org"; nocase; ) # iudwtkej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037919; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|iudwtkej|03|com"; nocase; ) # sifpupr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037920; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sifpupr|03|biz"; nocase; ) # qnpoaezif.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037921; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qnpoaezif|03|com"; nocase; ) # rtcmumtsqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037922; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rtcmumtsqd|03|biz"; nocase; ) # lbxbvn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037923; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lbxbvn|04|info"; nocase; ) # vtyfyqyyvf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037924; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vtyfyqyyvf|04|info"; nocase; ) # bmhvlapffnk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037925; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bmhvlapffnk|03|biz"; nocase; ) # pyusrkawhyf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037926; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pyusrkawhyf|04|info"; nocase; ) # fvmjsjyvly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037927; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fvmjsjyvly|03|org"; nocase; ) # eadheevmtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037928; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|eadheevmtu|03|net"; nocase; ) # jwppas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037929; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jwppas|03|com"; nocase; ) # vcyecjyu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037930; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vcyecjyu|04|info"; nocase; ) # plrjsimo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037931; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|plrjsimo|03|org"; nocase; ) # szrnsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037932; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|szrnsc|03|net"; nocase; ) # ngkyfzap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037933; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ngkyfzap|03|com"; nocase; ) # wvyneem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037934; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wvyneem|03|com"; nocase; ) # qtaeggi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037935; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qtaeggi|03|com"; nocase; ) # vqnprdllis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037936; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vqnprdllis|03|com"; nocase; ) # wfbdxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037937; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wfbdxr|04|info"; nocase; ) # eweqbzdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037938; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eweqbzdy|03|com"; nocase; ) # bsseuqgydo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037939; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bsseuqgydo|03|com"; nocase; ) # kkkvreui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037940; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kkkvreui|03|net"; nocase; ) # kchdkooad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037941; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kchdkooad|03|com"; nocase; ) # pzzqfovpnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037942; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pzzqfovpnm|03|biz"; nocase; ) # qhyohphe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037943; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qhyohphe|03|com"; nocase; ) # sknivbpqlnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037944; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|sknivbpqlnm|03|biz"; nocase; ) # dkvurumzdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037945; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dkvurumzdu|03|com"; nocase; ) # wcnjqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037946; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wcnjqt|03|biz"; nocase; ) # yyopcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037947; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yyopcu|03|com"; nocase; ) # wgalyuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037948; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wgalyuu|03|net"; nocase; ) # okjekhhhlu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037949; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|okjekhhhlu|03|org"; nocase; ) # vjxbaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037950; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vjxbaw|03|com"; nocase; ) # iszgazmgda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037951; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iszgazmgda|03|com"; nocase; ) # rmjccjmumr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037952; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rmjccjmumr|03|org"; nocase; ) # xkhfdoggn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037953; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xkhfdoggn|03|com"; nocase; ) # eelgvlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037954; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|eelgvlx|03|org"; nocase; ) # bmllbblcdaoflaok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037955; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmllbblcdaoflaok|03|com"; nocase; ) # mdfmfkoaamcfebfn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037956; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mdfmfkoaamcfebfn|04|info"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # lbacbcnlebklklce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037957; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lbacbcnlebklklce|03|com"; nocase; ) # ecdfadmacddbcleo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037958; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ecdfadmacddbcleo|02|co|02|uk"; nocase; ) # dfallnkendbbddcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037959; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dfallnkendbbddcc|03|com"; nocase; ) # fflnndcccfcfefcf.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037960; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fflnndcccfcfefcf|02|de"; nocase; ) # kaffdcccfmfodbdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037961; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kaffdcccfmfodbdf|03|com"; nocase; ) # bonccdnaclddbbab.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037962; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bonccdnaclddbbab|02|cc"; nocase; ) # dadenfclfelokdmf.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037963; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dadenfclfelokdmf|06|online"; nocase; ) # ldccfkdbfnbdeomd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037964; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ldccfkdbfnbdeomd|04|info"; nocase; ) # knadlbfomlblmbld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037965; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|knadlbfomlblmbld|03|com"; nocase; ) # dodacbfekmknabeb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037966; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dodacbfekmknabeb|02|co|02|uk"; nocase; ) # dcfedfacnccoaacb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037967; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dcfedfacnccoaacb|03|com"; nocase; ) # ncabmnanmcbcodbc.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037968; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ncabmnanmcbcodbc|06|online"; nocase; ) # aofookanfddlfemd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037969; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aofookanfddlfemd|02|co|02|uk"; nocase; ) # goixic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037970; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|goixic|03|com"; nocase; ) # qihlhg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037971; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qihlhg|03|com"; nocase; ) # iarsba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037972; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iarsba|03|com"; nocase; ) # ahlvvu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037973; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ahlvvu|03|com"; nocase; ) # uoivqe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037974; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uoivqe|03|com"; nocase; ) # ibbsmi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037975; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ibbsmi|03|com"; nocase; ) # ozoouy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037976; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ozoouy|03|com"; nocase; ) # pqaety.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037977; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|pqaety|03|com"; nocase; ) # wjaawi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037978; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wjaawi|03|com"; nocase; ) # ecseai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037979; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ecseai|03|com"; nocase; ) # aigueg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037980; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aigueg|03|com"; nocase; ) # ovocio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037981; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ovocio|03|com"; nocase; ) # sekyex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037982; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|sekyex|03|com"; nocase; ) # khkhji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037983; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|khkhji|03|com"; nocase; ) # oypdbf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037984; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oypdbf|03|com"; nocase; ) # ldrpio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037985; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ldrpio|03|com"; nocase; ) # cdwoeu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037986; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cdwoeu|03|com"; nocase; ) # bbugcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037987; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bbugcl|03|com"; nocase; ) # ecutyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037988; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ecutyv|03|com"; nocase; ) # bsfyoe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037989; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bsfyoe|03|com"; nocase; ) # tiedhj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037990; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tiedhj|03|com"; nocase; ) # wbunqjgmdajd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037991; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|wbunqjgmdajd|03|biz"; nocase; ) # gjlfwmkoykpggklh.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037992; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|gjlfwmkoykpggklh|04|work"; nocase; ) # lfgevyfgkgbr.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037993; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|lfgevyfgkgbr|02|pw"; nocase; ) # vrslkfhnbnotbg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037994; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|vrslkfhnbnotbg|02|ru"; nocase; ) # duiusmbpajygj.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037995; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|duiusmbpajygj|02|pl"; nocase; ) # lpvuudsthouxq.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037996; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|lpvuudsthouxq|04|work"; nocase; ) # lpuetrjbmjbs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037997; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|lpuetrjbmjbs|03|biz"; nocase; ) # mwhvxjsxh.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037998; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|mwhvxjsxh|05|click"; nocase; ) # qbeorlnwevijfwe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000037999; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|qbeorlnwevijfwe|03|org"; nocase; ) # wfgcvjrhlnmkw.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038000; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|wfgcvjrhlnmkw|04|work"; nocase; ) # pynmixidwhvwno.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038001; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|pynmixidwhvwno|05|click"; nocase; ) # idnkvegxbrx.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038002; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|idnkvegxbrx|02|su"; nocase; ) # spsoisyquttrxcry.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038003; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|spsoisyquttrxcry|02|ru"; nocase; ) # umbapmbujptamhnn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038004; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|umbapmbujptamhnn|04|info"; nocase; ) # gggtmjyejrbcbhmcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038005; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|gggtmjyejrbcbhmcr|03|org"; nocase; ) # prtdysolfskqoge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038006; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|prtdysolfskqoge|03|org"; nocase; ) # cusfatdbaobbmjc.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038007; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|cusfatdbaobbmjc|02|su"; nocase; ) # hoovgpsdf.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038008; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|hoovgpsdf|02|pl"; nocase; ) # kkbjeaejsntinmjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038009; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|kkbjeaejsntinmjp|03|org"; nocase; ) # sxlcmwvcjjjf.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038010; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|sxlcmwvcjjjf|05|click"; nocase; ) # wuluroee.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038011; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|wuluroee|02|su"; nocase; ) # wmyfhlgskdivmq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038012; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|wmyfhlgskdivmq|04|info"; nocase; ) # kdidypp.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038013; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|kdidypp|03|xyz"; nocase; ) # svaamsspfhxr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038014; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|svaamsspfhxr|03|org"; nocase; ) # ahhoghq.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038015; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|ahhoghq|02|pw"; nocase; ) # natytilxdjo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038016; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|natytilxdjo|02|ru"; nocase; ) # royhhtyyohmde.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038017; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|royhhtyyohmde|02|pw"; nocase; ) # pbcbubkxgjsjkvx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038018; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|pbcbubkxgjsjkvx|03|xyz"; nocase; ) # ipbxptpujwnmgwfn.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038019; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|ipbxptpujwnmgwfn|03|xyz"; nocase; ) # skiwutmcraylkic.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038020; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|skiwutmcraylkic|04|work"; nocase; ) # iltdnfvlougl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038021; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|iltdnfvlougl|04|info"; nocase; ) # swmcrtjeikcuw.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038022; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|swmcrtjeikcuw|05|click"; nocase; ) # dvctovf.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038023; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|dvctovf|02|pl"; nocase; ) # iuelcjh.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038024; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|iuelcjh|02|pw"; nocase; ) # lflurxwxpsbsfn.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038025; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|lflurxwxpsbsfn|02|su"; nocase; ) # liuofkivu.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038026; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|liuofkivu|03|xyz"; nocase; ) # xttiwtkppnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038027; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|xttiwtkppnh|03|biz"; nocase; ) # ryaayycn.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038028; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ryaayycn|04|work"; nocase; ) # eepacelifebr.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038029; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|eepacelifebr|02|pl"; nocase; ) # fgigfgnexnkieuka.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038030; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|fgigfgnexnkieuka|02|pl"; nocase; ) # dxfbgwrftcjer.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038031; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|dxfbgwrftcjer|04|info"; nocase; ) # iusklgakyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038032; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|iusklgakyw|04|info"; nocase; ) # newpaxrmco.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038033; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|newpaxrmco|04|work"; nocase; ) # isvquyskwuwlxcm.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038034; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|isvquyskwuwlxcm|04|work"; nocase; ) # krcbxddutbm.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038035; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|krcbxddutbm|05|click"; nocase; ) # yafjrrkvobcd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038036; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|yafjrrkvobcd|02|ru"; nocase; ) # gnlqnocnmdxj.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038037; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|gnlqnocnmdxj|05|click"; nocase; ) # rcdqtxpmgspyyqyu.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038038; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|rcdqtxpmgspyyqyu|02|pw"; nocase; ) # unwsjimegwc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038039; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|unwsjimegwc|04|info"; nocase; ) # rdflrebpel.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038040; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|rdflrebpel|05|click"; nocase; ) # fuiuwqayfxcnynqug.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038041; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|fuiuwqayfxcnynqug|03|xyz"; nocase; ) # bnyxwspwrtjay.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038042; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|bnyxwspwrtjay|04|work"; nocase; ) # bbjvpoc.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038043; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|bbjvpoc|02|pw"; nocase; ) # nhbkvhkfiyscfxqt.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038044; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|nhbkvhkfiyscfxqt|02|pl"; nocase; ) # vabiaubim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038045; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|vabiaubim|03|org"; nocase; ) # efgjjdrmmqnwlw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038046; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|efgjjdrmmqnwlw|02|ru"; nocase; ) # bfkgdnjykx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038047; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|bfkgdnjykx|03|xyz"; nocase; ) # ygpyilexvyp.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038048; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|ygpyilexvyp|05|click"; nocase; ) # pkhdsljoiqokje.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038049; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|pkhdsljoiqokje|03|xyz"; nocase; ) # gtfqiddodc.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038050; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|gtfqiddodc|02|pw"; nocase; ) # uknnyyjedbggbsl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038051; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|uknnyyjedbggbsl|03|biz"; nocase; ) # tylsqjjga.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038052; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|tylsqjjga|02|su"; nocase; ) # norlhshxewv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038053; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|norlhshxewv|03|org"; nocase; ) # wtoquuiphedbgy.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038054; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|wtoquuiphedbgy|02|pl"; nocase; ) # ewwkyyrf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038055; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ewwkyyrf|03|biz"; nocase; ) # xmqtoeiyutqnk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038056; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|xmqtoeiyutqnk|03|org"; nocase; ) # tlvsbbm.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038057; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|tlvsbbm|02|su"; nocase; ) # runhsnsxpoogbjn.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038058; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|runhsnsxpoogbjn|04|work"; nocase; ) # xvhhieoeub.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038059; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|xvhhieoeub|04|work"; nocase; ) # koteipvqtblb.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038060; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|koteipvqtblb|02|pl"; nocase; ) # nxrrgspxugq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038061; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|nxrrgspxugq|04|info"; nocase; ) # yjduj7rzyjeceqcq5g6j51az.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yjduj7rzyjeceqcq5g6j51az|03|biz"; nocase; ) # gw4088146kef3x1ueubbt8eh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gw4088146kef3x1ueubbt8eh5|03|com"; nocase; ) # v9c85ezgtau2p21p5m1kjwmyd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9c85ezgtau2p21p5m1kjwmyd|03|net"; nocase; ) # kt28m8fmfe5kcz73bzvpe3un.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kt28m8fmfe5kcz73bzvpe3un|03|net"; nocase; ) # 3v1aor1ndfpei5j7ti51cgrmy3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3v1aor1ndfpei5j7ti51cgrmy3|03|net"; nocase; ) # ma3rsc1sr4npf1fl1qev1louo0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ma3rsc1sr4npf1fl1qev1louo0u|03|org"; nocase; ) # osqhc31loxjv69o8mjj1ttnjv9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|osqhc31loxjv69o8mjj1ttnjv9|03|biz"; nocase; ) # sjxp7v1m6ku491wq4qfxo1q5hx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sjxp7v1m6ku491wq4qfxo1q5hx|03|net"; nocase; ) # wpkqbchcv78710ucmkaxqk1ej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wpkqbchcv78710ucmkaxqk1ej|03|net"; nocase; ) # 1bqyyblc6hhhd1liltb6cap8r8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bqyyblc6hhhd1liltb6cap8r8|03|com"; nocase; ) # 1sjamj0fvj8lnzrfm4k6lu9hb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sjamj0fvj8lnzrfm4k6lu9hb|03|com"; nocase; ) # 1hu638710udbkm1ch1nsz1ry72z0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hu638710udbkm1ch1nsz1ry72z0|03|net"; nocase; ) # nvcs5w153tlc0la4t7o1ficw9d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nvcs5w153tlc0la4t7o1ficw9d|03|net"; nocase; ) # r0bodchalkrz1f0ai4x1ne630r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r0bodchalkrz1f0ai4x1ne630r|03|biz"; nocase; ) # 59auf01fa0wwv4otts51kr7d66.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59auf01fa0wwv4otts51kr7d66|03|com"; nocase; ) # kp72pg5gx8fl1xek9pc163lsdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kp72pg5gx8fl1xek9pc163lsdw|03|net"; nocase; ) # 4o15mr1e54xwm153jxe71atihrz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4o15mr1e54xwm153jxe71atihrz|03|org"; nocase; ) # 1vmppxv7fzp991iu1mj2hese98.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vmppxv7fzp991iu1mj2hese98|03|com"; nocase; ) # gx2oo91so96u817xd9ub1gkw5hd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gx2oo91so96u817xd9ub1gkw5hd|03|org"; nocase; ) # 22wle5ylynkf1dcgnlt1amed5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|22wle5ylynkf1dcgnlt1amed5|03|net"; nocase; ) # zle6kwr9jepvhiemmoblgzry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zle6kwr9jepvhiemmoblgzry|03|org"; nocase; ) # 1eiq63g1ongkxx1b4opxu11br25f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eiq63g1ongkxx1b4opxu11br25f|03|biz"; nocase; ) # klpc3olkxyasdbfx5ppdfkjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|klpc3olkxyasdbfx5ppdfkjb|03|net"; nocase; ) # 1fvfa1njs3wmniux0tc89gis3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fvfa1njs3wmniux0tc89gis3|03|net"; nocase; ) # 1fjbz7j1i5ce0z5imlibmxfxb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fjbz7j1i5ce0z5imlibmxfxb|03|biz"; nocase; ) # 18104i41s2g9am3zgrsmozrrw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18104i41s2g9am3zgrsmozrrw6|03|net"; nocase; ) # jnwe291btkuy896mdu518hv2n8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnwe291btkuy896mdu518hv2n8|03|biz"; nocase; ) # 18gelay1bl5uh0ain98a1q9g2i4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18gelay1bl5uh0ain98a1q9g2i4|03|com"; nocase; ) # t66tof4tk07y1wo2j171gwuzuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t66tof4tk07y1wo2j171gwuzuj|03|com"; nocase; ) # 9loy411b7vwaugm4ri418u04il.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9loy411b7vwaugm4ri418u04il|03|org"; nocase; ) # h0nseb111j9li1hdxtr51857nzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h0nseb111j9li1hdxtr51857nzj|03|com"; nocase; ) # futu3y1urxn91137nyiq1nep9m9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|futu3y1urxn91137nyiq1nep9m9|03|net"; nocase; ) # 1rllcc410z2u2jm2ckxiel7bqg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rllcc410z2u2jm2ckxiel7bqg|03|com"; nocase; ) # 11d08sg38080y1u6eu3saw71s9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d08sg38080y1u6eu3saw71s9|03|net"; nocase; ) # hr7jm01sb8bmkqwe1r7w0hms7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hr7jm01sb8bmkqwe1r7w0hms7|03|org"; nocase; ) # d9bhgr18q4p9va2x6m51vbrrem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d9bhgr18q4p9va2x6m51vbrrem|03|net"; nocase; ) # 1fgi0id17ssrkukdj97nx54sr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fgi0id17ssrkukdj97nx54sr8|03|com"; nocase; ) # 1xzbfs41mlob1nqlmsb6qvlqzb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xzbfs41mlob1nqlmsb6qvlqzb|03|com"; nocase; ) # taa7pv714cgo1sq89kx9n39k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|taa7pv714cgo1sq89kx9n39k|03|net"; nocase; ) # 1stijpdnjpgt71vnu3iretfeav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1stijpdnjpgt71vnu3iretfeav|03|com"; nocase; ) # 2gdq2g1gzfn5e1rc600p1ml2olj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2gdq2g1gzfn5e1rc600p1ml2olj|03|org"; nocase; ) # 1mij4cc1726uezlkq0tx1eduo2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mij4cc1726uezlkq0tx1eduo2c|03|com"; nocase; ) # 1u2gzb91k57gqy12swbyv1ytivza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u2gzb91k57gqy12swbyv1ytivza|03|net"; nocase; ) # ke8c4v1ce5k7z122nxssn9ujk0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ke8c4v1ce5k7z122nxssn9ujk0|03|org"; nocase; ) # 1xtot9n11rmmsf1vdebdx15iep88.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xtot9n11rmmsf1vdebdx15iep88|03|net"; nocase; ) # 51c21mwbz3mm1txnvpv80ggqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|51c21mwbz3mm1txnvpv80ggqg|03|net"; nocase; ) # 1gavynf1a2x6ks8hmjsbq2p7ls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gavynf1a2x6ks8hmjsbq2p7ls|03|org"; nocase; ) # 1p2p1tg1j2814c11w9h7bcja9br.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p2p1tg1j2814c11w9h7bcja9br|03|com"; nocase; ) # 1ahpups7ddqm14mt0rf10nzmic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahpups7ddqm14mt0rf10nzmic|03|org"; nocase; ) # 45cmbaybxqi0k85cki1xruh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|45cmbaybxqi0k85cki1xruh5|03|net"; nocase; ) # 18hgjtggfe3c4rikdfr1blmali.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18hgjtggfe3c4rikdfr1blmali|03|org"; nocase; ) # nbxao41pb2egvysat8y2p9eih.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nbxao41pb2egvysat8y2p9eih|03|biz"; nocase; ) # 108rq8178okbx1vn9j3m19jzdb8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|108rq8178okbx1vn9j3m19jzdb8|03|com"; nocase; ) # ydsc1w18sedn33ukk5f15flr0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ydsc1w18sedn33ukk5f15flr0h|03|org"; nocase; ) # ho36g2bnyvwm1vr9wkz1mjtbrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ho36g2bnyvwm1vr9wkz1mjtbrv|03|com"; nocase; ) # 12rpxfeehhomc2jchqpso0uxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12rpxfeehhomc2jchqpso0uxo|03|net"; nocase; ) # 16mvr1fdi4t1uzw27og13vpx4f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16mvr1fdi4t1uzw27og13vpx4f|03|com"; nocase; ) # 1n6qrqa1srmgri17dm5dk17nx7xt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1n6qrqa1srmgri17dm5dk17nx7xt|03|com"; nocase; ) # 84jhu1iok0s71u0jucd17fy9ok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|84jhu1iok0s71u0jucd17fy9ok|03|biz"; nocase; ) # 1ah4pba1y4lez3yheo4c1ozd2z7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ah4pba1y4lez3yheo4c1ozd2z7|03|org"; nocase; ) # 16so3iy1v01b3411gfgnznk12if.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16so3iy1v01b3411gfgnznk12if|03|biz"; nocase; ) # 1w8hrd9g9pfm1mrys5ky5zndh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w8hrd9g9pfm1mrys5ky5zndh|03|org"; nocase; ) # kb8026nwyjv91xifbvi1bfov9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kb8026nwyjv91xifbvi1bfov9y|03|com"; nocase; ) # 1x9bg4uejnfbw9y2wn61hlotl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x9bg4uejnfbw9y2wn61hlotl6|03|org"; nocase; ) # px539nsssxts14uvlvf1me17yc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|px539nsssxts14uvlvf1me17yc|03|biz"; nocase; ) # 1c90qkwgf8rhl1sn59ve18z4iw6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c90qkwgf8rhl1sn59ve18z4iw6|03|org"; nocase; ) # z8v82hkua7mo14pukyy1ltj89w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z8v82hkua7mo14pukyy1ltj89w|03|net"; nocase; ) # z97qx7neaffa1mwu9welzp3dw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z97qx7neaffa1mwu9welzp3dw|03|net"; nocase; ) # 1oxy2xwpo6vyi1k1i3s51l0pxk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oxy2xwpo6vyi1k1i3s51l0pxk7|03|com"; nocase; ) # 1g6lgq0x3jdu41ndbhv11nohf14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g6lgq0x3jdu41ndbhv11nohf14|03|net"; nocase; ) # 10poxpo1jg1jgzh48ojd1ukntna.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10poxpo1jg1jgzh48ojd1ukntna|03|net"; nocase; ) # 18cv8zk1u2yza44mbupu5rxokd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18cv8zk1u2yza44mbupu5rxokd|03|net"; nocase; ) # 1osech6d80zbugk5dad9zonoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1osech6d80zbugk5dad9zonoa|03|com"; nocase; ) # 1gvw26j1lfnqva1i2rk8x1wi1ytg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gvw26j1lfnqva1i2rk8x1wi1ytg|03|com"; nocase; ) # rdw9ou1lngtc61rmo4sx1lpxyix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rdw9ou1lngtc61rmo4sx1lpxyix|03|net"; nocase; ) # 1ghatvq7dg1uw1jx5f351dl8tm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghatvq7dg1uw1jx5f351dl8tm4|03|com"; nocase; ) # hcsbok818vza10owq9m18qxddu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hcsbok818vza10owq9m18qxddu|03|biz"; nocase; ) # 82b9m011r19pb1qto8eqr72z3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|82b9m011r19pb1qto8eqr72z3w|03|net"; nocase; ) # 1tjrz08d3xutb3hb9yicb1yua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tjrz08d3xutb3hb9yicb1yua|03|com"; nocase; ) # f6ijitlacchoekig8zphull5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f6ijitlacchoekig8zphull5|03|org"; nocase; ) # e8drvp18crkiiijz6zqjy5nh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e8drvp18crkiiijz6zqjy5nh9|03|biz"; nocase; ) # bccpyqu2odav1i9zen3xjcsdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bccpyqu2odav1i9zen3xjcsdd|03|com"; nocase; ) # 1fnbw9qrmazx2regrz64zolvb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fnbw9qrmazx2regrz64zolvb|03|org"; nocase; ) # r7pqy86ke86v1pv2g7lsz5eb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r7pqy86ke86v1pv2g7lsz5eb|03|net"; nocase; ) # 1ej8r3p13a9h1r1qgaipt1jvvhk1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ej8r3p13a9h1r1qgaipt1jvvhk1|03|com"; nocase; ) # 1wwjoz41ts685q13pumlb9pcjy1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wwjoz41ts685q13pumlb9pcjy1|03|biz"; nocase; ) # v0kn8o18om3xhgv0mzshx68ks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0kn8o18om3xhgv0mzshx68ks|03|biz"; nocase; ) # 1hdvatd1c126jnu4dz3c6c2kr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hdvatd1c126jnu4dz3c6c2kr|03|org"; nocase; ) # 1sujo6410za4wjs7gms7iemkrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sujo6410za4wjs7gms7iemkrb|03|com"; nocase; ) # 1mkcqph570a9q12i7ja9uz6zca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mkcqph570a9q12i7ja9uz6zca|03|biz"; nocase; ) # 198tyaq1vpu1fi2vmj8e1s6cs2v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|198tyaq1vpu1fi2vmj8e1s6cs2v|03|net"; nocase; ) # 1uxxeuf2p5bqaedeutj1vdcz0t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxxeuf2p5bqaedeutj1vdcz0t|03|biz"; nocase; ) # vnsygvdxwlm49sltobpehrre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vnsygvdxwlm49sltobpehrre|03|com"; nocase; ) # nklo2cnw1kl61m5je1919yyo2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nklo2cnw1kl61m5je1919yyo2m|03|net"; nocase; ) # adqmjq1povcjo1oj3u8anq9d4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|adqmjq1povcjo1oj3u8anq9d4k|03|net"; nocase; ) # rxzr6d127w57n2en1becv31do.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxzr6d127w57n2en1becv31do|03|com"; nocase; ) # 160hvrfhlohi11nl8wmtrp9xy5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|160hvrfhlohi11nl8wmtrp9xy5|03|org"; nocase; ) # 1qn5buivcgdkr1c957p6vqf4n8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qn5buivcgdkr1c957p6vqf4n8|03|biz"; nocase; ) # 1syebvc263sysr3ey5e14tt6bc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1syebvc263sysr3ey5e14tt6bc|03|com"; nocase; ) # zj5db01ws2nol19dkw281q3stzd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zj5db01ws2nol19dkw281q3stzd|03|org"; nocase; ) # 1rnfqeb3jqjft1vejew51uxkf86.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rnfqeb3jqjft1vejew51uxkf86|03|org"; nocase; ) # ljcvop1gi8c10k8ygc11t6bc75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ljcvop1gi8c10k8ygc11t6bc75|03|com"; nocase; ) # 1ymkquwsx14qw1p4g4fz1d8wd78.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ymkquwsx14qw1p4g4fz1d8wd78|03|com"; nocase; ) # iwbl9a8ccyib1mlzeoxssvjbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwbl9a8ccyib1mlzeoxssvjbi|03|org"; nocase; ) # 179bt8ntiixqoo160kh1mivjd1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|179bt8ntiixqoo160kh1mivjd1|03|net"; nocase; ) # mu2vuqjxxcnqtdtyru1emb05u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mu2vuqjxxcnqtdtyru1emb05u|03|org"; nocase; ) # 1412h9b1dzflb613gzxwn2nyrey.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1412h9b1dzflb613gzxwn2nyrey|03|org"; nocase; ) # rm4hvsukz9d3wp27xt17ao4kk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rm4hvsukz9d3wp27xt17ao4kk|03|com"; nocase; ) # ee0e2vkf44ench7tno1dkbln0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ee0e2vkf44ench7tno1dkbln0|03|org"; nocase; ) # 18pgny97t9qrp14jxt331xl3e4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18pgny97t9qrp14jxt331xl3e4n|03|com"; nocase; ) # 1basa6a1ln8r0d1rdu5m51pr0vo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1basa6a1ln8r0d1rdu5m51pr0vo|03|org"; nocase; ) # 1urn96r15uin0x19u5xh81p5lsae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1urn96r15uin0x19u5xh81p5lsae|03|net"; nocase; ) # t0v0jm79dlar1ba0f1x7jaxcj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t0v0jm79dlar1ba0f1x7jaxcj|03|biz"; nocase; ) # 1mydzrxcwuqvs9wzvyx14wi37w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mydzrxcwuqvs9wzvyx14wi37w|03|com"; nocase; ) # rt1afn1kxnjx718f1asl1mj34y7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rt1afn1kxnjx718f1asl1mj34y7|03|com"; nocase; ) # wxw5nomiwmio1fvpa36ow83g4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxw5nomiwmio1fvpa36ow83g4|03|net"; nocase; ) # vfy2bq1vq01snfqp3i1ftxg40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vfy2bq1vq01snfqp3i1ftxg40|03|org"; nocase; ) # 17f1s3o1ezka411ycdu2i7438h2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17f1s3o1ezka411ycdu2i7438h2|03|com"; nocase; ) # 1dm3tw01h74coh17cg6mw1o524zw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dm3tw01h74coh17cg6mw1o524zw|03|com"; nocase; ) # 434bdset6c2z1fq8z222k7j53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|434bdset6c2z1fq8z222k7j53|03|net"; nocase; ) # u2p3vqqsesr1k71nmem869ou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u2p3vqqsesr1k71nmem869ou|03|org"; nocase; ) # 1rig61g1amtel1j61znm11hsy2r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rig61g1amtel1j61znm11hsy2r|03|com"; nocase; ) # 3odsew1lf0ue31wf0f6vqdwoo5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3odsew1lf0ue31wf0f6vqdwoo5|03|org"; nocase; ) # 1fiso11ebczvv1w4nup6l2eqxm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fiso11ebczvv1w4nup6l2eqxm|03|org"; nocase; ) # 1f118stogwt3wfwz1iolo94dd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f118stogwt3wfwz1iolo94dd|03|biz"; nocase; ) # 1hcg8n01hgc4i318rccxyph0rce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hcg8n01hgc4i318rccxyph0rce|03|net"; nocase; ) # 1oh1o22122b4rs5icem51o2cgji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oh1o22122b4rs5icem51o2cgji|03|com"; nocase; ) # 11uezrjjinbpvhcb9dn1gsgwid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11uezrjjinbpvhcb9dn1gsgwid|03|net"; nocase; ) # 1tejncw1d1s2a1f3sr95n2677h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tejncw1d1s2a1f3sr95n2677h|03|com"; nocase; ) # 1wtao5qja3nisu9t67budu07.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wtao5qja3nisu9t67budu07|03|biz"; nocase; ) # qlrl1d1n7l148a7ezig1ej2da6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qlrl1d1n7l148a7ezig1ej2da6|03|biz"; nocase; ) # 10o6lugutkgu81cnhoi62kzowj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10o6lugutkgu81cnhoi62kzowj|03|net"; nocase; ) # odbg2azi5kh57e7l4d1q4l6jm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|odbg2azi5kh57e7l4d1q4l6jm|03|com"; nocase; ) # 1luug445z7g4rocueyhd7u645.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1luug445z7g4rocueyhd7u645|03|net"; nocase; ) # 1mkz883ljbfsf1nahp7h1w8o3pd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mkz883ljbfsf1nahp7h1w8o3pd|03|net"; nocase; ) # 1w16d8445msf11o2rry1t0tsf2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w16d8445msf11o2rry1t0tsf2|03|org"; nocase; ) # 12gasy191pu4fa3i033ydlwlq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12gasy191pu4fa3i033ydlwlq|03|biz"; nocase; ) # 17hx90c1fd3viime0rzbmruwhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17hx90c1fd3viime0rzbmruwhm|03|com"; nocase; ) # 1t87p711hkuuop14puhd7k2ckm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t87p711hkuuop14puhd7k2ckm9|03|net"; nocase; ) # 1uj8c97uog9kalsl8p8nyqi0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uj8c97uog9kalsl8p8nyqi0x|03|com"; nocase; ) # 13crafdj9i51r17j458j2tdw95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13crafdj9i51r17j458j2tdw95|03|net"; nocase; ) # v0t76j54ouma1ibzkc616g8jc8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v0t76j54ouma1ibzkc616g8jc8|03|net"; nocase; ) # ti3mqoo8kcr91cvjhkt1vjhc66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ti3mqoo8kcr91cvjhkt1vjhc66|03|net"; nocase; ) # 11pdow05l7f831j7axfl14jvg4l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11pdow05l7f831j7axfl14jvg4l|03|org"; nocase; ) # m08dsv15k8atejqqwd3fpz6ar.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m08dsv15k8atejqqwd3fpz6ar|03|biz"; nocase; ) # 152ukwlkxm9g91poel0c1s4kfs6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|152ukwlkxm9g91poel0c1s4kfs6|03|org"; nocase; ) # 15p9h7g5ecq5qdw06jy17gzyo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15p9h7g5ecq5qdw06jy17gzyo8|03|net"; nocase; ) # 414yu316ulk2nq6e7wl1yvj0m4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|414yu316ulk2nq6e7wl1yvj0m4|03|org"; nocase; ) # kvgh291eqnm1woevygk1f1t8g8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvgh291eqnm1woevygk1f1t8g8|03|com"; nocase; ) # i1kqo81a6mkio572flxd3zba.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i1kqo81a6mkio572flxd3zba|03|org"; nocase; ) # 3hm9f918gec9w1co6fbm9hokzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3hm9f918gec9w1co6fbm9hokzk|03|net"; nocase; ) # k5mk0jsebe0s1z0m3zaie29aw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5mk0jsebe0s1z0m3zaie29aw|03|com"; nocase; ) # 1zhusv1fstemcbjgf2k4jxok0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1zhusv1fstemcbjgf2k4jxok0|03|org"; nocase; ) # bwow0i2tfsle1lc5gan12a0nnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bwow0i2tfsle1lc5gan12a0nnw|03|biz"; nocase; ) # hq107lztyc6313f5xbav8e7c2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hq107lztyc6313f5xbav8e7c2|03|net"; nocase; ) # 1j7bqlkfvttdw1vfxap71b039e9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7bqlkfvttdw1vfxap71b039e9|03|biz"; nocase; ) # 1yxb77ys90rcm16ke6t51ufx6u7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yxb77ys90rcm16ke6t51ufx6u7|03|net"; nocase; ) # 16irl3xahauj068onlh17g6s64.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16irl3xahauj068onlh17g6s64|03|org"; nocase; ) # 59pvh51n5maqkapbr5w9246c5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|59pvh51n5maqkapbr5w9246c5|03|biz"; nocase; ) # es4ta7bzbvbnvhmmixijlt1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|es4ta7bzbvbnvhmmixijlt1u|03|org"; nocase; ) # 18tbm2sbhf6el1djtyf01abupa1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tbm2sbhf6el1djtyf01abupa1|03|com"; nocase; ) # swiks51bscc8zfvz4qd1yxo70p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swiks51bscc8zfvz4qd1yxo70p|03|net"; nocase; ) # bolz251iixgld1r44hrstbqri7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bolz251iixgld1r44hrstbqri7|03|net"; nocase; ) # nih5yjvoncrs14ju3c2muzg5a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nih5yjvoncrs14ju3c2muzg5a|03|com"; nocase; ) # vynq5j1mbefovbmpxxtmv4ewp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vynq5j1mbefovbmpxxtmv4ewp|03|net"; nocase; ) # 1qbdpftfwel3b4fhfa01ws54kh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qbdpftfwel3b4fhfa01ws54kh|03|net"; nocase; ) # gkm1zrk16g087oeetl1b53ct0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gkm1zrk16g087oeetl1b53ct0|03|org"; nocase; ) # vbewjeizyoml1pg7pkr16ciqpw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vbewjeizyoml1pg7pkr16ciqpw|03|net"; nocase; ) # rzb5a31jhcf54e7l99nkuhb2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rzb5a31jhcf54e7l99nkuhb2n|03|org"; nocase; ) # 17etom51etju9i1p8phmoe3h2ob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17etom51etju9i1p8phmoe3h2ob|03|biz"; nocase; ) # brctsb1jhqh0u5ck00tnd2h6n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|brctsb1jhqh0u5ck00tnd2h6n|03|com"; nocase; ) # 1p2rcoa1e3n5hk1isal2q1ev0joh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p2rcoa1e3n5hk1isal2q1ev0joh|03|biz"; nocase; ) # 4h1v15shbuzh3zs8bw1s4cnwz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4h1v15shbuzh3zs8bw1s4cnwz|03|com"; nocase; ) # 1ouxs4rj963ixbdc5k21q7eo1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ouxs4rj963ixbdc5k21q7eo1f|03|net"; nocase; ) # 4b4ln8woriad1bl6xvt1j800v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4b4ln8woriad1bl6xvt1j800v|03|com"; nocase; ) # 1gx03u7d6jxyx1if79homvzod9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gx03u7d6jxyx1if79homvzod9|03|com"; nocase; ) # cekb1h1fd3kmekk5v6f1k790km.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cekb1h1fd3kmekk5v6f1k790km|03|net"; nocase; ) # fzi12e1i7aanz1hwj7c1qp6y97.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fzi12e1i7aanz1hwj7c1qp6y97|03|com"; nocase; ) # ediz9517wqlz78numc1wncdoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ediz9517wqlz78numc1wncdoy|03|net"; nocase; ) # 2xxmxj1c2c5bdae6joq19lz1wl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xxmxj1c2c5bdae6joq19lz1wl|03|org"; nocase; ) # l70zr4zoeq2t1hn970i1vace9x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l70zr4zoeq2t1hn970i1vace9x|03|org"; nocase; ) # 1ndsahfcgxxq1lw2b8tamgdt4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ndsahfcgxxq1lw2b8tamgdt4|03|biz"; nocase; ) # b8iqyl1tr98lm1qrqin91w5rrwu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b8iqyl1tr98lm1qrqin91w5rrwu|03|biz"; nocase; ) # 3z9n1mj5tl5mur1ydz90oux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3z9n1mj5tl5mur1ydz90oux|03|com"; nocase; ) # 1ddahxy17t9xqgrhk7qlgyhjdf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ddahxy17t9xqgrhk7qlgyhjdf|03|net"; nocase; ) # 1s5gv4j1jmdldz1ouhroaj4nuu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s5gv4j1jmdldz1ouhroaj4nuu|03|org"; nocase; ) # 1wt5jx51uk1qibne6br91twfl6c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wt5jx51uk1qibne6br91twfl6c|03|com"; nocase; ) # 7ivts71ggu8z1yzvpbw1lcnf1e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ivts71ggu8z1yzvpbw1lcnf1e|03|org"; nocase; ) # xsp34yzt4g4k13y1akd7fpma2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xsp34yzt4g4k13y1akd7fpma2|03|net"; nocase; ) # 121adghjml17j8cspnzec9t8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|121adghjml17j8cspnzec9t8|03|com"; nocase; ) # qtgxs1x7574cd41bbck762i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qtgxs1x7574cd41bbck762i2|03|net"; nocase; ) # 10fghn7v8yt191cuvl12edclb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10fghn7v8yt191cuvl12edclb|03|org"; nocase; ) # hsfyyl1d43wsc1r5jgzo1ytw4lt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hsfyyl1d43wsc1r5jgzo1ytw4lt|03|com"; nocase; ) # tc16camb92m0ls6680io0eys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tc16camb92m0ls6680io0eys|03|net"; nocase; ) # chu5q114jbzxz81le111ulhxl2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chu5q114jbzxz81le111ulhxl2|03|net"; nocase; ) # 159kwu813e4y5m108kzle1gfw9ex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|159kwu813e4y5m108kzle1gfw9ex|03|com"; nocase; ) # 1cartls1p4o1681q9i5ca54148k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cartls1p4o1681q9i5ca54148k|03|org"; nocase; ) # 1rzb0ttl8au9y1jxdop7791l8n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rzb0ttl8au9y1jxdop7791l8n|03|com"; nocase; ) # 16ibmyo1vzsygx1fiagcv73ge0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ibmyo1vzsygx1fiagcv73ge0b|03|net"; nocase; ) # bz6mf511tc2t1i8tfqih7w1gc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bz6mf511tc2t1i8tfqih7w1gc|03|com"; nocase; ) # zx5obi1q2l6y5pgfvrm1sjndfd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zx5obi1q2l6y5pgfvrm1sjndfd|03|biz"; nocase; ) # 4xc1vd1ovu7lc1jytlfv17v51vr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4xc1vd1ovu7lc1jytlfv17v51vr|03|com"; nocase; ) # nq456r7z9fz95onls0ns26jm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nq456r7z9fz95onls0ns26jm|03|net"; nocase; ) # m7zki11mfux2jr0q3oxcwcnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m7zki11mfux2jr0q3oxcwcnk|03|com"; nocase; ) # 1fqtelh12ro6oig0zazqjek23z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fqtelh12ro6oig0zazqjek23z|03|net"; nocase; ) # 1lk9ddc1o4qv2hxsfu386277k1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lk9ddc1o4qv2hxsfu386277k1|03|net"; nocase; ) # lnozczzl3opfxgbwx2prbrd8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lnozczzl3opfxgbwx2prbrd8|03|biz"; nocase; ) # ooc4921w588sq1vxn4i111xxb65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ooc4921w588sq1vxn4i111xxb65|03|org"; nocase; ) # q0q3087bh7uwsl31vu17oaxf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q0q3087bh7uwsl31vu17oaxf6|03|com"; nocase; ) # 1dkt9ftl7seorzajpww1wcu5f1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dkt9ftl7seorzajpww1wcu5f1|03|com"; nocase; ) # 8f0h9f1lyd7rh14fd6fk1i4oljx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8f0h9f1lyd7rh14fd6fk1i4oljx|03|org"; nocase; ) # 6m6dhj1kum8bq1sf0fc71pwpalk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6m6dhj1kum8bq1sf0fc71pwpalk|03|com"; nocase; ) # 1awcr65vt1zzu1lmmhuswwa8p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1awcr65vt1zzu1lmmhuswwa8p|03|biz"; nocase; ) # 1p0v2gc1ckv51bf0taon1fwwna2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0v2gc1ckv51bf0taon1fwwna2|03|com"; nocase; ) # 1o78koi1j054e01by5xehi8zd94.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o78koi1j054e01by5xehi8zd94|03|org"; nocase; ) # uxyiw61wa7c4f1fr77xo18oknp7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uxyiw61wa7c4f1fr77xo18oknp7|03|org"; nocase; ) # 14dzc91a6q3jqc324xdlfjfsl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14dzc91a6q3jqc324xdlfjfsl|03|com"; nocase; ) # 2d8ytr12jr0oc1l3r91t1w45qoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2d8ytr12jr0oc1l3r91t1w45qoo|03|org"; nocase; ) # eldkdsxwhbhk168dtth1kjn4di.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eldkdsxwhbhk168dtth1kjn4di|03|com"; nocase; ) # 1spvlff15x8cyqmc24nz11gvrfu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1spvlff15x8cyqmc24nz11gvrfu|03|net"; nocase; ) # os13px9xlgf8lvw0lm42zzpx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|os13px9xlgf8lvw0lm42zzpx|03|org"; nocase; ) # 1uek0dq9bghm0ihiz5nir8e6z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uek0dq9bghm0ihiz5nir8e6z|03|org"; nocase; ) # z705shc080o7vgd2te16hr4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z705shc080o7vgd2te16hr4u|03|com"; nocase; ) # whrj08x4dyrl1ct4ogm17xtmp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|whrj08x4dyrl1ct4ogm17xtmp6|03|net"; nocase; ) # yn83ye832hm51xcd84wyikf0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yn83ye832hm51xcd84wyikf0c|03|org"; nocase; ) # 1q3uojqiermp1w1ily41ilskhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q3uojqiermp1w1ily41ilskhf|03|com"; nocase; ) # 1fpwjzmdjdm5uk28i971onn6sc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpwjzmdjdm5uk28i971onn6sc|03|org"; nocase; ) # 1jebil1587n3n5t4ivrgyf2jg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jebil1587n3n5t4ivrgyf2jg|03|biz"; nocase; ) # ccpkl1pueey81izd2xx3u2y4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccpkl1pueey81izd2xx3u2y4c|03|net"; nocase; ) # 6ibcgy13ewxqo1k6rskotzw3u2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ibcgy13ewxqo1k6rskotzw3u2|03|net"; nocase; ) # 1p2jqpm1k73036jtrmid11xs87c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p2jqpm1k73036jtrmid11xs87c|03|com"; nocase; ) # fhoxda1h7ujx73mmxre1sjc1st.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fhoxda1h7ujx73mmxre1sjc1st|03|net"; nocase; ) # 1qb4tix48r073bjcn81ibuvim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qb4tix48r073bjcn81ibuvim|03|com"; nocase; ) # 1ukrvu3ln13kskjcpoy66ry7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ukrvu3ln13kskjcpoy66ry7|03|net"; nocase; ) # 76og9r16myi7l136uhrjlknvrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|76og9r16myi7l136uhrjlknvrq|03|net"; nocase; ) # 178aea72dt639zf1uc0kpjd12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|178aea72dt639zf1uc0kpjd12|03|com"; nocase; ) # 1e9ybgr1g3j73l1jvcw6y1i4is0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e9ybgr1g3j73l1jvcw6y1i4is0d|03|org"; nocase; ) # 189xj531exvnyh5eqv641r8cdkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|189xj531exvnyh5eqv641r8cdkr|03|biz"; nocase; ) # oo2xwqqkxx7gqcsrzg5try3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oo2xwqqkxx7gqcsrzg5try3v|03|org"; nocase; ) # 1cdsbl31r4tlfo1764xax1qcmv2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cdsbl31r4tlfo1764xax1qcmv2b|03|net"; nocase; ) # 1fk68or1bagkco1u2yaj3a2y4jo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fk68or1bagkco1u2yaj3a2y4jo|03|net"; nocase; ) # 18z18jbroce8v1lyyc8w1mt045l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18z18jbroce8v1lyyc8w1mt045l|03|com"; nocase; ) # 1yeya9o8lp2qj1yxtldt7gp6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yeya9o8lp2qj1yxtldt7gp6r|03|net"; nocase; ) # qn8cf11gn1hzp1yg7dvc1cqt3y8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qn8cf11gn1hzp1yg7dvc1cqt3y8|03|org"; nocase; ) # 1gjtiuh1ujdqgr1xi9j6zf951tz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gjtiuh1ujdqgr1xi9j6zf951tz|03|net"; nocase; ) # vbaswq1d7fn931j5g8h61xf7iq7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vbaswq1d7fn931j5g8h61xf7iq7|03|net"; nocase; ) # 1ugbbpr1r4lk63w2qowx1sswayi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ugbbpr1r4lk63w2qowx1sswayi|03|biz"; nocase; ) # 4ezmls13n3o8dx5ju7b1rbwtej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4ezmls13n3o8dx5ju7b1rbwtej|03|com"; nocase; ) # jrktz2109v3hkxmpvpu1cp2dbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jrktz2109v3hkxmpvpu1cp2dbo|03|com"; nocase; ) # 3i3wz6f6jk17urk42ioxlfx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3i3wz6f6jk17urk42ioxlfx|03|org"; nocase; ) # p5ab9n1xv3c4w1yj3kvcbxtgow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p5ab9n1xv3c4w1yj3kvcbxtgow|03|biz"; nocase; ) # 1te2mkj1lo6wchk9f76gj9d12b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1te2mkj1lo6wchk9f76gj9d12b|03|com"; nocase; ) # ryws709fosopbvv2ov1mivm3s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ryws709fosopbvv2ov1mivm3s|03|net"; nocase; ) # 13islsi1vakye31x9n6vfjzq5f5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13islsi1vakye31x9n6vfjzq5f5|03|biz"; nocase; ) # 16yjeho5tfeoxhp0v281iovfeu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16yjeho5tfeoxhp0v281iovfeu|03|com"; nocase; ) # 1yythst1rx6ibmoxydrf18m6a8j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yythst1rx6ibmoxydrf18m6a8j|03|com"; nocase; ) # 1y67h7rdtj90y1bq6pwcf1mu8i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y67h7rdtj90y1bq6pwcf1mu8i|03|biz"; nocase; ) # 1la3anw1qhm0mq16csvyo16ehn4y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1la3anw1qhm0mq16csvyo16ehn4y|03|org"; nocase; ) # ynf8aardoctl1sv3y221yznmj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ynf8aardoctl1sv3y221yznmj7|03|net"; nocase; ) # 165g4gn1jivh3ho87i2i1xq4yxo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|165g4gn1jivh3ho87i2i1xq4yxo|03|biz"; nocase; ) # 1q7dwvbaoolkd1qdr8fi1u85lyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q7dwvbaoolkd1qdr8fi1u85lyx|03|net"; nocase; ) # 1q9u2gd1v5iff2pu1y99ltm3sm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q9u2gd1v5iff2pu1y99ltm3sm|03|org"; nocase; ) # 9hz4j31ra9obg170zd2a6c9fa7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9hz4j31ra9obg170zd2a6c9fa7|03|com"; nocase; ) # 7r3pd01jlwfg4e8o03p1rdo3wj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7r3pd01jlwfg4e8o03p1rdo3wj|03|com"; nocase; ) # 1jwpsefsvks0j5omcahmlwi3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jwpsefsvks0j5omcahmlwi3d|03|com"; nocase; ) # 1iqbbwb1nshja0qlk3sry30f47.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iqbbwb1nshja0qlk3sry30f47|03|biz"; nocase; ) # oze96nce0c6h5p0f70rjqwqs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oze96nce0c6h5p0f70rjqwqs|03|biz"; nocase; ) # 14i2jd5wxrddr14cz3o2j3n33a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14i2jd5wxrddr14cz3o2j3n33a|03|org"; nocase; ) # kuwyyjhb5f8z1qt06pg1jvjkcj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kuwyyjhb5f8z1qt06pg1jvjkcj|03|biz"; nocase; ) # zol84jyibmjj189wzszmf4le9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zol84jyibmjj189wzszmf4le9|03|com"; nocase; ) # 1tqv95uj1mxhqv2cjg61msdqxe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqv95uj1mxhqv2cjg61msdqxe|03|net"; nocase; ) # 9ukshb7xlg9f1b7mf9k1tn3dqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ukshb7xlg9f1b7mf9k1tn3dqo|03|biz"; nocase; ) # tqb16pr2d8oy1s68utb173z11x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tqb16pr2d8oy1s68utb173z11x|03|com"; nocase; ) # p0dj2af5c48h1yan0fgdz595q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p0dj2af5c48h1yan0fgdz595q|03|net"; nocase; ) # 11ds7mmohotc4gepzsekxa6jr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11ds7mmohotc4gepzsekxa6jr|03|biz"; nocase; ) # 2h0iy21j7sbzr1a3al0f16exkp1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2h0iy21j7sbzr1a3al0f16exkp1|03|net"; nocase; ) # 1ebe1vb1bm9jcl1wn5dqt13alhxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ebe1vb1bm9jcl1wn5dqt13alhxv|03|biz"; nocase; ) # 179a7k5gp91g71ak5rhr3q5r2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|179a7k5gp91g71ak5rhr3q5r2c|03|com"; nocase; ) # 1mr0pb1s2eb56iu7iqw17s8r0x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mr0pb1s2eb56iu7iqw17s8r0x|03|net"; nocase; ) # 1rkxg7v1yd5ho57pdeoz1m9fy61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkxg7v1yd5ho57pdeoz1m9fy61|03|org"; nocase; ) # 17ttqwi1307ovivux9us106z051.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ttqwi1307ovivux9us106z051|03|net"; nocase; ) # iq1eh1356y3wve0thj1tz4zcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iq1eh1356y3wve0thj1tz4zcc|03|com"; nocase; ) # ycrg19btadgd19qhzfl14fkyzt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycrg19btadgd19qhzfl14fkyzt|03|org"; nocase; ) # 1x2i0emwm5mh1uenaho1md07lc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x2i0emwm5mh1uenaho1md07lc|03|com"; nocase; ) # faq8mu6pe8ct1fkhlka1ki2a65.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|faq8mu6pe8ct1fkhlka1ki2a65|03|net"; nocase; ) # 1fvx7lu1icghlf1euspha1qtp0c5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fvx7lu1icghlf1euspha1qtp0c5|03|net"; nocase; ) # zgbqodzxe250131kbx8172esd1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zgbqodzxe250131kbx8172esd1|03|com"; nocase; ) # 1nqe3vs1e839fp1nhpm9mxt5les.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nqe3vs1e839fp1nhpm9mxt5les|03|biz"; nocase; ) # 9ecoup7knanmum3eanjczlyt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9ecoup7knanmum3eanjczlyt|03|net"; nocase; ) # 1d3axyu12fl0so1pyewqo1bmtv4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d3axyu12fl0so1pyewqo1bmtv4l|03|net"; nocase; ) # 8u5wmo105ldrx1eywuklamx9xp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8u5wmo105ldrx1eywuklamx9xp|03|com"; nocase; ) # lrfx4mb4neg5yt9gy51kx2dhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lrfx4mb4neg5yt9gy51kx2dhc|03|org"; nocase; ) # 1ddalh21xzpoq31xcf7ut1eeyp1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ddalh21xzpoq31xcf7ut1eeyp1|03|org"; nocase; ) # zbt9iz1rodqbk1c3opogstnxzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zbt9iz1rodqbk1c3opogstnxzu|03|net"; nocase; ) # 15fvqxy1rnu3mk122uzkdklzxud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15fvqxy1rnu3mk122uzkdklzxud|03|org"; nocase; ) # 1ivkjyb80mbhxqptur9140stuw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivkjyb80mbhxqptur9140stuw|03|biz"; nocase; ) # e1jxidfhw9m217ag3qb83527k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1jxidfhw9m217ag3qb83527k|03|org"; nocase; ) # ih2ahc1c1g7i81hgtiszmltmw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ih2ahc1c1g7i81hgtiszmltmw|03|org"; nocase; ) # jqpjud1tqyeuju43g3y159qq4e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqpjud1tqyeuju43g3y159qq4e|03|biz"; nocase; ) # 11gywt2y1dbndc70ijm1c9rhme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11gywt2y1dbndc70ijm1c9rhme|03|com"; nocase; ) # fbl26iyizf1k1was4fkuqnbti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fbl26iyizf1k1was4fkuqnbti|03|org"; nocase; ) # 1jvrlcwqs4ujv1dhe5k7b942lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jvrlcwqs4ujv1dhe5k7b942lg|03|net"; nocase; ) # dr1g2l14zh78f3hpmcst0296i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dr1g2l14zh78f3hpmcst0296i|03|net"; nocase; ) # 1xpu3fi1qg1wur128tiil1878v3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xpu3fi1qg1wur128tiil1878v3v|03|net"; nocase; ) # i8jpw7mlxo4f1tyuzfum5fwwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i8jpw7mlxo4f1tyuzfum5fwwi|03|net"; nocase; ) # 1a5gfyl8vbc041vv4lia17nkf28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a5gfyl8vbc041vv4lia17nkf28|03|com"; nocase; ) # 1u0gglppkak6c1ca89i61nd0ur6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u0gglppkak6c1ca89i61nd0ur6|03|org"; nocase; ) # 1pizdtc1sjfxem16sa1uqrtz9ht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pizdtc1sjfxem16sa1uqrtz9ht|03|com"; nocase; ) # 19pijgp38cmrb1ftauab93na5x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19pijgp38cmrb1ftauab93na5x|03|biz"; nocase; ) # 11artenw8jwgucywn0d1wflmig.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11artenw8jwgucywn0d1wflmig|03|org"; nocase; ) # tk7f7ypqz32i1xmir8j1htg8sd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tk7f7ypqz32i1xmir8j1htg8sd|03|org"; nocase; ) # 1diebuu1d4a99i21091f373ct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1diebuu1d4a99i21091f373ct|03|org"; nocase; ) # 8ky4vx1iokjilbmi9u45pl08k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ky4vx1iokjilbmi9u45pl08k|03|net"; nocase; ) # 1y7r1eufr93ii1g00u3jui8u4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y7r1eufr93ii1g00u3jui8u4n|03|org"; nocase; ) # fc3xkrsfizrf1j006vir1t8gt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fc3xkrsfizrf1j006vir1t8gt|03|net"; nocase; ) # 1yvx9dr14l1b952znjj4f8ceou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yvx9dr14l1b952znjj4f8ceou|03|com"; nocase; ) # ti0kik1d7d6wp1myjtedn01f79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ti0kik1d7d6wp1myjtedn01f79|03|net"; nocase; ) # l5z5721iv2e9517m74ch1h62iyu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l5z5721iv2e9517m74ch1h62iyu|03|biz"; nocase; ) # lfitmv43qslrbro7mvlv52vk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lfitmv43qslrbro7mvlv52vk|03|com"; nocase; ) # kjtl2wyondsp4hj3niocyoqb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kjtl2wyondsp4hj3niocyoqb|03|com"; nocase; ) # 12mdsl7aas4el15fe5hfa89i5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12mdsl7aas4el15fe5hfa89i5t|03|com"; nocase; ) # hp9k63mpo9w8p91txx27mell.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hp9k63mpo9w8p91txx27mell|03|org"; nocase; ) # xzynsmptxecb11cka9aeku686.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzynsmptxecb11cka9aeku686|03|biz"; nocase; ) # fn0r04w2wlaprlzr3asbu8w6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fn0r04w2wlaprlzr3asbu8w6|03|com"; nocase; ) # 1in3l26izk0a1gugx8lpxoy4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1in3l26izk0a1gugx8lpxoy4p|03|org"; nocase; ) # 1kvjbyozyhxrc7sm173dtca7x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kvjbyozyhxrc7sm173dtca7x|03|net"; nocase; ) # 1erkutvgzhd731gg75ge129auql.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1erkutvgzhd731gg75ge129auql|03|biz"; nocase; ) # 119n1oh1eflzbh9acwlv1qcz8qx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|119n1oh1eflzbh9acwlv1qcz8qx|03|com"; nocase; ) # 7i0ftj12p8c4j1ndntrt1fu2it.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7i0ftj12p8c4j1ndntrt1fu2it|03|org"; nocase; ) # 1i7x2p0ml2qgwz60pjvc2fyoh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i7x2p0ml2qgwz60pjvc2fyoh|03|org"; nocase; ) # vs5ln01yj2c407h69wz1tdddbn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vs5ln01yj2c407h69wz1tdddbn|03|org"; nocase; ) # 1g9q2c87hroie14uu60iqpdw7s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9q2c87hroie14uu60iqpdw7s|03|biz"; nocase; ) # 198qt0v19r93zdv699e0140w6nc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|198qt0v19r93zdv699e0140w6nc|03|net"; nocase; ) # yp52i116v2u6v1xx7thc166mur7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yp52i116v2u6v1xx7thc166mur7|03|com"; nocase; ) # 17fqcjwcagelr18ils1e1it4tmn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17fqcjwcagelr18ils1e1it4tmn|03|net"; nocase; ) # qhrawc125pgb416khfz01jjlub7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qhrawc125pgb416khfz01jjlub7|03|biz"; nocase; ) # 4fa4jx9uh101ssowar9lvm5n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4fa4jx9uh101ssowar9lvm5n|03|org"; nocase; ) # 5zik0b13dfu6e1sf6apwgoa195.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5zik0b13dfu6e1sf6apwgoa195|03|com"; nocase; ) # 1xl3aezeqjoz41i89ffs1347v6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xl3aezeqjoz41i89ffs1347v6v|03|com"; nocase; ) # 317poh1ghoabzbrzrjuh4d7tn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|317poh1ghoabzbrzrjuh4d7tn|03|org"; nocase; ) # y127bwwl3jl11avg2t3ybrdki.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y127bwwl3jl11avg2t3ybrdki|03|org"; nocase; ) # 7s95cds65euv1ebrvohg5ys9h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7s95cds65euv1ebrvohg5ys9h|03|biz"; nocase; ) # wtbromrnq2he2olz9o1q12tz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wtbromrnq2he2olz9o1q12tz9|03|com"; nocase; ) # 1bhadugvfj0tt6ck70n5eq7c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bhadugvfj0tt6ck70n5eq7c|03|biz"; nocase; ) # gp4n5ray0r7yfij32s7xbd7f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gp4n5ray0r7yfij32s7xbd7f|03|com"; nocase; ) # rgzn7q1azj3cw13p1jiy1nrbx6l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rgzn7q1azj3cw13p1jiy1nrbx6l|03|com"; nocase; ) # hqptbd2upz5ilv5v331soexc4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hqptbd2upz5ilv5v331soexc4|03|org"; nocase; ) # 1pf3del1rziboi4e8jisyxxj9w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pf3del1rziboi4e8jisyxxj9w|03|net"; nocase; ) # hhetaj1ial4jgdzwj851lv8ggl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhetaj1ial4jgdzwj851lv8ggl|03|com"; nocase; ) # 1beslr813vumgj1ua8bi410uo2ym.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1beslr813vumgj1ua8bi410uo2ym|03|net"; nocase; ) # 1kehdva1yhgvpz1af6jwn51rejn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kehdva1yhgvpz1af6jwn51rejn|03|net"; nocase; ) # gi2ldphq5kxdjeadl690er0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gi2ldphq5kxdjeadl690er0|03|com"; nocase; ) # 562gfmo3ecfn134qh6cenu84a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|562gfmo3ecfn134qh6cenu84a|03|net"; nocase; ) # 143kx3r141hb3k1009i461v7xlr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|143kx3r141hb3k1009i461v7xlr1|03|com"; nocase; ) # 1uu2yz91ankwda1g1eg4dp9dpmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uu2yz91ankwda1g1eg4dp9dpmn|03|org"; nocase; ) # pkkgm21vk2cp6btung9107fxn8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pkkgm21vk2cp6btung9107fxn8|03|net"; nocase; ) # w1mw0rwbjdp18h4vh5sr2f6f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w1mw0rwbjdp18h4vh5sr2f6f|03|biz"; nocase; ) # 6omzkvdq99c84pxs3ngconjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6omzkvdq99c84pxs3ngconjq|03|net"; nocase; ) # 5za08cc61c4mklmxeqqsh1sn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5za08cc61c4mklmxeqqsh1sn|03|com"; nocase; ) # 39ceko1dzwxpjvy4uvz1vfy8dx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|39ceko1dzwxpjvy4uvz1vfy8dx|03|net"; nocase; ) # 14mitkk8ok6l71c2y1q51kt4ech.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14mitkk8ok6l71c2y1q51kt4ech|03|net"; nocase; ) # egrh2y12jipq71h4z82dgaohd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|egrh2y12jipq71h4z82dgaohd2|03|biz"; nocase; ) # 10heiz31qs7t5015u7w08kf4ac8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10heiz31qs7t5015u7w08kf4ac8|03|org"; nocase; ) # hqyv96x8ixcri4z0n4c9qhiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hqyv96x8ixcri4z0n4c9qhiy|03|com"; nocase; ) # 9p1ejzfthshe1u9hn9dgh6gdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9p1ejzfthshe1u9hn9dgh6gdi|03|net"; nocase; ) # 8hi36n1q31wnbeoll37oj6tmo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8hi36n1q31wnbeoll37oj6tmo|03|org"; nocase; ) # nrxsq313csqjx1hfo5ta83sc9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nrxsq313csqjx1hfo5ta83sc9g|03|org"; nocase; ) # 1k3s16u1torbsh1gaadau102mlbk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k3s16u1torbsh1gaadau102mlbk|03|net"; nocase; ) # 11bdwv91utwmtfo50yqlh2wf1i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11bdwv91utwmtfo50yqlh2wf1i|03|biz"; nocase; ) # 1lslk5xzxm2bt1s19iv81tixh8u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lslk5xzxm2bt1s19iv81tixh8u|03|org"; nocase; ) # 18wokx8owkrq7n5x2ch15df5ot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18wokx8owkrq7n5x2ch15df5ot|03|net"; nocase; ) # 1fxdncb5en0v158sk8x1xa30qz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fxdncb5en0v158sk8x1xa30qz|03|biz"; nocase; ) # 57xjz31g6sp8d15f3k5y1enby1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|57xjz31g6sp8d15f3k5y1enby1q|03|net"; nocase; ) # u5rq3l1uhi46a19pzwstrjneks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u5rq3l1uhi46a19pzwstrjneks|03|biz"; nocase; ) # 1heful1ueg9slgxw20o1g95j1b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1heful1ueg9slgxw20o1g95j1b|03|net"; nocase; ) # mtsfgc1iweic6jso9totk0rmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mtsfgc1iweic6jso9totk0rmj|03|net"; nocase; ) # 1vg3vs21gcjzvi12hw8gt123j9wv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vg3vs21gcjzvi12hw8gt123j9wv|03|net"; nocase; ) # 69xuvq134670lxvykpo11c2utw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|69xuvq134670lxvykpo11c2utw|03|com"; nocase; ) # 1ha9ioh1c0zypvxzs6xn1qqa6ko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ha9ioh1c0zypvxzs6xn1qqa6ko|03|net"; nocase; ) # 1jc93bh1nlhv89irdp3h1tpphsj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jc93bh1nlhv89irdp3h1tpphsj|03|biz"; nocase; ) # lbx6d71hopjd8idbtug16jt48.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lbx6d71hopjd8idbtug16jt48|03|org"; nocase; ) # 1grntz21qum1rn1xoy6xqmkfmw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grntz21qum1rn1xoy6xqmkfmw9|03|net"; nocase; ) # 8euozk1clfrr21qwx4lo12l9cpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8euozk1clfrr21qwx4lo12l9cpm|03|net"; nocase; ) # swxs3a13cb2jy1063n2c6xf6d2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swxs3a13cb2jy1063n2c6xf6d2|03|com"; nocase; ) # 1h5xn39m75dswmbioqi1pbcfqp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h5xn39m75dswmbioqi1pbcfqp|03|net"; nocase; ) # nrfolo14xwh6o1vcpfvh1nvubhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nrfolo14xwh6o1vcpfvh1nvubhf|03|com"; nocase; ) # 1ylnlf7pg1hu61h81j66qd64u7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ylnlf7pg1hu61h81j66qd64u7|03|net"; nocase; ) # miifok1bvvhyk2z2gba1g9fw5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|miifok1bvvhyk2z2gba1g9fw5z|03|com"; nocase; ) # u319qq6d6tsy1nrlm1r1jwytxn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u319qq6d6tsy1nrlm1r1jwytxn|03|org"; nocase; ) # 1kjjc9u9xlfbvxt5s4wejkro5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kjjc9u9xlfbvxt5s4wejkro5|03|net"; nocase; ) # 13cijz81dezshig3a61x1c5ypb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13cijz81dezshig3a61x1c5ypb4|03|net"; nocase; ) # klgszhysih551d0gyhe1q43pqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|klgszhysih551d0gyhe1q43pqc|03|net"; nocase; ) # 1bcz6331k1uetaniopnp17av7z4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bcz6331k1uetaniopnp17av7z4|03|net"; nocase; ) # 8pob261kgknxt14c019w1k4wdtf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8pob261kgknxt14c019w1k4wdtf|03|org"; nocase; ) # 17pvzhvwci84qajn0cz1ql7skk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17pvzhvwci84qajn0cz1ql7skk|03|com"; nocase; ) # jaga8q4zvii42t2artx64owd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jaga8q4zvii42t2artx64owd|03|org"; nocase; ) # ygt20ckt323sg5a01r1pbcgtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ygt20ckt323sg5a01r1pbcgtf|03|net"; nocase; ) # 13bwfd6eg9nmi16rwdqnn1regi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13bwfd6eg9nmi16rwdqnn1regi|03|biz"; nocase; ) # 2qz9g318bbk5mpekeasw1ojiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qz9g318bbk5mpekeasw1ojiw|03|com"; nocase; ) # n8fhg89ggilu15a42rd1519dxk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n8fhg89ggilu15a42rd1519dxk|03|org"; nocase; ) # 9faiyapi8lyeota6pd43keoj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9faiyapi8lyeota6pd43keoj|03|net"; nocase; ) # j58d851c73cx21x1o3rr1jrvl4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j58d851c73cx21x1o3rr1jrvl4q|03|biz"; nocase; ) # g4r6ipiuj0cg7irwif1fc8lv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g4r6ipiuj0cg7irwif1fc8lv3|03|net"; nocase; ) # 1fn8mpd2v20zqbyqhifytrl5g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fn8mpd2v20zqbyqhifytrl5g|03|org"; nocase; ) # 16bircm1uyx8x0fjykih1deg436.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16bircm1uyx8x0fjykih1deg436|03|org"; nocase; ) # 1yfvzkbncq6mw16ziiicnmvo5u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yfvzkbncq6mw16ziiicnmvo5u|03|biz"; nocase; ) # hrq1oo1m8kzuafjy20w1uabo4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hrq1oo1m8kzuafjy20w1uabo4t|03|net"; nocase; ) # 1icre0r1kllgdq1cj8n7ijvybc0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1icre0r1kllgdq1cj8n7ijvybc0|03|org"; nocase; ) # hg5cvv1t69eqv1a8yqixbds4mj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hg5cvv1t69eqv1a8yqixbds4mj|03|biz"; nocase; ) # mbdzy5aarfmdhq7z1n1cga9ci.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mbdzy5aarfmdhq7z1n1cga9ci|03|biz"; nocase; ) # 19k69nfghfc61qmkjke10gsu8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19k69nfghfc61qmkjke10gsu8d|03|com"; nocase; ) # 1dzpv7shputx8122axka1xmddrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dzpv7shputx8122axka1xmddrb|03|com"; nocase; ) # 1oqgy5x1b3n5hx1jol9d5glk26s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oqgy5x1b3n5hx1jol9d5glk26s|03|net"; nocase; ) # cbtrk727rft01doel2f51qib9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cbtrk727rft01doel2f51qib9|03|net"; nocase; ) # 1yzol6x1puj2wqcot1w51glgtdt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yzol6x1puj2wqcot1w51glgtdt|03|net"; nocase; ) # 5l6rtqwnii6chodng5lgl1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5l6rtqwnii6chodng5lgl1n|03|net"; nocase; ) # 18xxvq97alfok5gv914ha3lyi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18xxvq97alfok5gv914ha3lyi|03|biz"; nocase; ) # 1bpz8wm11tyght1l636m9safrj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpz8wm11tyght1l636m9safrj|03|org"; nocase; ) # eqnupf1njpm9n1xmrfmz174b1kp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eqnupf1njpm9n1xmrfmz174b1kp|03|org"; nocase; ) # 1hb9cgwho9np97jrmps5isf3g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hb9cgwho9np97jrmps5isf3g|03|biz"; nocase; ) # 28z5sug4kyzhz0igwk7ruzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|28z5sug4kyzhz0igwk7ruzw|03|com"; nocase; ) # tii95o1gnf3d61rbuxf4s3ubbf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tii95o1gnf3d61rbuxf4s3ubbf|03|biz"; nocase; ) # hfmcv968fxi31u7v7zb1k92fcz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfmcv968fxi31u7v7zb1k92fcz|03|org"; nocase; ) # 1qran3k18zwhyx1r3nfpadsqkdj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qran3k18zwhyx1r3nfpadsqkdj|03|biz"; nocase; ) # 1fk5s62uc6rua15myjgumsmt8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fk5s62uc6rua15myjgumsmt8n|03|net"; nocase; ) # 1dzl9guwc0z6e1nz0z22160j6eu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dzl9guwc0z6e1nz0z22160j6eu|03|com"; nocase; ) # 1ughfzp1fmsk9r1a79ddu1d0nmja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ughfzp1fmsk9r1a79ddu1d0nmja|03|biz"; nocase; ) # 126xesutmuq92tkscg9dugsk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|126xesutmuq92tkscg9dugsk6|03|net"; nocase; ) # 1vah7ez4dgmdy1af7hby19caqgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vah7ez4dgmdy1af7hby19caqgo|03|net"; nocase; ) # 14jrhu1h0jkiw1mkezigdspri3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14jrhu1h0jkiw1mkezigdspri3|03|com"; nocase; ) # 12uncgw1pyoux51tkw9kq1mkion6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12uncgw1pyoux51tkw9kq1mkion6|03|org"; nocase; ) # 1cu7i475bwtha127tg7917m7gn6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cu7i475bwtha127tg7917m7gn6|03|net"; nocase; ) # vje31sf5mtrj3ug9gb1nw7mj9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vje31sf5mtrj3ug9gb1nw7mj9|03|org"; nocase; ) # dxbzo8c80zqhlx5jmnnqufcw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dxbzo8c80zqhlx5jmnnqufcw|03|net"; nocase; ) # 16p5k9xhafnenlpopd868cksh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16p5k9xhafnenlpopd868cksh|03|net"; nocase; ) # b379d012pwtsk1bjzij76rsimq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b379d012pwtsk1bjzij76rsimq|03|org"; nocase; ) # u2uphx1asp0i31yash9q1hwi7rv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u2uphx1asp0i31yash9q1hwi7rv|03|biz"; nocase; ) # xrodmssh1nyf1egzzsr48u7y3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xrodmssh1nyf1egzzsr48u7y3|03|net"; nocase; ) # 1tmqv9jwuvdrld4je3k1sc1cb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tmqv9jwuvdrld4je3k1sc1cb9|03|net"; nocase; ) # ffv5f6q5eyjcklgz8qw69881.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ffv5f6q5eyjcklgz8qw69881|03|com"; nocase; ) # 1p8wzsgwe0k03193291n1g4ozws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p8wzsgwe0k03193291n1g4ozws|03|com"; nocase; ) # ou2xsa1t8ckuf1kr7xw1y92jsz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ou2xsa1t8ckuf1kr7xw1y92jsz|03|org"; nocase; ) # icl7vd17kk2jcn01n5v158tj4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|icl7vd17kk2jcn01n5v158tj4s|03|net"; nocase; ) # inh0av1ic36pz1s7ko9e6lrghd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|inh0av1ic36pz1s7ko9e6lrghd|03|com"; nocase; ) # 11urbdjzsdy811bh3s1fyugmyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11urbdjzsdy811bh3s1fyugmyq|03|com"; nocase; ) # 1yvyh4um9erkw1ydicnl1lz4z0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yvyh4um9erkw1ydicnl1lz4z0k|03|org"; nocase; ) # 15rzc1k1kue4am1ouy0jh1p0sagc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15rzc1k1kue4am1ouy0jh1p0sagc|03|net"; nocase; ) # 2o5wkxvpustkmx762n11v7i2i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2o5wkxvpustkmx762n11v7i2i|03|biz"; nocase; ) # 147wyv9752hen1yymdox6kx8cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|147wyv9752hen1yymdox6kx8cj|03|net"; nocase; ) # ohrunm1ranpq4knpmv0ztqeg4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ohrunm1ranpq4knpmv0ztqeg4|03|org"; nocase; ) # 1rja5t7sfw0dl1wig89esqplor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rja5t7sfw0dl1wig89esqplor|03|com"; nocase; ) # lq3bs5182stnb5n1adhmp502t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lq3bs5182stnb5n1adhmp502t|03|org"; nocase; ) # 1nuom5le6626fuo2l1i606dyq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nuom5le6626fuo2l1i606dyq|03|net"; nocase; ) # 1tt7fpw37rh441cdu527ug6u0j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tt7fpw37rh441cdu527ug6u0j|03|net"; nocase; ) # czfrsb1q3viu0pjxf5r1900fo5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|czfrsb1q3viu0pjxf5r1900fo5|03|com"; nocase; ) # 8md65b1twgbmoukrqbpid5u8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8md65b1twgbmoukrqbpid5u8|03|net"; nocase; ) # 11yi4ksenzaght3hwopduxmi5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11yi4ksenzaght3hwopduxmi5|03|com"; nocase; ) # 9xo64s17dsdhq1unuqoo1fizwl9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9xo64s17dsdhq1unuqoo1fizwl9|03|org"; nocase; ) # 12z3yqt115av6cylqk2ipmfjm5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12z3yqt115av6cylqk2ipmfjm5|03|biz"; nocase; ) # 1fb39gtvp7gyy1sz6b4h16zcd9j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fb39gtvp7gyy1sz6b4h16zcd9j|03|com"; nocase; ) # 2oe2r7ye98u8bxl2m811kirax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2oe2r7ye98u8bxl2m811kirax|03|net"; nocase; ) # j76tvp7e9swk1icb0tzrpcksu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j76tvp7e9swk1icb0tzrpcksu|03|net"; nocase; ) # 1sqjkus1ueo5q9qdh0u1fw2nor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sqjkus1ueo5q9qdh0u1fw2nor|03|biz"; nocase; ) # 1454xrfuu52h71mchn3byyah8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1454xrfuu52h71mchn3byyah8i|03|org"; nocase; ) # t2wgbbp2zg4f47bcyz1gtd9zq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t2wgbbp2zg4f47bcyz1gtd9zq|03|com"; nocase; ) # 1ayh6iu1pr4uuo87c6i2gm6bbb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ayh6iu1pr4uuo87c6i2gm6bbb|03|net"; nocase; ) # 1ohw698ze5y10lcng701n31vkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ohw698ze5y10lcng701n31vkt|03|com"; nocase; ) # 1x8ra5zovh92r74g3tvqtw1pj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x8ra5zovh92r74g3tvqtw1pj|03|biz"; nocase; ) # l6zclx1m9u1htm2vk4o1vvf4fx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l6zclx1m9u1htm2vk4o1vvf4fx|03|com"; nocase; ) # n7qwsdsgvi7b11m2v1015eszco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n7qwsdsgvi7b11m2v1015eszco|03|org"; nocase; ) # 1sltiwj1yutoni2nb17i1vgro0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sltiwj1yutoni2nb17i1vgro0x|03|org"; nocase; ) # 3de27s1xrfgv81u077k31w9kj14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3de27s1xrfgv81u077k31w9kj14|03|org"; nocase; ) # 156ypt6x15tcd1s1mamt1484upk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|156ypt6x15tcd1s1mamt1484upk|03|net"; nocase; ) # 7k6lra1tlrp611x38q3c17sqhqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7k6lra1tlrp611x38q3c17sqhqq|03|net"; nocase; ) # 1uwjdaasnv3yi10yxnnovonlu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwjdaasnv3yi10yxnnovonlu4|03|com"; nocase; ) # 40g4221jk1wd1pmakpefsonxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|40g4221jk1wd1pmakpefsonxq|03|net"; nocase; ) # 1ieqyxdj11e2y113rh4lmfnqr4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ieqyxdj11e2y113rh4lmfnqr4|03|com"; nocase; ) # eh6f051v66jj41usafvon0fcsj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eh6f051v66jj41usafvon0fcsj|03|org"; nocase; ) # 19f1ycq1phpjh6de394bcptmq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19f1ycq1phpjh6de394bcptmq|03|com"; nocase; ) # lh3hx51pkecqz1wt5aie1sn14ph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lh3hx51pkecqz1wt5aie1sn14ph|03|org"; nocase; ) # 1ig0jhmvbewsp1ibpo9y1l7k3o7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ig0jhmvbewsp1ibpo9y1l7k3o7|03|com"; nocase; ) # 1ame0tu1guoo3fyjn0zv1mg1067.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ame0tu1guoo3fyjn0zv1mg1067|03|org"; nocase; ) # osj49n6f20s7hwrcibk5kej1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|osj49n6f20s7hwrcibk5kej1|03|org"; nocase; ) # k0ii73pdtep14aka3p19ipgfz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k0ii73pdtep14aka3p19ipgfz|03|biz"; nocase; ) # xz1634wy72mutbwx8l1gcity2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xz1634wy72mutbwx8l1gcity2|03|org"; nocase; ) # kwuwfzb9xy69o6ofq31vvyj19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kwuwfzb9xy69o6ofq31vvyj19|03|com"; nocase; ) # 1wvyw51xx0347gczryw1mvwdfz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvyw51xx0347gczryw1mvwdfz|03|biz"; nocase; ) # 11cc5uuoecm6c1tst21s18u72ww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11cc5uuoecm6c1tst21s18u72ww|03|net"; nocase; ) # z86avsbp2ytg1x8vtja1uh4s1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z86avsbp2ytg1x8vtja1uh4s1v|03|com"; nocase; ) # 6llvq4adxtr1hj70401ju7g2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6llvq4adxtr1hj70401ju7g2z|03|com"; nocase; ) # 1ulr8k1ym1njf1cn555r1pyaqd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ulr8k1ym1njf1cn555r1pyaqd|03|net"; nocase; ) # 1pig4s81ij7u931ibpsm7fgt7nk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pig4s81ij7u931ibpsm7fgt7nk|03|com"; nocase; ) # 1mk51n91o1smgv9a393onkfgod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mk51n91o1smgv9a393onkfgod|03|com"; nocase; ) # 7462lp1rg3ba4stqe7186mdf9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7462lp1rg3ba4stqe7186mdf9|03|org"; nocase; ) # xwal2zdv2toy15l6mtr16bwljd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwal2zdv2toy15l6mtr16bwljd|03|biz"; nocase; ) # 7y9k711lo7uflkt1v2x4un0qh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7y9k711lo7uflkt1v2x4un0qh|03|org"; nocase; ) # 16i866rjjkihbovz9racqwqug.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16i866rjjkihbovz9racqwqug|03|org"; nocase; ) # 13ai4rk39yc1edgao7nd22xan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ai4rk39yc1edgao7nd22xan|03|net"; nocase; ) # 1iq9c7i1k69rkk1uykz8zzos0ci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iq9c7i1k69rkk1uykz8zzos0ci|03|com"; nocase; ) # 13q0yjp1w7cbkcpu67og1mma3i4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13q0yjp1w7cbkcpu67og1mma3i4|03|com"; nocase; ) # rguz111o8zvy43nj2xm2gd8ii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rguz111o8zvy43nj2xm2gd8ii|03|org"; nocase; ) # s5h3ce1y7ti3614p0isn1c4u09h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s5h3ce1y7ti3614p0isn1c4u09h|03|net"; nocase; ) # 7eu9411ku1tbfsvlgkm28z4bc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7eu9411ku1tbfsvlgkm28z4bc|03|biz"; nocase; ) # f3n9e4m9xylja6h019pmgxqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f3n9e4m9xylja6h019pmgxqq|03|org"; nocase; ) # ajzwzz1bpnifa10tp3fw1ieasir.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ajzwzz1bpnifa10tp3fw1ieasir|03|net"; nocase; ) # is92dz1h7sj2g1yidaxnz59bxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|is92dz1h7sj2g1yidaxnz59bxe|03|org"; nocase; ) # 1dycp3xtbnhk317xuwixwbdj1u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dycp3xtbnhk317xuwixwbdj1u|03|net"; nocase; ) # 1ugus313iehoz1w9vvfzqt77z3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ugus313iehoz1w9vvfzqt77z3|03|com"; nocase; ) # 1euud5k16h71fh10j1bb4rnav9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1euud5k16h71fh10j1bb4rnav9e|03|org"; nocase; ) # 1clc6vc8lh6g01qlvrol11598qv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1clc6vc8lh6g01qlvrol11598qv|03|org"; nocase; ) # 6u739m1phmgo813mvavlxgjuqu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6u739m1phmgo813mvavlxgjuqu|03|net"; nocase; ) # 1sadqopoh5wa1ijudyc1bam2wi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sadqopoh5wa1ijudyc1bam2wi|03|com"; nocase; ) # td63efp453ab1fme3yw16c3ces.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|td63efp453ab1fme3yw16c3ces|03|net"; nocase; ) # k81t75l2ge8517asmznomhjvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k81t75l2ge8517asmznomhjvc|03|biz"; nocase; ) # otqq0y1ojmnfwy3fnse3wsuep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|otqq0y1ojmnfwy3fnse3wsuep|03|biz"; nocase; ) # nuo39z16uru201gr9nvkhv3kyg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nuo39z16uru201gr9nvkhv3kyg|03|org"; nocase; ) # 2zlbh81lipb8j124hrk6iwqvg4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zlbh81lipb8j124hrk6iwqvg4|03|net"; nocase; ) # 6sm66qmbieky1iui3ct9fk9dc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sm66qmbieky1iui3ct9fk9dc|03|biz"; nocase; ) # v9zrzv1i6ozs01fcg4jwxe7lx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9zrzv1i6ozs01fcg4jwxe7lx4|03|net"; nocase; ) # 3oita0bk9saib14dwl1rg5fmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3oita0bk9saib14dwl1rg5fmh|03|com"; nocase; ) # v6zot81n5ld43jtjmd21nvr587.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v6zot81n5ld43jtjmd21nvr587|03|net"; nocase; ) # 1ebjhgtxflk9b175xme4rhnsuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ebjhgtxflk9b175xme4rhnsuq|03|org"; nocase; ) # 1wxrh131ueo0ce1uuyvc81xz2iza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wxrh131ueo0ce1uuyvc81xz2iza|03|com"; nocase; ) # 1oehbq119vq38nvkyb8qjhxjzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oehbq119vq38nvkyb8qjhxjzk|03|net"; nocase; ) # 1i2wl7a51h0bt1hpy9wmd63ary.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i2wl7a51h0bt1hpy9wmd63ary|03|net"; nocase; ) # 1dxgrit132yg9gm7or9g2hv2p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dxgrit132yg9gm7or9g2hv2p|03|net"; nocase; ) # 1sgse981qxo71wr9evd213xq4gm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sgse981qxo71wr9evd213xq4gm|03|net"; nocase; ) # ssgyb8qbiht41xebzykndv3qv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ssgyb8qbiht41xebzykndv3qv|03|org"; nocase; ) # a40nt81p3u4su1lxrknl1r3ljk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a40nt81p3u4su1lxrknl1r3ljk6|03|net"; nocase; ) # l8fdma1odu7641fibw1ueo2r5s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l8fdma1odu7641fibw1ueo2r5s|03|net"; nocase; ) # 1mqgidhf1nfot1u8mbq6eer9k9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqgidhf1nfot1u8mbq6eer9k9|03|org"; nocase; ) # 13jjziz1q5pzr5lvnb191qonftn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13jjziz1q5pzr5lvnb191qonftn|03|net"; nocase; ) # 1lixzeh1ksqpqe117tvwe1dtieg9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lixzeh1ksqpqe117tvwe1dtieg9|03|com"; nocase; ) # 15o049l1bed9wxrjt2v75p20fp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15o049l1bed9wxrjt2v75p20fp|03|net"; nocase; ) # bs0j901mn4cpu1ghe05624z5pv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bs0j901mn4cpu1ghe05624z5pv|03|org"; nocase; ) # 94kl2i1tisum448zeqj6rjra9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94kl2i1tisum448zeqj6rjra9|03|net"; nocase; ) # 4kmn8suoa9p518v35pi1uqj5ui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4kmn8suoa9p518v35pi1uqj5ui|03|com"; nocase; ) # 16hlmpuyg23vo5pxgzghmffg5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16hlmpuyg23vo5pxgzghmffg5|03|org"; nocase; ) # eej3xmantjth1ycq0bmr6sqes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eej3xmantjth1ycq0bmr6sqes|03|com"; nocase; ) # 1qg2d7ii9p5rw1cagdj8b8tqfl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qg2d7ii9p5rw1cagdj8b8tqfl|03|net"; nocase; ) # syidnnf70zox14dki6m1v6pp1l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|syidnnf70zox14dki6m1v6pp1l|03|biz"; nocase; ) # 1queubpfbtueni3f8go91y3p0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1queubpfbtueni3f8go91y3p0|03|com"; nocase; ) # 12028mjf6pg28qmxy41wm0y96.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12028mjf6pg28qmxy41wm0y96|03|net"; nocase; ) # 1wdnlqtm7ugglw8g1t1u0r21k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wdnlqtm7ugglw8g1t1u0r21k|03|com"; nocase; ) # a46sgy1hxgs27la0bdbbhtvc6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a46sgy1hxgs27la0bdbbhtvc6|03|biz"; nocase; ) # 1t2a887tveml67vfgvjjm87j6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1t2a887tveml67vfgvjjm87j6|03|biz"; nocase; ) # 1iezwrm1wa3lai1a02io51ttn5lz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iezwrm1wa3lai1a02io51ttn5lz|03|net"; nocase; ) # 1v1twyo1bahwl1ftixjnuk6esv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v1twyo1bahwl1ftixjnuk6esv|03|com"; nocase; ) # mlotj7r1o0pbm6hgvu1r9tbgk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mlotj7r1o0pbm6hgvu1r9tbgk|03|net"; nocase; ) # z9zda712bpaic1asl1hg716va.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z9zda712bpaic1asl1hg716va|03|net"; nocase; ) # 1yslqwo1bd2uibmel0k8kgxszq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yslqwo1bd2uibmel0k8kgxszq|03|org"; nocase; ) # 14dz0xpn1ol3a1pniod61euc8kp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14dz0xpn1ol3a1pniod61euc8kp|03|org"; nocase; ) # 14hcr1lbw26jyy3adk61gtkj18.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14hcr1lbw26jyy3adk61gtkj18|03|net"; nocase; ) # u5jmuuklw7731hrk6gl14gi5b0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u5jmuuklw7731hrk6gl14gi5b0|03|com"; nocase; ) # qoeint1omdda71c2os2i1wq0d53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qoeint1omdda71c2os2i1wq0d53|03|net"; nocase; ) # 6kyfmp3j5vq01a4vyfy1b7y7i9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6kyfmp3j5vq01a4vyfy1b7y7i9|03|org"; nocase; ) # 1qpn4ipsiqqutl8tqpx7uxtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1qpn4ipsiqqutl8tqpx7uxtm|03|net"; nocase; ) # r3imbn1d4oqs516lwtcrzz4blu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r3imbn1d4oqs516lwtcrzz4blu|03|com"; nocase; ) # 47q4zd1efgeii2ycb91291mwc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|47q4zd1efgeii2ycb91291mwc|03|biz"; nocase; ) # 1rl64nk1srxitu6wsrvq43rxqm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rl64nk1srxitu6wsrvq43rxqm|03|biz"; nocase; ) # 9gjzzilnnzsvwdoq1l1kvjofp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9gjzzilnnzsvwdoq1l1kvjofp|03|org"; nocase; ) # i1koycqu21m81k5jc5lofhu1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i1koycqu21m81k5jc5lofhu1a|03|com"; nocase; ) # gtip87oeglrgqiqi1haooin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gtip87oeglrgqiqi1haooin|03|net"; nocase; ) # 5duhuu97u0nh1yt2lp612ihz44.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5duhuu97u0nh1yt2lp612ihz44|03|net"; nocase; ) # 16l61w81r1sd7m1hbqe6p1q9z44g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16l61w81r1sd7m1hbqe6p1q9z44g|03|net"; nocase; ) # kvjiufc7m89d184f2s1tkiyoz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kvjiufc7m89d184f2s1tkiyoz|03|com"; nocase; ) # beyhqqduzo1k1tz2acagwmx68.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|beyhqqduzo1k1tz2acagwmx68|03|biz"; nocase; ) # 1fdc6ibf09g5pbd4mkc1d3fsx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fdc6ibf09g5pbd4mkc1d3fsx|03|com"; nocase; ) # 1u77c6j1yon8kv7cf5sasjfrdh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u77c6j1yon8kv7cf5sasjfrdh|03|net"; nocase; ) # 1vnm1iqyxkuyl1b33e1l17ujgw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vnm1iqyxkuyl1b33e1l17ujgw|03|biz"; nocase; ) # 1nau6k4xgibn112unutbugdige.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nau6k4xgibn112unutbugdige|03|com"; nocase; ) # 1fph4ljxurjloc4ejf017dy5xd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fph4ljxurjloc4ejf017dy5xd|03|net"; nocase; ) # 10wdrkfi3hl945zcrgn13ygqzc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10wdrkfi3hl945zcrgn13ygqzc|03|net"; nocase; ) # 1dg4nytybjcim1qb3cl7y1o0ex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dg4nytybjcim1qb3cl7y1o0ex|03|com"; nocase; ) # 176rjyx169klcw5brsxy1657hg8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|176rjyx169klcw5brsxy1657hg8|03|biz"; nocase; ) # jj3uza1nknkvzc3ho031lsdh30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jj3uza1nknkvzc3ho031lsdh30|03|com"; nocase; ) # u42jvvi60iej14yjk3m19pkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u42jvvi60iej14yjk3m19pkf|03|org"; nocase; ) # 1q2mhp31d556xc190pyc51pmmgvk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q2mhp31d556xc190pyc51pmmgvk|03|org"; nocase; ) # 1yg6boj7xwfjj1119py21qzrj0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yg6boj7xwfjj1119py21qzrj0k|03|org"; nocase; ) # 1xfnjdqor09mah9ofjvxwb63d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xfnjdqor09mah9ofjvxwb63d|03|net"; nocase; ) # ts5w0o11jti2b1h0fdcx1fzo05t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ts5w0o11jti2b1h0fdcx1fzo05t|03|net"; nocase; ) # g9kf9ith7uw77a57hv1tepala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g9kf9ith7uw77a57hv1tepala|03|com"; nocase; ) # 1ode9l31kftv6qzf5wl691j42r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ode9l31kftv6qzf5wl691j42r|03|net"; nocase; ) # 1k6z94rsju0371qrzy2s1qd9m2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k6z94rsju0371qrzy2s1qd9m2w|03|org"; nocase; ) # 1t239cc1q0fd5r88neqiwewqju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t239cc1q0fd5r88neqiwewqju|03|org"; nocase; ) # 1rvhfks12y4q9c1xlgl831j617ib.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rvhfks12y4q9c1xlgl831j617ib|03|biz"; nocase; ) # x568c14ej9oor1yzu61egibbl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x568c14ej9oor1yzu61egibbl|03|org"; nocase; ) # 1hretry1kgg4kr1mkq43gla5zf8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hretry1kgg4kr1mkq43gla5zf8|03|com"; nocase; ) # osl7eu1kjfd7j5nvol117abyr8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|osl7eu1kjfd7j5nvol117abyr8|03|org"; nocase; ) # 1ef8yx79mzhwi10ivtl1waztlh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ef8yx79mzhwi10ivtl1waztlh|03|net"; nocase; ) # 1pluc4v4ygmdu1yr7rq81ad1k41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pluc4v4ygmdu1yr7rq81ad1k41|03|com"; nocase; ) # 1lax4b31e7eylpmirexfnsd94c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lax4b31e7eylpmirexfnsd94c|03|net"; nocase; ) # 1doiizp1ojk40avlqqx4x7c3p1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1doiizp1ojk40avlqqx4x7c3p1|03|net"; nocase; ) # 1gqyfs31ach0mlq7upg11v97oue.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gqyfs31ach0mlq7upg11v97oue|03|net"; nocase; ) # 1ano0dyznigoc16z08nfdvrsya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ano0dyznigoc16z08nfdvrsya|03|net"; nocase; ) # 12juu4poe7qdsokffo2oh08sb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12juu4poe7qdsokffo2oh08sb|03|org"; nocase; ) # 1v810v0r4ye8sznrron12n1v12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v810v0r4ye8sznrron12n1v12|03|org"; nocase; ) # ply1qe16r6odl1jw522w1obzgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ply1qe16r6odl1jw522w1obzgp|03|org"; nocase; ) # 145j75rmlc06q1k5hqtzyk31wh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|145j75rmlc06q1k5hqtzyk31wh|03|net"; nocase; ) # 1nwk26qr9jb8arh3rmc1reje2x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nwk26qr9jb8arh3rmc1reje2x|03|biz"; nocase; ) # 4k60xte1xa317lt05v1izh8x5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4k60xte1xa317lt05v1izh8x5|03|com"; nocase; ) # 13nfbm914hl6ic1hatd854y06go.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13nfbm914hl6ic1hatd854y06go|03|com"; nocase; ) # 1b90u501kd59brnob7mu6c6bcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b90u501kd59brnob7mu6c6bcl|03|com"; nocase; ) # 1rxprwg1ox3bra1hy3rxvizt86u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rxprwg1ox3bra1hy3rxvizt86u|03|net"; nocase; ) # 1skh0zt1rzd0xl15kezc4odo6pg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skh0zt1rzd0xl15kezc4odo6pg|03|com"; nocase; ) # e7hc741o292b71ii8mcrez826q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e7hc741o292b71ii8mcrez826q|03|net"; nocase; ) # otdm49vi83gmq502p2r8jonl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|otdm49vi83gmq502p2r8jonl|03|net"; nocase; ) # 1cjez6ci0vfa51j67g071erv3em.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cjez6ci0vfa51j67g071erv3em|03|org"; nocase; ) # 14fv7ns16oqzd1xyylsg1gxt49s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14fv7ns16oqzd1xyylsg1gxt49s|03|org"; nocase; ) # uq613x6p1c8b1kit9ovzvs37d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uq613x6p1c8b1kit9ovzvs37d|03|net"; nocase; ) # 1g60280xenyy37va1rj1gk6773.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g60280xenyy37va1rj1gk6773|03|biz"; nocase; ) # iosapv1kn08ia7hwfby180mxkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iosapv1kn08ia7hwfby180mxkb|03|org"; nocase; ) # dpcawaom0tyv1dc0gdgoy2msw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dpcawaom0tyv1dc0gdgoy2msw|03|com"; nocase; ) # bd08maxpwg1el548u5mude5p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bd08maxpwg1el548u5mude5p|03|biz"; nocase; ) # rs1csh1ikkvurrif74xmcx2b9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rs1csh1ikkvurrif74xmcx2b9|03|net"; nocase; ) # 1a1wfxr1fquei31tkhcda1c59ehi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a1wfxr1fquei31tkhcda1c59ehi|03|biz"; nocase; ) # pgirmn1qjnvyk13na0zy1isy45s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pgirmn1qjnvyk13na0zy1isy45s|03|com"; nocase; ) # bu9fz7k0fua5q3wgw1d92vzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bu9fz7k0fua5q3wgw1d92vzy|03|net"; nocase; ) # drsw9e15xhbhygx5ijv1a5cxyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|drsw9e15xhbhygx5ijv1a5cxyx|03|net"; nocase; ) # ncl7bgbu9ose13eqif48qin26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ncl7bgbu9ose13eqif48qin26|03|org"; nocase; ) # d3m26j7em2fdxduo4s1tu3c4c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d3m26j7em2fdxduo4s1tu3c4c|03|biz"; nocase; ) # pxilz979lurt1yyty1mp3cxgb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pxilz979lurt1yyty1mp3cxgb|03|net"; nocase; ) # 1sh150b1usgaht1umv94zqw54sz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sh150b1usgaht1umv94zqw54sz|03|net"; nocase; ) # hlx44r18izsybxth5zp1b7e359.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hlx44r18izsybxth5zp1b7e359|03|biz"; nocase; ) # vsriie1rjjjl515ls3tx1pmb3mc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vsriie1rjjjl515ls3tx1pmb3mc|03|com"; nocase; ) # 19ht2jh3hnchc1tn5yet3n12c8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ht2jh3hnchc1tn5yet3n12c8|03|net"; nocase; ) # 15q6bgd1cs2ylgw7b8zddaoyzz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15q6bgd1cs2ylgw7b8zddaoyzz|03|com"; nocase; ) # i5jby8d0bewz8qgdrm8dw8zs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i5jby8d0bewz8qgdrm8dw8zs|03|net"; nocase; ) # 1fbsfi9o1xbpkt5lmxkfsqwu8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fbsfi9o1xbpkt5lmxkfsqwu8|03|biz"; nocase; ) # deolksxk33bw1g690g01ydsmdp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|deolksxk33bw1g690g01ydsmdp|03|net"; nocase; ) # x39s8ctokzw4202nvbt8rd5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x39s8ctokzw4202nvbt8rd5j|03|net"; nocase; ) # 58ggtw1x3d8qp1s84muu1xtxyr1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|58ggtw1x3d8qp1s84muu1xtxyr1|03|net"; nocase; ) # 8tgoac1mvo9l31etvgpg110zcg9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8tgoac1mvo9l31etvgpg110zcg9|03|biz"; nocase; ) # rzlp6nq5opo31fyozp41oz5k37.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rzlp6nq5opo31fyozp41oz5k37|03|com"; nocase; ) # qf4ugq11s210pjrp0031dtpl43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qf4ugq11s210pjrp0031dtpl43|03|net"; nocase; ) # xoln34inebhzc2fkle3yvfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|xoln34inebhzc2fkle3yvfq|03|biz"; nocase; ) # 1h7jbrdzk5p91d0p8yhut64jh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h7jbrdzk5p91d0p8yhut64jh|03|org"; nocase; ) # tgyo2e1mq7fy5zjc68y1oeynq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tgyo2e1mq7fy5zjc68y1oeynq9|03|net"; nocase; ) # 1e6w10jnikv9dehltbyw4fuqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e6w10jnikv9dehltbyw4fuqh|03|biz"; nocase; ) # gcf67aa6z3mt1koxw58i5onzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gcf67aa6z3mt1koxw58i5onzk|03|org"; nocase; ) # 1asic4io959cstlgid1197p2x7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1asic4io959cstlgid1197p2x7|03|com"; nocase; ) # 1idrlowxyhjxh8g33ku1e5ftn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1idrlowxyhjxh8g33ku1e5ftn7|03|net"; nocase; ) # 1til3disbrwa61l1bywt1kzfoco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1til3disbrwa61l1bywt1kzfoco|03|com"; nocase; ) # 15f3ot34lgfkj62r9ty74rgpy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15f3ot34lgfkj62r9ty74rgpy|03|org"; nocase; ) # qu3rr51hgdmhx1autvhjhq0g7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qu3rr51hgdmhx1autvhjhq0g7|03|biz"; nocase; ) # ra6ffm1hbsqgg16drwe93yyd0w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ra6ffm1hbsqgg16drwe93yyd0w|03|com"; nocase; ) # 1cc7mak1ep0un21hbv4ci1ebknq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cc7mak1ep0un21hbv4ci1ebknq2|03|net"; nocase; ) # 17rcsrf1q4a121znmwq5qtnjd0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17rcsrf1q4a121znmwq5qtnjd0|03|biz"; nocase; ) # 1srfb22w123g11vwoij91ysri67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1srfb22w123g11vwoij91ysri67|03|com"; nocase; ) # 1q33dpz1w3sv8w1ngde5c1a8i6is.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q33dpz1w3sv8w1ngde5c1a8i6is|03|com"; nocase; ) # 3nhgolz2yhekitqvk0as9sje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3nhgolz2yhekitqvk0as9sje|03|net"; nocase; ) # gh7cvq1nyuxdz1xcfjnt1npwe7z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gh7cvq1nyuxdz1xcfjnt1npwe7z|03|org"; nocase; ) # eampf9x89plv1e8e8ej1phpojg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eampf9x89plv1e8e8ej1phpojg|03|biz"; nocase; ) # 1qj9iac56cvt315uzghytwcdtr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qj9iac56cvt315uzghytwcdtr|03|biz"; nocase; ) # 1gjjflkhd7mgfcidnqm18s9d0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gjjflkhd7mgfcidnqm18s9d0x|03|com"; nocase; ) # 1q47uka1agqv5otmm0ff1jj1y81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q47uka1agqv5otmm0ff1jj1y81|03|net"; nocase; ) # 15enra8mbv4xm17p4axy7yvd5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15enra8mbv4xm17p4axy7yvd5a|03|net"; nocase; ) # 16wx3ui14eoovjuf4is8u24cto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wx3ui14eoovjuf4is8u24cto|03|com"; nocase; ) # 1i5onl91tfv48beibvxg1dw8prg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i5onl91tfv48beibvxg1dw8prg|03|com"; nocase; ) # ng4puq1dwfmcmso0komuaocoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ng4puq1dwfmcmso0komuaocoz|03|net"; nocase; ) # 161eo5k11o8cbh1cuiq9wby7xth.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161eo5k11o8cbh1cuiq9wby7xth|03|com"; nocase; ) # 12imw2azoe3io19f372dtt4nyc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12imw2azoe3io19f372dtt4nyc|03|biz"; nocase; ) # 1gc8ews1ad14uejjb6s2pnxaxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gc8ews1ad14uejjb6s2pnxaxp|03|net"; nocase; ) # 1gmy2at1adudkx2ymo9zy41cf3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gmy2at1adudkx2ymo9zy41cf3|03|net"; nocase; ) # 18jcfij29lrs71ssf0rg1r4re8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18jcfij29lrs71ssf0rg1r4re8w|03|org"; nocase; ) # 3f77qn17gk4f612mp7zz1r7wsya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3f77qn17gk4f612mp7zz1r7wsya|03|net"; nocase; ) # 1o1wzcs16uxs9332vm1f67lq6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o1wzcs16uxs9332vm1f67lq6w|03|net"; nocase; ) # 1w8pvrr1ijsch197b7z8kymoyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w8pvrr1ijsch197b7z8kymoyx|03|net"; nocase; ) # 9r0cn91oh1lrarxylgkyx65u4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9r0cn91oh1lrarxylgkyx65u4|03|org"; nocase; ) # pyh6earoj99x1enqdgb1t13u5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pyh6earoj99x1enqdgb1t13u5z|03|net"; nocase; ) # ho23hsrxitfagt0p30mteqm6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ho23hsrxitfagt0p30mteqm6|03|com"; nocase; ) # 6swo9i3kd9o611gawsxrd41it.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6swo9i3kd9o611gawsxrd41it|03|org"; nocase; ) # mdgjcpgekiot150j88hzcpf59.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mdgjcpgekiot150j88hzcpf59|03|net"; nocase; ) # rnyx33z2vq8316a4wdeemin0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rnyx33z2vq8316a4wdeemin0m|03|com"; nocase; ) # 17jktwjblek181tphdmkm36pgf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17jktwjblek181tphdmkm36pgf|03|net"; nocase; ) # 14lctyafyzwzakbq2jf1nvqyuq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14lctyafyzwzakbq2jf1nvqyuq|03|com"; nocase; ) # u3tge510leidf1w59ye5ck0d6d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u3tge510leidf1w59ye5ck0d6d|03|biz"; nocase; ) # 5u8xtb1nyymbp1mlepo1mkdyoh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5u8xtb1nyymbp1mlepo1mkdyoh|03|org"; nocase; ) # 1xyauu41vk5qhl19nh4xr6jkl9t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xyauu41vk5qhl19nh4xr6jkl9t|03|org"; nocase; ) # qswoo317knygi1s29acx5bl6sh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qswoo317knygi1s29acx5bl6sh|03|org"; nocase; ) # xm3141qyrphm1n7zp0f1tgnwam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xm3141qyrphm1n7zp0f1tgnwam|03|biz"; nocase; ) # 1623d3fnds98i1w50uez1b9lry7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1623d3fnds98i1w50uez1b9lry7|03|net"; nocase; ) # xtq6w1lql6ho5oq12g11o3kel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtq6w1lql6ho5oq12g11o3kel|03|net"; nocase; ) # 1n8ttlu1p6gm4l1qw29m4d6g7b2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n8ttlu1p6gm4l1qw29m4d6g7b2|03|biz"; nocase; ) # 1ghnjlm18lb7i91jyfzganr91ax.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ghnjlm18lb7i91jyfzganr91ax|03|org"; nocase; ) # 8ngljz1a902lq1oyh0so1dsx5ba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8ngljz1a902lq1oyh0so1dsx5ba|03|com"; nocase; ) # 1clvc0b1tq091j1l07cz7171jjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1clvc0b1tq091j1l07cz7171jjo|03|org"; nocase; ) # 9rkbwn1xcma4l1n59dkk1doiztm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9rkbwn1xcma4l1n59dkk1doiztm|03|com"; nocase; ) # 282xuutp1yrjqnbwsrllkvr3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|282xuutp1yrjqnbwsrllkvr3|03|biz"; nocase; ) # t8o66n193ecj3np85qi1n28wum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t8o66n193ecj3np85qi1n28wum|03|org"; nocase; ) # 1fp0a0a149ihls1gxjrhuki4u5n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fp0a0a149ihls1gxjrhuki4u5n|03|org"; nocase; ) # 13c9eox153c69v1yrbv0gr3msbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13c9eox153c69v1yrbv0gr3msbl|03|net"; nocase; ) # l4s99c1syt5oagtjbh387t9zx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4s99c1syt5oagtjbh387t9zx|03|biz"; nocase; ) # a3hjlfb6wjlp13t2jiq19o4ifg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a3hjlfb6wjlp13t2jiq19o4ifg|03|net"; nocase; ) # 6q43q1114cyjh2naho3dktdb6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6q43q1114cyjh2naho3dktdb6|03|org"; nocase; ) # ov6waueiievh19yyoya1106986.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ov6waueiievh19yyoya1106986|03|biz"; nocase; ) # 110zm1316t5ygz1qjdnm41wg83jv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|110zm1316t5ygz1qjdnm41wg83jv|03|org"; nocase; ) # ngjfdg13glctd1eads31sw91i1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ngjfdg13glctd1eads31sw91i1|03|com"; nocase; ) # 1ckbueu3zvlpaatcre6lmapw5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ckbueu3zvlpaatcre6lmapw5|03|net"; nocase; ) # 1v7yppz1rkuwv31679f949nn7p3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v7yppz1rkuwv31679f949nn7p3|03|biz"; nocase; ) # 7xj6jfg1blsut8n15qx5eg5t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7xj6jfg1blsut8n15qx5eg5t|03|biz"; nocase; ) # z7p29r665vg3166c8311l2ojku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z7p29r665vg3166c8311l2ojku|03|org"; nocase; ) # 1cbm49y1y04ziojtxk419v09b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cbm49y1y04ziojtxk419v09b|03|org"; nocase; ) # 13bgitn1yc38xmmai3vh0oe49.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13bgitn1yc38xmmai3vh0oe49|03|com"; nocase; ) # up9yy1ffvxxx12fhw52mgfrmi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|up9yy1ffvxxx12fhw52mgfrmi|03|biz"; nocase; ) # 1giq8uu1efn12j1ysw0qt193m11e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1giq8uu1efn12j1ysw0qt193m11e|03|biz"; nocase; ) # 1mjqvacw3s5et1oebnqi1bmzf29.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mjqvacw3s5et1oebnqi1bmzf29|03|com"; nocase; ) # 19v121ud458wcwljdnsgbky7r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19v121ud458wcwljdnsgbky7r|03|com"; nocase; ) # 17w62gqbnf17mbruqtw1lynsv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17w62gqbnf17mbruqtw1lynsv5|03|org"; nocase; ) # lwerk61ouo3851aga8io17q3qwl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lwerk61ouo3851aga8io17q3qwl|03|com"; nocase; ) # ub44jgh0jj461278445zkjvre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ub44jgh0jj461278445zkjvre|03|com"; nocase; ) # qhyxrsiu0xc115s7vhm19f8gwi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qhyxrsiu0xc115s7vhm19f8gwi|03|biz"; nocase; ) # k4wj9i1v9gql41noxlxucnf3ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k4wj9i1v9gql41noxlxucnf3ob|03|net"; nocase; ) # 1kqh9zmfwetbxs8l3q5l6nmyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kqh9zmfwetbxs8l3q5l6nmyk|03|com"; nocase; ) # p9q2ygvnfqqk87ppa0jj0p5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p9q2ygvnfqqk87ppa0jj0p5n|03|net"; nocase; ) # 10szvz61umb83w1k2w2gh10fdo7o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10szvz61umb83w1k2w2gh10fdo7o|03|net"; nocase; ) # 632of2zbme451487g1111h90zg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|632of2zbme451487g1111h90zg|03|net"; nocase; ) # 1qpmnxu3h0kgqm06k0maxfvi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qpmnxu3h0kgqm06k0maxfvi7|03|com"; nocase; ) # pm4omn17ron9dum4yue1w4tan0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pm4omn17ron9dum4yue1w4tan0|03|org"; nocase; ) # 79xh0pysvl0112v63hvdp5n5z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79xh0pysvl0112v63hvdp5n5z|03|com"; nocase; ) # izafdp1klapz9m5nte8ju3cy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|izafdp1klapz9m5nte8ju3cy2|03|net"; nocase; ) # w6j3701jk0to0gdwxdfxqihkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w6j3701jk0to0gdwxdfxqihkm|03|org"; nocase; ) # 1qezy631jptjvabdaun617ocuf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qezy631jptjvabdaun617ocuf4|03|net"; nocase; ) # jdjgaja2cucj1fcfn11oen9vt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jdjgaja2cucj1fcfn11oen9vt|03|net"; nocase; ) # 1i4wf6t1am3sk6h4yp1k1pvc27r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4wf6t1am3sk6h4yp1k1pvc27r|03|org"; nocase; ) # 10a8i7p82dol6p9p7ja1sdjueb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10a8i7p82dol6p9p7ja1sdjueb|03|org"; nocase; ) # jb2eu61617bdtrt9dzb16z4p2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jb2eu61617bdtrt9dzb16z4p2r|03|biz"; nocase; ) # 1de1s9ybtty091yrwmwe155b3z2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1de1s9ybtty091yrwmwe155b3z2|03|com"; nocase; ) # 1169lq3vzmw671fz5jb4jl862h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1169lq3vzmw671fz5jb4jl862h|03|net"; nocase; ) # c9oqru16cbism1izkdnh10szot5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c9oqru16cbism1izkdnh10szot5|03|net"; nocase; ) # 8a23o11hpzorczzsg5gzkba6u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8a23o11hpzorczzsg5gzkba6u|03|net"; nocase; ) # gtgm9hior66ow8le7s1jkyp30.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gtgm9hior66ow8le7s1jkyp30|03|net"; nocase; ) # 1yvmr5eg504811s1zj0017rh9j8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yvmr5eg504811s1zj0017rh9j8|03|net"; nocase; ) # 8ybiy5lmowh61049g891do9yex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ybiy5lmowh61049g891do9yex|03|net"; nocase; ) # 1udzlfcv6609lvxg031027zn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1udzlfcv6609lvxg031027zn|03|biz"; nocase; ) # 1se1s3sbtey8a10czyn42cgqwb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1se1s3sbtey8a10czyn42cgqwb|03|com"; nocase; ) # 9xsm8g1ddv43l5lj6eq1cqgjf3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9xsm8g1ddv43l5lj6eq1cqgjf3|03|net"; nocase; ) # h8ef26fwqgay1a9r7cp4dlgks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h8ef26fwqgay1a9r7cp4dlgks|03|net"; nocase; ) # 1uhj5ry186bdsjumjlaqwg2l62.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uhj5ry186bdsjumjlaqwg2l62|03|biz"; nocase; ) # cgsrm9xasoyc1qhyoz51vlbqbq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cgsrm9xasoyc1qhyoz51vlbqbq|03|org"; nocase; ) # 1ujwnir1ff7jl212wu22zbcvlzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ujwnir1ff7jl212wu22zbcvlzu|03|org"; nocase; ) # 176ficm11ovbyb1m24ixr2s4mu0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|176ficm11ovbyb1m24ixr2s4mu0|03|org"; nocase; ) # 1v24xg7zvotjd41b09n6sdxt4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v24xg7zvotjd41b09n6sdxt4|03|org"; nocase; ) # 2mcctirtzovxljrf6tdjs14t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2mcctirtzovxljrf6tdjs14t|03|biz"; nocase; ) # 1sumetwbt8do4hnsfs8geyl15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sumetwbt8do4hnsfs8geyl15|03|net"; nocase; ) # bghimf17w8l5f1bcbs42ravyru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bghimf17w8l5f1bcbs42ravyru|03|biz"; nocase; ) # 1ran3weiep5mg8ifwqea7nnib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ran3weiep5mg8ifwqea7nnib|03|com"; nocase; ) # 13wppjy47n2d4vd0mnke1rdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13wppjy47n2d4vd0mnke1rdc|03|com"; nocase; ) # 15zoyb21ehfgu3ock2a31byoi00.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15zoyb21ehfgu3ock2a31byoi00|03|net"; nocase; ) # 1c0rpt8156vyb8do2fpu1ko7m55.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c0rpt8156vyb8do2fpu1ko7m55|03|org"; nocase; ) # 98meqv1q1icg41mo644jqgys00.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98meqv1q1icg41mo644jqgys00|03|net"; nocase; ) # isb9vh3h0dv71xnric3kxlh5c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|isb9vh3h0dv71xnric3kxlh5c|03|biz"; nocase; ) # 1ltujhaoylglq1ovso6u1eguenb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ltujhaoylglq1ovso6u1eguenb|03|com"; nocase; ) # 174rluelfr8cj1xj5cq68e200f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|174rluelfr8cj1xj5cq68e200f|03|net"; nocase; ) # v5e0aw1i9x63b1uj7ahi5e9dba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5e0aw1i9x63b1uj7ahi5e9dba|03|biz"; nocase; ) # 21o15h13alw62h0v0xsk7kq6x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21o15h13alw62h0v0xsk7kq6x|03|net"; nocase; ) # 1q9ev6pxv09rot5p2if1vf5wda.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q9ev6pxv09rot5p2if1vf5wda|03|org"; nocase; ) # 8dvq701okxfcs1akityc1kjo8p9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8dvq701okxfcs1akityc1kjo8p9|03|net"; nocase; ) # zxq4gtqedqqf7bzdnu1uir38b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zxq4gtqedqqf7bzdnu1uir38b|03|com"; nocase; ) # 1xnbm8e1vc0v7n1a88zvz1gpcqg4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xnbm8e1vc0v7n1a88zvz1gpcqg4|03|biz"; nocase; ) # 17h93j0r14bvwk8uriz1xfmbfi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17h93j0r14bvwk8uriz1xfmbfi|03|net"; nocase; ) # 1ntnd1c18ckh2bx5s1i51d38mug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ntnd1c18ckh2bx5s1i51d38mug|03|net"; nocase; ) # l0jtcjthrp5ut24rl5u4h8z0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l0jtcjthrp5ut24rl5u4h8z0|03|org"; nocase; ) # 17tvuh41ha5p491bj7ken1tk1sr8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17tvuh41ha5p491bj7ken1tk1sr8|03|biz"; nocase; ) # 1pm2cmv1omqejb1fu290c8x9fkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pm2cmv1omqejb1fu290c8x9fkl|03|net"; nocase; ) # 1mj38oq4fv74j1bwfpqmizps1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mj38oq4fv74j1bwfpqmizps1z|03|net"; nocase; ) # 1hkogae1hz7vkt7oufyc1m28s0g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hkogae1hz7vkt7oufyc1m28s0g|03|biz"; nocase; ) # khj5ed1v68n9810u8ilg1jgykk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|khj5ed1v68n9810u8ilg1jgykk9|03|com"; nocase; ) # 17ai71r1a9mljx1jwo2f01mgt9at.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17ai71r1a9mljx1jwo2f01mgt9at|03|biz"; nocase; ) # 10ky4jh1wt3x5j1phcn8m17r7pkd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ky4jh1wt3x5j1phcn8m17r7pkd|03|net"; nocase; ) # r1qrvl4or7u51ya62pn1fxdg2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r1qrvl4or7u51ya62pn1fxdg2b|03|net"; nocase; ) # 81l9dor7abq071gh4d9wx0qm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|81l9dor7abq071gh4d9wx0qm|03|biz"; nocase; ) # 1aa0uu1w8molp1q2s8b213dm6ki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aa0uu1w8molp1q2s8b213dm6ki|03|net"; nocase; ) # 10r857n1jg1hqi1muvyblgpxcwp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10r857n1jg1hqi1muvyblgpxcwp|03|com"; nocase; ) # 190uzsvhbum41hesotc13u0gui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|190uzsvhbum41hesotc13u0gui|03|biz"; nocase; ) # 145nzvmr1jha0nqm3nc1mhb3kk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|145nzvmr1jha0nqm3nc1mhb3kk|03|net"; nocase; ) # 1elflg0qgyncyksw4bh1bgtor3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1elflg0qgyncyksw4bh1bgtor3|03|biz"; nocase; ) # djs09k1c747ux111kc1e18ymv4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|djs09k1c747ux111kc1e18ymv4p|03|net"; nocase; ) # jcz4f178hpssirn7gq1m890hx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jcz4f178hpssirn7gq1m890hx|03|biz"; nocase; ) # ko8ll71nle9wgvq2b9r1x6jba1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ko8ll71nle9wgvq2b9r1x6jba1|03|net"; nocase; ) # 1a7guv812allet1pm94zn2ws9hd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a7guv812allet1pm94zn2ws9hd|03|net"; nocase; ) # 166ome1roxi8a1038uj7zfj0eb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166ome1roxi8a1038uj7zfj0eb|03|org"; nocase; ) # 1lznv0c1did4pk1xbqm6c1mvj0x5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lznv0c1did4pk1xbqm6c1mvj0x5|03|com"; nocase; ) # 4co1xxrlgs6c1jljsbawwik7y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4co1xxrlgs6c1jljsbawwik7y|03|com"; nocase; ) # y1yt2tomyh45ex7kc28icy3q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y1yt2tomyh45ex7kc28icy3q|03|com"; nocase; ) # 1w6gxeu158cuzy348leyq0pq95.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w6gxeu158cuzy348leyq0pq95|03|org"; nocase; ) # 10ybrip120yca61hh065auujmvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ybrip120yca61hh065auujmvc|03|net"; nocase; ) # 1j7hyhs1edvv0r6bny4v1pxb3od.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j7hyhs1edvv0r6bny4v1pxb3od|03|org"; nocase; ) # i4cbf3gb5fh4wm3n851htr7n4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i4cbf3gb5fh4wm3n851htr7n4|03|com"; nocase; ) # alixxie5f4pj1dga6vw1flh4sm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|alixxie5f4pj1dga6vw1flh4sm|03|org"; nocase; ) # 19mpzut1k35lqs1g4onrf1pdidxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19mpzut1k35lqs1g4onrf1pdidxj|03|net"; nocase; ) # 1nncu8290kowtlexbozhrm6x3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nncu8290kowtlexbozhrm6x3|03|com"; nocase; ) # zplcfm19kvmwbvoyays1rj13vz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zplcfm19kvmwbvoyays1rj13vz|03|net"; nocase; ) # 180s0h41err6glh36tehbek574.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|180s0h41err6glh36tehbek574|03|com"; nocase; ) # iss4hm1wyoa0h1kdfhdzo4htz2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iss4hm1wyoa0h1kdfhdzo4htz2|03|biz"; nocase; ) # 1swt7txqkfwf5vtxghox2sfsr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1swt7txqkfwf5vtxghox2sfsr|03|net"; nocase; ) # 1rk58o61ghg8xdjwq86t1p5hhj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rk58o61ghg8xdjwq86t1p5hhj3|03|com"; nocase; ) # 4wmpjga8ne8d168992j159whlf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4wmpjga8ne8d168992j159whlf|03|org"; nocase; ) # 1ptjayjjz2hya1jk8lrzu9xq2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ptjayjjz2hya1jk8lrzu9xq2e|03|com"; nocase; ) # whf3om7ffqxd1kju01t11s68lq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|whf3om7ffqxd1kju01t11s68lq|03|org"; nocase; ) # afrja91dw13vlrdidx7lqk36n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|afrja91dw13vlrdidx7lqk36n|03|com"; nocase; ) # 6nmu261dn04gr1k9a0nr1bk744u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6nmu261dn04gr1k9a0nr1bk744u|03|biz"; nocase; ) # 1ba7ymv13966st3c6uc11l7f3dd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ba7ymv13966st3c6uc11l7f3dd|03|org"; nocase; ) # 1va0d351supxac1539l9h5dxsuq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1va0d351supxac1539l9h5dxsuq|03|biz"; nocase; ) # 1k9aytv1ivghz81rkfqz0gicheb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k9aytv1ivghz81rkfqz0gicheb|03|net"; nocase; ) # 1l8fvq5oz3gmhi96kam1g05jit.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l8fvq5oz3gmhi96kam1g05jit|03|biz"; nocase; ) # 12t97mjrz511jpubs0fybp4nj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12t97mjrz511jpubs0fybp4nj|03|org"; nocase; ) # h0jwob4h4yvft1m2ik1ga1502.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h0jwob4h4yvft1m2ik1ga1502|03|net"; nocase; ) # 6ne11n1dieytazcc8unc8whwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ne11n1dieytazcc8unc8whwl|03|net"; nocase; ) # 9zd44iorr63b1ha9i9ekfnh3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9zd44iorr63b1ha9i9ekfnh3d|03|net"; nocase; ) # 1eqcyss1g0qknq1dbmc5ayiz6t0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eqcyss1g0qknq1dbmc5ayiz6t0|03|net"; nocase; ) # 1tocisw9cuybs15ee7q0s52s5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tocisw9cuybs15ee7q0s52s5c|03|net"; nocase; ) # ripf1gznbwv62imkuyw005ki.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ripf1gznbwv62imkuyw005ki|03|com"; nocase; ) # q0ffbp9tnnslw7dppw1wyz2hx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q0ffbp9tnnslw7dppw1wyz2hx|03|com"; nocase; ) # 1vh4d3lrixewq1wp40pmk3banc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vh4d3lrixewq1wp40pmk3banc|03|biz"; nocase; ) # v4fkmn1f8rz56v3jr6g1mlan9h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4fkmn1f8rz56v3jr6g1mlan9h|03|com"; nocase; ) # 8dh9qq1s44ygdqbeoxvf02t36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8dh9qq1s44ygdqbeoxvf02t36|03|net"; nocase; ) # duykv518e3vgo1lx4dxnzpn6s7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|duykv518e3vgo1lx4dxnzpn6s7|03|com"; nocase; ) # 1nme3vp1ytxd661bu14axqfnbox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nme3vp1ytxd661bu14axqfnbox|03|biz"; nocase; ) # lvmr2r1bbywlkm8gbo01vz9t6a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lvmr2r1bbywlkm8gbo01vz9t6a|03|com"; nocase; ) # 143x1jj8u12bi60umxie4w31b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|143x1jj8u12bi60umxie4w31b|03|biz"; nocase; ) # az05lg19cry29hilgi45auqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|az05lg19cry29hilgi45auqn|03|org"; nocase; ) # 1y3su31ytyy3k1mg7xnu16wa8k8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y3su31ytyy3k1mg7xnu16wa8k8|03|com"; nocase; ) # vlgicc15xrsxdjb8uhk10avj2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vlgicc15xrsxdjb8uhk10avj2s|03|net"; nocase; ) # 10p43pvt3u6iz1wfo5he1ah1hnx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10p43pvt3u6iz1wfo5he1ah1hnx|03|org"; nocase; ) # 3krd5vmhusn719jg3jm1cpox1m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3krd5vmhusn719jg3jm1cpox1m|03|biz"; nocase; ) # 1gz9d3q16eckgf1uebo0c1l8of7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gz9d3q16eckgf1uebo0c1l8of7y|03|net"; nocase; ) # 1nqksidj27zpxtbu79o11uor6t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nqksidj27zpxtbu79o11uor6t|03|biz"; nocase; ) # 1vqbvro1k4s0p81fv9ayozar4fq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vqbvro1k4s0p81fv9ayozar4fq|03|com"; nocase; ) # 1vnwbb5t9ojv7r0s54w1jdt256.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vnwbb5t9ojv7r0s54w1jdt256|03|biz"; nocase; ) # 10gr8411778c16ogyb28aj8zyn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10gr8411778c16ogyb28aj8zyn|03|com"; nocase; ) # pzxmpn19w2pr84ct8o9193lwkh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pzxmpn19w2pr84ct8o9193lwkh|03|biz"; nocase; ) # 1piwe5yhdeav41ozovw9y1tqzs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1piwe5yhdeav41ozovw9y1tqzs|03|org"; nocase; ) # 195kz3vx2bl514j9frw786jc3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|195kz3vx2bl514j9frw786jc3|03|com"; nocase; ) # 1pndcrw1vdpfpnx61si516s1ym4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pndcrw1vdpfpnx61si516s1ym4|03|org"; nocase; ) # 1msz60urttjob14no9k31q7dtjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1msz60urttjob14no9k31q7dtjw|03|net"; nocase; ) # adlr4yq90nbzds80szt8y305.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|adlr4yq90nbzds80szt8y305|03|net"; nocase; ) # x1n8ls11q33hp3r950i1vnglzk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x1n8ls11q33hp3r950i1vnglzk|03|net"; nocase; ) # adpzku1brgt2v7vybju18smsx0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|adpzku1brgt2v7vybju18smsx0|03|org"; nocase; ) # k6pkz310pw85dvqspig95o9lf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k6pkz310pw85dvqspig95o9lf|03|net"; nocase; ) # esz0yc1ifwypl3449x5k0tdl0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|esz0yc1ifwypl3449x5k0tdl0|03|biz"; nocase; ) # c24vf5rx2n1x5zchhzc2pg3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c24vf5rx2n1x5zchhzc2pg3p|03|net"; nocase; ) # z8lmb11temrgmiv32nh3lf2d8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z8lmb11temrgmiv32nh3lf2d8|03|org"; nocase; ) # csngl11w5yctcbyqqcx1sghx45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csngl11w5yctcbyqqcx1sghx45|03|com"; nocase; ) # v4p0nb1knynev6knib41xz439i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v4p0nb1knynev6knib41xz439i|03|biz"; nocase; ) # 1p782fi1k1b8pd1ewi2e01au9xpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p782fi1k1b8pd1ewi2e01au9xpm|03|net"; nocase; ) # 1lu60921q2dfmn1vrndlnirhaz6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lu60921q2dfmn1vrndlnirhaz6|03|com"; nocase; ) # 1eyrz5o15q2rdknj39uj11i17ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eyrz5o15q2rdknj39uj11i17ap|03|net"; nocase; ) # 146frd1iv95ur1a2kxfwtawm1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|146frd1iv95ur1a2kxfwtawm1v|03|com"; nocase; ) # dneklf1rr8i7vyxq7mgjjimy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dneklf1rr8i7vyxq7mgjjimy8|03|net"; nocase; ) # 1rtjbki1oxlloq1j5fdc1icguf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rtjbki1oxlloq1j5fdc1icguf8|03|net"; nocase; ) # 182bfeh1qclw68yu6d90wf1jlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|182bfeh1qclw68yu6d90wf1jlt|03|org"; nocase; ) # 1shwjntazsdgfx5jxn4zaawu5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1shwjntazsdgfx5jxn4zaawu5|03|net"; nocase; ) # upe4f51963esn10c9e6t51xw23.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|upe4f51963esn10c9e6t51xw23|03|com"; nocase; ) # 124ajx21hfehrwmfhsqabd0gpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|124ajx21hfehrwmfhsqabd0gpj|03|biz"; nocase; ) # fysajax9fovq6934001nl5ony.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fysajax9fovq6934001nl5ony|03|com"; nocase; ) # 1vifrgaro9zq7s3gq2f18ek051.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vifrgaro9zq7s3gq2f18ek051|03|com"; nocase; ) # pevp4e1o3hod51jonm75bayzx5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pevp4e1o3hod51jonm75bayzx5|03|org"; nocase; ) # 14jwlb612cjy4e102k7cssw51q0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14jwlb612cjy4e102k7cssw51q0|03|org"; nocase; ) # o62pjk1qxgv0sr5ura5253q37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o62pjk1qxgv0sr5ura5253q37|03|net"; nocase; ) # 18kg7ft1f279581vanbqzlsq8ke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18kg7ft1f279581vanbqzlsq8ke|03|com"; nocase; ) # 152r75l1038isc12aipce1mozz13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|152r75l1038isc12aipce1mozz13|03|org"; nocase; ) # 17rnaimm0hd6q1mv44q16t6oxy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17rnaimm0hd6q1mv44q16t6oxy|03|com"; nocase; ) # 19s7re5yzia86ije3dv1jkousj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19s7re5yzia86ije3dv1jkousj|03|net"; nocase; ) # 11axyc61mheaxs1jc96v615kw73z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11axyc61mheaxs1jc96v615kw73z|03|net"; nocase; ) # 1koaqhj1umq22dfvk45n15auiht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1koaqhj1umq22dfvk45n15auiht|03|com"; nocase; ) # 15n32yn1y7kbwcniq2u7n7aq2j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15n32yn1y7kbwcniq2u7n7aq2j|03|org"; nocase; ) # q5708825236b1j4elj614ds0za.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q5708825236b1j4elj614ds0za|03|org"; nocase; ) # 1jcoho41kt0tfxtdahm98ng6bh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcoho41kt0tfxtdahm98ng6bh|03|net"; nocase; ) # b8vx5sscwplvzfjsbh154mi36.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b8vx5sscwplvzfjsbh154mi36|03|biz"; nocase; ) # mmysfrpcrcbw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mmysfrpcrcbw|03|com"; nocase; ) # aaeelwtpdsmm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aaeelwtpdsmm|03|net"; nocase; ) # brggjnlnrqar.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|brggjnlnrqar|02|ru"; nocase; ) # ciislrkngymk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ciislrkngymk|02|co|02|uk"; nocase; ) # pmfjddxxjgoa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pmfjddxxjgoa|04|info"; nocase; ) # xnqgcgtlodge.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xnqgcgtlodge|04|info"; nocase; ) # xdnjerferycp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xdnjerferycp|03|com"; nocase; ) # bseiwoicyedh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bseiwoicyedh|03|biz"; nocase; ) # ogjtdwvjvadb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ogjtdwvjvadb|02|ru"; nocase; ) # dngjefamlmtq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dngjefamlmtq|03|org"; nocase; ) # qbluknntiitk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qbluknntiitk|02|co|02|uk"; nocase; ) # fvkxeaqkosto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fvkxeaqkosto|03|net"; nocase; ) # afucwelpjurxks.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|afucwelpjurxks|04|info"; nocase; ) # dlfxygahhtunxb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dlfxygahhtunxb|03|biz"; nocase; ) # epaxclmqxorbgo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|epaxclmqxorbgo|02|ru"; nocase; ) # gvbbvolygcasit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gvbbvolygcasit|03|net"; nocase; ) # hqecwqclnfikjp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hqecwqclnfikjp|03|biz"; nocase; ) # lbjxcxdmcyinxo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lbjxcxdmcyinxo|04|info"; nocase; ) # jgccfhjlnctupb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jgccfhjlnctupb|03|net"; nocase; ) # xrurfdygmidiip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xrurfdygmidiip|03|org"; nocase; ) # ymchqtwnojikpx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ymchqtwnojikpx|04|info"; nocase; ) # vixhkldxqqcpvf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vixhkldxqqcpvf|03|net"; nocase; ) # kxrvpsrxxbemik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kxrvpsrxxbemik|03|com"; nocase; ) # yixicuxibbeplq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yixicuxibbeplq|03|net"; nocase; ) # akykydtudbyhko.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|akykydtudbyhko|03|biz"; nocase; ) # bhvjgfkhafydlr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bhvjgfkhafydlr|02|ru"; nocase; ) # frbflacjbtiflj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|frbflacjbtiflj|03|com"; nocase; ) # gtchiixvdtdwtx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gtchiixvdtdwtx|03|net"; nocase; ) # itfxfqgaepqpup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itfxfqgaepqpup|03|org"; nocase; ) # haxdktlgtirafv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|haxdktlgtirafv|04|info"; nocase; ) # ufgfxgppmwolri.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ufgfxgppmwolri|03|biz"; nocase; ) # weegcwucssgibt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|weegcwucssgibt|03|org"; nocase; ) # nikuhskasctjeq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nikuhskasctjeq|02|co|02|uk"; nocase; ) # pypotnabppseey.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pypotnabppseey|03|biz"; nocase; ) # saorumbaxlfsmb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|saorumbaxlfsmb|02|co|02|uk"; nocase; ) # pjtukevruyljnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pjtukevruyljnt|03|net"; nocase; ) # ysefgfqfnqsoel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ysefgfqfnqsoel|03|com"; nocase; ) # qiiqnbctraciae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qiiqnbctraciae|03|biz"; nocase; ) # hdsyaajokmsdqt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hdsyaajokmsdqt|02|co|02|uk"; nocase; ) # wnxjxsptlpuyja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wnxjxsptlpuyja|03|net"; nocase; ) # jilvgcsskfaevq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jilvgcsskfaevq|03|com"; nocase; ) # jdlfvnefuiagjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jdlfvnefuiagjt|03|net"; nocase; ) # vnkctfaosvbkhk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vnkctfaosvbkhk|04|info"; nocase; ) # wrfeqnvporhwgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wrfeqnvporhwgb|03|com"; nocase; ) # rjcylncpujjmja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rjcylncpujjmja|03|net"; nocase; ) # wlrdqsgedaepxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wlrdqsgedaepxf|03|com"; nocase; ) # nfmkechauefqju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nfmkechauefqju|03|biz"; nocase; ) # nuvonhhrsvsnkj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nuvonhhrsvsnkj|02|ru"; nocase; ) # owwsemtmcgqrjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owwsemtmcgqrjy|03|org"; nocase; ) # qnqcsrmhmiqoir.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qnqcsrmhmiqoir|02|co|02|uk"; nocase; ) # rprgjwycvsosqx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rprgjwycvsosqx|04|info"; nocase; ) # rfbkscyttkcpkx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rfbkscyttkcpkx|03|com"; nocase; ) # gkgpvpkbgraxfg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gkgpvpkbgraxfg|02|ru"; nocase; ) # ebbxtocyliexlm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ebbxtocyliexlm|04|info"; nocase; ) # hjfpibxagsandi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hjfpibxagsandi|03|biz"; nocase; ) # svnargebqbvfru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|svnargebqbvfru|03|org"; nocase; ) # hbytqctknplbkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hbytqctknplbkc|03|com"; nocase; ) # bdxssuhtqjsrjj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bdxssuhtqjsrjj|02|co|02|uk"; nocase; ) # cuibslmaeajblc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cuibslmaeajblc|03|com"; nocase; ) # qgdntccrlecauo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qgdntccrlecauo|03|net"; nocase; ) # hxxjerytjgoktbp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hxxjerytjgoktbp|02|ru"; nocase; ) # kwkvkwmtnhepkwt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kwkvkwmtnhepkwt|03|biz"; nocase; ) # lbfvncydecbdsrx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lbfvncydecbdsrx|02|ru"; nocase; ) # bjnnoqtihjptief.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bjnnoqtihjptief|02|ru"; nocase; ) # opqcdcowhgdwrdy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|opqcdcowhgdwrdy|03|org"; nocase; ) # pgyevtgvpciriwk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pgyevtgvpciriwk|04|info"; nocase; ) # hqnyqmxhnoluggt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hqnyqmxhnoluggt|02|ru"; nocase; ) # jyrjetbuleqwnyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000038999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jyrjetbuleqwnyw|03|com"; nocase; ) # vwfdudybehhiqjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vwfdudybehhiqjv|03|net"; nocase; ) # wbadxlunvitepoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wbadxlunvitepoy|03|biz"; nocase; ) # vgrksvqxnravxqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vgrksvqxnravxqf|03|biz"; nocase; ) # nvwycvsorfvhtin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nvwycvsorfvhtin|03|com"; nocase; ) # fpdfqqhygmotuxh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fpdfqqhygmotuxh|03|org"; nocase; ) # ipgixgmrjsaatdk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ipgixgmrjsaatdk|03|com"; nocase; ) # pkyswndmkklaeyp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pkyswndmkklaeyp|02|co|02|uk"; nocase; ) # evvgipvnyldhngi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|evvgipvnyldhngi|04|info"; nocase; ) # ixalmknppwubcoe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ixalmknppwubcoe|02|ru"; nocase; ) # vlburshkrtkocqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vlburshkrtkocqh|03|org"; nocase; ) # nfhbgnvggbrfnis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nfhbgnvggbrfnis|03|net"; nocase; ) # rhlgkiniwmjynea.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rhlgkiniwmjynea|02|co|02|uk"; nocase; ) # odhcjxwidspkqlu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|odhcjxwidspkqlu|03|com"; nocase; ) # clesrjrwgkfrsdx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|clesrjrwgkfrsdx|03|net"; nocase; ) # qllmwsmjpjnnfhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qllmwsmjpjnnfhc|03|org"; nocase; ) # jwqlfiqlugtdfnv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jwqlfiqlugtdfnv|03|com"; nocase; ) # lupnpeixyftpgsh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lupnpeixyftpgsh|02|ru"; nocase; ) # mhvxpisvucxtnqv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mhvxpisvucxtnqv|02|co|02|uk"; nocase; ) # ybpimvtvnlcskps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ybpimvtvnlcskps|03|net"; nocase; ) # pnwkerjqpegvnmd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pnwkerjqpegvnmd|03|biz"; nocase; ) # qpxmbafdrebnmkc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qpxmbafdrebnmkc|02|ru"; nocase; ) # ndottwpuunindwl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ndottwpuunindwl|03|org"; nocase; ) # fhiprjsijjsemuy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fhiprjsijjsemuy|03|biz"; nocase; ) # sqccpaqflwmdbri.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sqccpaqflwmdbri|03|biz"; nocase; ) # ulmuhkdbibtgtoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ulmuhkdbibtgtoj|03|org"; nocase; ) # fwiomoytxwpybvi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fwiomoytxwpybvi|03|com"; nocase; ) # tengrkoagdokthx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tengrkoagdokthx|02|ru"; nocase; ) # vmrqfrrnestmbdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vmrqfrrnestmbdr|03|com"; nocase; ) # mrhpgbocjxltcju.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mrhpgbocjxltcju|03|com"; nocase; ) # jirlhoiyocxpayu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jirlhoiyocxpayu|02|co|02|uk"; nocase; ) # vgqpkwmqwtpwhbn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vgqpkwmqwtpwhbn|04|info"; nocase; ) # jvlddfgwsbyfxxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jvlddfgwsbyfxxm|03|com"; nocase; ) # cvluvcyjiruyvfs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cvluvcyjiruyvfs|03|biz"; nocase; ) # prlhdgnyfsvsiwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|prlhdgnyfsvsiwk|03|org"; nocase; ) # hhqxggpefcmyedk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hhqxggpefcmyedk|03|biz"; nocase; ) # iybcsqctexkhwok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iybcsqctexkhwok|03|org"; nocase; ) # rgqjmprrsmkgpya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rgqjmprrsmkgpya|03|com"; nocase; ) # oukjggnljhpjnmg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oukjggnljhpjnmg|03|biz"; nocase; ) # pwlnwojmpldvvif.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pwlnwojmpldvvif|02|ru"; nocase; ) # refajyosjsnmtjl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|refajyosjsnmtjl|02|co|02|uk"; nocase; ) # hkabgitmmvcebjk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hkabgitmmvcebjk|03|biz"; nocase; ) # jcegyeteciqjhmw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jcegyeteciqjhmw|02|ru"; nocase; ) # lkiqmyjfoyomveq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lkiqmyjfoyomveq|03|com"; nocase; ) # nfsjepouipsyvot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nfsjepouipsyvot|03|biz"; nocase; ) # ghndjubgsntr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ghndjubgsntr|02|co|02|uk"; nocase; ) # slvibxttgyve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|slvibxttgyve|03|net"; nocase; ) # tpqhhdavwanp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tpqhhdavwanp|03|biz"; nocase; ) # wvbmffwoejck.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wvbmffwoejck|02|co|02|uk"; nocase; ) # jqouhxxvpsxk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jqouhxxvpsxk|02|ru"; nocase; ) # xmbllmbewcmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xmbllmbewcmr|03|org"; nocase; ) # lcvxhuoroyjd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lcvxhuoroyjd|02|co|02|uk"; nocase; ) # nbtylfbqndeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nbtylfbqndeq|03|com"; nocase; ) # duegjkqnqvfp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|duegjkqnqvfp|04|info"; nocase; ) # snanvualiudk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|snanvualiudk|03|biz"; nocase; ) # htfplmvvikva.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039054; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|htfplmvvikva|03|org"; nocase; ) # ipdtmdbcqtyr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039055; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ipdtmdbcqtyr|04|info"; nocase; ) # jkkrwtwpciaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039056; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jkkrwtwpciaw|03|net"; nocase; ) # kbguqpllrrjm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039057; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kbguqpllrrjm|04|info"; nocase; ) # xqbhmxyyjogx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039058; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqbhmxyyjogx|03|com"; nocase; ) # ofoqiflpteoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039059; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ofoqiflpteoq|03|com"; nocase; ) # xveadpkvmbfd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039060; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xveadpkvmbfd|03|com"; nocase; ) # kvnekfmbtdwk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039061; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kvnekfmbtdwk|03|net"; nocase; ) # yprawhbmlvqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039062; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yprawhbmlvqr|03|biz"; nocase; ) # cqqeuadqmsiy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039063; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cqqeuadqmsiy|02|co|02|uk"; nocase; ) # dawebcqudfew.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039064; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dawebcqudfew|04|info"; nocase; ) # yipeaemhlcgx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039065; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yipeaemhlcgx|02|ru"; nocase; ) # aeniburntljp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039066; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aeniburntljp|02|co|02|uk"; nocase; ) # nroqjavuhuxj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039067; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nroqjavuhuxj|04|info"; nocase; ) # hyxndtqyvmwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039068; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hyxndtqyvmwr|03|org"; nocase; ) # kresitovwyif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039069; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kresitovwyif|03|biz"; nocase; ) # hpbfkguwbixh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039070; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hpbfkguwbixh|03|biz"; nocase; ) # joygowajhepe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039071; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|joygowajhepe|03|org"; nocase; ) # wcaowfnwjivt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039072; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wcaowfnwjivt|02|co|02|uk"; nocase; ) # orfpvjwnawgs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039073; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|orfpvjwnawgs|03|com"; nocase; ) # pocngrmueabv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039074; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pocngrmueabv|03|net"; nocase; ) # qqdqaacagsxp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039075; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qqdqaacagsxp|03|biz"; nocase; ) # veocixioqfxv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039076; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|veocixioqfxv|02|ru"; nocase; ) # lhojwpububmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039077; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lhojwpububmq|03|org"; nocase; ) # mfmckcflcpfb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039078; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mfmckcflcpfb|03|biz"; nocase; ) # rhcootushcwi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039079; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rhcootushcwi|03|net"; nocase; ) # vxnvdhqofmvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039080; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vxnvdhqofmvc|03|biz"; nocase; ) # cddwmygiisuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039081; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cddwmygiisuv|03|net"; nocase; ) # embvydbmvpco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039082; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|embvydbmvpco|03|com"; nocase; ) # mugqyfkoqkoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039083; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mugqyfkoqkoq|03|org"; nocase; ) # cwjwpmsepyda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039084; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cwjwpmsepyda|03|net"; nocase; ) # djtxbonkwqqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039085; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|djtxbonkwqqq|03|org"; nocase; ) # etwofuuqsajs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039086; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|etwofuuqsajs|03|net"; nocase; ) # mkfxijxjtaso.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039087; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mkfxijxjtaso|03|biz"; nocase; ) # subfpttyhosm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039088; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|subfpttyhosm|02|ru"; nocase; ) # gxpxklcfglrt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039089; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gxpxklcfglrt|03|biz"; nocase; ) # cmspbikpdqjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039090; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cmspbikpdqjn|03|com"; nocase; ) # hunrunauhnmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039091; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hunrunauhnmp|03|com"; nocase; ) # jpxoaefhstau.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039092; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jpxoaefhstau|03|biz"; nocase; ) # jlstgirpucjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039093; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jlstgirpucjn|03|org"; nocase; ) # seciwfkncpup.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039094; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|seciwfkncpup|04|info"; nocase; ) # dlixqlesaykph.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039095; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dlixqlesaykph|02|ru"; nocase; ) # ehgxevqisdygq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039096; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ehgxevqisdygq|02|co|02|uk"; nocase; ) # irhkaxnpcpiyl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039097; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|irhkaxnpcpiyl|03|net"; nocase; ) # fxgbxfwwmpvvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039098; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fxgbxfwwmpvvw|03|org"; nocase; ) # hwexopjsdndqw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039099; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|hwexopjsdndqw|04|info"; nocase; ) # umykkxwgukacw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039100; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|umykkxwgukacw|03|com"; nocase; ) # iuwgcedqwpjwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039101; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iuwgcedqwpjwx|03|com"; nocase; ) # mdtxihpplqgmu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039102; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mdtxihpplqgmu|03|com"; nocase; ) # mpycvfwlqolod.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039103; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mpycvfwlqolod|02|co|02|uk"; nocase; ) # oowymvcbfxnbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039104; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oowymvcbfxnbd|03|com"; nocase; ) # rovbxmqqrluth.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rovbxmqqrluth|02|co|02|uk"; nocase; ) # agryodsiabtsl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|agryodsiabtsl|03|com"; nocase; ) # gsuxvnajjbxvm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gsuxvnajjbxvm|03|com"; nocase; ) # iwairswaklkml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iwairswaklkml|03|net"; nocase; ) # piussajhpodcv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|piussajhpodcv|04|info"; nocase; ) # gwxxnmlcuwmjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gwxxnmlcuwmjb|03|biz"; nocase; ) # mkaqermvosmww.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mkaqermvosmww|03|net"; nocase; ) # rofhburjxxynf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rofhburjxxynf|04|info"; nocase; ) # obdcfgeldkbal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|obdcfgeldkbal|03|net"; nocase; ) # pwbcswjoteuye.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pwbcswjoteuye|02|ru"; nocase; ) # wqhxujlxbmsfj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wqhxujlxbmsfj|02|co|02|uk"; nocase; ) # wantqnxdposyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wantqnxdposyv|03|com"; nocase; ) # tcsrcltlmewli.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tcsrcltlmewli|03|biz"; nocase; ) # sstyjgwqrtvka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sstyjgwqrtvka|03|org"; nocase; ) # wwcubueikmeud.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wwcubueikmeud|02|co|02|uk"; nocase; ) # cdbjehnqiibyh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cdbjehnqiibyh|02|ru"; nocase; ) # joiilrtyphruq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|joiilrtyphruq|03|net"; nocase; ) # lxgllvoglvkxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lxgllvoglvkxq|03|com"; nocase; ) # pakyodrbwlqvm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pakyodrbwlqvm|03|org"; nocase; ) # lrdvkeakoncxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lrdvkeakoncxq|03|biz"; nocase; ) # cgqdmndgutext.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cgqdmndgutext|03|biz"; nocase; ) # dklemsjthauec.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dklemsjthauec|02|ru"; nocase; ) # fspwyaknoggjq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fspwyaknoggjq|03|com"; nocase; ) # fgfalljdxeqcr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fgfalljdxeqcr|03|net"; nocase; ) # mdmxfagxdinjw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mdmxfagxdinjw|02|ru"; nocase; ) # ashmuitwyalpn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ashmuitwyalpn|03|org"; nocase; ) # scfmofsqprrcp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|scfmofsqprrcp|04|info"; nocase; ) # tttnjeeoysxfk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|tttnjeeoysxfk|03|biz"; nocase; ) # voegbujesjcrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|voegbujesjcrt|03|org"; nocase; ) # qhrmidmqlavbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qhrmidmqlavbj|03|com"; nocase; ) # ujvalxcysmlxx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ujvalxcysmlxx|03|org"; nocase; ) # sro4wx1m7w5nr1mk3ot91ge46.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sro4wx1m7w5nr1mk3ot91ge46|03|biz"; nocase; ) # 1oatetk1upd2fv3g8hht1wtz6o1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oatetk1upd2fv3g8hht1wtz6o1|03|org"; nocase; ) # zt52xe1ijusbs1v632y71y05iug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zt52xe1ijusbs1v632y71y05iug|03|net"; nocase; ) # 1550uaz16c8n1o1efoipx1mt0dh7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1550uaz16c8n1o1efoipx1mt0dh7|03|org"; nocase; ) # vnwah15a22np3de71m1k152q3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vnwah15a22np3de71m1k152q3|03|net"; nocase; ) # 61eqvpf9uh531psklkq1nshczx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|61eqvpf9uh531psklkq1nshczx|03|net"; nocase; ) # 1ribcen1kcltj61bmd04b1q0131p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ribcen1kcltj61bmd04b1q0131p|03|com"; nocase; ) # 1gv8dfrecu1ecq9hzxo1mas78d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gv8dfrecu1ecq9hzxo1mas78d|03|org"; nocase; ) # 1m3rl3n1thwsmh85wfxihg4mt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m3rl3n1thwsmh85wfxihg4mt1|03|com"; nocase; ) # io5bdf1lyu8o38rkvrv1az12tv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io5bdf1lyu8o38rkvrv1az12tv|03|biz"; nocase; ) # 7bstu4qld30p5dukbtxcdwnk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7bstu4qld30p5dukbtxcdwnk|03|net"; nocase; ) # 16otsqg7mtcqx2h5ihe41ipgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16otsqg7mtcqx2h5ihe41ipgt|03|org"; nocase; ) # 1pitl0z1i24olx1f5raf01dmfaq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pitl0z1i24olx1f5raf01dmfaq8|03|org"; nocase; ) # 1dbzyq41jfmvoluyxjtd101z65w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dbzyq41jfmvoluyxjtd101z65w|03|biz"; nocase; ) # 4et69g1mtzq5r1d78qk0djywiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4et69g1mtzq5r1d78qk0djywiz|03|org"; nocase; ) # mx35fyt4zhr8kwe0q1uy7vs9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mx35fyt4zhr8kwe0q1uy7vs9|03|com"; nocase; ) # 4qpeth1pemhlxkff4svqie3ni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4qpeth1pemhlxkff4svqie3ni|03|com"; nocase; ) # 12xjkk27b8q7xo6c70c16csuh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12xjkk27b8q7xo6c70c16csuh6|03|net"; nocase; ) # ffy6siqe8zctly7uo51sco98e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ffy6siqe8zctly7uo51sco98e|03|com"; nocase; ) # vch7ukkkttb6k5fxmsufo0pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vch7ukkkttb6k5fxmsufo0pm|03|net"; nocase; ) # 1tru9f45735841ampimh1n523b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tru9f45735841ampimh1n523b|03|biz"; nocase; ) # y834vlppzxrb1ruzwalvia3wk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y834vlppzxrb1ruzwalvia3wk|03|com"; nocase; ) # tvgb2tqts8s11vuyx6xs3iu0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tvgb2tqts8s11vuyx6xs3iu0s|03|net"; nocase; ) # 88hobqtgwqfz1vnvhwia7dun4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88hobqtgwqfz1vnvhwia7dun4|03|net"; nocase; ) # iydl04182nibb1iuviwr1490bxy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iydl04182nibb1iuviwr1490bxy|03|biz"; nocase; ) # dj533zz4ajwfd3knj1gdfeen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dj533zz4ajwfd3knj1gdfeen|03|net"; nocase; ) # a5mcdylb5wr91yjmnwd1bv0euo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a5mcdylb5wr91yjmnwd1bv0euo|03|net"; nocase; ) # 1m8w5pr5b1nifxy886518zky2w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m8w5pr5b1nifxy886518zky2w|03|net"; nocase; ) # cd7a1cisky9h1ent1oa1t32vsg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cd7a1cisky9h1ent1oa1t32vsg|03|org"; nocase; ) # 1mh2o5x179pp541u32373gfom9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mh2o5x179pp541u32373gfom9f|03|net"; nocase; ) # 1bf8jpy2awdoet627z2114hhvs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bf8jpy2awdoet627z2114hhvs|03|org"; nocase; ) # 1ymv2zcubl0mcaiinj1dvaw63.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ymv2zcubl0mcaiinj1dvaw63|03|net"; nocase; ) # o1yhgm178oe2c1uef3r0zh2f5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o1yhgm178oe2c1uef3r0zh2f5j|03|org"; nocase; ) # rihdw910krtbt18h35x716fmomw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rihdw910krtbt18h35x716fmomw|03|org"; nocase; ) # 1mstspu1o6juzzjtq5ei168mc5o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mstspu1o6juzzjtq5ei168mc5o|03|com"; nocase; ) # vc5ylb1xgaukc4amjf05g8kf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vc5ylb1xgaukc4amjf05g8kf|03|net"; nocase; ) # b6kvnmx9tpipfemzirv5mrh3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b6kvnmx9tpipfemzirv5mrh3|03|net"; nocase; ) # k8tf271xsiexe15dj46vqjaiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k8tf271xsiexe15dj46vqjaiu|03|net"; nocase; ) # 16lne5w15i8gqsv3c7nzewejgy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16lne5w15i8gqsv3c7nzewejgy|03|net"; nocase; ) # 85xydjeaovti1kd9cop11azcc2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|85xydjeaovti1kd9cop11azcc2|03|com"; nocase; ) # sq6oxt13r0tfw17h3j2ylq61r3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sq6oxt13r0tfw17h3j2ylq61r3|03|net"; nocase; ) # 12kly1x19a5x2d10c7xhicztevy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12kly1x19a5x2d10c7xhicztevy|03|org"; nocase; ) # 85ynud17k2pe915tk1wscc83ku.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|85ynud17k2pe915tk1wscc83ku|03|com"; nocase; ) # nork4wphzx801lyt0gyje9r7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nork4wphzx801lyt0gyje9r7h|03|org"; nocase; ) # 1fw66wwxrb7761d9f4ee1vz7t10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fw66wwxrb7761d9f4ee1vz7t10|03|net"; nocase; ) # rjr5591mgcucp1vskyoopg44or.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rjr5591mgcucp1vskyoopg44or|03|org"; nocase; ) # iaoonhh9htzl1gy03eyjtm7ve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iaoonhh9htzl1gy03eyjtm7ve|03|com"; nocase; ) # 15lu29q5r3nhqq2w90levk51j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15lu29q5r3nhqq2w90levk51j|03|net"; nocase; ) # sj86hwt7p2m43xawthcjgj4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|sj86hwt7p2m43xawthcjgj4|03|org"; nocase; ) # 1fpvawg1wa0m2l1cg4x8viv7wy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fpvawg1wa0m2l1cg4x8viv7wy|03|net"; nocase; ) # v11oiv1nk5hj4c0k8031kg1q6c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v11oiv1nk5hj4c0k8031kg1q6c|03|biz"; nocase; ) # 71q47j128ybgfn39a221871ydq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|71q47j128ybgfn39a221871ydq|03|biz"; nocase; ) # 1n5no7v7o97mvfrrd1h1pqxxh7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n5no7v7o97mvfrrd1h1pqxxh7|03|org"; nocase; ) # u1uxenfzgq791yfzcab1r8ecqr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u1uxenfzgq791yfzcab1r8ecqr|03|com"; nocase; ) # 16b82o51i7yhwcutics31av2hkg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16b82o51i7yhwcutics31av2hkg|03|biz"; nocase; ) # 1828dtn1aos26x1g5kgr268v6q9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1828dtn1aos26x1g5kgr268v6q9|03|net"; nocase; ) # pwraj1b4m3d11gxqa1qyoq82v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pwraj1b4m3d11gxqa1qyoq82v|03|biz"; nocase; ) # mw0yu8z9u5v1ier3tp1tncrtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mw0yu8z9u5v1ier3tp1tncrtm|03|net"; nocase; ) # i9cilr7mc2d81wz02lny4h7ft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i9cilr7mc2d81wz02lny4h7ft|03|org"; nocase; ) # 1k62ertx2p3m1ci7x4i10m8aim.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k62ertx2p3m1ci7x4i10m8aim|03|net"; nocase; ) # 4htmozda1jp717tk3011az6961.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4htmozda1jp717tk3011az6961|03|com"; nocase; ) # v5i18y1p4oezdwss0pq1nm514m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5i18y1p4oezdwss0pq1nm514m|03|org"; nocase; ) # vplja414asayjjasd4c1srrm2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vplja414asayjjasd4c1srrm2i|03|net"; nocase; ) # 1oaqopxj1ojyc1s7sy9uj3dkag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oaqopxj1ojyc1s7sy9uj3dkag|03|biz"; nocase; ) # qv5jhm1plncdq18janhwoix542.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qv5jhm1plncdq18janhwoix542|03|net"; nocase; ) # 1tmho5scpkv0mnr62oeigo904.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tmho5scpkv0mnr62oeigo904|03|biz"; nocase; ) # 1ssixxp1lfh2se14s72f6gl50t9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ssixxp1lfh2se14s72f6gl50t9|03|net"; nocase; ) # jw3v8l18t59ub1khxsz51vc008u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jw3v8l18t59ub1khxsz51vc008u|03|com"; nocase; ) # 1s6t1dk1mgnh5q1urkite1indw7a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s6t1dk1mgnh5q1urkite1indw7a|03|com"; nocase; ) # 1rqq7iu1wmfve21dowx7x1y300ku.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rqq7iu1wmfve21dowx7x1y300ku|03|net"; nocase; ) # ukd9pi1x6s97ntd7bayqm9phn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ukd9pi1x6s97ntd7bayqm9phn|03|net"; nocase; ) # vxq4l2ti8hjm1r7bm5cxo6icz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vxq4l2ti8hjm1r7bm5cxo6icz|03|com"; nocase; ) # 1y016vxhvi4k1pc7vmr1hcl38n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y016vxhvi4k1pc7vmr1hcl38n|03|org"; nocase; ) # 1e5onlh146tn19m06zcw15i5t12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e5onlh146tn19m06zcw15i5t12|03|com"; nocase; ) # 1vku5wanytztr3zs9ot4f0ohy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vku5wanytztr3zs9ot4f0ohy|03|org"; nocase; ) # 19zx60mgu4xw0p7xj9ecsmdut.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19zx60mgu4xw0p7xj9ecsmdut|03|org"; nocase; ) # hxl2jv1u8ttreyc7e7v139ij73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hxl2jv1u8ttreyc7e7v139ij73|03|net"; nocase; ) # jvtp8u1xpk7gs1ka4ho78kb5xy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jvtp8u1xpk7gs1ka4ho78kb5xy|03|biz"; nocase; ) # 1f49r7w1r9hbs91tbixadiux0ce.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f49r7w1r9hbs91tbixadiux0ce|03|net"; nocase; ) # 10o47cd1tnhlqd1h0295nrhb635.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10o47cd1tnhlqd1h0295nrhb635|03|org"; nocase; ) # 1a6c751130g9jva3f0e8330c8u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6c751130g9jva3f0e8330c8u|03|com"; nocase; ) # cxkm2x1yyfdzc19yl9021lgh7gy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cxkm2x1yyfdzc19yl9021lgh7gy|03|org"; nocase; ) # 1k3k9pogp71811iqu5sa1ontq7j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k3k9pogp71811iqu5sa1ontq7j|03|biz"; nocase; ) # 1nmyo3ncebztup05auf1d9fl7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nmyo3ncebztup05auf1d9fl7w|03|net"; nocase; ) # 1tmkqai1s1e3fd4833mk1yh7cwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tmkqai1s1e3fd4833mk1yh7cwm|03|net"; nocase; ) # b10w2y101wt5t1wfjccasj8cy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b10w2y101wt5t1wfjccasj8cy8|03|net"; nocase; ) # 13q76ixo08ogqxzgcl2hzusze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13q76ixo08ogqxzgcl2hzusze|03|org"; nocase; ) # 1usjkavb8bk081eouzq11m34y2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1usjkavb8bk081eouzq11m34y2f|03|com"; nocase; ) # nz5j36l6g758fdnpftor9zd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|nz5j36l6g758fdnpftor9zd|03|org"; nocase; ) # xbjs5v18cnfyl163u9zf1txl8pf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xbjs5v18cnfyl163u9zf1txl8pf|03|com"; nocase; ) # wzzgo21omhx7vzhxs9k1t4ixvm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzzgo21omhx7vzhxs9k1t4ixvm|03|biz"; nocase; ) # 1wg4r09kr42fz1y6zmb61ihvpor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wg4r09kr42fz1y6zmb61ihvpor|03|net"; nocase; ) # 1bfiiaf402izheikbvn1d9xi8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfiiaf402izheikbvn1d9xi8s|03|com"; nocase; ) # 5r7o8g1sypcz81waps3q8rtzoo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5r7o8g1sypcz81waps3q8rtzoo|03|net"; nocase; ) # zpkkyd10iyvymw4z4a4th3163.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zpkkyd10iyvymw4z4a4th3163|03|biz"; nocase; ) # o1bczk8cku2r14otka3kcbb0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1bczk8cku2r14otka3kcbb0a|03|org"; nocase; ) # 1u6utooxc87k71ok8xdx12enp1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u6utooxc87k71ok8xdx12enp1d|03|org"; nocase; ) # i8ezqim2gkde11e3idchyucb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i8ezqim2gkde11e3idchyucb2|03|net"; nocase; ) # 1qh549g1w9ejb3my6eiyhfgoqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qh549g1w9ejb3my6eiyhfgoqg|03|net"; nocase; ) # 1x68wmiyubbbf1brc5do51x2wr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x68wmiyubbbf1brc5do51x2wr|03|org"; nocase; ) # 1mv6vnp17uv3qa1mrz6cj4rfjgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mv6vnp17uv3qa1mrz6cj4rfjgt|03|com"; nocase; ) # jtd9f21irl0uceilabv8enjo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jtd9f21irl0uceilabv8enjo|03|net"; nocase; ) # ti5af1m7oaoh1kivm17wyk7iz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ti5af1m7oaoh1kivm17wyk7iz|03|com"; nocase; ) # bqmq07ta2lh97wy4lo1cgbvej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bqmq07ta2lh97wy4lo1cgbvej|03|org"; nocase; ) # d9p41j1bdl19l1hnsuy01u0mvjq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d9p41j1bdl19l1hnsuy01u0mvjq|03|biz"; nocase; ) # 15rg0ywrq13w6xmtl8xyswd7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15rg0ywrq13w6xmtl8xyswd7y|03|net"; nocase; ) # 1syubod1p9bqqu8yrivp19r4gof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1syubod1p9bqqu8yrivp19r4gof|03|org"; nocase; ) # 19vj9wp1w8khta1bfte6as6xgso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19vj9wp1w8khta1bfte6as6xgso|03|net"; nocase; ) # sd7mnqh0a4yficfxme16opxub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sd7mnqh0a4yficfxme16opxub|03|net"; nocase; ) # 1ym8bae4kgcum1onu8np15cloq1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ym8bae4kgcum1onu8np15cloq1|03|com"; nocase; ) # owm9ka1lhtchy1ecktr21ru2rfk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|owm9ka1lhtchy1ecktr21ru2rfk|03|org"; nocase; ) # 1xhfigqp3n40ziadw41gc01gt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xhfigqp3n40ziadw41gc01gt|03|com"; nocase; ) # 1a9k4xz12ogf7r1owna1d8opo06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a9k4xz12ogf7r1owna1d8opo06|03|net"; nocase; ) # 3fy1qg1uumgmy1py4wqei8lq89.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3fy1qg1uumgmy1py4wqei8lq89|03|biz"; nocase; ) # rwu7v31do2emt1110kyb3fgmn6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rwu7v31do2emt1110kyb3fgmn6|03|com"; nocase; ) # c55kle98ye8m7bo6mw1usoqcp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c55kle98ye8m7bo6mw1usoqcp|03|org"; nocase; ) # 1oqd4ws14xljcf1v8cmbn1c1l81n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oqd4ws14xljcf1v8cmbn1c1l81n|03|biz"; nocase; ) # btvxc01c52ylaki4r0m1v4gfci.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|btvxc01c52ylaki4r0m1v4gfci|03|net"; nocase; ) # 18cpkrl18d4z6g8xfdq9wusz8n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18cpkrl18d4z6g8xfdq9wusz8n|03|net"; nocase; ) # wi4r121x7s0ea1s5d4kr1l4ahky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wi4r121x7s0ea1s5d4kr1l4ahky|03|com"; nocase; ) # v74wj4atoak9gtx70bgk67lc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v74wj4atoak9gtx70bgk67lc|03|com"; nocase; ) # i3rlcvri7nt415yvsfif7m6qs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i3rlcvri7nt415yvsfif7m6qs|03|org"; nocase; ) # aaqlyx1vhkdio1wt031qtgmmkl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aaqlyx1vhkdio1wt031qtgmmkl|03|biz"; nocase; ) # 1b5kiy9k7cn721w95tuz1ymhc9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b5kiy9k7cn721w95tuz1ymhc9a|03|org"; nocase; ) # 1bwengaddhozyqvze169j7fag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bwengaddhozyqvze169j7fag|03|biz"; nocase; ) # 4f4lc6vify5b1s38zxl1ssotfr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4f4lc6vify5b1s38zxl1ssotfr|03|net"; nocase; ) # 1wpy18q19pzpgq7ri2kh121a2oo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wpy18q19pzpgq7ri2kh121a2oo|03|com"; nocase; ) # 1xzyri21igitmj1g2m5sf1d6xhm1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xzyri21igitmj1g2m5sf1d6xhm1|03|net"; nocase; ) # 2php6xcvkpluqppx2y1mi9zlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2php6xcvkpluqppx2y1mi9zlc|03|org"; nocase; ) # 1v5w56f1jpl88i10zljj41rosy9l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v5w56f1jpl88i10zljj41rosy9l|03|net"; nocase; ) # 10qmd6n1bu1n2lpiogp72yo77e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10qmd6n1bu1n2lpiogp72yo77e|03|org"; nocase; ) # eehm8t1dsdivn11rlvdy11jav6c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eehm8t1dsdivn11rlvdy11jav6c|03|org"; nocase; ) # 1y5rspe18b1sp38q70yj1ivtbw7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y5rspe18b1sp38q70yj1ivtbw7|03|net"; nocase; ) # qrcuxi1pr6ilmucn8hp1lmdb7p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qrcuxi1pr6ilmucn8hp1lmdb7p|03|biz"; nocase; ) # zx6y1814x405n1ohipyh1ud6fr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zx6y1814x405n1ohipyh1ud6fr1|03|com"; nocase; ) # 1f2svil15pfcop1m1lj2s1tn3dpc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f2svil15pfcop1m1lj2s1tn3dpc|03|net"; nocase; ) # 19267td16hieon3tfhhx11urx0x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19267td16hieon3tfhhx11urx0x|03|biz"; nocase; ) # smtok7qoju0r6onwm29qovxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|smtok7qoju0r6onwm29qovxo|03|net"; nocase; ) # 1uj93wplsgyf21xoguub1uigxy9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uj93wplsgyf21xoguub1uigxy9|03|net"; nocase; ) # mqymaf2tjlis129z0pcjakejw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mqymaf2tjlis129z0pcjakejw|03|org"; nocase; ) # 1cq7bahwz5eug1a106mtgk156u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cq7bahwz5eug1a106mtgk156u|03|net"; nocase; ) # 7hhxu31q0v95bcckevz1jdpfyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7hhxu31q0v95bcckevz1jdpfyd|03|org"; nocase; ) # 72oamgd1haco3xnlq4zrjgv9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|72oamgd1haco3xnlq4zrjgv9|03|net"; nocase; ) # f953n81u8pwky84rgb7b2aynn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f953n81u8pwky84rgb7b2aynn|03|org"; nocase; ) # 14z75w95xh9ut1rmodaj1yk80nd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14z75w95xh9ut1rmodaj1yk80nd|03|org"; nocase; ) # 1k1nlfqz29sboyb55lx1amguje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k1nlfqz29sboyb55lx1amguje|03|org"; nocase; ) # 1m9hzab129txg1khxprxav1ma8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m9hzab129txg1khxprxav1ma8|03|net"; nocase; ) # 1te05ebt9npd1lte8zyjce0p1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1te05ebt9npd1lte8zyjce0p1|03|org"; nocase; ) # mp6y1k16pg4w2kwdq75lhm9u2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mp6y1k16pg4w2kwdq75lhm9u2|03|net"; nocase; ) # 21hkp56u8zl6o2xeodm747yw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|21hkp56u8zl6o2xeodm747yw|03|org"; nocase; ) # 1ymls0au3c5jma0jqun18zan5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ymls0au3c5jma0jqun18zan5e|03|net"; nocase; ) # 1ui6pm2nrjo9neqixl1g9bpho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ui6pm2nrjo9neqixl1g9bpho|03|com"; nocase; ) # 1b714yka0ztvq101uyapyzucmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b714yka0ztvq101uyapyzucmh|03|com"; nocase; ) # kuway6tk1ub4s7z9ap1jskatl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kuway6tk1ub4s7z9ap1jskatl|03|net"; nocase; ) # 1rr1y6vk7msxd1sxtl8r17jmueg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rr1y6vk7msxd1sxtl8r17jmueg|03|biz"; nocase; ) # 1eqiv4fvhzmnmi4m6m41ycwy6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eqiv4fvhzmnmi4m6m41ycwy6o|03|org"; nocase; ) # 6bl7ce1osz4wwbqtrr5ailuhg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6bl7ce1osz4wwbqtrr5ailuhg|03|org"; nocase; ) # rdck5scg6p8795rnef2m93hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdck5scg6p8795rnef2m93hu|03|com"; nocase; ) # 1st63x71w3tn5114i9xgc1vg1bei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1st63x71w3tn5114i9xgc1vg1bei|03|biz"; nocase; ) # 1qkw7hpbb2gkoj6dcla40zxhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qkw7hpbb2gkoj6dcla40zxhi|03|com"; nocase; ) # 9y2sjk6vsdy4hhy661d9f8lo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9y2sjk6vsdy4hhy661d9f8lo|03|net"; nocase; ) # ar4c9g1pxvfl411h0f827ugafo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ar4c9g1pxvfl411h0f827ugafo|03|com"; nocase; ) # d1h0aoaqixhezxamvp13pqcno.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d1h0aoaqixhezxamvp13pqcno|03|net"; nocase; ) # 1row6yit201ku1dkw07376rztd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1row6yit201ku1dkw07376rztd|03|biz"; nocase; ) # 14qcmnp1o0t4381o5lpjzv8svcm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14qcmnp1o0t4381o5lpjzv8svcm|03|org"; nocase; ) # eyx8at2rxrew19k6av5whsvfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eyx8at2rxrew19k6av5whsvfb|03|net"; nocase; ) # hpkve1sm7k2x1skme0a7p1317.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hpkve1sm7k2x1skme0a7p1317|03|com"; nocase; ) # qmdlf91ew79z4vj58pni10wvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmdlf91ew79z4vj58pni10wvs|03|com"; nocase; ) # 1d0ym0m14l89tj1i2ummb6t5qqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d0ym0m14l89tj1i2ummb6t5qqf|03|biz"; nocase; ) # yxuzow1ksb61vafxpjj1gc2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yxuzow1ksb61vafxpjj1gc2n|03|net"; nocase; ) # kh1bd866w8pvfd2tog1foe4b0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kh1bd866w8pvfd2tog1foe4b0|03|org"; nocase; ) # 1ofc2e51uo0ztz1b86y9mjf4vg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ofc2e51uo0ztz1b86y9mjf4vg|03|biz"; nocase; ) # jhj1jb4whucd1y3qkmdbykmyo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jhj1jb4whucd1y3qkmdbykmyo|03|com"; nocase; ) # he4vrb141g4g71mz0thyd0e1yf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|he4vrb141g4g71mz0thyd0e1yf|03|biz"; nocase; ) # 18lox5tefx5yl8avb7gq7111g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18lox5tefx5yl8avb7gq7111g|03|com"; nocase; ) # pcbzoi180vouh1lqf7r7b6uku3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pcbzoi180vouh1lqf7r7b6uku3|03|org"; nocase; ) # 1p80skqzegnzq12s4xfep5n921.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p80skqzegnzq12s4xfep5n921|03|biz"; nocase; ) # 18kwx1boptsow1nvf4j0p1kywa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18kwx1boptsow1nvf4j0p1kywa|03|net"; nocase; ) # 7s7app8k5v8u1iml9ks1e9t51w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7s7app8k5v8u1iml9ks1e9t51w|03|org"; nocase; ) # liuk6adtg70z1ksynsa1wyxcht.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|liuk6adtg70z1ksynsa1wyxcht|03|biz"; nocase; ) # 5tat24b7z3ew1exllqfq49pdm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5tat24b7z3ew1exllqfq49pdm|03|org"; nocase; ) # 1g447wd1w35i3q1h10h8tgq6c1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g447wd1w35i3q1h10h8tgq6c1t|03|org"; nocase; ) # shpwcqhi08y71w5znfg9s4qle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|shpwcqhi08y71w5znfg9s4qle|03|org"; nocase; ) # 4b3txcah8vbqicxivk1l2pmol.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4b3txcah8vbqicxivk1l2pmol|03|net"; nocase; ) # 1h52ayx1du11hyr4mr071ppxrmo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h52ayx1du11hyr4mr071ppxrmo|03|com"; nocase; ) # 1wvz9agf64msjoy13ca1ig5yk5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wvz9agf64msjoy13ca1ig5yk5|03|org"; nocase; ) # y67ccsqc9tnoryj5wb1dbio4i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y67ccsqc9tnoryj5wb1dbio4i|03|biz"; nocase; ) # udaav9h3l9jmr4wezylupynq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|udaav9h3l9jmr4wezylupynq|03|org"; nocase; ) # 1rzfbgy1pubx9yhyngjk1y3zv4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rzfbgy1pubx9yhyngjk1y3zv4b|03|net"; nocase; ) # 1pc34286anfjcjk8wij9qiag0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pc34286anfjcjk8wij9qiag0|03|net"; nocase; ) # 28z5i01b3t0a01xziui21xqdm7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|28z5i01b3t0a01xziui21xqdm7j|03|com"; nocase; ) # 1k6y8tgq7rrmv17q06p8kjyana.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k6y8tgq7rrmv17q06p8kjyana|03|net"; nocase; ) # gqnplypfketk114kku21kk11g8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gqnplypfketk114kku21kk11g8|03|biz"; nocase; ) # qtdc41wjrz3bd5i1pc1yex1rh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qtdc41wjrz3bd5i1pc1yex1rh|03|com"; nocase; ) # pm8twk42ef0c1mczt92irzwpg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pm8twk42ef0c1mczt92irzwpg|03|net"; nocase; ) # 11qys3ez8uyok1ei1m1qe67rqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11qys3ez8uyok1ei1m1qe67rqf|03|net"; nocase; ) # 1gcz7r81suh8lv1cnj66319zli2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gcz7r81suh8lv1cnj66319zli2a|03|com"; nocase; ) # 1kyarkx1xtxu5w1b3yka1yvu1pn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kyarkx1xtxu5w1b3yka1yvu1pn|03|com"; nocase; ) # 1m9hqef4n2o4ceua55q1gre0gx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m9hqef4n2o4ceua55q1gre0gx|03|org"; nocase; ) # 1nltr151yds9v9un7bek1lzuejo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nltr151yds9v9un7bek1lzuejo|03|com"; nocase; ) # fd3hrffdh8oi4rosgz1le6xk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fd3hrffdh8oi4rosgz1le6xk4|03|org"; nocase; ) # 1n2ou9211gfe1g36cvtw27mdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n2ou9211gfe1g36cvtw27mdr|03|biz"; nocase; ) # 1kgo8scivr7hj1amk6k11iga8kz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kgo8scivr7hj1amk6k11iga8kz|03|org"; nocase; ) # urvq1x14z6ju4lv7tfo11fw8a9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|urvq1x14z6ju4lv7tfo11fw8a9|03|com"; nocase; ) # 1z06cz3zthaokpoeisx1r1k4k2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1z06cz3zthaokpoeisx1r1k4k2|03|com"; nocase; ) # eahf3t1cikm0d1kklcdraso2a5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eahf3t1cikm0d1kklcdraso2a5|03|org"; nocase; ) # 1ycwx4osngdbugpwic6bvotep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ycwx4osngdbugpwic6bvotep|03|biz"; nocase; ) # 133dz8ytmssv0lxeo6o1bpfpjr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|133dz8ytmssv0lxeo6o1bpfpjr|03|net"; nocase; ) # dp19uzmms3m8129hr4nseggu2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dp19uzmms3m8129hr4nseggu2|03|biz"; nocase; ) # v5umuiuv6zqa13ekvevgyq9kh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v5umuiuv6zqa13ekvevgyq9kh|03|com"; nocase; ) # qsqj7t17lxo4mh9ukrw1ko0wmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qsqj7t17lxo4mh9ukrw1ko0wmf|03|biz"; nocase; ) # 1ort66b1wd0e5dyuuybm1jek5iv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ort66b1wd0e5dyuuybm1jek5iv|03|net"; nocase; ) # ucv3c1954o5759fq7c1ht5du3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ucv3c1954o5759fq7c1ht5du3|03|org"; nocase; ) # 1xcs4n11prqiuho77v8qg27q7z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xcs4n11prqiuho77v8qg27q7z|03|com"; nocase; ) # 15txc4l1v1pr9l1e9rx41nuz8jj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15txc4l1v1pr9l1e9rx41nuz8jj|03|com"; nocase; ) # 1yxrimd13ypnxj16y2ldp1l30aj2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yxrimd13ypnxj16y2ldp1l30aj2|03|com"; nocase; ) # u91umpeqakccuplx8t164ip59.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u91umpeqakccuplx8t164ip59|03|org"; nocase; ) # 1c2wi1p1aah8gim1s66w951p11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c2wi1p1aah8gim1s66w951p11|03|net"; nocase; ) # 46vwz7t9u542oo5ewb6vebp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|46vwz7t9u542oo5ewb6vebp3|03|com"; nocase; ) # 1ajtv2m1viuylj1pk8bd3wt2ftg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ajtv2m1viuylj1pk8bd3wt2ftg|03|org"; nocase; ) # ose3ee199m4ke1wls4hs1640r2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ose3ee199m4ke1wls4hs1640r2h|03|biz"; nocase; ) # 13qc4a71uetqsmphwkdr1q5q1eg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13qc4a71uetqsmphwkdr1q5q1eg|03|org"; nocase; ) # 1ujunum16y3ujw1e4czkh1ble5ej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ujunum16y3ujw1e4czkh1ble5ej|03|net"; nocase; ) # 126yqol3468f51n15m35g0ynem.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|126yqol3468f51n15m35g0ynem|03|biz"; nocase; ) # 1j41searjzbg1ltyx8k1ej07o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j41searjzbg1ltyx8k1ej07o|03|biz"; nocase; ) # yaafhvff2nd49j7o6n1911yyj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yaafhvff2nd49j7o6n1911yyj|03|net"; nocase; ) # 16sjx681eupg4p13v6rkbf2qwe0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16sjx681eupg4p13v6rkbf2qwe0|03|org"; nocase; ) # qjym52l4cimm3z404unqbl2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qjym52l4cimm3z404unqbl2l|03|biz"; nocase; ) # vghng2933dno8ivv41mm9cfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vghng2933dno8ivv41mm9cfa|03|org"; nocase; ) # w4sje283oam0gnaa251nfc35z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w4sje283oam0gnaa251nfc35z|03|com"; nocase; ) # 1dyg7psz2tc881xg76zh144p8y0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dyg7psz2tc881xg76zh144p8y0|03|org"; nocase; ) # ptfoi8igqeyy1ssqy4akgtf52.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ptfoi8igqeyy1ssqy4akgtf52|03|biz"; nocase; ) # thc79s15nb8jz12ft7141v3u3zc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|thc79s15nb8jz12ft7141v3u3zc|03|net"; nocase; ) # phnny81pk7wmat7g71ohhcey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|phnny81pk7wmat7g71ohhcey|03|net"; nocase; ) # 38hv441lpyyyku56fh012mv0rv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|38hv441lpyyyku56fh012mv0rv|03|biz"; nocase; ) # 1v409pqo0d1j11uk703nn4oa8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v409pqo0d1j11uk703nn4oa8h|03|net"; nocase; ) # hq7sur13vi75e1f7sa4m7tsekb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hq7sur13vi75e1f7sa4m7tsekb|03|org"; nocase; ) # 1v5iavgzg7y8e6kkvx21xhocs0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v5iavgzg7y8e6kkvx21xhocs0|03|com"; nocase; ) # 1av1h9ymmg9o010nq7bg99wwur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1av1h9ymmg9o010nq7bg99wwur|03|org"; nocase; ) # 14yrgowlk8bt1ggkfs11gbibu8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14yrgowlk8bt1ggkfs11gbibu8|03|biz"; nocase; ) # bs1m8eess4avn7790d1ja6qb3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bs1m8eess4avn7790d1ja6qb3|03|net"; nocase; ) # 18py8v2vk4z9i1ah3ac11bcj23k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18py8v2vk4z9i1ah3ac11bcj23k|03|net"; nocase; ) # 1q0ny641qn42gtp0k9d6lpz08y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q0ny641qn42gtp0k9d6lpz08y|03|org"; nocase; ) # jh9cd4nwosmh5l7l6jgqzynd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jh9cd4nwosmh5l7l6jgqzynd|03|org"; nocase; ) # 1wfrn3g14i2fr7yfb9vc16rdiet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfrn3g14i2fr7yfb9vc16rdiet|03|net"; nocase; ) # 1u9wqzl4ldsrpzf9h4mkalekb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9wqzl4ldsrpzf9h4mkalekb|03|org"; nocase; ) # xuthhu1tf3hcl1yo7hpfn6ndoz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xuthhu1tf3hcl1yo7hpfn6ndoz|03|org"; nocase; ) # naqq231fa21k01g4u8mr1q9y8h3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|naqq231fa21k01g4u8mr1q9y8h3|03|org"; nocase; ) # 68clci1oou2g34hzcs74cvjwz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|68clci1oou2g34hzcs74cvjwz|03|com"; nocase; ) # 1okxdeh56uyozia9ova1t2ndf3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1okxdeh56uyozia9ova1t2ndf3|03|org"; nocase; ) # 1d269i41xgtgacxhs7vo197d409.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d269i41xgtgacxhs7vo197d409|03|com"; nocase; ) # n31xd11iiiwpl9843hv2z4w15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n31xd11iiiwpl9843hv2z4w15|03|com"; nocase; ) # 1cbq0351bvzs5gnfk67s1j2n5qc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cbq0351bvzs5gnfk67s1j2n5qc|03|com"; nocase; ) # 1b1cvwo2fn8clwr2t7l1u94c0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b1cvwo2fn8clwr2t7l1u94c0h|03|biz"; nocase; ) # ivag7pr18r8l1ckew7a1mo0uid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ivag7pr18r8l1ckew7a1mo0uid|03|net"; nocase; ) # 1wzjkvf1cejydr1lf7r8x1pudp3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wzjkvf1cejydr1lf7r8x1pudp3y|03|com"; nocase; ) # 1gp12knxql17f18ei8zi10x9o17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gp12knxql17f18ei8zi10x9o17|03|net"; nocase; ) # 14vrsr7v7zm9pxkyxs18a8eiz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14vrsr7v7zm9pxkyxs18a8eiz|03|org"; nocase; ) # yg0nnuh3ufm216jq9j97nem3d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yg0nnuh3ufm216jq9j97nem3d|03|org"; nocase; ) # 1twog4n12d8l9slmu9qx16t8it7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twog4n12d8l9slmu9qx16t8it7|03|com"; nocase; ) # j7x6aq1p2esz71orfh2h11ffdoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j7x6aq1p2esz71orfh2h11ffdoy|03|net"; nocase; ) # 1qvfkev1pp1jnv1pc288n10xofte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qvfkev1pp1jnv1pc288n10xofte|03|org"; nocase; ) # 8mm3s9p4swof1ad6t7holaska.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8mm3s9p4swof1ad6t7holaska|03|org"; nocase; ) # 1xieoupwa5t1w1688slnrvgxcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xieoupwa5t1w1688slnrvgxcq|03|net"; nocase; ) # s9bp0t11cqtyqrywc231tgh82s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s9bp0t11cqtyqrywc231tgh82s|03|biz"; nocase; ) # 9toqro3cesyn1ldrtl91j24jc0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9toqro3cesyn1ldrtl91j24jc0|03|org"; nocase; ) # 1qyvdpc1ey948w19tyqt1houm56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qyvdpc1ey948w19tyqt1houm56|03|net"; nocase; ) # p1rc0jo5k35d154ol7nunojtd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p1rc0jo5k35d154ol7nunojtd|03|com"; nocase; ) # 1xic4c11tgqomqtojqhp1eiqybx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xic4c11tgqomqtojqhp1eiqybx|03|org"; nocase; ) # beq2hz4n6kqsrzia14i9h9i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|beq2hz4n6kqsrzia14i9h9i|03|com"; nocase; ) # 1j0bnoathttst1l2q8x1g09okk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j0bnoathttst1l2q8x1g09okk|03|net"; nocase; ) # legvcm3j1tkkleliej0zys5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|legvcm3j1tkkleliej0zys5|03|com"; nocase; ) # 1fekfvlva3p7qhlywun1dps6yl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fekfvlva3p7qhlywun1dps6yl|03|biz"; nocase; ) # wynwrq1v3bwaj1yqjs89zn8gk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wynwrq1v3bwaj1yqjs89zn8gk4|03|net"; nocase; ) # dydgvrk4oa0y1oyvlvh1mrkijx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dydgvrk4oa0y1oyvlvh1mrkijx|03|org"; nocase; ) # 1rdosinpje8ea8t36h5tkrssg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rdosinpje8ea8t36h5tkrssg|03|com"; nocase; ) # 18bus56qr3f7e58kkcs7afzce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18bus56qr3f7e58kkcs7afzce|03|biz"; nocase; ) # q5eod1xf2bc9yya40guukt96.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q5eod1xf2bc9yya40guukt96|03|net"; nocase; ) # 1ztqf3jr14xe1nq30w81jkt1hl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ztqf3jr14xe1nq30w81jkt1hl|03|net"; nocase; ) # 16b002m1koivfji8bia31ej4l7u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16b002m1koivfji8bia31ej4l7u|03|net"; nocase; ) # 1sfdebkzgtg1gjkihpxjwuio.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1sfdebkzgtg1gjkihpxjwuio|03|biz"; nocase; ) # 1yti0kq3xo1w41m6l66z1kja96p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yti0kq3xo1w41m6l66z1kja96p|03|biz"; nocase; ) # z32dim1bil45dgi51mltfwf58.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z32dim1bil45dgi51mltfwf58|03|com"; nocase; ) # fbo7n01r3waof18g2cpecd2lh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fbo7n01r3waof18g2cpecd2lh4|03|org"; nocase; ) # c24ha7i0ro86vyq43i1oelvi1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c24ha7i0ro86vyq43i1oelvi1|03|net"; nocase; ) # 1ygh89o1g8bl7b1fy0pi319o5ucs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ygh89o1g8bl7b1fy0pi319o5ucs|03|com"; nocase; ) # s6dwexh79t2t1yfxe5invrbg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s6dwexh79t2t1yfxe5invrbg|03|org"; nocase; ) # yq77k6siy8qgal0fcc1bur4bn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yq77k6siy8qgal0fcc1bur4bn|03|biz"; nocase; ) # 1sanyp41577lo2d55wm217uu0s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sanyp41577lo2d55wm217uu0s|03|com"; nocase; ) # 1kx43lb153svqvbo7g71503zlx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kx43lb153svqvbo7g71503zlx|03|org"; nocase; ) # 1ejff4nrxo6g5ejpgjjqetjzj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ejff4nrxo6g5ejpgjjqetjzj|03|net"; nocase; ) # 1yz9e6x7epl5l18fn5e01724i2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yz9e6x7epl5l18fn5e01724i2i|03|org"; nocase; ) # imcry61g22xvs1q0if2tw1cl61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imcry61g22xvs1q0if2tw1cl61|03|net"; nocase; ) # m5z051h46fpz14ih7kntds47t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5z051h46fpz14ih7kntds47t|03|net"; nocase; ) # 1vw1cj1a8outv1lvlnqrw9v289.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vw1cj1a8outv1lvlnqrw9v289|03|org"; nocase; ) # 1vboe3915koev2h8yr33jj6kf3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vboe3915koev2h8yr33jj6kf3|03|biz"; nocase; ) # 5xnhvj3mtxw2qg4h81lbycn7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5xnhvj3mtxw2qg4h81lbycn7|03|org"; nocase; ) # 104gpfho4nq69b04owx1kh1v7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|104gpfho4nq69b04owx1kh1v7o|03|com"; nocase; ) # oaotnh1qq2a6nboijuyvs5fan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oaotnh1qq2a6nboijuyvs5fan|03|org"; nocase; ) # fqhwbiun2d3f1djza4tcuz6yj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fqhwbiun2d3f1djza4tcuz6yj|03|com"; nocase; ) # 24okzovmu3twhwpq6pdsgh2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|24okzovmu3twhwpq6pdsgh2n|03|net"; nocase; ) # wqptbxq872rh1tg4gfjunxfln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wqptbxq872rh1tg4gfjunxfln|03|org"; nocase; ) # pthz7bw9azmm1ltn4rjx5lb5z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pthz7bw9azmm1ltn4rjx5lb5z|03|net"; nocase; ) # 79ica31of4mvj1138ehaeuhh8w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|79ica31of4mvj1138ehaeuhh8w|03|biz"; nocase; ) # p1b766gsriwpvgqyym1u3j9hz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p1b766gsriwpvgqyym1u3j9hz|03|org"; nocase; ) # 1gi3d1w13p58i2wypvkl1w07o0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gi3d1w13p58i2wypvkl1w07o0c|03|org"; nocase; ) # 1ozewxm12q2oz3kbw9ce1m2ggwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ozewxm12q2oz3kbw9ce1m2ggwu|03|net"; nocase; ) # 71oh0apd4l4g1tsw0f31xk2ddl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|71oh0apd4l4g1tsw0f31xk2ddl|03|biz"; nocase; ) # 1v67zljsrhc6g1i4k2681dbz8vb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v67zljsrhc6g1i4k2681dbz8vb|03|net"; nocase; ) # l4fplt1ejdmx4c9qs0n1fe24ci.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l4fplt1ejdmx4c9qs0n1fe24ci|03|org"; nocase; ) # 1x7gex81kmsliw6cq8wt1gnd1ss.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x7gex81kmsliw6cq8wt1gnd1ss|03|biz"; nocase; ) # z36nlk1n979u81gn2ff05awayv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z36nlk1n979u81gn2ff05awayv|03|net"; nocase; ) # q1mrb7wtp7ybotcedpr8de36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q1mrb7wtp7ybotcedpr8de36|03|net"; nocase; ) # 1vyu1bz1auwgt21j1afbvr0goxa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vyu1bz1auwgt21j1afbvr0goxa|03|org"; nocase; ) # 1dialklgrctggl59tvp1av8tlu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dialklgrctggl59tvp1av8tlu|03|net"; nocase; ) # 1u2vrkpnhe0yc3mo0we9izzzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u2vrkpnhe0yc3mo0we9izzzm|03|org"; nocase; ) # htjz0l26swc81imufhca1vcb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|htjz0l26swc81imufhca1vcb|03|net"; nocase; ) # 19jqxy71sln0fooj0k0wf0whqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19jqxy71sln0fooj0k0wf0whqc|03|org"; nocase; ) # wu72kymbykrc1anlk2b1fpil9i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wu72kymbykrc1anlk2b1fpil9i|03|org"; nocase; ) # 1dxaw7gj9emlg1jxtxca1l4xpqa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dxaw7gj9emlg1jxtxca1l4xpqa|03|com"; nocase; ) # 1c70yeidfzsa7sylh051ff28o2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c70yeidfzsa7sylh051ff28o2|03|org"; nocase; ) # 1no7toy155yosa9x8vol1ywixme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1no7toy155yosa9x8vol1ywixme|03|org"; nocase; ) # 10am1vygclklpgdk00gwy8j6z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10am1vygclklpgdk00gwy8j6z|03|com"; nocase; ) # 1cq6fwz1rp9w5rmdu7otb2l9es.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cq6fwz1rp9w5rmdu7otb2l9es|03|com"; nocase; ) # fh94bj77wd3b8vu7eq94536m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fh94bj77wd3b8vu7eq94536m|03|net"; nocase; ) # gil93lfto848e5c8gu1hhzydh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gil93lfto848e5c8gu1hhzydh|03|net"; nocase; ) # 15vn1231lsro8u1a894uvfdemy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15vn1231lsro8u1a894uvfdemy|03|org"; nocase; ) # pvnf8h15ik7w4ovvna618nmk9w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvnf8h15ik7w4ovvna618nmk9w|03|net"; nocase; ) # 1ly1vi4aj6hhg1b7n2o7nn50o1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ly1vi4aj6hhg1b7n2o7nn50o1|03|net"; nocase; ) # 6p95o91o3525r1cms5a1obg9m8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6p95o91o3525r1cms5a1obg9m8|03|net"; nocase; ) # 17akmmj1ygmavz78hv3p9y3tkt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17akmmj1ygmavz78hv3p9y3tkt|03|com"; nocase; ) # 85f1edgil69h1yjlye6b4fvnw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|85f1edgil69h1yjlye6b4fvnw|03|org"; nocase; ) # 1oyonae11dl4a115b0twh1odtemi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oyonae11dl4a115b0twh1odtemi|03|org"; nocase; ) # m6my868459vr15gkv0bgfmp7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m6my868459vr15gkv0bgfmp7c|03|net"; nocase; ) # 1bsxt6ze5mxmvqo6qv71wltpxs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bsxt6ze5mxmvqo6qv71wltpxs|03|org"; nocase; ) # 1v9oaktxceuce1wo3qy5bvo2qm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v9oaktxceuce1wo3qy5bvo2qm|03|biz"; nocase; ) # 1bd9rhd15biwlzjxq2701btelb5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bd9rhd15biwlzjxq2701btelb5|03|com"; nocase; ) # 1hsl9pb1sqrfdioxlaae10b4p5a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hsl9pb1sqrfdioxlaae10b4p5a|03|org"; nocase; ) # gmq5t4147mhsowaehzi1lfp26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gmq5t4147mhsowaehzi1lfp26|03|org"; nocase; ) # 68k6z3fbvn2ycg4tdlhp3nsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|68k6z3fbvn2ycg4tdlhp3nsn|03|net"; nocase; ) # 6s9ub41ccu6f31lwwymg1jzgbcz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6s9ub41ccu6f31lwwymg1jzgbcz|03|net"; nocase; ) # 15alk4d1mfuir51xqyxk1g1ntf0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15alk4d1mfuir51xqyxk1g1ntf0|03|biz"; nocase; ) # c99wg2j44kkx1nsedftqlp8n2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c99wg2j44kkx1nsedftqlp8n2|03|net"; nocase; ) # 3zbbrc12pnzlh1agkbc213gbj67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3zbbrc12pnzlh1agkbc213gbj67|03|com"; nocase; ) # hymmwxw2liwt7a6ppzqnd8du.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hymmwxw2liwt7a6ppzqnd8du|03|biz"; nocase; ) # c2wf90fijv92qib2lv4ve2yd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c2wf90fijv92qib2lv4ve2yd|03|com"; nocase; ) # 1lowtuqj0k901waeofv1nvzc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lowtuqj0k901waeofv1nvzc|03|net"; nocase; ) # 1gu0yk91ttif7to0ofkwhv469w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gu0yk91ttif7to0ofkwhv469w|03|org"; nocase; ) # mn5vgw30shjz1iwcrb9y2anbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mn5vgw30shjz1iwcrb9y2anbo|03|com"; nocase; ) # ktzrjp93dd8z116g1huufuh8z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ktzrjp93dd8z116g1huufuh8z|03|biz"; nocase; ) # 1d1xzfslg702h18877x91kgc3sh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d1xzfslg702h18877x91kgc3sh|03|org"; nocase; ) # 2knmdtnkufd7oonqkc29i25f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2knmdtnkufd7oonqkc29i25f|03|biz"; nocase; ) # 1d3rorf6lax343sn0no1wpn2m1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d3rorf6lax343sn0no1wpn2m1|03|com"; nocase; ) # bppduj4bk015ou8w8k18bddg6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bppduj4bk015ou8w8k18bddg6|03|com"; nocase; ) # 1m7zxku39w64b8pj6lt1hdkzly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7zxku39w64b8pj6lt1hdkzly|03|net"; nocase; ) # qbkw8n1bx1om41grivhw12969yt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qbkw8n1bx1om41grivhw12969yt|03|net"; nocase; ) # 13oan4z6i763y796m6y1x333oj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13oan4z6i763y796m6y1x333oj|03|biz"; nocase; ) # scyo9u1pnyzmu35q3gn161qwuj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|scyo9u1pnyzmu35q3gn161qwuj|03|org"; nocase; ) # ybzer0d6ecsxjzzv18u3c3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ybzer0d6ecsxjzzv18u3c3d|03|net"; nocase; ) # tni4401mmx9xc1ajgq6w12rath9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tni4401mmx9xc1ajgq6w12rath9|03|net"; nocase; ) # n6jl03v7s2r71m4149q1ruarp0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n6jl03v7s2r71m4149q1ruarp0|03|com"; nocase; ) # 1l4obf9z6arak141ld8s1mwsopo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4obf9z6arak141ld8s1mwsopo|03|net"; nocase; ) # 1rzv0ueslcaig16bda91e0og44.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rzv0ueslcaig16bda91e0og44|03|net"; nocase; ) # ov7ygz1rigi8l1piybte17bipjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ov7ygz1rigi8l1piybte17bipjb|03|biz"; nocase; ) # 1j2b0od1ii739g60j8u8rzxhjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j2b0od1ii739g60j8u8rzxhjv|03|com"; nocase; ) # 5xbk3f12lhbk2lcohnw1hgfbr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xbk3f12lhbk2lcohnw1hgfbr1|03|com"; nocase; ) # eq62vm1c7m8xl1vsrj8m1fqvqjd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eq62vm1c7m8xl1vsrj8m1fqvqjd|03|net"; nocase; ) # yv89u11prmk691amwdbf9q6yco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yv89u11prmk691amwdbf9q6yco|03|com"; nocase; ) # j03cfyeehngz1lg10pz11yrdpx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j03cfyeehngz1lg10pz11yrdpx|03|net"; nocase; ) # 15kdume1t1v9u4nujss2am6ut1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15kdume1t1v9u4nujss2am6ut1|03|net"; nocase; ) # mhjifbs6qyq61n957ff4ggixt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mhjifbs6qyq61n957ff4ggixt|03|net"; nocase; ) # mchtbnp4ib2b1p70k19633btg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mchtbnp4ib2b1p70k19633btg|03|biz"; nocase; ) # 13kn5w51fbzfqaan8dr619yd6i1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13kn5w51fbzfqaan8dr619yd6i1|03|net"; nocase; ) # 1if75kefexpcwkdaw9ymv7trc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1if75kefexpcwkdaw9ymv7trc|03|com"; nocase; ) # 1phit3ucqlc221hdmkx31l2ypg2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1phit3ucqlc221hdmkx31l2ypg2|03|net"; nocase; ) # 1flw05nmxrfgui4uw6o102dsbl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1flw05nmxrfgui4uw6o102dsbl|03|net"; nocase; ) # 1htwaihck5e7sm350hx18kp870.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1htwaihck5e7sm350hx18kp870|03|net"; nocase; ) # ngi1rk1p1rnfh1s9lzy01sr6x00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ngi1rk1p1rnfh1s9lzy01sr6x00|03|org"; nocase; ) # 1byp1c913jo7ar1xt2pdc1b5m2xq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1byp1c913jo7ar1xt2pdc1b5m2xq|03|org"; nocase; ) # 1wjfclnjuu5921u6uu7kwbo99f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjfclnjuu5921u6uu7kwbo99f|03|org"; nocase; ) # e9ds0l1xhcn0iq9jf6sfk3mj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9ds0l1xhcn0iq9jf6sfk3mj1|03|biz"; nocase; ) # sdk3o2160wm7n1npa3pl9hhg0f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sdk3o2160wm7n1npa3pl9hhg0f|03|org"; nocase; ) # 4j0nju10o9751oe7736wtx0v2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4j0nju10o9751oe7736wtx0v2|03|net"; nocase; ) # 12l4soj1i21an01nzxsqwg69dgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12l4soj1i21an01nzxsqwg69dgm|03|biz"; nocase; ) # n8eprmpc8cy416pqvx9t2uqyt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n8eprmpc8cy416pqvx9t2uqyt|03|net"; nocase; ) # 77swc71t1yujzrebbs345qekd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|77swc71t1yujzrebbs345qekd|03|biz"; nocase; ) # 271kut1pgtpeu9nh9oouv4qh1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|271kut1pgtpeu9nh9oouv4qh1|03|net"; nocase; ) # 1wfwv0e1ia9qie66oop6123rl5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfwv0e1ia9qie66oop6123rl5n|03|biz"; nocase; ) # 98fw0hrplrpz1sjowcr1celns1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98fw0hrplrpz1sjowcr1celns1|03|com"; nocase; ) # 1her2xl1elc6bo1bq7z936xi06d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1her2xl1elc6bo1bq7z936xi06d|03|org"; nocase; ) # ov87hmckhkuh11506g4iha80x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ov87hmckhkuh11506g4iha80x|03|com"; nocase; ) # vz36r11ij8jh1a4cb9yy0z4uh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vz36r11ij8jh1a4cb9yy0z4uh|03|biz"; nocase; ) # 13bn8nr1ak3spj1ooyhsn18i3r3p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13bn8nr1ak3spj1ooyhsn18i3r3p|03|com"; nocase; ) # 1tj0hcvuqz6ca1b4jeqdh07ikk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tj0hcvuqz6ca1b4jeqdh07ikk|03|net"; nocase; ) # tmzpz218xgnz03kglx5opcvca.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tmzpz218xgnz03kglx5opcvca|03|biz"; nocase; ) # uavmd38bjr6h1jpzd6y1ixeie9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uavmd38bjr6h1jpzd6y1ixeie9|03|org"; nocase; ) # rz10etjpohk15ae5ty3yc45r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rz10etjpohk15ae5ty3yc45r|03|net"; nocase; ) # po69ajofkgf2ydgjgnvi33zz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|po69ajofkgf2ydgjgnvi33zz|03|com"; nocase; ) # 14ddq20xp0nwey84r0n7pwj4a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14ddq20xp0nwey84r0n7pwj4a|03|org"; nocase; ) # 3rdsdoefkheza6dgpsuxyol0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3rdsdoefkheza6dgpsuxyol0|03|net"; nocase; ) # 1xbfwmz1372ym41s1j69h1o07etx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xbfwmz1372ym41s1j69h1o07etx|03|net"; nocase; ) # 1jdmycr1cqg69vs90pd13iyq0l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jdmycr1cqg69vs90pd13iyq0l|03|biz"; nocase; ) # 9vduw9w9zjerfcufid1erizaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9vduw9w9zjerfcufid1erizaf|03|com"; nocase; ) # 1s7dwb0gueu0r1axhgmhoew5f0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s7dwb0gueu0r1axhgmhoew5f0|03|biz"; nocase; ) # txsivsi6p8t5120fwvb5rdt0q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|txsivsi6p8t5120fwvb5rdt0q|03|com"; nocase; ) # 10rkx5itbkiv11b971fwmzmtp7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10rkx5itbkiv11b971fwmzmtp7|03|biz"; nocase; ) # 1ycv6v83lvqk01o1g0praw4zc7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ycv6v83lvqk01o1g0praw4zc7|03|com"; nocase; ) # 1276aij1k1k6jg1olbw3b1ywfi35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1276aij1k1k6jg1olbw3b1ywfi35|03|org"; nocase; ) # xzj4a8cpgc0vdp2kr917sp5cu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xzj4a8cpgc0vdp2kr917sp5cu|03|org"; nocase; ) # 1esrf1srvrxp9xcptrmqzkw9p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1esrf1srvrxp9xcptrmqzkw9p|03|org"; nocase; ) # 2odqdy134s6svvue3p41edwy68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2odqdy134s6svvue3p41edwy68|03|com"; nocase; ) # 1hbvffg18jm7gvpslh941moz4mw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hbvffg18jm7gvpslh941moz4mw|03|com"; nocase; ) # ipypd010tu0zkvuud72sojwnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ipypd010tu0zkvuud72sojwnh|03|biz"; nocase; ) # om2jygej89kdqucfbd1z0i125.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|om2jygej89kdqucfbd1z0i125|03|net"; nocase; ) # 1lc7jza1tlspymtuckoj1herop2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lc7jza1tlspymtuckoj1herop2|03|biz"; nocase; ) # 1v78ltt1ojk4fzlxoawh135zxm1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v78ltt1ojk4fzlxoawh135zxm1|03|com"; nocase; ) # 1nqy9b75jlx1uoh3uyf1oxmsgn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nqy9b75jlx1uoh3uyf1oxmsgn|03|net"; nocase; ) # aq7rcvswdojbmzw8rbkpy3f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aq7rcvswdojbmzw8rbkpy3f6|03|net"; nocase; ) # tn6jd5428wwo1qcyf484qqzxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tn6jd5428wwo1qcyf484qqzxq|03|com"; nocase; ) # 5agar5ko9i9puozu6dwzv6b8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5agar5ko9i9puozu6dwzv6b8|03|biz"; nocase; ) # lenly21tax4jiuvf2uh1dktm2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lenly21tax4jiuvf2uh1dktm2n|03|org"; nocase; ) # a1f3mk1irs1plerqlh21w8eyav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a1f3mk1irs1plerqlh21w8eyav|03|com"; nocase; ) # 1w5ryd21h233ynyrp1xl5xk7xa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w5ryd21h233ynyrp1xl5xk7xa|03|net"; nocase; ) # gn0fztm4cr7vl83ncx2p9oiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gn0fztm4cr7vl83ncx2p9oiu|03|com"; nocase; ) # 14tctut26h737vncdaxixtd4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14tctut26h737vncdaxixtd4|03|org"; nocase; ) # 1oo8e1l1x2vby41owr76m1ehzbju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oo8e1l1x2vby41owr76m1ehzbju|03|net"; nocase; ) # yaaeuo1xa5nl6dsc5701szyt2b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yaaeuo1xa5nl6dsc5701szyt2b|03|com"; nocase; ) # 1ehegig1gp7r3n18y6mqo1ir0qd5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ehegig1gp7r3n18y6mqo1ir0qd5|03|net"; nocase; ) # wrbhh3eef44jinrosj1o2gvya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wrbhh3eef44jinrosj1o2gvya|03|net"; nocase; ) # jnw40d1u2q2j5iw7r4parux9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jnw40d1u2q2j5iw7r4parux9v|03|net"; nocase; ) # lzwu2o6bhkan145rk451rj6k14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lzwu2o6bhkan145rk451rj6k14|03|com"; nocase; ) # 1fk37bw1v5rf1v1puggmxjpg6o6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fk37bw1v5rf1v1puggmxjpg6o6|03|com"; nocase; ) # cqykdwirrvld1sawlb5rjq3jq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cqykdwirrvld1sawlb5rjq3jq|03|org"; nocase; ) # sn32nx1gv6webpxmfwp1ihv4y0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sn32nx1gv6webpxmfwp1ihv4y0|03|net"; nocase; ) # 85o07u1b8f9z8robzsoylkr0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|85o07u1b8f9z8robzsoylkr0b|03|net"; nocase; ) # 1n4zhuk14e5ovb11fkthqjw54tj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n4zhuk14e5ovb11fkthqjw54tj|03|net"; nocase; ) # gc1zesvst9881959z3s8eps14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gc1zesvst9881959z3s8eps14|03|com"; nocase; ) # icn06v1v70op316zyxqzr44wt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|icn06v1v70op316zyxqzr44wt|03|com"; nocase; ) # 8v6b1k1pq3o21xcodfd11jrclw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8v6b1k1pq3o21xcodfd11jrclw|03|com"; nocase; ) # 1lq8qy3eof5s7mim2j1ck8b5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lq8qy3eof5s7mim2j1ck8b5q|03|com"; nocase; ) # 1nalhuo1px08yv7zuil71q1o5i4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nalhuo1px08yv7zuil71q1o5i4|03|biz"; nocase; ) # 1k2lluv13n2ohi1rzlyewo031ps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k2lluv13n2ohi1rzlyewo031ps|03|net"; nocase; ) # 1sllpad11nacw2qklcd41244djw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sllpad11nacw2qklcd41244djw|03|net"; nocase; ) # 11p1i3y1dvvnoak2gnyem80o20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11p1i3y1dvvnoak2gnyem80o20|03|com"; nocase; ) # zynr3v17cdzm810a9sjutxvirg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zynr3v17cdzm810a9sjutxvirg|03|org"; nocase; ) # 1tnf5301khih9h15pgtf418hx1so.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tnf5301khih9h15pgtf418hx1so|03|net"; nocase; ) # 1s9qkc5ll3xnf4dz3kk1ly7pnh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s9qkc5ll3xnf4dz3kk1ly7pnh|03|net"; nocase; ) # 19yex4jxkfrrc131wzgctge5u4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19yex4jxkfrrc131wzgctge5u4|03|com"; nocase; ) # uaasiqsc0jnq1s82tazo1w93p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uaasiqsc0jnq1s82tazo1w93p|03|org"; nocase; ) # 1rjapm518gqwhi1w8isxw1oc3hbm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rjapm518gqwhi1w8isxw1oc3hbm|03|net"; nocase; ) # 18vohfw1wci91917zblgr156boiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18vohfw1wci91917zblgr156boiu|03|net"; nocase; ) # vktm661npq0h41ar5ts5541685.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vktm661npq0h41ar5ts5541685|03|com"; nocase; ) # zxsfhc10pubkf10r4v4o1d2km8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zxsfhc10pubkf10r4v4o1d2km8m|03|org"; nocase; ) # 1840v9nc0el6qivxgy51dobh1o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1840v9nc0el6qivxgy51dobh1o|03|com"; nocase; ) # 1x3do42mmweninjr5az1tuvtwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x3do42mmweninjr5az1tuvtwm|03|biz"; nocase; ) # 1h3hexj1wj64u5asxop010e6qz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3hexj1wj64u5asxop010e6qz7|03|com"; nocase; ) # 16ik60q1vj0f7m1b2ih8obbtre5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ik60q1vj0f7m1b2ih8obbtre5|03|net"; nocase; ) # 5f04xeykdw7710jlnzdlmnfll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5f04xeykdw7710jlnzdlmnfll|03|net"; nocase; ) # 5bvsin1ivc9ezpu55owopip93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5bvsin1ivc9ezpu55owopip93|03|net"; nocase; ) # 1f84lnjy7cch36fcuiq1eycsbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f84lnjy7cch36fcuiq1eycsbv|03|com"; nocase; ) # 184c4zrqwcxq514nrhbkiw0jl4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184c4zrqwcxq514nrhbkiw0jl4|03|biz"; nocase; ) # 1oyygrr1us591o1smtn5q1t4rkgh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oyygrr1us591o1smtn5q1t4rkgh|03|com"; nocase; ) # 10qqhwasw2vai13xmrnr1ovjw4u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10qqhwasw2vai13xmrnr1ovjw4u|03|org"; nocase; ) # 8hkdeg7q4qjr1vgsbeyi8dhma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8hkdeg7q4qjr1vgsbeyi8dhma|03|com"; nocase; ) # ovim3nik4ksi4bxfta164r1wl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovim3nik4ksi4bxfta164r1wl|03|biz"; nocase; ) # p5w1armml1upz05z197h4nm4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p5w1armml1upz05z197h4nm4|03|net"; nocase; ) # 1vlkvxy1emxi51i3eip01wzah61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vlkvxy1emxi51i3eip01wzah61|03|net"; nocase; ) # 1vc8xux190jvlyba340w323qdg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vc8xux190jvlyba340w323qdg|03|org"; nocase; ) # m229uwim4ws02d10m21u5ems.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m229uwim4ws02d10m21u5ems|03|net"; nocase; ) # emyv07fk1yhyq0vbsyf3qxdn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|emyv07fk1yhyq0vbsyf3qxdn|03|org"; nocase; ) # 14g6ikozbvyz41jy9r335ldwub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14g6ikozbvyz41jy9r335ldwub|03|net"; nocase; ) # j3ouknbhe1n28pbai61fed6n2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j3ouknbhe1n28pbai61fed6n2|03|com"; nocase; ) # l4nivq1o54tgr1370jbb17qs8zd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l4nivq1o54tgr1370jbb17qs8zd|03|biz"; nocase; ) # y24do81fghp23156lzuh8izwwc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y24do81fghp23156lzuh8izwwc|03|net"; nocase; ) # lp2u61zdo6tkrsv9vlqukxlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lp2u61zdo6tkrsv9vlqukxlc|03|org"; nocase; ) # 1vovq7u1xcrbc41xm6ydu5hq12w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vovq7u1xcrbc41xm6ydu5hq12w|03|net"; nocase; ) # xo5nza11bsbfs19eyd8x120bv4h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xo5nza11bsbfs19eyd8x120bv4h|03|com"; nocase; ) # 1f6btmdo6re1nnaggaiy9tv08.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f6btmdo6re1nnaggaiy9tv08|03|net"; nocase; ) # 1aim9qr8ry84z4dj4v2xjbqmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aim9qr8ry84z4dj4v2xjbqmb|03|org"; nocase; ) # vpj5dq1molwj81l0qyfte3g1ki.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vpj5dq1molwj81l0qyfte3g1ki|03|com"; nocase; ) # 1xwyxpg1l4uop91j8indx1tyttq9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xwyxpg1l4uop91j8indx1tyttq9|03|biz"; nocase; ) # y6md0h15bb8ud1sepies7i1p7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6md0h15bb8ud1sepies7i1p7l|03|org"; nocase; ) # 19d9ypo15gb4ig33v3ergyzbvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19d9ypo15gb4ig33v3ergyzbvg|03|net"; nocase; ) # 1flmkd5bq2t1w11s3yol1sgu72d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1flmkd5bq2t1w11s3yol1sgu72d|03|org"; nocase; ) # dgm3m5mdnqhc1mhqf8b1ymn0nm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dgm3m5mdnqhc1mhqf8b1ymn0nm|03|biz"; nocase; ) # 1c9d21e1ld54rwscow7it7ray8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c9d21e1ld54rwscow7it7ray8|03|org"; nocase; ) # 1485kffsnh5l216tatwf1gxr2l3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1485kffsnh5l216tatwf1gxr2l3|03|com"; nocase; ) # c3ttmpnxehp1165036p14xu1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c3ttmpnxehp1165036p14xu1o|03|net"; nocase; ) # y72geo197t13h1xxj5g71cemey4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y72geo197t13h1xxj5g71cemey4|03|biz"; nocase; ) # 1y1pjkw1bux5pw14apsp61k91odz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y1pjkw1bux5pw14apsp61k91odz|03|org"; nocase; ) # 1mnz6op17zlg8oxz34jr1gqr8sv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnz6op17zlg8oxz34jr1gqr8sv|03|com"; nocase; ) # tqzhi9wqd8p01b3drjg1rsq0mh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tqzhi9wqd8p01b3drjg1rsq0mh|03|net"; nocase; ) # koutpf1pxr5fin6qw7813g8u8i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|koutpf1pxr5fin6qw7813g8u8i|03|net"; nocase; ) # 1gnbh9e1xoyirtkcryrff43iwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gnbh9e1xoyirtkcryrff43iwo|03|org"; nocase; ) # 13s4cmp1ttpelc113soqi1e8v1sc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13s4cmp1ttpelc113soqi1e8v1sc|03|com"; nocase; ) # 914edn1yhdaoy3e3hm0hsfzg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|914edn1yhdaoy3e3hm0hsfzg1|03|com"; nocase; ) # do4s0gaehr2l1ksnx5f18rpi6f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|do4s0gaehr2l1ksnx5f18rpi6f|03|org"; nocase; ) # aoysl11j1p1xg1xf5tr91192f90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aoysl11j1p1xg1xf5tr91192f90|03|com"; nocase; ) # 1m1cqsb1qvmly31cbwtdqv8jw80.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m1cqsb1qvmly31cbwtdqv8jw80|03|org"; nocase; ) # 6h0g5a1botgp41bfhepl10l5pxy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6h0g5a1botgp41bfhepl10l5pxy|03|com"; nocase; ) # 13omyrq1gkieaj1437to4zwhnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13omyrq1gkieaj1437to4zwhnc|03|net"; nocase; ) # v463m1df6yzx1bkzc6p1ae183g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v463m1df6yzx1bkzc6p1ae183g|03|org"; nocase; ) # 6znnh81eas8ej18afp1chdp9t5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6znnh81eas8ej18afp1chdp9t5|03|net"; nocase; ) # 4tek541ktts8s16yhe9rcol049.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4tek541ktts8s16yhe9rcol049|03|net"; nocase; ) # y05yy036zw4s1hkzsqh1n6iwcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y05yy036zw4s1hkzsqh1n6iwcb|03|com"; nocase; ) # 14ht471kbtor1q0ul6b19j7m9w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ht471kbtor1q0ul6b19j7m9w|03|net"; nocase; ) # l72lhm1qy9vq1oa9y141cr0b6a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l72lhm1qy9vq1oa9y141cr0b6a|03|org"; nocase; ) # 1t1bweqlzf3dc1x1azcedv9rt1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1bweqlzf3dc1x1azcedv9rt1|03|net"; nocase; ) # cz3ars12d2pfq8s9c8l1juvve5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cz3ars12d2pfq8s9c8l1juvve5|03|biz"; nocase; ) # 120kpez7vngdc1tghwm8n3nwyh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120kpez7vngdc1tghwm8n3nwyh|03|com"; nocase; ) # 20241bl2cxonvqte1i43bym4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|20241bl2cxonvqte1i43bym4|03|biz"; nocase; ) # eqayw2f4dax9icoz1j1994ads.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqayw2f4dax9icoz1j1994ads|03|org"; nocase; ) # 1xekuvify5hb517dr01zfjzgri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xekuvify5hb517dr01zfjzgri|03|org"; nocase; ) # 1won7gt1ozi29c1uienpe1ve1zn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1won7gt1ozi29c1uienpe1ve1zn9|03|net"; nocase; ) # 3w932zujj8031ezq894kolpza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3w932zujj8031ezq894kolpza|03|org"; nocase; ) # a264ueq1xchw6wkzuuok4fix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a264ueq1xchw6wkzuuok4fix|03|net"; nocase; ) # 13g88yw1qpejaqaxtsi5bvmhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13g88yw1qpejaqaxtsi5bvmhb|03|biz"; nocase; ) # 1pqvdzz7j82fl1hpq2b41q4hjp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pqvdzz7j82fl1hpq2b41q4hjp2|03|org"; nocase; ) # 1cmlzyu1ws7xod1p1ev6k1wkgd9k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cmlzyu1ws7xod1p1ev6k1wkgd9k|03|biz"; nocase; ) # 1unv6gnl1sbdf1dxtojikrdf0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1unv6gnl1sbdf1dxtojikrdf0|03|org"; nocase; ) # 15uuola1t65wyv1htkvro18szsgd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15uuola1t65wyv1htkvro18szsgd|03|org"; nocase; ) # 12qadg11glu8hpz4l7qvoyqt5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12qadg11glu8hpz4l7qvoyqt5r|03|com"; nocase; ) # qjyzqq1h7pbidumtwcj1mh738y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qjyzqq1h7pbidumtwcj1mh738y|03|org"; nocase; ) # a3jxbg1jrfmi51p11j11ho0ef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3jxbg1jrfmi51p11j11ho0ef|03|com"; nocase; ) # 16hs3wp8rmrnqna2u3df0xwyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16hs3wp8rmrnqna2u3df0xwyk|03|net"; nocase; ) # 1n551lx1psx3gow4uf3j18m5fn1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n551lx1psx3gow4uf3j18m5fn1|03|org"; nocase; ) # i7j8f2xnzj3z1dtqh1oqpwewj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i7j8f2xnzj3z1dtqh1oqpwewj|03|com"; nocase; ) # 1txcgqc1x5pfv41hsho8kbf7653.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1txcgqc1x5pfv41hsho8kbf7653|03|net"; nocase; ) # 1hlnspw1motri61glvpxw1uq3s1b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hlnspw1motri61glvpxw1uq3s1b|03|org"; nocase; ) # 1j2onfd1wk3imq1yhs9tc15arlew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j2onfd1wk3imq1yhs9tc15arlew|03|net"; nocase; ) # 1oxfpec1ib1s28uwwuef1jat5wa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oxfpec1ib1s28uwwuef1jat5wa|03|biz"; nocase; ) # 3onpdcc4codzver0fkthas89.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3onpdcc4codzver0fkthas89|03|biz"; nocase; ) # 1myvflb1c2ol4o146s8cyc48m4h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1myvflb1c2ol4o146s8cyc48m4h|03|org"; nocase; ) # j4auj4lovmgr1dkfvhxrrr83e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j4auj4lovmgr1dkfvhxrrr83e|03|com"; nocase; ) # 1nujday1ar99cr1r44moyv5p4of.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nujday1ar99cr1r44moyv5p4of|03|org"; nocase; ) # g97qtc1o7rmsymatq6q1b5ytz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g97qtc1o7rmsymatq6q1b5ytz6|03|net"; nocase; ) # 1vaarv38etbauomjhr4gefjt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vaarv38etbauomjhr4gefjt6|03|net"; nocase; ) # 1rummmh5mgvxqgmkwuo1u69ioz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rummmh5mgvxqgmkwuo1u69ioz|03|net"; nocase; ) # 11lifv13ot4rhalnbtu1m0fooj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11lifv13ot4rhalnbtu1m0fooj|03|net"; nocase; ) # o50wcoks8mei1h5qx9w1s2mmmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o50wcoks8mei1h5qx9w1s2mmmf|03|biz"; nocase; ) # 10siewo3sd51g16gn20d16nmnsy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10siewo3sd51g16gn20d16nmnsy|03|org"; nocase; ) # 190vcw35brgrj12xfiq31dc4s5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|190vcw35brgrj12xfiq31dc4s5w|03|com"; nocase; ) # 599zc3bnzs3kz9rd7o3nsq6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|599zc3bnzs3kz9rd7o3nsq6h|03|org"; nocase; ) # fqkjpv4u91y116ch5ln1juaz8s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fqkjpv4u91y116ch5ln1juaz8s|03|biz"; nocase; ) # 5js1rbosbo2m470nf6ado4rx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5js1rbosbo2m470nf6ado4rx|03|net"; nocase; ) # 143p2ww1od2rpw14yvgfu1ydde9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|143p2ww1od2rpw14yvgfu1ydde9x|03|net"; nocase; ) # 3hjj9ow9v4ajxciqy6qjpq5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3hjj9ow9v4ajxciqy6qjpq5p|03|net"; nocase; ) # 1o3zdnl1fne2mqph5ym3gsd7m1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o3zdnl1fne2mqph5ym3gsd7m1|03|org"; nocase; ) # cbyjh9abft3x1jas6a4pteac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cbyjh9abft3x1jas6a4pteac|03|net"; nocase; ) # jof6701qid0ib1gh8v4rwad2xj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jof6701qid0ib1gh8v4rwad2xj|03|com"; nocase; ) # cqn4eq1wybcw0z9kg79gop9yi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cqn4eq1wybcw0z9kg79gop9yi|03|biz"; nocase; ) # 1bdrauv111u792161wtj31dior8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bdrauv111u792161wtj31dior8c|03|com"; nocase; ) # 7h9kdx15eekfkurrc3k15yzejr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7h9kdx15eekfkurrc3k15yzejr|03|net"; nocase; ) # 1rpk37atalzsn1k3o9yvs0k2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rpk37atalzsn1k3o9yvs0k2m|03|net"; nocase; ) # aezfmw1ta3i8m1lc6hd91aqd867.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aezfmw1ta3i8m1lc6hd91aqd867|03|org"; nocase; ) # 1mmuy5912hav691c9fuzhm5mbc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mmuy5912hav691c9fuzhm5mbc3|03|net"; nocase; ) # jv2fkog940js8574di18irizr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jv2fkog940js8574di18irizr|03|com"; nocase; ) # 1ehqpcsb9obp1uja64t1be3f3k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ehqpcsb9obp1uja64t1be3f3k|03|biz"; nocase; ) # 65xdjr3fma8x15cqgr4ayr9rh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|65xdjr3fma8x15cqgr4ayr9rh|03|net"; nocase; ) # 66j9i8o7g8ayivg01umtfwe8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|66j9i8o7g8ayivg01umtfwe8|03|org"; nocase; ) # vqueduuoyhlhjjwi6dpvyj5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vqueduuoyhlhjjwi6dpvyj5h|03|net"; nocase; ) # 1pkacanpeak2uday0w4ijtff4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pkacanpeak2uday0w4ijtff4|03|org"; nocase; ) # 1voae7p1l231xkpzqd6qkctgv5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1voae7p1l231xkpzqd6qkctgv5|03|org"; nocase; ) # r9tfse6ah4egmf6p1p1s53elx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r9tfse6ah4egmf6p1p1s53elx|03|biz"; nocase; ) # 1yjcxx91ro2n30puvuiaiyypr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yjcxx91ro2n30puvuiaiyypr1|03|com"; nocase; ) # rdjymq8om0z17eq1jas98456.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdjymq8om0z17eq1jas98456|03|com"; nocase; ) # qdi2s957nyadg7gzixverc0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qdi2s957nyadg7gzixverc0b|03|net"; nocase; ) # 1efyvyj13m789s13c2gkvovqo8d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1efyvyj13m789s13c2gkvovqo8d|03|biz"; nocase; ) # 11d37cf745ste1izv3cttfc33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11d37cf745ste1izv3cttfc33|03|com"; nocase; ) # 74layr7u21g31yz6eankhivox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74layr7u21g31yz6eankhivox|03|biz"; nocase; ) # bnetf3cn8tpa1f53vrh1ds7xfh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bnetf3cn8tpa1f53vrh1ds7xfh|03|org"; nocase; ) # xiem7k1ezqkpi1jdx0v587i74x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xiem7k1ezqkpi1jdx0v587i74x|03|net"; nocase; ) # 1hxz1z6u0awep1wxh03f2o361l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hxz1z6u0awep1wxh03f2o361l|03|org"; nocase; ) # 1gd9ipd1rpx8jq15smohouxdmbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gd9ipd1rpx8jq15smohouxdmbu|03|net"; nocase; ) # 1x447i1134ie38y9wdpe1rqdd8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x447i1134ie38y9wdpe1rqdd8z|03|org"; nocase; ) # 1lb4mzd1hmvx6m1r2apz91fkejla.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lb4mzd1hmvx6m1r2apz91fkejla|03|biz"; nocase; ) # 1grt4q8u6pizx1u29e8n19jeo28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grt4q8u6pizx1u29e8n19jeo28|03|com"; nocase; ) # 3bs80jfltwmt18ygc711wfpx73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3bs80jfltwmt18ygc711wfpx73|03|org"; nocase; ) # niw2eo1pvbxc31v4cv7u1kdx0aw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|niw2eo1pvbxc31v4cv7u1kdx0aw|03|net"; nocase; ) # 1foya6615kim9w1dqphrp1t3aspc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1foya6615kim9w1dqphrp1t3aspc|03|net"; nocase; ) # 1b64qvzp5anb613ou8gy1j9ith9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b64qvzp5anb613ou8gy1j9ith9|03|com"; nocase; ) # 8axqr11jr637hal6gt1lynbee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8axqr11jr637hal6gt1lynbee|03|biz"; nocase; ) # bov6p5g182bhmbyiqdz3evzt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bov6p5g182bhmbyiqdz3evzt|03|com"; nocase; ) # x2euu51p5khinjuhm92160n90h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x2euu51p5khinjuhm92160n90h|03|biz"; nocase; ) # 1y09x6gesi27r8ps9a51k4gya7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y09x6gesi27r8ps9a51k4gya7|03|com"; nocase; ) # 13nh1ppaej81l1e7s3cv1v5xjjq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13nh1ppaej81l1e7s3cv1v5xjjq|03|org"; nocase; ) # cxqkc4yatkmbd6j08p9irp3d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cxqkc4yatkmbd6j08p9irp3d|03|org"; nocase; ) # z8m5sf1oglbn01yc256b1k30qni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z8m5sf1oglbn01yc256b1k30qni|03|net"; nocase; ) # vtabtgdcu3qsmq347ma1yoh6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vtabtgdcu3qsmq347ma1yoh6|03|com"; nocase; ) # hhsoxv6rmf60fkvq7lxmea8t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hhsoxv6rmf60fkvq7lxmea8t|03|net"; nocase; ) # haz5cw1nf9v7gu6050a4louk5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|haz5cw1nf9v7gu6050a4louk5|03|biz"; nocase; ) # 1mm2vk8j37n2xi9q6xx9p9nf7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mm2vk8j37n2xi9q6xx9p9nf7|03|biz"; nocase; ) # 1gflcj1yem0071f99x6x8h1p35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gflcj1yem0071f99x6x8h1p35|03|net"; nocase; ) # ruxyy51flrmfz157gbnvec71x9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ruxyy51flrmfz157gbnvec71x9|03|com"; nocase; ) # 8bydk31ald1in1yfcl74i1b9iv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8bydk31ald1in1yfcl74i1b9iv|03|org"; nocase; ) # 1td6xcz1tbn6q9se5x8057wd9o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1td6xcz1tbn6q9se5x8057wd9o|03|org"; nocase; ) # 2qhsk71unes9b5o15ut1q4l2u6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2qhsk71unes9b5o15ut1q4l2u6|03|biz"; nocase; ) # l8f4co1amf1tz163qnbd1uxnppj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l8f4co1amf1tz163qnbd1uxnppj|03|biz"; nocase; ) # 1i0idc916ay749uzget11mf5d5d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i0idc916ay749uzget11mf5d5d|03|org"; nocase; ) # 1x13akkb8qa8r1g5zu3615wo9eo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x13akkb8qa8r1g5zu3615wo9eo|03|net"; nocase; ) # 1r2iyb8se2wo11sbhoepue41rq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r2iyb8se2wo11sbhoepue41rq|03|net"; nocase; ) # 1v33iwk1dqi60rsfji5p1i2unh5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v33iwk1dqi60rsfji5p1i2unh5|03|net"; nocase; ) # 1mpzb4m4pse46b7uzif1ed6tdf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mpzb4m4pse46b7uzif1ed6tdf|03|org"; nocase; ) # w224a8ul4ata18xl013e0ss3k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w224a8ul4ata18xl013e0ss3k|03|biz"; nocase; ) # 1spzue21ni4see6b9t74hk78r6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1spzue21ni4see6b9t74hk78r6|03|com"; nocase; ) # 1fdn5mqkcljp1q5lkqm1t7aaob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fdn5mqkcljp1q5lkqm1t7aaob|03|biz"; nocase; ) # 2pk96598a79t14usc3q13ywcy5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2pk96598a79t14usc3q13ywcy5|03|net"; nocase; ) # 18l9kv76mpe981d6kmpuv6vant.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18l9kv76mpe981d6kmpuv6vant|03|org"; nocase; ) # n2u1az1xhv9mxiw2k54xovtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n2u1az1xhv9mxiw2k54xovtj|03|net"; nocase; ) # k2qoalca6uy51c6c81t1n49hrs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k2qoalca6uy51c6c81t1n49hrs|03|biz"; nocase; ) # 1nm30rh1fgmax31b2t3pfdo93pn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nm30rh1fgmax31b2t3pfdo93pn|03|com"; nocase; ) # zowro47ezo3x1q22rcz18safnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zowro47ezo3x1q22rcz18safnc|03|net"; nocase; ) # 1bxig73fa5ri15mz74dv10ez7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bxig73fa5ri15mz74dv10ez7|03|com"; nocase; ) # 10dq78bygllipg4gjfh1tw1n2r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10dq78bygllipg4gjfh1tw1n2r|03|net"; nocase; ) # 95wt4w5l9qq15j3b5016c7u8c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|95wt4w5l9qq15j3b5016c7u8c|03|biz"; nocase; ) # 1vq7i8s1rlafwbrmvw61mnm2r5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vq7i8s1rlafwbrmvw61mnm2r5|03|net"; nocase; ) # 1l5xl9b326t8bjxkk686gd5uo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l5xl9b326t8bjxkk686gd5uo|03|net"; nocase; ) # 1l86guktwfd8j179kvqai3sfv4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l86guktwfd8j179kvqai3sfv4|03|org"; nocase; ) # heugylq1su7t1fnwvkk3omnbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|heugylq1su7t1fnwvkk3omnbt|03|com"; nocase; ) # pi3gyga3yekdn7k1ca1jc01ku.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pi3gyga3yekdn7k1ca1jc01ku|03|net"; nocase; ) # qfhkjl15ohc328i446i1dtv3ei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qfhkjl15ohc328i446i1dtv3ei|03|net"; nocase; ) # 17m7lqq156yhy9ncc7mk1tylfde.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17m7lqq156yhy9ncc7mk1tylfde|03|net"; nocase; ) # 13xlhl1no2k90n5ym9w1bq4ziw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13xlhl1no2k90n5ym9w1bq4ziw|03|org"; nocase; ) # z55yhrsocptxmiek3dgwh0hx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z55yhrsocptxmiek3dgwh0hx|03|net"; nocase; ) # 12umgzy1sqkxss1hwiz2pmfdi0c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12umgzy1sqkxss1hwiz2pmfdi0c|03|net"; nocase; ) # 8lg8zpm0obl19nw3no18ws67l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8lg8zpm0obl19nw3no18ws67l|03|org"; nocase; ) # 1xfrito2xslz4cp687h67yxwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xfrito2xslz4cp687h67yxwl|03|net"; nocase; ) # 11i826z2kp38qqhby7t72j0oo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11i826z2kp38qqhby7t72j0oo|03|net"; nocase; ) # 18tkguewp20ktud0c5pp5r148.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18tkguewp20ktud0c5pp5r148|03|org"; nocase; ) # 1tka561awr4g311x0a9g1mm5t5h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tka561awr4g311x0a9g1mm5t5h|03|org"; nocase; ) # ztwux1nf15knk2peo51bvkln2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ztwux1nf15knk2peo51bvkln2|03|com"; nocase; ) # zn2xg9w2sd011a6ve5a1mhphit.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zn2xg9w2sd011a6ve5a1mhphit|03|biz"; nocase; ) # n4j603myir3jrjlj7112u8clv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n4j603myir3jrjlj7112u8clv|03|org"; nocase; ) # 70lkri1fl99lh60hrc37wv95g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|70lkri1fl99lh60hrc37wv95g|03|biz"; nocase; ) # yx156n1x672vdzpa6lj1t0pste.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yx156n1x672vdzpa6lj1t0pste|03|biz"; nocase; ) # 1nhc2uqp4d0ptv4ftb3drwhm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nhc2uqp4d0ptv4ftb3drwhm5|03|net"; nocase; ) # ltibos1nq17lm8izh0v130m1hv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ltibos1nq17lm8izh0v130m1hv|03|net"; nocase; ) # kip8cqz5uigjl5cxc81p9zegz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kip8cqz5uigjl5cxc81p9zegz|03|org"; nocase; ) # 1fsli1j1ucuw4j9ouh2f57uggs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fsli1j1ucuw4j9ouh2f57uggs|03|com"; nocase; ) # 1npkuwi2bvdq25qmhcq1xwl2rb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1npkuwi2bvdq25qmhcq1xwl2rb|03|org"; nocase; ) # 90zun9jtvfpm1ttekob1gddfq2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|90zun9jtvfpm1ttekob1gddfq2|03|com"; nocase; ) # 1tdocau1ctvolww6qi4okrd1ir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tdocau1ctvolww6qi4okrd1ir|03|com"; nocase; ) # me9wvf75aavp1wbbk311nqsvap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|me9wvf75aavp1wbbk311nqsvap|03|com"; nocase; ) # txq10i17kunb9z2qhtm1y56pn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|txq10i17kunb9z2qhtm1y56pn|03|com"; nocase; ) # 1xpkoyz107fjej1hq507m6k2dvj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xpkoyz107fjej1hq507m6k2dvj|03|com"; nocase; ) # ktis8r1jm9nwl73u8qoo1jx9b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ktis8r1jm9nwl73u8qoo1jx9b|03|com"; nocase; ) # 1qo9boytdevx211abku5qenxv1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qo9boytdevx211abku5qenxv1|03|biz"; nocase; ) # 17xfrgj3xrrbc1bac8ow5sqq70.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17xfrgj3xrrbc1bac8ow5sqq70|03|net"; nocase; ) # 8id3bevzw9zm5ngtjx4rwry.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|8id3bevzw9zm5ngtjx4rwry|03|biz"; nocase; ) # ojx6ppeiomz8xxzs67wvnxwm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ojx6ppeiomz8xxzs67wvnxwm|03|org"; nocase; ) # 69eo2qemccxj1xxqdrk1bimbve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|69eo2qemccxj1xxqdrk1bimbve|03|com"; nocase; ) # niwp25jcd8h218l530e1mcwv4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|niwp25jcd8h218l530e1mcwv4j|03|org"; nocase; ) # 1fbpnai5ilw7e1rtnhiarv5km.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fbpnai5ilw7e1rtnhiarv5km|03|biz"; nocase; ) # pvcta4cufhkm1lqhdaa1iva3c0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pvcta4cufhkm1lqhdaa1iva3c0|03|net"; nocase; ) # q48nu4jjkzpj1cgukr51uzkedw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q48nu4jjkzpj1cgukr51uzkedw|03|net"; nocase; ) # tcsdyw1g5ge7eeojus7ltpxdr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tcsdyw1g5ge7eeojus7ltpxdr|03|net"; nocase; ) # 1qteyl2wczuzvt9tg9y1epw8tp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qteyl2wczuzvt9tg9y1epw8tp|03|org"; nocase; ) # 1bpjsirvvje69tahzi61yi9gr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpjsirvvje69tahzi61yi9gr0|03|net"; nocase; ) # gpzjxu1t9p76n1otu4oq1loyazv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gpzjxu1t9p76n1otu4oq1loyazv|03|com"; nocase; ) # 1slv8gh1uaz07kuirfqq1b2nkb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1slv8gh1uaz07kuirfqq1b2nkb|03|com"; nocase; ) # jhelof126m2yl1fbr4gtv0vigl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhelof126m2yl1fbr4gtv0vigl|03|org"; nocase; ) # 1w6g0mvxcse4a1kxpish1ha4njv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6g0mvxcse4a1kxpish1ha4njv|03|net"; nocase; ) # 1hs61zmjsdmklwvw09h64qt7n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hs61zmjsdmklwvw09h64qt7n|03|biz"; nocase; ) # 1m1o0yzwrfxn7tvbj28xjnf74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1m1o0yzwrfxn7tvbj28xjnf74|03|net"; nocase; ) # 1v12m4e13y2f628k8y6i1asgt62.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v12m4e13y2f628k8y6i1asgt62|03|org"; nocase; ) # c7zbc6eqcqmpy1loya1hzopq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c7zbc6eqcqmpy1loya1hzopq|03|biz"; nocase; ) # 1mg8j3cpgyjwh47j9uogbcmfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mg8j3cpgyjwh47j9uogbcmfn|03|net"; nocase; ) # p4xf37ksgbmx7whc7g1sfpymp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p4xf37ksgbmx7whc7g1sfpymp|03|org"; nocase; ) # 1vj8cpabs42rrhg0tib1wrx840.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vj8cpabs42rrhg0tib1wrx840|03|net"; nocase; ) # 1kz0gqt6xd0rcerw95lb8qy6p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kz0gqt6xd0rcerw95lb8qy6p|03|com"; nocase; ) # s8u4eb1mq3dfl1v0l6qwfc6co8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s8u4eb1mq3dfl1v0l6qwfc6co8|03|com"; nocase; ) # b18s2c1emyuvg1iq3vomb7pzed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b18s2c1emyuvg1iq3vomb7pzed|03|com"; nocase; ) # f6wk9d1gxiyoow7ry4d8y85k3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6wk9d1gxiyoow7ry4d8y85k3|03|biz"; nocase; ) # uzc73wutjdwk36kavr1wt925m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uzc73wutjdwk36kavr1wt925m|03|com"; nocase; ) # 1sqbx561q11ozr1p4mb4y1v3ri3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sqbx561q11ozr1p4mb4y1v3ri3w|03|net"; nocase; ) # 10f26f1bn3mi8c3c48penirqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10f26f1bn3mi8c3c48penirqj|03|com"; nocase; ) # 1f3e56m1n0w09p12a5gm0posfza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3e56m1n0w09p12a5gm0posfza|03|net"; nocase; ) # viwjf21traevxynqfm91h4duqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|viwjf21traevxynqfm91h4duqw|03|org"; nocase; ) # 1enxil7zbnq6xcm1vd1i57fdc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1enxil7zbnq6xcm1vd1i57fdc|03|net"; nocase; ) # 19x8ehn1je06lp1xxr85426k5y8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19x8ehn1je06lp1xxr85426k5y8|03|net"; nocase; ) # yto8pvwjhvmz4s0mr513phazt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yto8pvwjhvmz4s0mr513phazt|03|com"; nocase; ) # ycvvetdefvw3ofd5b11bya4r1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ycvvetdefvw3ofd5b11bya4r1|03|net"; nocase; ) # 1n4cf6a16wjkq9xkpebl1x65ryp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n4cf6a16wjkq9xkpebl1x65ryp|03|biz"; nocase; ) # cag0y21z0e2qm11tal7fhj9p56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cag0y21z0e2qm11tal7fhj9p56|03|net"; nocase; ) # jt6ixz12wzvi81374kebxktzvj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jt6ixz12wzvi81374kebxktzvj|03|com"; nocase; ) # 1l508j79uiwbgdk6gx81bqo75g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l508j79uiwbgdk6gx81bqo75g|03|com"; nocase; ) # 1ygsfb6ha0ic71u565saw76xj0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ygsfb6ha0ic71u565saw76xj0|03|biz"; nocase; ) # 13rgjx949wwsyt2km6o91n41z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13rgjx949wwsyt2km6o91n41z|03|com"; nocase; ) # w61llrkee1ap1rcf60moz2pvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w61llrkee1ap1rcf60moz2pvq|03|net"; nocase; ) # 96mmmd1w6h87q1qg55jc1kr90u0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|96mmmd1w6h87q1qg55jc1kr90u0|03|com"; nocase; ) # 1koe9ym1u4qiaivs3heftt09ue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1koe9ym1u4qiaivs3heftt09ue|03|com"; nocase; ) # j6dj0s10ulvsj1d2fu28hsk8t8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j6dj0s10ulvsj1d2fu28hsk8t8|03|org"; nocase; ) # 1q1bramkdrwv1dyc6ty1q24g1u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q1bramkdrwv1dyc6ty1q24g1u|03|biz"; nocase; ) # 1y0rfc3fr9utln3k4oivaf5xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y0rfc3fr9utln3k4oivaf5xh|03|net"; nocase; ) # up1zpd1ya3e1oovriwdn4g7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|up1zpd1ya3e1oovriwdn4g7l|03|org"; nocase; ) # 1nd139h13k40aj1d1dx6uzl904b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nd139h13k40aj1d1dx6uzl904b|03|net"; nocase; ) # 1ngetmo1dulh9g1ijrs2a1veweyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ngetmo1dulh9g1ijrs2a1veweyi|03|net"; nocase; ) # 1n5yvws1lgzihyptvkum1d9xnn8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n5yvws1lgzihyptvkum1d9xnn8|03|net"; nocase; ) # 11nc711cnrjna12jh4pv17xwpbv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11nc711cnrjna12jh4pv17xwpbv|03|com"; nocase; ) # 16qfihg1ajaewg15gb0l610u7cwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16qfihg1ajaewg15gb0l610u7cwo|03|org"; nocase; ) # ig3cm7dze7e71im8fs0qpilup.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ig3cm7dze7e71im8fs0qpilup|03|biz"; nocase; ) # j6kmiupoxx861e8lt4e8lr2nc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j6kmiupoxx861e8lt4e8lr2nc|03|biz"; nocase; ) # 1crjkov1o8726nsidn0atxfmzh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1crjkov1o8726nsidn0atxfmzh|03|org"; nocase; ) # nlkshh1fcwzffbgtauc5fc2xp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nlkshh1fcwzffbgtauc5fc2xp|03|com"; nocase; ) # 4segr8kgyhhhy9uzu11v6yib.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4segr8kgyhhhy9uzu11v6yib|03|net"; nocase; ) # h3c6pb1k23asyyzuwyy3v6q4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3c6pb1k23asyyzuwyy3v6q4w|03|net"; nocase; ) # trdpbj152hy3v1j7ug3v1w0sv2o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|trdpbj152hy3v1j7ug3v1w0sv2o|03|biz"; nocase; ) # 19kjzjc2w5p431n1fr7hg20xf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19kjzjc2w5p431n1fr7hg20xf8|03|net"; nocase; ) # i0kcwaerdblf1eeqnp51qwjw5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i0kcwaerdblf1eeqnp51qwjw5|03|biz"; nocase; ) # 1iy11vk1f1e4qsvcn2aq4q881v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iy11vk1f1e4qsvcn2aq4q881v|03|net"; nocase; ) # z7ztkf2g2p8717qla2pmjggei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z7ztkf2g2p8717qla2pmjggei|03|org"; nocase; ) # 1jt0phb54mp7h19qa1v21hf9aav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jt0phb54mp7h19qa1v21hf9aav|03|org"; nocase; ) # 1bpuvkaeotyo8ivtsav1v0itvh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpuvkaeotyo8ivtsav1v0itvh|03|com"; nocase; ) # 19izeg9qkwa7v2mpnr41rfthmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19izeg9qkwa7v2mpnr41rfthmr|03|com"; nocase; ) # 1urqthw1owygen1fys8s086hwl5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1urqthw1owygen1fys8s086hwl5|03|net"; nocase; ) # 13ew9sy1pl9ehjm858c6xp49lp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ew9sy1pl9ehjm858c6xp49lp|03|org"; nocase; ) # 1m533xov4rikwhcdb261g9t5gr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m533xov4rikwhcdb261g9t5gr|03|org"; nocase; ) # 1tggw7f1ppufut13euuahv7rbru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tggw7f1ppufut13euuahv7rbru|03|biz"; nocase; ) # 16vxx6y3ual8u1ialpc467vlxy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16vxx6y3ual8u1ialpc467vlxy|03|biz"; nocase; ) # 1aj2wty7u6t2t1fkut6l1qbh5mh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aj2wty7u6t2t1fkut6l1qbh5mh|03|org"; nocase; ) # 1r27zlg69r59c1my7f5h1sa58df.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r27zlg69r59c1my7f5h1sa58df|03|com"; nocase; ) # 10le9cuj31ve3okvnvkhtzyui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10le9cuj31ve3okvnvkhtzyui|03|net"; nocase; ) # 1lb559f1glf1ty1ln85qpaq97dl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lb559f1glf1ty1ln85qpaq97dl|03|net"; nocase; ) # 16t4ot7jwo1d4o9ddhx1adt6wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16t4ot7jwo1d4o9ddhx1adt6wk|03|net"; nocase; ) # 1502cq11pzj76q11heny3lqrpji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1502cq11pzj76q11heny3lqrpji|03|biz"; nocase; ) # 176r9b5xd9yd0yn082d1toukj3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|176r9b5xd9yd0yn082d1toukj3|03|org"; nocase; ) # ycocqh140kwbi7osv328b2ayy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ycocqh140kwbi7osv328b2ayy|03|net"; nocase; ) # zs22911ix9szq1rdj5b71ulvo8f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zs22911ix9szq1rdj5b71ulvo8f|03|com"; nocase; ) # bqqrf41wzkwftv7945c1tqvrtj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bqqrf41wzkwftv7945c1tqvrtj|03|biz"; nocase; ) # 15o1bpo12dkoe514c30fm1eti11h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15o1bpo12dkoe514c30fm1eti11h|03|org"; nocase; ) # 1c0ko2j1p9h5ut19ldratxoezhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c0ko2j1p9h5ut19ldratxoezhn|03|net"; nocase; ) # dejngm1go1889xo8xe3woou4x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dejngm1go1889xo8xe3woou4x|03|net"; nocase; ) # zc7z701l5lgh8oiwhx91f0c0kw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zc7z701l5lgh8oiwhx91f0c0kw|03|org"; nocase; ) # u7k8rxcnhveu1p36z26vr9hkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u7k8rxcnhveu1p36z26vr9hkr|03|com"; nocase; ) # 1lepm2z1oe3uk4gq8g3whbm1ec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lepm2z1oe3uk4gq8g3whbm1ec|03|org"; nocase; ) # wjuymp12emzv8vn63z1gho4r9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wjuymp12emzv8vn63z1gho4r9|03|com"; nocase; ) # pdtjig1m8z8bx19e18ow1pf7kaz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pdtjig1m8z8bx19e18ow1pf7kaz|03|org"; nocase; ) # 17hmc8c1f3vibi17cptk1jq09pe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17hmc8c1f3vibi17cptk1jq09pe|03|biz"; nocase; ) # 1d8342pohhkcm1u173esktvwdm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d8342pohhkcm1u173esktvwdm|03|net"; nocase; ) # 1eneas61528abh1n8siur1q2zokk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eneas61528abh1n8siur1q2zokk|03|net"; nocase; ) # 17nqamm1vc42cs1cmb0jn1lelybh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17nqamm1vc42cs1cmb0jn1lelybh|03|org"; nocase; ) # 1uhm94djd3qqjnn7algvu23l3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uhm94djd3qqjnn7algvu23l3|03|net"; nocase; ) # 1xy0hy46pmo471smhmmmm0if4o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xy0hy46pmo471smhmmmm0if4o|03|com"; nocase; ) # umkbcm1n7b4uov01c0cicpajx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|umkbcm1n7b4uov01c0cicpajx|03|org"; nocase; ) # cktgin14yprr7154rl0zmi114q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cktgin14yprr7154rl0zmi114q|03|net"; nocase; ) # y27qe21i52cqg1qy0u8adi51f7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y27qe21i52cqg1qy0u8adi51f7|03|org"; nocase; ) # 1tllrax1ya51o0glv7gyguafuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tllrax1ya51o0glv7gyguafuu|03|net"; nocase; ) # vdjxut1tswmhl1uwf0ws8podyt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vdjxut1tswmhl1uwf0ws8podyt|03|net"; nocase; ) # k9j9sjjiy3ugqnmui31np1i7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k9j9sjjiy3ugqnmui31np1i7i|03|net"; nocase; ) # 6i7mkcr7mnga17i8vec24wfae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6i7mkcr7mnga17i8vec24wfae|03|com"; nocase; ) # 1d0wktw1uk5bvq1wc9qua1fvp3gv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1d0wktw1uk5bvq1wc9qua1fvp3gv|03|biz"; nocase; ) # rgw8is15bn2eym7a8ha1p73i1k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rgw8is15bn2eym7a8ha1p73i1k|03|org"; nocase; ) # 1afr2kak7nz7jklfz9d19ncgwm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1afr2kak7nz7jklfz9d19ncgwm|03|org"; nocase; ) # 1qyywvxnle1u754sqnvgpq2d8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qyywvxnle1u754sqnvgpq2d8|03|com"; nocase; ) # zb12dmka48hu7nkp411g4x9zn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zb12dmka48hu7nkp411g4x9zn|03|org"; nocase; ) # u12j844znmmn1hmqvc3uye14y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u12j844znmmn1hmqvc3uye14y|03|net"; nocase; ) # 1gezu2erbv99s1uuikca19qay6i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gezu2erbv99s1uuikca19qay6i|03|net"; nocase; ) # 11qbrec18fy0be18zaakjbu0unv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qbrec18fy0be18zaakjbu0unv|03|com"; nocase; ) # 1n0fq4415zm4gkeigjjm11b8e7e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n0fq4415zm4gkeigjjm11b8e7e|03|com"; nocase; ) # wviw6m9m158zc8ievwfkx71b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wviw6m9m158zc8ievwfkx71b|03|biz"; nocase; ) # 1y2oavy1bkkl2m2xep0nkfktha.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2oavy1bkkl2m2xep0nkfktha|03|biz"; nocase; ) # 99hko2wwxlww1prr19a1z0ifnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|99hko2wwxlww1prr19a1z0ifnj|03|org"; nocase; ) # a0nmsl1izltaq16dv4h612cy7z2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a0nmsl1izltaq16dv4h612cy7z2|03|org"; nocase; ) # hu7gbaz1ngfw4swp8r7780s0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hu7gbaz1ngfw4swp8r7780s0|03|net"; nocase; ) # j1m67mqtsrop1r5jkvu455njj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j1m67mqtsrop1r5jkvu455njj|03|org"; nocase; ) # ygbtcu5djij11toyfdgjp305.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ygbtcu5djij11toyfdgjp305|03|net"; nocase; ) # quxtadq8r7m51qfqcuiugo15t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|quxtadq8r7m51qfqcuiugo15t|03|com"; nocase; ) # pvsh3of4qy23djdm4fha0bb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|pvsh3of4qy23djdm4fha0bb|03|net"; nocase; ) # 10p6xi91df41s71ivi8fyeefbmb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10p6xi91df41s71ivi8fyeefbmb|03|com"; nocase; ) # 1jd7nh81mlf1r51pt5wnbkvjy45.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jd7nh81mlf1r51pt5wnbkvjy45|03|com"; nocase; ) # 7gyqep126tqbblt4y8ib4g3ex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7gyqep126tqbblt4y8ib4g3ex|03|net"; nocase; ) # 1q5qir8col7ct1xa1gf4ja6pya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q5qir8col7ct1xa1gf4ja6pya|03|net"; nocase; ) # y0djl01pj21376vb5f710gszfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y0djl01pj21376vb5f710gszfp|03|com"; nocase; ) # u9y3031ewy4obdjtkhr85x1uo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u9y3031ewy4obdjtkhr85x1uo|03|org"; nocase; ) # i6vi0un6vzm21k8q4xn5pakgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i6vi0un6vzm21k8q4xn5pakgt|03|org"; nocase; ) # 1byvevk1qe9y4pk2xc4zvpxgkk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1byvevk1qe9y4pk2xc4zvpxgkk|03|net"; nocase; ) # 1haq0t2118nkq31s7ptg81lmdthn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1haq0t2118nkq31s7ptg81lmdthn|03|net"; nocase; ) # 1q5e0eilxzx9x2nrlhc1uptqbn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q5e0eilxzx9x2nrlhc1uptqbn|03|org"; nocase; ) # eypz0012aiarcrk2wv5ug2g3f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eypz0012aiarcrk2wv5ug2g3f|03|com"; nocase; ) # 10ycy4h1q0wg3gfpcvlb1se9o2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ycy4h1q0wg3gfpcvlb1se9o2v|03|biz"; nocase; ) # y4o7t2xapfp11ov5hno1nbncao.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y4o7t2xapfp11ov5hno1nbncao|03|biz"; nocase; ) # jtmsv0waolrdrltb1b14130wr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtmsv0waolrdrltb1b14130wr|03|net"; nocase; ) # xomiue1h5hqtr18l8gcqvcokfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xomiue1h5hqtr18l8gcqvcokfy|03|net"; nocase; ) # s5utcrh69uszdul0xo1hz9ggm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s5utcrh69uszdul0xo1hz9ggm|03|com"; nocase; ) # 16yf2yzk6l8cw33sh5p2wb78w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16yf2yzk6l8cw33sh5p2wb78w|03|com"; nocase; ) # dj421b1rpsscdlwvwg7rt0nx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dj421b1rpsscdlwvwg7rt0nx|03|com"; nocase; ) # 9as5vg9l1lh8zoe8xk1xaqm29.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9as5vg9l1lh8zoe8xk1xaqm29|03|org"; nocase; ) # 1c2ch5u17ukbyx11opcuc1qm98ru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c2ch5u17ukbyx11opcuc1qm98ru|03|com"; nocase; ) # x7n8ri15gpmpf217c2mkft01g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7n8ri15gpmpf217c2mkft01g|03|com"; nocase; ) # rtrbzgidjra1pnd5in1rlh12v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rtrbzgidjra1pnd5in1rlh12v|03|org"; nocase; ) # 8khxz71xisx631blmnv1aoa764.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8khxz71xisx631blmnv1aoa764|03|net"; nocase; ) # zw4v5016sehiq8s98udps5gzg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zw4v5016sehiq8s98udps5gzg|03|com"; nocase; ) # 1q9s3yo1f6y2giqiy1yl15ke52h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q9s3yo1f6y2giqiy1yl15ke52h|03|org"; nocase; ) # 1mzkgy4tkjj6i18tlxy1ehwrv6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mzkgy4tkjj6i18tlxy1ehwrv6|03|org"; nocase; ) # 182cyg31v4mupd1sdbioh19e0f8y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|182cyg31v4mupd1sdbioh19e0f8y|03|com"; nocase; ) # m6ltd3136ncf9qj66af1959x5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m6ltd3136ncf9qj66af1959x5d|03|net"; nocase; ) # 1ms8tek14ek4fd1hojz701v3j4v7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ms8tek14ek4fd1hojz701v3j4v7|03|org"; nocase; ) # kkdyqi16ys1sf4kk2t9ku27t1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkdyqi16ys1sf4kk2t9ku27t1|03|biz"; nocase; ) # jntubv12lfe3py3jpu91fzovbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jntubv12lfe3py3jpu91fzovbk|03|com"; nocase; ) # ovzhf510r0ik51ys9zm919ub4zp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ovzhf510r0ik51ys9zm919ub4zp|03|net"; nocase; ) # 17bn574vg4anw87za1mwxrf8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17bn574vg4anw87za1mwxrf8o|03|com"; nocase; ) # 1gnfolr52pk53rbl5afsdy5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1gnfolr52pk53rbl5afsdy5p|03|net"; nocase; ) # 1pt6q8t1vbhe0g8skmqfxvukg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pt6q8t1vbhe0g8skmqfxvukg9|03|net"; nocase; ) # 4v022f3hxokt197skln26ly8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4v022f3hxokt197skln26ly8r|03|net"; nocase; ) # 9yuwi54mx0td1xr472y1vyvqxl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9yuwi54mx0td1xr472y1vyvqxl|03|com"; nocase; ) # p95alk1yhrofz1ywgheg1uj0put.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p95alk1yhrofz1ywgheg1uj0put|03|org"; nocase; ) # 10x9gbm1jqdd6hrmcogcwhasdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10x9gbm1jqdd6hrmcogcwhasdm|03|com"; nocase; ) # 1nquqnu1ge1qwh1libpk316m2rdd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nquqnu1ge1qwh1libpk316m2rdd|03|net"; nocase; ) # 129oio9w9za601cd7dvm1y2ym4j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129oio9w9za601cd7dvm1y2ym4j|03|org"; nocase; ) # 1xg80gwr196z54v0vzl10i69th.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xg80gwr196z54v0vzl10i69th|03|biz"; nocase; ) # 1flpatr1hmbc7e1sgy88qq7kse5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1flpatr1hmbc7e1sgy88qq7kse5|03|com"; nocase; ) # lcm2wc1cj1civ1c500021l0p8lo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lcm2wc1cj1civ1c500021l0p8lo|03|net"; nocase; ) # 1xjatxj8ata6yek3cual2e9de.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xjatxj8ata6yek3cual2e9de|03|net"; nocase; ) # 14lmpwg10zwvsc1x4hyxh13zhr0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14lmpwg10zwvsc1x4hyxh13zhr0k|03|org"; nocase; ) # 152041h1r1yo3hdczzo41c0z4k0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|152041h1r1yo3hdczzo41c0z4k0|03|net"; nocase; ) # 1xwwfpy1eoxc43c1c5qa1kdvrvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xwwfpy1eoxc43c1c5qa1kdvrvh|03|org"; nocase; ) # 6io1ju1d4zx5ty1ncf3vhe7hq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6io1ju1d4zx5ty1ncf3vhe7hq|03|net"; nocase; ) # f1x8ev1pru6j1eqfguy1lgpwon.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f1x8ev1pru6j1eqfguy1lgpwon|03|org"; nocase; ) # 132m0wquw5ksc1sa8zuny6tx8b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|132m0wquw5ksc1sa8zuny6tx8b|03|net"; nocase; ) # 10yvfso1n4wpj3bwrs2510753yt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10yvfso1n4wpj3bwrs2510753yt|03|net"; nocase; ) # 14x93qx1ise9yr1fsss6okq0yop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14x93qx1ise9yr1fsss6okq0yop|03|biz"; nocase; ) # 5qscjc1ee7d2mn6ms9814smcll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5qscjc1ee7d2mn6ms9814smcll|03|com"; nocase; ) # 1lv6uunmm5z9i1gbd6vk1jtrhm2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv6uunmm5z9i1gbd6vk1jtrhm2|03|org"; nocase; ) # ikph151tf1w091buc8x357dura.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikph151tf1w091buc8x357dura|03|com"; nocase; ) # zqcbsm1ljrzq81hgf5rmefgme7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zqcbsm1ljrzq81hgf5rmefgme7|03|org"; nocase; ) # vempdvw9i99qw52d5q1cdy9m7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vempdvw9i99qw52d5q1cdy9m7|03|com"; nocase; ) # ool9xjnnh3jm1es1o93vrpl69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ool9xjnnh3jm1es1o93vrpl69|03|net"; nocase; ) # 1l0qc2215gkmol1rq3wn91dy3nin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l0qc2215gkmol1rq3wn91dy3nin|03|net"; nocase; ) # rrpvyp293bagttke8vqesvza.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rrpvyp293bagttke8vqesvza|03|org"; nocase; ) # 1jzkg2q1r9kfqppsoaqivy597m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jzkg2q1r9kfqppsoaqivy597m|03|net"; nocase; ) # 1necqqk17xorab1lkbw1x19vvsba.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1necqqk17xorab1lkbw1x19vvsba|03|biz"; nocase; ) # td3jldiehphzq6gne1ozc9bl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|td3jldiehphzq6gne1ozc9bl|03|biz"; nocase; ) # 1mx2c744exr8ymsqe21q2vk6b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mx2c744exr8ymsqe21q2vk6b|03|net"; nocase; ) # 130jix4ki3ua12bnm5c1m72g89.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|130jix4ki3ua12bnm5c1m72g89|03|com"; nocase; ) # 1atrb5y1d1zhk1wbv6y9ln8f06.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1atrb5y1d1zhk1wbv6y9ln8f06|03|net"; nocase; ) # 13vpwkv1p6pmf7vxwtxdrvetkh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13vpwkv1p6pmf7vxwtxdrvetkh|03|biz"; nocase; ) # yht8o31w4iiut18loivx17xf1fw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yht8o31w4iiut18loivx17xf1fw|03|net"; nocase; ) # 15dnim7khu0hj1dyh6tr1o7hh9k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15dnim7khu0hj1dyh6tr1o7hh9k|03|biz"; nocase; ) # 14d4wqj1iexs6lt2p8ci13qq07l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14d4wqj1iexs6lt2p8ci13qq07l|03|com"; nocase; ) # 1b7fwdn1bekrhneqt722etxw9h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b7fwdn1bekrhneqt722etxw9h|03|net"; nocase; ) # 1m1kyxh1e69mjhj138fove4lan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m1kyxh1e69mjhj138fove4lan|03|net"; nocase; ) # 1m39um783dfh18a2jbu1nr1d5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m39um783dfh18a2jbu1nr1d5c|03|net"; nocase; ) # 1vcv94btjp4kf1ungllw4jvz37.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vcv94btjp4kf1ungllw4jvz37|03|org"; nocase; ) # 17oj3tmax39ko1vzf0he6fpd41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17oj3tmax39ko1vzf0he6fpd41|03|com"; nocase; ) # 1pl11tbaniifgvw9kbm52nibt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pl11tbaniifgvw9kbm52nibt|03|biz"; nocase; ) # 7z0g1phkhid0ubys4ncn6636.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7z0g1phkhid0ubys4ncn6636|03|net"; nocase; ) # ayg3cb1m4s2r1pg5u0b17cpzmc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ayg3cb1m4s2r1pg5u0b17cpzmc|03|net"; nocase; ) # 1j570crs9j4xn155x8jfpipw4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j570crs9j4xn155x8jfpipw4n|03|org"; nocase; ) # zwxym54td0n5u1umzw1lsyikw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwxym54td0n5u1umzw1lsyikw|03|net"; nocase; ) # 11c69td9xmmq714jgjos1pwg79a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11c69td9xmmq714jgjos1pwg79a|03|com"; nocase; ) # jbxbm9u5vyih1p1td8bdfowb4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jbxbm9u5vyih1p1td8bdfowb4|03|org"; nocase; ) # pzsr6mpwiyirlssio4usetz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|pzsr6mpwiyirlssio4usetz|03|org"; nocase; ) # 3wyuz091sizc1ixk3mj7isa2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3wyuz091sizc1ixk3mj7isa2a|03|com"; nocase; ) # 1gznnvcu9wumnuonti2idzpv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gznnvcu9wumnuonti2idzpv4|03|net"; nocase; ) # 1v1zt2xx87fh91335yb21af5mfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v1zt2xx87fh91335yb21af5mfw|03|net"; nocase; ) # 11ezzbcclcxkn1pepp4x15vbifx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ezzbcclcxkn1pepp4x15vbifx|03|org"; nocase; ) # 1jbk82115uyuw8u68mwg1jmdu46.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jbk82115uyuw8u68mwg1jmdu46|03|net"; nocase; ) # gjp8iq1aaggei1gdkniw1x7u0oe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gjp8iq1aaggei1gdkniw1x7u0oe|03|com"; nocase; ) # 1arwm5712v961r1ao5pvr1xo2lr9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1arwm5712v961r1ao5pvr1xo2lr9|03|org"; nocase; ) # 1n703llxgu6o1wbo9rb1igmim1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n703llxgu6o1wbo9rb1igmim1|03|biz"; nocase; ) # 10tdiptzy17jxjh0sgd18hseq6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10tdiptzy17jxjh0sgd18hseq6|03|net"; nocase; ) # ebvjvr1fxhvw211yxe2y1sfuqp2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ebvjvr1fxhvw211yxe2y1sfuqp2|03|com"; nocase; ) # 1qq4l8s12oaauf1bsn48x14eg78z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qq4l8s12oaauf1bsn48x14eg78z|03|com"; nocase; ) # 1d3hsyz1do1ctjpsfau01ctv2w6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000039999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d3hsyz1do1ctjpsfau01ctv2w6|03|org"; nocase; ) # 1uawr0wib6n1hrt1n001k4nwca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uawr0wib6n1hrt1n001k4nwca|03|com"; nocase; ) # dqk6oesaonfb1qqx3fxov8slv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dqk6oesaonfb1qqx3fxov8slv|03|com"; nocase; ) # ynkbrvpep92n1usiqcb1j2hyc2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ynkbrvpep92n1usiqcb1j2hyc2|03|com"; nocase; ) # 1yywft5aem2t2wvmlvd13xefkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yywft5aem2t2wvmlvd13xefkm|03|org"; nocase; ) # 1cy4v741xqs31r18p7ox40rgtn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cy4v741xqs31r18p7ox40rgtn|03|com"; nocase; ) # zfj57p1dx04gb15uarhi13ojpei.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zfj57p1dx04gb15uarhi13ojpei|03|org"; nocase; ) # 17cbs21fah0pg1bhu8tc1xmd8o8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17cbs21fah0pg1bhu8tc1xmd8o8|03|biz"; nocase; ) # 193c3p31foj2nf1lc7w691krsodi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|193c3p31foj2nf1lc7w691krsodi|03|com"; nocase; ) # om2zfb191b7hh157g4hjblnr4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|om2zfb191b7hh157g4hjblnr4t|03|org"; nocase; ) # q0gflo1yy5mcg1rbo49bhohqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q0gflo1yy5mcg1rbo49bhohqa|03|net"; nocase; ) # e1mmq01sjjb6yczcomuru2ovq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e1mmq01sjjb6yczcomuru2ovq|03|org"; nocase; ) # oq0z1f1eemrkm1xs42s1160t7oq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oq0z1f1eemrkm1xs42s1160t7oq|03|net"; nocase; ) # 1dmi671sil7ca1w8w6pjkx9bk1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dmi671sil7ca1w8w6pjkx9bk1|03|com"; nocase; ) # ip1ahew0gd5zxk9mzypclozc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ip1ahew0gd5zxk9mzypclozc|03|com"; nocase; ) # 1bilziygehv35136tv0o1x3kils.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bilziygehv35136tv0o1x3kils|03|org"; nocase; ) # a1tsbs1d8i65q11pzxpk126xie9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a1tsbs1d8i65q11pzxpk126xie9|03|net"; nocase; ) # 1zizeefinw0bu1dtm91kt51ae.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1zizeefinw0bu1dtm91kt51ae|03|org"; nocase; ) # ufj3016xoz7tl9zmpn1ud65d9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ufj3016xoz7tl9zmpn1ud65d9|03|org"; nocase; ) # 150rg2mcgk3oi1ftm5v2othrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|150rg2mcgk3oi1ftm5v2othrv|03|net"; nocase; ) # 15dnz4s171rfwp9oubmf1kok5va.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15dnz4s171rfwp9oubmf1kok5va|03|com"; nocase; ) # 7v8newwjbv1yv0dfb1fjckkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7v8newwjbv1yv0dfb1fjckkf|03|org"; nocase; ) # uq52pz1aw9xf5ok6ly4db0m9q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uq52pz1aw9xf5ok6ly4db0m9q|03|net"; nocase; ) # 1x7uc0j1muobv2r070g5yes2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x7uc0j1muobv2r070g5yes2w|03|org"; nocase; ) # b2hc22flkzf6li26c01t2rtiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b2hc22flkzf6li26c01t2rtiq|03|org"; nocase; ) # vxe78fr6gya1104ny40dwgkgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vxe78fr6gya1104ny40dwgkgx|03|net"; nocase; ) # 1rljk2k1ownx95azk1u01aup4jw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rljk2k1ownx95azk1u01aup4jw|03|org"; nocase; ) # 7xz29mvfp9qe1fswlhv1t5c81q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7xz29mvfp9qe1fswlhv1t5c81q|03|com"; nocase; ) # 1ar1n76fxrd3i1j3kcv31ntxayf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ar1n76fxrd3i1j3kcv31ntxayf|03|biz"; nocase; ) # 5f4qfi1c1ksgf1s6sz7uau2xjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5f4qfi1c1ksgf1s6sz7uau2xjd|03|com"; nocase; ) # 156it1oofzk5fc4yx6i394o0u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|156it1oofzk5fc4yx6i394o0u|03|org"; nocase; ) # 1cz3c151ymnxtxr5p2bf1stbqre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cz3c151ymnxtxr5p2bf1stbqre|03|net"; nocase; ) # 1jx75mm1gv0vamcrgnbgg7n79z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jx75mm1gv0vamcrgnbgg7n79z|03|net"; nocase; ) # 6sx234s3dh9q17gxvy4zco5hg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sx234s3dh9q17gxvy4zco5hg|03|com"; nocase; ) # l9dfuwcbbxwk58ss8p1wqpljr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l9dfuwcbbxwk58ss8p1wqpljr|03|com"; nocase; ) # pe1srgvsqvmo16czcs2g1hh1y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pe1srgvsqvmo16czcs2g1hh1y|03|com"; nocase; ) # 1n5jzwxa0k3md14bnkp81aft8oe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n5jzwxa0k3md14bnkp81aft8oe|03|org"; nocase; ) # 1pm8lcz8ijmuosgwtrq1t70cu3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pm8lcz8ijmuosgwtrq1t70cu3|03|com"; nocase; ) # 1nm6besvyajapt8o1b8cnicvz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nm6besvyajapt8o1b8cnicvz|03|org"; nocase; ) # 9tm8lz1jvcljqjk9fs57gfunt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9tm8lz1jvcljqjk9fs57gfunt|03|net"; nocase; ) # 67d71k5ki40j8695sg1b4qvjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|67d71k5ki40j8695sg1b4qvjd|03|com"; nocase; ) # 1nrm2nn1u63lif15w070gsfdxdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nrm2nn1u63lif15w070gsfdxdo|03|com"; nocase; ) # 19flfqv1klybx31wltynh94tji7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19flfqv1klybx31wltynh94tji7|03|org"; nocase; ) # k0dhh91w3uuandsouxe1l2q70m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k0dhh91w3uuandsouxe1l2q70m|03|com"; nocase; ) # 1lhelu714rsom61xg5rtfxrampr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lhelu714rsom61xg5rtfxrampr|03|com"; nocase; ) # xoj02ihdinj91tcypyf15dat2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xoj02ihdinj91tcypyf15dat2|03|com"; nocase; ) # 183q37zof0h9kkzbxf31xl0186.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|183q37zof0h9kkzbxf31xl0186|03|net"; nocase; ) # 1fxg44v1lvcwu3fd4e53hza8oz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fxg44v1lvcwu3fd4e53hza8oz|03|net"; nocase; ) # 1hs954m1snind4a2w7y8djru3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hs954m1snind4a2w7y8djru3k|03|com"; nocase; ) # 1dl5cg61hdr7qj1o4u3of1yv1det.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dl5cg61hdr7qj1o4u3of1yv1det|03|org"; nocase; ) # 19au2gu1fyz8cxn6j9ja15rlsaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19au2gu1fyz8cxn6j9ja15rlsaq|03|com"; nocase; ) # 1orv2ky1ayd4ahmqkmvmz68ae1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1orv2ky1ayd4ahmqkmvmz68ae1|03|org"; nocase; ) # mj99ij60opec1cyov8n1g15tqw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mj99ij60opec1cyov8n1g15tqw|03|org"; nocase; ) # 1x52klj1aej7c8xqdq941m8gn6a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x52klj1aej7c8xqdq941m8gn6a|03|net"; nocase; ) # 1gril8h1r0lcsm179vbu41x9bdfk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gril8h1r0lcsm179vbu41x9bdfk|03|net"; nocase; ) # 1128t2h1dq6h3d7kfzpw1xrc57n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1128t2h1dq6h3d7kfzpw1xrc57n|03|net"; nocase; ) # difqaerisfvm1e9numzqpc3c0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|difqaerisfvm1e9numzqpc3c0|03|org"; nocase; ) # 1mgsxx8srq8dt1d55fbz1rsqz80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mgsxx8srq8dt1d55fbz1rsqz80|03|net"; nocase; ) # rwb0fmhoviadq73b301jzwf05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rwb0fmhoviadq73b301jzwf05|03|org"; nocase; ) # 174z7gjk4at2zbvjw6zae1hcp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|174z7gjk4at2zbvjw6zae1hcp|03|net"; nocase; ) # 178lb95oy464jeokxg61m4jshk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|178lb95oy464jeokxg61m4jshk|03|net"; nocase; ) # 1n1qkk4kyl19k5o2lkgz4y5t8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n1qkk4kyl19k5o2lkgz4y5t8|03|com"; nocase; ) # 1s892e9zjbmyvtfr2z89a57yu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s892e9zjbmyvtfr2z89a57yu|03|biz"; nocase; ) # khigg01em9n6d1qv7s8z1d8kmmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|khigg01em9n6d1qv7s8z1d8kmmz|03|org"; nocase; ) # 8fpfr91fkokw6kdug1jbcbaf6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8fpfr91fkokw6kdug1jbcbaf6|03|net"; nocase; ) # 1lbawl61mqbvt412hp0s414z6ev9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lbawl61mqbvt412hp0s414z6ev9|03|net"; nocase; ) # foi1fx12o7rgm8l45oz1bfiq6q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|foi1fx12o7rgm8l45oz1bfiq6q|03|org"; nocase; ) # iydpnqgkt48z1oah0n91dy8acb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iydpnqgkt48z1oah0n91dy8acb|03|net"; nocase; ) # 1l5q8f7lz4i5e1kkenr41vf5qjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l5q8f7lz4i5e1kkenr41vf5qjf|03|org"; nocase; ) # yb7wfqxix09o1ylgb9m1bvt5zi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yb7wfqxix09o1ylgb9m1bvt5zi|03|com"; nocase; ) # 1l2hxs2y2fet41vtkh87eh7zz4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l2hxs2y2fet41vtkh87eh7zz4|03|net"; nocase; ) # 1j9w42tb4i87k17nt51h1cjqi58.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j9w42tb4i87k17nt51h1cjqi58|03|com"; nocase; ) # aynht6kc6zgz1ojqcnzwem2ab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aynht6kc6zgz1ojqcnzwem2ab|03|org"; nocase; ) # 1sronabi60jp214m27oj1pdksn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sronabi60jp214m27oj1pdksn6|03|org"; nocase; ) # c0672s18e5ehvm1wmi785jjux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c0672s18e5ehvm1wmi785jjux|03|net"; nocase; ) # udetok1wkfgfmu7ouwn3p3y4t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|udetok1wkfgfmu7ouwn3p3y4t|03|com"; nocase; ) # p3edb01ut20q7mrq3fr1ei185.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p3edb01ut20q7mrq3fr1ei185|03|org"; nocase; ) # 172se2k11r290j1baisxwv1bo6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|172se2k11r290j1baisxwv1bo6|03|biz"; nocase; ) # zgs58v1clsse1m532tw1ec9ysr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zgs58v1clsse1m532tw1ec9ysr|03|biz"; nocase; ) # l5shhxbetpr412pmbc8cf3u3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l5shhxbetpr412pmbc8cf3u3|03|com"; nocase; ) # 1y8vqw31x7f8lekdbhwa1al7qgo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8vqw31x7f8lekdbhwa1al7qgo|03|net"; nocase; ) # 15zgs21asicvjbns9kt1ir63hv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15zgs21asicvjbns9kt1ir63hv|03|biz"; nocase; ) # 1x0m1zb14y8idh1a8st7d1pvze0u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x0m1zb14y8idh1a8st7d1pvze0u|03|com"; nocase; ) # 2j3si615sam1pr0ljc3139lo8m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2j3si615sam1pr0ljc3139lo8m|03|com"; nocase; ) # c2di2hsa3ugwykw1km1er1tec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c2di2hsa3ugwykw1km1er1tec|03|net"; nocase; ) # 1sd96o91eb8faa2redshn7eyai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sd96o91eb8faa2redshn7eyai|03|net"; nocase; ) # 194hrlj1y6qv0j1mo4i09f12v4c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|194hrlj1y6qv0j1mo4i09f12v4c|03|org"; nocase; ) # 1pmcowg1e24qcl83hi0u1ex9y9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pmcowg1e24qcl83hi0u1ex9y9q|03|com"; nocase; ) # 16ysbgx1n0ed7o94mvzqiggshb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16ysbgx1n0ed7o94mvzqiggshb|03|com"; nocase; ) # wkv9493ywvay1opugf41ide9y7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wkv9493ywvay1opugf41ide9y7|03|org"; nocase; ) # nh7t6vqvdgg312sa7561gh6ej.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nh7t6vqvdgg312sa7561gh6ej|03|org"; nocase; ) # 9i0nghygbhfd1fzufen1uxb18o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9i0nghygbhfd1fzufen1uxb18o|03|org"; nocase; ) # 1uws2hf1szlc2o1cz9ljj11cg5gf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uws2hf1szlc2o1cz9ljj11cg5gf|03|biz"; nocase; ) # r3d6bvz34tw71a8xn6z18lz4df.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r3d6bvz34tw71a8xn6z18lz4df|03|com"; nocase; ) # 1l3zl9syus6dsjbjai1q2o759.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l3zl9syus6dsjbjai1q2o759|03|com"; nocase; ) # 5w88551srl4kd15jg4e41w9mp84.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5w88551srl4kd15jg4e41w9mp84|03|org"; nocase; ) # 77s6lpb5zal81yoa6lt1ekenrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77s6lpb5zal81yoa6lt1ekenrm|03|net"; nocase; ) # gjn6bbycgzcnsx4iwa5dblu3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gjn6bbycgzcnsx4iwa5dblu3|03|net"; nocase; ) # p9cofk13yb3dr94pugq15mym9d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9cofk13yb3dr94pugq15mym9d|03|net"; nocase; ) # ri2myul814p3i8053jik5lh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ri2myul814p3i8053jik5lh|03|org"; nocase; ) # 8inbie19mso421l01dzhkyg46x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8inbie19mso421l01dzhkyg46x|03|biz"; nocase; ) # cklo701hc6mub1egv7ar1rjbcuk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cklo701hc6mub1egv7ar1rjbcuk|03|biz"; nocase; ) # mm9mvmpfataruxgpb8v3s5vo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mm9mvmpfataruxgpb8v3s5vo|03|org"; nocase; ) # 1nkcg4s15bdixz1krlmxf19k3by9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nkcg4s15bdixz1krlmxf19k3by9|03|biz"; nocase; ) # 1aqxs6v16s4fgl1o1rmyw12pemt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1aqxs6v16s4fgl1o1rmyw12pemt6|03|net"; nocase; ) # xa9quuzqhvqs28apc7u0wpo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xa9quuzqhvqs28apc7u0wpo0|03|net"; nocase; ) # ckyvrd1w4qh4o176svlg1qwgszu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ckyvrd1w4qh4o176svlg1qwgszu|03|org"; nocase; ) # iro5411tdn4201fkbbb21l1b4r8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iro5411tdn4201fkbbb21l1b4r8|03|biz"; nocase; ) # 1k2td2k1xcsfjx11ix9kq1uxthn9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k2td2k1xcsfjx11ix9kq1uxthn9|03|com"; nocase; ) # 1qdusfm1y5h95316d5cey1ofe42l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qdusfm1y5h95316d5cey1ofe42l|03|biz"; nocase; ) # 2smgz618fok7hzjqz7n1uh5y53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2smgz618fok7hzjqz7n1uh5y53|03|net"; nocase; ) # v8mshp1ae3sx0yebvl11m2xbd7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8mshp1ae3sx0yebvl11m2xbd7|03|org"; nocase; ) # u4i1dv1ii8mtgwom9imol1oyp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u4i1dv1ii8mtgwom9imol1oyp|03|org"; nocase; ) # 6hsrbjzjnyu4tasw31140ptoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6hsrbjzjnyu4tasw31140ptoz|03|net"; nocase; ) # 11m9px743mwlvx68gq9a5q1sa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11m9px743mwlvx68gq9a5q1sa|03|com"; nocase; ) # cgmgpl1oypsm61s1yekc4s71vk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cgmgpl1oypsm61s1yekc4s71vk|03|org"; nocase; ) # a33apr1r9up1j1264j9ma53e51.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a33apr1r9up1j1264j9ma53e51|03|org"; nocase; ) # 184tpl88uhm3oxn5b771unq7mr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184tpl88uhm3oxn5b771unq7mr|03|biz"; nocase; ) # np0tm9208789sn8hnw77ppl9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|np0tm9208789sn8hnw77ppl9|03|org"; nocase; ) # g4mheongnzphwx0supa04f6u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g4mheongnzphwx0supa04f6u|03|org"; nocase; ) # gpy3v41dgkfil19die2z8few5v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpy3v41dgkfil19die2z8few5v|03|net"; nocase; ) # 12100eq1iyas7pzxzwxt1eb1uuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12100eq1iyas7pzxzwxt1eb1uuh|03|net"; nocase; ) # 8pinvy3aju6516mv20r1fmbyqf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8pinvy3aju6516mv20r1fmbyqf|03|org"; nocase; ) # 1idq2krcu8l28q7vb778ge1m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1idq2krcu8l28q7vb778ge1m|03|com"; nocase; ) # 1d4nysd38omaojxcjeb17er0fp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d4nysd38omaojxcjeb17er0fp|03|biz"; nocase; ) # 1qci4h21jkm05o1xmf89fbi33gu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qci4h21jkm05o1xmf89fbi33gu|03|org"; nocase; ) # nw275j11jrdhlqm9zz31nw35vp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nw275j11jrdhlqm9zz31nw35vp|03|biz"; nocase; ) # 1lw9quc1r0f4781jpp31j1pygt38.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lw9quc1r0f4781jpp31j1pygt38|03|com"; nocase; ) # 1pp7j1k4jmrci5120w244f5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1pp7j1k4jmrci5120w244f5i|03|net"; nocase; ) # 1iiytsw13aswah1a8rcz4e8yosz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iiytsw13aswah1a8rcz4e8yosz|03|org"; nocase; ) # 3mhevc1jlfkw8up5v561vicj02.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3mhevc1jlfkw8up5v561vicj02|03|com"; nocase; ) # 1p38fnm0h01d1p7dx5bqc4aqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p38fnm0h01d1p7dx5bqc4aqw|03|net"; nocase; ) # z5jrs4imumadpu2912v33g4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|z5jrs4imumadpu2912v33g4|03|org"; nocase; ) # 11uaa66qkdobz1dcfxxw39ksqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11uaa66qkdobz1dcfxxw39ksqk|03|org"; nocase; ) # xt8sk41omkmadx19p192ixz5z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xt8sk41omkmadx19p192ixz5z|03|biz"; nocase; ) # 1dnz0931ojn3pfzt0nsrtmt61x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dnz0931ojn3pfzt0nsrtmt61x|03|net"; nocase; ) # hxjl4u18r538lj859d41wd11lo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hxjl4u18r538lj859d41wd11lo|03|org"; nocase; ) # 1wnqgm0fazzw4sh8xg0efln73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wnqgm0fazzw4sh8xg0efln73|03|org"; nocase; ) # yoac0azlyzv174cfsv1ouazp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yoac0azlyzv174cfsv1ouazp2|03|org"; nocase; ) # 35csy2unhjzg1vsyitj1pynvw8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|35csy2unhjzg1vsyitj1pynvw8|03|biz"; nocase; ) # 1sl4bj715ntx361mjhainrjdngo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sl4bj715ntx361mjhainrjdngo|03|com"; nocase; ) # 1kynypq21cl571hsiknh539fc5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kynypq21cl571hsiknh539fc5|03|com"; nocase; ) # 14e8u8ieiz6lh3o0cz91fct8ra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14e8u8ieiz6lh3o0cz91fct8ra|03|net"; nocase; ) # 1c2anhw1ilppgupp2x5uue19j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c2anhw1ilppgupp2x5uue19j|03|net"; nocase; ) # 9uudu1fifqox1etleucel5loz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9uudu1fifqox1etleucel5loz|03|com"; nocase; ) # 1g9eiidv0311e1rmpw2k1568vo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9eiidv0311e1rmpw2k1568vo|03|net"; nocase; ) # 1qjuwx2ea2gqn1kxeqdxzw477e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qjuwx2ea2gqn1kxeqdxzw477e|03|net"; nocase; ) # 3hngmv1e4ggnk145v1f11srcplc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3hngmv1e4ggnk145v1f11srcplc|03|org"; nocase; ) # yutj7115x2i5o1w1egxv1aycsr8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yutj7115x2i5o1w1egxv1aycsr8|03|biz"; nocase; ) # 1ey3rn519st4you6aem5wdxsyf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ey3rn519st4you6aem5wdxsyf|03|biz"; nocase; ) # 1bjksvxpsb67hbzkegbtu2kb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1bjksvxpsb67hbzkegbtu2kb|03|net"; nocase; ) # 8xerr61ncmsa4e3rvu7zuyiw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8xerr61ncmsa4e3rvu7zuyiw5|03|org"; nocase; ) # 197drthwj2sa51cyb73coep2ti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|197drthwj2sa51cyb73coep2ti|03|com"; nocase; ) # bk41ilpz8hei1b7210a18dznny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bk41ilpz8hei1b7210a18dznny|03|biz"; nocase; ) # 1xlf6rbkrlzqo1k2y2c1ub2x9o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xlf6rbkrlzqo1k2y2c1ub2x9o|03|org"; nocase; ) # 17dcliv2kvf7e128w5toq5z3dx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17dcliv2kvf7e128w5toq5z3dx|03|net"; nocase; ) # 1cg5wtlaavyd4hxts8y1on9816.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cg5wtlaavyd4hxts8y1on9816|03|biz"; nocase; ) # 19wazzg1otivvs1u0lpsh32u4mb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19wazzg1otivvs1u0lpsh32u4mb|03|org"; nocase; ) # yig3062xgz6j1c6nrle10f7qck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yig3062xgz6j1c6nrle10f7qck|03|com"; nocase; ) # gl720cdejyh9vfgkau1c86wp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gl720cdejyh9vfgkau1c86wp7|03|net"; nocase; ) # 12fra8al552yc135jhiy1oq63hj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12fra8al552yc135jhiy1oq63hj|03|com"; nocase; ) # swg9yhfid0ijpfphh6zywzdx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|swg9yhfid0ijpfphh6zywzdx|03|org"; nocase; ) # 1fihoi41x2z7l4pbsnm11nmrmer.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fihoi41x2z7l4pbsnm11nmrmer|03|org"; nocase; ) # dvvlh11b8fi041nsfst7uxu1wm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dvvlh11b8fi041nsfst7uxu1wm|03|net"; nocase; ) # 12k69jl7kx8ydse6zq11gw96yd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12k69jl7kx8ydse6zq11gw96yd|03|org"; nocase; ) # 6g75755g1ocx80b9cbacszx5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6g75755g1ocx80b9cbacszx5|03|com"; nocase; ) # 1quve9d1uetn82o6ac1oxt9j8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1quve9d1uetn82o6ac1oxt9j8|03|org"; nocase; ) # 1svfpfn1wmy0gj1yf5g8dudn5ga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1svfpfn1wmy0gj1yf5g8dudn5ga|03|org"; nocase; ) # 1f9zbj4wekt7k1ha73gt1xp0na8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9zbj4wekt7k1ha73gt1xp0na8|03|org"; nocase; ) # yhs83guro6zsol8cby1avow20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yhs83guro6zsol8cby1avow20|03|net"; nocase; ) # 19f3koc1d8c6lokoipkw14w9tm9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19f3koc1d8c6lokoipkw14w9tm9|03|org"; nocase; ) # 1usqmuousw3o2upxm0ylaj5lf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1usqmuousw3o2upxm0ylaj5lf|03|net"; nocase; ) # 12cad72168swyar2xffkgduj5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12cad72168swyar2xffkgduj5n|03|biz"; nocase; ) # 1ss1w4hqs954236hwng14nlt9k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ss1w4hqs954236hwng14nlt9k|03|org"; nocase; ) # eqjq1y1183mi5dzt6gxjyqxye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqjq1y1183mi5dzt6gxjyqxye|03|net"; nocase; ) # tvr9hx17indy71j6naqn1okqdmj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tvr9hx17indy71j6naqn1okqdmj|03|net"; nocase; ) # 3f8amw575u3118946wd1jqnx2o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3f8amw575u3118946wd1jqnx2o|03|biz"; nocase; ) # 1odfrxwbus3ih1eooicc5meulp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odfrxwbus3ih1eooicc5meulp|03|com"; nocase; ) # 57nl0tu1qqtu1coglr325268b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|57nl0tu1qqtu1coglr325268b|03|org"; nocase; ) # 1d5xdcw1uxswz8xx5fmv1erfvax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5xdcw1uxswz8xx5fmv1erfvax|03|com"; nocase; ) # 1mdv377zf97gu1baza21gi2it8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mdv377zf97gu1baza21gi2it8|03|net"; nocase; ) # 1i87o8plu4akmez5zgb1ybjtrk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i87o8plu4akmez5zgb1ybjtrk|03|com"; nocase; ) # 1ctbqgy1y6gky1ootb7g1rmt0k2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ctbqgy1y6gky1ootb7g1rmt0k2|03|biz"; nocase; ) # co2u5b1hu28ev1kvobpvxv2ni9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|co2u5b1hu28ev1kvobpvxv2ni9|03|net"; nocase; ) # 1eiuuk211edngulr8qhzxvsjyv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eiuuk211edngulr8qhzxvsjyv|03|biz"; nocase; ) # 13etbcujjx5m6wr08ke1wfj9a9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13etbcujjx5m6wr08ke1wfj9a9|03|com"; nocase; ) # 1urw4741d1b1z65wm15n1c65zpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1urw4741d1b1z65wm15n1c65zpb|03|org"; nocase; ) # 1jbfm8u9ebbzq1gslm80hpv1sl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbfm8u9ebbzq1gslm80hpv1sl|03|org"; nocase; ) # xpa1sls6jvj1mkuqdw1to1kj0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xpa1sls6jvj1mkuqdw1to1kj0|03|biz"; nocase; ) # 1cva2729esuc61wfzssjm5xqhv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cva2729esuc61wfzssjm5xqhv|03|biz"; nocase; ) # 10s4wlaosw3fy15rg079170rixf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10s4wlaosw3fy15rg079170rixf|03|net"; nocase; ) # 15hha0k1c4y3u6sx4aliylnuzj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15hha0k1c4y3u6sx4aliylnuzj|03|biz"; nocase; ) # nu7zh7bifv6413dfg2ngj5of1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nu7zh7bifv6413dfg2ngj5of1|03|net"; nocase; ) # 17nizpw8528ph1e4heg81bwl607.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17nizpw8528ph1e4heg81bwl607|03|org"; nocase; ) # 17em8td1xfgc5fxhej5g1bbverr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17em8td1xfgc5fxhej5g1bbverr|03|org"; nocase; ) # 1ahcod91704h7x15ed40tdrggka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ahcod91704h7x15ed40tdrggka|03|com"; nocase; ) # 1ei1xtm1ea4ahllwyyh3b27mhg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ei1xtm1ea4ahllwyyh3b27mhg|03|net"; nocase; ) # 1fbtdu9r7pd4l1ihhgy113dzs6s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fbtdu9r7pd4l1ihhgy113dzs6s|03|biz"; nocase; ) # mkkfr4wrb0kt11yv2cnh20qds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mkkfr4wrb0kt11yv2cnh20qds|03|com"; nocase; ) # 16qkkir15ld0b2zcehls1n7t763.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16qkkir15ld0b2zcehls1n7t763|03|org"; nocase; ) # 143ogfnwymt1nuzom7rndhr2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|143ogfnwymt1nuzom7rndhr2v|03|biz"; nocase; ) # 1mgqne31rluz0zxusg8epa7rqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mgqne31rluz0zxusg8epa7rqj|03|com"; nocase; ) # fv68ulbd2z5u95cuqurmuolw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fv68ulbd2z5u95cuqurmuolw|03|net"; nocase; ) # 1ozxlbs1ezomti1dnntgzgsgate.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ozxlbs1ezomti1dnntgzgsgate|03|org"; nocase; ) # 1ticy9x1hg3ddmmcwcmc1yngmuo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ticy9x1hg3ddmmcwcmc1yngmuo|03|org"; nocase; ) # 1uy7mow1kwh75s9oj82qitkp3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uy7mow1kwh75s9oj82qitkp3y|03|net"; nocase; ) # jibbjx3t0mpv1ryp7631vwe0o8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jibbjx3t0mpv1ryp7631vwe0o8|03|net"; nocase; ) # u619c6d5eqbqiltpcov93pa1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u619c6d5eqbqiltpcov93pa1|03|biz"; nocase; ) # 19jm5kn1hmfuds1qmdbc42s9ah7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19jm5kn1hmfuds1qmdbc42s9ah7|03|net"; nocase; ) # 12royilo83a7odo75vr108nwit.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12royilo83a7odo75vr108nwit|03|net"; nocase; ) # 17me2rz1juhi2w71xi491a5b735.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17me2rz1juhi2w71xi491a5b735|03|org"; nocase; ) # 1r3fjrw11pmsrt1anqejf4exp6c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r3fjrw11pmsrt1anqejf4exp6c|03|com"; nocase; ) # j6jkkygfx6iyhrfgn5m2cdp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|j6jkkygfx6iyhrfgn5m2cdp|03|biz"; nocase; ) # 19xjaqa1mgre431yl2s3hoa0n91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xjaqa1mgre431yl2s3hoa0n91|03|com"; nocase; ) # 1tdebpz1ijistx7lj96e1qta2pf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tdebpz1ijistx7lj96e1qta2pf|03|net"; nocase; ) # u65t2dikiffp1jcegpx14n7cux.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u65t2dikiffp1jcegpx14n7cux|03|biz"; nocase; ) # 1vr053c1uujulb196l4wh1brcw1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vr053c1uujulb196l4wh1brcw1q|03|biz"; nocase; ) # ory5nj1h4duch1n14b6wupo3pl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ory5nj1h4duch1n14b6wupo3pl|03|net"; nocase; ) # 1mfan161jnmbtbf7f1qsjvvi6d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mfan161jnmbtbf7f1qsjvvi6d|03|biz"; nocase; ) # 3bhy7wdio8zm6edse31luimk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3bhy7wdio8zm6edse31luimk9|03|com"; nocase; ) # xna089m1njjk1u6gftrzikdpy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xna089m1njjk1u6gftrzikdpy|03|net"; nocase; ) # b352ns1omvqc51ec199q1962uzl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b352ns1omvqc51ec199q1962uzl|03|com"; nocase; ) # z9by2fi2r5ppy21zcd1bpfhpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z9by2fi2r5ppy21zcd1bpfhpo|03|com"; nocase; ) # 1t7vr67tljz0ohl9li81b75jg8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t7vr67tljz0ohl9li81b75jg8|03|com"; nocase; ) # jvj9rjwhi00o72ln6w1tvfvvf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jvj9rjwhi00o72ln6w1tvfvvf|03|org"; nocase; ) # 1b1kzr01p0er6t14emc01i0rcp6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1kzr01p0er6t14emc01i0rcp6|03|biz"; nocase; ) # bks17i1dq0yt616df38vk8n3fo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bks17i1dq0yt616df38vk8n3fo|03|com"; nocase; ) # r3wxaec48u7mmb6du11gvlyky.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r3wxaec48u7mmb6du11gvlyky|03|biz"; nocase; ) # m5foi4gbsd71tqvdkg973x8u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m5foi4gbsd71tqvdkg973x8u|03|com"; nocase; ) # c151hf1so0y85uj8yya1lnoz43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c151hf1so0y85uj8yya1lnoz43|03|net"; nocase; ) # 1oyqutaj2ov9x1r7m8ebqyhtgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oyqutaj2ov9x1r7m8ebqyhtgu|03|org"; nocase; ) # 1khhs22vgtkpgidtck36wfdap.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1khhs22vgtkpgidtck36wfdap|03|biz"; nocase; ) # 1dbhaub114zykoewkon210v0265.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dbhaub114zykoewkon210v0265|03|com"; nocase; ) # zuk9ne4xtumd1r9iwic1h4deau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zuk9ne4xtumd1r9iwic1h4deau|03|net"; nocase; ) # 2tdmqgzqc9otfkkaci1vest2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2tdmqgzqc9otfkkaci1vest2r|03|org"; nocase; ) # 12a5gth6fxypk10uzbf1fgljg4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12a5gth6fxypk10uzbf1fgljg4|03|com"; nocase; ) # i6vk181u2egdw821hwk125k68e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6vk181u2egdw821hwk125k68e|03|net"; nocase; ) # amx0k81h99eiknj9ff01c7motg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|amx0k81h99eiknj9ff01c7motg|03|com"; nocase; ) # 2jn0okxtsz56seqda3102e985.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2jn0okxtsz56seqda3102e985|03|net"; nocase; ) # 1gfz9v4517m31mo9kaygrr079.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gfz9v4517m31mo9kaygrr079|03|com"; nocase; ) # nxk7n519dcrrdp83vvj1vosf32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nxk7n519dcrrdp83vvj1vosf32|03|org"; nocase; ) # 4usldy11idm9x1ru8xeovqpyrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4usldy11idm9x1ru8xeovqpyrp|03|org"; nocase; ) # 18f76i518eufan12mzxq01rnc0l4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18f76i518eufan12mzxq01rnc0l4|03|net"; nocase; ) # dneic717la3iu16sro8lc1f839.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dneic717la3iu16sro8lc1f839|03|net"; nocase; ) # 1ob4p8d1citdkhsn9tm21aw2bog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ob4p8d1citdkhsn9tm21aw2bog|03|com"; nocase; ) # df8dz61y6ranrp9s3moj2kfjs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|df8dz61y6ranrp9s3moj2kfjs|03|net"; nocase; ) # yhscy81ku424p1s5e66o1p9jpyn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yhscy81ku424p1s5e66o1p9jpyn|03|biz"; nocase; ) # vr1kfp18912km1itvy0q1j2xu14.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vr1kfp18912km1itvy0q1j2xu14|03|biz"; nocase; ) # 3ct0mvk2agyj90ilgkug5zw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3ct0mvk2agyj90ilgkug5zw2|03|net"; nocase; ) # 1jctypk1b3hmqcqftvi5rn0q5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jctypk1b3hmqcqftvi5rn0q5w|03|com"; nocase; ) # 14yby8o73t7dh16q3g2h16hkeha.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14yby8o73t7dh16q3g2h16hkeha|03|org"; nocase; ) # 1tu259d1uscboe1rauxzcm5biwh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tu259d1uscboe1rauxzcm5biwh|03|org"; nocase; ) # 5h7h851hkk5te1ltmmrdzy4vh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5h7h851hkk5te1ltmmrdzy4vh|03|net"; nocase; ) # rlt4pr1rs9zf12sxomvqn4xqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rlt4pr1rs9zf12sxomvqn4xqi|03|net"; nocase; ) # fkzcnb1eheow21eme1vbu7n41b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fkzcnb1eheow21eme1vbu7n41b|03|biz"; nocase; ) # 1vxvhs59rzx66zbc0j81xdmjzg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxvhs59rzx66zbc0j81xdmjzg|03|net"; nocase; ) # 1anth2lsengfy1tig8rv1y54re6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1anth2lsengfy1tig8rv1y54re6|03|net"; nocase; ) # 17r4cum12c3kwh1p5qupk1xm23eg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17r4cum12c3kwh1p5qupk1xm23eg|03|org"; nocase; ) # 1tlub72qcdx4jxpsk0ym4mkp4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tlub72qcdx4jxpsk0ym4mkp4|03|net"; nocase; ) # dsyw741j3syec6rlq5z81jvm6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dsyw741j3syec6rlq5z81jvm6|03|com"; nocase; ) # 14x515xa2wlp89i550q1u051tg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14x515xa2wlp89i550q1u051tg|03|biz"; nocase; ) # 11omntuz5z6j2gz07p2qisft3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11omntuz5z6j2gz07p2qisft3|03|org"; nocase; ) # 2nejd17xlky814updu2160mniu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2nejd17xlky814updu2160mniu|03|com"; nocase; ) # 1w3nvqo1i2f8q11cv2xzq5mozs1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w3nvqo1i2f8q11cv2xzq5mozs1|03|biz"; nocase; ) # 1w68qu8rrlkma1yv3iub12rns1h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w68qu8rrlkma1yv3iub12rns1h|03|biz"; nocase; ) # 778o8b6gfxlp47is9z13g1er5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|778o8b6gfxlp47is9z13g1er5|03|org"; nocase; ) # 1hbgbuo1lvvw9m6df0iebqr04k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbgbuo1lvvw9m6df0iebqr04k|03|net"; nocase; ) # 1w37jagsb5q6n1xdx14bhz77ug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w37jagsb5q6n1xdx14bhz77ug|03|net"; nocase; ) # jnxfow15tqrhosl0f1o1hzqxyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnxfow15tqrhosl0f1o1hzqxyi|03|net"; nocase; ) # 16f3ufx7l09ik1wpcrof1t7ly1s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16f3ufx7l09ik1wpcrof1t7ly1s|03|net"; nocase; ) # uc9yo88deqk51dbahkyg5t4a2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uc9yo88deqk51dbahkyg5t4a2|03|com"; nocase; ) # q1my496try081gjbrzxxdzda6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q1my496try081gjbrzxxdzda6|03|biz"; nocase; ) # ec24lw1bo7kcqfaeuw2f1v137.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ec24lw1bo7kcqfaeuw2f1v137|03|net"; nocase; ) # 1fb5o3bmb6vsm1xoyg0673x3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fb5o3bmb6vsm1xoyg0673x3v|03|org"; nocase; ) # eyr59azs3y4s1m05uqi1wofqd8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eyr59azs3y4s1m05uqi1wofqd8|03|biz"; nocase; ) # p4u7o5xa5irg1a4rrcr9mbxfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p4u7o5xa5irg1a4rrcr9mbxfl|03|com"; nocase; ) # 1jg5tgipktjzn1dh1w371bnonmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jg5tgipktjzn1dh1w371bnonmp|03|net"; nocase; ) # ekazvi5jel6o1dw9kiq1jqtdwl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ekazvi5jel6o1dw9kiq1jqtdwl|03|biz"; nocase; ) # 12pgddcctn9bupjle751asi8uk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12pgddcctn9bupjle751asi8uk|03|net"; nocase; ) # iiemhq1bxnggdgz924pxwu4it.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iiemhq1bxnggdgz924pxwu4it|03|org"; nocase; ) # p87dm71xr6y9h16c25ek1xlvv2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p87dm71xr6y9h16c25ek1xlvv2z|03|net"; nocase; ) # o52tgxzdzzly1tnc5r77851uw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o52tgxzdzzly1tnc5r77851uw|03|biz"; nocase; ) # ox4pg4k9wxjf1dspxd0r40p55.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ox4pg4k9wxjf1dspxd0r40p55|03|net"; nocase; ) # vet1oh6l8t1q1ejxi6srg834k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vet1oh6l8t1q1ejxi6srg834k|03|biz"; nocase; ) # 19m5xsghw935r10u2i4o1ufvec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19m5xsghw935r10u2i4o1ufvec|03|net"; nocase; ) # 10c4yiv1br2i1suzfn11olwr9e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10c4yiv1br2i1suzfn11olwr9e|03|com"; nocase; ) # 1ccc35chqlljinzxta4xbl3b6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ccc35chqlljinzxta4xbl3b6|03|net"; nocase; ) # 12xf664o730xjt4q16f4ehzmw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12xf664o730xjt4q16f4ehzmw|03|net"; nocase; ) # 12g4lhj3t03n71egdqlxq626fl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12g4lhj3t03n71egdqlxq626fl|03|com"; nocase; ) # 2xjpmm1ox38y86tvz208674kx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2xjpmm1ox38y86tvz208674kx|03|org"; nocase; ) # 1mis7k1qhcuvgu8lyb211xjng1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mis7k1qhcuvgu8lyb211xjng1|03|net"; nocase; ) # 7ivfz6wq9qhk1xnchui18ttpyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ivfz6wq9qhk1xnchui18ttpyb|03|org"; nocase; ) # 1uitkzs1dkbkp7q29ytilb3ma1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uitkzs1dkbkp7q29ytilb3ma1|03|com"; nocase; ) # d3cbslvnpfwq5halds1g6f9vf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d3cbslvnpfwq5halds1g6f9vf|03|org"; nocase; ) # 1twrjzkdtwboj1bnzl1o4i5o2t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1twrjzkdtwboj1bnzl1o4i5o2t|03|com"; nocase; ) # 1wz2nyl1hapzjoqprcsbmkyaem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wz2nyl1hapzjoqprcsbmkyaem|03|net"; nocase; ) # 1e5f1bo150tc915hit795ztpzk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5f1bo150tc915hit795ztpzk|03|biz"; nocase; ) # fs9sitm4shfr10mfub5smu5i1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fs9sitm4shfr10mfub5smu5i1|03|com"; nocase; ) # 15c7hmmoa7yge1ajt7t19ck20l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15c7hmmoa7yge1ajt7t19ck20l|03|com"; nocase; ) # 1fjioc119l079v19y2c2n1tdsu4d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fjioc119l079v19y2c2n1tdsu4d|03|net"; nocase; ) # wjkqnvefbfmccq3ru086yz7p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wjkqnvefbfmccq3ru086yz7p|03|org"; nocase; ) # 1m7n8bnqyzso91hbqzl0ganjk5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m7n8bnqyzso91hbqzl0ganjk5|03|net"; nocase; ) # g6zuqlnp69jc137qbko1r7fheq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6zuqlnp69jc137qbko1r7fheq|03|org"; nocase; ) # 6820011d4r64w1r9ynrsbiu3y0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6820011d4r64w1r9ynrsbiu3y0|03|net"; nocase; ) # s4ybhf1b4dptb1k382yyq4yp9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s4ybhf1b4dptb1k382yyq4yp9t|03|net"; nocase; ) # 1eb8af21obamqe1el670htezslh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eb8af21obamqe1el670htezslh|03|net"; nocase; ) # qfpnkosken11qcmgv41kr7smi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qfpnkosken11qcmgv41kr7smi|03|com"; nocase; ) # j21sp61vwyxa317wcyw410yziwp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|j21sp61vwyxa317wcyw410yziwp|03|org"; nocase; ) # 67myuopodad5zcqfa18fmjv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|67myuopodad5zcqfa18fmjv1|03|com"; nocase; ) # 10zmsx81bhust514n6ie6tiz5cf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10zmsx81bhust514n6ie6tiz5cf|03|biz"; nocase; ) # pnon7vvtg5roo2wqx5twegrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pnon7vvtg5roo2wqx5twegrc|03|net"; nocase; ) # 8ld34o2m244o7ur0xn6alef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|8ld34o2m244o7ur0xn6alef|03|com"; nocase; ) # oda3wpavffk81hs2ywyl3tpgq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oda3wpavffk81hs2ywyl3tpgq|03|net"; nocase; ) # v9huuvad1jqc18r6o1b8tojvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9huuvad1jqc18r6o1b8tojvs|03|com"; nocase; ) # 3yu96eidg02ur8t13teznyu6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3yu96eidg02ur8t13teznyu6|03|com"; nocase; ) # lar3tm1kbk41mhvtxw1pchz1l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lar3tm1kbk41mhvtxw1pchz1l|03|org"; nocase; ) # ftsnlw1e79m2dhcqr6o1m5kgtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ftsnlw1e79m2dhcqr6o1m5kgtm|03|net"; nocase; ) # q0pee6lf84ly5xeary1yd8yq7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q0pee6lf84ly5xeary1yd8yq7|03|biz"; nocase; ) # 1ptvn85qvz2ic1injd771bpve5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ptvn85qvz2ic1injd771bpve5h|03|net"; nocase; ) # 1imh91eku7evo110i4sy46hrsv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1imh91eku7evo110i4sy46hrsv|03|org"; nocase; ) # 1oisn8d1h0iotwjcpmi55nhvnw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oisn8d1h0iotwjcpmi55nhvnw|03|biz"; nocase; ) # 963rxf1ws07wi1flk393uf27p8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|963rxf1ws07wi1flk393uf27p8|03|net"; nocase; ) # 3qcpke9l3e5h44gjev18uy1uy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3qcpke9l3e5h44gjev18uy1uy|03|net"; nocase; ) # l96w1l2tzlpl16fug1h1ujb96k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l96w1l2tzlpl16fug1h1ujb96k|03|com"; nocase; ) # br0yl1agrd1p1ylsfq61pk2qkc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|br0yl1agrd1p1ylsfq61pk2qkc|03|biz"; nocase; ) # 17aju9d88brclr94grk5cnm4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17aju9d88brclr94grk5cnm4t|03|org"; nocase; ) # 1f2bq7v1ki8f7f1uucgwonhtsw3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f2bq7v1ki8f7f1uucgwonhtsw3|03|net"; nocase; ) # uybnic6n4pwxgwql9zi7cuzi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uybnic6n4pwxgwql9zi7cuzi|03|org"; nocase; ) # 55895e14dxdbn4txbex16sxw9c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|55895e14dxdbn4txbex16sxw9c|03|org"; nocase; ) # g6oxob23ci271ww81zsaqhwzm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g6oxob23ci271ww81zsaqhwzm|03|net"; nocase; ) # 1qdogt02ezojx1k9ya571xki50b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qdogt02ezojx1k9ya571xki50b|03|net"; nocase; ) # hw414z4nod51oueb051u3dzow.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hw414z4nod51oueb051u3dzow|03|org"; nocase; ) # nmezgg1y6qp5opcxyxl1gl16v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nmezgg1y6qp5opcxyxl1gl16v0|03|net"; nocase; ) # vh0ft0nj2b95elujh6122zrkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vh0ft0nj2b95elujh6122zrkr|03|com"; nocase; ) # 1lao93i3h85mq1vjoqyq16xar2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lao93i3h85mq1vjoqyq16xar2g|03|net"; nocase; ) # 13xjbbcpet9gatgie6j10tg38p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13xjbbcpet9gatgie6j10tg38p|03|biz"; nocase; ) # 19yw3rn1sitxltwgcopk1r3bqkf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19yw3rn1sitxltwgcopk1r3bqkf|03|net"; nocase; ) # x852ig1ddp71p1bo58rw14q3tv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x852ig1ddp71p1bo58rw14q3tv|03|net"; nocase; ) # 1x9gaokqk0nyd1o63krsq28ftf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x9gaokqk0nyd1o63krsq28ftf|03|org"; nocase; ) # 1g6ulhe1kpt8uljc71z764brs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g6ulhe1kpt8uljc71z764brs4|03|net"; nocase; ) # 1dbl0my1v5etw51i3ulxdz1xsxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dbl0my1v5etw51i3ulxdz1xsxf|03|org"; nocase; ) # 1eni0v51ieushy1vvvuhkqlbpmv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eni0v51ieushy1vvvuhkqlbpmv|03|net"; nocase; ) # 1af1iqw1ukoopcfd4x7p1t8a8tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1af1iqw1ukoopcfd4x7p1t8a8tm|03|net"; nocase; ) # 180hgmz1ubrs9zq2tqu11qd5bof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|180hgmz1ubrs9zq2tqu11qd5bof|03|org"; nocase; ) # ad79r319rq7uynijt3he1ebf1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ad79r319rq7uynijt3he1ebf1|03|com"; nocase; ) # 1kneml6qoz7pemw95nk1tv4bn9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kneml6qoz7pemw95nk1tv4bn9|03|org"; nocase; ) # 12qytn516zyxjc1oi6zaj1l0bw3m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12qytn516zyxjc1oi6zaj1l0bw3m|03|com"; nocase; ) # 1g7aovu1at1nk7zy6h4evsw7kf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7aovu1at1nk7zy6h4evsw7kf|03|net"; nocase; ) # e8w7hpy8vosjibnxzhrsqy32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e8w7hpy8vosjibnxzhrsqy32|03|com"; nocase; ) # 1crbgmg1dpy3ju15q0pwf141x7e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1crbgmg1dpy3ju15q0pwf141x7e0|03|biz"; nocase; ) # 1yb9drr1y4fj3l14nshmt1e1c768.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yb9drr1y4fj3l14nshmt1e1c768|03|net"; nocase; ) # gf84uw1ik2ycnio5xbz1svsose.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gf84uw1ik2ycnio5xbz1svsose|03|net"; nocase; ) # 1dmw6ib1j905zj76v6xv2840uq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dmw6ib1j905zj76v6xv2840uq|03|net"; nocase; ) # 1gmm9651caotz31nk86kpcrm7pm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gmm9651caotz31nk86kpcrm7pm|03|net"; nocase; ) # 187q4a3hbyjef4uq7onz4apr4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|187q4a3hbyjef4uq7onz4apr4|03|org"; nocase; ) # 1jmxuza1wph41ixtzi611ta8uyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmxuza1wph41ixtzi611ta8uyk|03|net"; nocase; ) # cy8rfa1bn0ku21v85raet0hd98.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cy8rfa1bn0ku21v85raet0hd98|03|org"; nocase; ) # 1jy6qo5t2euuenpkzbgexe413.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jy6qo5t2euuenpkzbgexe413|03|com"; nocase; ) # 1bidwyp1l2i0re9w4u7y18ovc1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bidwyp1l2i0re9w4u7y18ovc1t|03|net"; nocase; ) # 3did31gc71sqbyil851468ug7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3did31gc71sqbyil851468ug7|03|com"; nocase; ) # 1w87j2sm8pg9xmtqolu4yi9xl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w87j2sm8pg9xmtqolu4yi9xl|03|net"; nocase; ) # f90k2a1ncc3ey1nh6inuyb663q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f90k2a1ncc3ey1nh6inuyb663q|03|com"; nocase; ) # dsl58j1bhnbvb1mf7honpd5yy7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsl58j1bhnbvb1mf7honpd5yy7|03|com"; nocase; ) # 10o82bmzklpmrub2b141d7ny3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10o82bmzklpmrub2b141d7ny3|03|biz"; nocase; ) # 11bm3oupxfrf2ndk9mzi6njpt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bm3oupxfrf2ndk9mzi6njpt|03|net"; nocase; ) # 6bqdo3r62pl95f5e3e1rd5c8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6bqdo3r62pl95f5e3e1rd5c8a|03|org"; nocase; ) # sgo1idxbnkr21t3zk79m1kyrq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sgo1idxbnkr21t3zk79m1kyrq|03|com"; nocase; ) # qx1qoh1jxso3s1cp8r7019k63a6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qx1qoh1jxso3s1cp8r7019k63a6|03|net"; nocase; ) # n4wa3912w72km1wa6bxq1crqhhb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n4wa3912w72km1wa6bxq1crqhhb|03|biz"; nocase; ) # 1rbrk09kiv2q81vx4rvg1h4y31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rbrk09kiv2q81vx4rvg1h4y31|03|net"; nocase; ) # cb4wws1wb6r9t13amnrqbl8l0j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cb4wws1wb6r9t13amnrqbl8l0j|03|biz"; nocase; ) # kpavul1eeajyvvhozfotoyndf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kpavul1eeajyvvhozfotoyndf|03|net"; nocase; ) # 1r4vr6r1yxd2nfsiv3hi1514ztm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r4vr6r1yxd2nfsiv3hi1514ztm|03|com"; nocase; ) # 9q074v12okdel1q4o1424f0jzo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9q074v12okdel1q4o1424f0jzo|03|biz"; nocase; ) # 1cmhyvknjd8fx1vf24w214p5qw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cmhyvknjd8fx1vf24w214p5qw|03|net"; nocase; ) # 1vnjgqf933gvbjuh8blcgvt5u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vnjgqf933gvbjuh8blcgvt5u|03|org"; nocase; ) # 1oga5jt13fauvcx4hi8s1gd84z5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oga5jt13fauvcx4hi8s1gd84z5|03|org"; nocase; ) # 1upqp2a1bltv1bp0fxwvjfmqe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1upqp2a1bltv1bp0fxwvjfmqe|03|biz"; nocase; ) # r6pv881dzdjx010cvaru1pinwwf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r6pv881dzdjx010cvaru1pinwwf|03|org"; nocase; ) # 3w9ha71cqf3n819mljwf1ux2g0m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3w9ha71cqf3n819mljwf1ux2g0m|03|biz"; nocase; ) # 1vehi0z14vva6a5r6jmfahhfvk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vehi0z14vva6a5r6jmfahhfvk|03|com"; nocase; ) # ny1zaj1e4wwqzvuoum81vaiy9j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ny1zaj1e4wwqzvuoum81vaiy9j|03|org"; nocase; ) # 1rpi5c81sc5jpn1akz596827jdi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rpi5c81sc5jpn1akz596827jdi|03|biz"; nocase; ) # rq3m0ftjz577dc1iel84u7k0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rq3m0ftjz577dc1iel84u7k0|03|com"; nocase; ) # xpwt8jc8j4714me4fs11c4npy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xpwt8jc8j4714me4fs11c4npy|03|biz"; nocase; ) # 1mo8ngx4rt6ts9y85vpb03ln8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mo8ngx4rt6ts9y85vpb03ln8|03|org"; nocase; ) # 1hh86791c7cetg1mk338nmwjoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hh86791c7cetg1mk338nmwjoo|03|org"; nocase; ) # 1v9t0srflfm9a122pxiqdct11y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v9t0srflfm9a122pxiqdct11y|03|net"; nocase; ) # 1g24tsc5khslg8elgg416rm1ty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g24tsc5khslg8elgg416rm1ty|03|biz"; nocase; ) # nov51mvdgpn5plia0h936isl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nov51mvdgpn5plia0h936isl|03|net"; nocase; ) # r5r7e9sevwcc1c6saiu15m9d3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r5r7e9sevwcc1c6saiu15m9d3t|03|com"; nocase; ) # 1hk9uyvgedpcvayka1a1163537.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hk9uyvgedpcvayka1a1163537|03|net"; nocase; ) # v18yk9mmt7kd15ebslmwuigzg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v18yk9mmt7kd15ebslmwuigzg|03|com"; nocase; ) # 1thv1j6nd2obd1t3thj91wdl9xo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1thv1j6nd2obd1t3thj91wdl9xo|03|net"; nocase; ) # 1hx41pnvppeyz13hi3jp9ffej5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hx41pnvppeyz13hi3jp9ffej5|03|org"; nocase; ) # 1ub8hwz1m93ozkn7e904196xhpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ub8hwz1m93ozkn7e904196xhpp|03|net"; nocase; ) # 1cid6dtszgpyf1wfxl9p1jxnrpm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cid6dtszgpyf1wfxl9p1jxnrpm|03|org"; nocase; ) # rk74kc16ri9ss1v2ia3a1sjvk79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rk74kc16ri9ss1v2ia3a1sjvk79|03|net"; nocase; ) # 1anj3zr18zzrjo1ju8btjhexojj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1anj3zr18zzrjo1ju8btjhexojj|03|com"; nocase; ) # 15ulgv71pgb4wl11m4u5m2j4yy4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ulgv71pgb4wl11m4u5m2j4yy4|03|biz"; nocase; ) # 16rysq2vgv5df1ozjtni1t32dc1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16rysq2vgv5df1ozjtni1t32dc1|03|net"; nocase; ) # c1xlsn1hhyrzqo4e7xh10iinfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c1xlsn1hhyrzqo4e7xh10iinfb|03|com"; nocase; ) # 1vp5shk1yy7jkt1iipzioyegoxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vp5shk1yy7jkt1iipzioyegoxf|03|org"; nocase; ) # 1yckqv817fq9a7e1u1rg10jyod9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yckqv817fq9a7e1u1rg10jyod9|03|biz"; nocase; ) # m7q847i1a26pyjrkm21xsr3ql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m7q847i1a26pyjrkm21xsr3ql|03|net"; nocase; ) # vobswu9f66dl2ptcr1o6f5ox.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vobswu9f66dl2ptcr1o6f5ox|03|net"; nocase; ) # 1i7rlni422ka4ilxbozoaj3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1i7rlni422ka4ilxbozoaj3x|03|biz"; nocase; ) # 1bz166y1vx0vumrzdgdj3jjltz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bz166y1vx0vumrzdgdj3jjltz|03|com"; nocase; ) # 1ikk13a7urcshu1jkkbk0tgtl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ikk13a7urcshu1jkkbk0tgtl|03|org"; nocase; ) # 1nudvb21e5p0b65zxffi1gr8yqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nudvb21e5p0b65zxffi1gr8yqz|03|org"; nocase; ) # 1plazc9osmhph1llpdnevumg7a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1plazc9osmhph1llpdnevumg7a|03|org"; nocase; ) # 1w9q3zi1b20fqtmp0whcadkoh2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w9q3zi1b20fqtmp0whcadkoh2|03|biz"; nocase; ) # 1gafmiiz9fx57180fbkqagp06x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gafmiiz9fx57180fbkqagp06x|03|org"; nocase; ) # 1uktpu3yxmvre7djphfxhz8zd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uktpu3yxmvre7djphfxhz8zd|03|net"; nocase; ) # ue0y1xrh3uomxzmwrk169x1ue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ue0y1xrh3uomxzmwrk169x1ue|03|com"; nocase; ) # kfxm5rg8g14t12vcaxs1i3n5jq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kfxm5rg8g14t12vcaxs1i3n5jq|03|biz"; nocase; ) # ew0idyoix3sg1rnx1pi3mnok1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ew0idyoix3sg1rnx1pi3mnok1|03|net"; nocase; ) # ulutiluf00y1t29q48efmuco.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ulutiluf00y1t29q48efmuco|03|net"; nocase; ) # smfaty1f17g1q10vscprn2hjg9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|smfaty1f17g1q10vscprn2hjg9|03|com"; nocase; ) # zymoby18x3c201rc48x81yxfpns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zymoby18x3c201rc48x81yxfpns|03|net"; nocase; ) # 1mx7b2m119a3ck1xydpwirjrzuf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mx7b2m119a3ck1xydpwirjrzuf|03|biz"; nocase; ) # 1rn9we51tyjkbb3epn7jp2x5xm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rn9we51tyjkbb3epn7jp2x5xm|03|com"; nocase; ) # 1aw8zkrm8oi851dd4k3ezfyat.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aw8zkrm8oi851dd4k3ezfyat|03|org"; nocase; ) # 1wqgbbx1hirw0eke56ap1t5u68h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wqgbbx1hirw0eke56ap1t5u68h|03|net"; nocase; ) # 142kgcc1oc5360797cz51rtvon8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142kgcc1oc5360797cz51rtvon8|03|org"; nocase; ) # 17rcung1rxe2cpye8llwmsyxtx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17rcung1rxe2cpye8llwmsyxtx|03|biz"; nocase; ) # 1e98w3z93mj8x1wtvznr16mrvvk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e98w3z93mj8x1wtvznr16mrvvk|03|org"; nocase; ) # 1cl2n101dx0vcn183aeucyc8nwb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cl2n101dx0vcn183aeucyc8nwb|03|org"; nocase; ) # tmufbm1tcapshag9j8dqk0wnd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tmufbm1tcapshag9j8dqk0wnd|03|com"; nocase; ) # 17wtabg1tttqa714b0g9x1p9x8pk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17wtabg1tttqa714b0g9x1p9x8pk|03|net"; nocase; ) # h6va3s17bmwpk1c6pz5usq1035.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h6va3s17bmwpk1c6pz5usq1035|03|net"; nocase; ) # l695fa48ilelvlvy8r2c9tv3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l695fa48ilelvlvy8r2c9tv3|03|org"; nocase; ) # 19xyqx013hf7pw127xq23uud41z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xyqx013hf7pw127xq23uud41z|03|biz"; nocase; ) # 153cga55cuqxp1lbpwt6plvdm5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|153cga55cuqxp1lbpwt6plvdm5|03|com"; nocase; ) # q93cxe1i9xgiflg19b1nqo40n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q93cxe1i9xgiflg19b1nqo40n|03|com"; nocase; ) # 1dfpm7qql2j01ogitgk1545ms3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dfpm7qql2j01ogitgk1545ms3|03|net"; nocase; ) # 1q8se5hz2mnq91l7lt4510rcrlj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q8se5hz2mnq91l7lt4510rcrlj|03|com"; nocase; ) # jnohqq1ovcuyd1yvec2jp3pesr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnohqq1ovcuyd1yvec2jp3pesr|03|com"; nocase; ) # vot9eopyyx7cypdtkg4g4fqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vot9eopyyx7cypdtkg4g4fqt|03|org"; nocase; ) # 1wtvdsv170re1kv3jla1f4ewgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wtvdsv170re1kv3jla1f4ewgr|03|org"; nocase; ) # 77n6ot1uaeh7za3k2fmyur1ok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|77n6ot1uaeh7za3k2fmyur1ok|03|com"; nocase; ) # 11zfszdm7xms3op83451uslzb0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11zfszdm7xms3op83451uslzb0|03|biz"; nocase; ) # 1yqf66j19sx6k5dy2aki14ei1c4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yqf66j19sx6k5dy2aki14ei1c4|03|org"; nocase; ) # nochp71kjo6ep9bwjwy1mcc88k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nochp71kjo6ep9bwjwy1mcc88k|03|biz"; nocase; ) # p063k21y8g6cj26thwr1tmre2y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p063k21y8g6cj26thwr1tmre2y|03|biz"; nocase; ) # 1yt0b2c1xqaoja9fjbj6l51xe0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yt0b2c1xqaoja9fjbj6l51xe0|03|net"; nocase; ) # 9t9aubhq4hpwc501i4t9yg2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9t9aubhq4hpwc501i4t9yg2n|03|net"; nocase; ) # 4lxbma1mjrblp1hbm28d1vhrzb0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4lxbma1mjrblp1hbm28d1vhrzb0|03|org"; nocase; ) # gpwm1j7cznp1qsfqq1m95ohh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gpwm1j7cznp1qsfqq1m95ohh|03|biz"; nocase; ) # e9eu6i3cwqgh1pgra3j65m46p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e9eu6i3cwqgh1pgra3j65m46p|03|net"; nocase; ) # 2weqoo1bruyo31nh0428hbr9dc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2weqoo1bruyo31nh0428hbr9dc|03|net"; nocase; ) # 5ifwl7syom0oq7pmt71v7yncw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5ifwl7syom0oq7pmt71v7yncw|03|org"; nocase; ) # jgurtm1x5nzksusbqg8u9q3on.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jgurtm1x5nzksusbqg8u9q3on|03|com"; nocase; ) # 19cnu8z1rn6end1pz7w3q1dda6s7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19cnu8z1rn6end1pz7w3q1dda6s7|03|net"; nocase; ) # vqidtkwxymg51mtys9z9v0m7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vqidtkwxymg51mtys9z9v0m7z|03|net"; nocase; ) # d7lm9pp15hf51u3nna342dx3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d7lm9pp15hf51u3nna342dx3y|03|com"; nocase; ) # 1ost8tqck9b7817tq309o2z98h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ost8tqck9b7817tq309o2z98h|03|biz"; nocase; ) # 1rnlcnjkfvrzfheymu7z37d9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rnlcnjkfvrzfheymu7z37d9o|03|net"; nocase; ) # 1ggiibxfjzi49agj3d1tyxyil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ggiibxfjzi49agj3d1tyxyil|03|org"; nocase; ) # 183ykoq188r1qpd8hp0y7qdkle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|183ykoq188r1qpd8hp0y7qdkle|03|net"; nocase; ) # 1rz07trei53aorwo373pl7fu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1rz07trei53aorwo373pl7fu|03|com"; nocase; ) # f2vffs1u5kxlu11r2yf8t7oxfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f2vffs1u5kxlu11r2yf8t7oxfs|03|com"; nocase; ) # ids1zis8ei1a17mxcc7ryvxha.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ids1zis8ei1a17mxcc7ryvxha|03|net"; nocase; ) # 1sswubd1yq8gu4rtd1z4vrc74f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sswubd1yq8gu4rtd1z4vrc74f|03|net"; nocase; ) # 1kwubmlet8od21d6ml6dl4gi38.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kwubmlet8od21d6ml6dl4gi38|03|net"; nocase; ) # 8cyw9gvwrnibedkxg513dbngc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8cyw9gvwrnibedkxg513dbngc|03|org"; nocase; ) # 1wlahr31cjgl3ocq82jikm7rnk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlahr31cjgl3ocq82jikm7rnk|03|net"; nocase; ) # u3qwbacvkslr1aockcx1nczgti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u3qwbacvkslr1aockcx1nczgti|03|net"; nocase; ) # 12ldr7n1quj9kc1sqcufh12024au.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12ldr7n1quj9kc1sqcufh12024au|03|biz"; nocase; ) # 1fktztxpwqoop42gk5n1u3pcab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fktztxpwqoop42gk5n1u3pcab|03|net"; nocase; ) # 1s26fjm17l6f1r1iavvk61y7jo8c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s26fjm17l6f1r1iavvk61y7jo8c|03|org"; nocase; ) # ar1royo2l0j2d5q701fqr30i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ar1royo2l0j2d5q701fqr30i|03|biz"; nocase; ) # 12y8pwo14hzur102i3ltc0kb86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12y8pwo14hzur102i3ltc0kb86|03|com"; nocase; ) # 14x4m6u1fd5fjfevbvu81atm38k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14x4m6u1fd5fjfevbvu81atm38k|03|net"; nocase; ) # 1b0il7713urmvz8lvk3heodg9x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b0il7713urmvz8lvk3heodg9x|03|com"; nocase; ) # 1futns71p6qvhz3m9qtb94k0rb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1futns71p6qvhz3m9qtb94k0rb|03|org"; nocase; ) # ktfd2m1yo062imu6rr91swor0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktfd2m1yo062imu6rr91swor0s|03|net"; nocase; ) # j5h0fz198xot41necpx35mlucp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j5h0fz198xot41necpx35mlucp|03|org"; nocase; ) # hz8drk86om0cyq1iszg545ee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hz8drk86om0cyq1iszg545ee|03|biz"; nocase; ) # 11p3ibmgrt0h812ewq8b13e1pnr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11p3ibmgrt0h812ewq8b13e1pnr|03|net"; nocase; ) # itburdvcvygf1bs1uxju79nac.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|itburdvcvygf1bs1uxju79nac|03|biz"; nocase; ) # sqvu8rudee9o1ei8zah1j8014c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sqvu8rudee9o1ei8zah1j8014c|03|net"; nocase; ) # 1uqg0261n8ebfzkn7ka4a81z2y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uqg0261n8ebfzkn7ka4a81z2y|03|biz"; nocase; ) # in4gp2sxorvv1jrom2fbckw3c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|in4gp2sxorvv1jrom2fbckw3c|03|org"; nocase; ) # 1459q2bca3ggkqwkbb1e4de8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1459q2bca3ggkqwkbb1e4de8y|03|org"; nocase; ) # 1xvefdj1jmygm1n4jsjd1c0nkod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xvefdj1jmygm1n4jsjd1c0nkod|03|com"; nocase; ) # q1z9qrcsdzd1f3yur81m1seig.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q1z9qrcsdzd1f3yur81m1seig|03|org"; nocase; ) # 1k0eqr337b2074cjt16ww5w83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k0eqr337b2074cjt16ww5w83|03|org"; nocase; ) # 1lml4pmfat54u14abbxxxyvotf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lml4pmfat54u14abbxxxyvotf|03|biz"; nocase; ) # 1u1t5vdcdrduqtabmzudc409c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u1t5vdcdrduqtabmzudc409c|03|org"; nocase; ) # 1xv0mwn1l7ht7817qz37x94wd93.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xv0mwn1l7ht7817qz37x94wd93|03|net"; nocase; ) # 1h1ul0j1tp6za61naasz51obnbst.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h1ul0j1tp6za61naasz51obnbst|03|com"; nocase; ) # 18yu7p1ms4x07he6sbpksxekp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18yu7p1ms4x07he6sbpksxekp|03|com"; nocase; ) # zt3i776gkgu1ia2jzi1rqzmh9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zt3i776gkgu1ia2jzi1rqzmh9|03|org"; nocase; ) # 1meggz01jcacsr1h17na3pfawse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1meggz01jcacsr1h17na3pfawse|03|net"; nocase; ) # 17m9upp2vrv7zfmbv2b1fvhot3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17m9upp2vrv7zfmbv2b1fvhot3|03|biz"; nocase; ) # 1qwo5o9166oaqsk7qdfi10673aj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qwo5o9166oaqsk7qdfi10673aj|03|com"; nocase; ) # 1xthk76m8xyw82mvrwfcpotsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xthk76m8xyw82mvrwfcpotsp|03|org"; nocase; ) # s4b4fvm6t3wk49bf7zj2n6b8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s4b4fvm6t3wk49bf7zj2n6b8|03|net"; nocase; ) # imebw69w75bs1onr76l16jq2ut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imebw69w75bs1onr76l16jq2ut|03|net"; nocase; ) # 1tg0t0y1qm4h4sy7tk2113tifcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tg0t0y1qm4h4sy7tk2113tifcr|03|org"; nocase; ) # sj754nw1pjk18hllpn35oe48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sj754nw1pjk18hllpn35oe48|03|net"; nocase; ) # 1jo0ngl2xsh5havrn4br5xgv4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jo0ngl2xsh5havrn4br5xgv4|03|com"; nocase; ) # 8c4ifp3xheb916uoupp1jtknl7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8c4ifp3xheb916uoupp1jtknl7|03|net"; nocase; ) # 15j0r9vrhquj32jdckwyuys57.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15j0r9vrhquj32jdckwyuys57|03|net"; nocase; ) # 1ll95yi1h019y6cni15fqijdm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ll95yi1h019y6cni15fqijdm9|03|net"; nocase; ) # c5dsyhxjccsh7litdb1vnw5v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c5dsyhxjccsh7litdb1vnw5v0|03|net"; nocase; ) # pzy4n61dp1bbkjznfxe1ca5lg2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pzy4n61dp1bbkjznfxe1ca5lg2|03|biz"; nocase; ) # uanwes5tbv041c07auz1mcyjwo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uanwes5tbv041c07auz1mcyjwo|03|com"; nocase; ) # erfgn8rf11f87n4aelwg1f2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|erfgn8rf11f87n4aelwg1f2h|03|org"; nocase; ) # 16nb95pdvxbst92qs3svmslg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|16nb95pdvxbst92qs3svmslg|03|org"; nocase; ) # a7kfs81axtt881sy1fos1pj1bou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a7kfs81axtt881sy1fos1pj1bou|03|net"; nocase; ) # uyr7e0sh76am84mq1cif2rzu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uyr7e0sh76am84mq1cif2rzu|03|net"; nocase; ) # ri5cqzhatfos1uz9fv31e9e6ow.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ri5cqzhatfos1uz9fv31e9e6ow|03|org"; nocase; ) # t4fda11xsx3u31yxen5ktg9toy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t4fda11xsx3u31yxen5ktg9toy|03|org"; nocase; ) # xd25a314xzrr65bj7ei1emnslb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xd25a314xzrr65bj7ei1emnslb|03|net"; nocase; ) # 1oqsi2b558dfvy0wzjpn1yqu4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oqsi2b558dfvy0wzjpn1yqu4|03|com"; nocase; ) # 106ekq2lgc7mwr7gq1afx52m9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|106ekq2lgc7mwr7gq1afx52m9|03|net"; nocase; ) # 10rn6irj58i4k13ohu2k1n0f3qg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rn6irj58i4k13ohu2k1n0f3qg|03|org"; nocase; ) # 1jorj9g1qjy1yo1v2wcd5tkz8mg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jorj9g1qjy1yo1v2wcd5tkz8mg|03|net"; nocase; ) # 8ec36ux7pgpop36l2i1r4wa9b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ec36ux7pgpop36l2i1r4wa9b|03|net"; nocase; ) # 1knvfudezpggyou6zmi143r9zo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1knvfudezpggyou6zmi143r9zo|03|net"; nocase; ) # 6egb5gn2cwycwh6wvxvhsuba.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6egb5gn2cwycwh6wvxvhsuba|03|net"; nocase; ) # 1iw9zsg5k2ab44e1u76e9pn7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iw9zsg5k2ab44e1u76e9pn7i|03|net"; nocase; ) # 3skp0g1v5zjw13l54tkrmtao6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3skp0g1v5zjw13l54tkrmtao6|03|net"; nocase; ) # ah39ec1cox11hpxr10lkdchh2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ah39ec1cox11hpxr10lkdchh2|03|net"; nocase; ) # m1v4w11qhg45czo7upa1ux273a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m1v4w11qhg45czo7upa1ux273a|03|net"; nocase; ) # yx0v6dms83lreqk8qs1ltapwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yx0v6dms83lreqk8qs1ltapwx|03|net"; nocase; ) # 1mm7m8h14z2uqqwpst68yb6u00.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mm7m8h14z2uqqwpst68yb6u00|03|biz"; nocase; ) # 2xsvl01ksqebalqilw1kgdqhn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2xsvl01ksqebalqilw1kgdqhn|03|org"; nocase; ) # qa816wq00sogv0p6woi3w263.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qa816wq00sogv0p6woi3w263|03|net"; nocase; ) # 6me2mu1v3bzp2lh6iyv12g0f8k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6me2mu1v3bzp2lh6iyv12g0f8k|03|net"; nocase; ) # 3w67zspce5ri1c78aauw7nluc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3w67zspce5ri1c78aauw7nluc|03|net"; nocase; ) # 1dspkchtqke5rct6izm1yctgy4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dspkchtqke5rct6izm1yctgy4|03|biz"; nocase; ) # 1srtpae19k0n8g1nd6in1ra3wge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1srtpae19k0n8g1nd6in1ra3wge|03|org"; nocase; ) # 9mpg6d1fdo2xuycqdyj1sn9lfi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9mpg6d1fdo2xuycqdyj1sn9lfi|03|org"; nocase; ) # qosz0i1t83pkt12ttyo81gvg1xb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qosz0i1t83pkt12ttyo81gvg1xb|03|org"; nocase; ) # 1w1n6ve9ez72m1siqhxfz3rcvc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1n6ve9ez72m1siqhxfz3rcvc|03|com"; nocase; ) # dar51wbanbk9zf7ur012rpgzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dar51wbanbk9zf7ur012rpgzw|03|com"; nocase; ) # z50ov41icpd81xnkyzj6wsizx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z50ov41icpd81xnkyzj6wsizx|03|org"; nocase; ) # 1vmo4xrmdnbq81e25gsl1gietsx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vmo4xrmdnbq81e25gsl1gietsx|03|com"; nocase; ) # d565gpaa1umt1iakyky1hbhvgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d565gpaa1umt1iakyky1hbhvgz|03|org"; nocase; ) # 2guvk5oberm2249c5k12sz605.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2guvk5oberm2249c5k12sz605|03|net"; nocase; ) # 1tm3jhkkx8n13qk76say7bvp8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tm3jhkkx8n13qk76say7bvp8|03|biz"; nocase; ) # sj84g8bkykc4ewx3l21lvzxxs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sj84g8bkykc4ewx3l21lvzxxs|03|com"; nocase; ) # 13e6xgqpgd51dq1z4uvgqfjdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13e6xgqpgd51dq1z4uvgqfjdu|03|net"; nocase; ) # 1ag0eiw11zn44h1nt0xui1cwnf2c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ag0eiw11zn44h1nt0xui1cwnf2c|03|net"; nocase; ) # 1hpcnvrm5vvb219iv57a130z1im.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hpcnvrm5vvb219iv57a130z1im|03|net"; nocase; ) # 1o2l15g3ut4u61c8o9q4a60w1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o2l15g3ut4u61c8o9q4a60w1f|03|org"; nocase; ) # xvp0aj8egevb1p74lzikzmb3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xvp0aj8egevb1p74lzikzmb3d|03|com"; nocase; ) # y8duio82p88sqhcaioacan8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y8duio82p88sqhcaioacan8|03|net"; nocase; ) # 1v6xr91gcqo3d1b2hr6i1gbygra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6xr91gcqo3d1b2hr6i1gbygra|03|com"; nocase; ) # puq9zx1yz545o1b2yyn71tja2b1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|puq9zx1yz545o1b2yyn71tja2b1|03|com"; nocase; ) # 1873vem15dmy2xsgpeep2okba0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1873vem15dmy2xsgpeep2okba0|03|net"; nocase; ) # 1tsz66916t0kzkml5o5u1fdinae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tsz66916t0kzkml5o5u1fdinae|03|com"; nocase; ) # 50kked1rjy6r01h1ife31hl1mr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|50kked1rjy6r01h1ife31hl1mr8|03|com"; nocase; ) # 1j2o5kkid8oa7ng25f5bzlzmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j2o5kkid8oa7ng25f5bzlzmp|03|com"; nocase; ) # 1g3kr1w8o5bdflzz76bt6vdyi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1g3kr1w8o5bdflzz76bt6vdyi|03|net"; nocase; ) # m0qbgqjjyz6xh4d6uz176ilx4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m0qbgqjjyz6xh4d6uz176ilx4|03|biz"; nocase; ) # 1d6xilj1ywhh7j3nruet1ey0wge.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d6xilj1ywhh7j3nruet1ey0wge|03|org"; nocase; ) # 1diwmw2101w7nc1uy1gvdrswtn5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1diwmw2101w7nc1uy1gvdrswtn5|03|com"; nocase; ) # km3sjh4j7mpn5t2nd01wyn63.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|km3sjh4j7mpn5t2nd01wyn63|03|net"; nocase; ) # 1c2ddeuptvmegs557731u9dqa6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c2ddeuptvmegs557731u9dqa6|03|net"; nocase; ) # 6yv64tuaxdm9184d8c71ye79k7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6yv64tuaxdm9184d8c71ye79k7|03|com"; nocase; ) # 1tlwjwe1v4tzff17dh55b1ogm8wt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tlwjwe1v4tzff17dh55b1ogm8wt|03|net"; nocase; ) # yc209p1f33nju1ml9wxo6wn5pj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yc209p1f33nju1ml9wxo6wn5pj|03|com"; nocase; ) # i0dfg3105ofdg1v5773hq4ea7a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i0dfg3105ofdg1v5773hq4ea7a|03|net"; nocase; ) # fj3twk16yvlx7bbz7qmftfsz1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fj3twk16yvlx7bbz7qmftfsz1|03|org"; nocase; ) # n9f5sx19h70ip8miynodwwuqe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n9f5sx19h70ip8miynodwwuqe|03|com"; nocase; ) # nnwgoa1mr42r54wpfquetjpzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nnwgoa1mr42r54wpfquetjpzs|03|net"; nocase; ) # 9ynyhs1v5hiaf19w2w5dlefc7s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ynyhs1v5hiaf19w2w5dlefc7s|03|org"; nocase; ) # 7xdbxw133w36f1ciw4k7vrwn4s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7xdbxw133w36f1ciw4k7vrwn4s|03|biz"; nocase; ) # x1edjff90vbas58o1xijyy6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x1edjff90vbas58o1xijyy6n|03|net"; nocase; ) # 1phxgdjc9s4f1qe5mbr1epovl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1phxgdjc9s4f1qe5mbr1epovl8|03|com"; nocase; ) # 1xiki121mli98xbby6w3l4yocs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xiki121mli98xbby6w3l4yocs|03|com"; nocase; ) # ufnjdh10gcgmo1bnpspak8gp6q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ufnjdh10gcgmo1bnpspak8gp6q|03|org"; nocase; ) # t1p6ep18et1h813xlsfl1cb1yo5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t1p6ep18et1h813xlsfl1cb1yo5|03|net"; nocase; ) # 11eag331fcm1d21tijx0mxf84il.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11eag331fcm1d21tijx0mxf84il|03|org"; nocase; ) # 1ll1ovomas442rg62o374o0wb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ll1ovomas442rg62o374o0wb|03|com"; nocase; ) # 15scun917abcpx1gj790f1hthi2d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15scun917abcpx1gj790f1hthi2d|03|biz"; nocase; ) # 14c8x9r1mqkdkd1it5307wo4ysa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14c8x9r1mqkdkd1it5307wo4ysa|03|org"; nocase; ) # 1qmcxua1yojuhwcw8yph4kaxho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qmcxua1yojuhwcw8yph4kaxho|03|net"; nocase; ) # o5edbkie61pwuonj0i1ivrkoh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o5edbkie61pwuonj0i1ivrkoh|03|biz"; nocase; ) # 1fnfhi5xcve8416ly7w56q6p8z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fnfhi5xcve8416ly7w56q6p8z|03|net"; nocase; ) # uyny5b4qqxb61yg0fne1fnz7ec.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uyny5b4qqxb61yg0fne1fnz7ec|03|biz"; nocase; ) # 1tbx92g12xt9qq13e2a9iqfdbxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tbx92g12xt9qq13e2a9iqfdbxs|03|net"; nocase; ) # y2pj3hn1lid011nruk1chud71.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y2pj3hn1lid011nruk1chud71|03|org"; nocase; ) # 1lhnkt12autz0atalbsbhsno2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lhnkt12autz0atalbsbhsno2|03|net"; nocase; ) # h29ghjii6lo8183wy3dxqsogv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h29ghjii6lo8183wy3dxqsogv|03|com"; nocase; ) # bfhgiy1y5jncn1t7oggh1n6n2jn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bfhgiy1y5jncn1t7oggh1n6n2jn|03|org"; nocase; ) # 7fw7a21clayw92tnoai1nbzlhf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7fw7a21clayw92tnoai1nbzlhf|03|org"; nocase; ) # a0iojig3uq5u9z7thwh0hv48.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a0iojig3uq5u9z7thwh0hv48|03|net"; nocase; ) # 43itxe1th4gyerhs9ly1pve176.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|43itxe1th4gyerhs9ly1pve176|03|org"; nocase; ) # 1fk96av1hyspojw90mtx1cnwp02.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fk96av1hyspojw90mtx1cnwp02|03|com"; nocase; ) # oqdzss1bnfz8orytqwj5mvo0i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oqdzss1bnfz8orytqwj5mvo0i|03|com"; nocase; ) # f0jpwg14gmd2169hmdyq8yb7e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f0jpwg14gmd2169hmdyq8yb7e|03|com"; nocase; ) # 19p5uql1al4nb3awh4ms182msax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19p5uql1al4nb3awh4ms182msax|03|biz"; nocase; ) # n25oulprmq74izyuj9vfyclx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n25oulprmq74izyuj9vfyclx|03|com"; nocase; ) # 1vx16tq12ualc21d4glf91qhexr5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vx16tq12ualc21d4glf91qhexr5|03|org"; nocase; ) # eig9bn1b0qp5brkssh715cnt0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eig9bn1b0qp5brkssh715cnt0r|03|net"; nocase; ) # 1j3ik5n1ptxv4n1omhs76y0je64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3ik5n1ptxv4n1omhs76y0je64|03|com"; nocase; ) # 1h5q88ikoxx3jkxc82n1xoqr1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h5q88ikoxx3jkxc82n1xoqr1d|03|org"; nocase; ) # 1wqxq4m1sarzrrgvi8rl1h1dm5f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wqxq4m1sarzrrgvi8rl1h1dm5f|03|org"; nocase; ) # xg5s1lyouora12e5uwvvujtkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xg5s1lyouora12e5uwvvujtkz|03|com"; nocase; ) # 3a4h8nequ6kj1nxtlp516gs5gf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3a4h8nequ6kj1nxtlp516gs5gf|03|org"; nocase; ) # wpfxrg1gp6ydhfyiuahe5ftk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wpfxrg1gp6ydhfyiuahe5ftk7|03|net"; nocase; ) # kgb37jhdqvvaxav8o41c1twfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kgb37jhdqvvaxav8o41c1twfa|03|org"; nocase; ) # lvpk3m6b831916xy66ksrzbn3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lvpk3m6b831916xy66ksrzbn3|03|net"; nocase; ) # 1e2ni9p3xyjo61e1ehzw1oorwdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e2ni9p3xyjo61e1ehzw1oorwdb|03|com"; nocase; ) # rg1b8k1drr2f3cp7b32c68qfi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rg1b8k1drr2f3cp7b32c68qfi|03|biz"; nocase; ) # d75g9z1uyebuejx9kay1y2xp3u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d75g9z1uyebuejx9kay1y2xp3u|03|com"; nocase; ) # on4d9d8laqoe14r7x6g18dp490.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|on4d9d8laqoe14r7x6g18dp490|03|org"; nocase; ) # b2bbcr8l3wbx4342xw1jjtc90.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b2bbcr8l3wbx4342xw1jjtc90|03|biz"; nocase; ) # oxeatuhtm978swxjhs1q7jcsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oxeatuhtm978swxjhs1q7jcsj|03|net"; nocase; ) # 9m0ced1mfjid0vo9st084eqpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9m0ced1mfjid0vo9st084eqpv|03|biz"; nocase; ) # u3a16i10vkg491d0hw5l6kiwxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u3a16i10vkg491d0hw5l6kiwxp|03|net"; nocase; ) # 1qocpos5av0pp1r5sqc2r1e85g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qocpos5av0pp1r5sqc2r1e85g|03|biz"; nocase; ) # cxcpm29cbl3n1v0r0qf1ez8egt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cxcpm29cbl3n1v0r0qf1ez8egt|03|org"; nocase; ) # zxo2pp1yy6h11h71rps12sy2d9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zxo2pp1yy6h11h71rps12sy2d9|03|org"; nocase; ) # 1tszvskhl7flx1v8i0ssmcwcev.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tszvskhl7flx1v8i0ssmcwcev|03|biz"; nocase; ) # 1byqbg1bewq3l1j0ychr1bb8vey.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1byqbg1bewq3l1j0ychr1bb8vey|03|net"; nocase; ) # 12zi0fxlk9r06sb2mh3v9ldmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12zi0fxlk9r06sb2mh3v9ldmz|03|com"; nocase; ) # 13hqe66v737lugsaqdz33sucx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13hqe66v737lugsaqdz33sucx|03|com"; nocase; ) # 1k4jdzn1okk80n11bjsvao23fq1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k4jdzn1okk80n11bjsvao23fq1|03|org"; nocase; ) # 17jakihhhhnevj9sgt7qv8ofm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17jakihhhhnevj9sgt7qv8ofm|03|biz"; nocase; ) # 1xjvf151dym1j09x41zt1sdmarf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xjvf151dym1j09x41zt1sdmarf|03|org"; nocase; ) # 502lj91mnuir0c1rltxjvbpc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|502lj91mnuir0c1rltxjvbpc6|03|org"; nocase; ) # 1foxjgm1vwzzlktmhfa4fibzii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1foxjgm1vwzzlktmhfa4fibzii|03|net"; nocase; ) # 1nzs1r3szzipmro7jtz1gqy6f3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzs1r3szzipmro7jtz1gqy6f3|03|biz"; nocase; ) # gvbj0scrfk62l5mpxs4soqdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gvbj0scrfk62l5mpxs4soqdo|03|net"; nocase; ) # 46j7mfq12kf21oghhsen1mfx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|46j7mfq12kf21oghhsen1mfx6|03|com"; nocase; ) # 1mz0fpz1xommo99emow7i3fmof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mz0fpz1xommo99emow7i3fmof|03|biz"; nocase; ) # 1m7rtet12dspjd1jnszff1fc1uux.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m7rtet12dspjd1jnszff1fc1uux|03|org"; nocase; ) # 1ne2ctd1jc0u2g1rsk3w1ti8elg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ne2ctd1jc0u2g1rsk3w1ti8elg|03|org"; nocase; ) # ip1yjtla6pl4bt392m15u6kno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ip1yjtla6pl4bt392m15u6kno|03|org"; nocase; ) # 1jw7fq3gmv9e1phuxwod1wlnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jw7fq3gmv9e1phuxwod1wlnq|03|net"; nocase; ) # o8o45wdv4sjgljok2njn4d68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o8o45wdv4sjgljok2njn4d68|03|org"; nocase; ) # lo81dalvl6d3t5nd96a4izvq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lo81dalvl6d3t5nd96a4izvq|03|biz"; nocase; ) # 1r9iwmz1guhuas1lfvycf1g9sslj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r9iwmz1guhuas1lfvycf1g9sslj|03|org"; nocase; ) # 1ukpbb5129ybvb1khign7s2wnyo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ukpbb5129ybvb1khign7s2wnyo|03|net"; nocase; ) # 1mxqu9s1e5uw7j120sqo19m2pd8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mxqu9s1e5uw7j120sqo19m2pd8|03|net"; nocase; ) # 1adeghi7mg5c81tqdk6g1vgglli.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adeghi7mg5c81tqdk6g1vgglli|03|net"; nocase; ) # ezlaod1fkrox816oecm03qq2em.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ezlaod1fkrox816oecm03qq2em|03|org"; nocase; ) # 1xilc5yi1l5jhm3ldjs1jzsyfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xilc5yi1l5jhm3ldjs1jzsyfu|03|biz"; nocase; ) # 1id34251po8r4o1mqk77bijrvvm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1id34251po8r4o1mqk77bijrvvm|03|net"; nocase; ) # 1y4qokn1g98tdy1oeyqh54u6x0p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y4qokn1g98tdy1oeyqh54u6x0p|03|biz"; nocase; ) # 9s6ql4ebs53y13u3ifae1y68n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9s6ql4ebs53y13u3ifae1y68n|03|net"; nocase; ) # bsk2f61nfh3dbb92h0czxriht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bsk2f61nfh3dbb92h0czxriht|03|com"; nocase; ) # 15tflq7ikdx96qped271k123kr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tflq7ikdx96qped271k123kr|03|org"; nocase; ) # 1f3cbo81pv55rgh3xbwp1idckor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f3cbo81pv55rgh3xbwp1idckor|03|net"; nocase; ) # 4j0rx61kr20w718npbq8u03bbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4j0rx61kr20w718npbq8u03bbs|03|com"; nocase; ) # 1cva3ttxlbkiso9teoi1peu7kz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cva3ttxlbkiso9teoi1peu7kz|03|com"; nocase; ) # 1cbj3qmqrtsf81m6cw5cdvcda9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cbj3qmqrtsf81m6cw5cdvcda9|03|biz"; nocase; ) # w4ecpz25y6jjgnydzg3o8tmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|w4ecpz25y6jjgnydzg3o8tmb|03|org"; nocase; ) # 1n1nzvlm1wi6lk7iavbn1qsf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1n1nzvlm1wi6lk7iavbn1qsf|03|com"; nocase; ) # 18z0029fl1qh110ghp9w14ncy50.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18z0029fl1qh110ghp9w14ncy50|03|biz"; nocase; ) # z1uwpufldkihs260isw0fm30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z1uwpufldkihs260isw0fm30|03|com"; nocase; ) # 18qdd7y4d41cw1ooidoo5ozjzl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18qdd7y4d41cw1ooidoo5ozjzl|03|biz"; nocase; ) # s9p4401ukxgsajr9xuuxc0maz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s9p4401ukxgsajr9xuuxc0maz|03|org"; nocase; ) # sw0wzkkwqgn411wm4sy1x9xt4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sw0wzkkwqgn411wm4sy1x9xt4a|03|net"; nocase; ) # j8j3yni4gay21r5oln112ob2qt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8j3yni4gay21r5oln112ob2qt|03|org"; nocase; ) # midkqz1mx3ur75xhc918ad6e7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|midkqz1mx3ur75xhc918ad6e7|03|net"; nocase; ) # 1jh34qc1yyk6o41lekrj41spy08h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jh34qc1yyk6o41lekrj41spy08h|03|biz"; nocase; ) # 1406esx17mht931efcv0hp6ya91.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1406esx17mht931efcv0hp6ya91|03|net"; nocase; ) # e3d2wu1hj2jaq5jiz51qbabvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e3d2wu1hj2jaq5jiz51qbabvd|03|net"; nocase; ) # 15jkpop1uqbtthb6bqls1ypvhcl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15jkpop1uqbtthb6bqls1ypvhcl|03|biz"; nocase; ) # hqpsj84j4rk91rnr12r878uw7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hqpsj84j4rk91rnr12r878uw7|03|net"; nocase; ) # pfbhcf1ira6wjp7d39whe20ns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pfbhcf1ira6wjp7d39whe20ns|03|com"; nocase; ) # hxpybg1i97juxc7k5q1e0tcay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hxpybg1i97juxc7k5q1e0tcay|03|net"; nocase; ) # 14yavjq14kesvv1upxhma1yuyfaz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14yavjq14kesvv1upxhma1yuyfaz|03|biz"; nocase; ) # 75hp7j12a3d601i6r7eef1fpoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|75hp7j12a3d601i6r7eef1fpoa|03|com"; nocase; ) # 1tbvrlng2p722iv3ebtrx4sii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tbvrlng2p722iv3ebtrx4sii|03|net"; nocase; ) # 1mgmius1p4t0t713kch2z1gggpjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mgmius1p4t0t713kch2z1gggpjb|03|biz"; nocase; ) # 1n1uz9a2o7yf21dibfg5kznseb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1uz9a2o7yf21dibfg5kznseb|03|biz"; nocase; ) # ddvn3g1da0mmodq2qc6fe445f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ddvn3g1da0mmodq2qc6fe445f|03|net"; nocase; ) # 1y3hrl41kq0ykr6kkcdx4ahhdq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y3hrl41kq0ykr6kkcdx4ahhdq|03|org"; nocase; ) # 3dgt3w1ddq8fv11qbgug1bn3y33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3dgt3w1ddq8fv11qbgug1bn3y33|03|net"; nocase; ) # j8w6b01kmyxjy19p0f2z4dtehi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8w6b01kmyxjy19p0f2z4dtehi|03|com"; nocase; ) # 1dkqkg5dbfpp5ts735019ssdnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dkqkg5dbfpp5ts735019ssdnb|03|biz"; nocase; ) # n37vlap3rtoaukylr590a40n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n37vlap3rtoaukylr590a40n|03|com"; nocase; ) # q630frvrqgut1ozqpx4j05oc0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q630frvrqgut1ozqpx4j05oc0|03|net"; nocase; ) # 1tqwmt8fe2bje19hd8c0xe2876.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tqwmt8fe2bje19hd8c0xe2876|03|org"; nocase; ) # 1fukwpb1ib2z90h0wg0c13oxh4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fukwpb1ib2z90h0wg0c13oxh4a|03|net"; nocase; ) # 13vusbpfraofv1ousg8a1yox7fh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13vusbpfraofv1ousg8a1yox7fh|03|org"; nocase; ) # v7ojuc14idzvrb926vz1e4ridv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v7ojuc14idzvrb926vz1e4ridv|03|net"; nocase; ) # uanovp14kbt951f2a9le6vl82i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uanovp14kbt951f2a9le6vl82i|03|com"; nocase; ) # 1wr4lvlrvqbta1gbr7l2bch2xo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wr4lvlrvqbta1gbr7l2bch2xo|03|biz"; nocase; ) # 19emzz1pzw1fyk0l2h21vgvjfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19emzz1pzw1fyk0l2h21vgvjfx|03|com"; nocase; ) # dy1h9qfqtl04v71g731xynoca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dy1h9qfqtl04v71g731xynoca|03|net"; nocase; ) # 1bsuu69tth9gamupy9s11r9mdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bsuu69tth9gamupy9s11r9mdq|03|com"; nocase; ) # 5t2rod1wikb1vk09gddd3de7v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5t2rod1wikb1vk09gddd3de7v|03|biz"; nocase; ) # 1jxoh281lnkqzh7lbrb3xw9g7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jxoh281lnkqzh7lbrb3xw9g7x|03|org"; nocase; ) # 1us9rcg1uyvafl1v0pwsj1p1dzfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1us9rcg1uyvafl1v0pwsj1p1dzfx|03|com"; nocase; ) # 15zol076serw11wru7mhztogb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15zol076serw11wru7mhztogb|03|biz"; nocase; ) # 19it59w7fm50p843jy31qm53kv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19it59w7fm50p843jy31qm53kv|03|org"; nocase; ) # 1jll9n6nehorwq8zcgzkee9vk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jll9n6nehorwq8zcgzkee9vk|03|net"; nocase; ) # axig8d144q0k8fm66sy1vym39i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|axig8d144q0k8fm66sy1vym39i|03|com"; nocase; ) # h0n1cc1n3nhdfw647h81qfj56p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h0n1cc1n3nhdfw647h81qfj56p|03|org"; nocase; ) # ph2py41kfdr8617ce4hz14802cn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ph2py41kfdr8617ce4hz14802cn|03|com"; nocase; ) # jllzdu1q6ntkl1ct85drsy478i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jllzdu1q6ntkl1ct85drsy478i|03|org"; nocase; ) # qqtq9z1p7hs23emdmm01bhttsb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qqtq9z1p7hs23emdmm01bhttsb|03|biz"; nocase; ) # 1w4gto31e6riz0u76qi1kuxk6c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w4gto31e6riz0u76qi1kuxk6c|03|com"; nocase; ) # 62xwkxric4n11an8bodi1tdtk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|62xwkxric4n11an8bodi1tdtk|03|org"; nocase; ) # 1omb454dtob15kmtenf34u793.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1omb454dtob15kmtenf34u793|03|org"; nocase; ) # zv7940o2pyku1lne2q31rfoep9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zv7940o2pyku1lne2q31rfoep9|03|com"; nocase; ) # wp04it1teyff819v3sgs17zuntr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wp04it1teyff819v3sgs17zuntr|03|org"; nocase; ) # ik27ca4vsjoj1pn54gmbs0bs3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ik27ca4vsjoj1pn54gmbs0bs3|03|org"; nocase; ) # 1aw17bhivjx1symv0y312tt2gy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aw17bhivjx1symv0y312tt2gy|03|org"; nocase; ) # 1evfx9pwu31g0feuobv1iumytl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evfx9pwu31g0feuobv1iumytl|03|net"; nocase; ) # 1l7vjt81rhlceutpqa01xu34xs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7vjt81rhlceutpqa01xu34xs|03|biz"; nocase; ) # theciyt0h1a21i4ecie1ybu0xw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|theciyt0h1a21i4ecie1ybu0xw|03|com"; nocase; ) # 1ln80xgse3dpkn1t6krklgvhz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ln80xgse3dpkn1t6krklgvhz|03|net"; nocase; ) # 1n3vlu75vqcs5j8074n1208mdl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n3vlu75vqcs5j8074n1208mdl|03|com"; nocase; ) # 1rmvcjg1xl5cw01a86s34stx2v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rmvcjg1xl5cw01a86s34stx2v|03|biz"; nocase; ) # 1pcq2701vfedpn1y1tprj1w8pmzo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pcq2701vfedpn1y1tprj1w8pmzo|03|org"; nocase; ) # ub7ksw1fbkpmq1oh4hk43xqmu9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ub7ksw1fbkpmq1oh4hk43xqmu9|03|com"; nocase; ) # h4s4rs12e8f5a1otj61ole0xo0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h4s4rs12e8f5a1otj61ole0xo0|03|net"; nocase; ) # p19mk8hl74nt1aj4ijc1c7ifb8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p19mk8hl74nt1aj4ijc1c7ifb8|03|biz"; nocase; ) # 1f159m5b90kpi1ocquxmbaabmu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f159m5b90kpi1ocquxmbaabmu|03|org"; nocase; ) # 11i9y3rhy98mc1s42pv7q0ar9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11i9y3rhy98mc1s42pv7q0ar9e|03|org"; nocase; ) # sacb54yc010q1g2j6hs18a0i2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sacb54yc010q1g2j6hs18a0i2h|03|net"; nocase; ) # 1owbog61gi8st9s897kqhif1hl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1owbog61gi8st9s897kqhif1hl|03|biz"; nocase; ) # 14xg0vc9po9mkxpro729gkbc2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14xg0vc9po9mkxpro729gkbc2|03|net"; nocase; ) # 78cm5znhsgcoytn7c2zb6rvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|78cm5znhsgcoytn7c2zb6rvc|03|net"; nocase; ) # 1wzmq4b4j6o2a1nj99s5hum8li.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wzmq4b4j6o2a1nj99s5hum8li|03|com"; nocase; ) # 199pcgc1ljuexw12f0hgm1cxeazt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|199pcgc1ljuexw12f0hgm1cxeazt|03|org"; nocase; ) # 1ojc7q1magqk5d1ldvz1xatwyl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ojc7q1magqk5d1ldvz1xatwyl|03|biz"; nocase; ) # 1yy1fwp1u1vafe3efzx61wundx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yy1fwp1u1vafe3efzx61wundx4|03|net"; nocase; ) # 1qrma048lmvx1zmpf32px5fg8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qrma048lmvx1zmpf32px5fg8|03|com"; nocase; ) # 33ffyzeg9fo31a3f7sp1x383br.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|33ffyzeg9fo31a3f7sp1x383br|03|org"; nocase; ) # 15zb9c3c2bxug76xzfs13en484.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15zb9c3c2bxug76xzfs13en484|03|com"; nocase; ) # y1ybw1ppidtmkllz78a5g5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y1ybw1ppidtmkllz78a5g5n|03|biz"; nocase; ) # 2ke5f213yljc519tdz1ai5hwu1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ke5f213yljc519tdz1ai5hwu1|03|com"; nocase; ) # 18kf44fgw8bwg1elxdzi7a18s0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18kf44fgw8bwg1elxdzi7a18s0|03|net"; nocase; ) # 1z0b6qm18n6yur1njdk061pw8uef.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1z0b6qm18n6yur1njdk061pw8uef|03|org"; nocase; ) # dx2yvt1jzw26a1vgv6rl1kwiylr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dx2yvt1jzw26a1vgv6rl1kwiylr|03|com"; nocase; ) # ik4pqahgytpntcz6tz1cgegtv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ik4pqahgytpntcz6tz1cgegtv|03|net"; nocase; ) # 1i85my1bbvugi1o0dxul1mmg287.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i85my1bbvugi1o0dxul1mmg287|03|biz"; nocase; ) # 1laifx8qpzgz35rhdtnf4v2x4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1laifx8qpzgz35rhdtnf4v2x4|03|org"; nocase; ) # 1qu4mc318vu2ub1rc9yujcph0pc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qu4mc318vu2ub1rc9yujcph0pc|03|net"; nocase; ) # 1gma8gxd5y04x2qbvky11futhw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gma8gxd5y04x2qbvky11futhw|03|net"; nocase; ) # uf743lv0yhats5gvx81cemls5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uf743lv0yhats5gvx81cemls5|03|biz"; nocase; ) # c26s5gs6i29ozg84xf1phjxto.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c26s5gs6i29ozg84xf1phjxto|03|net"; nocase; ) # ua6p8bu90ow3tr61flbrgpub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ua6p8bu90ow3tr61flbrgpub|03|com"; nocase; ) # d0xluk12qupznz136zp52as4r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d0xluk12qupznz136zp52as4r|03|biz"; nocase; ) # 2d49241e47pno1tfa5lm1scezrc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2d49241e47pno1tfa5lm1scezrc|03|biz"; nocase; ) # 15ses354srrs1yn43f3s5r44d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15ses354srrs1yn43f3s5r44d|03|org"; nocase; ) # kcez041vajmqp1ekr5jg12bd6wl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kcez041vajmqp1ekr5jg12bd6wl|03|net"; nocase; ) # 1azz47x1vikgyggr7qv7y712xk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1azz47x1vikgyggr7qv7y712xk|03|com"; nocase; ) # m02yd1j9hmsfpni7b51hrfmb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m02yd1j9hmsfpni7b51hrfmb4|03|net"; nocase; ) # zzp8rpspdst8a0kseatjt6l7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zzp8rpspdst8a0kseatjt6l7|03|com"; nocase; ) # mnu5igojdybydq679jco5zl2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mnu5igojdybydq679jco5zl2|03|com"; nocase; ) # zijb3xazkm7c1ktu5u2gzdugl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zijb3xazkm7c1ktu5u2gzdugl|03|org"; nocase; ) # ga71jibqc7gnrrspfe1iwb7i4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ga71jibqc7gnrrspfe1iwb7i4|03|com"; nocase; ) # 1anhszm1su2ivx1vbmejv1t9zjnt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1anhszm1su2ivx1vbmejv1t9zjnt|03|org"; nocase; ) # 18q30u11ufn8ys1pykbe12yonp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18q30u11ufn8ys1pykbe12yonp|03|com"; nocase; ) # 1ytxqia96r1eg570q6s1jhcb3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ytxqia96r1eg570q6s1jhcb3o|03|net"; nocase; ) # 1c6c07a11h2ti2156jrvk1t1w4dt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c6c07a11h2ti2156jrvk1t1w4dt|03|net"; nocase; ) # 1f4de8o16xynljq472za3qc8ve.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f4de8o16xynljq472za3qc8ve|03|biz"; nocase; ) # cuegjbquh1zq1kmo8kx1pq81cb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cuegjbquh1zq1kmo8kx1pq81cb|03|org"; nocase; ) # acrxo31td3uw21s6ngc95yt1mv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|acrxo31td3uw21s6ngc95yt1mv|03|net"; nocase; ) # cvnrzzya8c1x1hxyo17whpk0q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cvnrzzya8c1x1hxyo17whpk0q|03|biz"; nocase; ) # c3jcap7n0wwy1fmma9l1me5n0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c3jcap7n0wwy1fmma9l1me5n0m|03|net"; nocase; ) # bvpy4e1x1592z1n8b0kszlxw8x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bvpy4e1x1592z1n8b0kszlxw8x|03|com"; nocase; ) # 1211mpq1cmx2718jymd11e1bjpl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1211mpq1cmx2718jymd11e1bjpl|03|biz"; nocase; ) # dcjd8115z14hbdt2jnk379jtm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dcjd8115z14hbdt2jnk379jtm|03|com"; nocase; ) # wcb6y9s8jvdmd33u5m1xgie0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wcb6y9s8jvdmd33u5m1xgie0i|03|net"; nocase; ) # 19wxkqib85c1g2pnd50xlay44.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19wxkqib85c1g2pnd50xlay44|03|biz"; nocase; ) # 1lsh8ajhs0oalscbxeqjs1wod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lsh8ajhs0oalscbxeqjs1wod|03|com"; nocase; ) # tc59x31chaonc7f2c0v9ifkb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tc59x31chaonc7f2c0v9ifkb7|03|net"; nocase; ) # 1j3x3d91g5mv2rwaua1n1gmgbua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j3x3d91g5mv2rwaua1n1gmgbua|03|net"; nocase; ) # 18d83ovsd8eal2izbt81gbwyie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18d83ovsd8eal2izbt81gbwyie|03|com"; nocase; ) # 2cjz4c1ul9sq716458i9np93ea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cjz4c1ul9sq716458i9np93ea|03|net"; nocase; ) # 6vckxs18oz8bxz097ph1xmo0kl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6vckxs18oz8bxz097ph1xmo0kl|03|com"; nocase; ) # 1ai3botzv0x5753nurf2kfxmr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ai3botzv0x5753nurf2kfxmr|03|net"; nocase; ) # pmk8q02gy0xi1pe77d91btbrei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pmk8q02gy0xi1pe77d91btbrei|03|net"; nocase; ) # 1escdw4rxyvy4o4h91d186xprx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1escdw4rxyvy4o4h91d186xprx|03|net"; nocase; ) # 1vxzcrlox9uzphs2o21ugawjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vxzcrlox9uzphs2o21ugawjd|03|biz"; nocase; ) # rae4ue1iio4la1xrfx7e1okt7zn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rae4ue1iio4la1xrfx7e1okt7zn|03|biz"; nocase; ) # 2063cek4qheu1g22q8y1hr9cu3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2063cek4qheu1g22q8y1hr9cu3|03|biz"; nocase; ) # 1g0paqw1p025u911ipmg01bvvgfo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g0paqw1p025u911ipmg01bvvgfo|03|net"; nocase; ) # n24hu51wuaizx1h9c88hv221av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n24hu51wuaizx1h9c88hv221av|03|com"; nocase; ) # hq602mu8xj8cfq7jue1hf9xov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hq602mu8xj8cfq7jue1hf9xov|03|biz"; nocase; ) # uyl346o1x5s5rfi97opsgom9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uyl346o1x5s5rfi97opsgom9|03|com"; nocase; ) # 2qvzy3ulhhya1fop1ni1kfoit1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2qvzy3ulhhya1fop1ni1kfoit1|03|net"; nocase; ) # 1fb00v21mtcdla1o8pd3818t81iv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fb00v21mtcdla1o8pd3818t81iv|03|com"; nocase; ) # 1l6vuwdl8g44fpnn5bndwgee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1l6vuwdl8g44fpnn5bndwgee|03|org"; nocase; ) # 1iv0x8llxdwn0157h26e1cnengw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iv0x8llxdwn0157h26e1cnengw|03|biz"; nocase; ) # d7hyi4cktkpilfglfixz9ogw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d7hyi4cktkpilfglfixz9ogw|03|net"; nocase; ) # 820uwdd7to4nb9iwmg1r45kmo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|820uwdd7to4nb9iwmg1r45kmo|03|org"; nocase; ) # x6mtzu1b4jcee1pb9ct79svctq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x6mtzu1b4jcee1pb9ct79svctq|03|com"; nocase; ) # 5msfg8qhvf1s177lja5r3xzj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5msfg8qhvf1s177lja5r3xzj3|03|com"; nocase; ) # 1wmt13o6miubu1n4azvc1g83f2c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wmt13o6miubu1n4azvc1g83f2c|03|com"; nocase; ) # q725ct1dg51fix927jcw4eaup.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q725ct1dg51fix927jcw4eaup|03|org"; nocase; ) # 13irio1ipjxhplopn5etd3ix0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13irio1ipjxhplopn5etd3ix0|03|com"; nocase; ) # nx1ov21s1zwj4k4h4ley5v3j8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nx1ov21s1zwj4k4h4ley5v3j8|03|org"; nocase; ) # 1vk7u9y10j5idr1tj0qf41ywat4q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vk7u9y10j5idr1tj0qf41ywat4q|03|org"; nocase; ) # jnxzcifzy8wlgxseww1xlpasy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jnxzcifzy8wlgxseww1xlpasy|03|net"; nocase; ) # 1js6vni1nv1ep81dpq5o1ibmao7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1js6vni1nv1ep81dpq5o1ibmao7|03|com"; nocase; ) # 27rpbw1xzua71d0ikdr15g4ya0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|27rpbw1xzua71d0ikdr15g4ya0|03|org"; nocase; ) # 2bn8j615qqm1k1vpxcnk1fe03r4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2bn8j615qqm1k1vpxcnk1fe03r4|03|net"; nocase; ) # umpkndnvubot1j16eyczw9sxu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|umpkndnvubot1j16eyczw9sxu|03|net"; nocase; ) # xipmkj1npqy3fkncsot1s02obh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xipmkj1npqy3fkncsot1s02obh|03|net"; nocase; ) # 12ad355xcxujo32c6g8gqhnwz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ad355xcxujo32c6g8gqhnwz|03|biz"; nocase; ) # 5apycp3kzfemyeflbg1lw0baa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5apycp3kzfemyeflbg1lw0baa|03|net"; nocase; ) # 1pifldp1idq0n4144nw3c1dpo2dv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pifldp1idq0n4144nw3c1dpo2dv|03|org"; nocase; ) # 3eooqa1lq4yn2dazg1vq3nf7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3eooqa1lq4yn2dazg1vq3nf7|03|com"; nocase; ) # 1dem9ui1548zmh1k2n1zsqt4a6y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dem9ui1548zmh1k2n1zsqt4a6y|03|com"; nocase; ) # 1j3t32418fhvmo9337ca9wdbym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j3t32418fhvmo9337ca9wdbym|03|org"; nocase; ) # 19emj6kqfs3ew13cyjtl1lpalq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19emj6kqfs3ew13cyjtl1lpalq0|03|net"; nocase; ) # 1mwlf47vii6qwo0s3241qc3ce6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mwlf47vii6qwo0s3241qc3ce6|03|biz"; nocase; ) # g2wpi1kewa7q1rk72b51dcgzdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g2wpi1kewa7q1rk72b51dcgzdw|03|com"; nocase; ) # lcp4x41oiimjrrqp0ts6nmtvj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lcp4x41oiimjrrqp0ts6nmtvj|03|biz"; nocase; ) # h734p12n3a9xqbp2f8ugjrsx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h734p12n3a9xqbp2f8ugjrsx|03|org"; nocase; ) # e1kwne1q4lnfl1s9ilqedzllnx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e1kwne1q4lnfl1s9ilqedzllnx|03|com"; nocase; ) # sk55ley920bg1lzxqu3s088ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sk55ley920bg1lzxqu3s088ip|03|net"; nocase; ) # 9q4qgbzjg87j122expcd9m4bx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9q4qgbzjg87j122expcd9m4bx|03|biz"; nocase; ) # 1ife71kur0oaoww55xy8lm51m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ife71kur0oaoww55xy8lm51m|03|com"; nocase; ) # zt6zjrubcmrt9p24v911iocdy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zt6zjrubcmrt9p24v911iocdy|03|net"; nocase; ) # outvh11h7brvg1u4xaek7pbm61.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|outvh11h7brvg1u4xaek7pbm61|03|net"; nocase; ) # vy581n1jqji3dc0djv8c0bs06.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vy581n1jqji3dc0djv8c0bs06|03|biz"; nocase; ) # ced1yftudst62l0rmm1vged22.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ced1yftudst62l0rmm1vged22|03|com"; nocase; ) # 18sqst8kut4yd1dgdqzq4jzogh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18sqst8kut4yd1dgdqzq4jzogh|03|biz"; nocase; ) # 1jcxof3buecqu1gd3wk31qrqjd8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jcxof3buecqu1gd3wk31qrqjd8|03|org"; nocase; ) # i8fieroj4dvfzqjkb0y4va59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|i8fieroj4dvfzqjkb0y4va59|03|com"; nocase; ) # bw05cy1w1cfuv103uceyunj1rw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bw05cy1w1cfuv103uceyunj1rw|03|net"; nocase; ) # uioa5z26aqaj1w3sevppkmmbp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uioa5z26aqaj1w3sevppkmmbp|03|net"; nocase; ) # 1253hsq1vshn3e1f6s4yuqu4bf4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1253hsq1vshn3e1f6s4yuqu4bf4|03|biz"; nocase; ) # 13ccly6tj644q43hjp1owybzu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ccly6tj644q43hjp1owybzu|03|org"; nocase; ) # 1bobbcu16pkszu1111r92bknns8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bobbcu16pkszu1111r92bknns8|03|com"; nocase; ) # op74ebe9fprburv0ipj6npe1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|op74ebe9fprburv0ipj6npe1|03|com"; nocase; ) # 1s7wn951vpy1uv1x4kdjk80e4d9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s7wn951vpy1uv1x4kdjk80e4d9|03|biz"; nocase; ) # 1b60nyasr89m53musbhxtg4f9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b60nyasr89m53musbhxtg4f9|03|net"; nocase; ) # 133lyep34qbrlq4iop1neg92e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|133lyep34qbrlq4iop1neg92e|03|net"; nocase; ) # 5p68c812onruw1j7uhv6vuyvw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5p68c812onruw1j7uhv6vuyvw5|03|org"; nocase; ) # nz66qx1elxj5t10z1nd694hv3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nz66qx1elxj5t10z1nd694hv3t|03|org"; nocase; ) # ijqattyffp9zutuijefx9v9k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ijqattyffp9zutuijefx9v9k|03|net"; nocase; ) # csskuaya5517enxt8p1acgp87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|csskuaya5517enxt8p1acgp87|03|com"; nocase; ) # phkrnj1kkodpo15gv8it1i37buu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|phkrnj1kkodpo15gv8it1i37buu|03|org"; nocase; ) # 1pkgzd12se3zf13obkb1q9h0w6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pkgzd12se3zf13obkb1q9h0w6|03|org"; nocase; ) # nocoerto3wgg1mz787n154eujw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nocoerto3wgg1mz787n154eujw|03|org"; nocase; ) # 92gl4icvvanfzv8s9i15vltu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|92gl4icvvanfzv8s9i15vltu|03|com"; nocase; ) # 1i5ricvjjxkaj1d0p0hy1mxcfp7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i5ricvjjxkaj1d0p0hy1mxcfp7|03|org"; nocase; ) # z2eozpsy2px01m5cimwkr48tg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z2eozpsy2px01m5cimwkr48tg|03|com"; nocase; ) # zvkbb56e4gwv1kjz4cunsdh4k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zvkbb56e4gwv1kjz4cunsdh4k|03|net"; nocase; ) # l7xvej1nwx4a2mket3wl0f823.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l7xvej1nwx4a2mket3wl0f823|03|org"; nocase; ) # decgcroc4dnt162xsjqhy7mg4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|decgcroc4dnt162xsjqhy7mg4|03|com"; nocase; ) # 1b3k2qf1tlvvqa1u302ycp3rwlg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3k2qf1tlvvqa1u302ycp3rwlg|03|net"; nocase; ) # o4l2oo1x9jl0czbznrd1gmehzx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o4l2oo1x9jl0czbznrd1gmehzx|03|biz"; nocase; ) # 1x5cgxc1b5g3sq133wh7rc7rpeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x5cgxc1b5g3sq133wh7rc7rpeq|03|com"; nocase; ) # 1rlxhoaurjxex1s9snwsu6dhq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rlxhoaurjxex1s9snwsu6dhq9|03|net"; nocase; ) # wxoxd813zht31ex4t3e16x6uli.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wxoxd813zht31ex4t3e16x6uli|03|biz"; nocase; ) # yre0861tcgrfrbbanzn1i7ff0x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yre0861tcgrfrbbanzn1i7ff0x|03|org"; nocase; ) # jipjnbfu5q811oe2d2d1siuxjf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jipjnbfu5q811oe2d2d1siuxjf|03|com"; nocase; ) # 2vq5tf1ju7hj1h58v4sohta9d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2vq5tf1ju7hj1h58v4sohta9d|03|com"; nocase; ) # 18uv0lr18ragyq2sgiy712s3eq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18uv0lr18ragyq2sgiy712s3eq0|03|net"; nocase; ) # 195m7mslgwmef1q9zf33108nwnx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|195m7mslgwmef1q9zf33108nwnx|03|net"; nocase; ) # 9m0chtvf0pkwfikndq1o5kpcv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9m0chtvf0pkwfikndq1o5kpcv|03|net"; nocase; ) # 143l5ro112dr4b1qzkia5g93cdl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|143l5ro112dr4b1qzkia5g93cdl|03|org"; nocase; ) # 12qdjhd1v6r4lqwwc7hb1hmotdt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12qdjhd1v6r4lqwwc7hb1hmotdt|03|org"; nocase; ) # bklfv7x73rpv1ib5p80159vpe3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bklfv7x73rpv1ib5p80159vpe3|03|com"; nocase; ) # 1mjnwuz19yke935v0ly3558555.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mjnwuz19yke935v0ly3558555|03|biz"; nocase; ) # 798mt2buk6k3c1zu6gce36g6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|798mt2buk6k3c1zu6gce36g6|03|com"; nocase; ) # gstd0b1rfino92sdvlmkftjz0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gstd0b1rfino92sdvlmkftjz0|03|net"; nocase; ) # znn5vk1crjif514fq1vf103cih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znn5vk1crjif514fq1vf103cih|03|com"; nocase; ) # 1dmut0t1qweip2ghf11u1ygp9tl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dmut0t1qweip2ghf11u1ygp9tl|03|biz"; nocase; ) # 1sinedmusnoiq97b39v8wafx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1sinedmusnoiq97b39v8wafx|03|com"; nocase; ) # asha27116mnu6rxi78y1eu1o4l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|asha27116mnu6rxi78y1eu1o4l|03|net"; nocase; ) # kpbnd216i7xu82n69b51du9p8x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kpbnd216i7xu82n69b51du9p8x|03|org"; nocase; ) # fdi0r81sfunbs18xaubo1ne6rs0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fdi0r81sfunbs18xaubo1ne6rs0|03|biz"; nocase; ) # 17bpxok19hp0pgpj5hm4145jmn6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17bpxok19hp0pgpj5hm4145jmn6|03|biz"; nocase; ) # rocgz3ojrjo3mhmw7ny48kpb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rocgz3ojrjo3mhmw7ny48kpb|03|org"; nocase; ) # cmypvqh3mvd7d6p0ak6689e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|cmypvqh3mvd7d6p0ak6689e|03|org"; nocase; ) # t6e96j45qbpv9z6im61dfqxpu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t6e96j45qbpv9z6im61dfqxpu|03|com"; nocase; ) # ji8x9yu45kn9125e4o014jki4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ji8x9yu45kn9125e4o014jki4t|03|org"; nocase; ) # 1n700lx1xo9afs1c60gpxhca4v0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n700lx1xo9afs1c60gpxhca4v0|03|net"; nocase; ) # 1dxlokabtw2ik1a5pnoi1ts5ach.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dxlokabtw2ik1a5pnoi1ts5ach|03|net"; nocase; ) # 1nadr2mhzgqlzlsdqwmxwm478.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nadr2mhzgqlzlsdqwmxwm478|03|net"; nocase; ) # 1jdjoyw1seam281urok8s1cewpb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jdjoyw1seam281urok8s1cewpb1|03|com"; nocase; ) # clbkio13htprqzuvrq71bfqzoz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|clbkio13htprqzuvrq71bfqzoz|03|com"; nocase; ) # 1nna3pb82ojv311ljbx8qwtrb5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nna3pb82ojv311ljbx8qwtrb5|03|biz"; nocase; ) # xkq5wgy9vlx21n2drjw1qq8mnd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xkq5wgy9vlx21n2drjw1qq8mnd|03|com"; nocase; ) # 1ar7sc218d4jxa1x9phsjqkja7c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ar7sc218d4jxa1x9phsjqkja7c|03|biz"; nocase; ) # p79pmx14fkjervtcu3d1k8ogxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p79pmx14fkjervtcu3d1k8ogxh|03|com"; nocase; ) # 1sf8fu52ouaii19jewi715lmdqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sf8fu52ouaii19jewi715lmdqz|03|org"; nocase; ) # 1kp8qc811te8yg1bjw7ky1hqt33c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kp8qc811te8yg1bjw7ky1hqt33c|03|net"; nocase; ) # 1c7us5915y89ucb4ic4bk2c41k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c7us5915y89ucb4ic4bk2c41k|03|com"; nocase; ) # 1057221jwzolzla2lob1btpn0g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1057221jwzolzla2lob1btpn0g|03|org"; nocase; ) # nouh93x3tk2t1fhy5tj1z0otwd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nouh93x3tk2t1fhy5tj1z0otwd|03|net"; nocase; ) # 1wg6c3017eajgapwyh5r6iryp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wg6c3017eajgapwyh5r6iryp6|03|com"; nocase; ) # 62ma4x1dst5q41yh16r21aa0kzs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|62ma4x1dst5q41yh16r21aa0kzs|03|net"; nocase; ) # ghcu1lo5ha0gby6e89dsb2t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ghcu1lo5ha0gby6e89dsb2t|03|net"; nocase; ) # gmezfretl01eb7mm13u58n0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|gmezfretl01eb7mm13u58n0|03|net"; nocase; ) # 1iz3drve2lne9xd4iuriegv6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iz3drve2lne9xd4iuriegv6h|03|org"; nocase; ) # gvj6g8b3m5be1r2xv0l1vxtag5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gvj6g8b3m5be1r2xv0l1vxtag5|03|net"; nocase; ) # 1lymtil1kr19lc1cfm46r1xwja3j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lymtil1kr19lc1cfm46r1xwja3j|03|org"; nocase; ) # 1ntoptsjr785b1t7n5kvrdyx73.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ntoptsjr785b1t7n5kvrdyx73|03|net"; nocase; ) # 1qe4dnc1uyr1cqw2ymbrpz7qa0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qe4dnc1uyr1cqw2ymbrpz7qa0|03|com"; nocase; ) # t4q3hbc61s9y1hwbcjrgx94ep.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4q3hbc61s9y1hwbcjrgx94ep|03|org"; nocase; ) # ovogy91u1hy4p7yx2e1yuazn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovogy91u1hy4p7yx2e1yuazn2|03|net"; nocase; ) # 16xrwzpof62obzsxoh91mmj392.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16xrwzpof62obzsxoh91mmj392|03|biz"; nocase; ) # 1eolpv8bml57p1ugkdkkljy6z7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eolpv8bml57p1ugkdkkljy6z7|03|net"; nocase; ) # 1nnceec1dg3d1o651jsii8c80a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nnceec1dg3d1o651jsii8c80a|03|net"; nocase; ) # bocw0bt06z48sn72wg1sfcll7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bocw0bt06z48sn72wg1sfcll7|03|com"; nocase; ) # sfxmy4158vmhn18n8lh31vsxa2w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sfxmy4158vmhn18n8lh31vsxa2w|03|net"; nocase; ) # 1p8qxptjegqg2qf8sm8jw4h3s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p8qxptjegqg2qf8sm8jw4h3s|03|org"; nocase; ) # 1j71a2sszunql12jk5eo60tvyq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j71a2sszunql12jk5eo60tvyq|03|com"; nocase; ) # zd2q8vcdnqns1oqbaoh1fccjk0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zd2q8vcdnqns1oqbaoh1fccjk0|03|net"; nocase; ) # 1hqmix712p5u5y17f3302r6ltma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hqmix712p5u5y17f3302r6ltma|03|org"; nocase; ) # kcbgs51pmx2k91j96qb2cursmw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kcbgs51pmx2k91j96qb2cursmw|03|biz"; nocase; ) # 4poyem17gv2w8as3cjy1iou692.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4poyem17gv2w8as3cjy1iou692|03|net"; nocase; ) # ajvbit1of3ub87llgsi1t08xqj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajvbit1of3ub87llgsi1t08xqj|03|com"; nocase; ) # 1mhav2e13dzfzd1ghgifr1pt5e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mhav2e13dzfzd1ghgifr1pt5e|03|org"; nocase; ) # aaf0jcffvdpc1jttmxk1frfpxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aaf0jcffvdpc1jttmxk1frfpxe|03|com"; nocase; ) # cw6mz41fe2ths1ko6mmpahcmh8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cw6mz41fe2ths1ko6mmpahcmh8|03|org"; nocase; ) # 5olginas0iquf6669vzoh9k0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5olginas0iquf6669vzoh9k0|03|org"; nocase; ) # 1siglg8krhjhsci271bpcgxzz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1siglg8krhjhsci271bpcgxzz|03|biz"; nocase; ) # 1w51urz1to21ygtwoah168t93z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w51urz1to21ygtwoah168t93z|03|com"; nocase; ) # 1jpn2wc16ay0sc1q7c4641i87lrl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jpn2wc16ay0sc1q7c4641i87lrl|03|net"; nocase; ) # fiwich84etlkqfiipz4jder0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fiwich84etlkqfiipz4jder0|03|com"; nocase; ) # jbgc4618lvw6a83eyio1y2pp5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jbgc4618lvw6a83eyio1y2pp5r|03|biz"; nocase; ) # 15c9xj8ojb3bv6hcpdq1qdbr1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15c9xj8ojb3bv6hcpdq1qdbr1u|03|org"; nocase; ) # n3axly1i9ty3lpfmdnq8h3jrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n3axly1i9ty3lpfmdnq8h3jrp|03|org"; nocase; ) # 1irt0ij1yhhyg51rbtaih8hm8mx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1irt0ij1yhhyg51rbtaih8hm8mx|03|biz"; nocase; ) # 1s9b3zcoknvtwvpzejk67ora4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s9b3zcoknvtwvpzejk67ora4|03|com"; nocase; ) # ylzqhj2vs3lgc1os5016bcwl3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ylzqhj2vs3lgc1os5016bcwl3|03|com"; nocase; ) # 11ny97y1us7mji1r9ztn1n8y8cp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ny97y1us7mji1r9ztn1n8y8cp|03|net"; nocase; ) # 1fa6wtwi2936ahelj4cwr1lkc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fa6wtwi2936ahelj4cwr1lkc|03|net"; nocase; ) # 4sejkbdidf0rsze8791ldvptb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4sejkbdidf0rsze8791ldvptb|03|org"; nocase; ) # 1qicljh1nwlwe71wvux1012601d1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qicljh1nwlwe71wvux1012601d1|03|net"; nocase; ) # 1jwbm9ln9c79oifuyjv9r3g0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jwbm9ln9c79oifuyjv9r3g0o|03|net"; nocase; ) # xqvfi95fsswod8issmqfrn66.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xqvfi95fsswod8issmqfrn66|03|biz"; nocase; ) # 1w1ptozyky00h1hcyzivtx9gb2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w1ptozyky00h1hcyzivtx9gb2|03|net"; nocase; ) # 192mcu61bamb1mchoo3cjqcut7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|192mcu61bamb1mchoo3cjqcut7|03|org"; nocase; ) # 13g7rcu5b52ygvng7jg1yspf6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13g7rcu5b52ygvng7jg1yspf6o|03|org"; nocase; ) # skz201131r50s12nngv91wtqgja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|skz201131r50s12nngv91wtqgja|03|biz"; nocase; ) # 11v9wsx17ppo2j19fb2qs1dcjil9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11v9wsx17ppo2j19fb2qs1dcjil9|03|com"; nocase; ) # 1nooavf1khgwwxe2zdn41mnv821.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nooavf1khgwwxe2zdn41mnv821|03|net"; nocase; ) # 1u6t9q91twl1lj10a6k5l47ofsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u6t9q91twl1lj10a6k5l47ofsy|03|com"; nocase; ) # fjzqd618smb8p1hodw1kpqtupe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjzqd618smb8p1hodw1kpqtupe|03|com"; nocase; ) # 1eqef051mvuvk8v20vcwl1l24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1eqef051mvuvk8v20vcwl1l24|03|net"; nocase; ) # 1slu7p9apis4ei32ilq6aw602.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1slu7p9apis4ei32ilq6aw602|03|net"; nocase; ) # ztvz64177g1fj1fz7f1a12z38pj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ztvz64177g1fj1fz7f1a12z38pj|03|net"; nocase; ) # 85mo231ydfjhf55tkny1urvssq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|85mo231ydfjhf55tkny1urvssq|03|net"; nocase; ) # 1duac40h22ogu1o6cq38dvcrz7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1duac40h22ogu1o6cq38dvcrz7|03|net"; nocase; ) # vzxgzx1mlj6en7ynysrtewen8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vzxgzx1mlj6en7ynysrtewen8|03|org"; nocase; ) # 1gnsrnh1wfta93xmx6bcf5zcb6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gnsrnh1wfta93xmx6bcf5zcb6|03|net"; nocase; ) # 1bnms8e2v38mt11go8ma19tkdf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bnms8e2v38mt11go8ma19tkdf2|03|net"; nocase; ) # rt22ns1lp8agk16l8ste1b02kt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rt22ns1lp8agk16l8ste1b02kt|03|com"; nocase; ) # d68qhhb5kcoo08ozy1j91fqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d68qhhb5kcoo08ozy1j91fqh|03|biz"; nocase; ) # r1gm4ok6yi6kkxr2q71rrz1do.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r1gm4ok6yi6kkxr2q71rrz1do|03|org"; nocase; ) # rymfinoh71u41o74x3ycrtv5c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rymfinoh71u41o74x3ycrtv5c|03|net"; nocase; ) # 1f6i5rkc1lk3s59u43mh8zbx2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f6i5rkc1lk3s59u43mh8zbx2|03|org"; nocase; ) # 1hwetlc1ulv225szq0621lhwxvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwetlc1ulv225szq0621lhwxvs|03|com"; nocase; ) # eqtf881klhwgh1ho1jafa4rim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eqtf881klhwgh1ho1jafa4rim|03|com"; nocase; ) # 171gfobkzkdxqr362p1ov3qpz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|171gfobkzkdxqr362p1ov3qpz|03|org"; nocase; ) # 1xhh1g61g34rnf1y5fdeimx50it.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xhh1g61g34rnf1y5fdeimx50it|03|net"; nocase; ) # 12g8t6rh5np3a10zfysvw3dzxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12g8t6rh5np3a10zfysvw3dzxa|03|com"; nocase; ) # 1c3vbp31e05jq8c5ew8h1vb1icp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c3vbp31e05jq8c5ew8h1vb1icp|03|biz"; nocase; ) # 1ncyijm1tct7ot1pw55jd1nkiky9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ncyijm1tct7ot1pw55jd1nkiky9|03|com"; nocase; ) # 1mbyh3phn37ywzubp85f4i8ra.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mbyh3phn37ywzubp85f4i8ra|03|net"; nocase; ) # r5fic918nb72c1p3crif10usetd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r5fic918nb72c1p3crif10usetd|03|com"; nocase; ) # 27v5381o1kcpf1l1t87w1yy4qjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|27v5381o1kcpf1l1t87w1yy4qjm|03|org"; nocase; ) # 1f6obfi137t03k1cfc6228yrz5e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6obfi137t03k1cfc6228yrz5e|03|net"; nocase; ) # 1d9x6q0buupdauramqhzjjwve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d9x6q0buupdauramqhzjjwve|03|org"; nocase; ) # 1kml5eevetf4v1a6kzucl99rhy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kml5eevetf4v1a6kzucl99rhy|03|net"; nocase; ) # h98tv6egd0w45gqcra10fuw5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h98tv6egd0w45gqcra10fuw5p|03|net"; nocase; ) # 2u9tpk13kltnik89yjihb2pzy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2u9tpk13kltnik89yjihb2pzy|03|org"; nocase; ) # 1kx4xcb1czrs61j4mup217gfllu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kx4xcb1czrs61j4mup217gfllu|03|biz"; nocase; ) # r789nn1n87yhf8jp2gt13slj5e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r789nn1n87yhf8jp2gt13slj5e|03|biz"; nocase; ) # 4nzdwbvevezxjz04ytwijylm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4nzdwbvevezxjz04ytwijylm|03|net"; nocase; ) # f302nh1hljbupf0wsh51wtkyfx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f302nh1hljbupf0wsh51wtkyfx|03|biz"; nocase; ) # 9cjiguq31wod1dwjr70113dao5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9cjiguq31wod1dwjr70113dao5|03|net"; nocase; ) # 2r7g9v187y1rn11pv54x837v8f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2r7g9v187y1rn11pv54x837v8f|03|net"; nocase; ) # 1i1g1fk17f1llw1h020malg20c4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i1g1fk17f1llw1h020malg20c4|03|biz"; nocase; ) # 1f9p7qu1a2ms381m3bguf9dnpb5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9p7qu1a2ms381m3bguf9dnpb5|03|net"; nocase; ) # 160ki6q1c5zgavb98hwmvlvh27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|160ki6q1c5zgavb98hwmvlvh27|03|net"; nocase; ) # 1lajwkr4tpqj712b6c481mlp45z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lajwkr4tpqj712b6c481mlp45z|03|com"; nocase; ) # 1rr4tqs1fxu65s1snhf61boytt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rr4tqs1fxu65s1snhf61boytt1|03|org"; nocase; ) # n9xsx8da5b779awn561fudob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n9xsx8da5b779awn561fudob|03|com"; nocase; ) # 9v5u4von1k0vynbyr1p3blfz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9v5u4von1k0vynbyr1p3blfz|03|net"; nocase; ) # 1o0pmf81fbpjh3zypxg0y1d1r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o0pmf81fbpjh3zypxg0y1d1r|03|com"; nocase; ) # 16mejcq1v2o9sl3amu2e10dmrfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16mejcq1v2o9sl3amu2e10dmrfs|03|com"; nocase; ) # 1forpbzpk3k8stwyji31eg9uoh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1forpbzpk3k8stwyji31eg9uoh|03|org"; nocase; ) # 1sjy2yacj6ld3cjdou01o552pu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sjy2yacj6ld3cjdou01o552pu|03|net"; nocase; ) # 1sgf4r71o0glwj19opbou13p6b7d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sgf4r71o0glwj19opbou13p6b7d|03|biz"; nocase; ) # p15tp319zhk65bofxga1xheis9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p15tp319zhk65bofxga1xheis9|03|org"; nocase; ) # r3szhe1bnpfj91tmqdkf1btv57e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|r3szhe1bnpfj91tmqdkf1btv57e|03|com"; nocase; ) # 4r9tkktuhp78jwkjj4g8ht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|4r9tkktuhp78jwkjj4g8ht|03|com"; nocase; ) # uy1edc1hdnqqe1xx4h1nd7ul6s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uy1edc1hdnqqe1xx4h1nd7ul6s|03|org"; nocase; ) # iax8c013d5uvw7x4az1w80rqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iax8c013d5uvw7x4az1w80rqu|03|com"; nocase; ) # ra7mxsgicdao1869b3d1qt55a6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ra7mxsgicdao1869b3d1qt55a6|03|org"; nocase; ) # jzrpn614nxre81t29e0i73h35c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jzrpn614nxre81t29e0i73h35c|03|com"; nocase; ) # 5hmtc51fzmc4iqgxtn21x1blh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5hmtc51fzmc4iqgxtn21x1blh|03|biz"; nocase; ) # 1pactaw5uc4vl1y5ky311s0jdk0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pactaw5uc4vl1y5ky311s0jdk0|03|com"; nocase; ) # 4lbq091ei4lygck4oonlbmzwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4lbq091ei4lygck4oonlbmzwq|03|net"; nocase; ) # 16iadpgogd0yw1uio2vr1ul5obn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16iadpgogd0yw1uio2vr1ul5obn|03|org"; nocase; ) # p3hwtb13zol8m112jup01eqwjmh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p3hwtb13zol8m112jup01eqwjmh|03|com"; nocase; ) # 1soyq3n188yvpprqlyj6azn7lu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1soyq3n188yvpprqlyj6azn7lu|03|net"; nocase; ) # 1504y5l1rp5fch1aqs36qcp655v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1504y5l1rp5fch1aqs36qcp655v|03|net"; nocase; ) # 14462hbycjggu1yx176czax69h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000040999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14462hbycjggu1yx176czax69h|03|biz"; nocase; ) # 766bg6nb6t9y11mvm2p5rcogp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|766bg6nb6t9y11mvm2p5rcogp|03|net"; nocase; ) # 1gosvtym2job5n5p7wp1jes5ut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gosvtym2job5n5p7wp1jes5ut|03|net"; nocase; ) # t05mmy1v02s7sfher60pn31ee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t05mmy1v02s7sfher60pn31ee|03|net"; nocase; ) # 1tz097v12b167yzjcz1e1419n5e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tz097v12b167yzjcz1e1419n5e|03|com"; nocase; ) # 12506it13e4n6jny2nmydhmlfi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12506it13e4n6jny2nmydhmlfi|03|net"; nocase; ) # 91bib61dak6yzu7a8fwg28gkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91bib61dak6yzu7a8fwg28gkd|03|com"; nocase; ) # 1fwe0sy1bl0e1l1i1b0qjod7n7s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fwe0sy1bl0e1l1i1b0qjod7n7s|03|biz"; nocase; ) # 158zot712epapu1gtlajvbvl675.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|158zot712epapu1gtlajvbvl675|03|biz"; nocase; ) # z0v5fo1oot5jz1ux0ddk139s8f6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z0v5fo1oot5jz1ux0ddk139s8f6|03|org"; nocase; ) # 6q1yl9hamfo1je695c1qiaghz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6q1yl9hamfo1je695c1qiaghz|03|net"; nocase; ) # 1qo1yrx7yio1d1rxmdgeo3kc69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qo1yrx7yio1d1rxmdgeo3kc69|03|net"; nocase; ) # m8csi911hehkn1o797kl19gnchn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m8csi911hehkn1o797kl19gnchn|03|com"; nocase; ) # bo6l6i16q13uqed14d91bucvzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bo6l6i16q13uqed14d91bucvzy|03|net"; nocase; ) # zm1vql1n7lazfs0zawv1efub1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zm1vql1n7lazfs0zawv1efub1g|03|biz"; nocase; ) # 1kqkjyf1loyua41lesh68e3988a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqkjyf1loyua41lesh68e3988a|03|net"; nocase; ) # pcwik71dawh2z1lypawf1h1r39e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pcwik71dawh2z1lypawf1h1r39e|03|com"; nocase; ) # 1c84edt1m8p1kutll7368b3sbn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c84edt1m8p1kutll7368b3sbn|03|org"; nocase; ) # 17ctq0616s5e7h564f2h1fm7iov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ctq0616s5e7h564f2h1fm7iov|03|com"; nocase; ) # 1ndf6r3uiux9h1k1xuji1b2qiwz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ndf6r3uiux9h1k1xuji1b2qiwz|03|org"; nocase; ) # b7z191ne6dyip1s24m1bnkvax.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b7z191ne6dyip1s24m1bnkvax|03|biz"; nocase; ) # 1rwa1l557zokkxc3kdb1c3m6zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rwa1l557zokkxc3kdb1c3m6zh|03|net"; nocase; ) # 1nue0kjf9p0smsiqvyv1xj9ffs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nue0kjf9p0smsiqvyv1xj9ffs|03|net"; nocase; ) # luwnrs1cjkdud1abgtz01edyyra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|luwnrs1cjkdud1abgtz01edyyra|03|org"; nocase; ) # 1yy4hjatm9q4d1nw2xth1uyep2u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yy4hjatm9q4d1nw2xth1uyep2u|03|org"; nocase; ) # 1c9skv0b94ayrh464d5hfqzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1c9skv0b94ayrh464d5hfqzn|03|com"; nocase; ) # 1hp47ze1nx9hwi1h88be06dptwn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hp47ze1nx9hwi1h88be06dptwn|03|org"; nocase; ) # a0p8buetd9avvpgakq1hhez8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a0p8buetd9avvpgakq1hhez8k|03|biz"; nocase; ) # uv6242iczvqnuw9agm38rd11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uv6242iczvqnuw9agm38rd11|03|com"; nocase; ) # dbr2b21qf2d17149fsq51m15kr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dbr2b21qf2d17149fsq51m15kr|03|org"; nocase; ) # 12ztrrrkqid4rdxwo036xjlo6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12ztrrrkqid4rdxwo036xjlo6|03|com"; nocase; ) # lq7fm01dv4vwlg6nfn91aupnwn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lq7fm01dv4vwlg6nfn91aupnwn|03|net"; nocase; ) # 1tc6sdc1xji8d1yvtiu5gicj11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tc6sdc1xji8d1yvtiu5gicj11|03|org"; nocase; ) # 1eyhvwp1dkiah21d0v2wx18wq2rp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eyhvwp1dkiah21d0v2wx18wq2rp|03|net"; nocase; ) # 1bs66kb726se91gsn5ixser9z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bs66kb726se91gsn5ixser9z|03|com"; nocase; ) # 15tyxrh1lxz7sisppfesas9nid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15tyxrh1lxz7sisppfesas9nid|03|com"; nocase; ) # 11jpbwv1gob7ih1jqxesm1stft9s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11jpbwv1gob7ih1jqxesm1stft9s|03|net"; nocase; ) # 1v97e41bvd35ilqj3g1f9kwex.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v97e41bvd35ilqj3g1f9kwex|03|biz"; nocase; ) # yae9rt72whv7syf3vus02fud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yae9rt72whv7syf3vus02fud|03|org"; nocase; ) # dkg9uihzh0ykjnu6q5nr4qmc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dkg9uihzh0ykjnu6q5nr4qmc|03|com"; nocase; ) # 867qhp1l9us1f1g3ta3d1kkbfd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|867qhp1l9us1f1g3ta3d1kkbfd|03|net"; nocase; ) # tl8xkqyc0ve5qcdl8ocplvhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tl8xkqyc0ve5qcdl8ocplvhm|03|com"; nocase; ) # navpny69e7ft114j6x2sis32f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|navpny69e7ft114j6x2sis32f|03|org"; nocase; ) # 14e41ty1sw5yg61b43xnsqvegft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14e41ty1sw5yg61b43xnsqvegft|03|net"; nocase; ) # 1sy8il714yy8nflfk6hig4s9dy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sy8il714yy8nflfk6hig4s9dy|03|com"; nocase; ) # 62l24tiblor35pqav1wsvo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|62l24tiblor35pqav1wsvo8|03|net"; nocase; ) # 63trpy15vcacqx4be9t1acgt38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|63trpy15vcacqx4be9t1acgt38|03|org"; nocase; ) # v5nvno1k1c7fgw0e5ht1c3so4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v5nvno1k1c7fgw0e5ht1c3so4u|03|net"; nocase; ) # 1gnnj42ucp28gaml04o1h7skn2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gnnj42ucp28gaml04o1h7skn2|03|net"; nocase; ) # 69e3d1l6is5w4s8oubiu9rz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|69e3d1l6is5w4s8oubiu9rz9|03|com"; nocase; ) # pzwhud1cv3j881ksf7yujazyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pzwhud1cv3j881ksf7yujazyk|03|org"; nocase; ) # 18wcqhc10qydz11dyr3j61tvwdj2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18wcqhc10qydz11dyr3j61tvwdj2|03|net"; nocase; ) # 1aabg26h0bsia1ihg7091j1ync6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aabg26h0bsia1ihg7091j1ync6|03|com"; nocase; ) # 1n9qu581h06c2d27nqer1ffsm9l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9qu581h06c2d27nqer1ffsm9l|03|com"; nocase; ) # 133sf8y11s2v0x12gnaun1pmx4uh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|133sf8y11s2v0x12gnaun1pmx4uh|03|org"; nocase; ) # 101nvpp1kh27hj1m1xti51vp29b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|101nvpp1kh27hj1m1xti51vp29b|03|biz"; nocase; ) # tq5g2memqieoqquqe51s0w0q3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tq5g2memqieoqquqe51s0w0q3|03|com"; nocase; ) # 8byghb1b8zsnnjhugovajt6q3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8byghb1b8zsnnjhugovajt6q3|03|com"; nocase; ) # 1csh74pqtgfqn1n9rcpi85fftq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1csh74pqtgfqn1n9rcpi85fftq|03|net"; nocase; ) # 1hg93ky1q9vgu1vchemb11desaw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hg93ky1q9vgu1vchemb11desaw|03|org"; nocase; ) # 15k0hz81lhhuot5jlexs1yg3vsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15k0hz81lhhuot5jlexs1yg3vsf|03|net"; nocase; ) # k07t7g1rm27wf1bm4e0pj7aogm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k07t7g1rm27wf1bm4e0pj7aogm|03|com"; nocase; ) # 15glhqaj2ycfd1v3w77ku12s7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15glhqaj2ycfd1v3w77ku12s7y|03|net"; nocase; ) # 13ivci31s1van0cydclf1dy3hul.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ivci31s1van0cydclf1dy3hul|03|org"; nocase; ) # 1ypzyg2dnv8v8120d3u61godfwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ypzyg2dnv8v8120d3u61godfwk|03|org"; nocase; ) # 12holuv9ypkurdmzyk111sn33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12holuv9ypkurdmzyk111sn33|03|net"; nocase; ) # 1bgih2w2nuxyx1or76hq1qrj1ly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bgih2w2nuxyx1or76hq1qrj1ly|03|com"; nocase; ) # 5xgcv91hxnywv158w12iatkkoi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xgcv91hxnywv158w12iatkkoi|03|net"; nocase; ) # 19lgux1nlfxle1xao5gebsfia1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19lgux1nlfxle1xao5gebsfia1|03|org"; nocase; ) # yabzr7pe9u21qh9bht1j40ca2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yabzr7pe9u21qh9bht1j40ca2|03|org"; nocase; ) # 189nhv8iv2uq0ufd3l6144zdfb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|189nhv8iv2uq0ufd3l6144zdfb|03|biz"; nocase; ) # na1tnrr22jaix6l3s61gv9lz3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|na1tnrr22jaix6l3s61gv9lz3|03|com"; nocase; ) # sg2rwxdy9nza1ce66n7sviy75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sg2rwxdy9nza1ce66n7sviy75|03|net"; nocase; ) # xkxkn97v54l81f56olbjrqf49.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xkxkn97v54l81f56olbjrqf49|03|org"; nocase; ) # 18atoym1mc6nld1a50dp71qapx8h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18atoym1mc6nld1a50dp71qapx8h|03|com"; nocase; ) # 1q9yku3s02eg3lg1vjwsz2l5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1q9yku3s02eg3lg1vjwsz2l5|03|org"; nocase; ) # gklqpa5h3c0b13t32gn1jinb1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gklqpa5h3c0b13t32gn1jinb1u|03|org"; nocase; ) # jkl8wk1vdvaep1lemh4keqlo9r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jkl8wk1vdvaep1lemh4keqlo9r|03|biz"; nocase; ) # 1na4zhq1aplzd5qj1tk41oqt48u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1na4zhq1aplzd5qj1tk41oqt48u|03|net"; nocase; ) # t3shngn9ckfhx69bqsxmox9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t3shngn9ckfhx69bqsxmox9v|03|org"; nocase; ) # 11lwniv1vg6ivl123dtx1ns5uyx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11lwniv1vg6ivl123dtx1ns5uyx|03|net"; nocase; ) # 1sqna901d68gu418y1z0bmnqwgr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sqna901d68gu418y1z0bmnqwgr|03|net"; nocase; ) # 1dxmpc61424let1hbpzuxipbrpp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dxmpc61424let1hbpzuxipbrpp|03|com"; nocase; ) # xyi8zmyyssmk1amb2nm1nuxfql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xyi8zmyyssmk1amb2nm1nuxfql|03|net"; nocase; ) # 18z1ukx21huji1sma1v114iy5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18z1ukx21huji1sma1v114iy5j|03|net"; nocase; ) # 14tkhglx4qe231fxqc4n1ry5oye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14tkhglx4qe231fxqc4n1ry5oye|03|com"; nocase; ) # 13v9rf217lfzu61k2baq61s3p4wi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13v9rf217lfzu61k2baq61s3p4wi|03|org"; nocase; ) # 1618wff11opstz1v55sje1bhl05p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1618wff11opstz1v55sje1bhl05p|03|org"; nocase; ) # hv8yny1lx2h5833qzw8kvwd57.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hv8yny1lx2h5833qzw8kvwd57|03|com"; nocase; ) # u2gj5p1e6zoub172cfj5fc0g7j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u2gj5p1e6zoub172cfj5fc0g7j|03|net"; nocase; ) # 949u261c38vcy8nttea15utdke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|949u261c38vcy8nttea15utdke|03|org"; nocase; ) # 17klsi01a60gyf1jcsymq12qms31.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17klsi01a60gyf1jcsymq12qms31|03|com"; nocase; ) # wq1c691bqs058ahrpup104p99n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wq1c691bqs058ahrpup104p99n|03|net"; nocase; ) # 17bp0q7vrrk0x1rcpz8o13ukcia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17bp0q7vrrk0x1rcpz8o13ukcia|03|net"; nocase; ) # emzh9v8ltrszcsp4q0gwcoht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|emzh9v8ltrszcsp4q0gwcoht|03|org"; nocase; ) # 1iebe59penttb2yr4g38sadus.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iebe59penttb2yr4g38sadus|03|org"; nocase; ) # 1hz7c07nylzk518chc8phf69p0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hz7c07nylzk518chc8phf69p0|03|com"; nocase; ) # 1unsipc16rcg2c1mzzxo4bopjre.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1unsipc16rcg2c1mzzxo4bopjre|03|net"; nocase; ) # 1yk26q51q5m3t4uy91ot1pxhrt6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yk26q51q5m3t4uy91ot1pxhrt6|03|org"; nocase; ) # 78v34a1fu9euk1ozi0avx6zf3l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|78v34a1fu9euk1ozi0avx6zf3l|03|net"; nocase; ) # tctntr1kye3ur13a4xdf1830w3y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tctntr1kye3ur13a4xdf1830w3y|03|net"; nocase; ) # 1sqbmun1qqchb0hg7wcg10mnuyx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sqbmun1qqchb0hg7wcg10mnuyx|03|com"; nocase; ) # 1nvua54icwn18v0107v1jihs2k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nvua54icwn18v0107v1jihs2k|03|biz"; nocase; ) # 15kbabu4m4q7v142ccej1neio1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15kbabu4m4q7v142ccej1neio1d|03|com"; nocase; ) # 1b3r3xi1pr9dkna1zhc217tqzsd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b3r3xi1pr9dkna1zhc217tqzsd|03|org"; nocase; ) # 1ihb6my1pq8rk4i8hac7t3orat.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ihb6my1pq8rk4i8hac7t3orat|03|org"; nocase; ) # fr9lk91syvjn5jgadu5bo2v0n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fr9lk91syvjn5jgadu5bo2v0n|03|com"; nocase; ) # k1wkok1rnsli61kt22rektxgtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k1wkok1rnsli61kt22rektxgtf|03|net"; nocase; ) # 1pydnk81g6w9agzrhvov1eh3gvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pydnk81g6w9agzrhvov1eh3gvg|03|net"; nocase; ) # 1vhq89b192zcdc1w5k0j5qa2xr1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vhq89b192zcdc1w5k0j5qa2xr1|03|org"; nocase; ) # 157nwtd1k0aedm1vpmeoor7v7cv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|157nwtd1k0aedm1vpmeoor7v7cv|03|net"; nocase; ) # 1fht12rsjtbkqnnlgnykbjsjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fht12rsjtbkqnnlgnykbjsjv|03|org"; nocase; ) # 1umhkbktyd05w1sj0vq5k7mfpg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1umhkbktyd05w1sj0vq5k7mfpg|03|net"; nocase; ) # 15pwur11liap4rwceogq1pey9qy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15pwur11liap4rwceogq1pey9qy|03|com"; nocase; ) # zxbtkpqmoac7y2hmo79if3hk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zxbtkpqmoac7y2hmo79if3hk|03|net"; nocase; ) # vq2d617sfrbx11v3h7jh131j3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vq2d617sfrbx11v3h7jh131j3|03|net"; nocase; ) # 1p4immr1x6egkl11ic6nk1jdbnma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p4immr1x6egkl11ic6nk1jdbnma|03|com"; nocase; ) # hkorpfkxfu0t3u7fj214tvp0p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hkorpfkxfu0t3u7fj214tvp0p|03|org"; nocase; ) # nqcsgidsy9o21jxozcq1lt5eun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nqcsgidsy9o21jxozcq1lt5eun|03|net"; nocase; ) # oysok99alqyp1oazx7h11oorw6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oysok99alqyp1oazx7h11oorw6|03|net"; nocase; ) # 5ssd7g1spt0ct1ut94sn1nm020v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5ssd7g1spt0ct1ut94sn1nm020v|03|com"; nocase; ) # 1yqfqva1npw8qvx81lg0mlrf6m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yqfqva1npw8qvx81lg0mlrf6m|03|org"; nocase; ) # 1f4vcxw4czla31ipy1ud1dt1zav.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f4vcxw4czla31ipy1ud1dt1zav|03|net"; nocase; ) # xsoyac1p8t78z10tmy2i1ip73r2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xsoyac1p8t78z10tmy2i1ip73r2|03|net"; nocase; ) # 713jza1gc1lsa1jvuor3hkae1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|713jza1gc1lsa1jvuor3hkae1w|03|com"; nocase; ) # 3jt1u1vxmuimoyo7v0rk4j2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3jt1u1vxmuimoyo7v0rk4j2e|03|com"; nocase; ) # 430thu7itv001juwvrc9a9j3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|430thu7itv001juwvrc9a9j3|03|net"; nocase; ) # wxlcs31mxh2ex6xw9lkiql992.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxlcs31mxh2ex6xw9lkiql992|03|net"; nocase; ) # n5ypgkqc9h2gdwvhkn15e4giu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5ypgkqc9h2gdwvhkn15e4giu|03|com"; nocase; ) # 1qeo7isqffgr1aar3ey1nelg7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qeo7isqffgr1aar3ey1nelg7i|03|net"; nocase; ) # t4tkp6181msrdmlu4soxw8wvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4tkp6181msrdmlu4soxw8wvd|03|net"; nocase; ) # qli9vzi3pvm21dd07f51w2y872.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qli9vzi3pvm21dd07f51w2y872|03|net"; nocase; ) # 1tnnodods55sw1pgnm761h44oks.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tnnodods55sw1pgnm761h44oks|03|biz"; nocase; ) # ajnbtqfn75vszm7rs1o3guby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ajnbtqfn75vszm7rs1o3guby|03|org"; nocase; ) # 1a6ohm1ofgieg14nv9pg1e0nzxj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6ohm1ofgieg14nv9pg1e0nzxj|03|net"; nocase; ) # w88omszzi5dl1rgswzi1316bt4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w88omszzi5dl1rgswzi1316bt4|03|biz"; nocase; ) # 7mkw0jv2bilc1qtpgglsm24am.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7mkw0jv2bilc1qtpgglsm24am|03|org"; nocase; ) # 198cbe21lf0d0orm3ytl1wvk1gc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|198cbe21lf0d0orm3ytl1wvk1gc|03|com"; nocase; ) # t5ojw7ua5wv5prpkuh14uzobl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t5ojw7ua5wv5prpkuh14uzobl|03|net"; nocase; ) # 112spssa6x80erkkje5a0lu50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|112spssa6x80erkkje5a0lu50|03|net"; nocase; ) # 1ssl0pu1w7llf56lawmca5t0qv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ssl0pu1w7llf56lawmca5t0qv|03|org"; nocase; ) # vpy52e1zr85t1khztewjzmh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vpy52e1zr85t1khztewjzmh9|03|com"; nocase; ) # 4rfc4g15ifbr4rwkxy4wga76.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4rfc4g15ifbr4rwkxy4wga76|03|net"; nocase; ) # lr0jg35useyipza9rw6mm039.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lr0jg35useyipza9rw6mm039|03|com"; nocase; ) # fmq87r1h7esxy1u3nnccj5wafk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fmq87r1h7esxy1u3nnccj5wafk|03|org"; nocase; ) # 77qfl1hr4a8b19uhibz1aczci3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77qfl1hr4a8b19uhibz1aczci3|03|net"; nocase; ) # 1j80sen1nxch3tfv2rtq1igm5fx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j80sen1nxch3tfv2rtq1igm5fx|03|net"; nocase; ) # 1wtqczsxnerhj1veya0ps9zc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1wtqczsxnerhj1veya0ps9zc|03|com"; nocase; ) # 1tj9t6yw5b82h1qvold72tc8b7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tj9t6yw5b82h1qvold72tc8b7|03|net"; nocase; ) # 1sq94fv1nc44lxkowulr1ej4i12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sq94fv1nc44lxkowulr1ej4i12|03|org"; nocase; ) # 1jw1d3q1lva5gc73rbxfd7me0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jw1d3q1lva5gc73rbxfd7me0e|03|org"; nocase; ) # tiddl91b1c2gepqi3kk1o06p69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tiddl91b1c2gepqi3kk1o06p69|03|net"; nocase; ) # 4bcwnnv6k8u1x24fdyb778zw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4bcwnnv6k8u1x24fdyb778zw|03|com"; nocase; ) # 1qphafn1gqbkdjz399b21077lls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qphafn1gqbkdjz399b21077lls|03|org"; nocase; ) # nyp3dz19h39bsk937f1oxl7oi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nyp3dz19h39bsk937f1oxl7oi|03|com"; nocase; ) # bcfe9s1txikw1y45vyz13r1jlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcfe9s1txikw1y45vyz13r1jlj|03|org"; nocase; ) # 1aon8rhn4vmep5pbmrz17y0kmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aon8rhn4vmep5pbmrz17y0kmt|03|com"; nocase; ) # yt0i7p11sjscf1flp9ss1opuz40.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yt0i7p11sjscf1flp9ss1opuz40|03|org"; nocase; ) # 1xrg9rn1ps2j7p1diiuyi19v334s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xrg9rn1ps2j7p1diiuyi19v334s|03|com"; nocase; ) # 19h7daf29gt0xy0pi4aktc0xw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19h7daf29gt0xy0pi4aktc0xw|03|org"; nocase; ) # 51i8x9nih8ia1jyglwf6gmyln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|51i8x9nih8ia1jyglwf6gmyln|03|org"; nocase; ) # 1ne31kw1gmlkp89f3tnu1icjinu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ne31kw1gmlkp89f3tnu1icjinu|03|net"; nocase; ) # maepjnk7dva71t5d43923lsb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|maepjnk7dva71t5d43923lsb|03|org"; nocase; ) # h5iddmf1srpm42m4lb1ym2jqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h5iddmf1srpm42m4lb1ym2jqi|03|org"; nocase; ) # 1tpqs061iz5ybe1vzw8d7ik4vg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tpqs061iz5ybe1vzw8d7ik4vg|03|com"; nocase; ) # ha4sajgb60ys1f04zis1t2pbdd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ha4sajgb60ys1f04zis1t2pbdd|03|org"; nocase; ) # 14sj4fg1gk46hx1ydef0i1r2glwm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14sj4fg1gk46hx1ydef0i1r2glwm|03|biz"; nocase; ) # vtxwyiokzynu174riewrk5c17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vtxwyiokzynu174riewrk5c17|03|com"; nocase; ) # 47lj7wmmwrqq1lob3z8qocsfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|47lj7wmmwrqq1lob3z8qocsfn|03|net"; nocase; ) # 12tnteq18maz2x1g8geezx5bcp5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12tnteq18maz2x1g8geezx5bcp5|03|com"; nocase; ) # 18yntdep6jnst4ak9961rsd1ik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18yntdep6jnst4ak9961rsd1ik|03|net"; nocase; ) # ugzddnv3hofr10hwyb21ses9vw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ugzddnv3hofr10hwyb21ses9vw|03|com"; nocase; ) # 1lxbphx1fy4b33f1vu771tlfit8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lxbphx1fy4b33f1vu771tlfit8|03|biz"; nocase; ) # wbs9h76yr8bxpdzgy07z91k5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wbs9h76yr8bxpdzgy07z91k5|03|org"; nocase; ) # 1v5qelpr144rwq6hf48u1jalz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v5qelpr144rwq6hf48u1jalz|03|com"; nocase; ) # 1p45u75184h49m8wtve6we2iwl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p45u75184h49m8wtve6we2iwl|03|org"; nocase; ) # 1i67ya8wellubdick55bbpx5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i67ya8wellubdick55bbpx5w|03|net"; nocase; ) # kvluaq4n41w018hv4591w4p6ip.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvluaq4n41w018hv4591w4p6ip|03|biz"; nocase; ) # 168gkdlonoh4b17huv9d1rt0yo8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|168gkdlonoh4b17huv9d1rt0yo8|03|org"; nocase; ) # 1r32ypa1562ips1v4w4vao7536d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r32ypa1562ips1v4w4vao7536d|03|org"; nocase; ) # 16m7lmrhk4ka41jlhvjatvekf9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16m7lmrhk4ka41jlhvjatvekf9|03|net"; nocase; ) # 3r5t2z69ox075elw071rxdwod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3r5t2z69ox075elw071rxdwod|03|com"; nocase; ) # gjjv8f3xgufx1wv48ujk7k6xg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gjjv8f3xgufx1wv48ujk7k6xg|03|net"; nocase; ) # 10twrik17xdqkuel8fl1mtlpj8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10twrik17xdqkuel8fl1mtlpj8|03|org"; nocase; ) # 84t0xbohktfidqa16v1skvt7c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|84t0xbohktfidqa16v1skvt7c|03|com"; nocase; ) # nid9wglsg73kv82551d4358y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nid9wglsg73kv82551d4358y|03|net"; nocase; ) # 13lmsew1p5njeu1de5qd14z040g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13lmsew1p5njeu1de5qd14z040g|03|com"; nocase; ) # yum5z71uxamjrllf5z7zgheir.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yum5z71uxamjrllf5z7zgheir|03|biz"; nocase; ) # cwtzjf9v1fmdoaqrn6xmnavs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cwtzjf9v1fmdoaqrn6xmnavs|03|net"; nocase; ) # 1hytkd9iolms33br7xo8zltvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hytkd9iolms33br7xo8zltvw|03|org"; nocase; ) # 1gwksij1l0fspk1wlbt2t1hfvono.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gwksij1l0fspk1wlbt2t1hfvono|03|org"; nocase; ) # pko5n81n6hgzhbsx503eewpsj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pko5n81n6hgzhbsx503eewpsj|03|biz"; nocase; ) # lclwmq1i9eloaqdqwwrr0ccac.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lclwmq1i9eloaqdqwwrr0ccac|03|org"; nocase; ) # 1jidx5aaedtlp1qxyyes17t6nvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jidx5aaedtlp1qxyyes17t6nvd|03|com"; nocase; ) # 1to2pa81rnv3a51c93v201b1gsuj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1to2pa81rnv3a51c93v201b1gsuj|03|org"; nocase; ) # jtv7z7xe5dor4ai4u01q1zll6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jtv7z7xe5dor4ai4u01q1zll6|03|net"; nocase; ) # 1g8dzkj1r60sgg1hxawzgv8r2co.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g8dzkj1r60sgg1hxawzgv8r2co|03|biz"; nocase; ) # 1f3psyhwdfbfnt3snmdzdtbhf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f3psyhwdfbfnt3snmdzdtbhf|03|biz"; nocase; ) # 1m16f511paq5yvjjjwe11nhleaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m16f511paq5yvjjjwe11nhleaw|03|net"; nocase; ) # zsrxkapoh2sl17l84dl1djas9l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zsrxkapoh2sl17l84dl1djas9l|03|org"; nocase; ) # 18t0vjht5jeps1arvjrn1jiy4t6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18t0vjht5jeps1arvjrn1jiy4t6|03|com"; nocase; ) # su7fl01a1e9gxje8y3o164g8k6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|su7fl01a1e9gxje8y3o164g8k6|03|org"; nocase; ) # 1o1s6ce1yndlbt18mqqagzfnyrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o1s6ce1yndlbt18mqqagzfnyrx|03|net"; nocase; ) # 10b0qyl1nw06wa1oqcfrhxtab9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10b0qyl1nw06wa1oqcfrhxtab9c|03|biz"; nocase; ) # 17tiaiv1d4dubxylfye1esd0lp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17tiaiv1d4dubxylfye1esd0lp|03|com"; nocase; ) # 182ttxrg8mrhw1t4m6fv1fvcsrk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|182ttxrg8mrhw1t4m6fv1fvcsrk|03|biz"; nocase; ) # osly8clwe6s11zv5paqp7gsg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|osly8clwe6s11zv5paqp7gsg|03|net"; nocase; ) # 1d2yhz235kltg1k106b41bxq6gw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d2yhz235kltg1k106b41bxq6gw|03|org"; nocase; ) # 1x12sjt1qkc4g1ksttfzbheah0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x12sjt1qkc4g1ksttfzbheah0|03|net"; nocase; ) # u1b6ocerfr2zw1a5iu8af6w2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u1b6ocerfr2zw1a5iu8af6w2|03|org"; nocase; ) # 1enp9repzvoz7tngrhqogad5e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1enp9repzvoz7tngrhqogad5e|03|com"; nocase; ) # 1ejec4bqbhu0lvdxg1zmdc31s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ejec4bqbhu0lvdxg1zmdc31s|03|net"; nocase; ) # 1g469gy1fdoj3gdfyg5k1g7b80v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g469gy1fdoj3gdfyg5k1g7b80v|03|biz"; nocase; ) # psciaq1v6bjdi15t7skf6adt2m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|psciaq1v6bjdi15t7skf6adt2m|03|net"; nocase; ) # sdz5xytowg7t1ckk7zqqsc4fi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sdz5xytowg7t1ckk7zqqsc4fi|03|net"; nocase; ) # 1lomafvfd3qe5nvhft1aixfjp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lomafvfd3qe5nvhft1aixfjp|03|net"; nocase; ) # rhbei32x6d3mtgzzkfkrs3ya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rhbei32x6d3mtgzzkfkrs3ya|03|net"; nocase; ) # 1tr3n8e1lxdw8c1r99hnq13ulcvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tr3n8e1lxdw8c1r99hnq13ulcvc|03|net"; nocase; ) # 1er3hkkroz9rq185re8a1t3bu62.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1er3hkkroz9rq185re8a1t3bu62|03|org"; nocase; ) # 1rbytpy1bib942qevafi1pipbf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbytpy1bib942qevafi1pipbf2|03|net"; nocase; ) # 8nohy9lpwsgxwltgci1kjpsg5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8nohy9lpwsgxwltgci1kjpsg5|03|net"; nocase; ) # wr5lbhx6qpkd1sud7zfzrm5ic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wr5lbhx6qpkd1sud7zfzrm5ic|03|net"; nocase; ) # hgifmm4m9rxu1m8gnu91vvxwq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hgifmm4m9rxu1m8gnu91vvxwq8|03|com"; nocase; ) # wrhsuq1u2k3bb1qyyje9cfos9f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wrhsuq1u2k3bb1qyyje9cfos9f|03|biz"; nocase; ) # z578pjp66wezop0ymm6v5og.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|z578pjp66wezop0ymm6v5og|03|org"; nocase; ) # 1s6qt2e9tkzd81sihfbo1hnekkc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s6qt2e9tkzd81sihfbo1hnekkc|03|net"; nocase; ) # 1sxg0j0ahijq0vhfhpktmu8rb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sxg0j0ahijq0vhfhpktmu8rb|03|net"; nocase; ) # 1hqkoct70qwu5zon9k8151mom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hqkoct70qwu5zon9k8151mom|03|org"; nocase; ) # 1ibeiaj1r0wkru6vqsxfn0zcdi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ibeiaj1r0wkru6vqsxfn0zcdi|03|net"; nocase; ) # 1vooovc1ps2nalkluija10493zf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vooovc1ps2nalkluija10493zf|03|net"; nocase; ) # 1azkuvnrk4j3mbm3go0kru5lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1azkuvnrk4j3mbm3go0kru5lg|03|net"; nocase; ) # ujlz3u5tv4p21hj1ci01fg3n6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ujlz3u5tv4p21hj1ci01fg3n6t|03|net"; nocase; ) # xnu10w33b56o10z9v671clio7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xnu10w33b56o10z9v671clio7w|03|net"; nocase; ) # 6ebemsoyk6so13te6xw7sn6r2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ebemsoyk6so13te6xw7sn6r2|03|org"; nocase; ) # 1tiu14g1d29bpbpwzvqjkz6mdk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tiu14g1d29bpbpwzvqjkz6mdk|03|org"; nocase; ) # ecdx0j1g8lt7uc2s8jf1wrkea7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecdx0j1g8lt7uc2s8jf1wrkea7|03|org"; nocase; ) # 15lq49f1s7nkzg180ue9v1yqqd8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15lq49f1s7nkzg180ue9v1yqqd8v|03|org"; nocase; ) # 19xfroh1gt4jny1470as9569m2v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19xfroh1gt4jny1470as9569m2v|03|net"; nocase; ) # 1c4lf7x1uuggq31lg6yl61qpuku3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c4lf7x1uuggq31lg6yl61qpuku3|03|net"; nocase; ) # znf8pg1mzec0e148j4bw1wpm9ua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|znf8pg1mzec0e148j4bw1wpm9ua|03|net"; nocase; ) # 19pobnk1sxyxf67wyxpq1jxff1w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19pobnk1sxyxf67wyxpq1jxff1w|03|com"; nocase; ) # hes4shqahxkb17giznh1kpl4v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hes4shqahxkb17giznh1kpl4v|03|net"; nocase; ) # ajxj9j1v7njgn1eo88embihu9w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ajxj9j1v7njgn1eo88embihu9w|03|net"; nocase; ) # swhqmh108puov1jczt24lywkp9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|swhqmh108puov1jczt24lywkp9|03|net"; nocase; ) # ky5nrrw6j44pvmk8ulwvtqtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ky5nrrw6j44pvmk8ulwvtqtf|03|net"; nocase; ) # fahqq62e1v1zuktsovugm2xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fahqq62e1v1zuktsovugm2xh|03|net"; nocase; ) # 5slem8187xipp17juiduge5hof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5slem8187xipp17juiduge5hof|03|biz"; nocase; ) # ur4hvffvaopy1uq7wka1d8awim.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ur4hvffvaopy1uq7wka1d8awim|03|net"; nocase; ) # n3z57v18yjvqra1j1ys1142pog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3z57v18yjvqra1j1ys1142pog|03|biz"; nocase; ) # 10exgetbf8a4g1k8u8gl18dgxtm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10exgetbf8a4g1k8u8gl18dgxtm|03|net"; nocase; ) # 1l7tp5glfafsyvk4aiw1p65vfi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l7tp5glfafsyvk4aiw1p65vfi|03|org"; nocase; ) # 1gn19rw1wwpd9fj8eh2n1cf62t9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gn19rw1wwpd9fj8eh2n1cf62t9|03|net"; nocase; ) # dv5yp0fij51gi7q94rnilutx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dv5yp0fij51gi7q94rnilutx|03|biz"; nocase; ) # 165jtvsa7cy5etw08u6xt5kk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|165jtvsa7cy5etw08u6xt5kk8|03|com"; nocase; ) # 1bd0aww8ptt8nbt4snf1l5cupo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bd0aww8ptt8nbt4snf1l5cupo|03|biz"; nocase; ) # 1qr5cje13otaa916hruhq1evj9hr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qr5cje13otaa916hruhq1evj9hr|03|net"; nocase; ) # 1h9hblaj377ks1c8jtb3zif7wg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h9hblaj377ks1c8jtb3zif7wg|03|org"; nocase; ) # xgkct141rc443eynueu3br9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xgkct141rc443eynueu3br9x|03|net"; nocase; ) # hbghrqrxic4v123ro711yty9dy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hbghrqrxic4v123ro711yty9dy|03|org"; nocase; ) # fmix6e1d348suqb4z0pp3h1l8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fmix6e1d348suqb4z0pp3h1l8|03|net"; nocase; ) # dphf737lqp391powz111pn8j4g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dphf737lqp391powz111pn8j4g|03|com"; nocase; ) # bn4ga3194knn01joazd8142wgel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bn4ga3194knn01joazd8142wgel|03|net"; nocase; ) # uqtkiweb4u0p135eua21y45mxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uqtkiweb4u0p135eua21y45mxf|03|org"; nocase; ) # 1lzfng3rsixaicip7bjdmw3hs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lzfng3rsixaicip7bjdmw3hs|03|org"; nocase; ) # 10pxdlb3h7la61op9tdf169g0l9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10pxdlb3h7la61op9tdf169g0l9|03|biz"; nocase; ) # unefzzmchl9lk1lkpm77fjfs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|unefzzmchl9lk1lkpm77fjfs|03|biz"; nocase; ) # 1quxedn14p02cyp6jiec17c8q38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1quxedn14p02cyp6jiec17c8q38|03|org"; nocase; ) # 8rjxfqbgyp6s8l28euvvb84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|8rjxfqbgyp6s8l28euvvb84|03|net"; nocase; ) # 3r6n9swm8jz31lia3difq2zyj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3r6n9swm8jz31lia3difq2zyj|03|org"; nocase; ) # 4rpi4p1kcf8fw103a93b1swg40g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4rpi4p1kcf8fw103a93b1swg40g|03|biz"; nocase; ) # 15lf4mu1hzwprs1jqhwdq1uhoq9u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15lf4mu1hzwprs1jqhwdq1uhoq9u|03|com"; nocase; ) # 1aqvtqc16x2zlq2wbumj1p0mq32.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aqvtqc16x2zlq2wbumj1p0mq32|03|com"; nocase; ) # 4vjrl1jl8eepk75yo11j1sc7r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4vjrl1jl8eepk75yo11j1sc7r|03|biz"; nocase; ) # 1ftlyy13xaf3f14i3qmk13m5pr7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ftlyy13xaf3f14i3qmk13m5pr7|03|org"; nocase; ) # 1yxq4en6h1z699vaktwhm7bhx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yxq4en6h1z699vaktwhm7bhx|03|biz"; nocase; ) # dkghumegywsgwhgi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041274; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|dkghumegywsgwhgi|02|eu"; nocase; ) # wcbavyiwayvmkhrp.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041275; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wcbavyiwayvmkhrp|02|eu"; nocase; ) # wxfaqbixgdatcloc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041276; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wxfaqbixgdatcloc|02|eu"; nocase; ) # wtwaldulmhqatclo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041277; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wtwaldulmhqatclo|02|eu"; nocase; ) # wbdjwqhdkvrcmusb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041278; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wbdjwqhdkvrcmusb|02|eu"; nocase; ) # qqbtctxqarbtdwdu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041279; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qqbtctxqarbtdwdu|02|eu"; nocase; ) # kkuqmhcekjtepuqo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041280; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kkuqmhcekjtepuqo|02|eu"; nocase; ) # kgmeujordnkxtlnb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041281; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kgmeujordnkxtlnb|02|eu"; nocase; ) # kxirknngpvrxpgha.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041282; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kxirknngpvrxpgha|02|eu"; nocase; ) # evkoamfsgjtcxnxh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041283; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|evkoamfsgjtcxnxh|02|eu"; nocase; ) # xtamneihpjtagtfn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041284; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xtamneihpjtagtfn|02|eu"; nocase; ) # xbgiyrulaxucyyma.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041285; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xbgiyrulaxucyyma|02|eu"; nocase; ) # xscvovtamgpputgy.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041286; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xscvovtamgpputgy|02|eu"; nocase; ) # rxwbpilebisvitrg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041287; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rxwbpilebisvitrg|02|eu"; nocase; ) # rpgcsmksaqajrolf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041288; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rpgcsmksaqajrolf|02|eu"; nocase; ) # lubugyojofdpfowm.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041289; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lubugyojofdpfowm|02|eu"; nocase; ) # lchqrmobmterxtem.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041290; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lchqrmobmterxtem|02|eu"; nocase; ) # ltdeuqnplcyrtoxx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041291; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ltdeuqnplcyrtoxx|02|eu"; nocase; ) # fqhklheimmjlqjdr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041292; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fqhklheimmjlqjdr|02|eu"; nocase; ) # ad3878a60be34a6e7a640c4a926d2581eb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041293; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ad3878a60be34a6e7a640c4a926d2581eb|02|cc"; nocase; ) # lddf3d2d031f6b7732897a7709d4ca2cfb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041294; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lddf3d2d031f6b7732897a7709d4ca2cfb|02|in"; nocase; ) # m25339203b003ef74c9df38c94327e958d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041295; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m25339203b003ef74c9df38c94327e958d|02|hk"; nocase; ) # tcf87773e1bb4c9e3bd70527505b6811fe.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041296; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tcf87773e1bb4c9e3bd70527505b6811fe|02|in"; nocase; ) # x8de2a815d46ecda41ea51472639b1f551.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041297; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x8de2a815d46ecda41ea51472639b1f551|02|so"; nocase; ) # bd9406df088cfbce2542af691134fc39a8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041298; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd9406df088cfbce2542af691134fc39a8|02|in"; nocase; ) # e6fd7083461ac4a44ebcde7889b3696fa0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041299; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e6fd7083461ac4a44ebcde7889b3696fa0|02|tk"; nocase; ) # h961289161777512a236940ca20bb2ad9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041300; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h961289161777512a236940ca20bb2ad9e|02|ws"; nocase; ) # kea6949635c04b8cab519399642c8810cb.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041301; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kea6949635c04b8cab519399642c8810cb|02|hk"; nocase; ) # pb4589444edc56e9d8d6232154c3927b31.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041302; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb4589444edc56e9d8d6232154c3927b31|02|ws"; nocase; ) # q20f94ebc71f9b39e537b5ccc411644bce.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041303; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q20f94ebc71f9b39e537b5ccc411644bce|02|to"; nocase; ) # r389580b255ab1c0fed1700fb79bf86235.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041304; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r389580b255ab1c0fed1700fb79bf86235|02|in"; nocase; ) # v6b5ff9c5f0c811ca272305426070a86a3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041305; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v6b5ff9c5f0c811ca272305426070a86a3|02|so"; nocase; ) # w8bc94e66d1577d3f1529fe153a3c24a0f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w8bc94e66d1577d3f1529fe153a3c24a0f|02|cc"; nocase; ) # y44a822c7af4d99c58eea68a16563f6d6e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y44a822c7af4d99c58eea68a16563f6d6e|02|to"; nocase; ) # i9b4792b0d8e9a668d45e68d556bf3a07f.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i9b4792b0d8e9a668d45e68d556bf3a07f|02|hk"; nocase; ) # q9fa707fa31ec3a0cc7499952fc5f4d1b7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9fa707fa31ec3a0cc7499952fc5f4d1b7|02|hk"; nocase; ) # x785bcb2c5117791defde843e4117c5198.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x785bcb2c5117791defde843e4117c5198|02|in"; nocase; ) # y8ce6f53a1759b04468ce078a1ef1d8aca.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y8ce6f53a1759b04468ce078a1ef1d8aca|02|hk"; nocase; ) # z8928df07b90cab38d45aa5d250c49e9c4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z8928df07b90cab38d45aa5d250c49e9c4|02|cn"; nocase; ) # e10a1a414f7a812efe40f636b04ab08635.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e10a1a414f7a812efe40f636b04ab08635|02|to"; nocase; ) # f18d417d0e8ce13bf397749c320854e65b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f18d417d0e8ce13bf397749c320854e65b|02|in"; nocase; ) # n7973f82485e3611e26a8cab48c55c149f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7973f82485e3611e26a8cab48c55c149f|02|in"; nocase; ) # p889e6e0a4c4eb3af33df0a3328739c61f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p889e6e0a4c4eb3af33df0a3328739c61f|02|cn"; nocase; ) # t421e81892309fca08be5adf6ed3660f4f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t421e81892309fca08be5adf6ed3660f4f|02|ws"; nocase; ) # x7388fa1547823cbe57feb324991aea311.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7388fa1547823cbe57feb324991aea311|02|cn"; nocase; ) # m0c94daa4002bb10b18cbcd78bf10d5de1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0c94daa4002bb10b18cbcd78bf10d5de1|02|hk"; nocase; ) # t879ca6424436c6ca9f9e2717e7475bb3b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t879ca6424436c6ca9f9e2717e7475bb3b|02|in"; nocase; ) # ge756385dbf1e4d5202fcc56fd64810ec2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ge756385dbf1e4d5202fcc56fd64810ec2|02|cc"; nocase; ) # i66c99ab03085906f16446b900220dabb7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i66c99ab03085906f16446b900220dabb7|02|to"; nocase; ) # p7bd304d3b5d84a3cc1545457eca81bff2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7bd304d3b5d84a3cc1545457eca81bff2|02|ws"; nocase; ) # v685d85168ea99d3b9274ec8284d9342bc.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v685d85168ea99d3b9274ec8284d9342bc|02|so"; nocase; ) # z85b678446f0a447fc17af378a4c6b1316.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z85b678446f0a447fc17af378a4c6b1316|02|in"; nocase; ) # h316a9712353d3679f594b878e54166e81.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h316a9712353d3679f594b878e54166e81|02|in"; nocase; ) # k0ad6ff6526ffe091db9362d60c53b4e19.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k0ad6ff6526ffe091db9362d60c53b4e19|02|tk"; nocase; ) # rba92caf31354d07c1c6b3ec550cecba83.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rba92caf31354d07c1c6b3ec550cecba83|02|cn"; nocase; ) # s07ff37d872865ebeb26f5ef52917cab09.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s07ff37d872865ebeb26f5ef52917cab09|02|tk"; nocase; ) # u3b9541bd6dc884d6973256be29f655844.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3b9541bd6dc884d6973256be29f655844|02|cc"; nocase; ) # k80b912177cc8a7133c05334ff1b52a60e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k80b912177cc8a7133c05334ff1b52a60e|02|cc"; nocase; ) # m8a702691f410585c34586682a7ed729d9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m8a702691f410585c34586682a7ed729d9|02|to"; nocase; ) # pfd0364a7633943d535cd30bdfd537e6c5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfd0364a7633943d535cd30bdfd537e6c5|02|cn"; nocase; ) # tf18a242abd00be2df818c9ba4eee99f05.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tf18a242abd00be2df818c9ba4eee99f05|02|ws"; nocase; ) # u68ab270470768b5eec94ef2cfbf10f123.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u68ab270470768b5eec94ef2cfbf10f123|02|to"; nocase; ) # wff3767c27b618f38b3914110b6b722a26.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wff3767c27b618f38b3914110b6b722a26|02|hk"; nocase; ) # xe79a2ce71aba5818e52e9c14f73cfa0dd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe79a2ce71aba5818e52e9c14f73cfa0dd|02|cn"; nocase; ) # a8972f4a0d81917769549019140b465ecf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a8972f4a0d81917769549019140b465ecf|02|cc"; nocase; ) # hd413897487912b69d8407de53aba7bc60.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd413897487912b69d8407de53aba7bc60|02|so"; nocase; ) # i736c911cce1aeed8be323004edc56f651.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i736c911cce1aeed8be323004edc56f651|02|cc"; nocase; ) # kdb91fcbc3c280960a31ed809b23172ddc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kdb91fcbc3c280960a31ed809b23172ddc|02|to"; nocase; ) # lbe0875c9e8b05463cf8e80d4235830554.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lbe0875c9e8b05463cf8e80d4235830554|02|in"; nocase; ) # n50a752cb9ee51fc60f0cbfc053b272983.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n50a752cb9ee51fc60f0cbfc053b272983|02|cn"; nocase; ) # q13bf4958f0e9657286bce673158d4b9e2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q13bf4958f0e9657286bce673158d4b9e2|02|cc"; nocase; ) # r2e7763b82716394a20a384caf1ae9654f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2e7763b82716394a20a384caf1ae9654f|02|ws"; nocase; ) # x93c06e059e40766ad122e679abad06e02.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x93c06e059e40766ad122e679abad06e02|02|so"; nocase; ) # c5b9c75eec67dd1f7285df1075105a7da4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c5b9c75eec67dd1f7285df1075105a7da4|02|hk"; nocase; ) # gcc6795f0a7986a6586f1c396ba4b38fc9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gcc6795f0a7986a6586f1c396ba4b38fc9|02|cc"; nocase; ) # p099ef3f6383b64f9c3259aefcb4c0c1e5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p099ef3f6383b64f9c3259aefcb4c0c1e5|02|ws"; nocase; ) # teb41855974b06c45a021fc0c8d3a10c22.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|teb41855974b06c45a021fc0c8d3a10c22|02|cn"; nocase; ) # udc736b2c4b9a8955c129e51667ef7c3fc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|udc736b2c4b9a8955c129e51667ef7c3fc|02|tk"; nocase; ) # ea616d0f238b65db4fc2af652c85026010.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea616d0f238b65db4fc2af652c85026010|02|cc"; nocase; ) # h9aab0fe9e5cc8074f35e7ea0bed5fb98c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h9aab0fe9e5cc8074f35e7ea0bed5fb98c|02|in"; nocase; ) # kedba3e57ea7d141e54e404646fa6f08d3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kedba3e57ea7d141e54e404646fa6f08d3|02|tk"; nocase; ) # s67095a9c96bde7a8fe07fb2486910c98d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s67095a9c96bde7a8fe07fb2486910c98d|02|tk"; nocase; ) # wb46c1c959bb1ee007de90feb844a20078.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb46c1c959bb1ee007de90feb844a20078|02|to"; nocase; ) # aa4bdf35bb7ca4bdc0c70c6034c718b063.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aa4bdf35bb7ca4bdc0c70c6034c718b063|02|tk"; nocase; ) # pe018d1549690ac3e7a059f5285a570f7f.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe018d1549690ac3e7a059f5285a570f7f|02|cn"; nocase; ) # v9f53190177d6d54015ba68cad638937cf.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9f53190177d6d54015ba68cad638937cf|02|in"; nocase; ) # wb82f7cf29b40ad8661b8a6d268f557ca1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wb82f7cf29b40ad8661b8a6d268f557ca1|02|hk"; nocase; ) # y1fa26f634e7dc6c90149db35e45145a82.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1fa26f634e7dc6c90149db35e45145a82|02|tk"; nocase; ) # h1fe51a7a0a0ab517db885258ea77ae170.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h1fe51a7a0a0ab517db885258ea77ae170|02|so"; nocase; ) # j0b2551c15fb08e01a62ebcac4136e80e5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j0b2551c15fb08e01a62ebcac4136e80e5|02|ws"; nocase; ) # p4e24f39c6a5999d4ae6a966e339ff9730.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p4e24f39c6a5999d4ae6a966e339ff9730|02|so"; nocase; ) # q4484f78ab912f51ba53e78915ec2a47e7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q4484f78ab912f51ba53e78915ec2a47e7|02|cc"; nocase; ) # e360b6115c344a41767194ec315863a69e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e360b6115c344a41767194ec315863a69e|02|tk"; nocase; ) # f658e754f64b5660740cb1e9ac24898673.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f658e754f64b5660740cb1e9ac24898673|02|so"; nocase; ) # gecdcbc7e139cb6d536f30797f04d11f68.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gecdcbc7e139cb6d536f30797f04d11f68|02|cc"; nocase; ) # ga3697ac0517ee00fa4f150d2bed0a28ca.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga3697ac0517ee00fa4f150d2bed0a28ca|02|to"; nocase; ) # h38dc47d3ce4d1e7ec503f6c15606111ec.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h38dc47d3ce4d1e7ec503f6c15606111ec|02|in"; nocase; ) # pfe2f75a4f4cdabb5c84b8c1426635df7b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfe2f75a4f4cdabb5c84b8c1426635df7b|02|in"; nocase; ) # t9a04b5a5743e3f05965d0bf87674d18a3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9a04b5a5743e3f05965d0bf87674d18a3|02|so"; nocase; ) # i0c203e58e04a79f35df03d9a7808bbfba.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i0c203e58e04a79f35df03d9a7808bbfba|02|tk"; nocase; ) # j200b56657c69099a3870aff57297f2ee3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j200b56657c69099a3870aff57297f2ee3|02|so"; nocase; ) # le7f7f2d4f650d936f20be0a799184238b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le7f7f2d4f650d936f20be0a799184238b|02|ws"; nocase; ) # p5cd625259ae940edd6af74807a55df97c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5cd625259ae940edd6af74807a55df97c|02|cn"; nocase; ) # s4dd79ee8fbfabf5710c49925a45106f73.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s4dd79ee8fbfabf5710c49925a45106f73|02|cc"; nocase; ) # y39d2b06b60e0a3efe292fc6b04cbe0622.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y39d2b06b60e0a3efe292fc6b04cbe0622|02|tk"; nocase; ) # bf3a6d380753792198ba9db95446313cdd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bf3a6d380753792198ba9db95446313cdd|02|ws"; nocase; ) # hc1f3725c57e3bdfd94090df3930a8351f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc1f3725c57e3bdfd94090df3930a8351f|02|so"; nocase; ) # b0c13852cedc3a3af3e7a5ba180f5cd896.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0c13852cedc3a3af3e7a5ba180f5cd896|02|in"; nocase; ) # da4ae6fd021c489fe4fd636c912b07f87d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|da4ae6fd021c489fe4fd636c912b07f87d|02|cn"; nocase; ) # e9d12d3ee900ab37c203d0095c1266abb3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9d12d3ee900ab37c203d0095c1266abb3|02|tk"; nocase; ) # h360bf4791bb3577b746275dba264a64c6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h360bf4791bb3577b746275dba264a64c6|02|ws"; nocase; ) # ifcfd181f622fe390cbbbfb0b649bbc7c8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ifcfd181f622fe390cbbbfb0b649bbc7c8|02|to"; nocase; ) # jd199e10f30c4908e2fac7483583ae0f1d.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd199e10f30c4908e2fac7483583ae0f1d|02|in"; nocase; ) # l9acd97fc88589914981b1b751a709613d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9acd97fc88589914981b1b751a709613d|02|cn"; nocase; ) # nfa569b30941945b160e859243727d25ff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nfa569b30941945b160e859243727d25ff|02|so"; nocase; ) # ua074ca13e7245611c4ee2cd55c228df95.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua074ca13e7245611c4ee2cd55c228df95|02|tk"; nocase; ) # zaf61200a31532e9a37358f4b19a5e2eeb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zaf61200a31532e9a37358f4b19a5e2eeb|02|in"; nocase; ) # ae0daf068bb2c48e0f15e198f3e924dfc5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ae0daf068bb2c48e0f15e198f3e924dfc5|02|hk"; nocase; ) # obd3370f6c281a8fc44ef643126449fabf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obd3370f6c281a8fc44ef643126449fabf|02|to"; nocase; ) # y3efba79fc5d6bbb5f3b17b5e3e76eea23.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3efba79fc5d6bbb5f3b17b5e3e76eea23|02|hk"; nocase; ) # d3bf10d3bdc055ae73fce557a8ba3ba597.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d3bf10d3bdc055ae73fce557a8ba3ba597|02|ws"; nocase; ) # j71d6cc0160af2a7ca8e140b8940605a00.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j71d6cc0160af2a7ca8e140b8940605a00|02|so"; nocase; ) # u08cb5fdd33e35aca2b626e145e9471364.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u08cb5fdd33e35aca2b626e145e9471364|02|to"; nocase; ) # fe4906320fa970ef07795ddf6482aaca91.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe4906320fa970ef07795ddf6482aaca91|02|cn"; nocase; ) # h0c66db24b500ca3ebfa0c81801ddfa2cd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h0c66db24b500ca3ebfa0c81801ddfa2cd|02|so"; nocase; ) # lc6348f7bd69b8146aa6fa4b66fcabfd27.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc6348f7bd69b8146aa6fa4b66fcabfd27|02|in"; nocase; ) # o147b45791ba363a233214a3ed6d23a0b8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o147b45791ba363a233214a3ed6d23a0b8|02|tk"; nocase; ) # wdfc45470bc672deef42ab7ed644992fa0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wdfc45470bc672deef42ab7ed644992fa0|02|tk"; nocase; ) # e9fdd5ff50d2b33697781102b16db07bb7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9fdd5ff50d2b33697781102b16db07bb7|02|tk"; nocase; ) # g70fea3bd29379ab911ef8137f564a5050.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g70fea3bd29379ab911ef8137f564a5050|02|cc"; nocase; ) # hd45c17520c12774dc8d055a59650aad7d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd45c17520c12774dc8d055a59650aad7d|02|ws"; nocase; ) # n9f2f7146c0cc6d320aac65daac6d2fa86.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9f2f7146c0cc6d320aac65daac6d2fa86|02|so"; nocase; ) # u57c0dbf99c941211be6dad472aa70cb58.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u57c0dbf99c941211be6dad472aa70cb58|02|tk"; nocase; ) # x298f140e4d891c24f8aa3b5d50577ff19.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x298f140e4d891c24f8aa3b5d50577ff19|02|ws"; nocase; ) # cc12ad57d2d5871f391ff6c13b0a1ab73c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cc12ad57d2d5871f391ff6c13b0a1ab73c|02|tk"; nocase; ) # df1344c25fc989006115cfc46abe8a212f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|df1344c25fc989006115cfc46abe8a212f|02|so"; nocase; ) # e67f34098c0776e70127bfd0f35ad0f537.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e67f34098c0776e70127bfd0f35ad0f537|02|cc"; nocase; ) # f8f970cc4ae4ece413c166156a5bb80e1c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8f970cc4ae4ece413c166156a5bb80e1c|02|ws"; nocase; ) # j2667832e8909e7dc9ab360750eb95c788.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j2667832e8909e7dc9ab360750eb95c788|02|cn"; nocase; ) # t9870797fcf2e65a1bfd48ef7bc6e33b44.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t9870797fcf2e65a1bfd48ef7bc6e33b44|02|so"; nocase; ) # gae996ebeb409154dcd8ee5ce88b99b039.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gae996ebeb409154dcd8ee5ce88b99b039|02|hk"; nocase; ) # o9b252efa428957c477f72bfaa2b8e36c9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9b252efa428957c477f72bfaa2b8e36c9|02|hk"; nocase; ) # n53f745408163254a053f642ab0733705e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n53f745408163254a053f642ab0733705e|02|cn"; nocase; ) # pc79c7a5e5eabf1bb64df8369a93ebe6fe.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pc79c7a5e5eabf1bb64df8369a93ebe6fe|02|so"; nocase; ) # t110c4e77ae109ff1d44100dc95b6a582b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t110c4e77ae109ff1d44100dc95b6a582b|02|in"; nocase; ) # a44bbf6dca9ff8412eb06e5db3eebd8b89.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a44bbf6dca9ff8412eb06e5db3eebd8b89|02|to"; nocase; ) # e99ce44895a53b5899a3f1849ba5eef3bc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e99ce44895a53b5899a3f1849ba5eef3bc|02|tk"; nocase; ) # je45ca3f27e0889abddc64e3f3c19ddc89.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|je45ca3f27e0889abddc64e3f3c19ddc89|02|in"; nocase; ) # nee669e0478f8a6c1eed8b36b8add10d9f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nee669e0478f8a6c1eed8b36b8add10d9f|02|so"; nocase; ) # o0597c287e2b01a1932da85098bc3273ec.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0597c287e2b01a1932da85098bc3273ec|02|cc"; nocase; ) # pfcfd11e98082d36e4951a505e6a0468af.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pfcfd11e98082d36e4951a505e6a0468af|02|ws"; nocase; ) # v26f3ef85e35ed3f50d38ed948d208850d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v26f3ef85e35ed3f50d38ed948d208850d|02|so"; nocase; ) # xc7bc5a2f289d85e30bf3e36f1a9c723a7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xc7bc5a2f289d85e30bf3e36f1a9c723a7|02|ws"; nocase; ) # gaf106b5c2f41fcf8ae2106dd53ba89973.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gaf106b5c2f41fcf8ae2106dd53ba89973|02|to"; nocase; ) # id26253efefc47885d1dd859eadb878896.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id26253efefc47885d1dd859eadb878896|02|hk"; nocase; ) # l1dc3cd50bd02629eefccc33061adafe71.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1dc3cd50bd02629eefccc33061adafe71|02|so"; nocase; ) # o70045f3f33974687109b2178a09f36fa3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o70045f3f33974687109b2178a09f36fa3|02|to"; nocase; ) # v5d5c55e60a26012367a1e1d4f13dc836c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v5d5c55e60a26012367a1e1d4f13dc836c|02|ws"; nocase; ) # w08b3bf19d4acd5c6d95f9784346ae2640.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w08b3bf19d4acd5c6d95f9784346ae2640|02|to"; nocase; ) # x97a2613c60e36f8a9a4a9faa468dbf70b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x97a2613c60e36f8a9a4a9faa468dbf70b|02|in"; nocase; ) # a1894a12fb683bf7adab28b10807f8fe12.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1894a12fb683bf7adab28b10807f8fe12|02|tk"; nocase; ) # d46c665f0c9ad48c05a0a308309862f81c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d46c665f0c9ad48c05a0a308309862f81c|02|ws"; nocase; ) # f87781d7096a4ca35fe1445732c03ff242.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f87781d7096a4ca35fe1445732c03ff242|02|in"; nocase; ) # j42575ba499bec39bae1e458f6eba76a47.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j42575ba499bec39bae1e458f6eba76a47|02|so"; nocase; ) # p4fe1564c772ac29c1fbad256bc272c560.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p4fe1564c772ac29c1fbad256bc272c560|02|cn"; nocase; ) # rf60ce173504b6627c161452f622cdc3e3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rf60ce173504b6627c161452f622cdc3e3|02|so"; nocase; ) # e2f6d4fc910399f97cb059e79a648757da.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e2f6d4fc910399f97cb059e79a648757da|02|hk"; nocase; ) # n3ffb639594c621233ce0e61f5e7452598.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3ffb639594c621233ce0e61f5e7452598|02|cn"; nocase; ) # o826a0dde8112618e948d73345b2ecf77b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o826a0dde8112618e948d73345b2ecf77b|02|tk"; nocase; ) # q2f8b88da0dba9547e5a20f2598d0b4da8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2f8b88da0dba9547e5a20f2598d0b4da8|02|cc"; nocase; ) # uc9c564dce6bcfbfff662931beacb8f0b8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc9c564dce6bcfbfff662931beacb8f0b8|02|hk"; nocase; ) # y72c5cdc5013c26296203f29f5ff27c9ce.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y72c5cdc5013c26296203f29f5ff27c9ce|02|cc"; nocase; ) # decd1b466173e5069c75a2acb9b86f620a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|decd1b466173e5069c75a2acb9b86f620a|02|cn"; nocase; ) # eb0f6c78289d7eaa467fb8c67d81614c02.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eb0f6c78289d7eaa467fb8c67d81614c02|02|tk"; nocase; ) # g7cbb9496c2ecb974f343efe62933226c7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g7cbb9496c2ecb974f343efe62933226c7|02|cc"; nocase; ) # hf01ffa04347df0fe033546496e2ab4a91.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hf01ffa04347df0fe033546496e2ab4a91|02|ws"; nocase; ) # ld11c61bb3aa82a29b0a7a44ee71ca4053.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ld11c61bb3aa82a29b0a7a44ee71ca4053|02|cn"; nocase; ) # ve17868348355541b47d9f6cd6a723ae30.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ve17868348355541b47d9f6cd6a723ae30|02|so"; nocase; ) # w8feefbc36f759a1426da72f8fba52a622.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w8feefbc36f759a1426da72f8fba52a622|02|cc"; nocase; ) # e9cc9ad4aa8eddc2b0a1ddb6ac5b8b9ca3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9cc9ad4aa8eddc2b0a1ddb6ac5b8b9ca3|02|cc"; nocase; ) # ib25dcec4c9a43f24e2607cf16fdbe6664.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib25dcec4c9a43f24e2607cf16fdbe6664|02|hk"; nocase; ) # t456fa3d47c1326d4f9b6d3d4eca26d6d2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t456fa3d47c1326d4f9b6d3d4eca26d6d2|02|so"; nocase; ) # xd15a09577f3003198dfcf815bf2c8b771.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd15a09577f3003198dfcf815bf2c8b771|02|in"; nocase; ) # c448fca9fd7083e47aa6f5cc9701673b88.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c448fca9fd7083e47aa6f5cc9701673b88|02|cc"; nocase; ) # eb6a30320e3341659ece5bd7a33a149241.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eb6a30320e3341659ece5bd7a33a149241|02|to"; nocase; ) # gf420dc2e9da44c7b5c891562c44016fb7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gf420dc2e9da44c7b5c891562c44016fb7|02|hk"; nocase; ) # hd60e87db2af7a0b4a551561da6e38c5cf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd60e87db2af7a0b4a551561da6e38c5cf|02|cn"; nocase; ) # m628ca296dd831503ba23a2bbf3e53b055.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m628ca296dd831503ba23a2bbf3e53b055|02|to"; nocase; ) # n478c0b3dbff174a98c17321563e829dad.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n478c0b3dbff174a98c17321563e829dad|02|in"; nocase; ) # o0750fff854413fecbc79515f3ec167389.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0750fff854413fecbc79515f3ec167389|02|hk"; nocase; ) # r82a888d460a00e9f2a1ceb0cb04ad9973.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r82a888d460a00e9f2a1ceb0cb04ad9973|02|so"; nocase; ) # u53adf0efbcefe896053f74d750116360d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u53adf0efbcefe896053f74d750116360d|02|to"; nocase; ) # x4d9d0b09ea1e8a56db27737b8735deecb.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x4d9d0b09ea1e8a56db27737b8735deecb|02|cn"; nocase; ) # le25e185072a70a3972572befdc4615a51.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|le25e185072a70a3972572befdc4615a51|02|in"; nocase; ) # se346b1a765bb2862baa7706ab69badfab.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|se346b1a765bb2862baa7706ab69badfab|02|to"; nocase; ) # t284372ab4bb84fdea0acb96f7d074c79e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t284372ab4bb84fdea0acb96f7d074c79e|02|in"; nocase; ) # v8bd58d9294e1c4f6cf02d1116473697e5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8bd58d9294e1c4f6cf02d1116473697e5|02|cn"; nocase; ) # a1f5ad574256b3c276a2b1b26df768af2c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1f5ad574256b3c276a2b1b26df768af2c|02|to"; nocase; ) # b1c0fd9c83ae7d72e7a26198f85a739831.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1c0fd9c83ae7d72e7a26198f85a739831|02|in"; nocase; ) # v32fbb1773be4bfa61d556f445d637ac7f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v32fbb1773be4bfa61d556f445d637ac7f|02|so"; nocase; ) # zb6e2824342567ea4cb4ed8d7c3056cd3f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zb6e2824342567ea4cb4ed8d7c3056cd3f|02|in"; nocase; ) # a61ad7718fcb0a2da98210435023108a5b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a61ad7718fcb0a2da98210435023108a5b|02|hk"; nocase; ) # k9bae73f54317479381e9e70d3b5873d6d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k9bae73f54317479381e9e70d3b5873d6d|02|tk"; nocase; ) # mf3b1cb4ff407bf31ef1cf895accab47f8.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf3b1cb4ff407bf31ef1cf895accab47f8|02|cc"; nocase; ) # t26e65b4f4466fada5fd1b1604fba05a76.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t26e65b4f4466fada5fd1b1604fba05a76|02|so"; nocase; ) # z6ad80df9cf104abeb817dbda9cc32d78c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6ad80df9cf104abeb817dbda9cc32d78c|02|cn"; nocase; ) # a27c943471346485ee6dc05427f43a06fc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a27c943471346485ee6dc05427f43a06fc|02|tk"; nocase; ) # d6bab41776b86f099c506e128467d6ca74.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6bab41776b86f099c506e128467d6ca74|02|ws"; nocase; ) # h081f6705e76dd11177c5a8890f66f9d36.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h081f6705e76dd11177c5a8890f66f9d36|02|cn"; nocase; ) # i3602f57303a5ce635728cec016f7ac456.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3602f57303a5ce635728cec016f7ac456|02|tk"; nocase; ) # l420b80907eb1a338884569120127f2fc3.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l420b80907eb1a338884569120127f2fc3|02|ws"; nocase; ) # p0d5c3c14c161c577a383f27ef31bcbcb0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p0d5c3c14c161c577a383f27ef31bcbcb0|02|cn"; nocase; ) # ib868a17e4102b793202522fd537ca2f14.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ib868a17e4102b793202522fd537ca2f14|02|cc"; nocase; ) # n7489a3e55329e8109aa55d0fde0a093af.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7489a3e55329e8109aa55d0fde0a093af|02|cn"; nocase; ) # o90664283a75a732d6f2017092bc7bd021.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o90664283a75a732d6f2017092bc7bd021|02|tk"; nocase; ) # ue391f1b044f7cfb9d21c6225de36ee768.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue391f1b044f7cfb9d21c6225de36ee768|02|hk"; nocase; ) # ved2c829340da4940f054aec2a4a7dea75.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ved2c829340da4940f054aec2a4a7dea75|02|cn"; nocase; ) # d08f0c2339f5d1e2aae4e6177e8ef9efcf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d08f0c2339f5d1e2aae4e6177e8ef9efcf|02|cn"; nocase; ) # e9b76c4db13dc0684bce674502e7fb9820.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9b76c4db13dc0684bce674502e7fb9820|02|tk"; nocase; ) # kf4d0133d426f588d97182e7c33e939f8b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kf4d0133d426f588d97182e7c33e939f8b|02|hk"; nocase; ) # r9bed85dd661369a395aece1d8c369d976.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9bed85dd661369a395aece1d8c369d976|02|in"; nocase; ) # v395235c454d7848952127164b779e6a12.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v395235c454d7848952127164b779e6a12|02|so"; nocase; ) # w6df94b8d70278b5d588df52e1a63bef90.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w6df94b8d70278b5d588df52e1a63bef90|02|cc"; nocase; ) # dd8bb5f0bff696092cbb04c363014b1d33.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd8bb5f0bff696092cbb04c363014b1d33|02|so"; nocase; ) # l10edaacdc1d90da90940c0cd3cf60b134.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l10edaacdc1d90da90940c0cd3cf60b134|02|so"; nocase; ) # b9e451ced044712cc8b5d70a83ac41e35f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b9e451ced044712cc8b5d70a83ac41e35f|02|ws"; nocase; ) # caa92789e313d2013553d626df0cc53580.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|caa92789e313d2013553d626df0cc53580|02|to"; nocase; ) # d9a739927aa2fc62375251bf3d3301e46f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d9a739927aa2fc62375251bf3d3301e46f|02|in"; nocase; ) # g470af17a2cdfee7f96ce0de6b424fd2ed.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g470af17a2cdfee7f96ce0de6b424fd2ed|02|tk"; nocase; ) # n7b7eaa437474030b53f4366d1710910cf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n7b7eaa437474030b53f4366d1710910cf|02|cn"; nocase; ) # o8a51e68677235e27db0994b4ce0415801.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8a51e68677235e27db0994b4ce0415801|02|tk"; nocase; ) # rb94324adc16cf50d7d173d190824d159c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb94324adc16cf50d7d173d190824d159c|02|ws"; nocase; ) # s410a81477b932503a5dac66b79ff37cac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s410a81477b932503a5dac66b79ff37cac|02|to"; nocase; ) # t6529b0d80ac46d052e53fc7833022d438.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6529b0d80ac46d052e53fc7833022d438|02|in"; nocase; ) # u39e01aab57fdcfa6736222669aba33496.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u39e01aab57fdcfa6736222669aba33496|02|hk"; nocase; ) # wc1f62280ad54557bb2de2c3829128e6ba.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc1f62280ad54557bb2de2c3829128e6ba|02|tk"; nocase; ) # d7728323caa81c7ef50e9e8b9f5374dac0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d7728323caa81c7ef50e9e8b9f5374dac0|02|cn"; nocase; ) # ie4ee4e9b5279bdf8cbd81d158d1e1965a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ie4ee4e9b5279bdf8cbd81d158d1e1965a|02|to"; nocase; ) # l1f66ab5b253b3afebb8262087e3fb9e36.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l1f66ab5b253b3afebb8262087e3fb9e36|02|cn"; nocase; ) # u2cbac408ece5b46b376d78a7cfad0c5a1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2cbac408ece5b46b376d78a7cfad0c5a1|02|tk"; nocase; ) # x80923ca2dc00334e9b475c12c36835ed2.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x80923ca2dc00334e9b475c12c36835ed2|02|ws"; nocase; ) # af36f882db1f6a94b92dcc4ae75d6dd370.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af36f882db1f6a94b92dcc4ae75d6dd370|02|hk"; nocase; ) # c2a9a2daefb3f544a7f6bdeca8e2789b22.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c2a9a2daefb3f544a7f6bdeca8e2789b22|02|tk"; nocase; ) # kdd714ce6008cce264d9b21ddfc35191b6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kdd714ce6008cce264d9b21ddfc35191b6|02|tk"; nocase; ) # sa0e56ddcfc9088c692e1480541d80d570.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sa0e56ddcfc9088c692e1480541d80d570|02|tk"; nocase; ) # ab16a90241d863765a516700586db4a9d1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab16a90241d863765a516700586db4a9d1|02|tk"; nocase; ) # h834f0839ccdfe6382acf9a2848bea2b29.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h834f0839ccdfe6382acf9a2848bea2b29|02|cn"; nocase; ) # j00fd6e885ce4b60569a3d8eae1aaa75d3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j00fd6e885ce4b60569a3d8eae1aaa75d3|02|so"; nocase; ) # l96f789e5b1bed2feb06bcace9b7993ea0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l96f789e5b1bed2feb06bcace9b7993ea0|02|ws"; nocase; ) # nd0a27d9ae00f35cd3a71c1060b35f05d1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd0a27d9ae00f35cd3a71c1060b35f05d1|02|in"; nocase; ) # u6add03efadb3ba8b1b48134a937a32ca9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u6add03efadb3ba8b1b48134a937a32ca9|02|to"; nocase; ) # x491e863391b3a8df2d5c08a8f4d570892.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x491e863391b3a8df2d5c08a8f4d570892|02|cn"; nocase; ) # a9b0840e4a4f3febfcdd908e15381d0e9b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a9b0840e4a4f3febfcdd908e15381d0e9b|02|cc"; nocase; ) # e8269060d646005efec6ed81dd00545823.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e8269060d646005efec6ed81dd00545823|02|hk"; nocase; ) # gd79d876e8074c54918c900a82c67d9238.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd79d876e8074c54918c900a82c67d9238|02|tk"; nocase; ) # nac0e3bded1802868cd5a0568f0c55068d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nac0e3bded1802868cd5a0568f0c55068d|02|cn"; nocase; ) # oa5ffb5ce179ca6be9f5c0a47567a8482b.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oa5ffb5ce179ca6be9f5c0a47567a8482b|02|tk"; nocase; ) # rb720a361a4b36e4d2b060613af3168192.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb720a361a4b36e4d2b060613af3168192|02|ws"; nocase; ) # t7121f16288765435d383122ba3f40021b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t7121f16288765435d383122ba3f40021b|02|in"; nocase; ) # w0e51936422805f9b1606fcc109ebd6604.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w0e51936422805f9b1606fcc109ebd6604|02|tk"; nocase; ) # m0a4f5fcb929173e82ef2a5c34ffedb83f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0a4f5fcb929173e82ef2a5c34ffedb83f|02|tk"; nocase; ) # seec7c3bf2e18426f83bfd4dbcb315648d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|seec7c3bf2e18426f83bfd4dbcb315648d|02|hk"; nocase; ) # a897b7c9647161b6eb8ab5a74bf5e292fd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a897b7c9647161b6eb8ab5a74bf5e292fd|02|hk"; nocase; ) # e781ab830e3d6c297063325fd8e028c83c.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e781ab830e3d6c297063325fd8e028c83c|02|cc"; nocase; ) # j93386c7fc5f9f59b91173da37a0e1d13a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j93386c7fc5f9f59b91173da37a0e1d13a|02|cn"; nocase; ) # l9198dd74c035a4fb410841210cbe87b2a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9198dd74c035a4fb410841210cbe87b2a|02|so"; nocase; ) # pba21c8778eed0e9c149e21da4414ff251.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pba21c8778eed0e9c149e21da4414ff251|02|in"; nocase; ) # yad0afcbe3c9256e3d4982a9d34df4ea09.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yad0afcbe3c9256e3d4982a9d34df4ea09|02|hk"; nocase; ) # k673743247419f17001852d0021a8d952a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k673743247419f17001852d0021a8d952a|02|cc"; nocase; ) # l9dbdf0ee532907673813bcc532f249ac0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l9dbdf0ee532907673813bcc532f249ac0|02|ws"; nocase; ) # m5926ec5e356c6a7d8513a9133976fc7a5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5926ec5e356c6a7d8513a9133976fc7a5|02|to"; nocase; ) # r4531b291c12b65f2111d629c2eb2ea4a0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r4531b291c12b65f2111d629c2eb2ea4a0|02|so"; nocase; ) # tc14cd722575a665fbe8d6dd72c24c1cce.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tc14cd722575a665fbe8d6dd72c24c1cce|02|ws"; nocase; ) # yd2c2be16dfddc238f4d5865e49647d83c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yd2c2be16dfddc238f4d5865e49647d83c|02|tk"; nocase; ) # i61ea69a95c9663b9fc733b2a6d7e2fa87.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i61ea69a95c9663b9fc733b2a6d7e2fa87|02|cc"; nocase; ) # jcf9d115b73e65f70c6e91a80c3792501d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jcf9d115b73e65f70c6e91a80c3792501d|02|ws"; nocase; ) # nceb305402682c29ddbeff9e59c671e6b6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nceb305402682c29ddbeff9e59c671e6b6|02|cn"; nocase; ) # r32f27693d8a83b2991d5b1a71053cb4ac.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r32f27693d8a83b2991d5b1a71053cb4ac|02|ws"; nocase; ) # v753de614064f987a09353c379dddb9874.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v753de614064f987a09353c379dddb9874|02|cn"; nocase; ) # w6e9bb0b1d58fbdca0374694ab7c64fa97.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w6e9bb0b1d58fbdca0374694ab7c64fa97|02|tk"; nocase; ) # d8929759e1959d9fc1b7c44bfebd75f383.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8929759e1959d9fc1b7c44bfebd75f383|02|cn"; nocase; ) # eff0e51874a5ce34ba1ad51864be1f4f45.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eff0e51874a5ce34ba1ad51864be1f4f45|02|tk"; nocase; ) # gc8a0a359172c06ccfc0c35bd8e60b8a0a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc8a0a359172c06ccfc0c35bd8e60b8a0a|02|cc"; nocase; ) # j9465f0263931b8788fd3c2771bb33d6b0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9465f0263931b8788fd3c2771bb33d6b0|02|in"; nocase; ) # l4f817c3c51b3c9cd9524ed0ae0fc55344.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l4f817c3c51b3c9cd9524ed0ae0fc55344|02|cn"; nocase; ) # uc7e2245fbc0c0086299839896768c025f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc7e2245fbc0c0086299839896768c025f|02|tk"; nocase; ) # w149bfa6c4e1be9d653fd45e94047c2c2e.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w149bfa6c4e1be9d653fd45e94047c2c2e|02|cc"; nocase; ) # bd6e89eb6b7b6c4cab258734cf2455f9ee.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bd6e89eb6b7b6c4cab258734cf2455f9ee|02|cn"; nocase; ) # ec2c1c8f4ed6e3099155f1e2d956e7d230.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ec2c1c8f4ed6e3099155f1e2d956e7d230|02|cc"; nocase; ) # gd97e159a6b93c232e18a3a1ace07559ff.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gd97e159a6b93c232e18a3a1ace07559ff|02|to"; nocase; ) # ke3dda0195a4d84200d2f95bd7a0bdd247.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke3dda0195a4d84200d2f95bd7a0bdd247|02|tk"; nocase; ) # v939b5c983fd591fc064309fb1736c2276.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v939b5c983fd591fc064309fb1736c2276|02|ws"; nocase; ) # xb3aba5090435d8e1c3ef90dbf22da4648.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb3aba5090435d8e1c3ef90dbf22da4648|02|in"; nocase; ) # y9293ea1c03816400211a77037251dd643.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y9293ea1c03816400211a77037251dd643|02|hk"; nocase; ) # z3a3dbb832acff58b4a467ba5628d889c4.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3a3dbb832acff58b4a467ba5628d889c4|02|cn"; nocase; ) # be9a2ecb5463d46fdc04caf39877592900.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be9a2ecb5463d46fdc04caf39877592900|02|so"; nocase; ) # e043fe4fdbb7858b551bdc459d1b9a6bf4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e043fe4fdbb7858b551bdc459d1b9a6bf4|02|to"; nocase; ) # fd1e942f7e1d242504108bb27f5a9cd306.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fd1e942f7e1d242504108bb27f5a9cd306|02|in"; nocase; ) # ha2681608699814e9c35f5c3b5809fddc2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha2681608699814e9c35f5c3b5809fddc2|02|cn"; nocase; ) # jdeefc88fa8ba2a9b96e270ad726ffabea.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jdeefc88fa8ba2a9b96e270ad726ffabea|02|so"; nocase; ) # r89ec350b20a5ae0b5327e485dba6284c0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r89ec350b20a5ae0b5327e485dba6284c0|02|so"; nocase; ) # s0eb84cd6d7048c373413af71f7f9d8b12.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0eb84cd6d7048c373413af71f7f9d8b12|02|cc"; nocase; ) # x35423bca6550f6f6551ef0022ecc35c3c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x35423bca6550f6f6551ef0022ecc35c3c|02|cn"; nocase; ) # ybed028be513d8c3ec5fed091d8a871bc6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybed028be513d8c3ec5fed091d8a871bc6|02|tk"; nocase; ) # c6f799083fddc9ee2fc25bd2ccda0a937a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6f799083fddc9ee2fc25bd2ccda0a937a|02|to"; nocase; ) # efa7683a67acbbfb134f9c4e94dc2d4fd1.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041579; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|efa7683a67acbbfb134f9c4e94dc2d4fd1|02|hk"; nocase; ) # gdc511a75c74a631d363f8122e723fb4b8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041580; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gdc511a75c74a631d363f8122e723fb4b8|02|tk"; nocase; ) # h79a3417ab26819fd773ef219f511f8504.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041581; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h79a3417ab26819fd773ef219f511f8504|02|so"; nocase; ) # i66fd329cce3442038afde0e580d4c9fc9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041582; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i66fd329cce3442038afde0e580d4c9fc9|02|cc"; nocase; ) # 767fchs4wbgrsx76otyfclc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041583; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|767fchs4wbgrsx76otyfclc|04|ddns|03|net"; nocase; ) # 5b74snotohq8u0ybe61.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041584; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|5b74snotohq8u0ybe61|04|ddns|03|net"; nocase; ) # sp3h7l32ghg0w0o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041585; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|sp3h7l32ghg0w0o|04|ddns|03|net"; nocase; ) # onor72wjibglmbafovg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041586; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|onor72wjibglmbafovg|04|ddns|03|net"; nocase; ) # 18knmpgtg6afi6atat3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041587; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|18knmpgtg6afi6atat3|04|ddns|03|net"; nocase; ) # 58wrmne6sxw0yf1v5tgts4u.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041588; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|58wrmne6sxw0yf1v5tgts4u|04|ddns|03|net"; nocase; ) # urwn5pexcxcdulapitat1dw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041589; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|urwn5pexcxcdulapitat1dw|04|ddns|03|net"; nocase; ) # exmemiamceux.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041590; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0c|exmemiamceux|04|ddns|03|net"; nocase; ) # kaacwuixc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041591; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|09|kaacwuixc|04|ddns|03|net"; nocase; ) # 7lgtwfc83dm2i6e.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041592; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7lgtwfc83dm2i6e|04|ddns|03|net"; nocase; ) # w2wdmrgny8cfarg8ojk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041593; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|w2wdmrgny8cfarg8ojk|04|ddns|03|net"; nocase; ) # m0s0gd1xi2ytmrgje6ofoty.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041594; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|m0s0gd1xi2ytmrgje6ofoty|04|ddns|03|net"; nocase; ) # 70c27d7ri67f7da.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041595; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|70c27d7ri67f7da|04|ddns|03|net"; nocase; ) # glwhupkxq0w4s6or3p5bs4e.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041596; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|glwhupkxq0w4s6or3p5bs4e|04|ddns|03|net"; nocase; ) # urgto054qtsnercvwfm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041597; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|urgto054qtsnercvwfm|04|ddns|03|net"; nocase; ) # 5ja2e2qpgb36yl3b7ngry81.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041598; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|5ja2e2qpgb36yl3b7ngry81|04|ddns|03|net"; nocase; ) # mtgdgtejcp5j7tw2mde.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041599; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|mtgdgtejcp5j7tw2mde|04|ddns|03|net"; nocase; ) # s2mns2klglohu8gn30s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041600; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|s2mns2klglohu8gn30s|04|ddns|03|net"; nocase; ) # ukxomsrxgof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ukxomsrxgof|03|biz"; nocase; ) # wfeipfpe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wfeipfpe|03|biz"; nocase; ) # ntchpoxbc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ntchpoxbc|03|com"; nocase; ) # zkhmocnrmwq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zkhmocnrmwq|04|info"; nocase; ) # xewvsumd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xewvsumd|03|org"; nocase; ) # jwyqpnuwrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jwyqpnuwrp|03|net"; nocase; ) # gtqqurb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gtqqurb|03|net"; nocase; ) # hbzwtzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hbzwtzm|04|info"; nocase; ) # osswrklks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|osswrklks|03|org"; nocase; ) # hicsmeufo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hicsmeufo|03|com"; nocase; ) # sueyqmepx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|sueyqmepx|03|biz"; nocase; ) # abvrqhjxic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|abvrqhjxic|03|com"; nocase; ) # kyuyqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kyuyqh|03|biz"; nocase; ) # aipyrafrdv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aipyrafrdv|03|com"; nocase; ) # gemnmfmyhzy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gemnmfmyhzy|04|info"; nocase; ) # vdktqezya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vdktqezya|04|info"; nocase; ) # nafwchjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nafwchjt|03|org"; nocase; ) # gjlmhnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|gjlmhnd|03|biz"; nocase; ) # tvhnozaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tvhnozaj|03|com"; nocase; ) # ryotfavvf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ryotfavvf|04|info"; nocase; ) # dxgmkpnq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dxgmkpnq|03|biz"; nocase; ) # bbuqrhohrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bbuqrhohrx|03|net"; nocase; ) # ycjhrdudq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ycjhrdudq|03|com"; nocase; ) # dnsmlkwzs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dnsmlkwzs|04|info"; nocase; ) # gnqhyvdmkcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gnqhyvdmkcd|03|com"; nocase; ) # evlbzxb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|evlbzxb|04|info"; nocase; ) # oquwuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|oquwuy|03|net"; nocase; ) # nkjveas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nkjveas|03|com"; nocase; ) # ezflurereo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ezflurereo|03|com"; nocase; ) # neghomryoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|neghomryoa|03|biz"; nocase; ) # pkfgcfywldu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|pkfgcfywldu|03|com"; nocase; ) # lyklshb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lyklshb|03|com"; nocase; ) # txfnyz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|txfnyz|04|info"; nocase; ) # vonwfzf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vonwfzf|04|info"; nocase; ) # salwnhpg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|salwnhpg|03|biz"; nocase; ) # ojqzwfiky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ojqzwfiky|03|org"; nocase; ) # ksmqoqffpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ksmqoqffpv|03|biz"; nocase; ) # bxaeyqfwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bxaeyqfwm|04|info"; nocase; ) # lcqthkma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lcqthkma|03|org"; nocase; ) # grzgrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|grzgrp|03|net"; nocase; ) # mbisoqnjlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mbisoqnjlc|03|org"; nocase; ) # xckjxpswtq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xckjxpswtq|03|net"; nocase; ) # qyayse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qyayse|03|net"; nocase; ) # owvvgyvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|owvvgyvu|04|info"; nocase; ) # xgcrurxfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xgcrurxfa|03|com"; nocase; ) # qznjtuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qznjtuh|03|net"; nocase; ) # ckmelqjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ckmelqjy|03|org"; nocase; ) # lbilpwh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lbilpwh|04|info"; nocase; ) # zgmqfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zgmqfg|03|com"; nocase; ) # zdyodnisv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zdyodnisv|03|net"; nocase; ) # fhntbduhkkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fhntbduhkkd|03|org"; nocase; ) # lxzjip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lxzjip|03|com"; nocase; ) # zwmuhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|zwmuhd|03|com"; nocase; ) # ueaqharr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ueaqharr|03|net"; nocase; ) # derwbxlagvz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|derwbxlagvz|04|info"; nocase; ) # oplzkhaas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|oplzkhaas|03|com"; nocase; ) # qiqbudjyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|qiqbudjyl|04|info"; nocase; ) # pdceroxuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pdceroxuv|03|net"; nocase; ) # lrzgetmitg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|lrzgetmitg|03|net"; nocase; ) # eldntl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|eldntl|03|net"; nocase; ) # zjjzhvnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zjjzhvnx|03|biz"; nocase; ) # brfebob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|brfebob|03|biz"; nocase; ) # yklixni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yklixni|03|biz"; nocase; ) # eusrvkgrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eusrvkgrj|03|net"; nocase; ) # xunouz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xunouz|03|net"; nocase; ) # hyoptwrizcq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hyoptwrizcq|03|com"; nocase; ) # zloubcac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zloubcac|03|com"; nocase; ) # uguwimzeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uguwimzeo|03|com"; nocase; ) # beoxiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|beoxiy|03|com"; nocase; ) # tciphxpce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tciphxpce|03|com"; nocase; ) # ciddwjjoqfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ciddwjjoqfw|03|com"; nocase; ) # sdtojgakuxw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|sdtojgakuxw|04|info"; nocase; ) # riuonuiohwe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|riuonuiohwe|04|info"; nocase; ) # zyygqpeqt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zyygqpeqt|03|biz"; nocase; ) # nvurgoups.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nvurgoups|03|biz"; nocase; ) # pcbdaffk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pcbdaffk|03|com"; nocase; ) # retmlyfzlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|retmlyfzlw|03|org"; nocase; ) # krjkhj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|krjkhj|03|com"; nocase; ) # efeamf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|efeamf|03|org"; nocase; ) # rhvmvuybayj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rhvmvuybayj|04|info"; nocase; ) # skiskseukfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|skiskseukfo|03|com"; nocase; ) # siukwr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|siukwr|04|info"; nocase; ) # hfhvykj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hfhvykj|03|org"; nocase; ) # qhzhhfrvsev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qhzhhfrvsev|03|com"; nocase; ) # shyqwf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|shyqwf|04|info"; nocase; ) # pkpllrfdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pkpllrfdr|03|com"; nocase; ) # nqjmvrroec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nqjmvrroec|03|com"; nocase; ) # delztqedi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|delztqedi|03|com"; nocase; ) # rbhxewtux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rbhxewtux|03|net"; nocase; ) # fhocstaom.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fhocstaom|03|biz"; nocase; ) # nwilfzmmgs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nwilfzmmgs|03|com"; nocase; ) # uyvouabvur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uyvouabvur|03|net"; nocase; ) # gsrxonfdla.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|gsrxonfdla|03|org"; nocase; ) # mwnprqbued.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mwnprqbued|03|com"; nocase; ) # ceohjcvfqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ceohjcvfqq|03|biz"; nocase; ) # rhwysxg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rhwysxg|04|info"; nocase; ) # yzzirqogye.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|yzzirqogye|04|info"; nocase; ) # uovxemju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uovxemju|03|org"; nocase; ) # vcqbvz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vcqbvz|04|info"; nocase; ) # vffgxyhxc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vffgxyhxc|04|info"; nocase; ) # ohniods.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ohniods|03|com"; nocase; ) # akigkmfttn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|akigkmfttn|03|net"; nocase; ) # tnnishmgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tnnishmgl|03|com"; nocase; ) # tbglyzyrxju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tbglyzyrxju|03|org"; nocase; ) # zwasqfot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zwasqfot|03|biz"; nocase; ) # iskxkezxr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|iskxkezxr|04|info"; nocase; ) # mrrqssqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mrrqssqn|03|biz"; nocase; ) # mzkleviuolp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mzkleviuolp|03|org"; nocase; ) # tbqbfwfdmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tbqbfwfdmi|03|org"; nocase; ) # lwlcqkuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lwlcqkuh|03|net"; nocase; ) # mwwmgzjjhb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mwwmgzjjhb|03|com"; nocase; ) # vurqejdyuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vurqejdyuh|03|net"; nocase; ) # usnqkkaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|usnqkkaf|03|com"; nocase; ) # smbbihdir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|smbbihdir|03|com"; nocase; ) # qnanbxlgbe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qnanbxlgbe|03|com"; nocase; ) # nudwymsxc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|nudwymsxc|04|info"; nocase; ) # hmcvhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hmcvhm|03|com"; nocase; ) # oitjpdhxrfl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|oitjpdhxrfl|03|com"; nocase; ) # zbrjfwl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zbrjfwl|04|info"; nocase; ) # nddznwe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nddznwe|04|info"; nocase; ) # xqhsuimm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xqhsuimm|03|org"; nocase; ) # zaqauclff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zaqauclff|03|com"; nocase; ) # divrmiqmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|divrmiqmn|03|org"; nocase; ) # rrkpds.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rrkpds|03|com"; nocase; ) # jzgzba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jzgzba|03|com"; nocase; ) # ojchhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ojchhs|03|com"; nocase; ) # ktnftgzwya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ktnftgzwya|04|info"; nocase; ) # vpagfprjn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vpagfprjn|03|org"; nocase; ) # kgryqyutao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kgryqyutao|03|com"; nocase; ) # ulvhjvjg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ulvhjvjg|03|org"; nocase; ) # lxnkyw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lxnkyw|04|info"; nocase; ) # lfbyfnoffob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lfbyfnoffob|03|biz"; nocase; ) # umtftqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|umtftqx|03|biz"; nocase; ) # ckzbliuuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ckzbliuuq|03|net"; nocase; ) # pdpkfuyj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|pdpkfuyj|04|info"; nocase; ) # qejgfltq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qejgfltq|03|net"; nocase; ) # lgslczmqkoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lgslczmqkoz|03|biz"; nocase; ) # anyqrfnnxm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|anyqrfnnxm|04|info"; nocase; ) # wlpfndr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wlpfndr|03|com"; nocase; ) # hhwbxkwsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hhwbxkwsc|03|net"; nocase; ) # lfmemp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lfmemp|03|org"; nocase; ) # vdxfte.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vdxfte|03|net"; nocase; ) # ragmsvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ragmsvu|04|info"; nocase; ) # kwyoxemn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kwyoxemn|03|org"; nocase; ) # jvvzqqdndzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jvvzqqdndzx|04|info"; nocase; ) # kqlpumji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kqlpumji|03|org"; nocase; ) # kmtpqbcwoth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kmtpqbcwoth|03|net"; nocase; ) # dsbcgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dsbcgc|03|com"; nocase; ) # xqgdxky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xqgdxky|03|org"; nocase; ) # udymytz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|udymytz|03|net"; nocase; ) # afmaippbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|afmaippbo|03|com"; nocase; ) # pfcnfmutw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pfcnfmutw|03|net"; nocase; ) # odsiflrchdf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|odsiflrchdf|03|com"; nocase; ) # ogybuzmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ogybuzmf|03|org"; nocase; ) # xevwtqzvwsm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xevwtqzvwsm|03|net"; nocase; ) # izrpfize.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|izrpfize|04|info"; nocase; ) # ozgcmymjabh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ozgcmymjabh|03|com"; nocase; ) # vchxqtihg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vchxqtihg|03|com"; nocase; ) # ewsrsyx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ewsrsyx|04|info"; nocase; ) # uqxqkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uqxqkg|03|org"; nocase; ) # lkvmjr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lkvmjr|03|org"; nocase; ) # qsxvafw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qsxvafw|03|com"; nocase; ) # bqxejodgye.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bqxejodgye|04|info"; nocase; ) # soyrhcmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|soyrhcmm|03|org"; nocase; ) # ryahvc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ryahvc|04|info"; nocase; ) # yokkof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yokkof|03|biz"; nocase; ) # xnhopsbgamc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xnhopsbgamc|03|org"; nocase; ) # lugwdft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|lugwdft|03|com"; nocase; ) # zzhhpearczv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zzhhpearczv|04|info"; nocase; ) # rvjujsukx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rvjujsukx|03|org"; nocase; ) # rrojrnwfigx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rrojrnwfigx|03|com"; nocase; ) # ppydbivb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ppydbivb|04|info"; nocase; ) # opeaflufqje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|opeaflufqje|03|org"; nocase; ) # qwohmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qwohmr|03|org"; nocase; ) # ddqthzpf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ddqthzpf|03|biz"; nocase; ) # diobbaxqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|diobbaxqr|03|biz"; nocase; ) # ugxhhxkw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ugxhhxkw|03|org"; nocase; ) # ngqkmcix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ngqkmcix|03|com"; nocase; ) # hetnof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hetnof|03|biz"; nocase; ) # kddlccbaacdccbfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041780; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kddlccbaacdccbfc|03|com"; nocase; ) # ncaanfnafcddoboc.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041781; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ncaanfnafcddoboc|02|co"; nocase; ) # fcmccbamnaccbdlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041782; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcmccbamnaccbdlc|03|net"; nocase; ) # cbbmdafcbodaaenn.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041783; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cbbmdafcbodaaenn|02|cc"; nocase; ) # cdlaomdlddfkfaeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041784; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdlaomdlddfkfaeo|03|com"; nocase; ) # dbdcflnckabkacaa.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041785; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbdcflnckabkacaa|02|co"; nocase; ) # beaaabdcfcmecbfl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041786; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|beaaabdcfcmecbfl|02|eu"; nocase; ) # ackbcmaadkecfabf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041787; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ackbcmaadkecfabf|03|com"; nocase; ) # cdblceanmaclmale.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041788; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cdblceanmaclmale|03|net"; nocase; ) # noaddckmaakdbala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041789; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|noaddckmaakdbala|03|com"; nocase; ) # bkkamfmofnddbaan.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041790; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bkkamfmofnddbaan|02|cc"; nocase; ) # lkdbkofdebfddell.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041791; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lkdbkofdebfddell|03|org"; nocase; ) # nbfcfemkmdefeocb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041792; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nbfcfemkmdefeocb|03|org"; nocase; ) # dbdcbnflandcedmm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041793; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbdcbnflandcedmm|03|com"; nocase; ) # nkbfoneaofbbmlal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041794; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nkbfoneaofbbmlal|04|info"; nocase; ) # aadeafnedaecbddk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041795; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aadeafnedaecbddk|02|eu"; nocase; ) # fofmffdfbcbefodf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041796; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fofmffdfbcbefodf|03|net"; nocase; ) # cmfbcbbbbckmfdko.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041797; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|cmfbcbbbbckmfdko|02|de"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. ### sorry. not sure what to do with address: so i'm skipping this one. # nfblcdeocbfbfabd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041798; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nfblcdeocbfbfabd|03|com"; nocase; ) # fddcanmbcofbcbbl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041799; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fddcanmbcofbcbbl|04|info"; nocase; ) # oscxxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041800; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oscxxj|03|com"; nocase; ) # xifbgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041801; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xifbgi|03|com"; nocase; ) # nhqmsp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041802; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nhqmsp|03|com"; nocase; ) # qnaeua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041803; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qnaeua|03|com"; nocase; ) # ouafwf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041804; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ouafwf|03|com"; nocase; ) # nhvyku.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041805; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nhvyku|03|com"; nocase; ) # gcllsv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041806; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|gcllsv|03|com"; nocase; ) # ajffuq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041807; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ajffuq|03|com"; nocase; ) # mpmcyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041808; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mpmcyi|03|com"; nocase; ) # bzaxve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041809; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bzaxve|03|com"; nocase; ) # ijuxnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041810; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ijuxnz|03|com"; nocase; ) # ayufej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041811; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ayufej|03|com"; nocase; ) # wolaou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041812; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|wolaou|03|com"; nocase; ) # xcdied.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041813; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xcdied|03|com"; nocase; ) # eyexda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041814; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eyexda|03|com"; nocase; ) # tanydk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041815; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tanydk|03|com"; nocase; ) # otlwrljlddo.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041816; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|otlwrljlddo|03|xyz"; nocase; ) # twvjuija.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041817; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|twvjuija|03|biz"; nocase; ) # wghmbklehg.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041818; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|wghmbklehg|03|xyz"; nocase; ) # weuwvxubrufgd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041819; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|weuwvxubrufgd|04|info"; nocase; ) # sdktdlpqaaqtng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041820; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|sdktdlpqaaqtng|03|biz"; nocase; ) # duytoqyohvyxbcyg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041821; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|duytoqyohvyxbcyg|04|info"; nocase; ) # tdjxwpqynwbifjcv.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041822; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|tdjxwpqynwbifjcv|02|pw"; nocase; ) # ungdqdvmtrcoa.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041823; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ungdqdvmtrcoa|02|pl"; nocase; ) # uldxbvm.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041824; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|uldxbvm|02|pl"; nocase; ) # suxhyulrsqnvfrogp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041825; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|suxhyulrsqnvfrogp|03|org"; nocase; ) # xhjqgbwdfjpgh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041826; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|xhjqgbwdfjpgh|04|info"; nocase; ) # bovrnnirdnnkvtf.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041827; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|bovrnnirdnnkvtf|02|pl"; nocase; ) # sbcibdeldd.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041828; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|sbcibdeldd|04|work"; nocase; ) # jlyyxaitvtabgnscy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041829; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|jlyyxaitvtabgnscy|04|info"; nocase; ) # hsydelusfk.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041830; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|hsydelusfk|05|click"; nocase; ) # qcivxuuc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041831; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|qcivxuuc|02|ru"; nocase; ) # hneopir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041832; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|hneopir|03|org"; nocase; ) # lgitueqghdqgypd.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041833; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|lgitueqghdqgypd|04|work"; nocase; ) # yqnptbxjtelemf.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041834; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|yqnptbxjtelemf|02|su"; nocase; ) # mwtyxenvoaurw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041835; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|mwtyxenvoaurw|03|org"; nocase; ) # pcfjjgkcnfepyuqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041836; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|pcfjjgkcnfepyuqh|03|biz"; nocase; ) # ovspcubgi.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041837; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|ovspcubgi|02|pl"; nocase; ) # bsderlymprkiel.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041838; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|bsderlymprkiel|02|pl"; nocase; ) # lhkaywlxbknxjpxr.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041839; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|lhkaywlxbknxjpxr|04|work"; nocase; ) # hkwalebvqaowrcxy.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041840; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|hkwalebvqaowrcxy|02|pl"; nocase; ) # slkqppw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041841; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|slkqppw|03|biz"; nocase; ) # iotchwfk.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041842; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|iotchwfk|03|xyz"; nocase; ) # sukfymn.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041843; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|sukfymn|05|click"; nocase; ) # kamsshphritly.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041844; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|kamsshphritly|02|pl"; nocase; ) # rjnyppoolekrurb.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041845; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|rjnyppoolekrurb|03|xyz"; nocase; ) # yxihkthfqymmysltp.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041846; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|yxihkthfqymmysltp|02|pl"; nocase; ) # uglkxhrhxdljwudag.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041847; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|uglkxhrhxdljwudag|04|info"; nocase; ) # rumtkckvhhawt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041848; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|rumtkckvhhawt|03|org"; nocase; ) # ywxqtjqirmscuppuw.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041849; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ywxqtjqirmscuppuw|05|click"; nocase; ) # ixoptndkiqtsr.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041850; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ixoptndkiqtsr|02|pw"; nocase; ) # hkdjqrwvluvxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041851; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|hkdjqrwvluvxe|03|org"; nocase; ) # xddvmmjydm.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041852; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|xddvmmjydm|02|pw"; nocase; ) # vrsjvgwpucndrylpa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041853; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|vrsjvgwpucndrylpa|04|info"; nocase; ) # prhgmnohbccj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041854; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0c|prhgmnohbccj|02|ru"; nocase; ) # wnxrstcienvpoc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041855; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|wnxrstcienvpoc|04|info"; nocase; ) # sruxvonhefkigrx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041856; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|sruxvonhefkigrx|04|info"; nocase; ) # screyojxdd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041857; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|screyojxdd|04|info"; nocase; ) # ouqldeolqmymniqki.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041858; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|ouqldeolqmymniqki|02|pw"; nocase; ) # veuotrjrvcmqkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041859; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|veuotrjrvcmqkj|03|org"; nocase; ) # vujuewogoscr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041860; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vujuewogoscr|02|ru"; nocase; ) # qonidrmhygdy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041861; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qonidrmhygdy|03|com"; nocase; ) # leojfthetfvk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041862; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|leojfthetfvk|02|co|02|uk"; nocase; ) # vcntbtldwqqplf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041863; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vcntbtldwqqplf|04|info"; nocase; ) # ncnbfgwschwocj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041864; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ncnbfgwschwocj|03|org"; nocase; ) # ybactyygsaukcx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041865; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ybactyygsaukcx|02|co|02|uk"; nocase; ) # ehdcaqmtipuoav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041866; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ehdcaqmtipuoav|03|org"; nocase; ) # bwvoyqpirvyjgu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041867; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bwvoyqpirvyjgu|04|info"; nocase; ) # dvtpdbchqatwgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041868; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dvtpdbchqatwgh|03|net"; nocase; ) # swvvdgkexspaew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041869; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|swvvdgkexspaew|03|org"; nocase; ) # uvtwhqwdwwkngu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041870; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uvtwhqwdwwkngu|04|info"; nocase; ) # kcaggxorvlwmrt.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041871; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kcaggxorvlwmrt|02|ru"; nocase; ) # msfasfrfgvfgyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041872; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|msfasfrfgvfgyt|03|com"; nocase; ) # ofhoccvkbcuexi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041873; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ofhoccvkbcuexi|02|ru"; nocase; ) # qvmiojyxlmdxmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041874; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qvmiojyxlmdxmt|03|com"; nocase; ) # qnpmmurudbjcno.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041875; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qnpmmurudbjcno|03|net"; nocase; ) # rrkmpaeetvgpmp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041876; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rrkmpaeetvgpmp|03|biz"; nocase; ) # flbnhnynhanswj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041877; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|flbnhnynhanswj|04|info"; nocase; ) # trsnxeakggtvhp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041878; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|trsnxeakggtvhp|03|org"; nocase; ) # lgfudipwunpryh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041879; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lgfudipwunpryh|03|com"; nocase; ) # oummhsumugyslj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041880; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oummhsumugyslj|03|biz"; nocase; ) # srrjdnhcyhxben.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041881; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|srrjdnhcyhxben|04|info"; nocase; ) # wcwfiiyeavhdlj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041882; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wcwfiiyeavhdlj|02|ru"; nocase; ) # xexhfnlnnbnqte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041883; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xexhfnlnnbnqte|03|org"; nocase; ) # yavlgxxaownrmm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041884; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yavlgxxaownrmm|04|info"; nocase; ) # iytulifyywjygm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041885; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iytulifyywjygm|02|co|02|uk"; nocase; ) # wkqmkkxdveoyii.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041886; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wkqmkkxdveoyii|04|info"; nocase; ) # dsdehppkcpnrsj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041887; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dsdehppkcpnrsj|02|co|02|uk"; nocase; ) # euegexlwepijro.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041888; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|euegexlwepijro|04|info"; nocase; ) # ntsqnrfthgjbqj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041889; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ntsqnrfthgjbqj|02|co|02|uk"; nocase; ) # incajcywytntoj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041890; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|incajcywytntoj|02|co|02|uk"; nocase; ) # fbacgdgtnmadme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041891; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fbacgdgtnmadme|03|org"; nocase; ) # hjteiqhvvujyej.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041892; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hjteiqhvvujyej|04|info"; nocase; ) # wwyujprxtxpfdp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041893; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wwyujprxtxpfdp|03|org"; nocase; ) # fnxaadumbolnjb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041894; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fnxaadumbolnjb|02|ru"; nocase; ) # sdsnsloswvuvjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041895; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sdsnsloswvuvjo|03|org"; nocase; ) # mcxnqwmsxpafer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041896; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mcxnqwmsxpafer|03|com"; nocase; ) # owikvhyrdlssgp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041897; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owikvhyrdlssgp|03|biz"; nocase; ) # rybuinjjsjqoko.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041898; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rybuinjjsjqoko|04|info"; nocase; ) # kuvnvejliyqpsn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041899; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kuvnvejliyqpsn|02|ru"; nocase; ) # lyqpsjvgupixrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041900; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lyqpsjvgupixrd|03|org"; nocase; ) # rsapaqslboauhv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041901; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rsapaqslboauhv|02|co|02|uk"; nocase; ) # fiudsymrwvjdxa.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041902; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fiudsymrwvjdxa|04|info"; nocase; ) # jtktkwursmfchl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041903; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jtktkwursmfchl|02|co|02|uk"; nocase; ) # xiuyyvfbecopac.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041904; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xiuyyvfbecopac|03|net"; nocase; ) # bduuilepkidveu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041905; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bduuilepkidveu|04|info"; nocase; ) # shcojhloduatju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041906; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|shcojhloduatju|03|net"; nocase; ) # dyatdggxfeqldq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041907; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dyatdggxfeqldq|02|co|02|uk"; nocase; ) # cfywjatoatqvri.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041908; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cfywjatoatqvri|04|info"; nocase; ) # dtdmfpwunwrmju.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dtdmfpwunwrmju|03|biz"; nocase; ) # unsudwjiadugkwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|unsudwjiadugkwt|03|org"; nocase; ) # pumbcoakindbius.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|pumbcoakindbius|03|net"; nocase; ) # aibtoyyswiaaqsv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aibtoyyswiaaqsv|03|org"; nocase; ) # tqjrdynkkjrqlpn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tqjrdynkkjrqlpn|03|com"; nocase; ) # cflnchylxdjsiry.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cflnchylxdjsiry|02|co|02|uk"; nocase; ) # rodojbjjnrntwmk.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rodojbjjnrntwmk|02|ru"; nocase; ) # xvdalteqsqjujsp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xvdalteqsqjujsp|02|ru"; nocase; ) # xfjnikcocwmkfcm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xfjnikcocwmkfcm|02|co|02|uk"; nocase; ) # aivpwqiaedrptdb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|aivpwqiaedrptdb|04|info"; nocase; ) # oruypgfekjkxmif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|oruypgfekjkxmif|03|biz"; nocase; ) # cwxjrfjrinvmnqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cwxjrfjrinvmnqi|03|org"; nocase; ) # rjwpnxpibisunbh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rjwpnxpibisunbh|03|com"; nocase; ) # gycovabtyyngjgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gycovabtyyngjgu|03|net"; nocase; ) # mdgyjfatebwnfbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mdgyjfatebwnfbl|03|com"; nocase; ) # ndtxdyxylvrsnpx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ndtxdyxylvrsnpx|03|com"; nocase; ) # jfkotskayxocoum.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jfkotskayxocoum|02|ru"; nocase; ) # wslxybeubuepopl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wslxybeubuepopl|03|org"; nocase; ) # sovjrqksgndaode.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|sovjrqksgndaode|02|co|02|uk"; nocase; ) # rvburmyrcueynxp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rvburmyrcueynxp|04|info"; nocase; ) # bfekncrhhhijmci.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bfekncrhhhijmci|02|co|02|uk"; nocase; ) # ouyxghcktjgvdju.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ouyxghcktjgvdju|04|info"; nocase; ) # fmyurlyemjrdoew.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fmyurlyemjrdoew|02|co|02|uk"; nocase; ) # ooxwlspejucitur.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ooxwlspejucitur|02|co|02|uk"; nocase; ) # qjipddcagyjltyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qjipddcagyjltyj|03|com"; nocase; ) # tndlcpsiwxjkstw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tndlcpsiwxjkstw|03|com"; nocase; ) # vinetafetcqncvo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vinetafetcqncvo|03|biz"; nocase; ) # xphqgwtjyatfopq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xphqgwtjyatfopq|03|org"; nocase; ) # ygwhbykeaiuvios.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ygwhbykeaiuvios|02|co|02|uk"; nocase; ) # akrjxhgfvebiqkr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|akrjxhgfvebiqkr|04|info"; nocase; ) # hfmyavchvmubbrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hfmyavchvmubbrp|03|org"; nocase; ) # iwwdmmhkrqvakdj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iwwdmmhkrqvakdj|04|info"; nocase; ) # lawltkjyntkusms.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lawltkjyntkusms|02|co|02|uk"; nocase; ) # nvcrdgbwvodcbyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nvcrdgbwvodcbyu|03|net"; nocase; ) # txmfwpjdyekuhcp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|txmfwpjdyekuhcp|03|biz"; nocase; ) # hnhspxdjultdxgs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hnhspxdjultdxgs|02|ru"; nocase; ) # vswxogossuohalj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vswxogossuohalj|03|org"; nocase; ) # xswrqeqgqllkhqq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xswrqeqgqllkhqq|02|ru"; nocase; ) # anhkiuvvkcpwals.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|anhkiuvvkcpwals|02|co|02|uk"; nocase; ) # dagwskukenblebr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dagwskukenblebr|02|ru"; nocase; ) # dfmsclxcoqufijk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dfmsclxcoqufijk|02|co|02|uk"; nocase; ) # qjvlpqaoeotbrvl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qjvlpqaoeotbrvl|04|info"; nocase; ) # xyvaeuqrfbsfafc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xyvaeuqrfbsfafc|02|co|02|uk"; nocase; ) # cbafipitvmkyhxf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|cbafipitvmkyhxf|03|biz"; nocase; ) # ddbjyuuofwidper.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ddbjyuuofwidper|02|ru"; nocase; ) # eulnlfheesgliej.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eulnlfheesgliej|02|co|02|uk"; nocase; ) # iutdrcpndgsvurn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iutdrcpndgsvurn|02|ru"; nocase; ) # xdfhiuvpgcjdnca.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xdfhiuvpgcjdnca|04|info"; nocase; ) # maaqovbpmdignwg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|maaqovbpmdignwg|03|com"; nocase; ) # ubapodjuuiilbsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ubapodjuuiilbsj|03|net"; nocase; ) # iobbnitxeghxbfj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iobbnitxeghxbfj|03|biz"; nocase; ) # jglfayybakiwtwu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jglfayybakiwtwu|03|org"; nocase; ) # wjeacxyvhygophm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wjeacxyvhygophm|02|co|02|uk"; nocase; ) # loppntocmbgapas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|loppntocmbgapas|03|net"; nocase; ) # fqosdmcohhdbspe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fqosdmcohhdbspe|04|info"; nocase; ) # rjoyaswicqxnvnj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rjoyaswicqxnvnj|03|org"; nocase; ) # slpdqbsjiulauwq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|slpdqbsjiulauwq|02|co|02|uk"; nocase; ) # trsjnnmjohvqvyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|trsjnnmjohvqvyv|03|net"; nocase; ) # bbkuedlythnk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bbkuedlythnk|04|info"; nocase; ) # flpyikotrrtq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|flpyikotrrtq|02|ru"; nocase; ) # rpxeanhhfdvd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rpxeanhhfdvd|04|info"; nocase; ) # stsdgsnjveno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|stsdgsnjveno|03|com"; nocase; ) # afcedfkmaigd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|afcedfkmaigd|02|ru"; nocase; ) # pbwhjwtlgnvv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pbwhjwtlgnvv|02|ru"; nocase; ) # dhayoiukxggt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dhayoiukxggt|03|org"; nocase; ) # echwyyqxjuhy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|echwyyqxjuhy|04|info"; nocase; ) # fxfbapverekq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fxfbapverekq|03|net"; nocase; ) # gpkqfhptrjeo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gpkqfhptrjeo|02|ru"; nocase; ) # icitmygylvrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|icitmygylvrp|03|org"; nocase; ) # nklokwvifpkn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nklokwvifpkn|04|info"; nocase; ) # dchiiumqfgsj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dchiiumqfgsj|04|info"; nocase; ) # yhpmwksdpfjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yhpmwksdpfjy|03|com"; nocase; ) # gliagkwsctjf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gliagkwsctjf|03|org"; nocase; ) # ecxhukgafxbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ecxhukgafxbq|03|com"; nocase; ) # fyuffmdtcjyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fyuffmdtcjyk|03|net"; nocase; ) # jpdpooitjbtp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jpdpooitjbtp|03|net"; nocase; ) # fyvdyldcntbj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fyvdyldcntbj|02|co|02|uk"; nocase; ) # iotnssesesrl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iotnssesesrl|03|biz"; nocase; ) # aotgmfljopec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aotgmfljopec|03|com"; nocase; ) # qdhnooofuvgc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qdhnooofuvgc|03|com"; nocase; ) # xsxsirdnkiop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xsxsirdnkiop|03|org"; nocase; ) # nxnowwhiyoao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nxnowwhiyoao|03|com"; nocase; ) # fqvwylqgrbby.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fqvwylqgrbby|03|net"; nocase; ) # ghlsennlbluc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ghlsennlbluc|03|biz"; nocase; ) # jmqgnheojvtk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jmqgnheojvtk|02|co|02|uk"; nocase; ) # wogaxsfykaej.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wogaxsfykaej|04|info"; nocase; ) # bsovphmqdsmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bsovphmqdsmt|03|com"; nocase; ) # aeayjqnwuwkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aeayjqnwuwkf|03|org"; nocase; ) # cykvohsjgdxk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cykvohsjgdxk|04|info"; nocase; ) # qwsbfgltjgvn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qwsbfgltjgvn|03|biz"; nocase; ) # rwihlfwunjlp.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000041999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rwihlfwunjlp|02|co|02|uk"; nocase; ) # trseqvchypyu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|trseqvchypyu|03|com"; nocase; ) # jvmbjawlrliy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jvmbjawlrliy|03|com"; nocase; ) # wjnllfbhbavn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wjnllfbhbavn|03|net"; nocase; ) # rmukmoaeslru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rmukmoaeslru|03|net"; nocase; ) # kshtvwwgfgxx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kshtvwwgfgxx|03|net"; nocase; ) # yaqgyyvgetyf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yaqgyyvgetyf|03|biz"; nocase; ) # fvoswdmlaxtf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fvoswdmlaxtf|03|net"; nocase; ) # stjbkobjswxl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|stjbkobjswxl|02|co|02|uk"; nocase; ) # ghklmtffclla.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ghklmtffclla|04|info"; nocase; ) # cccsntjihnxq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cccsntjihnxq|03|net"; nocase; ) # dedxbypvqhaw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dedxbypvqhaw|03|biz"; nocase; ) # uiocwvntnvev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|uiocwvntnvev|03|net"; nocase; ) # qnwglkssobxr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qnwglkssobxr|03|biz"; nocase; ) # sihdqbxfahlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sihdqbxfahlw|03|org"; nocase; ) # rcbdjwutvcwb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rcbdjwutvcwb|02|co|02|uk"; nocase; ) # qyycxilfasiuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qyycxilfasiuo|03|com"; nocase; ) # epdwwqkuqacbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|epdwwqkuqacbp|03|org"; nocase; ) # ijklhdtdesfef.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ijklhdtdesfef|03|biz"; nocase; ) # jnfkniafutwpe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jnfkniafutwpe|02|ru"; nocase; ) # snbntnkkemshn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|snbntnkkemshn|02|co|02|uk"; nocase; ) # wpfbwunfpcyfu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wpfbwunfpcyfu|03|biz"; nocase; ) # neskscavarhxv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|neskscavarhxv|03|biz"; nocase; ) # rgjwgthiltbex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rgjwgthiltbex|03|com"; nocase; ) # lhvxuqkmuwmnu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lhvxuqkmuwmnu|02|co|02|uk"; nocase; ) # lyyyccjnupobv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lyyyccjnupobv|04|info"; nocase; ) # twatktrkyrgyd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|twatktrkyrgyd|03|biz"; nocase; ) # jrottnhhgxspp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jrottnhhgxspp|03|org"; nocase; ) # euvuoxhrdyupe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|euvuoxhrdyupe|03|org"; nocase; ) # fwwxidntqwjfm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fwwxidntqwjfm|02|co|02|uk"; nocase; ) # fqtucithvdjgn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|fqtucithvdjgn|04|info"; nocase; ) # kuylyiprqnnsm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kuylyiprqnnsm|03|org"; nocase; ) # lndwhppfancvv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lndwhppfancvv|03|com"; nocase; ) # onghqcpifhuye.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|onghqcpifhuye|02|ru"; nocase; ) # qmeehmcevfctw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qmeehmcevfctw|02|co|02|uk"; nocase; ) # bnctwbaepbmgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bnctwbaepbmgl|03|com"; nocase; ) # dvgmjvrysmoma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dvgmjvrysmoma|03|org"; nocase; ) # eremwmwcjgilj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eremwmwcjgilj|04|info"; nocase; ) # jekdaqevaldaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jekdaqevaldaa|03|net"; nocase; ) # lcjghmpbedlob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lcjghmpbedlob|03|org"; nocase; ) # mopygqcsqutvi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mopygqcsqutvi|04|info"; nocase; ) # urjbesgimdqsh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|urjbesgimdqsh|02|ru"; nocase; ) # qwrfsimgwcpmh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qwrfsimgwcpmh|03|org"; nocase; ) # htxpthhdsdkrq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|htxpthhdsdkrq|04|info"; nocase; ) # lvcdwokxesqpx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|lvcdwokxesqpx|02|ru"; nocase; ) # nqmvoywtbwxsq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nqmvoywtbwxsq|02|co|02|uk"; nocase; ) # bghkehkswovyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bghkehkswovyq|04|info"; nocase; ) # xcihuyvocbvnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xcihuyvocbvnq|03|net"; nocase; ) # ytslhpbrxfwms.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ytslhpbrxfwms|02|ru"; nocase; ) # akmahgwijhhsq.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|akmahgwijhhsq|02|co|02|uk"; nocase; ) # dxbhyeijqxfwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042049; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dxbhyeijqxfwv|03|org"; nocase; ) # olqqrhhrkoyow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042050; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|olqqrhhrkoyow|03|com"; nocase; ) # rlpuwwdurmmav.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042051; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rlpuwwdurmmav|02|co|02|uk"; nocase; ) # euswkiqmuojpa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042052; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|euswkiqmuojpa|03|net"; nocase; ) # iwwkndgucbymo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042053; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iwwkndgucbymo|02|co|02|uk"; nocase; ) # 1k4crw91yj7cwc114pr2t13mz0u1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k4crw91yj7cwc114pr2t13mz0u1|03|net"; nocase; ) # v5a91ywwqgv1uzezclx2khps.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|v5a91ywwqgv1uzezclx2khps|03|org"; nocase; ) # syxwtei2x40k1dgynw0ca17zj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|syxwtei2x40k1dgynw0ca17zj|03|com"; nocase; ) # iwwlt3erbs1xm5v5lr1p5tnd9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwwlt3erbs1xm5v5lr1p5tnd9|03|net"; nocase; ) # tp6cli1eyx4o31lfcwqvbwkauc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tp6cli1eyx4o31lfcwqvbwkauc|03|com"; nocase; ) # oj7szg19e4f27eo0rqx1uei2hu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oj7szg19e4f27eo0rqx1uei2hu|03|org"; nocase; ) # 1cbot7psfbk57fmu90l1qtzjbr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cbot7psfbk57fmu90l1qtzjbr|03|net"; nocase; ) # b44ruq9k1ehyodca6qbcyi2c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b44ruq9k1ehyodca6qbcyi2c|03|net"; nocase; ) # 1s3gryg13q09c6sxt06n1khqaue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s3gryg13q09c6sxt06n1khqaue|03|com"; nocase; ) # 16swxwzqwmvg8mbslw91w4xsr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16swxwzqwmvg8mbslw91w4xsr2|03|org"; nocase; ) # 1qbs0kdgrb0j56juw671udco2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qbs0kdgrb0j56juw671udco2b|03|net"; nocase; ) # 1uxwd1f81bpid10jqj8qj29brq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uxwd1f81bpid10jqj8qj29brq|03|com"; nocase; ) # 1r4gb8g18bvq3e1kl7sz81s5o9bh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r4gb8g18bvq3e1kl7sz81s5o9bh|03|com"; nocase; ) # 1roai5p29k43m184k10a1llpya9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1roai5p29k43m184k10a1llpya9|03|com"; nocase; ) # 1b6rbhd9o9w3k1megxplvf0tck.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b6rbhd9o9w3k1megxplvf0tck|03|net"; nocase; ) # q9yzmd10s1a86pclab71868juo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q9yzmd10s1a86pclab71868juo|03|com"; nocase; ) # 1yrgy5n1hd6931mzj88k1uen9i3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yrgy5n1hd6931mzj88k1uen9i3|03|net"; nocase; ) # 14c95ru1yh8zewcxe5l21egyvil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14c95ru1yh8zewcxe5l21egyvil|03|net"; nocase; ) # 5v532414a7i3671ifrohgj2pv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5v532414a7i3671ifrohgj2pv|03|org"; nocase; ) # 1wq3rd81n02f6y4adj551eivezi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wq3rd81n02f6y4adj551eivezi|03|com"; nocase; ) # dztaoawxqsiy3vhae7t3tds7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dztaoawxqsiy3vhae7t3tds7|03|org"; nocase; ) # kw0sqqqzdam2tcz87zy5hegv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kw0sqqqzdam2tcz87zy5hegv|03|com"; nocase; ) # t2752u10wiw0i158a8mj3er7xo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t2752u10wiw0i158a8mj3er7xo|03|org"; nocase; ) # 1us1xe4zsu8nt10vtepd17gdh5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1us1xe4zsu8nt10vtepd17gdh5f|03|com"; nocase; ) # 1nn5ka51dhd5iqq3is1ewuokuv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nn5ka51dhd5iqq3is1ewuokuv|03|com"; nocase; ) # 10rqd6m1awgk131skttzpq3qcfi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10rqd6m1awgk131skttzpq3qcfi|03|net"; nocase; ) # xaomyy1qhya6vkvi00kqn2w0m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xaomyy1qhya6vkvi00kqn2w0m|03|org"; nocase; ) # d7j8184i9cc91rkdf1b1fklrmj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d7j8184i9cc91rkdf1b1fklrmj|03|com"; nocase; ) # tblghznobknxkg7fsfwhcpr8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tblghznobknxkg7fsfwhcpr8|03|com"; nocase; ) # orhvepu5xkbqli1qlhixibft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|orhvepu5xkbqli1qlhixibft|03|net"; nocase; ) # 1089np51cbcni010dfqxu1lmtngp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1089np51cbcni010dfqxu1lmtngp|03|biz"; nocase; ) # 1p669rklnbdj4tguzlr1nk1w0n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p669rklnbdj4tguzlr1nk1w0n|03|net"; nocase; ) # 1fgjv20sacpcg16gg2h8djnyay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fgjv20sacpcg16gg2h8djnyay|03|org"; nocase; ) # 1vxpblrmbvudw1sjicutdx0tj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxpblrmbvudw1sjicutdx0tj1|03|biz"; nocase; ) # 8u47da85f9bw1rxz22egh4qj0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8u47da85f9bw1rxz22egh4qj0|03|net"; nocase; ) # ntob39h3ip9tt9sfh21bqmuul.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ntob39h3ip9tt9sfh21bqmuul|03|biz"; nocase; ) # cgujwh5q78c1n7xiq1aez45n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cgujwh5q78c1n7xiq1aez45n|03|net"; nocase; ) # e9wnfr1ejc5yedj7x6z1i7el03.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e9wnfr1ejc5yedj7x6z1i7el03|03|biz"; nocase; ) # bspr3m16n8a73f5imtu1benq67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bspr3m16n8a73f5imtu1benq67|03|com"; nocase; ) # pxd502uxh9rd179ox7lperdyw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pxd502uxh9rd179ox7lperdyw|03|org"; nocase; ) # f2f73a1g4318j19siqeg7q51c8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f2f73a1g4318j19siqeg7q51c8|03|net"; nocase; ) # 17e0u8e5muhrj10zijyqt50uds.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e0u8e5muhrj10zijyqt50uds|03|biz"; nocase; ) # 1w1tfp1rwewag1hvv9of178p9zt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w1tfp1rwewag1hvv9of178p9zt|03|net"; nocase; ) # 9pxt2j1cu1w8ri3hqhfxj7bcr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pxt2j1cu1w8ri3hqhfxj7bcr|03|org"; nocase; ) # 1o2yqyjq4vappgosyz1hlcclf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o2yqyjq4vappgosyz1hlcclf|03|com"; nocase; ) # swr6r7q74ue1bxycij6hn31x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|swr6r7q74ue1bxycij6hn31x|03|net"; nocase; ) # mixj0wp3rgv1f16p1r35szx4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mixj0wp3rgv1f16p1r35szx4|03|com"; nocase; ) # jqtxwvnz0saq1wuclls1bswmor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqtxwvnz0saq1wuclls1bswmor|03|net"; nocase; ) # ygg8resdas705tlia112t09xt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ygg8resdas705tlia112t09xt|03|biz"; nocase; ) # 1sqr7v411fjr8e1j4swgl1c39dzs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sqr7v411fjr8e1j4swgl1c39dzs|03|com"; nocase; ) # zh4lbcl4e5eo1x1oi4kvcrfw2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zh4lbcl4e5eo1x1oi4kvcrfw2|03|net"; nocase; ) # 1xpfrcxvit27l1egww5w1b0mv67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xpfrcxvit27l1egww5w1b0mv67|03|org"; nocase; ) # 143ski4mojsz11nx3qew1f3v6o6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|143ski4mojsz11nx3qew1f3v6o6|03|biz"; nocase; ) # m4jzjv79shpqfvj44mui9u6e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m4jzjv79shpqfvj44mui9u6e|03|biz"; nocase; ) # 7cnm1n3khrdb10m3q1de6s7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7cnm1n3khrdb10m3q1de6s7f|03|net"; nocase; ) # 1wny3yk1rjkbp213f8log1o8negn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wny3yk1rjkbp213f8log1o8negn|03|org"; nocase; ) # 1v6dlss15885co1rzgtkd4h15au.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6dlss15885co1rzgtkd4h15au|03|com"; nocase; ) # 2cnpwyzbrwzq1tk7szu1ulc08u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2cnpwyzbrwzq1tk7szu1ulc08u|03|net"; nocase; ) # 1lwfmomh5x0pb11j54sx1rv8ei3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lwfmomh5x0pb11j54sx1rv8ei3|03|org"; nocase; ) # 1kokzo21406pryop5ohe1u6cuji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kokzo21406pryop5ohe1u6cuji|03|org"; nocase; ) # q2d9zyne39yg1cyf11n14t08qj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q2d9zyne39yg1cyf11n14t08qj|03|net"; nocase; ) # 1k7o5pv121cw021itbc9c8ubpu8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k7o5pv121cw021itbc9c8ubpu8|03|com"; nocase; ) # 1n9bfy11nnvlxc1iu3pqmezjybs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9bfy11nnvlxc1iu3pqmezjybs|03|biz"; nocase; ) # 1hh24vw6w0e581ikzcz2b5m0iw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hh24vw6w0e581ikzcz2b5m0iw|03|com"; nocase; ) # dnirkwdp9mrprpny60i5kip6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dnirkwdp9mrprpny60i5kip6|03|net"; nocase; ) # rljkhgv8jg81vg6smz1r30tb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rljkhgv8jg81vg6smz1r30tb9|03|net"; nocase; ) # 1wik43b1rj0bpu1491xxkro5hzt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wik43b1rj0bpu1491xxkro5hzt|03|com"; nocase; ) # 1vzzolh1uduxt31rutjni14ak3oj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vzzolh1uduxt31rutjni14ak3oj|03|com"; nocase; ) # 1bpezfg1ylu9duhf1ac41uoq0py.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bpezfg1ylu9duhf1ac41uoq0py|03|net"; nocase; ) # 1orv3321cgwgpv168su5ksftnmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1orv3321cgwgpv168su5ksftnmd|03|net"; nocase; ) # 1eep8y1ccky8fqacm651qtrp3w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eep8y1ccky8fqacm651qtrp3w|03|com"; nocase; ) # eiew3jfw45fiyu1t5n1jpvqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eiew3jfw45fiyu1t5n1jpvqz|03|net"; nocase; ) # 5dag0g5pz3ub192xci71r5zw1n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5dag0g5pz3ub192xci71r5zw1n|03|org"; nocase; ) # 1rb0fsqq5gmav19vj2ob194s1vm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rb0fsqq5gmav19vj2ob194s1vm|03|net"; nocase; ) # ozb3pgho6qnb2uaw48mkilfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ozb3pgho6qnb2uaw48mkilfw|03|com"; nocase; ) # 1wznrucpnnqrl16czj3h1amd1fk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wznrucpnnqrl16czj3h1amd1fk|03|com"; nocase; ) # j1dw29pt94mwexj3508xlnmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j1dw29pt94mwexj3508xlnmu|03|net"; nocase; ) # 17si3rw1kq2z1r18gubds1vl3lmc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17si3rw1kq2z1r18gubds1vl3lmc|03|biz"; nocase; ) # crll2i1yyqylgox2t6l06ibs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|crll2i1yyqylgox2t6l06ibs|03|com"; nocase; ) # r6e86p1j5jiw71fywh4io6u9m8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r6e86p1j5jiw71fywh4io6u9m8|03|net"; nocase; ) # 8g10f01qkvpgm1abrbjl1aohq7l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8g10f01qkvpgm1abrbjl1aohq7l|03|org"; nocase; ) # fbo2my258e7jhvy278bba5vw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fbo2my258e7jhvy278bba5vw|03|com"; nocase; ) # i9mde51rzxwbfs89ae41yus8om.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i9mde51rzxwbfs89ae41yus8om|03|net"; nocase; ) # 18j06451ldch7mqeazikhlde5h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18j06451ldch7mqeazikhlde5h|03|org"; nocase; ) # qcs69r17ywdrs16avwta19xqp63.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qcs69r17ywdrs16avwta19xqp63|03|org"; nocase; ) # 8x67di150nhki1kx3bnh15qm66r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8x67di150nhki1kx3bnh15qm66r|03|biz"; nocase; ) # swqqkw1y3d6np1ca67y01rj5pkq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|swqqkw1y3d6np1ca67y01rj5pkq|03|net"; nocase; ) # 1klxndm1wffc931jkl8g01mgomgg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1klxndm1wffc931jkl8g01mgomgg|03|biz"; nocase; ) # vmb201ud0yag1ao0wsr1hrcak5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vmb201ud0yag1ao0wsr1hrcak5|03|biz"; nocase; ) # 15899wow194aeoa49cqzc702d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15899wow194aeoa49cqzc702d|03|net"; nocase; ) # alml9r1waxgn8lcmc2e8e0uk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|alml9r1waxgn8lcmc2e8e0uk|03|com"; nocase; ) # 1o0qlos2vi769d5rux4qfo9js.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o0qlos2vi769d5rux4qfo9js|03|org"; nocase; ) # 4ycri11aldly4pwfn1jeum4ie.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ycri11aldly4pwfn1jeum4ie|03|biz"; nocase; ) # wa699r1meczs1mutjo01bszsva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wa699r1meczs1mutjo01bszsva|03|net"; nocase; ) # 1ox10f01mz8p9r1hl6u351yr9mi8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ox10f01mz8p9r1hl6u351yr9mi8|03|net"; nocase; ) # iqmt0q1mfgt47vtqxoa1gk4a85.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iqmt0q1mfgt47vtqxoa1gk4a85|03|biz"; nocase; ) # brew8zho0ujvugrcmc1i0tser.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|brew8zho0ujvugrcmc1i0tser|03|org"; nocase; ) # 1vs5hlrfcc2rl8qvc8j1deobll.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vs5hlrfcc2rl8qvc8j1deobll|03|com"; nocase; ) # 1p61xmy1nsmxnvtbkk9z1djwu4q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p61xmy1nsmxnvtbkk9z1djwu4q|03|com"; nocase; ) # whsdwu1g509d5lv8jel1fy5k5k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|whsdwu1g509d5lv8jel1fy5k5k|03|com"; nocase; ) # kdmo7ctgp5qk1yqoe071o95d6n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kdmo7ctgp5qk1yqoe071o95d6n|03|biz"; nocase; ) # ogw5pqhbnba27boy5hnj2zjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ogw5pqhbnba27boy5hnj2zjv|03|net"; nocase; ) # 1vhizs31bd7a751w82qk0166etm3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vhizs31bd7a751w82qk0166etm3|03|net"; nocase; ) # 1j8px701a4ht6uhfmlq8fp4dna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j8px701a4ht6uhfmlq8fp4dna|03|com"; nocase; ) # xa9hw31a7ngfxd7oyeiqclzg1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xa9hw31a7ngfxd7oyeiqclzg1|03|com"; nocase; ) # 1k0mmpdp3i43g14eq79v14nuxvc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k0mmpdp3i43g14eq79v14nuxvc|03|biz"; nocase; ) # 1v2wb3q1oioh87moqgnby7qjxz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v2wb3q1oioh87moqgnby7qjxz|03|net"; nocase; ) # 1t87kgu14ywssuec1jiyf6xcdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t87kgu14ywssuec1jiyf6xcdo|03|com"; nocase; ) # s5x73r1ie21lpfggmxs1cz9ftl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s5x73r1ie21lpfggmxs1cz9ftl|03|net"; nocase; ) # t7zd3orqfty61q8zi7izexcmq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t7zd3orqfty61q8zi7izexcmq|03|net"; nocase; ) # xdpriju1hqwg92b53k1b0lcbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xdpriju1hqwg92b53k1b0lcbn|03|com"; nocase; ) # 2fz89g1en91mr1ej94pnouvdvx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2fz89g1en91mr1ej94pnouvdvx|03|org"; nocase; ) # hrv9sp1jocnf76xrpclr6fdpl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hrv9sp1jocnf76xrpclr6fdpl|03|net"; nocase; ) # u0heayaga1g3r0tn31xv2072.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u0heayaga1g3r0tn31xv2072|03|org"; nocase; ) # 17fdo90ervlc5g2ly5eq4jq5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17fdo90ervlc5g2ly5eq4jq5u|03|net"; nocase; ) # phoxhqlqvakv162y6ph1toa3yx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|phoxhqlqvakv162y6ph1toa3yx|03|net"; nocase; ) # 12y5bvw18e9d5f3z66mg1um6jux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12y5bvw18e9d5f3z66mg1um6jux|03|com"; nocase; ) # 5jsa7m8o08mhspq0m1ckvbt5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5jsa7m8o08mhspq0m1ckvbt5|03|com"; nocase; ) # 3ma94nmo6oyh6jynua1i5sb7k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ma94nmo6oyh6jynua1i5sb7k|03|com"; nocase; ) # 50zvy219e8hsw16ftcqsvq0z9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|50zvy219e8hsw16ftcqsvq0z9|03|net"; nocase; ) # 84dj56crfoe9533yyr188bnce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|84dj56crfoe9533yyr188bnce|03|org"; nocase; ) # 8mmppnxg6me17744p122uwiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8mmppnxg6me17744p122uwiy|03|com"; nocase; ) # 13jds081qmgbd8vhw63c12f1une.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13jds081qmgbd8vhw63c12f1une|03|net"; nocase; ) # 77dy0z1e0ueya13buoug14gyei3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|77dy0z1e0ueya13buoug14gyei3|03|org"; nocase; ) # 5u2hr111cemcn7r1sny1vemlgd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5u2hr111cemcn7r1sny1vemlgd|03|net"; nocase; ) # x1luob18zrulu10eiczuf3djk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1luob18zrulu10eiczuf3djk|03|org"; nocase; ) # 1qsgvz13c5l3mo1ws7y13q4kc4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qsgvz13c5l3mo1ws7y13q4kc4|03|biz"; nocase; ) # p0nzmh1ri9n8h1qyzeg0efcw13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0nzmh1ri9n8h1qyzeg0efcw13|03|net"; nocase; ) # k3372u5ltift1ckumh01vzck3h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k3372u5ltift1ckumh01vzck3h|03|biz"; nocase; ) # 2eon9bhnrxqd4lq9mc1fru819.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2eon9bhnrxqd4lq9mc1fru819|03|com"; nocase; ) # 1dzi3b21r4bd2a145cg9d1owt80a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dzi3b21r4bd2a145cg9d1owt80a|03|org"; nocase; ) # 1n3v9tt1tdoowzi00mct198v5hw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n3v9tt1tdoowzi00mct198v5hw|03|com"; nocase; ) # 161q8rt18cr2qt1ht6stwqjg774.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161q8rt18cr2qt1ht6stwqjg774|03|biz"; nocase; ) # t6vgng17o0r1evr9hzw1mzeezi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t6vgng17o0r1evr9hzw1mzeezi|03|com"; nocase; ) # xi9zee1rua94al0t0kt1cs8k9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xi9zee1rua94al0t0kt1cs8k9i|03|net"; nocase; ) # ohz60k19trix14x24oa1lm50tz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ohz60k19trix14x24oa1lm50tz|03|org"; nocase; ) # 1xwy9xu1tynl81t8ljln1uvba3h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xwy9xu1tynl81t8ljln1uvba3h|03|org"; nocase; ) # kc85ti1gh5yav1rknsmpje1wfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kc85ti1gh5yav1rknsmpje1wfw|03|net"; nocase; ) # 2xfvvp1t09pcy10m33dsngmorg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xfvvp1t09pcy10m33dsngmorg|03|com"; nocase; ) # 1c5o4hia6bdio1pl7p121f1c740.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c5o4hia6bdio1pl7p121f1c740|03|org"; nocase; ) # rmp8ab1z0otpg16zdsbuh9nggs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rmp8ab1z0otpg16zdsbuh9nggs|03|net"; nocase; ) # rnkeyezr9gs31ao8wem1betd4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rnkeyezr9gs31ao8wem1betd4p|03|biz"; nocase; ) # 1qxt3a8jjvhuk2sxmff3dbwa5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qxt3a8jjvhuk2sxmff3dbwa5|03|net"; nocase; ) # 1ngwodv1cl6jdq1exhu1rlbw240.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ngwodv1cl6jdq1exhu1rlbw240|03|com"; nocase; ) # vppq5k17sy6307xcr8g148atad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vppq5k17sy6307xcr8g148atad|03|org"; nocase; ) # 1ehukjv120r5iny9l3a2ur4b0c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ehukjv120r5iny9l3a2ur4b0c|03|biz"; nocase; ) # esbshngog1e01ho5km1jt24qq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|esbshngog1e01ho5km1jt24qq|03|net"; nocase; ) # 5qmbrrkn4xf650dcmizj6fo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5qmbrrkn4xf650dcmizj6fo|03|org"; nocase; ) # 13qeluu1hv0oxp2rcrhutiw038.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qeluu1hv0oxp2rcrhutiw038|03|net"; nocase; ) # 1sd069gfriitblg50qrlz8oj9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sd069gfriitblg50qrlz8oj9|03|net"; nocase; ) # 8f74j06utexolrbnf2v8drv8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8f74j06utexolrbnf2v8drv8|03|net"; nocase; ) # mf79hl1qjs5bl6s6hduire6xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mf79hl1qjs5bl6s6hduire6xe|03|net"; nocase; ) # 1erf3ko1d2dsh1cb255lpzgyy0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1erf3ko1d2dsh1cb255lpzgyy0|03|org"; nocase; ) # t1jras3e1xz41hulb4t819nqd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t1jras3e1xz41hulb4t819nqd|03|org"; nocase; ) # 1otev271ce3ekrqxrsig16ix9as.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1otev271ce3ekrqxrsig16ix9as|03|net"; nocase; ) # 9b1dri1x03se12tlkzdelmwb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9b1dri1x03se12tlkzdelmwb|03|com"; nocase; ) # ghuhlkaxsxaj14t5b4a16nsv85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ghuhlkaxsxaj14t5b4a16nsv85|03|org"; nocase; ) # 1xd2d0a136ydwt19sjrpylu7oio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xd2d0a136ydwt19sjrpylu7oio|03|com"; nocase; ) # 1r4s8wd1w7j1v616t0spq4knp4h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r4s8wd1w7j1v616t0spq4knp4h|03|org"; nocase; ) # 1463ycn21khco1ppwev61uksad7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1463ycn21khco1ppwev61uksad7|03|net"; nocase; ) # au0mzk1djgagqspbkfj1ldq766.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|au0mzk1djgagqspbkfj1ldq766|03|com"; nocase; ) # 17voouvciipr3amrjgs1xz20g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17voouvciipr3amrjgs1xz20g|03|org"; nocase; ) # 1p97swe1bze3ff3kqae56c508t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p97swe1bze3ff3kqae56c508t|03|biz"; nocase; ) # 3jk96u1k86x2ljm5vp41exa73d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3jk96u1k86x2ljm5vp41exa73d|03|com"; nocase; ) # yqbw36mf5e0hcrjgoh12hz205.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yqbw36mf5e0hcrjgoh12hz205|03|org"; nocase; ) # 1av2dockyinqw1de38b01sbnubk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1av2dockyinqw1de38b01sbnubk|03|org"; nocase; ) # 57hmlk4g8l951vgul4ga79pdx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|57hmlk4g8l951vgul4ga79pdx|03|org"; nocase; ) # 1w7vsf790via7133jcf6osd0om.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w7vsf790via7133jcf6osd0om|03|net"; nocase; ) # n3htky1gvfapahylzkm1vrxdph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3htky1gvfapahylzkm1vrxdph|03|net"; nocase; ) # af299j10nacvg1a4y60k135gqy8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|af299j10nacvg1a4y60k135gqy8|03|com"; nocase; ) # 6usn5b17p3c6wqz7zjl1fi88yv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6usn5b17p3c6wqz7zjl1fi88yv|03|com"; nocase; ) # iyy0dz1w3m6os13q153710npugj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iyy0dz1w3m6os13q153710npugj|03|biz"; nocase; ) # 1yc5n1r150681p1rseb1i11rbn1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yc5n1r150681p1rseb1i11rbn1v|03|com"; nocase; ) # 11bgqn570v6maic4rr17mg1wj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11bgqn570v6maic4rr17mg1wj|03|com"; nocase; ) # 1nruxgz182ieh1ynvg0c4kqll5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nruxgz182ieh1ynvg0c4kqll5|03|com"; nocase; ) # 8gg7x51kf183b1uykpz51a990oh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8gg7x51kf183b1uykpz51a990oh|03|net"; nocase; ) # lq4uhl1nh59js1nwen9l1nsjjr5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lq4uhl1nh59js1nwen9l1nsjjr5|03|biz"; nocase; ) # 17zup8eenpzidtgerdl1q0co5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zup8eenpzidtgerdl1q0co5t|03|com"; nocase; ) # eejefcwy04dvbozsvy18bkejn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eejefcwy04dvbozsvy18bkejn|03|net"; nocase; ) # gkj0ojbja4lm40v3151sl5h4x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gkj0ojbja4lm40v3151sl5h4x|03|biz"; nocase; ) # 89eshil62m8e1i8b0samz8ihz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89eshil62m8e1i8b0samz8ihz|03|net"; nocase; ) # 9dio4m1310fv11ll8hjg1uhollp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9dio4m1310fv11ll8hjg1uhollp|03|org"; nocase; ) # 1al53fz1jtmfma13wtvqiddna7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1al53fz1jtmfma13wtvqiddna7t|03|net"; nocase; ) # 163fxs59p4um6d421ds1qabo8l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|163fxs59p4um6d421ds1qabo8l|03|org"; nocase; ) # 6g8gxz1rdbn0ghl5xbn147bkyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6g8gxz1rdbn0ghl5xbn147bkyk|03|net"; nocase; ) # y1a92rh0mpfz17b4mx6uidht3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y1a92rh0mpfz17b4mx6uidht3|03|net"; nocase; ) # y995rqulmc8q12x45et16mns79.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y995rqulmc8q12x45et16mns79|03|org"; nocase; ) # g2ubss1oduy0n1tkgqhk5on58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g2ubss1oduy0n1tkgqhk5on58|03|net"; nocase; ) # 72hu9g7ft9cy3mn9e4jusae.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|72hu9g7ft9cy3mn9e4jusae|03|net"; nocase; ) # 1qkeh1f1t45rtuw2y0hd75fmgq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qkeh1f1t45rtuw2y0hd75fmgq|03|net"; nocase; ) # 1xrf5krw6sjq3j7f1i8rffht3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xrf5krw6sjq3j7f1i8rffht3|03|org"; nocase; ) # 1k7ahih1s5k39vtnbs30194yifi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k7ahih1s5k39vtnbs30194yifi|03|net"; nocase; ) # 1kliv1z1qeg4ev3n100yghpjwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kliv1z1qeg4ev3n100yghpjwj|03|net"; nocase; ) # 1nk82ve112c6uv17kxo434t4rez.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nk82ve112c6uv17kxo434t4rez|03|net"; nocase; ) # 1lm90fkjwmijm1kpfowo1lldkrn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lm90fkjwmijm1kpfowo1lldkrn|03|com"; nocase; ) # bv2rgvzjiun6yvdlhfpvirpj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bv2rgvzjiun6yvdlhfpvirpj|03|org"; nocase; ) # 12fr0mvm8mize1qbgty2ioitni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12fr0mvm8mize1qbgty2ioitni|03|biz"; nocase; ) # 17pwk1ux1xzlb1surbi5xa1v1w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17pwk1ux1xzlb1surbi5xa1v1w|03|org"; nocase; ) # mrvikj1oluv1yge38jq1v4erwg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mrvikj1oluv1yge38jq1v4erwg|03|net"; nocase; ) # 1cx2igh1irsqoz1pdaa3s1p4x5fg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cx2igh1irsqoz1pdaa3s1p4x5fg|03|biz"; nocase; ) # 1t93cfsr3cs6g1r2em9oj8t655.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t93cfsr3cs6g1r2em9oj8t655|03|org"; nocase; ) # l4e0aoy73t4k1fulhac1iissxp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l4e0aoy73t4k1fulhac1iissxp|03|com"; nocase; ) # j1e6rztwdry9ljurogk5qzlr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j1e6rztwdry9ljurogk5qzlr|03|biz"; nocase; ) # 134ezdpgk2y7f79j5qnzvmg6k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|134ezdpgk2y7f79j5qnzvmg6k|03|com"; nocase; ) # ltevyhsudz847j1xan1pwm8fm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ltevyhsudz847j1xan1pwm8fm|03|net"; nocase; ) # 1sgpjh3n67d5s1ub9t19n9o08e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sgpjh3n67d5s1ub9t19n9o08e|03|net"; nocase; ) # 12ujb961yhtjbjeqp4301iksym2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ujb961yhtjbjeqp4301iksym2|03|net"; nocase; ) # 1podk7n16dsf8o17aw5stl87fep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1podk7n16dsf8o17aw5stl87fep|03|biz"; nocase; ) # 18f788c1bvwdd21aymvpdifeipe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18f788c1bvwdd21aymvpdifeipe|03|com"; nocase; ) # 1qcqrpjnihc8g9zvlukripp0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qcqrpjnihc8g9zvlukripp0q|03|net"; nocase; ) # rn1pqv10ajetg1lebju1axaat3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rn1pqv10ajetg1lebju1axaat3|03|biz"; nocase; ) # kqv7uxowpujj9l6bk52jwzv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kqv7uxowpujj9l6bk52jwzv1|03|com"; nocase; ) # qkw3cy1fw3bgxlggej1u9fac8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qkw3cy1fw3bgxlggej1u9fac8|03|biz"; nocase; ) # vj0mc01504ozwnz3bsrfihjtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vj0mc01504ozwnz3bsrfihjtl|03|net"; nocase; ) # 6gt4e7mtmt8n1h7rxsl8psa91.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6gt4e7mtmt8n1h7rxsl8psa91|03|org"; nocase; ) # pu4psubaygrs1k1wnuqimn011.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pu4psubaygrs1k1wnuqimn011|03|net"; nocase; ) # 9pqtjj2h668ou278n1ronv9l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9pqtjj2h668ou278n1ronv9l|03|org"; nocase; ) # 14ixlhe11lznk13k4ncvu8ir69.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ixlhe11lznk13k4ncvu8ir69|03|com"; nocase; ) # 4pugwno0xg6azal0xqkukg0z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4pugwno0xg6azal0xqkukg0z|03|com"; nocase; ) # 116uyapq8fw18fik0rxmvhm4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|116uyapq8fw18fik0rxmvhm4|03|net"; nocase; ) # 3cmz5o13hcq5cggr6qulhh8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3cmz5o13hcq5cggr6qulhh8d|03|com"; nocase; ) # g5cbkj17qzthi19ijmcx1eoowyy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g5cbkj17qzthi19ijmcx1eoowyy|03|org"; nocase; ) # csp3ie161gkxs17slgmq8nt6ag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csp3ie161gkxs17slgmq8nt6ag|03|com"; nocase; ) # 1jhrbp91ji6fxk1amloe81c4lqqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jhrbp91ji6fxk1amloe81c4lqqp|03|com"; nocase; ) # k50bjd1gf8ozx1em9mhjvhf5z8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k50bjd1gf8ozx1em9mhjvhf5z8|03|net"; nocase; ) # dnkmfllza9dg1ggbg411rwc6df.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dnkmfllza9dg1ggbg411rwc6df|03|org"; nocase; ) # mrlcq319mpqe1kk4d42s2k5d7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mrlcq319mpqe1kk4d42s2k5d7|03|org"; nocase; ) # 1q3qji91ssl4z712r0pvnch036l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q3qji91ssl4z712r0pvnch036l|03|org"; nocase; ) # 17e5sypoghjem1r4lrl3b0j67j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17e5sypoghjem1r4lrl3b0j67j|03|com"; nocase; ) # u8fxa51hs1rt91fope4tsmuqcg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u8fxa51hs1rt91fope4tsmuqcg|03|net"; nocase; ) # 16g6ouxa02po9b5hggg2l4u1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16g6ouxa02po9b5hggg2l4u1z|03|net"; nocase; ) # exczos1j09wfggip66d1v7ch5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exczos1j09wfggip66d1v7ch5n|03|net"; nocase; ) # 144wdztx9fzn1q6qh7d1y8qo3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144wdztx9fzn1q6qh7d1y8qo3x|03|biz"; nocase; ) # 9cpa3g5h9qhngo2gpvp5i7oc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9cpa3g5h9qhngo2gpvp5i7oc|03|com"; nocase; ) # 1px28bjod8155hdj5y11aj8mk8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1px28bjod8155hdj5y11aj8mk8|03|biz"; nocase; ) # dq48adp0hh1x1vsog68149jq6x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dq48adp0hh1x1vsog68149jq6x|03|org"; nocase; ) # 1twd7401iyyi3zln4f781tkj4mt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twd7401iyyi3zln4f781tkj4mt|03|org"; nocase; ) # 1h2rpc01ib8q7nid44mycw457.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h2rpc01ib8q7nid44mycw457|03|net"; nocase; ) # d5qwh7b6i2mz16572w5qwxr6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d5qwh7b6i2mz16572w5qwxr6|03|org"; nocase; ) # 1ohg0491dhbuc21s23czduva8xq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohg0491dhbuc21s23czduva8xq|03|biz"; nocase; ) # wdb1k9evfau71hv3zr11k75zi9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wdb1k9evfau71hv3zr11k75zi9|03|net"; nocase; ) # gjrds01tmf2jusvwigq15z3vls.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gjrds01tmf2jusvwigq15z3vls|03|com"; nocase; ) # qc3rjm1dh7srm1ta3cyzpgv7fb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qc3rjm1dh7srm1ta3cyzpgv7fb|03|com"; nocase; ) # 11zi1otxi9dpk1epp3edkdo1qf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11zi1otxi9dpk1epp3edkdo1qf|03|net"; nocase; ) # 1cko6gm16beg7m580811bt4gn9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cko6gm16beg7m580811bt4gn9|03|org"; nocase; ) # iktskw19ne7xs90uqca1p1mjjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iktskw19ne7xs90uqca1p1mjjt|03|net"; nocase; ) # arvf2519e1kol1c887b91yd0dq8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|arvf2519e1kol1c887b91yd0dq8|03|com"; nocase; ) # 19jjbd31q6rqrsm10udskqjmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19jjbd31q6rqrsm10udskqjmz|03|com"; nocase; ) # ij923p18chc9seo14zd1popp2j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ij923p18chc9seo14zd1popp2j|03|com"; nocase; ) # 1iiufgn16jj5ie145h0iu1nisxc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iiufgn16jj5ie145h0iu1nisxc4|03|net"; nocase; ) # 1ojamswminvidwa9cgjq3d2t8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ojamswminvidwa9cgjq3d2t8|03|biz"; nocase; ) # jzwhisjkn3x0yiksa1dhj4ja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jzwhisjkn3x0yiksa1dhj4ja|03|com"; nocase; ) # 1fph1h61rdn2ai67menq1ja485f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fph1h61rdn2ai67menq1ja485f|03|org"; nocase; ) # 12lg0fnh023iv1pov3at12im1jn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12lg0fnh023iv1pov3at12im1jn|03|biz"; nocase; ) # viwq7f1efj3e01arm1m61qgkcak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|viwq7f1efj3e01arm1m61qgkcak|03|net"; nocase; ) # 1pis2042o31k7hfuechv0iac5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pis2042o31k7hfuechv0iac5|03|org"; nocase; ) # xtfnqtcoqq8g1w1y0vqdmu6to.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xtfnqtcoqq8g1w1y0vqdmu6to|03|net"; nocase; ) # flrrvg1i8oq7ll0u0xh1eugezx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|flrrvg1i8oq7ll0u0xh1eugezx|03|biz"; nocase; ) # 5a6joesebw4y1ok2nlcgqyd7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5a6joesebw4y1ok2nlcgqyd7w|03|com"; nocase; ) # 14wfxul1tk97qb1u0ezn6tsz1ay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wfxul1tk97qb1u0ezn6tsz1ay|03|org"; nocase; ) # ox8ldg1bgqnkybvbahw1m4gwbf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ox8ldg1bgqnkybvbahw1m4gwbf|03|net"; nocase; ) # 1vjg253puffje129uqdsd0i9pb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vjg253puffje129uqdsd0i9pb|03|com"; nocase; ) # q98q5fsdjfrw1is8k961ouz06s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q98q5fsdjfrw1is8k961ouz06s|03|com"; nocase; ) # 1uxq3211ey2zxm12lbpht1u5meki.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uxq3211ey2zxm12lbpht1u5meki|03|com"; nocase; ) # 1otkhxq1odoysr8knk1irw12s5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1otkhxq1odoysr8knk1irw12s5|03|net"; nocase; ) # 1i7hckeiwusnlz3nwju67ju23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1i7hckeiwusnlz3nwju67ju23|03|net"; nocase; ) # 17doirh1i4t4kw10qsscq1hpggbj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17doirh1i4t4kw10qsscq1hpggbj|03|net"; nocase; ) # vnz3byq0ocp010or02h18ucq5h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vnz3byq0ocp010or02h18ucq5h|03|net"; nocase; ) # kkt9gdzqewlv18ybn0h2qzcdy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kkt9gdzqewlv18ybn0h2qzcdy|03|biz"; nocase; ) # 1e5jltt1cp2nyu1cgu5ti1q87dn9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e5jltt1cp2nyu1cgu5ti1q87dn9|03|net"; nocase; ) # mldp3c1r2lkq51uwgjzs1xgsbds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mldp3c1r2lkq51uwgjzs1xgsbds|03|net"; nocase; ) # 2qly7ub4qvz31jkz6oz8oouvg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qly7ub4qvz31jkz6oz8oouvg|03|net"; nocase; ) # 1hdl1i416rt711f7l2zy1633v7a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hdl1i416rt711f7l2zy1633v7a|03|biz"; nocase; ) # kj6v8prbi43m1qem4581ft451m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kj6v8prbi43m1qem4581ft451m|03|com"; nocase; ) # 16gfdjhpoftk6jk7gxf1oxdvut.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16gfdjhpoftk6jk7gxf1oxdvut|03|net"; nocase; ) # 1kekblseet7gj28jynmhf02aa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kekblseet7gj28jynmhf02aa|03|com"; nocase; ) # j7bgm1qwdzwodza2ywl0uy1z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j7bgm1qwdzwodza2ywl0uy1z|03|biz"; nocase; ) # nx5kdnpfi1rs1jp9bff1mz9lu9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nx5kdnpfi1rs1jp9bff1mz9lu9|03|com"; nocase; ) # zeal2b16vqrn511yqiep5rf5ij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zeal2b16vqrn511yqiep5rf5ij|03|net"; nocase; ) # 36da96187sq4z1n50ikax51ixu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|36da96187sq4z1n50ikax51ixu|03|net"; nocase; ) # sujhyi128sbc1t1bdcx14a7ziy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sujhyi128sbc1t1bdcx14a7ziy|03|net"; nocase; ) # e1ss6a15t9gi6banq691cyg9th.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e1ss6a15t9gi6banq691cyg9th|03|com"; nocase; ) # i50a7p36zp4o13ixbdoukp30c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i50a7p36zp4o13ixbdoukp30c|03|biz"; nocase; ) # 14lrg1nn550cm1yfm168wy7vth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14lrg1nn550cm1yfm168wy7vth|03|biz"; nocase; ) # o9eps3xur9xb1sbbcavkq4iyd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o9eps3xur9xb1sbbcavkq4iyd|03|biz"; nocase; ) # 1pn7pjhc3bvqlnj9pl6f24tlr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pn7pjhc3bvqlnj9pl6f24tlr|03|net"; nocase; ) # 1r79y6v1ewsjf03wpp9i1o6di2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r79y6v1ewsjf03wpp9i1o6di2y|03|com"; nocase; ) # 12xb6ql1yl6rj3wb6uafjv4b6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12xb6ql1yl6rj3wb6uafjv4b6e|03|net"; nocase; ) # hdifmx1snygt0yy88yg12mxfsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hdifmx1snygt0yy88yg12mxfsf|03|net"; nocase; ) # tmqjerlp1u99ur5emc1c3mrs6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tmqjerlp1u99ur5emc1c3mrs6|03|net"; nocase; ) # 16f8bmv1r07ffrt5a841qo8x65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16f8bmv1r07ffrt5a841qo8x65|03|org"; nocase; ) # 314qu41wv1jvl1r967vv13fp3yh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|314qu41wv1jvl1r967vv13fp3yh|03|net"; nocase; ) # 131609y1d3auva1v96ho81egbrov.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|131609y1d3auva1v96ho81egbrov|03|com"; nocase; ) # 1aqaricnmdibl1uscok7x5c2i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqaricnmdibl1uscok7x5c2i3|03|com"; nocase; ) # fua7671y9mulb14ew3l01xqyell.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fua7671y9mulb14ew3l01xqyell|03|net"; nocase; ) # 9fow1eaw315d50z04je0nlk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9fow1eaw315d50z04je0nlk4|03|org"; nocase; ) # uibxce1jtxs7s55caw1w6uf19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uibxce1jtxs7s55caw1w6uf19|03|com"; nocase; ) # 1k0z1nn1qt2zgw1kbm1om52uf1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k0z1nn1qt2zgw1kbm1om52uf1z|03|net"; nocase; ) # 1sttk36uummnkmulubd1kg3sul.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sttk36uummnkmulubd1kg3sul|03|biz"; nocase; ) # 1gw9dp1g33wp01xugq10fvrlwr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gw9dp1g33wp01xugq10fvrlwr|03|com"; nocase; ) # e260xjq5b9wkuzrj3m1mlxh4p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e260xjq5b9wkuzrj3m1mlxh4p|03|net"; nocase; ) # dsh3xa1ygr0pqodmoa9183gwm7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsh3xa1ygr0pqodmoa9183gwm7|03|org"; nocase; ) # 1tyuyr6mcrs3u1wngdr0qobg0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tyuyr6mcrs3u1wngdr0qobg0|03|org"; nocase; ) # nf02lc1ekln1e16s3tlx3g8da8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nf02lc1ekln1e16s3tlx3g8da8|03|net"; nocase; ) # 14ztsjdfyy71g1u50bzmoys3hl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ztsjdfyy71g1u50bzmoys3hl|03|com"; nocase; ) # 16zdqdx1nro6my199m1sv1aqrlcx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16zdqdx1nro6my199m1sv1aqrlcx|03|net"; nocase; ) # npymyc1xac8aquttkjt14lg35q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|npymyc1xac8aquttkjt14lg35q|03|net"; nocase; ) # 1hy90i411ylk4b1p6w877vuab3d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hy90i411ylk4b1p6w877vuab3d|03|org"; nocase; ) # 1pj2j8fogrz6i7e07fs1knb5r5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pj2j8fogrz6i7e07fs1knb5r5|03|com"; nocase; ) # 145vekphmo69rvhu7wgizjkg2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|145vekphmo69rvhu7wgizjkg2|03|org"; nocase; ) # wx84hm10db04bz1gao1uo6z3h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wx84hm10db04bz1gao1uo6z3h|03|org"; nocase; ) # iqt5m71z03kbfykqeny7iirv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iqt5m71z03kbfykqeny7iirv|03|com"; nocase; ) # 19fs3rb4nyt831almsczetex10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19fs3rb4nyt831almsczetex10|03|net"; nocase; ) # 16m3zn3cahr581byqr1j10w29u3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16m3zn3cahr581byqr1j10w29u3|03|biz"; nocase; ) # 1w5q77vmceuam1jurijkzgyj84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w5q77vmceuam1jurijkzgyj84|03|net"; nocase; ) # hcih7qczk75q1gdqshi14hq8w9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hcih7qczk75q1gdqshi14hq8w9|03|com"; nocase; ) # g73uw8120z24i15r1wfv8eb9ry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g73uw8120z24i15r1wfv8eb9ry|03|org"; nocase; ) # ajwik6k5ylgs2xpuop868wqi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ajwik6k5ylgs2xpuop868wqi|03|com"; nocase; ) # dcm0b71ywsw7umgnbxf1tjya60.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dcm0b71ywsw7umgnbxf1tjya60|03|org"; nocase; ) # 68oupm1u4n94s6s6wuh1nehzbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|68oupm1u4n94s6s6wuh1nehzbx|03|org"; nocase; ) # 17h83xstzy1mevxmqn716xadzq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17h83xstzy1mevxmqn716xadzq|03|biz"; nocase; ) # 36ui9f1fhjdxy4724ehlzpna5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|36ui9f1fhjdxy4724ehlzpna5|03|net"; nocase; ) # kav2c11rt1hcf11uab5n10ir9nc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kav2c11rt1hcf11uab5n10ir9nc|03|com"; nocase; ) # 16nhwzw14dwzjvidvbe0i3z48s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16nhwzw14dwzjvidvbe0i3z48s|03|com"; nocase; ) # dyn0zm16psxp6fch6v6xziulw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dyn0zm16psxp6fch6v6xziulw|03|net"; nocase; ) # 1btzwiea6hd8196k2jg16j1n5z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btzwiea6hd8196k2jg16j1n5z|03|org"; nocase; ) # 7g7hlhw29va119kajfh1pjk7g6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7g7hlhw29va119kajfh1pjk7g6|03|biz"; nocase; ) # 8jrotx15ni7ji1q06mbqgno57z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8jrotx15ni7ji1q06mbqgno57z|03|com"; nocase; ) # 37r96iv14iw42doq8otc17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|37r96iv14iw42doq8otc17|03|net"; nocase; ) # 8qpl121s9n894i0lf4i1unhd90.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8qpl121s9n894i0lf4i1unhd90|03|com"; nocase; ) # g10ydy1ytt8b71f4fj021wp4rdk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g10ydy1ytt8b71f4fj021wp4rdk|03|org"; nocase; ) # 2i52bg1mm05b8vfljb1b867kb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2i52bg1mm05b8vfljb1b867kb|03|com"; nocase; ) # 98us7h1veo0av1uajna86ozpfp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|98us7h1veo0av1uajna86ozpfp|03|net"; nocase; ) # 1du1su68yyda025ig85oa83l1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1du1su68yyda025ig85oa83l1|03|biz"; nocase; ) # 7iggwxabj7a13jtuhrpqlo5q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7iggwxabj7a13jtuhrpqlo5q|03|com"; nocase; ) # zvsl9pevizlxv19y9s1eoxhyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zvsl9pevizlxv19y9s1eoxhyz|03|com"; nocase; ) # tj5vfvxk0sx4svxio97tph15.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tj5vfvxk0sx4svxio97tph15|03|net"; nocase; ) # 1lvgq2s12qroxa1ch1ex4b3nl04.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lvgq2s12qroxa1ch1ex4b3nl04|03|org"; nocase; ) # croovf1hh5ficxp3m21nnt36k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|croovf1hh5ficxp3m21nnt36k|03|com"; nocase; ) # i85ouem3unm61cmyfkwgpahnd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i85ouem3unm61cmyfkwgpahnd|03|biz"; nocase; ) # shvlwfu2izx1jxh6w72d28ne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|shvlwfu2izx1jxh6w72d28ne|03|com"; nocase; ) # q1y37p3cd07efusc137my7l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|q1y37p3cd07efusc137my7l|03|biz"; nocase; ) # 1kyuqwu1stqniq9i9hvyz9r5r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kyuqwu1stqniq9i9hvyz9r5r|03|com"; nocase; ) # 3fhcic0975919lqngh1ol6b60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3fhcic0975919lqngh1ol6b60|03|net"; nocase; ) # dd98fh17zewd81fedxfx6s357n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dd98fh17zewd81fedxfx6s357n|03|com"; nocase; ) # zo0gm01uz2n6iobin4hrdnkod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zo0gm01uz2n6iobin4hrdnkod|03|com"; nocase; ) # 128thvmeltlxj10b2nzugyesp4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|128thvmeltlxj10b2nzugyesp4|03|org"; nocase; ) # tycrt21q5gs4q7kbaho67pllt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tycrt21q5gs4q7kbaho67pllt|03|biz"; nocase; ) # x3ih50s4uiqr1actyd71otrkhx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3ih50s4uiqr1actyd71otrkhx|03|net"; nocase; ) # 3ekwd110jxqix12s0p17sv39kb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ekwd110jxqix12s0p17sv39kb|03|com"; nocase; ) # n385dilz0gib5bzdofqh6fn9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n385dilz0gib5bzdofqh6fn9|03|org"; nocase; ) # 4mrblt1ywk16p89dqli11g3crb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4mrblt1ywk16p89dqli11g3crb|03|net"; nocase; ) # 1dg7l6ispcslnq39kbp1bgje2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dg7l6ispcslnq39kbp1bgje2k|03|org"; nocase; ) # 1gq2c0h1i10pg2e49zv91v4m9sh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gq2c0h1i10pg2e49zv91v4m9sh|03|net"; nocase; ) # 1wc3l8a2y1jsxy4oqz65sczhw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wc3l8a2y1jsxy4oqz65sczhw|03|com"; nocase; ) # a9vvtgh7jq9y1fuwf5y13fgbh5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a9vvtgh7jq9y1fuwf5y13fgbh5|03|com"; nocase; ) # 1ogsawz5kc7zept6zd14p8j2r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ogsawz5kc7zept6zd14p8j2r|03|biz"; nocase; ) # 1xu9zisnmgup1ji52fl5njn6r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xu9zisnmgup1ji52fl5njn6r|03|net"; nocase; ) # q79yw81tdi7hn8i3f8110futm2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q79yw81tdi7hn8i3f8110futm2|03|biz"; nocase; ) # 13vsixx1c49a921ek69x0n923lg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13vsixx1c49a921ek69x0n923lg|03|net"; nocase; ) # j1kptphls3x1ne283gi2cvyx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j1kptphls3x1ne283gi2cvyx|03|biz"; nocase; ) # mudl5bob5se1ow5b5z1yyme8q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mudl5bob5se1ow5b5z1yyme8q|03|com"; nocase; ) # 1ckjzflyqt1z71u0zsp21aytgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ckjzflyqt1z71u0zsp21aytgu|03|biz"; nocase; ) # 1ms4w621nu1brp104809l1piocrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ms4w621nu1brp104809l1piocrz|03|net"; nocase; ) # kgqpupe2it6v76c28f1a5r0mu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kgqpupe2it6v76c28f1a5r0mu|03|net"; nocase; ) # a143t1bfi8ft4x87i1y9yoww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|a143t1bfi8ft4x87i1y9yoww|03|com"; nocase; ) # 1fkfm641b5e6xhjj3jhkw2vth0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fkfm641b5e6xhjj3jhkw2vth0|03|biz"; nocase; ) # 107dwnmmx9u1v16rsyjo11zyvm1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107dwnmmx9u1v16rsyjo11zyvm1|03|biz"; nocase; ) # 1cpfssk1nnye8jhy9fwv1ejcd56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cpfssk1nnye8jhy9fwv1ejcd56|03|net"; nocase; ) # 1fxiz5y1nfv84f5g25jh172zlt9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fxiz5y1nfv84f5g25jh172zlt9|03|net"; nocase; ) # twh3r51vexlpbf1spm1ptfmce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|twh3r51vexlpbf1spm1ptfmce|03|org"; nocase; ) # ro0tp8abo02fz04vh311rowiz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ro0tp8abo02fz04vh311rowiz|03|com"; nocase; ) # 1xpvm9117k671l5nelrq1rakayb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xpvm9117k671l5nelrq1rakayb|03|com"; nocase; ) # 4j5mfu1a8ybe61ovqnt71qnko6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4j5mfu1a8ybe61ovqnt71qnko6p|03|net"; nocase; ) # 1l86zp0936sr615j1qngv5uva6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l86zp0936sr615j1qngv5uva6|03|org"; nocase; ) # 1gfx7vo6lek0l169khr22e673a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gfx7vo6lek0l169khr22e673a|03|com"; nocase; ) # ycgeuf7glvgi1ungrbg1icrwxw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ycgeuf7glvgi1ungrbg1icrwxw|03|org"; nocase; ) # 4p2v2t1xowxo91cxz7t81e3ljoh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4p2v2t1xowxo91cxz7t81e3ljoh|03|com"; nocase; ) # 7qi6egpetjyxkhigbv4uviq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7qi6egpetjyxkhigbv4uviq9|03|net"; nocase; ) # kp5urc1kv04wj1kntfss1b75xqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kp5urc1kv04wj1kntfss1b75xqr|03|net"; nocase; ) # 1a12jh1gzv788rcrkdn1ju6h7g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a12jh1gzv788rcrkdn1ju6h7g|03|biz"; nocase; ) # 1pomz6esih62660h5rbl5rvxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pomz6esih62660h5rbl5rvxf|03|com"; nocase; ) # rjgktmewv2km3fq5pqnica9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rjgktmewv2km3fq5pqnica9v|03|net"; nocase; ) # lcv73116e6qgl4gvum514u21y6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lcv73116e6qgl4gvum514u21y6|03|biz"; nocase; ) # 16ibxdf1eqoj0n1gzwx2j1c8m58w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16ibxdf1eqoj0n1gzwx2j1c8m58w|03|org"; nocase; ) # 1h3d4vsmznh31iouyl2jpe7sq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h3d4vsmznh31iouyl2jpe7sq|03|net"; nocase; ) # as2xte1i9pcfh1vbaob8dzsdj7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|as2xte1i9pcfh1vbaob8dzsdj7|03|org"; nocase; ) # 10r0hdc1vaytibxx54m10fjn9s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10r0hdc1vaytibxx54m10fjn9s|03|com"; nocase; ) # 10h2rthn3axahvktkb7xrl6r4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10h2rthn3axahvktkb7xrl6r4|03|biz"; nocase; ) # 1t4pbdt1e1ozxehhmgh11u1i33l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4pbdt1e1ozxehhmgh11u1i33l|03|net"; nocase; ) # pcnze71rqyuvndg9f86zfo5rg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pcnze71rqyuvndg9f86zfo5rg|03|com"; nocase; ) # v9dcc1y07cbb1248cqk178dp1h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v9dcc1y07cbb1248cqk178dp1h|03|biz"; nocase; ) # 160c4nl1vw9reg1a9o1yztrieyi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|160c4nl1vw9reg1a9o1yztrieyi|03|org"; nocase; ) # zfpm5kjp516p15xxht12x8ax1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zfpm5kjp516p15xxht12x8ax1|03|net"; nocase; ) # zd3t4oj9em6imbl4021eaei4b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zd3t4oj9em6imbl4021eaei4b|03|org"; nocase; ) # s496bg1qp0zxa1hf6mh512d3zn7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s496bg1qp0zxa1hf6mh512d3zn7|03|net"; nocase; ) # kex1w5pcs9qd1yad5vo1mwk12v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kex1w5pcs9qd1yad5vo1mwk12v|03|biz"; nocase; ) # 1iuuwn0ptq01k1sr2fjrfnnzzy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iuuwn0ptq01k1sr2fjrfnnzzy|03|net"; nocase; ) # urbfev4cl08a1olhcpd7ks9zh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|urbfev4cl08a1olhcpd7ks9zh|03|net"; nocase; ) # 1bbzy3fm53zvo13hm5i3dgit1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bbzy3fm53zvo13hm5i3dgit1q|03|org"; nocase; ) # kz9m6w3qy7q01b5aucewtbmll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kz9m6w3qy7q01b5aucewtbmll|03|net"; nocase; ) # 1i1pznt4t5jjchf12hf1ldj5to.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i1pznt4t5jjchf12hf1ldj5to|03|com"; nocase; ) # fo32tl9e6mankwjxpw1xog2sv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fo32tl9e6mankwjxpw1xog2sv|03|biz"; nocase; ) # 1t1kkl2ldcm711gfp0xge4nmao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1kkl2ldcm711gfp0xge4nmao|03|com"; nocase; ) # plzgw2qycpchg66k3kymo94e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|plzgw2qycpchg66k3kymo94e|03|org"; nocase; ) # ngu7ak1d2eq9exfgkt51g3n7qv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ngu7ak1d2eq9exfgkt51g3n7qv|03|org"; nocase; ) # 1axp1vs19gayl310tpi9l1du0l5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1axp1vs19gayl310tpi9l1du0l5t|03|com"; nocase; ) # 51m4nh1yz1hlgi829ad1725vq6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|51m4nh1yz1hlgi829ad1725vq6|03|org"; nocase; ) # r3uj1h1rg4me7umflen17ki27w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r3uj1h1rg4me7umflen17ki27w|03|com"; nocase; ) # 1malz2qj4g96v15kicpe1p1557.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1malz2qj4g96v15kicpe1p1557|03|com"; nocase; ) # 1k5e8q7sknpouawpe0f1nwnxme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k5e8q7sknpouawpe0f1nwnxme|03|org"; nocase; ) # rfmt5p146xeyd1obsn6m1pzspxy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rfmt5p146xeyd1obsn6m1pzspxy|03|org"; nocase; ) # vcl0fz1l57lxr1rfxqzojvkkmb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vcl0fz1l57lxr1rfxqzojvkkmb|03|org"; nocase; ) # u8ow7b1oysjw41jbeeep19knnp9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|u8ow7b1oysjw41jbeeep19knnp9|03|biz"; nocase; ) # 8j0ags1d8tnbi14advqn1lfj0ub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8j0ags1d8tnbi14advqn1lfj0ub|03|com"; nocase; ) # 1ej23w013kltg016pr54rerf58e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ej23w013kltg016pr54rerf58e|03|org"; nocase; ) # 1cpff5x2e5vlsjuqwib1h5v753.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpff5x2e5vlsjuqwib1h5v753|03|com"; nocase; ) # zepf3q96q2ah6ulbe1x1ncgi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zepf3q96q2ah6ulbe1x1ncgi|03|net"; nocase; ) # 1l24kh96zhn3lzw04y5i1c3jl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l24kh96zhn3lzw04y5i1c3jl|03|net"; nocase; ) # 1917gqf2abbgglqi8gk1hy71aw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1917gqf2abbgglqi8gk1hy71aw|03|biz"; nocase; ) # 198xhvicucu1vm1z6ztqz8ar2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|198xhvicucu1vm1z6ztqz8ar2|03|com"; nocase; ) # s5ea1a18ymfex1mt685i15zyf5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s5ea1a18ymfex1mt685i15zyf5p|03|net"; nocase; ) # 8678ry1mtfivarb0owzmlvngp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8678ry1mtfivarb0owzmlvngp|03|org"; nocase; ) # nsfjy33um0bc1yu62r013cory9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nsfjy33um0bc1yu62r013cory9|03|net"; nocase; ) # 2axk3v1piltk1icyu129grufd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2axk3v1piltk1icyu129grufd|03|net"; nocase; ) # bf8f89zawrulhl22ck1v1lklt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bf8f89zawrulhl22ck1v1lklt|03|com"; nocase; ) # f22lwa8qqn6579nnw110alsn6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f22lwa8qqn6579nnw110alsn6|03|org"; nocase; ) # 16qbg7m19eaymywqigkvva1yu8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16qbg7m19eaymywqigkvva1yu8|03|org"; nocase; ) # 9ke9zrwrmqq0t6ngs81hytx7m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9ke9zrwrmqq0t6ngs81hytx7m|03|org"; nocase; ) # z4meppcye7w81u76q9w1n28m5c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z4meppcye7w81u76q9w1n28m5c|03|org"; nocase; ) # o6biurwnjv732kzxt1qcgc9x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o6biurwnjv732kzxt1qcgc9x|03|net"; nocase; ) # 2owaj410lo2vo1us62r3x08sca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2owaj410lo2vo1us62r3x08sca|03|net"; nocase; ) # bxe4mhjdw8k0cim1t41oxzfj2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bxe4mhjdw8k0cim1t41oxzfj2|03|org"; nocase; ) # 1bv8lf21xqx3ps1jm7i4lng12qy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bv8lf21xqx3ps1jm7i4lng12qy|03|net"; nocase; ) # 1lqwgnn153vyyn1weqhhaqn5kgy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lqwgnn153vyyn1weqhhaqn5kgy|03|net"; nocase; ) # ay91bk1eqskz532gqqh1kruish.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ay91bk1eqskz532gqqh1kruish|03|biz"; nocase; ) # 1g0d4pf1ntpv8z80j86k1wy94f1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g0d4pf1ntpv8z80j86k1wy94f1|03|net"; nocase; ) # 1l35y6d1tb6oa01fclhkhsq1i9y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l35y6d1tb6oa01fclhkhsq1i9y|03|net"; nocase; ) # 1gvb01zccftfm1nb49vjhv6s4g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gvb01zccftfm1nb49vjhv6s4g|03|org"; nocase; ) # 18jwbncagvvo312jocorc74eeg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18jwbncagvvo312jocorc74eeg|03|net"; nocase; ) # xhk0ff225qqc1skme2m12n0rbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xhk0ff225qqc1skme2m12n0rbt|03|com"; nocase; ) # 17gu9t6ssqjnn1yric8h1f2mq16.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17gu9t6ssqjnn1yric8h1f2mq16|03|org"; nocase; ) # 1905t6qz1uhndn7ucnd13kfv9n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1905t6qz1uhndn7ucnd13kfv9n|03|net"; nocase; ) # ac39iq1meianbqho8k01um4pzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ac39iq1meianbqho8k01um4pzn|03|com"; nocase; ) # v13yot1345lvs1yqw763s3ijdw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v13yot1345lvs1yqw763s3ijdw|03|org"; nocase; ) # f0tgrg1m7dl6b1riip7s18zlxz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f0tgrg1m7dl6b1riip7s18zlxz9|03|com"; nocase; ) # 18kk3vxm7i5zp1hqsayqt7mg37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18kk3vxm7i5zp1hqsayqt7mg37|03|net"; nocase; ) # 1g15y6v1bxacw227ve0vatz7yt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g15y6v1bxacw227ve0vatz7yt|03|org"; nocase; ) # guolrp50gpm3i7ibdn14izjgz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|guolrp50gpm3i7ibdn14izjgz|03|net"; nocase; ) # 14cbcn5u2f290kf6pwx11xdpzf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14cbcn5u2f290kf6pwx11xdpzf|03|org"; nocase; ) # acwyc5d4iro11t2zwe01xgyqs3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|acwyc5d4iro11t2zwe01xgyqs3|03|com"; nocase; ) # 5b05jc166urxs13qxn91r3dcak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5b05jc166urxs13qxn91r3dcak|03|net"; nocase; ) # i8d3fq104xopp11bzizimf5yjf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i8d3fq104xopp11bzizimf5yjf|03|com"; nocase; ) # vutkvar57vl714znsx71wh1e5g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vutkvar57vl714znsx71wh1e5g|03|biz"; nocase; ) # 1g8vj931jp8cv14zx58y12vhqa8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g8vj931jp8cv14zx58y12vhqa8|03|org"; nocase; ) # 7jytn44fmmxd1yhs868acoimf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7jytn44fmmxd1yhs868acoimf|03|biz"; nocase; ) # 19zjqmsfluibnhr7ifizgnicz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19zjqmsfluibnhr7ifizgnicz|03|org"; nocase; ) # w0qgkxbo1s9g11vib13zj6p31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w0qgkxbo1s9g11vib13zj6p31|03|net"; nocase; ) # cd7q6ima3x9212t8cfxzt8ied.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cd7q6ima3x9212t8cfxzt8ied|03|com"; nocase; ) # 9la8q9v63jj6yfcn7z1bc1mr2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9la8q9v63jj6yfcn7z1bc1mr2|03|net"; nocase; ) # czxefjrfne531dwjlwsavs0lp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|czxefjrfne531dwjlwsavs0lp|03|org"; nocase; ) # ddk40065vv3ebf3nzb1r8ij0i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ddk40065vv3ebf3nzb1r8ij0i|03|net"; nocase; ) # 1dept1r1l0aup41wcxp8bveowqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dept1r1l0aup41wcxp8bveowqk|03|com"; nocase; ) # jlua8a4xta7c1sjj7witb6rov.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jlua8a4xta7c1sjj7witb6rov|03|org"; nocase; ) # 1sq8hwq70bylmpn3valwwa5c8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sq8hwq70bylmpn3valwwa5c8|03|biz"; nocase; ) # ucyz2p6ngkyh1808q226m3ypf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ucyz2p6ngkyh1808q226m3ypf|03|com"; nocase; ) # 1w4u9ugwnzgc6esgjg100znkg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w4u9ugwnzgc6esgjg100znkg|03|net"; nocase; ) # 73ugza15cmgndldjiau15whe3e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|73ugza15cmgndldjiau15whe3e|03|com"; nocase; ) # 1epsjp81o5xtsafa5ck6twdz2q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1epsjp81o5xtsafa5ck6twdz2q|03|biz"; nocase; ) # 1onmpcmdsyyhbj7aah51cewmkw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1onmpcmdsyyhbj7aah51cewmkw|03|com"; nocase; ) # fobgj41agdqy710qhce01xy75kw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fobgj41agdqy710qhce01xy75kw|03|net"; nocase; ) # 7e4rom18y2w8q12swgzqgkcowu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7e4rom18y2w8q12swgzqgkcowu|03|org"; nocase; ) # apci77875g3n12vs1peo4hein.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|apci77875g3n12vs1peo4hein|03|org"; nocase; ) # 168phze1ijh9wo8tkcrw15jy0xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|168phze1ijh9wo8tkcrw15jy0xe|03|net"; nocase; ) # ie57381ihtauep4smke1kyucno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ie57381ihtauep4smke1kyucno|03|org"; nocase; ) # 1dow7l9s9es361mnnudw1gensip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dow7l9s9es361mnnudw1gensip|03|net"; nocase; ) # 1158rszyecf87xc5u51iy960a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1158rszyecf87xc5u51iy960a|03|org"; nocase; ) # 7tu6bn1fh1bet1vo2vwg1b968jk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7tu6bn1fh1bet1vo2vwg1b968jk|03|net"; nocase; ) # ve3dfk17nqufg1qj3ceiwvnh72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ve3dfk17nqufg1qj3ceiwvnh72|03|net"; nocase; ) # rqt5w3kqpspee66ibo1108z76.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rqt5w3kqpspee66ibo1108z76|03|org"; nocase; ) # 19khns7m12y271xgspixls6euy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19khns7m12y271xgspixls6euy|03|net"; nocase; ) # ba819c1ifa127pe6jznjsfcc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ba819c1ifa127pe6jznjsfcc6|03|com"; nocase; ) # 1m0wdlx17oq1801m0wa6j6q8v0u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m0wdlx17oq1801m0wa6j6q8v0u|03|biz"; nocase; ) # 1j4f0nq1ddh4fa11uie3g4spzvh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j4f0nq1ddh4fa11uie3g4spzvh|03|org"; nocase; ) # 1jcd4e17oy8x2vufyr51dk4wvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jcd4e17oy8x2vufyr51dk4wvr|03|com"; nocase; ) # 7kyg8hi32fuj253q4q18y2sy7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7kyg8hi32fuj253q4q18y2sy7|03|org"; nocase; ) # 1e5f0u01gfofcp1fv5mh0onllph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e5f0u01gfofcp1fv5mh0onllph|03|net"; nocase; ) # 19t5y2tu82ked1acoazj1s1g9q8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19t5y2tu82ked1acoazj1s1g9q8|03|org"; nocase; ) # 135ufa37d215p1btqhea1uemhk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|135ufa37d215p1btqhea1uemhk2|03|net"; nocase; ) # ujmy2m0ryci10j39hl1wamtv7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ujmy2m0ryci10j39hl1wamtv7|03|biz"; nocase; ) # kicg6n12uy0bomatf1nxcnihl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kicg6n12uy0bomatf1nxcnihl|03|org"; nocase; ) # 1022s3c130dr681vlfxi7189uc4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1022s3c130dr681vlfxi7189uc4b|03|net"; nocase; ) # 1lne8vv1tbbt5n19klmpuw182nz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lne8vv1tbbt5n19klmpuw182nz|03|com"; nocase; ) # 1dqzleb1o3zirt13rl42j191jsw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dqzleb1o3zirt13rl42j191jsw8|03|net"; nocase; ) # ac7tfxcqkar1ints1b125yyfj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ac7tfxcqkar1ints1b125yyfj|03|com"; nocase; ) # 1hcfdc91rhzuwklcwgdi1dg72kc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hcfdc91rhzuwklcwgdi1dg72kc|03|net"; nocase; ) # qosoka12ue8e2e6g3qd1mtt1su.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qosoka12ue8e2e6g3qd1mtt1su|03|biz"; nocase; ) # tbsh6g1epcyht1ke1plp1sgvruv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tbsh6g1epcyht1ke1plp1sgvruv|03|org"; nocase; ) # 1ukqpi2lwcwcw1evzww292qkei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ukqpi2lwcwcw1evzww292qkei|03|biz"; nocase; ) # qg6bun2oio6k8gy0rnqdms9p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qg6bun2oio6k8gy0rnqdms9p|03|com"; nocase; ) # gu5b0j193m93tj0dh0d1n6ibp9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gu5b0j193m93tj0dh0d1n6ibp9|03|com"; nocase; ) # 1yvu41s1j2k6su1te2igm1xpngj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yvu41s1j2k6su1te2igm1xpngj7|03|net"; nocase; ) # 1x8nriieczon1jcdecu1mbyukb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8nriieczon1jcdecu1mbyukb|03|net"; nocase; ) # 9nzdl01lly72n1cll4aq11e13cm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9nzdl01lly72n1cll4aq11e13cm|03|org"; nocase; ) # m5g5cghlx7wt1srswqh5htfkl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5g5cghlx7wt1srswqh5htfkl|03|com"; nocase; ) # 8qwem61fdff2ci9vvsw11ptq95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8qwem61fdff2ci9vvsw11ptq95|03|net"; nocase; ) # nnjmnbwn9bn81oc9qjal8sn4i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nnjmnbwn9bn81oc9qjal8sn4i|03|biz"; nocase; ) # 7k58vl1khgogy1ifkrwj1v015rz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7k58vl1khgogy1ifkrwj1v015rz|03|org"; nocase; ) # 1ct3neemfzipohka8cny4hj9c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ct3neemfzipohka8cny4hj9c|03|net"; nocase; ) # kbpb6gfv2e5z4g490ig92miu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kbpb6gfv2e5z4g490ig92miu|03|biz"; nocase; ) # dpyovl133vsk7a5715r1t1atfn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dpyovl133vsk7a5715r1t1atfn|03|org"; nocase; ) # 1cna3sk18eq50t1nopld01idyj6p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cna3sk18eq50t1nopld01idyj6p|03|net"; nocase; ) # 1jmtzbq1e2kg84xxkk821a08znd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmtzbq1e2kg84xxkk821a08znd|03|com"; nocase; ) # ube5iyn51t4x1o9frjjkx7f95.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ube5iyn51t4x1o9frjjkx7f95|03|org"; nocase; ) # 1eaoywc5lfztfq9qrr113dlyek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eaoywc5lfztfq9qrr113dlyek|03|biz"; nocase; ) # 1q5y44eoz8orj13hx77i1r89hr3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q5y44eoz8orj13hx77i1r89hr3|03|com"; nocase; ) # 1dc5e8e8lj8tr93ryh61gdff0l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dc5e8e8lj8tr93ryh61gdff0l|03|biz"; nocase; ) # cwdxo33vs4u91j3qnb5193lh9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cwdxo33vs4u91j3qnb5193lh9i|03|net"; nocase; ) # 819b10eufqtb7cyiat1a0v66m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|819b10eufqtb7cyiat1a0v66m|03|org"; nocase; ) # 13bx5261jmmk7u122a7ag1m18y9a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13bx5261jmmk7u122a7ag1m18y9a|03|biz"; nocase; ) # 1iji78rdjx6zf11nt9md12pyaim.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iji78rdjx6zf11nt9md12pyaim|03|net"; nocase; ) # 2ylz8k175ahivj00olm10r9nuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2ylz8k175ahivj00olm10r9nuo|03|com"; nocase; ) # 167nb4r7daf9xlit432socevf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|167nb4r7daf9xlit432socevf|03|com"; nocase; ) # nskvp7kwwwoa1qsqp2x1twp1ky.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nskvp7kwwwoa1qsqp2x1twp1ky|03|net"; nocase; ) # 1hipyix1dv3ags15s45uo1cnh6x3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hipyix1dv3ags15s45uo1cnh6x3|03|org"; nocase; ) # 12h39y01g9b1tg1vw45q41ivzgg0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12h39y01g9b1tg1vw45q41ivzgg0|03|biz"; nocase; ) # hxpdc716f11qc14moypn1easb3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hxpdc716f11qc14moypn1easb3d|03|net"; nocase; ) # 1bl4ay416hrteet5bskl10szwr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bl4ay416hrteet5bskl10szwr1|03|com"; nocase; ) # 14vn27m85bw1u12e9kxo107y1v5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14vn27m85bw1u12e9kxo107y1v5|03|com"; nocase; ) # 64b17qwt5piuc3yrkzaoq1n8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|64b17qwt5piuc3yrkzaoq1n8|03|org"; nocase; ) # ln883g1p7hw5nxg1ccr1r135r3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ln883g1p7hw5nxg1ccr1r135r3|03|org"; nocase; ) # 1r92y7e5qihcm1i6lqwwqs92t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r92y7e5qihcm1i6lqwwqs92t|03|com"; nocase; ) # c3s31e1a113ko1dabucw20azfp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c3s31e1a113ko1dabucw20azfp|03|biz"; nocase; ) # wl8igv13wt6ti23me9o1ed4bl8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wl8igv13wt6ti23me9o1ed4bl8|03|com"; nocase; ) # 1l0ofct1oa3v3hb8sord198or8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l0ofct1oa3v3hb8sord198or8m|03|net"; nocase; ) # rn7pqp1n8f3yizahml41ndxtjk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rn7pqp1n8f3yizahml41ndxtjk|03|org"; nocase; ) # 1xdmzcc1363e4clb204341ly0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xdmzcc1363e4clb204341ly0|03|com"; nocase; ) # 11or7y91jfago8wn0u1b52tj80.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11or7y91jfago8wn0u1b52tj80|03|net"; nocase; ) # 11ih2m1p2kgbv1lis7rh14bzi3h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ih2m1p2kgbv1lis7rh14bzi3h|03|org"; nocase; ) # 1tnn9kgc1fjzv6ctl4g3s8je1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tnn9kgc1fjzv6ctl4g3s8je1|03|biz"; nocase; ) # 17kop3s1ast6exy32nafc2v8wu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17kop3s1ast6exy32nafc2v8wu|03|com"; nocase; ) # 1oovqsrl54o4p1606hnayqua5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1oovqsrl54o4p1606hnayqua5|03|com"; nocase; ) # dka9h36m0y71t9bb4zqajv85.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dka9h36m0y71t9bb4zqajv85|03|org"; nocase; ) # 7nemb6pvd6le5x64sx1pjk68w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7nemb6pvd6le5x64sx1pjk68w|03|com"; nocase; ) # 1dg1bka1ij841j1d4d6py95rhky.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dg1bka1ij841j1d4d6py95rhky|03|com"; nocase; ) # qiq69xhu14k41f4odl91uw4emb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qiq69xhu14k41f4odl91uw4emb|03|org"; nocase; ) # 1qtirg65dp5cbo9lf6a15i9prh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qtirg65dp5cbo9lf6a15i9prh|03|org"; nocase; ) # 1oynbzjlb8u4e18ihr9iidrcld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oynbzjlb8u4e18ihr9iidrcld|03|com"; nocase; ) # 1v551kgv9wdwh1hcmsiep0w04o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v551kgv9wdwh1hcmsiep0w04o|03|biz"; nocase; ) # etu1va714ch7bppvja1aunvy2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|etu1va714ch7bppvja1aunvy2|03|net"; nocase; ) # r105vu1tqbjp7l3fooibxxdsn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r105vu1tqbjp7l3fooibxxdsn|03|biz"; nocase; ) # x0l332vbblp1m9zymhor7bf9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x0l332vbblp1m9zymhor7bf9|03|net"; nocase; ) # 1xepwlmxvh71uhu9hx167aief.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xepwlmxvh71uhu9hx167aief|03|org"; nocase; ) # wkflcsyu99sz1he0rduusdp41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wkflcsyu99sz1he0rduusdp41|03|net"; nocase; ) # e363czitvlbp15ibme91ov8qfx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e363czitvlbp15ibme91ov8qfx|03|org"; nocase; ) # tur528qrpaz27owsxj1gi9s06.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tur528qrpaz27owsxj1gi9s06|03|com"; nocase; ) # f25iq7126gr5nflq2bye0abkt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f25iq7126gr5nflq2bye0abkt|03|biz"; nocase; ) # h1kwuq5522s21d388hsdvsqkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1kwuq5522s21d388hsdvsqkl|03|org"; nocase; ) # odlh8p11qj6cv10pfpbuohak1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|odlh8p11qj6cv10pfpbuohak1o|03|net"; nocase; ) # ro1ykh1ldgnnr1emta6yg6s8b5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ro1ykh1ldgnnr1emta6yg6s8b5|03|com"; nocase; ) # 13y2mki1w2x1h91nepewhiaf6s8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13y2mki1w2x1h91nepewhiaf6s8|03|org"; nocase; ) # lj5k8k1wuksn11cik27sakmsam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lj5k8k1wuksn11cik27sakmsam|03|net"; nocase; ) # 1mijfh7xjr6qh1lyhv271czp051.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mijfh7xjr6qh1lyhv271czp051|03|com"; nocase; ) # rpofuaj2zu1zgmbrsl1k0x78t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rpofuaj2zu1zgmbrsl1k0x78t|03|net"; nocase; ) # 16ke8od1yil8ef1rw0bx21hxn7yj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16ke8od1yil8ef1rw0bx21hxn7yj|03|net"; nocase; ) # w5dyqx1iavlh8hbef27949nwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5dyqx1iavlh8hbef27949nwq|03|net"; nocase; ) # 19weg52v2o0xb9nnx5o1hu70a0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19weg52v2o0xb9nnx5o1hu70a0|03|com"; nocase; ) # 1cnrbp02alqw0n7n133inle9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1cnrbp02alqw0n7n133inle9|03|net"; nocase; ) # o1pfvu7h3xzzp3f0d328qyg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|o1pfvu7h3xzzp3f0d328qyg|03|net"; nocase; ) # bdp2mbk7tktpkngldsg9p9bs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bdp2mbk7tktpkngldsg9p9bs|03|net"; nocase; ) # tnw3veiq15u9d036vv15mr9z4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tnw3veiq15u9d036vv15mr9z4|03|org"; nocase; ) # 9485nm3escszh48mmq7z9dpc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9485nm3escszh48mmq7z9dpc|03|com"; nocase; ) # hj4n0x2dazmf95arq55fetul.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hj4n0x2dazmf95arq55fetul|03|biz"; nocase; ) # 7ls3xn1iq8cil18xa7m5m40xqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7ls3xn1iq8cil18xa7m5m40xqx|03|biz"; nocase; ) # 1iusm0h1p3viif1emcwlqz4yfea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iusm0h1p3viif1emcwlqz4yfea|03|org"; nocase; ) # 1eudmk913pn5o81afbqd813vapv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eudmk913pn5o81afbqd813vapv|03|net"; nocase; ) # f7r7ud15hbe0o5pje5k1d624kq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7r7ud15hbe0o5pje5k1d624kq|03|com"; nocase; ) # 16d8injkkui71148rg8c1wtk1cb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16d8injkkui71148rg8c1wtk1cb|03|org"; nocase; ) # 1ejltif1jazx6cqghfs2o7qy9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ejltif1jazx6cqghfs2o7qy9f|03|net"; nocase; ) # h2ooe910231x51rle66vsgabih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h2ooe910231x51rle66vsgabih|03|net"; nocase; ) # 12g80q41ft1dvm14qza8spx0xxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12g80q41ft1dvm14qza8spx0xxo|03|net"; nocase; ) # bjuc8z1ntrrkju1hdyi1qbo1sr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bjuc8z1ntrrkju1hdyi1qbo1sr|03|org"; nocase; ) # z1140gt1ku8o6e619horxi3r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z1140gt1ku8o6e619horxi3r|03|com"; nocase; ) # 1axtcirgivlda3ghfwn1sr8ta9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1axtcirgivlda3ghfwn1sr8ta9|03|biz"; nocase; ) # dhyd5o1w99ms73qwx7crg5cd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dhyd5o1w99ms73qwx7crg5cd6|03|net"; nocase; ) # 1n7eq3417vhbzb5agq5yvilrfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n7eq3417vhbzb5agq5yvilrfy|03|net"; nocase; ) # 6xp2klb6l37q33jizlrfw1tq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6xp2klb6l37q33jizlrfw1tq|03|com"; nocase; ) # 16menyq1da8jsztxelk41azg2ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16menyq1da8jsztxelk41azg2ia|03|net"; nocase; ) # js4xq030efn01bv6yaqq8gf67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|js4xq030efn01bv6yaqq8gf67|03|net"; nocase; ) # aqxu151x3fahf1tcybbc1w8rf1l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aqxu151x3fahf1tcybbc1w8rf1l|03|org"; nocase; ) # wxk4xaqfyzr1u1j0mj11pzup8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wxk4xaqfyzr1u1j0mj11pzup8|03|net"; nocase; ) # 1b472hgxipl9sspi86l1iwa1c4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b472hgxipl9sspi86l1iwa1c4|03|biz"; nocase; ) # 13qzhm6a1o5qp14cryddpv5etv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qzhm6a1o5qp14cryddpv5etv|03|org"; nocase; ) # 1a876pwqh1bwrb9gch8ocizuk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a876pwqh1bwrb9gch8ocizuk|03|org"; nocase; ) # rxsl5yznhzpngimwbt1005ykb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxsl5yznhzpngimwbt1005ykb|03|biz"; nocase; ) # 6vwc5odnk439151w8p21wpf5rp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6vwc5odnk439151w8p21wpf5rp|03|net"; nocase; ) # 16t0w9l1aghqu91xi5fp4ll94gn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16t0w9l1aghqu91xi5fp4ll94gn|03|com"; nocase; ) # 1pjttxz1i6i9t8z1qzztqpldk6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pjttxz1i6i9t8z1qzztqpldk6|03|biz"; nocase; ) # 17devjj8jyh0e1xfr921xdt4ra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17devjj8jyh0e1xfr921xdt4ra|03|org"; nocase; ) # mw9evj10fpgo3k12h81xo82bv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mw9evj10fpgo3k12h81xo82bv|03|org"; nocase; ) # 16cjfv6vjh8o7cwc4qq1beu80m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16cjfv6vjh8o7cwc4qq1beu80m|03|com"; nocase; ) # 1vma5581ulo3pjbegqhz12tbv9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vma5581ulo3pjbegqhz12tbv9f|03|com"; nocase; ) # ww1b7q14luidlqocz6g7bzxjw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ww1b7q14luidlqocz6g7bzxjw|03|net"; nocase; ) # 1p83poz1e3ejxh11am3m81xn7rhj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p83poz1e3ejxh11am3m81xn7rhj|03|net"; nocase; ) # pzq07w12q2d1l1d48ovl1ltarvf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pzq07w12q2d1l1d48ovl1ltarvf|03|com"; nocase; ) # 944nic9fhotb3oa2tz1loyvhp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|944nic9fhotb3oa2tz1loyvhp|03|org"; nocase; ) # 9a14ol1l9blpjl09y95smejs2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9a14ol1l9blpjl09y95smejs2|03|net"; nocase; ) # d02ymlpkkf3mlg0a4g1o0ajkw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d02ymlpkkf3mlg0a4g1o0ajkw|03|net"; nocase; ) # qlqmid1ctisr73t89tpg8ku4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qlqmid1ctisr73t89tpg8ku4u|03|com"; nocase; ) # 1e0a19stgkik117i2qtq86h0zv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e0a19stgkik117i2qtq86h0zv|03|biz"; nocase; ) # 6y2jj21pfwj16ne0v02gltpw2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6y2jj21pfwj16ne0v02gltpw2|03|com"; nocase; ) # 5n8ftdzu2ojc8qjda4lik3e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|5n8ftdzu2ojc8qjda4lik3e|03|net"; nocase; ) # k5m0byytb50r2frb6d1a8kyju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5m0byytb50r2frb6d1a8kyju|03|net"; nocase; ) # qh3m25r68tof1br8fde13oqc6n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qh3m25r68tof1br8fde13oqc6n|03|org"; nocase; ) # 1lquz1x97sdsxs9asf1eqfhpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lquz1x97sdsxs9asf1eqfhpo|03|com"; nocase; ) # 1j0un8v13rhk2um5kwmz40uhr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j0un8v13rhk2um5kwmz40uhr0|03|net"; nocase; ) # 156k2fjel7ornisz9s4paglb6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|156k2fjel7ornisz9s4paglb6|03|biz"; nocase; ) # 1b8sagykb2lr61m6lm8y1ymobvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b8sagykb2lr61m6lm8y1ymobvn|03|net"; nocase; ) # 1480tfw15rqrc74jpi118jm55v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1480tfw15rqrc74jpi118jm55v|03|org"; nocase; ) # yxh95v1sgbd2qpi3qc11q1921h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yxh95v1sgbd2qpi3qc11q1921h|03|net"; nocase; ) # 8593a4tqchp81o4iifl10bf7ig.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8593a4tqchp81o4iifl10bf7ig|03|biz"; nocase; ) # 4uufng1u3su8mdowvag1v6y6iv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4uufng1u3su8mdowvag1v6y6iv|03|net"; nocase; ) # 6avcje1ysiwxgqo0fy91lzr675.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6avcje1ysiwxgqo0fy91lzr675|03|com"; nocase; ) # kmnaak6r3x2918miiplbc5ygj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kmnaak6r3x2918miiplbc5ygj|03|org"; nocase; ) # ylqi0l7pnepn1q2nhlv1vpo5bm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ylqi0l7pnepn1q2nhlv1vpo5bm|03|org"; nocase; ) # 1pj491a1wtwzhr1lr5yo64zyyuu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pj491a1wtwzhr1lr5yo64zyyuu|03|biz"; nocase; ) # qlzpvibw5e4w1sj6anp81h1t0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qlzpvibw5e4w1sj6anp81h1t0|03|org"; nocase; ) # 1ujrh81hgwq1amng1eo17opyg9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujrh81hgwq1amng1eo17opyg9|03|biz"; nocase; ) # 7kvbhn67fg6nad4xmy1jpi9hg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7kvbhn67fg6nad4xmy1jpi9hg|03|com"; nocase; ) # 1q2uhur19pc9p81jq7lkf18iriuq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1q2uhur19pc9p81jq7lkf18iriuq|03|org"; nocase; ) # mde48gqy9a7z1743gslaw30kx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mde48gqy9a7z1743gslaw30kx|03|net"; nocase; ) # 9o7q28iksxyqel54q2122ssmn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9o7q28iksxyqel54q2122ssmn|03|biz"; nocase; ) # 1qm7kb1cr3y2sy3mkjm1s1jat7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qm7kb1cr3y2sy3mkjm1s1jat7|03|com"; nocase; ) # piv6i21vohws91p7csgq32rk85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|piv6i21vohws91p7csgq32rk85|03|net"; nocase; ) # 9bjthc18v479mg22rfujn2f7x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bjthc18v479mg22rfujn2f7x|03|com"; nocase; ) # jprlpqfs2zrnxk1siagn2crj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jprlpqfs2zrnxk1siagn2crj|03|org"; nocase; ) # 13zz7uwnm9ict1niwj00zrka2i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13zz7uwnm9ict1niwj00zrka2i|03|com"; nocase; ) # 1nir0kgm2gfbl13lwa63l8l4f4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nir0kgm2gfbl13lwa63l8l4f4|03|com"; nocase; ) # 1xh35cm1a8wi3kkz3hq91huoz6m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xh35cm1a8wi3kkz3hq91huoz6m|03|com"; nocase; ) # qttlb85ow0wlr2koo4wljcxp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qttlb85ow0wlr2koo4wljcxp|03|net"; nocase; ) # 16ilu61biwa1v9pd4p6725t74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ilu61biwa1v9pd4p6725t74|03|net"; nocase; ) # mhpamtw3i2kq1bdoogb1yoyc95.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mhpamtw3i2kq1bdoogb1yoyc95|03|com"; nocase; ) # 18jxfnkpt95vv1ncwi7r1wou3g6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18jxfnkpt95vv1ncwi7r1wou3g6|03|org"; nocase; ) # 1r918er1olccrk1kk9z671m9p1kj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r918er1olccrk1kk9z671m9p1kj|03|com"; nocase; ) # zgxzgh1kv937hwefc5f1jvp4sd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zgxzgh1kv937hwefc5f1jvp4sd|03|com"; nocase; ) # 112mp5tft0wuq20ctn7016gi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|112mp5tft0wuq20ctn7016gi|03|biz"; nocase; ) # j2hcc813e611y3k2onh6ce83r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j2hcc813e611y3k2onh6ce83r|03|org"; nocase; ) # 92q8v12myotrlx2kozxudy1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|92q8v12myotrlx2kozxudy1|03|net"; nocase; ) # 83az2u1ybe1phtsrdwvmv2e76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|83az2u1ybe1phtsrdwvmv2e76|03|com"; nocase; ) # 17em81i1rez074dzzfxpz70pur.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17em81i1rez074dzzfxpz70pur|03|biz"; nocase; ) # 1ggqnsiemto5z19wwqv919z7b35.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ggqnsiemto5z19wwqv919z7b35|03|com"; nocase; ) # ppulyyx94ro61vu0ir913tflkh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ppulyyx94ro61vu0ir913tflkh|03|org"; nocase; ) # g7rylm1y4jwqmbb76e2td67dp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g7rylm1y4jwqmbb76e2td67dp|03|biz"; nocase; ) # 14hxiyqo69zfejh6btt4ygdhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14hxiyqo69zfejh6btt4ygdhl|03|net"; nocase; ) # 1p64qwf1y8uldsglalpbyqxqkn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p64qwf1y8uldsglalpbyqxqkn|03|com"; nocase; ) # 1l2snt71e1gzzihemfh41oz3ist.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l2snt71e1gzzihemfh41oz3ist|03|net"; nocase; ) # 1in42z4b1w2vgk96i681jsbjy0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1in42z4b1w2vgk96i681jsbjy0|03|net"; nocase; ) # 3w95gw1hs1sg3943h21fw6c01.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3w95gw1hs1sg3943h21fw6c01|03|com"; nocase; ) # ktd4ld1uof1pbazn6uv1atdl2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktd4ld1uof1pbazn6uv1atdl2l|03|biz"; nocase; ) # 17uqv5e1lvmlmw1g2uyj0yhrhsn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uqv5e1lvmlmw1g2uyj0yhrhsn|03|com"; nocase; ) # 1hve8u6dd4z7px559w420be9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hve8u6dd4z7px559w420be9j|03|net"; nocase; ) # 169pgb84jwdbckuemnn04pcg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|169pgb84jwdbckuemnn04pcg|03|net"; nocase; ) # sr7jbv19r0xex169u1961gtymtd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sr7jbv19r0xex169u1961gtymtd|03|net"; nocase; ) # c8yiq0c15hmq13svjef1bdow8k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c8yiq0c15hmq13svjef1bdow8k|03|com"; nocase; ) # docn911q68cionr2g3q1a7yrk5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|docn911q68cionr2g3q1a7yrk5|03|biz"; nocase; ) # 16w900ed5xsarjwgo9z4asjv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16w900ed5xsarjwgo9z4asjv6|03|net"; nocase; ) # 14vk5sxe6jf1y176qokspxig5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14vk5sxe6jf1y176qokspxig5i|03|org"; nocase; ) # 1ew9q9m1en13chij0jmy1v5uihy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ew9q9m1en13chij0jmy1v5uihy|03|net"; nocase; ) # otk6ia5huus5l8ckdaaq3n8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|otk6ia5huus5l8ckdaaq3n8z|03|com"; nocase; ) # 1dvww7vz6vro917wg9dhap2e5r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dvww7vz6vro917wg9dhap2e5r|03|biz"; nocase; ) # kvj4kcqwk4in1wccx0e14z6ui0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvj4kcqwk4in1wccx0e14z6ui0|03|net"; nocase; ) # gcswvn1e6q0vuum62v11vkpe7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gcswvn1e6q0vuum62v11vkpe7|03|net"; nocase; ) # 1oy40ck14ul9c519wgn6x7d4hq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oy40ck14ul9c519wgn6x7d4hq|03|org"; nocase; ) # my1fip194odkbbbwev11ir25g0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|my1fip194odkbbbwev11ir25g0|03|net"; nocase; ) # uwo6thlod43r1qiv2tc9d5orj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uwo6thlod43r1qiv2tc9d5orj|03|com"; nocase; ) # 170s2j29cfuk4aol8fv1u18f6q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|170s2j29cfuk4aol8fv1u18f6q|03|biz"; nocase; ) # 30zba0792p3r1c082vfa0lsl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|30zba0792p3r1c082vfa0lsl7|03|org"; nocase; ) # 2s6qfd13c0g1s1slp6dmakcjfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2s6qfd13c0g1s1slp6dmakcjfx|03|net"; nocase; ) # 5hzi7n1d7fn77uhsrnwhpv5ka.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5hzi7n1d7fn77uhsrnwhpv5ka|03|biz"; nocase; ) # 46qk5a1lp92il1swqefi1fl2rjq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|46qk5a1lp92il1swqefi1fl2rjq|03|net"; nocase; ) # 1wjb3221chw69k7lrioed8uug4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wjb3221chw69k7lrioed8uug4|03|org"; nocase; ) # jxmmutf2nvsv19zntx21h2mlhr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jxmmutf2nvsv19zntx21h2mlhr|03|com"; nocase; ) # gbcodc1qstxa35uibzf28q90a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gbcodc1qstxa35uibzf28q90a|03|org"; nocase; ) # dt3tbo1ioveiu14b4jjm1sls6zr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dt3tbo1ioveiu14b4jjm1sls6zr|03|org"; nocase; ) # 1qt71gqiml5ai2rklb51pgmp2b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qt71gqiml5ai2rklb51pgmp2b|03|com"; nocase; ) # 1060i2v1maiqwab9bfc31is7gwk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1060i2v1maiqwab9bfc31is7gwk|03|biz"; nocase; ) # 8gund78eaqlm1anermzhqrwjp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8gund78eaqlm1anermzhqrwjp|03|net"; nocase; ) # 1qxe0wbb7kyv7glslr6o6tjsw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qxe0wbb7kyv7glslr6o6tjsw|03|org"; nocase; ) # 1917o3x1jz87uezo23yo1n95dgi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1917o3x1jz87uezo23yo1n95dgi|03|biz"; nocase; ) # 1vn2a3moqth6k1l09ziw18yzuyt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vn2a3moqth6k1l09ziw18yzuyt|03|org"; nocase; ) # hi7nnq6aifrxrtl3u51z7gyu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hi7nnq6aifrxrtl3u51z7gyu|03|net"; nocase; ) # cv40tp1hoy790ed2loy1sgyam3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cv40tp1hoy790ed2loy1sgyam3|03|net"; nocase; ) # qzot4x1jndt1o5137pa1o531bp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qzot4x1jndt1o5137pa1o531bp|03|net"; nocase; ) # szy6pl10tzd741arlfua14x5ti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|szy6pl10tzd741arlfua14x5ti|03|net"; nocase; ) # xydb1zb2fe89177yn2j1rnhxta.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xydb1zb2fe89177yn2j1rnhxta|03|biz"; nocase; ) # 1yw9c5d1np0ngw3alas01njx6xl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yw9c5d1np0ngw3alas01njx6xl|03|org"; nocase; ) # 1uznedfdrkf311lqf8fv1m29t9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uznedfdrkf311lqf8fv1m29t9v|03|org"; nocase; ) # m0dg4w1gajyxr1m7fxxs1mxboyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m0dg4w1gajyxr1m7fxxs1mxboyz|03|com"; nocase; ) # 1o9eevzjpp2ae2vy8pic2fkth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o9eevzjpp2ae2vy8pic2fkth|03|org"; nocase; ) # rxrw3qg8ogsy1pzo8i82paivj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rxrw3qg8ogsy1pzo8i82paivj|03|biz"; nocase; ) # 4c96aaqcy1o622j6s6150fl5r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4c96aaqcy1o622j6s6150fl5r|03|org"; nocase; ) # 1l4ta2c1gg6v6j1hcal0d7zhyjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l4ta2c1gg6v6j1hcal0d7zhyjy|03|com"; nocase; ) # xgv8et1cxep8d13879fm1nxbhq8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xgv8et1cxep8d13879fm1nxbhq8|03|org"; nocase; ) # 13h7msangx4bs112axsy19qyp0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13h7msangx4bs112axsy19qyp0d|03|org"; nocase; ) # 1ivd0hn16b5xu1xpj3z67m3loc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ivd0hn16b5xu1xpj3z67m3loc|03|biz"; nocase; ) # 11pnxe62mce864tl5w06rl7cs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11pnxe62mce864tl5w06rl7cs|03|org"; nocase; ) # rn4ti4uricxax5s4c1uyr2eq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rn4ti4uricxax5s4c1uyr2eq|03|com"; nocase; ) # 1az33ouz2vekm1308rr7wxn431.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1az33ouz2vekm1308rr7wxn431|03|com"; nocase; ) # 1t9vhuf1hni1wn1wig3ks1oo6rar.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t9vhuf1hni1wn1wig3ks1oo6rar|03|net"; nocase; ) # fpqgsn1kgj4ji5tpojugnj0nf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fpqgsn1kgj4ji5tpojugnj0nf|03|biz"; nocase; ) # kv5epl11685zlid04loobilhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kv5epl11685zlid04loobilhn|03|net"; nocase; ) # 13qdi8x32d2715mmm9e1gg1pgv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13qdi8x32d2715mmm9e1gg1pgv|03|org"; nocase; ) # 196oiqk1bnsxix13ew5b12lbcld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|196oiqk1bnsxix13ew5b12lbcld|03|net"; nocase; ) # 173i5js12istyj1thx0ii6pyi5t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173i5js12istyj1thx0ii6pyi5t|03|com"; nocase; ) # vigy8x17cmd25ms0qx2mijeh1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vigy8x17cmd25ms0qx2mijeh1|03|com"; nocase; ) # 1w2vfc514zvf03538u6ayvrc9v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w2vfc514zvf03538u6ayvrc9v|03|net"; nocase; ) # yrkpz21idmyuw1npxtdofzgjag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yrkpz21idmyuw1npxtdofzgjag|03|org"; nocase; ) # 995dw1l4eyrlg432j41odiz6n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|995dw1l4eyrlg432j41odiz6n|03|com"; nocase; ) # ynjb5p1ry0xqj193i9f011cmvxw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ynjb5p1ry0xqj193i9f011cmvxw|03|biz"; nocase; ) # 1v94xuv1yusd2sfpshfr1mr6b3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v94xuv1yusd2sfpshfr1mr6b3v|03|net"; nocase; ) # sx6x53abrijz9k0rom1318lg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sx6x53abrijz9k0rom1318lg9|03|net"; nocase; ) # wt1v3ryiols51wqhwrbgwttmg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wt1v3ryiols51wqhwrbgwttmg|03|com"; nocase; ) # 1n2ejmzlskblb15pggjw1pl6sxh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n2ejmzlskblb15pggjw1pl6sxh|03|net"; nocase; ) # pibnl51rbowe525h3mm8b58dn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pibnl51rbowe525h3mm8b58dn|03|com"; nocase; ) # 1t3xksk1v3nfoy2jfc5415mwq4o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t3xksk1v3nfoy2jfc5415mwq4o|03|net"; nocase; ) # 1vky3knb1loeu1yebafp12y3h9w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vky3knb1loeu1yebafp12y3h9w|03|org"; nocase; ) # q3h1hpgauhv7y240o48wpm1f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q3h1hpgauhv7y240o48wpm1f|03|com"; nocase; ) # sfyk4oyl1kquwrzmkg12lwfp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfyk4oyl1kquwrzmkg12lwfp3|03|com"; nocase; ) # dsrney6hlfot1kn36o51j38agk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dsrney6hlfot1kn36o51j38agk|03|net"; nocase; ) # glzyfkjiuvc7ywuqad1cz3jwm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|glzyfkjiuvc7ywuqad1cz3jwm|03|net"; nocase; ) # 2u7bzldwfz9p131o967dsbo5i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2u7bzldwfz9p131o967dsbo5i|03|org"; nocase; ) # 1re0xeo1jz74z8kuszk1v1jgwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1re0xeo1jz74z8kuszk1v1jgwj|03|net"; nocase; ) # 1ke1oml1g4wha21hlhild9on1p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ke1oml1g4wha21hlhild9on1p|03|org"; nocase; ) # rhkfin1f4xka31yhs3tl1c1wdnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rhkfin1f4xka31yhs3tl1c1wdnh|03|biz"; nocase; ) # sd2igb3zo4ak11btvgstfod7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sd2igb3zo4ak11btvgstfod7g|03|net"; nocase; ) # 1m57uufiio7ga1x1zi6p1xps14r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m57uufiio7ga1x1zi6p1xps14r|03|net"; nocase; ) # 17vgq9b13eq4nqras1v81dbsvv1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17vgq9b13eq4nqras1v81dbsvv1|03|biz"; nocase; ) # 1e704v1nvo6mdsry0211p15qat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e704v1nvo6mdsry0211p15qat|03|net"; nocase; ) # 10wtb531x9q8rr1x879bo1bp2esx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10wtb531x9q8rr1x879bo1bp2esx|03|com"; nocase; ) # dya83zgpwk2a1qide321ysvuj8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dya83zgpwk2a1qide321ysvuj8|03|biz"; nocase; ) # 1jznou41f1mf6t10uau5b1qfkdog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jznou41f1mf6t10uau5b1qfkdog|03|org"; nocase; ) # fm6ueitos4nm1dzythj1b6fbv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fm6ueitos4nm1dzythj1b6fbv1|03|com"; nocase; ) # z5jo7s3v855cwow26417r39wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z5jo7s3v855cwow26417r39wk|03|net"; nocase; ) # 1nhzxofrbbdh9qzqmj1l4ntbe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nhzxofrbbdh9qzqmj1l4ntbe|03|com"; nocase; ) # 1pg5yv31m7qbevt9z7la1i94qz1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pg5yv31m7qbevt9z7la1i94qz1|03|net"; nocase; ) # 1fwzk7o1f329m1kbkuqhnxhmin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fwzk7o1f329m1kbkuqhnxhmin|03|net"; nocase; ) # 1e9eam61tu1lkje69zerdtmili.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e9eam61tu1lkje69zerdtmili|03|org"; nocase; ) # d0qhsmiv79dbiaf5gb1xzmfl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d0qhsmiv79dbiaf5gb1xzmfl7|03|org"; nocase; ) # 5xdek88jq96c1g4s1fq1xyb2yt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5xdek88jq96c1g4s1fq1xyb2yt|03|biz"; nocase; ) # i90t5z1e10npnwbb18jln1njd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i90t5z1e10npnwbb18jln1njd|03|net"; nocase; ) # 9ayxfr1y1su7175up1a16dvzob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ayxfr1y1su7175up1a16dvzob|03|biz"; nocase; ) # 11jrbp618yojs07dhubu19d6sol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11jrbp618yojs07dhubu19d6sol|03|com"; nocase; ) # b7osl61y2giaudzmepm1lv097l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b7osl61y2giaudzmepm1lv097l|03|org"; nocase; ) # 1gheslu12lxfgf1j8vjp0e8lrof.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gheslu12lxfgf1j8vjp0e8lrof|03|net"; nocase; ) # 130dtmx1cxcjtn1t2n1rxg11fpa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|130dtmx1cxcjtn1t2n1rxg11fpa|03|com"; nocase; ) # 1j0dgb91j6ax8qytx15xv1gnsx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j0dgb91j6ax8qytx15xv1gnsx|03|net"; nocase; ) # 27mny11epsz5dl5b4i8cs98qr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27mny11epsz5dl5b4i8cs98qr|03|biz"; nocase; ) # qti6pf1x6c7w8154uo8ndl2f3u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qti6pf1x6c7w8154uo8ndl2f3u|03|org"; nocase; ) # p8wm8d1w30reh1s7jqhm5w486v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p8wm8d1w30reh1s7jqhm5w486v|03|net"; nocase; ) # 1gg3uavprawym1mjpjask93uso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gg3uavprawym1mjpjask93uso|03|net"; nocase; ) # 1nq7frm1ndd2cv12cdp9u12f2u8i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1nq7frm1ndd2cv12cdp9u12f2u8i|03|com"; nocase; ) # 1do2709pijy9e102tyzi1vxeeso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1do2709pijy9e102tyzi1vxeeso|03|org"; nocase; ) # bnxl9dlamz921dzg6f0g7ib99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bnxl9dlamz921dzg6f0g7ib99|03|net"; nocase; ) # ao292fs9j1wjkyes5v1u8jccj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ao292fs9j1wjkyes5v1u8jccj|03|com"; nocase; ) # 7dpqav5tmdts1liksim1kmbo12.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7dpqav5tmdts1liksim1kmbo12|03|org"; nocase; ) # 1c7xjhk7rbb7ghs7b6oj98su.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1c7xjhk7rbb7ghs7b6oj98su|03|net"; nocase; ) # 18takt112v96gq19xx81cyl6kfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18takt112v96gq19xx81cyl6kfu|03|com"; nocase; ) # 16vwtbpqwo5fr9m82k9m7u5gk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16vwtbpqwo5fr9m82k9m7u5gk|03|net"; nocase; ) # 1wj4n9vylyds0zbblsn1wwplag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wj4n9vylyds0zbblsn1wwplag|03|org"; nocase; ) # 1llp2qu1fizpwa1cbjmlx1lq0jx1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1llp2qu1fizpwa1cbjmlx1lq0jx1|03|biz"; nocase; ) # 74guy1snfays8nt8ej139iu9j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|74guy1snfays8nt8ej139iu9j|03|net"; nocase; ) # v438c91v5n16m47jbbio9jlty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v438c91v5n16m47jbbio9jlty|03|biz"; nocase; ) # 1ugu0pjlhm0dq1quhrla1sog2dq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ugu0pjlhm0dq1quhrla1sog2dq|03|org"; nocase; ) # 1uetxoea2gcrc1cy9tpb1pqve5a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uetxoea2gcrc1cy9tpb1pqve5a|03|com"; nocase; ) # 1xxkly8ixntwy1sdf3aammsn81.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xxkly8ixntwy1sdf3aammsn81|03|org"; nocase; ) # 1on287heovdn754bh1qb1mytw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1on287heovdn754bh1qb1mytw|03|net"; nocase; ) # 1j5nlq6mn9vr61om4j781uwqa42.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j5nlq6mn9vr61om4j781uwqa42|03|net"; nocase; ) # 1nsyfmvouk8uo15w3ymk10yey8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nsyfmvouk8uo15w3ymk10yey8m|03|org"; nocase; ) # 1iacwdpygqjvx17e7ryfjh4a0j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iacwdpygqjvx17e7ryfjh4a0j|03|com"; nocase; ) # oqfpd41u4a1elxwj446ikw649.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oqfpd41u4a1elxwj446ikw649|03|com"; nocase; ) # a0918x1v6sm9p1k5kmw6z06vnw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a0918x1v6sm9p1k5kmw6z06vnw|03|org"; nocase; ) # 1kw4gix1i1268pyf7q5frjz47a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kw4gix1i1268pyf7q5frjz47a|03|net"; nocase; ) # 8rx1q81kekv3tzew3cn11wbjjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8rx1q81kekv3tzew3cn11wbjjh|03|org"; nocase; ) # wi9buc1e1aq3aow8b1n10m2ypk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wi9buc1e1aq3aow8b1n10m2ypk|03|com"; nocase; ) # tjn68vrl2mzl3ef0431hxhd2l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tjn68vrl2mzl3ef0431hxhd2l|03|biz"; nocase; ) # 1i7ppp11ltenob1l2w5gn537i2b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i7ppp11ltenob1l2w5gn537i2b|03|com"; nocase; ) # oiillpj9l6089gp97hugoav.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|oiillpj9l6089gp97hugoav|03|org"; nocase; ) # xopzuqv4pcry1i7rdpm1cu6j49.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xopzuqv4pcry1i7rdpm1cu6j49|03|net"; nocase; ) # cckr6k1ua8og81gp9zy81ai9h9n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cckr6k1ua8og81gp9zy81ai9h9n|03|org"; nocase; ) # s05i008feqdhee5oh519uuft0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s05i008feqdhee5oh519uuft0|03|org"; nocase; ) # dcr2nu1l4c932hurlme18r6ga5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dcr2nu1l4c932hurlme18r6ga5|03|net"; nocase; ) # 83jzy7lpx2ccckjrkos84kru.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|83jzy7lpx2ccckjrkos84kru|03|org"; nocase; ) # ihffe3shp0r61owh2321jsvjt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ihffe3shp0r61owh2321jsvjt6|03|net"; nocase; ) # 1a7t30suvgg4q1qe564h1u9805d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a7t30suvgg4q1qe564h1u9805d|03|org"; nocase; ) # jn37vln2jq6p1a4lr2zxjh121.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jn37vln2jq6p1a4lr2zxjh121|03|biz"; nocase; ) # fw6m6t1z3ux4105bivs1iuxk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fw6m6t1z3ux4105bivs1iuxk7|03|com"; nocase; ) # 1xorfs27nmk3b2e39ao18xvboi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xorfs27nmk3b2e39ao18xvboi|03|org"; nocase; ) # 7w6ybj1q3tu8wsyevkl4so9p8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7w6ybj1q3tu8wsyevkl4so9p8|03|com"; nocase; ) # c6vqmw3dmrcitw0vedj1plh7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c6vqmw3dmrcitw0vedj1plh7|03|net"; nocase; ) # 1fg7jua8s4vbp1np3vajusu7he.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fg7jua8s4vbp1np3vajusu7he|03|net"; nocase; ) # 16di2p1ms0g0qv03r5t1i60ek0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16di2p1ms0g0qv03r5t1i60ek0|03|com"; nocase; ) # 4km6xg1fl6obsx35anb12zvbyg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4km6xg1fl6obsx35anb12zvbyg|03|net"; nocase; ) # qe9qg51ygd1xpy9zui91y1bqlb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qe9qg51ygd1xpy9zui91y1bqlb|03|org"; nocase; ) # bitqx61l05jh11vtdak61kth5n3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bitqx61l05jh11vtdak61kth5n3|03|net"; nocase; ) # 2hjlckvy8vbq10qo5hd1e6hrxb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2hjlckvy8vbq10qo5hd1e6hrxb|03|org"; nocase; ) # 106hlyk1gfy47q18wokqozyl4ix.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|106hlyk1gfy47q18wokqozyl4ix|03|org"; nocase; ) # 10ae46w1om6ql71ksz8thvyecg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ae46w1om6ql71ksz8thvyecg|03|biz"; nocase; ) # clx37zwiaa8dsipzd714j31nr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|clx37zwiaa8dsipzd714j31nr|03|net"; nocase; ) # 1e3vhxz9l7150k3oucq1rkph50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e3vhxz9l7150k3oucq1rkph50|03|net"; nocase; ) # 124wz1z1cki3zimqxvmf1imf9po.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124wz1z1cki3zimqxvmf1imf9po|03|com"; nocase; ) # 4zzuzz1wt6nm51pygosfc696n9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4zzuzz1wt6nm51pygosfc696n9|03|org"; nocase; ) # 1epdmdzkma35xs1f9yx1phrnj2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1epdmdzkma35xs1f9yx1phrnj2|03|biz"; nocase; ) # 1p48uqs1xpbvi11iuscexs6nhmf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p48uqs1xpbvi11iuscexs6nhmf|03|net"; nocase; ) # ueippy6odegequjvvltext8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ueippy6odegequjvvltext8u|03|net"; nocase; ) # 1nmuqex5h1l6q1ndcn2xq8xvjt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nmuqex5h1l6q1ndcn2xq8xvjt|03|org"; nocase; ) # 1kkip2717ykcqm1y0u03v1jsefgu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kkip2717ykcqm1y0u03v1jsefgu|03|com"; nocase; ) # 15b26fcsrjz7zdcqijwv8bzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15b26fcsrjz7zdcqijwv8bzk|03|org"; nocase; ) # sgh2h01qv29hx43qdi01kbh7ss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sgh2h01qv29hx43qdi01kbh7ss|03|com"; nocase; ) # zn5emh59gly9rmmgcp168majd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn5emh59gly9rmmgcp168majd|03|net"; nocase; ) # 13fb1bk1enjvunt5ty0y1u7707t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13fb1bk1enjvunt5ty0y1u7707t|03|com"; nocase; ) # 12r65n1yfqnxa1xfia32ufxv7g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12r65n1yfqnxa1xfia32ufxv7g|03|biz"; nocase; ) # e4vb1x1uqkptlfik4zv16khsa9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e4vb1x1uqkptlfik4zv16khsa9|03|biz"; nocase; ) # 1f3g4a1btzoxb17begmpssdnwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f3g4a1btzoxb17begmpssdnwx|03|net"; nocase; ) # 17fpyy1ayex76c5hif3bxldf8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17fpyy1ayex76c5hif3bxldf8|03|org"; nocase; ) # 14nj7av1g41u6mdbh5zt1oklzzj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14nj7av1g41u6mdbh5zt1oklzzj|03|org"; nocase; ) # 1i1b91wc3xqdt1tclns4llwwsq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i1b91wc3xqdt1tclns4llwwsq|03|com"; nocase; ) # r8xwqm182dakustw42i18g0300.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r8xwqm182dakustw42i18g0300|03|net"; nocase; ) # 1wugli69hgjj818gz8eg2leowi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wugli69hgjj818gz8eg2leowi|03|net"; nocase; ) # 1yipgtyza9ng685m06s10yqpwc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yipgtyza9ng685m06s10yqpwc|03|biz"; nocase; ) # lcb9qgxe6wins24xau1b3jo09.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lcb9qgxe6wins24xau1b3jo09|03|org"; nocase; ) # oejs8hgtdp42g5j6xv196ei0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oejs8hgtdp42g5j6xv196ei0n|03|biz"; nocase; ) # 1exaddhxzpq15qvs057ktoy41.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1exaddhxzpq15qvs057ktoy41|03|net"; nocase; ) # xilgxod7a0y81h1ewy41jp9s7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xilgxod7a0y81h1ewy41jp9s7w|03|net"; nocase; ) # 8qcu4xkgi0a51mj46f91z11kun.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8qcu4xkgi0a51mj46f91z11kun|03|biz"; nocase; ) # 13p0o77zo40h214cmhx01njco9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13p0o77zo40h214cmhx01njco9a|03|org"; nocase; ) # 828gna21jpc61kqv8ou5u6qha.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|828gna21jpc61kqv8ou5u6qha|03|net"; nocase; ) # 1k3hlon1mle8l41ihll4g1d3blxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k3hlon1mle8l41ihll4g1d3blxi|03|biz"; nocase; ) # 1oxk7lk1idgv31yli7thoswsrb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oxk7lk1idgv31yli7thoswsrb|03|com"; nocase; ) # 124pqwre1mr8r15nuve1bxd07w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|124pqwre1mr8r15nuve1bxd07w|03|net"; nocase; ) # 1l0423f1hl4dxf41qgcy1rsrloe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l0423f1hl4dxf41qgcy1rsrloe|03|net"; nocase; ) # 1gzitj8thv926vqz0iulv9747.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gzitj8thv926vqz0iulv9747|03|org"; nocase; ) # 1trjyokqnxod281aekm1fdhm9r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1trjyokqnxod281aekm1fdhm9r|03|org"; nocase; ) # 1syjvxi1379yalfg4s3t1e3xsuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1syjvxi1379yalfg4s3t1e3xsuw|03|net"; nocase; ) # vcog6r1tjcu671ucffa6fsbm2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vcog6r1tjcu671ucffa6fsbm2q|03|net"; nocase; ) # 1am03x1schxaivkgu7k1o8viwe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1am03x1schxaivkgu7k1o8viwe|03|com"; nocase; ) # 1yvjlte1nls1yg15daqqfnwwp83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yvjlte1nls1yg15daqqfnwwp83|03|org"; nocase; ) # u27riy1e8fpd2t6fxbo1a583m7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u27riy1e8fpd2t6fxbo1a583m7|03|org"; nocase; ) # qz5xaa1dx8daqwqkey0m4txke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qz5xaa1dx8daqwqkey0m4txke|03|biz"; nocase; ) # 1g5y8d33ha4v61t8m3p5wefsrq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g5y8d33ha4v61t8m3p5wefsrq|03|org"; nocase; ) # 11ggg4p1w6u6w51c55m22s5byak.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11ggg4p1w6u6w51c55m22s5byak|03|org"; nocase; ) # tvtvvx19dvu96nord8tmrundj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tvtvvx19dvu96nord8tmrundj|03|net"; nocase; ) # 2jcy2rhg35te1s4sleu1nbg9hy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2jcy2rhg35te1s4sleu1nbg9hy|03|biz"; nocase; ) # y7lqi2rrmuspiltosf1kwll3y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y7lqi2rrmuspiltosf1kwll3y|03|org"; nocase; ) # 1kkoyfdomdu9z1g47az31msi3vq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kkoyfdomdu9z1g47az31msi3vq|03|biz"; nocase; ) # 11rcc4zahn2gd1ns5yeg49tj21.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11rcc4zahn2gd1ns5yeg49tj21|03|biz"; nocase; ) # 1ay65lmsktrkh7bdey2xwr7vc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ay65lmsktrkh7bdey2xwr7vc|03|net"; nocase; ) # 1dwz8f61vy18y31ya7q73cr5zhd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dwz8f61vy18y31ya7q73cr5zhd|03|com"; nocase; ) # 1ta4nww1xeqmts2v9gaelkunkb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ta4nww1xeqmts2v9gaelkunkb|03|biz"; nocase; ) # 1kfdavu10ee345aswv8o1b9c6lt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kfdavu10ee345aswv8o1b9c6lt|03|net"; nocase; ) # 1bgpth06sfyvh1mg8sa91mh7fke.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bgpth06sfyvh1mg8sa91mh7fke|03|biz"; nocase; ) # dpoe1py17c9vp23fev8lhqcx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dpoe1py17c9vp23fev8lhqcx|03|net"; nocase; ) # 1b1spyt12ojv6a7b911exjlgz4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b1spyt12ojv6a7b911exjlgz4|03|org"; nocase; ) # 193rgc9ts6c9n6luxu11kncnod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193rgc9ts6c9n6luxu11kncnod|03|com"; nocase; ) # s062w31tcoztsowar5q19j7p1j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s062w31tcoztsowar5q19j7p1j|03|com"; nocase; ) # 1h5d3cpjfmtqx1mutphqlg3vei.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h5d3cpjfmtqx1mutphqlg3vei|03|net"; nocase; ) # 1w08izbx7is5c1k3yrn21awkepi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w08izbx7is5c1k3yrn21awkepi|03|org"; nocase; ) # 1jngikn6hjk2ebasajl1rcy8gr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jngikn6hjk2ebasajl1rcy8gr|03|net"; nocase; ) # 1y07r0lusypqx2piocrsptvwg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y07r0lusypqx2piocrsptvwg|03|biz"; nocase; ) # h5t2ap1qk89hx1dqx8fh1nacamz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h5t2ap1qk89hx1dqx8fh1nacamz|03|net"; nocase; ) # 1fhyze81fsyo81xzgnq4w2v2h8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fhyze81fsyo81xzgnq4w2v2h8|03|org"; nocase; ) # 1ofhit01qql8pu1eyrnq8f2ju2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ofhit01qql8pu1eyrnq8f2ju2i|03|net"; nocase; ) # 1yu1wwdg6tj2zzo99nm1sbs3lc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yu1wwdg6tj2zzo99nm1sbs3lc|03|net"; nocase; ) # cz79hm3xu7h4rdrfc1bwzuud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cz79hm3xu7h4rdrfc1bwzuud|03|com"; nocase; ) # 3vpqv312frxaeyc41kv8a7u0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3vpqv312frxaeyc41kv8a7u0e|03|org"; nocase; ) # ozhl2t18030cwscqlz3db2bv1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ozhl2t18030cwscqlz3db2bv1|03|net"; nocase; ) # 14jwwzi1pj0udayj9ujaxu2c7z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14jwwzi1pj0udayj9ujaxu2c7z|03|com"; nocase; ) # 10813z41iydl9r1hr998o1p44fml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10813z41iydl9r1hr998o1p44fml|03|net"; nocase; ) # 1pwyr0gxd5mbu19yprasbgsnmt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pwyr0gxd5mbu19yprasbgsnmt|03|biz"; nocase; ) # qgu9rdjqooq1d82mgs1hq28sn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qgu9rdjqooq1d82mgs1hq28sn|03|org"; nocase; ) # 14rbh581s8lycc1mfjjb6h47u42.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14rbh581s8lycc1mfjjb6h47u42|03|org"; nocase; ) # 15sqleh1q9f5l27x4stf174ltpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15sqleh1q9f5l27x4stf174ltpn|03|biz"; nocase; ) # 84jkj01ei8crw1kw67gc1ar5uxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|84jkj01ei8crw1kw67gc1ar5uxo|03|net"; nocase; ) # 173s5qb1or6m9ev4ccm91pq1okg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173s5qb1or6m9ev4ccm91pq1okg|03|com"; nocase; ) # 1i6bvf71dqjgjki656u1t26i78.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i6bvf71dqjgjki656u1t26i78|03|org"; nocase; ) # 1bd3f161nn4zel1ofoo2zsdh44y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bd3f161nn4zel1ofoo2zsdh44y|03|biz"; nocase; ) # jcf8tzqrqd9n15vfti11lbvu0m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jcf8tzqrqd9n15vfti11lbvu0m|03|net"; nocase; ) # 1n79ab6l6ef71t1hswt136wfz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n79ab6l6ef71t1hswt136wfz7|03|com"; nocase; ) # 2j52qs1dyhvqe1kfgjp6pb9piz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2j52qs1dyhvqe1kfgjp6pb9piz|03|net"; nocase; ) # 13zericdzcjb61h61qjx10f4iid.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13zericdzcjb61h61qjx10f4iid|03|org"; nocase; ) # 1cca4rp1hvq33knbpz8t1s0qfd2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cca4rp1hvq33knbpz8t1s0qfd2|03|biz"; nocase; ) # 1wfb2iuy9hdsg1qxja5f1hy61bc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wfb2iuy9hdsg1qxja5f1hy61bc|03|org"; nocase; ) # 1dps6w51lefcp11by8uks17t57gq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dps6w51lefcp11by8uks17t57gq|03|org"; nocase; ) # uxnv6d1iqqoik115kukxlodxpf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uxnv6d1iqqoik115kukxlodxpf|03|net"; nocase; ) # 1fuxktd1o56atv1uix4jczj5jxg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fuxktd1o56atv1uix4jczj5jxg|03|biz"; nocase; ) # 102w9ghtuf6vy1xzfn5z114aqqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|102w9ghtuf6vy1xzfn5z114aqqc|03|net"; nocase; ) # mawukoyy622s1dxcgpw1wtdzi1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mawukoyy622s1dxcgpw1wtdzi1|03|com"; nocase; ) # vbaow91vbq5xm1eh66remgjnm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vbaow91vbq5xm1eh66remgjnm4|03|org"; nocase; ) # tdrbowfyceq319rq3d8vdbqo8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tdrbowfyceq319rq3d8vdbqo8|03|net"; nocase; ) # wvz0kz9o0vgz1ms90pv1n3bq7g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wvz0kz9o0vgz1ms90pv1n3bq7g|03|org"; nocase; ) # g6s3xz1m3lif11x8glxz7vlxbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g6s3xz1m3lif11x8glxz7vlxbp|03|com"; nocase; ) # 19ln2am10cqm846qziawo7abx6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ln2am10cqm846qziawo7abx6|03|net"; nocase; ) # 1k9wlvv15hfo46sevdx90qjo5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k9wlvv15hfo46sevdx90qjo5|03|biz"; nocase; ) # 1rytxz8r8hh58413w7z1dg97u5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rytxz8r8hh58413w7z1dg97u5|03|com"; nocase; ) # t5chvpix1p1o9ukpuahxkqp4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t5chvpix1p1o9ukpuahxkqp4|03|biz"; nocase; ) # 1joago81qs0ti01845z1pt70lhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1joago81qs0ti01845z1pt70lhe|03|com"; nocase; ) # 120rmh810epc95gbl4oofir295.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|120rmh810epc95gbl4oofir295|03|org"; nocase; ) # 1449vw91v06p24my6tyttaulhb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1449vw91v06p24my6tyttaulhb|03|net"; nocase; ) # g4r7j969cgh2br5qg61vraxms.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g4r7j969cgh2br5qg61vraxms|03|org"; nocase; ) # xdftjru3090r1xmx5l1erm48l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xdftjru3090r1xmx5l1erm48l|03|net"; nocase; ) # 4rcvawr7wgaj1i139p41wee81f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4rcvawr7wgaj1i139p41wee81f|03|com"; nocase; ) # 13zf0is1da1jih10feyw7ijf0fc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13zf0is1da1jih10feyw7ijf0fc|03|net"; nocase; ) # 15f602iny3zhjo88n75plpmt3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15f602iny3zhjo88n75plpmt3|03|com"; nocase; ) # 8byvbw114yigkotxsbe1j4t2j2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8byvbw114yigkotxsbe1j4t2j2|03|biz"; nocase; ) # qj6vzs1awy7zklx0cf217rpxan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qj6vzs1awy7zklx0cf217rpxan|03|org"; nocase; ) # 1r2ct4z1yrb25c1uu3r7rdmk0n0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r2ct4z1yrb25c1uu3r7rdmk0n0|03|org"; nocase; ) # 9rakn91ebrl0noucg2x1co1u9c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9rakn91ebrl0noucg2x1co1u9c|03|biz"; nocase; ) # 1ubqiihjzk0a21cjvuai1fm7yck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ubqiihjzk0a21cjvuai1fm7yck|03|com"; nocase; ) # 1v22v841w0likt1kljddb16gt4tv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v22v841w0likt1kljddb16gt4tv|03|biz"; nocase; ) # 1l7jocg1f3h27y1niw5ey16rc8sp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1l7jocg1f3h27y1niw5ey16rc8sp|03|com"; nocase; ) # 7qe5ei1tinjet13l4fge1b95u90.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7qe5ei1tinjet13l4fge1b95u90|03|net"; nocase; ) # 1log4n014hrhau1i7qp2emz82eg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1log4n014hrhau1i7qp2emz82eg|03|com"; nocase; ) # l5okdg1j55dwe1q52y3x1lsljgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l5okdg1j55dwe1q52y3x1lsljgu|03|org"; nocase; ) # 103yoxg1q4h2jfjbtt6p1dfaa8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|103yoxg1q4h2jfjbtt6p1dfaa8p|03|net"; nocase; ) # sixzor9pb3rx4raf5d4qfxgx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sixzor9pb3rx4raf5d4qfxgx|03|org"; nocase; ) # 16ee9k0atd028zh82f1mnzb6b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16ee9k0atd028zh82f1mnzb6b|03|com"; nocase; ) # 3xa3521nrtoee17nl9zl1an8xep.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3xa3521nrtoee17nl9zl1an8xep|03|net"; nocase; ) # 1n5yeei1m27z4dsvoo8nyq2hqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n5yeei1m27z4dsvoo8nyq2hqz|03|net"; nocase; ) # 1o7tv8e1krzvq51h9m18i1aqkwl4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1o7tv8e1krzvq51h9m18i1aqkwl4|03|net"; nocase; ) # 1idhz0vttyh9s1etxaie1aj9gaa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1idhz0vttyh9s1etxaie1aj9gaa|03|net"; nocase; ) # wcfilw7h1qt911h9ui436woxe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wcfilw7h1qt911h9ui436woxe|03|org"; nocase; ) # 1mdi3sr1t8toex1x4xr1a6iceok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mdi3sr1t8toex1x4xr1a6iceok|03|net"; nocase; ) # v6il4t1muov4wgouccq45l6gs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v6il4t1muov4wgouccq45l6gs|03|biz"; nocase; ) # 1twmizh1w01hy0vssmok1rdlcrd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twmizh1w01hy0vssmok1rdlcrd|03|com"; nocase; ) # 1vfuti5xd7g9qkbs5l07cg2i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1vfuti5xd7g9qkbs5l07cg2i|03|com"; nocase; ) # 3bclpm1xrnoq81c7jwnr1mmcuqo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3bclpm1xrnoq81c7jwnr1mmcuqo|03|net"; nocase; ) # y8vq3b5mwhz380wz0ba17wl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|y8vq3b5mwhz380wz0ba17wl|03|org"; nocase; ) # 126cfuw3in37d1nyioqz16bnjrc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|126cfuw3in37d1nyioqz16bnjrc|03|net"; nocase; ) # x5w0k915e3mjl1887eyj188t2ec.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x5w0k915e3mjl1887eyj188t2ec|03|biz"; nocase; ) # 1gxu8jk152j6ib1smjsnk19ammz7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gxu8jk152j6ib1smjsnk19ammz7|03|org"; nocase; ) # fcto091yadifngg2po21nulqo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fcto091yadifngg2po21nulqo1|03|net"; nocase; ) # 700w9xsghiymp3folzsdclt7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|700w9xsghiymp3folzsdclt7|03|biz"; nocase; ) # 1ctv4ut1xxkvgt1wqchih1jllf1q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ctv4ut1xxkvgt1wqchih1jllf1q|03|net"; nocase; ) # 1acrdn4fwkn7m1ox9vbz9lxgk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1acrdn4fwkn7m1ox9vbz9lxgk6|03|com"; nocase; ) # 4uz7hc1tx2qgy1daibhzpuacrf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4uz7hc1tx2qgy1daibhzpuacrf|03|org"; nocase; ) # o329bp1r8vbuqtsmturxenntg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o329bp1r8vbuqtsmturxenntg|03|biz"; nocase; ) # vdi1hf13yhmy0jiya9lncul9f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000042999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vdi1hf13yhmy0jiya9lncul9f|03|net"; nocase; ) # 1ab9m2n3hl65s13933fs1k8lysc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ab9m2n3hl65s13933fs1k8lysc|03|org"; nocase; ) # qsh3tn1eziql3gkv7nq1tqhdnz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qsh3tn1eziql3gkv7nq1tqhdnz|03|com"; nocase; ) # 1hoj2q0wbu5bu1yj88ulq6o0om.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hoj2q0wbu5bu1yj88ulq6o0om|03|biz"; nocase; ) # 1iuqumzzgr0u51thqkjhaa1dz6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iuqumzzgr0u51thqkjhaa1dz6|03|org"; nocase; ) # 1fkfajq1r3y8mx1372d4icc1rw9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fkfajq1r3y8mx1372d4icc1rw9|03|biz"; nocase; ) # 1usf18l1bkvv7g3ldrh61c3eggg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1usf18l1bkvv7g3ldrh61c3eggg|03|biz"; nocase; ) # 29xoalrycw6813kit311oe1cgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|29xoalrycw6813kit311oe1cgb|03|com"; nocase; ) # ir7oyt16wh4na1q3r8z41fd1z90.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ir7oyt16wh4na1q3r8z41fd1z90|03|org"; nocase; ) # lz03x91yxyf51aa0gh91dka2kv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lz03x91yxyf51aa0gh91dka2kv|03|com"; nocase; ) # r4b5ne1fg9dlofvhqac1i22q98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4b5ne1fg9dlofvhqac1i22q98|03|net"; nocase; ) # 1xyfvb31g0t3k4wl3bt85xg47v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xyfvb31g0t3k4wl3bt85xg47v|03|com"; nocase; ) # jqayzs13b2ywt1g9539ajklro0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqayzs13b2ywt1g9539ajklro0|03|net"; nocase; ) # 1f6f7bz12vaygtllz2qa1orc65l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6f7bz12vaygtllz2qa1orc65l|03|com"; nocase; ) # bast1512odk4cbvak6s65bpq3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bast1512odk4cbvak6s65bpq3|03|biz"; nocase; ) # cj1tjb1ilgglutqsagr14qr2g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cj1tjb1ilgglutqsagr14qr2g|03|biz"; nocase; ) # 1e25gmstnwjbgshcpih1thcame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e25gmstnwjbgshcpih1thcame|03|com"; nocase; ) # 1o2wmebukgcj9v3wfol30f7xm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1o2wmebukgcj9v3wfol30f7xm|03|biz"; nocase; ) # jyscp3hjbq6l1ymp7fe1ucwufe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jyscp3hjbq6l1ymp7fe1ucwufe|03|com"; nocase; ) # 1x8bw55xvhzub15pk8s7j7h12x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8bw55xvhzub15pk8s7j7h12x|03|org"; nocase; ) # 1xeaq581flpoqqifzzivtktvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xeaq581flpoqqifzzivtktvd|03|com"; nocase; ) # 1txzcjq1ydna8z27l82k1kwgngy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1txzcjq1ydna8z27l82k1kwgngy|03|com"; nocase; ) # 1tubuoe1wk63hplyv1lboaxs98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tubuoe1wk63hplyv1lboaxs98|03|net"; nocase; ) # 1nq8jqq19ws6ke1uubtg14rfoft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nq8jqq19ws6ke1uubtg14rfoft|03|org"; nocase; ) # hqjws2g14jhjae24ncdaudwd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hqjws2g14jhjae24ncdaudwd|03|org"; nocase; ) # 4w0utc1cli16uz6kj8h1fhp2fg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4w0utc1cli16uz6kj8h1fhp2fg|03|com"; nocase; ) # m5v90j15mkofniif6suvxdxvm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m5v90j15mkofniif6suvxdxvm|03|biz"; nocase; ) # affoc4xr2xkr103wr6xvj1n3z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|affoc4xr2xkr103wr6xvj1n3z|03|biz"; nocase; ) # 1jn7zxhxnlosq1apdrevlzyn0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jn7zxhxnlosq1apdrevlzyn0h|03|net"; nocase; ) # 2k9qmimj9gfr1osdpzr1cqwbbn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2k9qmimj9gfr1osdpzr1cqwbbn|03|biz"; nocase; ) # 1wbc7tz5t0owglwx4ex1t8r4ot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbc7tz5t0owglwx4ex1t8r4ot|03|com"; nocase; ) # o1cfo0awgltp9jre2mgyn2vr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o1cfo0awgltp9jre2mgyn2vr|03|net"; nocase; ) # 2e15kq1y9fcby1g6thfg1bnwfsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2e15kq1y9fcby1g6thfg1bnwfsj|03|net"; nocase; ) # 1aq8wu9ww6eiu18fvf6if941xd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aq8wu9ww6eiu18fvf6if941xd|03|org"; nocase; ) # 47i33alapjvv1q123qj1m0qi9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|47i33alapjvv1q123qj1m0qi9z|03|net"; nocase; ) # ybyn1kz1gozpg18avg1f85mkn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ybyn1kz1gozpg18avg1f85mkn|03|biz"; nocase; ) # 1pxtbx6pldyll1648jjkwy157.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pxtbx6pldyll1648jjkwy157|03|com"; nocase; ) # 1p3y4jh1ysrcllsyde1h1t4xvf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p3y4jh1ysrcllsyde1h1t4xvf|03|biz"; nocase; ) # 1vyco2i1haqmvq141dwrjjbqpc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vyco2i1haqmvq141dwrjjbqpc|03|com"; nocase; ) # slycuekwfx8v177dxy71i6ap43.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|slycuekwfx8v177dxy71i6ap43|03|net"; nocase; ) # 1f72ucfihuyt2t154ck1nptin.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f72ucfihuyt2t154ck1nptin|03|org"; nocase; ) # 106e82utfkyf1fy82us19e9gc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|106e82utfkyf1fy82us19e9gc7|03|net"; nocase; ) # 59idh718pezqrmgq69tu176ju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|59idh718pezqrmgq69tu176ju|03|net"; nocase; ) # 571ypmy7brll1lzvye81h6hzr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|571ypmy7brll1lzvye81h6hzr|03|com"; nocase; ) # w5pq3g1qhdqofg95f983lkkt0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5pq3g1qhdqofg95f983lkkt0|03|biz"; nocase; ) # mstgg2i46hknaj997ad1hfl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mstgg2i46hknaj997ad1hfl|03|org"; nocase; ) # uldmk2m9xmb1jkh2etrtf06l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|uldmk2m9xmb1jkh2etrtf06l|03|net"; nocase; ) # 13ua8k5rbqxlg3tv8jeqeh8eo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13ua8k5rbqxlg3tv8jeqeh8eo|03|org"; nocase; ) # 57h9tc128rafs1hfwpyb12n8vzc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|57h9tc128rafs1hfwpyb12n8vzc|03|net"; nocase; ) # fiqr4i1gvxn8h1nlwayrfli9md.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fiqr4i1gvxn8h1nlwayrfli9md|03|com"; nocase; ) # 19f6d9segbihguho9mam4eray.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19f6d9segbihguho9mam4eray|03|net"; nocase; ) # 1maorkvmd96cy1amkdzidsxgbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1maorkvmd96cy1amkdzidsxgbw|03|biz"; nocase; ) # 13sj39d1rk57eh1bxzwdq1lpc2en.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13sj39d1rk57eh1bxzwdq1lpc2en|03|net"; nocase; ) # x3eh0q1wv99904gsxyp1fnqa2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x3eh0q1wv99904gsxyp1fnqa2b|03|net"; nocase; ) # 1aqgvzf71a3vczpwwxa109p1gf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqgvzf71a3vczpwwxa109p1gf|03|org"; nocase; ) # 1ux4l42bnhrwt72jtps1u06mlo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ux4l42bnhrwt72jtps1u06mlo|03|biz"; nocase; ) # 1xbpywno7uwq0117h15dagd6sx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xbpywno7uwq0117h15dagd6sx|03|net"; nocase; ) # jcuxxy9yt6oq1ntbhcmevj4o9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jcuxxy9yt6oq1ntbhcmevj4o9|03|org"; nocase; ) # 1b4sttenejvi3uin61a1lxg0ln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4sttenejvi3uin61a1lxg0ln|03|org"; nocase; ) # l0os4mq8h5hz1vve7131kqtzk3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0os4mq8h5hz1vve7131kqtzk3|03|biz"; nocase; ) # 1rjijfv59b4nw16fi6nxt6ymdv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rjijfv59b4nw16fi6nxt6ymdv|03|com"; nocase; ) # ebegq1l246871ylede6zxxdu1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ebegq1l246871ylede6zxxdu1|03|net"; nocase; ) # v20lopgr509f1e5b495afgqeb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v20lopgr509f1e5b495afgqeb|03|org"; nocase; ) # 1bruf4ecw07on1x0hoj01ipayz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bruf4ecw07on1x0hoj01ipayz|03|org"; nocase; ) # 9qucm3c17a6h1n78h991w277dz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9qucm3c17a6h1n78h991w277dz|03|com"; nocase; ) # 1j3mtia1lxifi1nk2vjv3k7url.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j3mtia1lxifi1nk2vjv3k7url|03|com"; nocase; ) # 1dj2ooi16ef17gj8jkvhmybpfo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dj2ooi16ef17gj8jkvhmybpfo|03|biz"; nocase; ) # iklpe4e3v6bt1c90jf41t2e83d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iklpe4e3v6bt1c90jf41t2e83d|03|net"; nocase; ) # 1vkde4y1p7to8etvqgiaq77u4t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vkde4y1p7to8etvqgiaq77u4t|03|org"; nocase; ) # jmd8c71gd0tamg0j2x51nvou1l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jmd8c71gd0tamg0j2x51nvou1l|03|biz"; nocase; ) # bibrust2z8j5ve8buu10hznlm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bibrust2z8j5ve8buu10hznlm|03|org"; nocase; ) # som4c3frjwtm13j9ls58kpqxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|som4c3frjwtm13j9ls58kpqxo|03|org"; nocase; ) # 1oyjv9rmbcsy81bwaptb1mjvfnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oyjv9rmbcsy81bwaptb1mjvfnt|03|net"; nocase; ) # 1hr1rhi1te1sep45zge4hrl1k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hr1rhi1te1sep45zge4hrl1k|03|net"; nocase; ) # 21i6ny1s0n72wc2x4fsjor9qn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21i6ny1s0n72wc2x4fsjor9qn|03|com"; nocase; ) # 1x1s2tnyxc46t1q8jrv01esufdn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1s2tnyxc46t1q8jrv01esufdn|03|org"; nocase; ) # 1oz763o1yr4gq81efsncj1hmvcga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oz763o1yr4gq81efsncj1hmvcga|03|com"; nocase; ) # 1jdduavwshp0g1lsnj3g114bx05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jdduavwshp0g1lsnj3g114bx05|03|net"; nocase; ) # 1y2jz5fo18c371fp0cx8sa224x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2jz5fo18c371fp0cx8sa224x|03|com"; nocase; ) # 2hjm3z2thu1e16zjb3h1hcwf8k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2hjm3z2thu1e16zjb3h1hcwf8k|03|net"; nocase; ) # 40msn41suojmt1q8ruju1xf9zm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|40msn41suojmt1q8ruju1xf9zm3|03|org"; nocase; ) # m0jvyysoi6zk1ahnvem1sx77mc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0jvyysoi6zk1ahnvem1sx77mc|03|net"; nocase; ) # 20a63s1hc8oh81gv6i64kq2qqz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|20a63s1hc8oh81gv6i64kq2qqz|03|net"; nocase; ) # 1yxxreb813lligbpofbkquy3t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yxxreb813lligbpofbkquy3t|03|org"; nocase; ) # z65h5m13n203q5pbh2z16o15ss.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z65h5m13n203q5pbh2z16o15ss|03|biz"; nocase; ) # 4jf7h51172mbb15muyzg1653cuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4jf7h51172mbb15muyzg1653cuj|03|net"; nocase; ) # 1p9v9sovjv4e8dw5e7mj7119r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p9v9sovjv4e8dw5e7mj7119r|03|org"; nocase; ) # wa1aqq1la069ilf2r281c1xc71.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wa1aqq1la069ilf2r281c1xc71|03|net"; nocase; ) # 4xc3wh1hz4sjbncgmgg1nztqqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4xc3wh1hz4sjbncgmgg1nztqqa|03|biz"; nocase; ) # 17oj5oq5bcqjk1eg0h5q7fspso.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17oj5oq5bcqjk1eg0h5q7fspso|03|org"; nocase; ) # 18h7ptdwi1vk1lf7o171q5nv2s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18h7ptdwi1vk1lf7o171q5nv2s|03|net"; nocase; ) # 12ui0z81z0jtlz1rs7l4jkzz8q6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12ui0z81z0jtlz1rs7l4jkzz8q6|03|org"; nocase; ) # 1twz4vc1izd2y61kllw9y1ywaq2h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1twz4vc1izd2y61kllw9y1ywaq2h|03|com"; nocase; ) # 1conarj18wc8p41m426pm12lav5c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1conarj18wc8p41m426pm12lav5c|03|com"; nocase; ) # 1323bfp1qgrdpdtts1pw1r4xlzw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1323bfp1qgrdpdtts1pw1r4xlzw|03|biz"; nocase; ) # hytjr3taxggdz9t0npqdj1yw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hytjr3taxggdz9t0npqdj1yw|03|org"; nocase; ) # r6d8z61qpp7qd16nj7iegv3cqt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r6d8z61qpp7qd16nj7iegv3cqt|03|com"; nocase; ) # 8zb67zh73j3g1iowj1fqwh8ku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8zb67zh73j3g1iowj1fqwh8ku|03|org"; nocase; ) # 1tlw5gy1jv10vj1hx2nk41o1g6j5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tlw5gy1jv10vj1hx2nk41o1g6j5|03|org"; nocase; ) # 1m9yhwu1dkppem2bqd1pec8k9s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m9yhwu1dkppem2bqd1pec8k9s|03|biz"; nocase; ) # 1e612mcpartww1asbzu21kau6ln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e612mcpartww1asbzu21kau6ln|03|org"; nocase; ) # 1h4do3s16b82fq1ihkw0a1ucw09t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h4do3s16b82fq1ihkw0a1ucw09t|03|org"; nocase; ) # 14wu7aopneyu61y9gmnlvj9pff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14wu7aopneyu61y9gmnlvj9pff|03|net"; nocase; ) # jwzr5vmh0ukcvjvgbfblk3i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|jwzr5vmh0ukcvjvgbfblk3i|03|biz"; nocase; ) # 1f1p6r19bo8i915fu0o1tjr6v4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f1p6r19bo8i915fu0o1tjr6v4|03|net"; nocase; ) # zmk07a15yo4fmf8hjfa783aqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zmk07a15yo4fmf8hjfa783aqu|03|com"; nocase; ) # 1obitkr1hijn546nbkw71fxn726.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obitkr1hijn546nbkw71fxn726|03|com"; nocase; ) # 1rcfmxt4mdupg1b9vwr14h3qsb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rcfmxt4mdupg1b9vwr14h3qsb|03|biz"; nocase; ) # pweu7benf2g79yl5ot1i2hm64.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pweu7benf2g79yl5ot1i2hm64|03|net"; nocase; ) # 9kro8kl2ufn8mrue0v1v9xpcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9kro8kl2ufn8mrue0v1v9xpcq|03|net"; nocase; ) # ple9rce18p92unggxzkvsz03.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ple9rce18p92unggxzkvsz03|03|org"; nocase; ) # 1uduuzy1ioonytaj7scul6osmo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uduuzy1ioonytaj7scul6osmo|03|net"; nocase; ) # q6zo441l7n3kre1eyh45x9cgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6zo441l7n3kre1eyh45x9cgt|03|com"; nocase; ) # ocfck31y90d70vs4x8o1n36vp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ocfck31y90d70vs4x8o1n36vp2|03|org"; nocase; ) # 1452x2sxii33v1qgtn8b1fr4fya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1452x2sxii33v1qgtn8b1fr4fya|03|biz"; nocase; ) # 1attf60qjxghnh2204u1lyrasn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1attf60qjxghnh2204u1lyrasn|03|net"; nocase; ) # 1udb9nqgzjrpvwtw4lo1rxjn05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1udb9nqgzjrpvwtw4lo1rxjn05|03|org"; nocase; ) # hp7pqdwxthae1xsgd8a1c6cl8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp7pqdwxthae1xsgd8a1c6cl8x|03|net"; nocase; ) # 11wk86j1a1bzey3jj6jb6vpqt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11wk86j1a1bzey3jj6jb6vpqt|03|org"; nocase; ) # 1xy1w9hetg1n1c1crd5i00u74.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xy1w9hetg1n1c1crd5i00u74|03|net"; nocase; ) # 1j1622v1xccdx3136aihu1hdrmtv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j1622v1xccdx3136aihu1hdrmtv|03|biz"; nocase; ) # 1dekiid1gsi4241mcos0ais2m0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dekiid1gsi4241mcos0ais2m0h|03|net"; nocase; ) # 14o9aomc4198q1io7shccmzber.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14o9aomc4198q1io7shccmzber|03|biz"; nocase; ) # 5rb89ngxaxd8c54um62iav6a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5rb89ngxaxd8c54um62iav6a|03|com"; nocase; ) # 16t41ao1twgnizi0nhed1pcpp74.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16t41ao1twgnizi0nhed1pcpp74|03|org"; nocase; ) # 1goqn6o16tzxvt32sfxl1ocnrl1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1goqn6o16tzxvt32sfxl1ocnrl1|03|org"; nocase; ) # 1bn7aee1c93q971sk9txwb1o36i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bn7aee1c93q971sk9txwb1o36i|03|net"; nocase; ) # 1ln5mp59vrivk1jwvbsi32himw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ln5mp59vrivk1jwvbsi32himw|03|org"; nocase; ) # mgubwqmi7ztl1bfq0l01x6l5sh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mgubwqmi7ztl1bfq0l01x6l5sh|03|com"; nocase; ) # eoasg71gq22fj1fn0kfe1sjwx75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|eoasg71gq22fj1fn0kfe1sjwx75|03|net"; nocase; ) # 27ddzm1lvalhnhw0lph2r09l4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|27ddzm1lvalhnhw0lph2r09l4|03|org"; nocase; ) # fabm8g1sxjwnkpscxg51vtdpbs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fabm8g1sxjwnkpscxg51vtdpbs|03|biz"; nocase; ) # 1t805dzkr4gg1vyep5v1o18p3m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t805dzkr4gg1vyep5v1o18p3m|03|com"; nocase; ) # cb4dcrb92xdd2vdefntbt4fz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cb4dcrb92xdd2vdefntbt4fz|03|net"; nocase; ) # x9noysc4ikmxdpujgs5m6dbo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x9noysc4ikmxdpujgs5m6dbo|03|net"; nocase; ) # 1gln49x1bpu9w0rzavr4e60eg6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gln49x1bpu9w0rzavr4e60eg6|03|net"; nocase; ) # 1nghf1rkyb3sep0zho5169y8r0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nghf1rkyb3sep0zho5169y8r0|03|net"; nocase; ) # zkig2zpktplki8zshr14ss6sy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zkig2zpktplki8zshr14ss6sy|03|net"; nocase; ) # 1vtwcht128al5zaigh9jpjmk9t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vtwcht128al5zaigh9jpjmk9t|03|biz"; nocase; ) # 1p336rz1v6fvzkmfj83y1dbf4ph.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p336rz1v6fvzkmfj83y1dbf4ph|03|com"; nocase; ) # id35le11so03adfchzj1dbrl85.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|id35le11so03adfchzj1dbrl85|03|biz"; nocase; ) # 1cs9zh1p60maf6wm9n86d3bjn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cs9zh1p60maf6wm9n86d3bjn|03|net"; nocase; ) # 1qfjfa5tos9l81j0mngu10h6t0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qfjfa5tos9l81j0mngu10h6t0m|03|com"; nocase; ) # 1fm7o49mwxgyt8i2uc8qoptph.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fm7o49mwxgyt8i2uc8qoptph|03|net"; nocase; ) # 13sbrwen8mcjdred38b1dlu3m8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13sbrwen8mcjdred38b1dlu3m8|03|com"; nocase; ) # mnejok1uj7y801orvlc0ts66gh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mnejok1uj7y801orvlc0ts66gh|03|biz"; nocase; ) # hl8id31tkbrst1yy3ump1g727f9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hl8id31tkbrst1yy3ump1g727f9|03|net"; nocase; ) # 1f6f6je1gkeeqpvh87hj1ficdj8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f6f6je1gkeeqpvh87hj1ficdj8|03|biz"; nocase; ) # rlfwvvuq0tvi1dlplut12njbx9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rlfwvvuq0tvi1dlplut12njbx9|03|com"; nocase; ) # 408c6a1hy2qyhi5m167n974gz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|408c6a1hy2qyhi5m167n974gz|03|com"; nocase; ) # d4e0ivgm7rf7l955wl10p1jxs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d4e0ivgm7rf7l955wl10p1jxs|03|com"; nocase; ) # 1lo8thx1a45dcm1xpwdk64o69uv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lo8thx1a45dcm1xpwdk64o69uv|03|com"; nocase; ) # 14z41ow1d9dnl2gu5kgc1w6l0gv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14z41ow1d9dnl2gu5kgc1w6l0gv|03|net"; nocase; ) # 1xc9hvi1eb070h1gfp5dhzoq304.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xc9hvi1eb070h1gfp5dhzoq304|03|biz"; nocase; ) # 17hni791ysbdtn18ibdhgojhk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17hni791ysbdtn18ibdhgojhk9|03|org"; nocase; ) # qkz3qtw3vrgnwpejub1vxlpil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qkz3qtw3vrgnwpejub1vxlpil|03|net"; nocase; ) # 1gzuo7i1j0r2cprzfke1kmwyav.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gzuo7i1j0r2cprzfke1kmwyav|03|biz"; nocase; ) # 1lv682k1sp56ay13utep7qmmr9o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv682k1sp56ay13utep7qmmr9o|03|net"; nocase; ) # d1e18svvl677nszhar1hp1odz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d1e18svvl677nszhar1hp1odz|03|com"; nocase; ) # k4hgn71uxiujfwak42p86356w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k4hgn71uxiujfwak42p86356w|03|net"; nocase; ) # a14szg6zk259cciadp1618h1k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a14szg6zk259cciadp1618h1k|03|org"; nocase; ) # 5ok9n4t0mziti6a4x87cbcer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5ok9n4t0mziti6a4x87cbcer|03|com"; nocase; ) # 1gumsuu18euvx6iy9r54p63w4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gumsuu18euvx6iy9r54p63w4p|03|org"; nocase; ) # 1tiot4k1uqd5k66a34e5zth0cs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tiot4k1uqd5k66a34e5zth0cs|03|com"; nocase; ) # jcd0bsrgykp81xmdn0c1q8r56o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jcd0bsrgykp81xmdn0c1q8r56o|03|org"; nocase; ) # 1ahssry1iiasli8x7wfb9fd2j0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahssry1iiasli8x7wfb9fd2j0|03|net"; nocase; ) # 12y7ntd1ruz1z9w0pzicxqk5bq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12y7ntd1ruz1z9w0pzicxqk5bq|03|com"; nocase; ) # 18gfk0kziqrbs16t01qb1t4nby0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18gfk0kziqrbs16t01qb1t4nby0|03|org"; nocase; ) # 1rc20wbziokayk7n0sb1c3t62m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rc20wbziokayk7n0sb1c3t62m|03|net"; nocase; ) # 8gybjvy6khd4ycirro717fwb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8gybjvy6khd4ycirro717fwb|03|org"; nocase; ) # y85l58tzib3rs6zd0ns2uvjj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y85l58tzib3rs6zd0ns2uvjj|03|biz"; nocase; ) # 1fhqo9kguei3w1lb5ciosi6ppf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fhqo9kguei3w1lb5ciosi6ppf|03|net"; nocase; ) # 1dklgvu1qpnu97knij211e4xi5q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dklgvu1qpnu97knij211e4xi5q|03|net"; nocase; ) # wmlcnc1u56bgt1fsfyinjp4tkd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wmlcnc1u56bgt1fsfyinjp4tkd|03|net"; nocase; ) # 1jel8la1343sy51t4rtqi156y0zv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jel8la1343sy51t4rtqi156y0zv|03|biz"; nocase; ) # t4692m1hsgg6517qsvpxdos5pw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t4692m1hsgg6517qsvpxdos5pw|03|com"; nocase; ) # 1sfpvxxojj5cv163smg2ul5a2i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sfpvxxojj5cv163smg2ul5a2i|03|net"; nocase; ) # myz54nvntkaie65tcfrbv0db.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|myz54nvntkaie65tcfrbv0db|03|org"; nocase; ) # q96e1f1c3wtzy1qn7jg61uty7vq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|q96e1f1c3wtzy1qn7jg61uty7vq|03|net"; nocase; ) # 1rxll3b6z762l1pv0tvt1r6eipr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rxll3b6z762l1pv0tvt1r6eipr|03|com"; nocase; ) # 1622m4l5jj7bledr2f5oglb7a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1622m4l5jj7bledr2f5oglb7a|03|net"; nocase; ) # o6uf8u1epvw7y19yxd2313spb56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o6uf8u1epvw7y19yxd2313spb56|03|net"; nocase; ) # 1a51xwt1ziyonloruemnztko2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a51xwt1ziyonloruemnztko2|03|com"; nocase; ) # eb32dr9a2hii1w730ub1nx1mz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eb32dr9a2hii1w730ub1nx1mz|03|net"; nocase; ) # kvn6py7umb2v1ybrrvr1h9ordy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kvn6py7umb2v1ybrrvr1h9ordy|03|com"; nocase; ) # 1kmg8xc1gkt17q1hpr8c71qfdxh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kmg8xc1gkt17q1hpr8c71qfdxh9|03|com"; nocase; ) # 1u0i8x61qf09zq1shw9qy1pdfqua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u0i8x61qf09zq1shw9qy1pdfqua|03|net"; nocase; ) # 13fg88u1t1k85p1w13ph81nrs6h6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13fg88u1t1k85p1w13ph81nrs6h6|03|net"; nocase; ) # uixi5gbqwagc12o0iy61lnkaqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uixi5gbqwagc12o0iy61lnkaqn|03|org"; nocase; ) # 1139sf24kznh3p3dqkt1eu3k6q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1139sf24kznh3p3dqkt1eu3k6q|03|com"; nocase; ) # h1u99i19atkz0f6wyetoo3gsh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1u99i19atkz0f6wyetoo3gsh|03|net"; nocase; ) # 1hm70hvlgcyqv8d20j514llxud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hm70hvlgcyqv8d20j514llxud|03|net"; nocase; ) # 1ifkig41yby8jusa0ee61am4kyo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ifkig41yby8jusa0ee61am4kyo|03|biz"; nocase; ) # 1mze5dl10vjy821d2uccx11vnofr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mze5dl10vjy821d2uccx11vnofr|03|net"; nocase; ) # xx5i211vbhios1idyq5bts0xbd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xx5i211vbhios1idyq5bts0xbd|03|net"; nocase; ) # 1t5jshz1fvj79yvm8ls1jfpk0e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t5jshz1fvj79yvm8ls1jfpk0e|03|biz"; nocase; ) # 1vnj9f11cs2aoi1om9g83ow06e8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vnj9f11cs2aoi1om9g83ow06e8|03|net"; nocase; ) # 1dh1x3981ve7t1yic3ex5fevi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dh1x3981ve7t1yic3ex5fevi|03|org"; nocase; ) # 1065pqaf76tl61qhjumi1agbfil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1065pqaf76tl61qhjumi1agbfil|03|net"; nocase; ) # 1lv4blrceat9q8rocqacbnuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lv4blrceat9q8rocqacbnuj|03|com"; nocase; ) # 1urfi2eqjskhf1rc9fsm12i64md.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1urfi2eqjskhf1rc9fsm12i64md|03|org"; nocase; ) # 1btfrg76rlti0pj49g91d1mqzq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btfrg76rlti0pj49g91d1mqzq|03|net"; nocase; ) # un8olb1jht6e2bch4gx1hk5udk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|un8olb1jht6e2bch4gx1hk5udk|03|com"; nocase; ) # 14ixlzy1bbtojapxa58v1j176j9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ixlzy1bbtojapxa58v1j176j9|03|biz"; nocase; ) # 1cgut801nsys09plaa706b8kjr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cgut801nsys09plaa706b8kjr|03|net"; nocase; ) # brf5fj1ix01ky17gsnlo1sx8brw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|brf5fj1ix01ky17gsnlo1sx8brw|03|com"; nocase; ) # ymv6cb19qiq321cffcolszrsl4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ymv6cb19qiq321cffcolszrsl4|03|com"; nocase; ) # v10nu316o5t171foxf2r1o2lm7r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v10nu316o5t171foxf2r1o2lm7r|03|org"; nocase; ) # 1oujfbf1v0mn5laydir6t7ahfz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oujfbf1v0mn5laydir6t7ahfz|03|biz"; nocase; ) # 161gv7oifissz1bnrnmxuorcus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|161gv7oifissz1bnrnmxuorcus|03|com"; nocase; ) # 1xh8xcw1bq9l1en8eks18axhe8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xh8xcw1bq9l1en8eks18axhe8|03|net"; nocase; ) # 1vdvpn210tu9a413pv5k11k3n70.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vdvpn210tu9a413pv5k11k3n70|03|com"; nocase; ) # hcob77xt4rjg1jvfpa1avfdo6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hcob77xt4rjg1jvfpa1avfdo6|03|biz"; nocase; ) # 1c86enm1ei3kzhl4w0tm1lo3yd3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c86enm1ei3kzhl4w0tm1lo3yd3|03|net"; nocase; ) # uzkjvh1q0eaey11ng4pkonsppj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uzkjvh1q0eaey11ng4pkonsppj|03|com"; nocase; ) # j766d713r1wu210mz8wuogutam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j766d713r1wu210mz8wuogutam|03|biz"; nocase; ) # 13cpi4zji9xj5k1v670imn9ya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13cpi4zji9xj5k1v670imn9ya|03|net"; nocase; ) # x698uu8ye5knqifhtf1s8um3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x698uu8ye5knqifhtf1s8um3a|03|net"; nocase; ) # 1i3d7h01pjj489h0k48v1grpb04.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i3d7h01pjj489h0k48v1grpb04|03|com"; nocase; ) # 1lc7g58wch95b1y612il1pel17s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lc7g58wch95b1y612il1pel17s|03|com"; nocase; ) # ufz5q11i40rpfz0z4rdrvza6p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ufz5q11i40rpfz0z4rdrvza6p|03|biz"; nocase; ) # 1w6dhse1erlnij1g2twtrbon2wt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6dhse1erlnij1g2twtrbon2wt|03|com"; nocase; ) # ipqli7j9rtoycb5y261iey9ks.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ipqli7j9rtoycb5y261iey9ks|03|net"; nocase; ) # nuhnri18dzga01hblrwa1l0uv9g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nuhnri18dzga01hblrwa1l0uv9g|03|org"; nocase; ) # di7274ts2fup14cfl6a1ildxwf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|di7274ts2fup14cfl6a1ildxwf|03|org"; nocase; ) # 1bfvtxp16eymkygz1ofo7k1c5j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfvtxp16eymkygz1ofo7k1c5j|03|net"; nocase; ) # jibq3r1emgc2z1e47yoj4rgh98.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jibq3r1emgc2z1e47yoj4rgh98|03|net"; nocase; ) # d25urn4xrd901sm8pt51fp61d7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d25urn4xrd901sm8pt51fp61d7|03|net"; nocase; ) # v9bqhx1vanioxwwttvx2hjizc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9bqhx1vanioxwwttvx2hjizc|03|org"; nocase; ) # 1icilxk7og22e10cgmw01tfl2iu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1icilxk7og22e10cgmw01tfl2iu|03|com"; nocase; ) # 1miq5as1y18it311opclnwa2ost.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1miq5as1y18it311opclnwa2ost|03|net"; nocase; ) # 1fqab4s1tbvvleso5ui9zkmc96.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fqab4s1tbvvleso5ui9zkmc96|03|biz"; nocase; ) # 15g7dydpyvpj8omp588f9alcw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15g7dydpyvpj8omp588f9alcw|03|org"; nocase; ) # zp32iw1ovfuie1bvc90f1o87ede.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zp32iw1ovfuie1bvc90f1o87ede|03|com"; nocase; ) # mnmvxqpbk92x5sz3c2ghoiu0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mnmvxqpbk92x5sz3c2ghoiu0|03|net"; nocase; ) # 20off31yo6liqfdjhz9h95tvk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|20off31yo6liqfdjhz9h95tvk|03|org"; nocase; ) # 13qm0e415dkjag10iiumds51m1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13qm0e415dkjag10iiumds51m1f|03|org"; nocase; ) # 8zbvfg74lni912p7riz1mgmad1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8zbvfg74lni912p7riz1mgmad1|03|net"; nocase; ) # 1w0mpttmsgsdy8qes2nsq0gry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w0mpttmsgsdy8qes2nsq0gry|03|net"; nocase; ) # 7dsjwuvsyy7h1aqjbblarj29c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7dsjwuvsyy7h1aqjbblarj29c|03|org"; nocase; ) # 1nd3ha0kwnlra1f1rpd21vmz9lx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nd3ha0kwnlra1f1rpd21vmz9lx|03|biz"; nocase; ) # 1efo5kjzt5dbp97ksg21b46f94.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1efo5kjzt5dbp97ksg21b46f94|03|net"; nocase; ) # 1dp7sfi177sjsl1hkpq14par6u5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dp7sfi177sjsl1hkpq14par6u5|03|com"; nocase; ) # u22zpwv1w3isntdy4yc0x9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|u22zpwv1w3isntdy4yc0x9v|03|org"; nocase; ) # 1qr38y0ii9beo1vxfjih1vrsj0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qr38y0ii9beo1vxfjih1vrsj0r|03|net"; nocase; ) # 18juqpc1vpphr96btx1a5h2pk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18juqpc1vpphr96btx1a5h2pk|03|com"; nocase; ) # tqlrpl3y57p6x5wjii1qoq08q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tqlrpl3y57p6x5wjii1qoq08q|03|biz"; nocase; ) # 1ds4cr41rbkbox19nn381tglkl4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ds4cr41rbkbox19nn381tglkl4|03|org"; nocase; ) # 9702gy14x4w45166ogr4zvf34z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9702gy14x4w45166ogr4zvf34z|03|net"; nocase; ) # 1kmfz5a1x81yl11gz6wx52g9dxs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kmfz5a1x81yl11gz6wx52g9dxs|03|org"; nocase; ) # 1wmm2j217zxf9p1jkprit4pgncs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wmm2j217zxf9p1jkprit4pgncs|03|net"; nocase; ) # 1f0lrhi1bos6co1shuhtf17p1o00.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f0lrhi1bos6co1shuhtf17p1o00|03|biz"; nocase; ) # 26577375saesysbfab16uma7e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|26577375saesysbfab16uma7e|03|com"; nocase; ) # 72v56w10hgpzv17gmk8g5orbgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72v56w10hgpzv17gmk8g5orbgu|03|biz"; nocase; ) # 1skx1dckg0eg910r138p1pcq21i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skx1dckg0eg910r138p1pcq21i|03|net"; nocase; ) # 118qvqtc6imcc9u66z38qqnqk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|118qvqtc6imcc9u66z38qqnqk|03|net"; nocase; ) # 1na8r3oqpbu1vmmp8c51b4pevy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1na8r3oqpbu1vmmp8c51b4pevy|03|com"; nocase; ) # m6bcp81k9hyph6vfdrt5kqt9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m6bcp81k9hyph6vfdrt5kqt9|03|biz"; nocase; ) # tuorch130rwmutkkygw1gcx2dn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tuorch130rwmutkkygw1gcx2dn|03|com"; nocase; ) # 53ln94wamz0e1mc8onc19ez7m6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|53ln94wamz0e1mc8onc19ez7m6|03|org"; nocase; ) # ljya7pp9if3zusyis1qcy7tu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ljya7pp9if3zusyis1qcy7tu|03|com"; nocase; ) # wk5hfl1xzj51ptz7qfe10421yk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wk5hfl1xzj51ptz7qfe10421yk|03|org"; nocase; ) # s6ujsrs9dugp1ufbvcwzc4xf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s6ujsrs9dugp1ufbvcwzc4xf4|03|net"; nocase; ) # 4xt3uk1tvdi291pjqpqtz7bpiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4xt3uk1tvdi291pjqpqtz7bpiq|03|org"; nocase; ) # unb4bf7f192qolvqyu1dy0lhn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|unb4bf7f192qolvqyu1dy0lhn|03|net"; nocase; ) # 1gq4k61qn065z1i80m6w1do6xkk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gq4k61qn065z1i80m6w1do6xkk|03|org"; nocase; ) # 10yiltg90spetd8teld4a2ipe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10yiltg90spetd8teld4a2ipe|03|com"; nocase; ) # 1u0kead1ab4oqgthi5oirl79qb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u0kead1ab4oqgthi5oirl79qb|03|org"; nocase; ) # 11lx1ny10iet8o1fjgsrd1k6mne1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11lx1ny10iet8o1fjgsrd1k6mne1|03|com"; nocase; ) # 1hjwdwq1mgvxnm1gbqpj4d2xs48.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hjwdwq1mgvxnm1gbqpj4d2xs48|03|org"; nocase; ) # 1nnd7ujsphk6w1wam9d11ral1xk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nnd7ujsphk6w1wam9d11ral1xk|03|com"; nocase; ) # 11e9u78728dn4q2m3118zvh9t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11e9u78728dn4q2m3118zvh9t|03|net"; nocase; ) # hlxccv1egb0sb598v4x1dlmir6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hlxccv1egb0sb598v4x1dlmir6|03|com"; nocase; ) # 17yu3i77zmc5g3yryhf1w0b8h4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17yu3i77zmc5g3yryhf1w0b8h4|03|org"; nocase; ) # wk5dxz14k0s7083pgvw14q5z0d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wk5dxz14k0s7083pgvw14q5z0d|03|biz"; nocase; ) # o6fv3j13roght1wwks54sf8ozt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o6fv3j13roght1wwks54sf8ozt|03|com"; nocase; ) # 1pmwmq91m4t8ajrvh6lwzzotap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pmwmq91m4t8ajrvh6lwzzotap|03|org"; nocase; ) # k5n1wnhq19aw1wf4407rnof3x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5n1wnhq19aw1wf4407rnof3x|03|net"; nocase; ) # te79zjjkvsrzgbx2gucfjsly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|te79zjjkvsrzgbx2gucfjsly|03|net"; nocase; ) # mfr52313eur452zhpv9ec87a8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mfr52313eur452zhpv9ec87a8|03|org"; nocase; ) # 1gx6umyn9a861r6mhaepedea2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gx6umyn9a861r6mhaepedea2|03|org"; nocase; ) # 1ji0wguacran11nkv8wm1urei2m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ji0wguacran11nkv8wm1urei2m|03|org"; nocase; ) # 48n59dtuxkse4zer11ur3b1l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|48n59dtuxkse4zer11ur3b1l|03|com"; nocase; ) # 1b9tbmg192gupd1dkkjj11gld1mc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b9tbmg192gupd1dkkjj11gld1mc|03|net"; nocase; ) # 1k98tefgbgs7a1ehm81x1xnpjkf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k98tefgbgs7a1ehm81x1xnpjkf|03|com"; nocase; ) # soei4c1k468hjtuuwzch1gchb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|soei4c1k468hjtuuwzch1gchb|03|org"; nocase; ) # ww9a5v141xk6i1vziq2a1gni2za.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ww9a5v141xk6i1vziq2a1gni2za|03|net"; nocase; ) # 1c1tyvh1wkgtelffp4825dbzp3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c1tyvh1wkgtelffp4825dbzp3|03|com"; nocase; ) # 2ay0k2bruoaoqjmrdr5qg560.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ay0k2bruoaoqjmrdr5qg560|03|biz"; nocase; ) # 1juf14r6mt4ep13mnzku1c7oa8x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1juf14r6mt4ep13mnzku1c7oa8x|03|com"; nocase; ) # nog3u88rdgug1lezooa1j10rvf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nog3u88rdgug1lezooa1j10rvf|03|biz"; nocase; ) # 1qs8mil1vp2lwy45txzd1tbfie7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qs8mil1vp2lwy45txzd1tbfie7|03|org"; nocase; ) # 17fwhrf11rea1n18o2j9s1a5edpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17fwhrf11rea1n18o2j9s1a5edpk|03|net"; nocase; ) # 1ky70s01ncdcy61jlrqe61w3pf93.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ky70s01ncdcy61jlrqe61w3pf93|03|org"; nocase; ) # 1lngspy1gj1b5vin6c8t8t150f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lngspy1gj1b5vin6c8t8t150f|03|com"; nocase; ) # 7rwzoz1smj3rjv0qhkm1uz9yq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7rwzoz1smj3rjv0qhkm1uz9yq|03|net"; nocase; ) # 1g78cgdvd6l621sij81x1yj8x5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g78cgdvd6l621sij81x1yj8x5b|03|com"; nocase; ) # 1o2kax6x9dxb015lahnh1oxv7uv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o2kax6x9dxb015lahnh1oxv7uv|03|net"; nocase; ) # 9kpx3sc2flspu6u1cgivbvob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9kpx3sc2flspu6u1cgivbvob|03|biz"; nocase; ) # wgb10q1olprs91xiguzg15ks07k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wgb10q1olprs91xiguzg15ks07k|03|net"; nocase; ) # 1cmvzn8svtlhc1ccpzvx1iranlm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cmvzn8svtlhc1ccpzvx1iranlm|03|com"; nocase; ) # cpcjj91fx7i21yij7fkyn5zzw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cpcjj91fx7i21yij7fkyn5zzw|03|com"; nocase; ) # 14pyvmy1dhxoevh0u6mg1gh6y75.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14pyvmy1dhxoevh0u6mg1gh6y75|03|org"; nocase; ) # gpiuik1o204mb11k0wfp1g811n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gpiuik1o204mb11k0wfp1g811n|03|net"; nocase; ) # 1848g4p9rfv1c1figozh15ua8w6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1848g4p9rfv1c1figozh15ua8w6|03|com"; nocase; ) # fi755n14bggbqb5iz1f1ixtr8z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fi755n14bggbqb5iz1f1ixtr8z|03|biz"; nocase; ) # epms7z1az047r5sd5r9pc82tj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epms7z1az047r5sd5r9pc82tj|03|org"; nocase; ) # 10kb2maqw3ilg3veqv1ldctfg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10kb2maqw3ilg3veqv1ldctfg|03|org"; nocase; ) # o63f9vssb6xr15jkhvh6ztg7q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o63f9vssb6xr15jkhvh6ztg7q|03|biz"; nocase; ) # re1i0jr5h8ocy8t3lqzoroai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|re1i0jr5h8ocy8t3lqzoroai|03|net"; nocase; ) # 1s2578x1fz26wm115jush62hcau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s2578x1fz26wm115jush62hcau|03|com"; nocase; ) # xa7w1476x0hl1yw8aehgguxmg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xa7w1476x0hl1yw8aehgguxmg|03|net"; nocase; ) # 1by1w2y1w3bg7n1qfr90818meejc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1by1w2y1w3bg7n1qfr90818meejc|03|org"; nocase; ) # xx72k55qlzv2f9gt8x5lmgzn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xx72k55qlzv2f9gt8x5lmgzn|03|com"; nocase; ) # 14xyvcd5jnujmxrwfxao9yj9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14xyvcd5jnujmxrwfxao9yj9z|03|net"; nocase; ) # ec0b07o749tun3y8aimyngnk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ec0b07o749tun3y8aimyngnk|03|org"; nocase; ) # 13yq8ohceg8u1uanect1fh0ztx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13yq8ohceg8u1uanect1fh0ztx|03|com"; nocase; ) # sbvzh71uz67ky104uuufk6a1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbvzh71uz67ky104uuufk6a1t|03|net"; nocase; ) # fjh57xydd93v1j8oetu11t9cpj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fjh57xydd93v1j8oetu11t9cpj|03|com"; nocase; ) # 1mi6n9013qm05dbt16mkg4sx4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mi6n9013qm05dbt16mkg4sx4p|03|org"; nocase; ) # 9ffce51pwnss1192gbuheeoj5x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ffce51pwnss1192gbuheeoj5x|03|biz"; nocase; ) # 1l15eax1vnqnes18a25wkpyixjk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l15eax1vnqnes18a25wkpyixjk|03|org"; nocase; ) # 2qxof572ke5u1dy66ve7a9qss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qxof572ke5u1dy66ve7a9qss|03|net"; nocase; ) # 50is5ew3dcs112nbmm513288gq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|50is5ew3dcs112nbmm513288gq|03|net"; nocase; ) # c7fl6p1gf1vvw64lmdppw70ug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c7fl6p1gf1vvw64lmdppw70ug|03|net"; nocase; ) # 1cqh1ex1y8k4geq7908hn7qlwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqh1ex1y8k4geq7908hn7qlwq|03|biz"; nocase; ) # 1abvswr18op8ri1odvr6oaiqic0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1abvswr18op8ri1odvr6oaiqic0|03|com"; nocase; ) # 804zg710tc1df98mjqisnuyd0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|804zg710tc1df98mjqisnuyd0|03|net"; nocase; ) # 1dk54pz2voaozfw643175zbhk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dk54pz2voaozfw643175zbhk|03|biz"; nocase; ) # 2rhczh79niflsnry1a19ss6l7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2rhczh79niflsnry1a19ss6l7|03|net"; nocase; ) # 1p2hfoqqzbhltli95151rvnmjs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p2hfoqqzbhltli95151rvnmjs|03|com"; nocase; ) # 1x2ksn37mmc4j1v0sqqi1yw8jgh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x2ksn37mmc4j1v0sqqi1yw8jgh|03|com"; nocase; ) # w5h5mw6hwvoj1lvyo7tr7vm7e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5h5mw6hwvoj1lvyo7tr7vm7e|03|net"; nocase; ) # 1as81idj7mhey1nrgcumoaiii4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1as81idj7mhey1nrgcumoaiii4|03|com"; nocase; ) # 1v3o1bmxlbeook361egium0cb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v3o1bmxlbeook361egium0cb|03|biz"; nocase; ) # edc3km1se107n1dtf3mz1bu0kqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|edc3km1se107n1dtf3mz1bu0kqj|03|net"; nocase; ) # 257xdq4pvzr72bw3nz1qd4ub9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|257xdq4pvzr72bw3nz1qd4ub9|03|org"; nocase; ) # 1kba4xk1s2ccpy1rp2dqd5ewx7c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kba4xk1s2ccpy1rp2dqd5ewx7c|03|biz"; nocase; ) # 1fe0jpwg5escxgzr4atu6b92n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fe0jpwg5escxgzr4atu6b92n|03|net"; nocase; ) # 1crn307v7q2ey33rh3whruegp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1crn307v7q2ey33rh3whruegp|03|biz"; nocase; ) # zulal5ih3exc1q3xu40x3u1dw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zulal5ih3exc1q3xu40x3u1dw|03|com"; nocase; ) # 1oe8y5bwp0t6y13es8yv1gxtvrm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oe8y5bwp0t6y13es8yv1gxtvrm|03|net"; nocase; ) # 15tjk671yjiyu012o8k3nhw3u0m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15tjk671yjiyu012o8k3nhw3u0m|03|biz"; nocase; ) # rthtuv1cicslj112wuy17zzzei.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rthtuv1cicslj112wuy17zzzei|03|biz"; nocase; ) # p6pipdlhhrt51cke1kw1zjy2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p6pipdlhhrt51cke1kw1zjy2k|03|org"; nocase; ) # rwt0pzi5hob616yeirs14g3xo2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rwt0pzi5hob616yeirs14g3xo2|03|org"; nocase; ) # ma141grcsqzyjei09s1c0nm6q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ma141grcsqzyjei09s1c0nm6q|03|org"; nocase; ) # 1pt8gnzybr3a3z24ye01ph4ic6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pt8gnzybr3a3z24ye01ph4ic6|03|biz"; nocase; ) # xd96t4wpkwi73lr1os14tsy42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xd96t4wpkwi73lr1os14tsy42|03|com"; nocase; ) # fm71a63sbsm61kwaasv3x3sdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fm71a63sbsm61kwaasv3x3sdr|03|biz"; nocase; ) # 177m75g8odtu1156yoiy14fbshl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|177m75g8odtu1156yoiy14fbshl|03|com"; nocase; ) # 1s3c600qu8qir1t7k39pfgcg5h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s3c600qu8qir1t7k39pfgcg5h|03|org"; nocase; ) # 6j0wo71k99qy118w3osf89s7zg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6j0wo71k99qy118w3osf89s7zg|03|com"; nocase; ) # etu00bxyfkxv2vjn87nu23zw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|etu00bxyfkxv2vjn87nu23zw|03|net"; nocase; ) # upez6n1epnmytgzvsr01xuxzqr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|upez6n1epnmytgzvsr01xuxzqr|03|biz"; nocase; ) # 5xcmrr3mbi1nd3hok14rlsrs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5xcmrr3mbi1nd3hok14rlsrs|03|net"; nocase; ) # x084vgr50rr51u6lx7oeazy2i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x084vgr50rr51u6lx7oeazy2i|03|org"; nocase; ) # 1st5c6k18uaon915q9die1uajcim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1st5c6k18uaon915q9die1uajcim|03|org"; nocase; ) # 1bc7d3w1ldo8nh1nrwyvf1pj0cml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bc7d3w1ldo8nh1nrwyvf1pj0cml|03|net"; nocase; ) # ised0bl1oyfr1ust70uigwv79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ised0bl1oyfr1ust70uigwv79|03|net"; nocase; ) # senxltb5wqgi1j22wkx1aitenu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|senxltb5wqgi1j22wkx1aitenu|03|net"; nocase; ) # mrq5um1tg7ovo1lirzdv1ecltiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mrq5um1tg7ovo1lirzdv1ecltiu|03|com"; nocase; ) # d684bld9lgwe1sgoaaoo1pvqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d684bld9lgwe1sgoaaoo1pvqi|03|biz"; nocase; ) # rlodx42v3y8t1pqmimrm0ftam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rlodx42v3y8t1pqmimrm0ftam|03|biz"; nocase; ) # jw1orr11e4k5r14js68li9axwo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jw1orr11e4k5r14js68li9axwo|03|com"; nocase; ) # x9mgqy1pwtsw0r9nzlc1mtubof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x9mgqy1pwtsw0r9nzlc1mtubof|03|com"; nocase; ) # yf3cqe1qfc6sr1frojrm1om03rs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yf3cqe1qfc6sr1frojrm1om03rs|03|net"; nocase; ) # onifhol7f9n31wy98loro8wbb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|onifhol7f9n31wy98loro8wbb|03|net"; nocase; ) # 10eg2vz16gv45h1wrhgof1w2drfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10eg2vz16gv45h1wrhgof1w2drfq|03|com"; nocase; ) # 1onvjlf1im186i1jkhy0l1htf2ib.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1onvjlf1im186i1jkhy0l1htf2ib|03|biz"; nocase; ) # 12uxqy6mws7lw350rjnv1t34.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|12uxqy6mws7lw350rjnv1t34|03|net"; nocase; ) # 1kr8hss1hfedoaateuqm1ccsv0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kr8hss1hfedoaateuqm1ccsv0a|03|org"; nocase; ) # 1djk9fps6gwda1xmoz9z1qf27wp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1djk9fps6gwda1xmoz9z1qf27wp|03|org"; nocase; ) # it75rs80wx1r18lkp9119zbuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|it75rs80wx1r18lkp9119zbuu|03|net"; nocase; ) # v0ifja1p1bihknm29eydm5bat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v0ifja1p1bihknm29eydm5bat|03|net"; nocase; ) # zwh44vi3yeoc1li9qml1648moq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zwh44vi3yeoc1li9qml1648moq|03|net"; nocase; ) # ru3xouukupzhqeek0oglmt3g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ru3xouukupzhqeek0oglmt3g|03|com"; nocase; ) # immao4uz0vmg1akxac31crarpd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|immao4uz0vmg1akxac31crarpd|03|org"; nocase; ) # 9f7a5l1kn43fpdiyd7zr7vxq3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9f7a5l1kn43fpdiyd7zr7vxq3|03|com"; nocase; ) # 19jzeyasqejht183ezjnogi05e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19jzeyasqejht183ezjnogi05e|03|com"; nocase; ) # 18kx0j1nqia5xwpn8gtl08h4x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18kx0j1nqia5xwpn8gtl08h4x|03|org"; nocase; ) # 1jteq2h1w20l0w1t5td1k1l54rsv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jteq2h1w20l0w1t5td1k1l54rsv|03|org"; nocase; ) # 15136ptj6igw61yigq265ab7bv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15136ptj6igw61yigq265ab7bv|03|com"; nocase; ) # od94hgni6nx2eu44dq1vawsl2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|od94hgni6nx2eu44dq1vawsl2|03|com"; nocase; ) # jsn4ta1w1skufr3u2rq1bc74ah.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jsn4ta1w1skufr3u2rq1bc74ah|03|org"; nocase; ) # 9xfnm7unfn21dbmidgyqfik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|9xfnm7unfn21dbmidgyqfik|03|com"; nocase; ) # 3xbnzruwhltdxsho5d1vof07h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3xbnzruwhltdxsho5d1vof07h|03|net"; nocase; ) # l7uwtbvforkxwtjnmh3v3pye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l7uwtbvforkxwtjnmh3v3pye|03|org"; nocase; ) # vc1izca4gm3f27wpng13pmghy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vc1izca4gm3f27wpng13pmghy|03|com"; nocase; ) # 1pvqlju1cmwt681iafu5bbphtld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pvqlju1cmwt681iafu5bbphtld|03|net"; nocase; ) # gn5t6ji19o8h1rn15q113iqg3x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gn5t6ji19o8h1rn15q113iqg3x|03|net"; nocase; ) # 18l50n616129efayconar6hz64.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18l50n616129efayconar6hz64|03|org"; nocase; ) # 180gfmz1hgk7s3tq531f16gsunf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|180gfmz1hgk7s3tq531f16gsunf|03|org"; nocase; ) # bfb8vs19l89us131f3dl1bqu4pi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bfb8vs19l89us131f3dl1bqu4pi|03|com"; nocase; ) # fiwbnm13dejkh8uyhli18qlgyx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fiwbnm13dejkh8uyhli18qlgyx|03|org"; nocase; ) # gf486vwh8auzc8yn34od21vr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gf486vwh8auzc8yn34od21vr|03|net"; nocase; ) # 1f2l7fi1eh7u72gee8k7146x547.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f2l7fi1eh7u72gee8k7146x547|03|org"; nocase; ) # 4t4gylmoswf81fhm15m18llpuy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4t4gylmoswf81fhm15m18llpuy|03|biz"; nocase; ) # 1a8ijlv9fwynjwmg331zyhjba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a8ijlv9fwynjwmg331zyhjba|03|com"; nocase; ) # a8pqtt3ptz6z1vba87f1cjmqkb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a8pqtt3ptz6z1vba87f1cjmqkb|03|net"; nocase; ) # 1aa4ibmqlumgqze0h361ynx3ma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aa4ibmqlumgqze0h361ynx3ma|03|org"; nocase; ) # 1x3g6lh1vwzzvy4d05ea1b3yd1g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x3g6lh1vwzzvy4d05ea1b3yd1g|03|biz"; nocase; ) # ajpuu11soxoubv3es671suiv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ajpuu11soxoubv3es671suiv0|03|net"; nocase; ) # 87pb3g1b3qxr46j8n20187gsqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|87pb3g1b3qxr46j8n20187gsqm|03|org"; nocase; ) # 1tfiwd3afo5pupart40suuls4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1tfiwd3afo5pupart40suuls4|03|net"; nocase; ) # 152j8bd9mjevnno41ncsns4e5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|152j8bd9mjevnno41ncsns4e5|03|net"; nocase; ) # 4o1pzs1bkgkgbwkfjk76grt87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4o1pzs1bkgkgbwkfjk76grt87|03|org"; nocase; ) # 1ph9109m919j0s89nlz31b7s5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ph9109m919j0s89nlz31b7s5|03|com"; nocase; ) # i2hnws5n1r3sekv30p135n3zr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i2hnws5n1r3sekv30p135n3zr|03|org"; nocase; ) # rpsc5d1k1dccy7prezw1x8okyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rpsc5d1k1dccy7prezw1x8okyj|03|com"; nocase; ) # 1e5c5xn1182gqe1kewznyj2ozgt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e5c5xn1182gqe1kewznyj2ozgt|03|net"; nocase; ) # ktkijl1tfupr4as13s7193qew7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktkijl1tfupr4as13s7193qew7|03|com"; nocase; ) # kcfciyc9wnec1ax3hmndfw4th.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kcfciyc9wnec1ax3hmndfw4th|03|net"; nocase; ) # bhluw110jybsn1kk2zs76g9s7j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bhluw110jybsn1kk2zs76g9s7j|03|org"; nocase; ) # xfp5081rh22pxqd7rlz15y45po.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xfp5081rh22pxqd7rlz15y45po|03|biz"; nocase; ) # ullu4f18wrxf76hgsaomdlu4m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ullu4f18wrxf76hgsaomdlu4m|03|com"; nocase; ) # 1mx5xuu1vcvxmsg4qp4o2kcf8l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mx5xuu1vcvxmsg4qp4o2kcf8l|03|org"; nocase; ) # 1uvqidg1bacxreecc6kh18kpuw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uvqidg1bacxreecc6kh18kpuw|03|org"; nocase; ) # 16phko98qn19sw932d114w28a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16phko98qn19sw932d114w28a|03|com"; nocase; ) # 1r385uodoswi1w6984019bbq6v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1r385uodoswi1w6984019bbq6v|03|com"; nocase; ) # 1af1payfvxn625tgq1j1ts1pnb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1af1payfvxn625tgq1j1ts1pnb|03|com"; nocase; ) # 1g7uay9g061f1r630vf1buhygk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g7uay9g061f1r630vf1buhygk|03|com"; nocase; ) # 86cfh0ausdfa1t0aof71v5zuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|86cfh0ausdfa1t0aof71v5zuw|03|net"; nocase; ) # ij528b10rd3gl3o0op0vzesd4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ij528b10rd3gl3o0op0vzesd4|03|net"; nocase; ) # qismwq18xk0ct1bqoi24n8nc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qismwq18xk0ct1bqoi24n8nc6|03|org"; nocase; ) # 9hu6k4gotdxj1tqyfw61d90loh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9hu6k4gotdxj1tqyfw61d90loh|03|net"; nocase; ) # 6ef5rfk8vll1qbnfpx17pdhnk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ef5rfk8vll1qbnfpx17pdhnk|03|biz"; nocase; ) # hw58ia5aokrap8c7maf20xja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hw58ia5aokrap8c7maf20xja|03|biz"; nocase; ) # tcdyzqn4cxwg1wi07xkrgqpc9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tcdyzqn4cxwg1wi07xkrgqpc9|03|biz"; nocase; ) # 14w5c6wrzbeeo10erga91w5v37g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14w5c6wrzbeeo10erga91w5v37g|03|org"; nocase; ) # 7glgq8147w2duiag7ubbl6orc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7glgq8147w2duiag7ubbl6orc|03|net"; nocase; ) # qsbr6fmvmju2ancvghsmd9h6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qsbr6fmvmju2ancvghsmd9h6|03|net"; nocase; ) # n8vobc18ovgu318uaotdg17cod.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n8vobc18ovgu318uaotdg17cod|03|net"; nocase; ) # 1m4s6at16f6rsw1sbtqx93hd1ll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4s6at16f6rsw1sbtqx93hd1ll|03|org"; nocase; ) # u340tih8cx5fwvwhbywtxyjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u340tih8cx5fwvwhbywtxyjy|03|com"; nocase; ) # guj79t1erh6an10be6u9fr6ks2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|guj79t1erh6an10be6u9fr6ks2|03|biz"; nocase; ) # vm0jd9uuigns1ag4wue136kl0l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vm0jd9uuigns1ag4wue136kl0l|03|net"; nocase; ) # 13dk1an19z9uxydldokg170mkpc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13dk1an19z9uxydldokg170mkpc|03|com"; nocase; ) # 1y0e9wf1433pqscfbzny8oa55l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y0e9wf1433pqscfbzny8oa55l|03|org"; nocase; ) # 2qlpnw1kkuvyumtz3yl1tyugz9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2qlpnw1kkuvyumtz3yl1tyugz9|03|com"; nocase; ) # thzcomrxswdnsckl1y1w6it72.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|thzcomrxswdnsckl1y1w6it72|03|com"; nocase; ) # zjqw6j1v4jvypb160h9ovu86g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjqw6j1v4jvypb160h9ovu86g|03|biz"; nocase; ) # 1fhi2pe1200ntj2ep747gisoac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fhi2pe1200ntj2ep747gisoac|03|com"; nocase; ) # 11eff9j1fz4ueomss92f18q5dm5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11eff9j1fz4ueomss92f18q5dm5|03|com"; nocase; ) # 89llj81yb85wy1djcvmujapvzn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89llj81yb85wy1djcvmujapvzn|03|org"; nocase; ) # 4grc2y1a00nm7ldjtvr1d0437w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4grc2y1a00nm7ldjtvr1d0437w|03|com"; nocase; ) # dx81a01vudc4czdkrnod0pncd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dx81a01vudc4czdkrnod0pncd|03|biz"; nocase; ) # 1vsvwa9yqv7xi12g4bc7f5acac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vsvwa9yqv7xi12g4bc7f5acac|03|com"; nocase; ) # 1ub47vytj6wbyoa12pw1q9l4ll.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ub47vytj6wbyoa12pw1q9l4ll|03|biz"; nocase; ) # 1p7otfr7l5ow1xtcrc7y9kf67.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1p7otfr7l5ow1xtcrc7y9kf67|03|org"; nocase; ) # ohrc38gr5qot1l7ttj72y1er3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ohrc38gr5qot1l7ttj72y1er3|03|com"; nocase; ) # 132bl91dmf41x147vmwr1ual0tp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|132bl91dmf41x147vmwr1ual0tp|03|org"; nocase; ) # 14a6nrr1e7qnqjwum0cu1b1u4cr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14a6nrr1e7qnqjwum0cu1b1u4cr|03|org"; nocase; ) # bl6cicq36ihztj0w7u8guknx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bl6cicq36ihztj0w7u8guknx|03|biz"; nocase; ) # mr388g1l075041h913id15ahstg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mr388g1l075041h913id15ahstg|03|com"; nocase; ) # kbihba1qsx92ab9xirk1fumjqy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kbihba1qsx92ab9xirk1fumjqy|03|org"; nocase; ) # u5jhb3ypkvjc1cc8onq1an0ehb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u5jhb3ypkvjc1cc8onq1an0ehb|03|net"; nocase; ) # 1wow61814fvq5k1goq6m1sswpbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wow61814fvq5k1goq6m1sswpbs|03|net"; nocase; ) # ms8f611r2znt21al0fxn1pqxvvq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ms8f611r2znt21al0fxn1pqxvvq|03|org"; nocase; ) # 16kecl4115hmo754kl11ce3nj3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16kecl4115hmo754kl11ce3nj3|03|biz"; nocase; ) # 12tzlxe1p42qvl80klzd1pvlz4c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12tzlxe1p42qvl80klzd1pvlz4c|03|com"; nocase; ) # ilka9a1068rnk1ushy82yeaiq2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ilka9a1068rnk1ushy82yeaiq2|03|net"; nocase; ) # wduhqqd71gfyqbtjig1fhjosk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wduhqqd71gfyqbtjig1fhjosk|03|org"; nocase; ) # x6ndj92sm6jzz7z5z61hn0aja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x6ndj92sm6jzz7z5z61hn0aja|03|biz"; nocase; ) # r4atmz1g2w9t426ebjl2bl9vw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4atmz1g2w9t426ebjl2bl9vw|03|org"; nocase; ) # 10aym961243cuu9rzbv61yfn0bf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10aym961243cuu9rzbv61yfn0bf|03|com"; nocase; ) # so0aue5d9ehzq27fnbabxnk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|so0aue5d9ehzq27fnbabxnk7|03|com"; nocase; ) # jnwc4i17t6tvv1pcozdcwsvc38.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnwc4i17t6tvv1pcozdcwsvc38|03|net"; nocase; ) # 16zj4u48m52631iox16o2k5jt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16zj4u48m52631iox16o2k5jt1|03|org"; nocase; ) # 11au8rr1vzkip2it424p18bz68p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11au8rr1vzkip2it424p18bz68p|03|net"; nocase; ) # 12x11xvbxg1j61hk0pgp3dotez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12x11xvbxg1j61hk0pgp3dotez|03|org"; nocase; ) # 796vxjs9a591tsoemd1cf0gqr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|796vxjs9a591tsoemd1cf0gqr|03|net"; nocase; ) # 12mpj8m1idfskrj7f63h176avmj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12mpj8m1idfskrj7f63h176avmj|03|org"; nocase; ) # 1oiev061ka3v4e2vtnxq11zyw5j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oiev061ka3v4e2vtnxq11zyw5j|03|com"; nocase; ) # gs0bcb17a6mad1ovlwo01sp8zi4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gs0bcb17a6mad1ovlwo01sp8zi4|03|org"; nocase; ) # jmjimb16vsdmlvo2mpyhhut43.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmjimb16vsdmlvo2mpyhhut43|03|com"; nocase; ) # hkpf9q12boipxklvwpniymzkc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hkpf9q12boipxklvwpniymzkc|03|org"; nocase; ) # xbya5z1nnhbplxoxw5h199zuyg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xbya5z1nnhbplxoxw5h199zuyg|03|com"; nocase; ) # 1n7mn2i1uewx6c1uafj86br9dj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n7mn2i1uewx6c1uafj86br9dj|03|com"; nocase; ) # 16p5za51mky83o15sj5t7ppnzdq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16p5za51mky83o15sj5t7ppnzdq|03|biz"; nocase; ) # 1qvikc9cy7ztc1pho4md1ppxi3c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qvikc9cy7ztc1pho4md1ppxi3c|03|com"; nocase; ) # oxqkckxtsa5wmrdpuflbtg2z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oxqkckxtsa5wmrdpuflbtg2z|03|net"; nocase; ) # xutvmrmvhij71bach4s1nw0wya.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xutvmrmvhij71bach4s1nw0wya|03|org"; nocase; ) # t8pq3uyhsj0sw6u665jn7vep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t8pq3uyhsj0sw6u665jn7vep|03|com"; nocase; ) # x3o52i1216sia14175as1yg9rfv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x3o52i1216sia14175as1yg9rfv|03|biz"; nocase; ) # 1kez59cqdf31ce58w4za9x7e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1kez59cqdf31ce58w4za9x7e|03|net"; nocase; ) # 1wwuv2y1usb1gm155tst59evqi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wwuv2y1usb1gm155tst59evqi|03|net"; nocase; ) # 1lw82svp1fn0sewyqar10c118q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lw82svp1fn0sewyqar10c118q|03|net"; nocase; ) # eolho2eu96yxo7es1t10xfe2h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eolho2eu96yxo7es1t10xfe2h|03|biz"; nocase; ) # tk8sy81iy7ptb61mh7v1bwk72k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tk8sy81iy7ptb61mh7v1bwk72k|03|org"; nocase; ) # bc9y5b10rwu311hd831q1mcuih7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bc9y5b10rwu311hd831q1mcuih7|03|org"; nocase; ) # 1jbpfi328yxijsfy7ez112gnt1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbpfi328yxijsfy7ez112gnt1|03|biz"; nocase; ) # 1wynjmte0xi71e7jd4j6ircgs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wynjmte0xi71e7jd4j6ircgs|03|net"; nocase; ) # 1nyq1u94itg03vdgx2597tcof.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1nyq1u94itg03vdgx2597tcof|03|biz"; nocase; ) # 1a3u3qbbhirg7j1a93q1gsqobg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a3u3qbbhirg7j1a93q1gsqobg|03|biz"; nocase; ) # u0vvkpdt7v9sz5cjtx1cggu7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u0vvkpdt7v9sz5cjtx1cggu7w|03|net"; nocase; ) # 1xkiok311k1ylig8ek813vvzf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xkiok311k1ylig8ek813vvzf|03|com"; nocase; ) # pjlo2i1kzkzlmp4tjme1w2zwp9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pjlo2i1kzkzlmp4tjme1w2zwp9|03|org"; nocase; ) # 1q61ixh7ha5kr16zy8k21q2umy0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q61ixh7ha5kr16zy8k21q2umy0|03|net"; nocase; ) # 1tvutivvhghin1ma4bhrjpu69p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tvutivvhghin1ma4bhrjpu69p|03|org"; nocase; ) # 9vzhse3xn6to1yipc9z77qf6y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9vzhse3xn6to1yipc9z77qf6y|03|org"; nocase; ) # 1ik9j7qdboe94he01rl163i88e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ik9j7qdboe94he01rl163i88e|03|net"; nocase; ) # 147crf26jbncoj52h1es62mm9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|147crf26jbncoj52h1es62mm9|03|biz"; nocase; ) # m2w0qt1e8ufjitsqljuxyt0ma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m2w0qt1e8ufjitsqljuxyt0ma|03|net"; nocase; ) # 1kg7tfd1k2iwjy1vc3zrgi9m0ak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kg7tfd1k2iwjy1vc3zrgi9m0ak|03|com"; nocase; ) # p4tcqllit2e1u9sm0e1da565q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p4tcqllit2e1u9sm0e1da565q|03|biz"; nocase; ) # 1auho2n1rcyac01tpnm7k1825vht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1auho2n1rcyac01tpnm7k1825vht|03|net"; nocase; ) # 10n9cuj12d5uiw10ngl8d1nvuhs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10n9cuj12d5uiw10ngl8d1nvuhs|03|org"; nocase; ) # z4e1s290xoes32er331dm8v08.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4e1s290xoes32er331dm8v08|03|com"; nocase; ) # 1cg9etgxzaxjo1t69xoi9vh3wo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cg9etgxzaxjo1t69xoi9vh3wo|03|com"; nocase; ) # 24su6b1guufwmb623nr1k2kcaw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|24su6b1guufwmb623nr1k2kcaw|03|net"; nocase; ) # 1u8t5f2m1kiyyepczqgxzwzje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u8t5f2m1kiyyepczqgxzwzje|03|org"; nocase; ) # ef38u11lt0i71kwscdt1muncu9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ef38u11lt0i71kwscdt1muncu9|03|org"; nocase; ) # 169ifp17vack0bb7s5jxjvg16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|169ifp17vack0bb7s5jxjvg16|03|net"; nocase; ) # edutol1t8i32q17ozxfb181bh2f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|edutol1t8i32q17ozxfb181bh2f|03|com"; nocase; ) # 2zplh81olo261udiyou13hbilp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2zplh81olo261udiyou13hbilp|03|org"; nocase; ) # 1b4bi9otjyvqh1ptlwnin54zed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b4bi9otjyvqh1ptlwnin54zed|03|com"; nocase; ) # 1ht1578h6ubc51730d401wgqeot.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ht1578h6ubc51730d401wgqeot|03|net"; nocase; ) # 142vxabh65xmh1nr57xz1uodrcg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|142vxabh65xmh1nr57xz1uodrcg|03|com"; nocase; ) # c9wh8q1vm2q9dltd1738iugpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c9wh8q1vm2q9dltd1738iugpi|03|net"; nocase; ) # 1bjdby11xq58ut5x3xmm1m68sb9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bjdby11xq58ut5x3xmm1m68sb9|03|com"; nocase; ) # 1d1oyl41rs87ahfelkhz1yx5l0k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d1oyl41rs87ahfelkhz1yx5l0k|03|com"; nocase; ) # 1k27twx1dez2mz1ohuzz18o886l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k27twx1dez2mz1ohuzz18o886l|03|com"; nocase; ) # ghtb58jwvdc511cire5179t78c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ghtb58jwvdc511cire5179t78c|03|net"; nocase; ) # 8vc4x7q18ygx17n4hnr12ipx3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8vc4x7q18ygx17n4hnr12ipx3v|03|biz"; nocase; ) # po5nr93roox9qp94k31hcrc1y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|po5nr93roox9qp94k31hcrc1y|03|org"; nocase; ) # imive7tmys5wbttgqed5j3w6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|imive7tmys5wbttgqed5j3w6|03|net"; nocase; ) # 7uhs7ypgdshu1nrkk93nab7f1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7uhs7ypgdshu1nrkk93nab7f1|03|org"; nocase; ) # w5sqehjdh3gwns776s1abrdua.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w5sqehjdh3gwns776s1abrdua|03|com"; nocase; ) # 1vfxwrtsxwb491pmaj091hgwkp1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vfxwrtsxwb491pmaj091hgwkp1|03|net"; nocase; ) # yk3eh51j41oqo1niyr0pu01acu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yk3eh51j41oqo1niyr0pu01acu|03|org"; nocase; ) # 1dxi29txkpeolqkg6llr3raqo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dxi29txkpeolqkg6llr3raqo|03|com"; nocase; ) # 16q1h0vev75q97hf0rl4d1bnb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16q1h0vev75q97hf0rl4d1bnb|03|net"; nocase; ) # g1narb10fw00vj3q029v00cn3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g1narb10fw00vj3q029v00cn3|03|org"; nocase; ) # 1ip60eq1bmqeut1f4jq911reas8b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ip60eq1bmqeut1f4jq911reas8b|03|com"; nocase; ) # 1x7r6jsdcv6b1195ub2twfjkd5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x7r6jsdcv6b1195ub2twfjkd5|03|org"; nocase; ) # doz23v1vtcw451q3h7zs1ctr9sm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|doz23v1vtcw451q3h7zs1ctr9sm|03|org"; nocase; ) # 1s5j7svvwn3o71e3i1ni1d1ul2x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1s5j7svvwn3o71e3i1ni1d1ul2x|03|com"; nocase; ) # r4o2di1ep9t4t1m0y7026wxeec.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r4o2di1ep9t4t1m0y7026wxeec|03|biz"; nocase; ) # oma1vc1y7yiyy1d7eijg19njoz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oma1vc1y7yiyy1d7eijg19njoz6|03|net"; nocase; ) # 15f6u3x18dq0ii177tj5noionun.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15f6u3x18dq0ii177tj5noionun|03|org"; nocase; ) # 1meyp0gppxwz81k7gdmi4cs1ux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1meyp0gppxwz81k7gdmi4cs1ux|03|com"; nocase; ) # ex5pjn146ysz21mlcjgv1fmb7j1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ex5pjn146ysz21mlcjgv1fmb7j1|03|com"; nocase; ) # 10n5wwkamobxkanbj65ko9es.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|10n5wwkamobxkanbj65ko9es|03|org"; nocase; ) # 955da81ndu0or1ef3sq9f026p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|955da81ndu0or1ef3sq9f026p|03|net"; nocase; ) # 1igu6ero0j9ta1kvpyekre2nb5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1igu6ero0j9ta1kvpyekre2nb5|03|com"; nocase; ) # 1s5d3mj8lxz21lrvpgtyannpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1s5d3mj8lxz21lrvpgtyannpy|03|com"; nocase; ) # mjcmwar3kfhjjolf8e158sldl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mjcmwar3kfhjjolf8e158sldl|03|biz"; nocase; ) # 1fgsmsno9rls0zeqv45lfx0gx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fgsmsno9rls0zeqv45lfx0gx|03|com"; nocase; ) # lr6sjdtiz78c14ysugh4dw97.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lr6sjdtiz78c14ysugh4dw97|03|org"; nocase; ) # amzw031ksqf8u477hnymvvb92.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|amzw031ksqf8u477hnymvvb92|03|com"; nocase; ) # 1h58d9t1m85f7i80jbwf1mhwwdc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h58d9t1m85f7i80jbwf1mhwwdc|03|com"; nocase; ) # zf1hb71bdjow91ey5z6h8en6wk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zf1hb71bdjow91ey5z6h8en6wk|03|net"; nocase; ) # fone9h1ezp3mv1eyupbpxbf5hh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fone9h1ezp3mv1eyupbpxbf5hh|03|org"; nocase; ) # 1muy8uwhgjxzzesl86fjcw05w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1muy8uwhgjxzzesl86fjcw05w|03|biz"; nocase; ) # jq2u1810eseoq10l6b3f1pc40pj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jq2u1810eseoq10l6b3f1pc40pj|03|net"; nocase; ) # 1sdv9821vdx26u9p0969mb8b5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sdv9821vdx26u9p0969mb8b5d|03|net"; nocase; ) # 1gydk131t7v7hx34cywl1oewxkm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gydk131t7v7hx34cywl1oewxkm|03|com"; nocase; ) # ucdgzhjycvk17c6c1rd48a1d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ucdgzhjycvk17c6c1rd48a1d|03|biz"; nocase; ) # 1flw1g989xxhk1a12bm719qqahu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1flw1g989xxhk1a12bm719qqahu|03|org"; nocase; ) # 1tpxkr39g0can1kphypu1204igr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tpxkr39g0can1kphypu1204igr|03|org"; nocase; ) # miprby1wnhqpmx8hpy7at7805.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|miprby1wnhqpmx8hpy7at7805|03|org"; nocase; ) # 1c89n0xf6xndjnmb82h17wko0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c89n0xf6xndjnmb82h17wko0a|03|net"; nocase; ) # 1dxsm5l1kpfinf169vwpa12jt65i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dxsm5l1kpfinf169vwpa12jt65i|03|biz"; nocase; ) # 7gg0gr1gizjctcg9h5ke5mkmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7gg0gr1gizjctcg9h5ke5mkmx|03|org"; nocase; ) # nt5em5djf6qom88n041vprt6k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nt5em5djf6qom88n041vprt6k|03|com"; nocase; ) # 17g0otowdqwhv22jlxn1rkcpfa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17g0otowdqwhv22jlxn1rkcpfa|03|net"; nocase; ) # n3q7fcu5vzba173vrfo1bizx04.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3q7fcu5vzba173vrfo1bizx04|03|net"; nocase; ) # 14y8v22e79q8e9bkpv1cjejr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14y8v22e79q8e9bkpv1cjejr|03|net"; nocase; ) # 1b2t5pi1afafca1qvo6g3s6sd1u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b2t5pi1afafca1qvo6g3s6sd1u|03|org"; nocase; ) # 1954bo1o8t6uc1ultl6316psv80.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1954bo1o8t6uc1ultl6316psv80|03|com"; nocase; ) # p9shs8rhwymb1ay25tyz1h1n4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p9shs8rhwymb1ay25tyz1h1n4|03|org"; nocase; ) # ttke0jj3epuu1a3d6xst8q7cn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ttke0jj3epuu1a3d6xst8q7cn|03|net"; nocase; ) # 1talh7fxcb5twgel410192pezd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1talh7fxcb5twgel410192pezd|03|net"; nocase; ) # h6iga6jawkeh1k6p1vx77i0bp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h6iga6jawkeh1k6p1vx77i0bp|03|com"; nocase; ) # 96rv9kfh19zl1tsdkgf13gnnvo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|96rv9kfh19zl1tsdkgf13gnnvo|03|net"; nocase; ) # 1d34ok911ej22qxxritegdqzby.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d34ok911ej22qxxritegdqzby|03|org"; nocase; ) # 1mopqhx7nkrxo1d2tti3lelj86.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mopqhx7nkrxo1d2tti3lelj86|03|org"; nocase; ) # 1u91lndh7csrrui2sh21ty2osq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u91lndh7csrrui2sh21ty2osq|03|net"; nocase; ) # k8apfk1lcqjpq1jssib5soetfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k8apfk1lcqjpq1jssib5soetfh|03|net"; nocase; ) # o892hcmn4dqu834tz4qvya9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o892hcmn4dqu834tz4qvya9d|03|org"; nocase; ) # f5n08s1bwy82b31qu5cll3g0i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f5n08s1bwy82b31qu5cll3g0i|03|biz"; nocase; ) # ssqasv1qu1y68gga38l1bk2408.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ssqasv1qu1y68gga38l1bk2408|03|com"; nocase; ) # a40hq5fkrgxe1urg3we113x6tn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a40hq5fkrgxe1urg3we113x6tn|03|net"; nocase; ) # 1d3n5y2c6pgrw1awz2de4vonen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d3n5y2c6pgrw1awz2de4vonen|03|net"; nocase; ) # 4ju17tylp0aomk1sqz1gu6x3p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4ju17tylp0aomk1sqz1gu6x3p|03|net"; nocase; ) # 1ejns4aboyootsfdncg1wsuqt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ejns4aboyootsfdncg1wsuqt6|03|net"; nocase; ) # 60c38eyd7aucfdfhpo1nrciyq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|60c38eyd7aucfdfhpo1nrciyq|03|org"; nocase; ) # z015576afztl8wfwoggxav8j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z015576afztl8wfwoggxav8j|03|net"; nocase; ) # v8v1r0a04nflnpubg810f2ja2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v8v1r0a04nflnpubg810f2ja2|03|com"; nocase; ) # 1w6wkcl1dz3mllu936pi1r2tnrp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6wkcl1dz3mllu936pi1r2tnrp|03|org"; nocase; ) # qnwyqbt6at0gqal3b71rljoxd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qnwyqbt6at0gqal3b71rljoxd|03|com"; nocase; ) # 1mooxvsoeknjpwhu3mo1vqpbwx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mooxvsoeknjpwhu3mo1vqpbwx|03|net"; nocase; ) # 1r4gepudqzfbz1sawizw1yz8zmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r4gepudqzfbz1sawizw1yz8zmk|03|org"; nocase; ) # idbfhowvr5i51vx8f6sxdfpnj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|idbfhowvr5i51vx8f6sxdfpnj|03|net"; nocase; ) # 1f2ko5p1xdgbh6jq9pzii9kiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f2ko5p1xdgbh6jq9pzii9kiv|03|org"; nocase; ) # tq33px15zoftpch9joi173xt33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tq33px15zoftpch9joi173xt33|03|net"; nocase; ) # 1ahobvi1n79sscpcchnjz695w0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ahobvi1n79sscpcchnjz695w0|03|com"; nocase; ) # xpdvk81vbyj4i1jzplpcwy7qq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xpdvk81vbyj4i1jzplpcwy7qq8|03|net"; nocase; ) # 1fvp25p14cggiyy5nro21769syw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fvp25p14cggiyy5nro21769syw|03|org"; nocase; ) # 10wfaz0926ugpzidxxldb0ty8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10wfaz0926ugpzidxxldb0ty8|03|org"; nocase; ) # 1mxmtvt6f3cng1dqig7t3x8mje.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mxmtvt6f3cng1dqig7t3x8mje|03|com"; nocase; ) # vvcvg715z9uri1xn08sf118psm4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vvcvg715z9uri1xn08sf118psm4|03|com"; nocase; ) # ruk7cdcytlwv1mlgrxbd7cnmq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ruk7cdcytlwv1mlgrxbd7cnmq|03|net"; nocase; ) # 1g6lymtm9x49m1yute1uko69ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g6lymtm9x49m1yute1uko69ty|03|net"; nocase; ) # z3w7fjfrx2t99ksg23w3mhkm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z3w7fjfrx2t99ksg23w3mhkm|03|biz"; nocase; ) # ibew6v1ff9l31otft4a1xsitqj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ibew6v1ff9l31otft4a1xsitqj|03|org"; nocase; ) # 1j51sni1d5gccsy133l51231qi2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j51sni1d5gccsy133l51231qi2|03|biz"; nocase; ) # 17lkigacm8rzmwu3qn2bchm2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17lkigacm8rzmwu3qn2bchm2y|03|com"; nocase; ) # kper7cv2hxq6oerv53bt7zth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kper7cv2hxq6oerv53bt7zth|03|org"; nocase; ) # 1258ch31f2uzcsg0147uguaasi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1258ch31f2uzcsg0147uguaasi|03|com"; nocase; ) # 8vj28gmu77bzbc55dv1b80p0d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8vj28gmu77bzbc55dv1b80p0d|03|org"; nocase; ) # 1eicrq81cl2m6o1dvz9xj15wy0yd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eicrq81cl2m6o1dvz9xj15wy0yd|03|net"; nocase; ) # 13ckm9uhze4bf1lwwev11kjtb8t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ckm9uhze4bf1lwwev11kjtb8t|03|com"; nocase; ) # lbot42a43tqe1y8v8lj18b0w0h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lbot42a43tqe1y8v8lj18b0w0h|03|net"; nocase; ) # ed5tp8121qyt11bhafqowvr69i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ed5tp8121qyt11bhafqowvr69i|03|biz"; nocase; ) # 1vlvmn51xx1d6lf9u6oovg7er8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vlvmn51xx1d6lf9u6oovg7er8|03|biz"; nocase; ) # g1c8j91ck1eofpx5lzejwfc4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g1c8j91ck1eofpx5lzejwfc4u|03|net"; nocase; ) # dn36wg2wwvof14ns6bt1n826tm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dn36wg2wwvof14ns6bt1n826tm|03|net"; nocase; ) # zffycd84wonkjkebpfojv64x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zffycd84wonkjkebpfojv64x|03|biz"; nocase; ) # hezthdqecnepbn8wec163sasz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hezthdqecnepbn8wec163sasz|03|org"; nocase; ) # 3zys7966fdv68lb3s1brr95u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3zys7966fdv68lb3s1brr95u|03|com"; nocase; ) # 18book21hyzlhvt5wyxg1bwb02i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18book21hyzlhvt5wyxg1bwb02i|03|com"; nocase; ) # g2lhgqien7l1tek0rdctc6go.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g2lhgqien7l1tek0rdctc6go|03|net"; nocase; ) # qirg537ndm5mw1v1hj15c9ua6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qirg537ndm5mw1v1hj15c9ua6|03|net"; nocase; ) # 9in86zzlk68mtcxhw3cs1dyp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9in86zzlk68mtcxhw3cs1dyp|03|org"; nocase; ) # 3x5qk81subuzl1wxz0qb1j022vp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3x5qk81subuzl1wxz0qb1j022vp|03|net"; nocase; ) # 2h5m563cs06i1m6w26k18mnqzz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2h5m563cs06i1m6w26k18mnqzz|03|biz"; nocase; ) # 1v0uv6x6cisoi1jx51l9dsvada.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v0uv6x6cisoi1jx51l9dsvada|03|com"; nocase; ) # 1veaxtl1ha3b8d1w6eotn1keh12v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1veaxtl1ha3b8d1w6eotn1keh12v|03|org"; nocase; ) # vu8xrg1di478i1bcibuqm210ys.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vu8xrg1di478i1bcibuqm210ys|03|net"; nocase; ) # g8jnog14mabgxvvvhg9wj5p6w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g8jnog14mabgxvvvhg9wj5p6w|03|net"; nocase; ) # qqw714a9nrbu1bw7ia3hl8efb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qqw714a9nrbu1bw7ia3hl8efb|03|com"; nocase; ) # 1s0c3zdglvw0y1lucqnumzkodv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s0c3zdglvw0y1lucqnumzkodv|03|org"; nocase; ) # t4rleq19zpsbc52ktv2ahd321.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4rleq19zpsbc52ktv2ahd321|03|net"; nocase; ) # 1ki21rj1u0qygh2mdqhcw646ct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ki21rj1u0qygh2mdqhcw646ct|03|net"; nocase; ) # 1rfq0n1nztpamwjd8dcwxsmg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1rfq0n1nztpamwjd8dcwxsmg|03|com"; nocase; ) # 16uyyp5lx0wia14z51oa5orfoj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16uyyp5lx0wia14z51oa5orfoj|03|org"; nocase; ) # 1g3wp8b1mebkop1aijpspm49wdr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g3wp8b1mebkop1aijpspm49wdr|03|com"; nocase; ) # rztk7n13an70p1knjwfh1m64si5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rztk7n13an70p1knjwfh1m64si5|03|org"; nocase; ) # swfgkipk3271ysu6t7ziou2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|swfgkipk3271ysu6t7ziou2|03|biz"; nocase; ) # 6lfysrodtkw79x4v06ounede.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6lfysrodtkw79x4v06ounede|03|com"; nocase; ) # vuc53tfhwme61lyrg2ue9slax.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vuc53tfhwme61lyrg2ue9slax|03|net"; nocase; ) # 1rrrvaaaiw0v91bab2opuxuzvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rrrvaaaiw0v91bab2opuxuzvq|03|net"; nocase; ) # ml1quckiwzrd1nowjbhwefihi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ml1quckiwzrd1nowjbhwefihi|03|org"; nocase; ) # rn6ej63l6vbt66hsc11jm8no8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rn6ej63l6vbt66hsc11jm8no8|03|com"; nocase; ) # 1vsfcsf1q8hb9yshany12uwxt1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vsfcsf1q8hb9yshany12uwxt1|03|org"; nocase; ) # 8mke5w1zpi9tvk5vp31t9ff0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8mke5w1zpi9tvk5vp31t9ff0o|03|net"; nocase; ) # 1xqen0kktjsaj19glp5e1kn2zfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xqen0kktjsaj19glp5e1kn2zfy|03|org"; nocase; ) # 1b3shm61u0yx9lbmbu654rywv5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3shm61u0yx9lbmbu654rywv5|03|com"; nocase; ) # abimw81pdtgjh10qj36p1t2a49e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|abimw81pdtgjh10qj36p1t2a49e|03|net"; nocase; ) # 1g9429uh820bra64vv31vw9kzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g9429uh820bra64vv31vw9kzw|03|net"; nocase; ) # gegqu11q0uhl7t9d2arvxaki8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gegqu11q0uhl7t9d2arvxaki8|03|org"; nocase; ) # 4q7qzgqwuu521a6eik6frn0jp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4q7qzgqwuu521a6eik6frn0jp|03|net"; nocase; ) # 5wpmxm1r8vd6aj7j27j1u8kqrq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5wpmxm1r8vd6aj7j27j1u8kqrq|03|biz"; nocase; ) # 1iekqlw1hkusdlxrax45j1raou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iekqlw1hkusdlxrax45j1raou|03|org"; nocase; ) # 17pzrud17v0g5tgxqal01xr1gdv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17pzrud17v0g5tgxqal01xr1gdv|03|net"; nocase; ) # 1p6dv9l1yhc85112tk2t3jr7jll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p6dv9l1yhc85112tk2t3jr7jll|03|org"; nocase; ) # g3n8pu1trq20g1j0ikd216wgy1q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g3n8pu1trq20g1j0ikd216wgy1q|03|org"; nocase; ) # 1h11jsj1twvib21wgr3k91e7o2zq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h11jsj1twvib21wgr3k91e7o2zq|03|biz"; nocase; ) # 1m3d76k1gsxrmfryne75dhdjzq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m3d76k1gsxrmfryne75dhdjzq|03|biz"; nocase; ) # sgycns187abrz1d2ykqd1a744u2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sgycns187abrz1d2ykqd1a744u2|03|org"; nocase; ) # 1ppr52mmztsk35jkwle3kyxil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ppr52mmztsk35jkwle3kyxil|03|biz"; nocase; ) # 14htuonp3laevdgoesh1ugcw0q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14htuonp3laevdgoesh1ugcw0q|03|com"; nocase; ) # 1brxt8m16c7jjik3ao0a1lyoe0p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1brxt8m16c7jjik3ao0a1lyoe0p|03|org"; nocase; ) # cka44a19uhxgf52dwnpu9b77z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cka44a19uhxgf52dwnpu9b77z|03|com"; nocase; ) # l0ojtc668f4bb1adftjnap1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l0ojtc668f4bb1adftjnap1z|03|net"; nocase; ) # geragmqxkb5s1pzdz0efw267.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|geragmqxkb5s1pzdz0efw267|03|com"; nocase; ) # qzjc6bcq6mvl1862t5p176bu7w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qzjc6bcq6mvl1862t5p176bu7w|03|net"; nocase; ) # yufpzf1lsmg22cbcf1djjo0b5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yufpzf1lsmg22cbcf1djjo0b5|03|net"; nocase; ) # o49asn15u54ei1socgxv1n60u8m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o49asn15u54ei1socgxv1n60u8m|03|org"; nocase; ) # 1so1n441ewouxi1phtvrqhbi0ac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1so1n441ewouxi1phtvrqhbi0ac|03|com"; nocase; ) # 3ddjpp1eh54i07iqr8415w0wtd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ddjpp1eh54i07iqr8415w0wtd|03|org"; nocase; ) # 1lj7f1f1jya19972xvmvp10x6r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lj7f1f1jya19972xvmvp10x6r|03|biz"; nocase; ) # qo4mzl1fyblt111r755mx7jydy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qo4mzl1fyblt111r755mx7jydy|03|net"; nocase; ) # 1kjzztu7pt2b312d5oc5mnj92r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kjzztu7pt2b312d5oc5mnj92r|03|com"; nocase; ) # 1mbwg551wgkz621e96gza1hoov68.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mbwg551wgkz621e96gza1hoov68|03|net"; nocase; ) # fvo6yw1pyiwxvo21lrxs7kflw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fvo6yw1pyiwxvo21lrxs7kflw|03|org"; nocase; ) # rsep8x1ao549311xysxxpp14fn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rsep8x1ao549311xysxxpp14fn|03|org"; nocase; ) # 1a6kb6uk163b31kt9jxtcmjsby.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6kb6uk163b31kt9jxtcmjsby|03|net"; nocase; ) # no2rlc64ydis2i2h8h1hw201y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|no2rlc64ydis2i2h8h1hw201y|03|biz"; nocase; ) # f6nwpfxgd02a1tn4xi0vja92t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f6nwpfxgd02a1tn4xi0vja92t|03|biz"; nocase; ) # 9y8bdk1dv9ak04nvntk1suivo8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9y8bdk1dv9ak04nvntk1suivo8|03|com"; nocase; ) # 3tjie61eite9x2k10t1yradun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3tjie61eite9x2k10t1yradun|03|net"; nocase; ) # u4sf4msje5gfkw2tjn1cy5xf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u4sf4msje5gfkw2tjn1cy5xf4|03|com"; nocase; ) # zcbniedahp9r1yauw1bk57po.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zcbniedahp9r1yauw1bk57po|03|net"; nocase; ) # tf41e16tqayuihgb8brdwvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tf41e16tqayuihgb8brdwvc|03|org"; nocase; ) # uscpai1n601qmsjcse211z8srm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uscpai1n601qmsjcse211z8srm|03|net"; nocase; ) # 192gi89ik67a51qelngw1cy0aom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|192gi89ik67a51qelngw1cy0aom|03|com"; nocase; ) # 1nvuv2h1y32lk9u2by6715la9lr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nvuv2h1y32lk9u2by6715la9lr|03|net"; nocase; ) # 1aq32fp13toxs3d475891j4xe8b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aq32fp13toxs3d475891j4xe8b|03|biz"; nocase; ) # kk4pjf1tmff45730ojq1skbz4b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kk4pjf1tmff45730ojq1skbz4b|03|net"; nocase; ) # 11q4edc1s7jc1qjlw5o313u4q07.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11q4edc1s7jc1qjlw5o313u4q07|03|net"; nocase; ) # 1jqqpeu19nwzxs1ll2s661fkp5by.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jqqpeu19nwzxs1ll2s661fkp5by|03|com"; nocase; ) # 1a71pflpzt5tle8k8h7v7loqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a71pflpzt5tle8k8h7v7loqw|03|net"; nocase; ) # irmfx41gtfhjdddbri3yl2w22.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|irmfx41gtfhjdddbri3yl2w22|03|org"; nocase; ) # iq3p2m3pnyrm17l40ttvd4qg9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iq3p2m3pnyrm17l40ttvd4qg9|03|net"; nocase; ) # 16f8cgw19rm0q3kqhq7f1se5pv3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16f8cgw19rm0q3kqhq7f1se5pv3|03|net"; nocase; ) # 152fsaat4es2912pj5dh1xbfs0f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|152fsaat4es2912pj5dh1xbfs0f|03|biz"; nocase; ) # 1bhbvq21dh7egpsa86j7v7z8in.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bhbvq21dh7egpsa86j7v7z8in|03|org"; nocase; ) # 1yvxyto1svbof51eknyd519dtxp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yvxyto1svbof51eknyd519dtxp6|03|net"; nocase; ) # 1w9nfbk20g97710mznl41tdfisf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w9nfbk20g97710mznl41tdfisf|03|biz"; nocase; ) # ujxudx1ce2ipz1etl3481m40owk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ujxudx1ce2ipz1etl3481m40owk|03|com"; nocase; ) # 1im9icgrp5p581pro9601lacd86.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1im9icgrp5p581pro9601lacd86|03|biz"; nocase; ) # 1kx1fyfmix29je1ub6tm6ij6r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kx1fyfmix29je1ub6tm6ij6r|03|com"; nocase; ) # 1d4mdbi6cjxsi51k3jwwndunk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d4mdbi6cjxsi51k3jwwndunk|03|net"; nocase; ) # 1xm6n7a7umyvts4e92fv3dqvn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xm6n7a7umyvts4e92fv3dqvn|03|com"; nocase; ) # 14sfxkvioix2gm3epqy1qjdp7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14sfxkvioix2gm3epqy1qjdp7|03|org"; nocase; ) # 1wjqcrip73cu91hg232v17wbnap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wjqcrip73cu91hg232v17wbnap|03|com"; nocase; ) # 1v888ym1oho0e1perjgv7fd7nr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v888ym1oho0e1perjgv7fd7nr|03|com"; nocase; ) # 14dkcjb1anvzy21jmu5g318f9cu8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14dkcjb1anvzy21jmu5g318f9cu8|03|biz"; nocase; ) # ysfqjyxkncjum9cwfjw5nyee.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ysfqjyxkncjum9cwfjw5nyee|03|org"; nocase; ) # 1tpwwe9892wq91dh657j1cbe145.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tpwwe9892wq91dh657j1cbe145|03|com"; nocase; ) # v748y6nezz319rbp2d10jpucr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v748y6nezz319rbp2d10jpucr|03|org"; nocase; ) # 1i2qtwstv0w5j1dsomty15epp72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i2qtwstv0w5j1dsomty15epp72|03|net"; nocase; ) # oeje423nk8m2ksrg121uepthp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oeje423nk8m2ksrg121uepthp|03|net"; nocase; ) # 1ax9s314ts63k1i3agai18eiryp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ax9s314ts63k1i3agai18eiryp|03|net"; nocase; ) # 1bsv9511xn3urzpycty5ye498n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bsv9511xn3urzpycty5ye498n|03|com"; nocase; ) # 15faf7j14w0gnxbso1e3185yhpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15faf7j14w0gnxbso1e3185yhpv|03|biz"; nocase; ) # b87vip14t8ymnm8ch801pmcc0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b87vip14t8ymnm8ch801pmcc0e|03|org"; nocase; ) # udqjunzowk1eyy8vth1lyzpv6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|udqjunzowk1eyy8vth1lyzpv6|03|org"; nocase; ) # 7dru3w1cau91r1lwa4nq1odt5p2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7dru3w1cau91r1lwa4nq1odt5p2|03|com"; nocase; ) # 1g7vv0c1yhawj51w5uq8d10ngc4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g7vv0c1yhawj51w5uq8d10ngc4p|03|org"; nocase; ) # 1qq9ho61ja7h7z79s0nq17qvacd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qq9ho61ja7h7z79s0nq17qvacd|03|com"; nocase; ) # 1y8fd4l19rpq8v1y39z0lqou63o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y8fd4l19rpq8v1y39z0lqou63o|03|net"; nocase; ) # 1f63gul55n8nigeafxn1gk34dl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f63gul55n8nigeafxn1gk34dl|03|net"; nocase; ) # 12va2481k9yd031dqk77r1xgvv44.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12va2481k9yd031dqk77r1xgvv44|03|org"; nocase; ) # 3nr22x10qr69r8fd8vrco2bkg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3nr22x10qr69r8fd8vrco2bkg|03|net"; nocase; ) # 1kmjddiq8tllyxo29jg1s82wf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kmjddiq8tllyxo29jg1s82wf5|03|net"; nocase; ) # 5jqcyspa70elkth74nljz1f1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5jqcyspa70elkth74nljz1f1|03|com"; nocase; ) # ko50cbbka6t11h0zut01xw9vpg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ko50cbbka6t11h0zut01xw9vpg|03|net"; nocase; ) # divgmt1luuxq9ahxjhp14wdh4n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|divgmt1luuxq9ahxjhp14wdh4n|03|com"; nocase; ) # anpjhl12n6t11c8lrefgntq6d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|anpjhl12n6t11c8lrefgntq6d|03|com"; nocase; ) # 1466gbf1rpvl291vrj7mh1cjgvqu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1466gbf1rpvl291vrj7mh1cjgvqu|03|net"; nocase; ) # chgmya1qy19sd1rebhf2anwi5h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chgmya1qy19sd1rebhf2anwi5h|03|org"; nocase; ) # 17po2d310i1b3t1b0jzre1idvxma.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17po2d310i1b3t1b0jzre1idvxma|03|biz"; nocase; ) # 8eoxjz354mtn1imu4ce4qcmjp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8eoxjz354mtn1imu4ce4qcmjp|03|com"; nocase; ) # 1mt698zto8kguum9hwk1gm7324.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mt698zto8kguum9hwk1gm7324|03|biz"; nocase; ) # 1uxrnzyk0q6i7udl3bef2ah2v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uxrnzyk0q6i7udl3bef2ah2v|03|com"; nocase; ) # 1i0zoah6kdmchj35798129dh5a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i0zoah6kdmchj35798129dh5a|03|net"; nocase; ) # auig1v17sg57trbxed11liwlf3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|auig1v17sg57trbxed11liwlf3|03|com"; nocase; ) # tkiguyn7m6shd74cv91eoadm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tkiguyn7m6shd74cv91eoadm|03|net"; nocase; ) # 5t4d7c1dubh2u19geb2g1vygg64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5t4d7c1dubh2u19geb2g1vygg64|03|com"; nocase; ) # rvtg9w1uddz2p19ik31q19f09nv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rvtg9w1uddz2p19ik31q19f09nv|03|net"; nocase; ) # 7tkgia161pm831f6hmsv1w1eapp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7tkgia161pm831f6hmsv1w1eapp|03|biz"; nocase; ) # gnsh6715qnwrc9zj9491qphl3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gnsh6715qnwrc9zj9491qphl3|03|org"; nocase; ) # nrr1ip1ikktnnclz10r1nsbsgj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nrr1ip1ikktnnclz10r1nsbsgj|03|net"; nocase; ) # 1vb530i1lyetf61xf5fxv12kwjvf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vb530i1lyetf61xf5fxv12kwjvf|03|org"; nocase; ) # wu0i7y7k1l0g17v2uatmt4krf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wu0i7y7k1l0g17v2uatmt4krf|03|biz"; nocase; ) # wwxeiklhfriwq79ypr16cn5hj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wwxeiklhfriwq79ypr16cn5hj|03|org"; nocase; ) # s4tsgy1vzsxw7y5e1qh2mjtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s4tsgy1vzsxw7y5e1qh2mjtz|03|net"; nocase; ) # szy6m6netnnhfaq3du1nq047q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|szy6m6netnnhfaq3du1nq047q|03|com"; nocase; ) # kl18fb1plac9y88zgz0ptyaye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kl18fb1plac9y88zgz0ptyaye|03|net"; nocase; ) # puep1h1cyelk21rr76vo1t5z609.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|puep1h1cyelk21rr76vo1t5z609|03|net"; nocase; ) # 125k2rz1qhjpkm1w9yvps19ibcjq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|125k2rz1qhjpkm1w9yvps19ibcjq|03|org"; nocase; ) # 1s2xnt612qg6bt1p6bjsu10mi5xo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s2xnt612qg6bt1p6bjsu10mi5xo|03|net"; nocase; ) # 1wlyftr5dbt9ri3i4e210h89r9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wlyftr5dbt9ri3i4e210h89r9|03|com"; nocase; ) # 1m8fo2u15q3sham7x0t12lhahe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m8fo2u15q3sham7x0t12lhahe|03|com"; nocase; ) # m0gvmougsuprncwa7dv92osc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m0gvmougsuprncwa7dv92osc|03|biz"; nocase; ) # 1gknci24cfdvr1dsq63c1aa60xp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gknci24cfdvr1dsq63c1aa60xp|03|net"; nocase; ) # ois6rc1trb3ijuj6hurghuubx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ois6rc1trb3ijuj6hurghuubx|03|net"; nocase; ) # 1glbe8k1i7r516kzf33n1hld0u6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1glbe8k1i7r516kzf33n1hld0u6|03|org"; nocase; ) # 9z2l2a1rpfs0i1flfu3ynrgbxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9z2l2a1rpfs0i1flfu3ynrgbxs|03|biz"; nocase; ) # 1vbjku111hh38k19x0hhu1clfwy6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vbjku111hh38k19x0hhu1clfwy6|03|com"; nocase; ) # 1kuzu2jgfjp1znt2s7fwdf5jb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kuzu2jgfjp1znt2s7fwdf5jb|03|net"; nocase; ) # 1nptvck11lrt4z1e7fxnfj3xhgz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nptvck11lrt4z1e7fxnfj3xhgz|03|biz"; nocase; ) # chp79fqdm4ky1oemo83150wxau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|chp79fqdm4ky1oemo83150wxau|03|net"; nocase; ) # doc3b9fmgztpy3s1nvu5da9d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|doc3b9fmgztpy3s1nvu5da9d|03|com"; nocase; ) # 1mqycjjgnuav6q6j0v7114wgmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqycjjgnuav6q6j0v7114wgmz|03|com"; nocase; ) # 11ftqgj8kswtvrj3uak1is997g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11ftqgj8kswtvrj3uak1is997g|03|net"; nocase; ) # 27tl8w1ip541zzmw9vcca3bu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|27tl8w1ip541zzmw9vcca3bu|03|org"; nocase; ) # 1yb7fvi18fqqzvx87ubt19omfcq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yb7fvi18fqqzvx87ubt19omfcq|03|net"; nocase; ) # 3lmq421mwe1ok1bx19p6nfja7b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3lmq421mwe1ok1bx19p6nfja7b|03|biz"; nocase; ) # 16az1g1ggl46d1k8ra421rrnk88.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16az1g1ggl46d1k8ra421rrnk88|03|org"; nocase; ) # qmqv9411huitwi0alx535yj0m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qmqv9411huitwi0alx535yj0m|03|com"; nocase; ) # 1ragdov1ryi8lx18wshq71kwwfqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ragdov1ryi8lx18wshq71kwwfqb|03|net"; nocase; ) # 1ghverc1bge7zet7j5q98ti8fn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ghverc1bge7zet7j5q98ti8fn|03|org"; nocase; ) # 16th05x5aty4fhquu841ppvcki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16th05x5aty4fhquu841ppvcki|03|net"; nocase; ) # gj90b91j72ixf1itomn51qw5ym0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gj90b91j72ixf1itomn51qw5ym0|03|org"; nocase; ) # ovhzxts0nlthct4lpt1isacy2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovhzxts0nlthct4lpt1isacy2|03|com"; nocase; ) # 7v7ydo1y1o2hh1oh93lii4u20u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7v7ydo1y1o2hh1oh93lii4u20u|03|org"; nocase; ) # gxeh15ybtqstb8xeg1skoy8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gxeh15ybtqstb8xeg1skoy8h|03|org"; nocase; ) # 3rsgqgpv57eb1d8gvpx18wz1mn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3rsgqgpv57eb1d8gvpx18wz1mn|03|com"; nocase; ) # 1oe3rbz1ctjc5l13rp9wzcta98i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oe3rbz1ctjc5l13rp9wzcta98i|03|net"; nocase; ) # 1dwrvoz1ix8097lxudw4pfwa6f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwrvoz1ix8097lxudw4pfwa6f|03|com"; nocase; ) # q5hfw8l0ddv315hm7gtqfh5w7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q5hfw8l0ddv315hm7gtqfh5w7|03|org"; nocase; ) # 9fu17un4gqag1ojgzsc176jqen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9fu17un4gqag1ojgzsc176jqen|03|com"; nocase; ) # ey9bevsmue01q0ni4214tdyhv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ey9bevsmue01q0ni4214tdyhv|03|net"; nocase; ) # pout54tvvnff40pa91lwlzqg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|pout54tvvnff40pa91lwlzqg|03|com"; nocase; ) # 1aqvslc1en9m1womg7ihodwxkp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1aqvslc1en9m1womg7ihodwxkp|03|biz"; nocase; ) # 2sqwz5enifnz1rq32i310h4vzs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2sqwz5enifnz1rq32i310h4vzs|03|org"; nocase; ) # 4zk68q10wvhi9wnjp561xmdlsp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4zk68q10wvhi9wnjp561xmdlsp|03|org"; nocase; ) # 244lov1ww9hwnsmz4pg1byryuk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|244lov1ww9hwnsmz4pg1byryuk|03|com"; nocase; ) # 1sxmcpl1n339lo1i5uroa2mxxb9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sxmcpl1n339lo1i5uroa2mxxb9|03|org"; nocase; ) # bnq54310oiazm1jd2mycfhx5n3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bnq54310oiazm1jd2mycfhx5n3|03|org"; nocase; ) # 107yyhg1c6a3qc1ocaukrq5xv95.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|107yyhg1c6a3qc1ocaukrq5xv95|03|net"; nocase; ) # a4zureo3o8djprk5laywpt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|a4zureo3o8djprk5laywpt1|03|com"; nocase; ) # 1sjjasqis1hkt1r20u8h1uq47m4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sjjasqis1hkt1r20u8h1uq47m4|03|org"; nocase; ) # ztq62g1io6vrxt4s56kjx1eq9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ztq62g1io6vrxt4s56kjx1eq9|03|net"; nocase; ) # f56xkx1kvxbi61gh5ew11pn3pof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f56xkx1kvxbi61gh5ew11pn3pof|03|com"; nocase; ) # mir0xp1kpjgld1ivawqgs88l5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mir0xp1kpjgld1ivawqgs88l5|03|org"; nocase; ) # 112w403fkz9p8fcag4f4kvdwj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|112w403fkz9p8fcag4f4kvdwj|03|net"; nocase; ) # 1ov3luswx5ev81dxdl314nmi0s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ov3luswx5ev81dxdl314nmi0s|03|net"; nocase; ) # xh6zx41a1cr8vv3lzeqbw24gg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xh6zx41a1cr8vv3lzeqbw24gg|03|biz"; nocase; ) # 1frvd05z3hiwdbuqdqdnbg6p4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1frvd05z3hiwdbuqdqdnbg6p4|03|com"; nocase; ) # tedx5wazbd7k1kkk9op1e1qmas.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tedx5wazbd7k1kkk9op1e1qmas|03|net"; nocase; ) # 1luwra71dbt81i1fl60eippk0s1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1luwra71dbt81i1fl60eippk0s1|03|net"; nocase; ) # sjwrfu1rrlhrqu4zvzn8vl9fl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sjwrfu1rrlhrqu4zvzn8vl9fl|03|net"; nocase; ) # 1b2zyqu64m4pe15bne691ws5mz7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b2zyqu64m4pe15bne691ws5mz7|03|com"; nocase; ) # 1ouutupqgjk9y1w7sn931fb400e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ouutupqgjk9y1w7sn931fb400e|03|biz"; nocase; ) # 1ljso6a1xbbdre1j3jtejo0jvfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ljso6a1xbbdre1j3jtejo0jvfn|03|net"; nocase; ) # 14on1171bt40pf8cdisx9m8ywh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14on1171bt40pf8cdisx9m8ywh|03|org"; nocase; ) # mjomjx9dsiws10i641c7n6cbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|mjomjx9dsiws10i641c7n6cbo|03|org"; nocase; ) # 18l4g62iqxsm823xt8s9xq7i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18l4g62iqxsm823xt8s9xq7i|03|net"; nocase; ) # 1wa0nzoyd0r3qznyrzrnnwgli.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wa0nzoyd0r3qznyrzrnnwgli|03|org"; nocase; ) # 1wq9cn31isxr08p4lnhvowozcl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wq9cn31isxr08p4lnhvowozcl|03|com"; nocase; ) # k5xm2l1hvkins2aisy312r37a6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k5xm2l1hvkins2aisy312r37a6|03|org"; nocase; ) # 8ey7x39yqxczmcmisejy7ci3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8ey7x39yqxczmcmisejy7ci3|03|biz"; nocase; ) # 1qzd68d1t5qqhk1nhybagtagk0f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qzd68d1t5qqhk1nhybagtagk0f|03|com"; nocase; ) # x99qsv1ijmszly512qhmcwk9i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x99qsv1ijmszly512qhmcwk9i|03|net"; nocase; ) # x7gdqn18bwo20eqr11tt97tby.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7gdqn18bwo20eqr11tt97tby|03|biz"; nocase; ) # 1s50ype15gtmef94ax4wacvpqz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s50ype15gtmef94ax4wacvpqz|03|org"; nocase; ) # lyjowq1ll74ds1eg3qov1t275yd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lyjowq1ll74ds1eg3qov1t275yd|03|org"; nocase; ) # orl44p1w71q7klo3ie51765k9w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|orl44p1w71q7klo3ie51765k9w|03|biz"; nocase; ) # 1swo3wl7jdga61vya52b1qj1ky0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1swo3wl7jdga61vya52b1qj1ky0|03|org"; nocase; ) # pbsly9sd1boj1ebru9i9ase6l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pbsly9sd1boj1ebru9i9ase6l|03|org"; nocase; ) # 183wice11r7alhri5c3ajng57i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|183wice11r7alhri5c3ajng57i|03|org"; nocase; ) # 1blz05z16cm3dtjlgrcf1j55ypp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1blz05z16cm3dtjlgrcf1j55ypp|03|org"; nocase; ) # 1wps89jblmwwekzs9ct1vfxu36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wps89jblmwwekzs9ct1vfxu36|03|net"; nocase; ) # 1gg9m77fwiior1kwhory1m1i948.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gg9m77fwiior1kwhory1m1i948|03|org"; nocase; ) # aws2xt2ntshv1yl8yiwqthrpu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aws2xt2ntshv1yl8yiwqthrpu|03|net"; nocase; ) # kuxcpx1d3pvwn1qeug0jc8dbf1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kuxcpx1d3pvwn1qeug0jc8dbf1|03|net"; nocase; ) # hyzrt8mwws6ju5g6k51l04z85.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hyzrt8mwws6ju5g6k51l04z85|03|com"; nocase; ) # 1obidxn191bs9z1egks8422pu96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1obidxn191bs9z1egks8422pu96|03|org"; nocase; ) # 17uhqve1p70iq5qhghfr1ny2mwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17uhqve1p70iq5qhghfr1ny2mwi|03|com"; nocase; ) # 16q37re1j00s8y1sxit641755rs4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16q37re1j00s8y1sxit641755rs4|03|org"; nocase; ) # 1hq7wv76ersx91cblneg9jqotb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hq7wv76ersx91cblneg9jqotb|03|org"; nocase; ) # 1rw0knb1ytf2g214mkzr6uaenwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rw0knb1ytf2g214mkzr6uaenwl|03|net"; nocase; ) # 17dfhsv1yc729312k8aoexj65kf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17dfhsv1yc729312k8aoexj65kf|03|org"; nocase; ) # 1x1oihsy116111qx2lpnoyiu28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x1oihsy116111qx2lpnoyiu28|03|net"; nocase; ) # 1ymnxno1oli78813oyrrjky4ghh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ymnxno1oli78813oyrrjky4ghh|03|com"; nocase; ) # 1dwmg3p1messkw4zr84fex2sx3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dwmg3p1messkw4zr84fex2sx3|03|biz"; nocase; ) # 15mbs7p1arw65t1qzvdw41n0htis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15mbs7p1arw65t1qzvdw41n0htis|03|com"; nocase; ) # 1u3zh6k4aaavy1tcpuky137r9w3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3zh6k4aaavy1tcpuky137r9w3|03|com"; nocase; ) # 19xe80g1cv8arx1dm63bn1byzb0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19xe80g1cv8arx1dm63bn1byzb0o|03|net"; nocase; ) # 1wx25ahb9zuftyfiwxsuneaf1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wx25ahb9zuftyfiwxsuneaf1|03|com"; nocase; ) # 1svaam6hjvp6811y9bl2wdl96e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1svaam6hjvp6811y9bl2wdl96e|03|org"; nocase; ) # 2jgg9pyoof5fpo4mh8ff2lh9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2jgg9pyoof5fpo4mh8ff2lh9|03|net"; nocase; ) # 14hm112rsop3thhquwitr83mk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14hm112rsop3thhquwitr83mk|03|net"; nocase; ) # 1syqap318qmt8b1vfu6gp69o59.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1syqap318qmt8b1vfu6gp69o59|03|com"; nocase; ) # 1ebmh3gifu9gaskfqty38ahs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ebmh3gifu9gaskfqty38ahs|03|org"; nocase; ) # 189o3mu1merom91bf213x5v8tbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|189o3mu1merom91bf213x5v8tbx|03|org"; nocase; ) # 1syais1ohv5iyh7k7qk15gxva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1syais1ohv5iyh7k7qk15gxva|03|net"; nocase; ) # htpeyq1t8wg9x16jipycqil3ex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|htpeyq1t8wg9x16jipycqil3ex|03|net"; nocase; ) # 317fjv1rzd84r1b5af2c12dytck.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|317fjv1rzd84r1b5af2c12dytck|03|org"; nocase; ) # 1lj5lw51llq0pcrtejze1bmyhih.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lj5lw51llq0pcrtejze1bmyhih|03|org"; nocase; ) # sfsaogw4c9b2vf21yxeloz19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sfsaogw4c9b2vf21yxeloz19|03|net"; nocase; ) # yr36la1b9xod2iv7ve51du0znh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yr36la1b9xod2iv7ve51du0znh|03|net"; nocase; ) # wdcpeaxndgfi1i5066rewscjk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wdcpeaxndgfi1i5066rewscjk|03|org"; nocase; ) # 1acado511fh3wspe3473e5olh9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1acado511fh3wspe3473e5olh9|03|com"; nocase; ) # gpx79q1bz73rq1v9hgbl1na6bau.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gpx79q1bz73rq1v9hgbl1na6bau|03|org"; nocase; ) # miqurbw3jrxeys3avj1gu3lkh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|miqurbw3jrxeys3avj1gu3lkh|03|com"; nocase; ) # vf4cab1bcbz7n1fr9v4i19pblkr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vf4cab1bcbz7n1fr9v4i19pblkr|03|net"; nocase; ) # 18abtf9eszu8nqhapi11nhiqm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18abtf9eszu8nqhapi11nhiqm5|03|net"; nocase; ) # gebdwtkgogqh4sjimf7q9nie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gebdwtkgogqh4sjimf7q9nie|03|net"; nocase; ) # erbclyqf7jdclhlw5z19ji27u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|erbclyqf7jdclhlw5z19ji27u|03|org"; nocase; ) # 1ncd1pb16sc6v1j318mepcs1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ncd1pb16sc6v1j318mepcs1f|03|biz"; nocase; ) # 11gc7otj7fvhj9is69q15184zl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11gc7otj7fvhj9is69q15184zl|03|com"; nocase; ) # 1urs2c97tglsgyun25g5n0t3p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1urs2c97tglsgyun25g5n0t3p|03|biz"; nocase; ) # 17p7snx12ve20umlowdt14w86gn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17p7snx12ve20umlowdt14w86gn|03|org"; nocase; ) # x47qq4133i39thvfztldwb4f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x47qq4133i39thvfztldwb4f2|03|net"; nocase; ) # 1xav0tj53ya8aije6c01q5glvn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xav0tj53ya8aije6c01q5glvn|03|biz"; nocase; ) # 1j4sano1rvu3gy9ix27u12fmgym.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j4sano1rvu3gy9ix27u12fmgym|03|com"; nocase; ) # 1ymygx31ipgxw4170af13mgbv4b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ymygx31ipgxw4170af13mgbv4b|03|org"; nocase; ) # 1dap0ae4w1l01fl05xcmtokwr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dap0ae4w1l01fl05xcmtokwr|03|net"; nocase; ) # oxe7c1ycm9k3jghml61gxed6z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oxe7c1ycm9k3jghml61gxed6z|03|biz"; nocase; ) # akbraoarv4j41wxg6tj1k26fc4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|akbraoarv4j41wxg6tj1k26fc4|03|com"; nocase; ) # b4cbymy1d4m09aty3vi1uxf9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b4cbymy1d4m09aty3vi1uxf9|03|org"; nocase; ) # 19b7fyj1qoq67jitxge39rrygt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19b7fyj1qoq67jitxge39rrygt|03|net"; nocase; ) # 1jh797zpfbrkf97okhzate0kl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jh797zpfbrkf97okhzate0kl|03|org"; nocase; ) # 1iu3dm216i848g1ge2sce1r97ttk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1iu3dm216i848g1ge2sce1r97ttk|03|net"; nocase; ) # 1mg6bl1g1olsx7seuwsyusd9z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mg6bl1g1olsx7seuwsyusd9z|03|net"; nocase; ) # 1oksmab1rgnydd174zs9d1iemmjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oksmab1rgnydd174zs9d1iemmjy|03|com"; nocase; ) # 1xfyypc18i06qeux0gk21910d1t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xfyypc18i06qeux0gk21910d1t|03|com"; nocase; ) # hm5qoi53krarr3h2whegcmz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|hm5qoi53krarr3h2whegcmz|03|biz"; nocase; ) # 1t6ro0ju39v3i1e8egsuzcdla3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t6ro0ju39v3i1e8egsuzcdla3|03|net"; nocase; ) # 1xni8cq7ez2591hbutu29fkzty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xni8cq7ez2591hbutu29fkzty|03|net"; nocase; ) # 3y88r1y3wxkl1ukvrol125kmya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3y88r1y3wxkl1ukvrol125kmya|03|net"; nocase; ) # q1cu631gprch0ka3jo3tfsjr0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q1cu631gprch0ka3jo3tfsjr0|03|net"; nocase; ) # 1txgqba1trcn1g174tga81szhy7m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1txgqba1trcn1g174tga81szhy7m|03|org"; nocase; ) # 3xz9c21yzn1p5svkd5fjs1tem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3xz9c21yzn1p5svkd5fjs1tem|03|net"; nocase; ) # 1ckg5a214g762pp8h6fh1e2oi75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ckg5a214g762pp8h6fh1e2oi75|03|net"; nocase; ) # 1rqxeiwf75tce19bmt3s1lqc2ly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rqxeiwf75tce19bmt3s1lqc2ly|03|org"; nocase; ) # 1dqw4iw1t0e98ujsppqd1kw8h9d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqw4iw1t0e98ujsppqd1kw8h9d|03|com"; nocase; ) # 1ok8kh1143s7ai1cxv1an1we2040.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ok8kh1143s7ai1cxv1an1we2040|03|com"; nocase; ) # 1ku9r9zgj5rt31ntds01s9yzfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ku9r9zgj5rt31ntds01s9yzfh|03|net"; nocase; ) # 935dqpxecw6ehesk661hu9x83.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|935dqpxecw6ehesk661hu9x83|03|org"; nocase; ) # 1ojo8j1ebxfq41f2dpj7w3s3ao.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ojo8j1ebxfq41f2dpj7w3s3ao|03|net"; nocase; ) # 1e8kxp10r71f98fepo1672okk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e8kxp10r71f98fepo1672okk|03|org"; nocase; ) # 1ky7mb97yphmj1ozcbb71c5a981.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ky7mb97yphmj1ozcbb71c5a981|03|net"; nocase; ) # a34jae1twvyxx18tdkhq1sm39z1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a34jae1twvyxx18tdkhq1sm39z1|03|org"; nocase; ) # 1st00mb101d2tl15oxbfq3lk1dm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1st00mb101d2tl15oxbfq3lk1dm|03|com"; nocase; ) # npvk6totqvrq8v5dry18fzua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|npvk6totqvrq8v5dry18fzua|03|org"; nocase; ) # 16bicrw1g64oeq1opkv0mm9fvxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16bicrw1g64oeq1opkv0mm9fvxw|03|com"; nocase; ) # h3eudo5entq21d8nhum8krt3j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3eudo5entq21d8nhum8krt3j|03|org"; nocase; ) # k5jpq8jw7pw1xi58wfuw0ibg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k5jpq8jw7pw1xi58wfuw0ibg|03|com"; nocase; ) # x9z2fs11vqnrk158onkt13pu3ew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x9z2fs11vqnrk158onkt13pu3ew|03|com"; nocase; ) # mn9zt2i5wur71pbjhu51oji317.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mn9zt2i5wur71pbjhu51oji317|03|com"; nocase; ) # xefofprsz9fv1qhsegl19kv9hm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xefofprsz9fv1qhsegl19kv9hm|03|org"; nocase; ) # 14b46t919vm3r5k0ypd8l6hc3c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14b46t919vm3r5k0ypd8l6hc3c|03|org"; nocase; ) # d1id2nfrhg661c7zwpm1qgt0uj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d1id2nfrhg661c7zwpm1qgt0uj|03|com"; nocase; ) # 138fmh4cilj9d9abra6134mpch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|138fmh4cilj9d9abra6134mpch|03|net"; nocase; ) # 1wyamy1ucdkjze36vptq7vmhg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wyamy1ucdkjze36vptq7vmhg|03|net"; nocase; ) # 156wke71prdy6etx6du7ok07rb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156wke71prdy6etx6du7ok07rb|03|net"; nocase; ) # 1a6vu1z8nbewu1g69mq6gpd9he.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a6vu1z8nbewu1g69mq6gpd9he|03|net"; nocase; ) # p1werek22cdmipce931yijk5m.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p1werek22cdmipce931yijk5m|03|biz"; nocase; ) # 13o8a5qhjktwt848wq0ma3cuu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13o8a5qhjktwt848wq0ma3cuu|03|org"; nocase; ) # epipxw7k9j3h1g817m43x06h3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|epipxw7k9j3h1g817m43x06h3|03|net"; nocase; ) # ybn6j3czpxxk1f05dj513p4ahm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ybn6j3czpxxk1f05dj513p4ahm|03|com"; nocase; ) # malxq47lea8m1nh4los1hq89qd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|malxq47lea8m1nh4los1hq89qd|03|com"; nocase; ) # 1t7foew1mt1xl1kvmjym1pu897w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t7foew1mt1xl1kvmjym1pu897w|03|net"; nocase; ) # jq44fgnradmu1lj3y2m1i8k5hv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jq44fgnradmu1lj3y2m1i8k5hv|03|net"; nocase; ) # 18vfhrbmhpav81nh74528gh6va.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18vfhrbmhpav81nh74528gh6va|03|net"; nocase; ) # 19h7exo242oxhgjj2k388wmg4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19h7exo242oxhgjj2k388wmg4|03|biz"; nocase; ) # 1ftx70tdqy74t1fb9zpk8j6p9o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftx70tdqy74t1fb9zpk8j6p9o|03|org"; nocase; ) # 8oqh4b60rpufqaw65z1be15up.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8oqh4b60rpufqaw65z1be15up|03|biz"; nocase; ) # 1wae48w14tntfjpxc5u8586ybx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wae48w14tntfjpxc5u8586ybx|03|com"; nocase; ) # 1pzcb501d3qiae1abh44o1z0rpqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pzcb501d3qiae1abh44o1z0rpqs|03|net"; nocase; ) # 1lwbp4v1slphc91xk02sm1ixezq4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lwbp4v1slphc91xk02sm1ixezq4|03|com"; nocase; ) # sr57k81jzrde59ibzsh1otqqhv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sr57k81jzrde59ibzsh1otqqhv|03|net"; nocase; ) # s6buer18b0tw4tsmq8jm6wmko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s6buer18b0tw4tsmq8jm6wmko|03|org"; nocase; ) # 116ygxt12pvythdq4fwkbm7i7o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|116ygxt12pvythdq4fwkbm7i7o|03|net"; nocase; ) # u9axpt1m8y8vo965vlc151k6lc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u9axpt1m8y8vo965vlc151k6lc|03|net"; nocase; ) # byv4fv1ny5206c7850rfq97dy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|byv4fv1ny5206c7850rfq97dy|03|org"; nocase; ) # 1222n17xbzgeh1pibj9eeh0fvj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1222n17xbzgeh1pibj9eeh0fvj|03|net"; nocase; ) # 1vrnm01a6ev87yr0n7weytbq1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vrnm01a6ev87yr0n7weytbq1|03|org"; nocase; ) # w0gi1g1s6l4qy4ai72h1wdiok9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w0gi1g1s6l4qy4ai72h1wdiok9|03|biz"; nocase; ) # c53he117si1sx1orucnt1h4ok40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c53he117si1sx1orucnt1h4ok40|03|net"; nocase; ) # 14ih702s4cinse6zbki13nnb2p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ih702s4cinse6zbki13nnb2p|03|com"; nocase; ) # 1hbhxqzt9ab1oom7ice19nr1h0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hbhxqzt9ab1oom7ice19nr1h0|03|com"; nocase; ) # kd2sd8ii3u4kddtoqi1iue7n8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kd2sd8ii3u4kddtoqi1iue7n8|03|com"; nocase; ) # qv64cu1e273e91bwoytx8va4k6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qv64cu1e273e91bwoytx8va4k6|03|biz"; nocase; ) # xgwjfg1x2y0681o0r87rfasz4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xgwjfg1x2y0681o0r87rfasz4p|03|biz"; nocase; ) # 1x87pz1vkheiu1qkh3ry1uk9rkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x87pz1vkheiu1qkh3ry1uk9rkd|03|org"; nocase; ) # swn6twqoqsli1hac2uumgpcit.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|swn6twqoqsli1hac2uumgpcit|03|org"; nocase; ) # 13nhnye1p264rrj84dy21i3chbo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13nhnye1p264rrj84dy21i3chbo|03|biz"; nocase; ) # bjf7hr1hr3ttjsc0dmuq3rew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bjf7hr1hr3ttjsc0dmuq3rew|03|net"; nocase; ) # 18bhqnu17gj4j1n7fvqh1pqna1h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18bhqnu17gj4j1n7fvqh1pqna1h|03|org"; nocase; ) # 1iyocu1wch5bkrqf7p61cksbxl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iyocu1wch5bkrqf7p61cksbxl|03|net"; nocase; ) # ffsruakk81851yjcxrz1on6z7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ffsruakk81851yjcxrz1on6z7h|03|org"; nocase; ) # y1mw3n1c3ulga1rvr9p4icxptg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y1mw3n1c3ulga1rvr9p4icxptg|03|net"; nocase; ) # 11omotq1xtzhr2kdqxlrwnlqnq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11omotq1xtzhr2kdqxlrwnlqnq|03|net"; nocase; ) # 111vjga11fmpz815rgrc8ufizqi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|111vjga11fmpz815rgrc8ufizqi|03|org"; nocase; ) # 8aawhp1fvzarhnfpt55sjgnje.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8aawhp1fvzarhnfpt55sjgnje|03|net"; nocase; ) # 1397bmc13lgang1flznlu3gipd0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1397bmc13lgang1flznlu3gipd0|03|net"; nocase; ) # 1s1uszrfs6sq4lik6q213bvuy8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1s1uszrfs6sq4lik6q213bvuy8|03|net"; nocase; ) # k61narpdtm7t1r15ccz11dvdz5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k61narpdtm7t1r15ccz11dvdz5|03|net"; nocase; ) # lmt2kb1pkzyor1ngaegd9nmt31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lmt2kb1pkzyor1ngaegd9nmt31|03|net"; nocase; ) # sybqlv1cia5gud74mz4mpwf0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sybqlv1cia5gud74mz4mpwf0|03|org"; nocase; ) # 7fe4jhwvhcvg12nuw3wu3ool7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7fe4jhwvhcvg12nuw3wu3ool7|03|com"; nocase; ) # w3d76s1kwggxgbtngs51lqj4aj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|w3d76s1kwggxgbtngs51lqj4aj|03|com"; nocase; ) # 1vt3aey1xtipxt1veb3fu1x9vnyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1vt3aey1xtipxt1veb3fu1x9vnyk|03|net"; nocase; ) # 1eaixvz1o03nduxtcmbw1rb4my4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eaixvz1o03nduxtcmbw1rb4my4|03|net"; nocase; ) # ke5r631cou3kb136aaqt1wkxsja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ke5r631cou3kb136aaqt1wkxsja|03|com"; nocase; ) # we81vz1uzg2ls15yoy2n1b6zoh8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|we81vz1uzg2ls15yoy2n1b6zoh8|03|biz"; nocase; ) # xvwmbd10h1pwmzsgov21sotfdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xvwmbd10h1pwmzsgov21sotfdb|03|com"; nocase; ) # 1ilk012prziqc12zt5we1ghacqb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ilk012prziqc12zt5we1ghacqb|03|net"; nocase; ) # enrgui1ci6l2eqw0re1ho9s58.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|enrgui1ci6l2eqw0re1ho9s58|03|net"; nocase; ) # 12ih2y2k5b4y2u1z9wb1uaanek.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12ih2y2k5b4y2u1z9wb1uaanek|03|biz"; nocase; ) # 1m5rw5515bq5z91dnsgihl8zuwt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m5rw5515bq5z91dnsgihl8zuwt|03|net"; nocase; ) # 1eh8sehpg4spz1gojzoak2c2hz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1eh8sehpg4spz1gojzoak2c2hz|03|net"; nocase; ) # 3a98wf1dtkbjs7iswrs1u2c2n5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3a98wf1dtkbjs7iswrs1u2c2n5|03|biz"; nocase; ) # 1odcr9k2rypbm1ky3rmmspkkcj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1odcr9k2rypbm1ky3rmmspkkcj|03|com"; nocase; ) # j396t31dlhflfvvk70k18x0cuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j396t31dlhflfvvk70k18x0cuu|03|net"; nocase; ) # alhxml55x0sk49fi561el9oet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|alhxml55x0sk49fi561el9oet|03|net"; nocase; ) # 197plv61mrup6l29pvxtza0y1n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|197plv61mrup6l29pvxtza0y1n|03|org"; nocase; ) # 4sxa0o1hnbj521s6o5651f2eodu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4sxa0o1hnbj521s6o5651f2eodu|03|biz"; nocase; ) # rd1sgf1cls903zizx5s1iuztk1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rd1sgf1cls903zizx5s1iuztk1|03|com"; nocase; ) # 1hu8z3tvjz2t6pnv9sx1h0xd95.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hu8z3tvjz2t6pnv9sx1h0xd95|03|com"; nocase; ) # nkalpluatao9zhu53k1mwh1l0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nkalpluatao9zhu53k1mwh1l0|03|com"; nocase; ) # vujfq21j6vgug50opm1gdvpud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vujfq21j6vgug50opm1gdvpud|03|net"; nocase; ) # hz80vk19007n59thuty1lh00f8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hz80vk19007n59thuty1lh00f8|03|org"; nocase; ) # 1o7r4j7109b3kb78s3v01spkdo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7r4j7109b3kb78s3v01spkdo|03|biz"; nocase; ) # 1hlm1i7iy0uqu9tn7ra4s59ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hlm1i7iy0uqu9tn7ra4s59ob|03|net"; nocase; ) # 1xg1pzd1xlrzrppdevb0giilgu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xg1pzd1xlrzrppdevb0giilgu|03|net"; nocase; ) # 1jicbqhipzo8ldb8cz21v15xsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jicbqhipzo8ldb8cz21v15xsw|03|net"; nocase; ) # 19x6hpq1d2m8gx1h8pjd65wuoh0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19x6hpq1d2m8gx1h8pjd65wuoh0|03|biz"; nocase; ) # 3ntk9m1h7qgg2ygmaqob4h4ez.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3ntk9m1h7qgg2ygmaqob4h4ez|03|org"; nocase; ) # t9gimv1einze37ds821qhvif4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t9gimv1einze37ds821qhvif4|03|net"; nocase; ) # d2fou9ur6p441a940zo9djudb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d2fou9ur6p441a940zo9djudb|03|biz"; nocase; ) # 15nfx7n1cp9usmzw9bmq10qg6my.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15nfx7n1cp9usmzw9bmq10qg6my|03|net"; nocase; ) # ggypqh15nfk8j1sfxynx1tuo0vj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ggypqh15nfk8j1sfxynx1tuo0vj|03|biz"; nocase; ) # 1j6ykfk1unwgja1fg2iv31law7rj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j6ykfk1unwgja1fg2iv31law7rj|03|biz"; nocase; ) # 7a4kanmgj4jn20ecv36t8ugz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7a4kanmgj4jn20ecv36t8ugz|03|net"; nocase; ) # 1urjp77y4rs8q13v7tbxeh6u1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1urjp77y4rs8q13v7tbxeh6u1p|03|biz"; nocase; ) # 1yd6rv91ntt08u1axgyfk1uw875k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yd6rv91ntt08u1axgyfk1uw875k|03|com"; nocase; ) # 4syyug1l9bwk71k5sq3s11gtgpy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4syyug1l9bwk71k5sq3s11gtgpy|03|org"; nocase; ) # 4fin2p1ewc39g99xzjcjjiy2u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4fin2p1ewc39g99xzjcjjiy2u|03|biz"; nocase; ) # 1tqp4r61k7y0x81vubep21r5eof9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tqp4r61k7y0x81vubep21r5eof9|03|org"; nocase; ) # 1mx65xxeqjgx7nahh9k1ynp6ys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mx65xxeqjgx7nahh9k1ynp6ys|03|com"; nocase; ) # 1prouf9111m0soj9kf3fdqtcvn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000043999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1prouf9111m0soj9kf3fdqtcvn|03|biz"; nocase; ) # 10duvyzne8ahm1tibxr916t1yrn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10duvyzne8ahm1tibxr916t1yrn|03|org"; nocase; ) # 27k9ec109ezb0bgvhc11sdueb0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|27k9ec109ezb0bgvhc11sdueb0|03|com"; nocase; ) # dzuzo5l8tfti19syt2gcj1uik.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzuzo5l8tfti19syt2gcj1uik|03|biz"; nocase; ) # kfhsh1840cc34hpulpa0anne.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kfhsh1840cc34hpulpa0anne|03|org"; nocase; ) # 1qw4wxj1heet4t1931vkg1atduht.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qw4wxj1heet4t1931vkg1atduht|03|biz"; nocase; ) # bzv3421lb7194nkodez1e3pt3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bzv3421lb7194nkodez1e3pt3v|03|org"; nocase; ) # 7n9ohe18qh177m9kd5s1x1b3sw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7n9ohe18qh177m9kd5s1x1b3sw|03|net"; nocase; ) # cum0ko1a6lbj716h2qbjg9a425.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cum0ko1a6lbj716h2qbjg9a425|03|biz"; nocase; ) # bf4m0c7to3im1wdjo93ju12rj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bf4m0c7to3im1wdjo93ju12rj|03|net"; nocase; ) # 1gxqgqm9kgngt1j27sau1n6i92j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gxqgqm9kgngt1j27sau1n6i92j|03|com"; nocase; ) # qing9j189dxg4ytahgyo942sl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qing9j189dxg4ytahgyo942sl|03|net"; nocase; ) # 1c23p4s11pvkut1sfb1va6yyxur.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c23p4s11pvkut1sfb1va6yyxur|03|net"; nocase; ) # cfovgp1txnvxzg884f15jpflq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cfovgp1txnvxzg884f15jpflq|03|org"; nocase; ) # 4aa05s7e0iqi15pfx9t1fcmmnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4aa05s7e0iqi15pfx9t1fcmmnh|03|com"; nocase; ) # 12vniwx1lyimfkahkrds1e4b4yr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12vniwx1lyimfkahkrds1e4b4yr|03|biz"; nocase; ) # 17l6d1oih1jbj1wbx08o9eso6l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17l6d1oih1jbj1wbx08o9eso6l|03|com"; nocase; ) # g938szcfv1nq5af1ch16oued0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g938szcfv1nq5af1ch16oued0|03|net"; nocase; ) # c9igio1ntwrftfnaesi1e0jwte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c9igio1ntwrftfnaesi1e0jwte|03|org"; nocase; ) # 1btxt8vhv5iyjq02ijg1gta7hf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1btxt8vhv5iyjq02ijg1gta7hf|03|net"; nocase; ) # 17ve8qwh6mx2r1aicy8yxele1c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ve8qwh6mx2r1aicy8yxele1c|03|net"; nocase; ) # 14opl31d65njw1fk9fp71uw8mcm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14opl31d65njw1fk9fp71uw8mcm|03|net"; nocase; ) # 1qyjmatcgto3d1e1e8c0n1pn47.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qyjmatcgto3d1e1e8c0n1pn47|03|com"; nocase; ) # 1mcey351wyexzf1u6zke9ysc9nz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mcey351wyexzf1u6zke9ysc9nz|03|net"; nocase; ) # ucm2afcxjdwb1l2meg1ubgo1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ucm2afcxjdwb1l2meg1ubgo1d|03|net"; nocase; ) # b9b44g1l0yhce11o6akay50w98.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9b44g1l0yhce11o6akay50w98|03|biz"; nocase; ) # aczf9ko3hq5c1d9f3qt11vzmm8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aczf9ko3hq5c1d9f3qt11vzmm8|03|biz"; nocase; ) # 1v0nipr1rrm7ww125ew5th57jnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v0nipr1rrm7ww125ew5th57jnm|03|net"; nocase; ) # sp6glioaos89mghlmq1duxem.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sp6glioaos89mghlmq1duxem|03|biz"; nocase; ) # u3ui081hzzyh6viuoqz507tvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u3ui081hzzyh6viuoqz507tvw|03|net"; nocase; ) # 18w5z1m1tn6ggel6sutvgslp1c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18w5z1m1tn6ggel6sutvgslp1c|03|com"; nocase; ) # 1cpdbas1ajksdoomarjqmj77k1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cpdbas1ajksdoomarjqmj77k1|03|net"; nocase; ) # 1ilsuwl3jqif858k3lu2ya9ka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ilsuwl3jqif858k3lu2ya9ka|03|com"; nocase; ) # 1dsk3bc2x9d8s1en61yjckj8f2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dsk3bc2x9d8s1en61yjckj8f2|03|net"; nocase; ) # 3c621hkuzmmb13nb22itjhyir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3c621hkuzmmb13nb22itjhyir|03|com"; nocase; ) # vedazau5321ic6nveg1a939pa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vedazau5321ic6nveg1a939pa|03|net"; nocase; ) # jh4r461sm7kfa15r7txf3rou97.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jh4r461sm7kfa15r7txf3rou97|03|biz"; nocase; ) # pk9glc1grd9ovn3gxvzzxvnvl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pk9glc1grd9ovn3gxvzzxvnvl|03|org"; nocase; ) # lit7n81jxzdzx1kqd5vv1p53ok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lit7n81jxzdzx1kqd5vv1p53ok|03|org"; nocase; ) # 1xsy3em12d6idl1wzjm3c1irjikc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xsy3em12d6idl1wzjm3c1irjikc|03|net"; nocase; ) # w62pmzr280341dy415po8506c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w62pmzr280341dy415po8506c|03|biz"; nocase; ) # ivrkba16tiszr7zngthjnmbtl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ivrkba16tiszr7zngthjnmbtl|03|net"; nocase; ) # 5u59mif33f295l4vuj13eteiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5u59mif33f295l4vuj13eteiv|03|net"; nocase; ) # 15nzpt01o3hbzi1b5bukqee8oxo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15nzpt01o3hbzi1b5bukqee8oxo|03|org"; nocase; ) # 11qqk7sbppsap1lbtpju1njld6b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qqk7sbppsap1lbtpju1njld6b|03|net"; nocase; ) # 19bld8tqqpjzt1kn6n1yth1o8a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19bld8tqqpjzt1kn6n1yth1o8a|03|biz"; nocase; ) # 10zqk7pyqnlmu68xjb9rpr3g3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10zqk7pyqnlmu68xjb9rpr3g3|03|net"; nocase; ) # 72s80u2b3n9a1hk317j1lrqyi6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|72s80u2b3n9a1hk317j1lrqyi6|03|org"; nocase; ) # 7b8t041jn2zlf51yngxzsfqpc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7b8t041jn2zlf51yngxzsfqpc|03|net"; nocase; ) # wq9wvrlmevk11fyf2v5143mhii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wq9wvrlmevk11fyf2v5143mhii|03|net"; nocase; ) # 1j0v0d17sal591rccf4x1jrk0ud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j0v0d17sal591rccf4x1jrk0ud|03|com"; nocase; ) # 1c5ru9m26mu9sco588xuetzvb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c5ru9m26mu9sco588xuetzvb|03|org"; nocase; ) # 1jvw8dow5ybpscpbgfv1ocokb4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jvw8dow5ybpscpbgfv1ocokb4|03|net"; nocase; ) # d9wqm517pnnh1vx05zm1kipoet.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d9wqm517pnnh1vx05zm1kipoet|03|org"; nocase; ) # 1fnz5231ms1nyg19mzajqdpy58n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fnz5231ms1nyg19mzajqdpy58n|03|net"; nocase; ) # 1vaep6at9207e1wl7gllg17bm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vaep6at9207e1wl7gllg17bm2|03|com"; nocase; ) # 1nu9m0o1yr5cg972wwfq4dqi13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nu9m0o1yr5cg972wwfq4dqi13|03|org"; nocase; ) # 1d4pzfyo906ma1dgqa98141odmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4pzfyo906ma1dgqa98141odmp|03|com"; nocase; ) # 1yrjwdyjm6mr9hjaex4ywz9wx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yrjwdyjm6mr9hjaex4ywz9wx|03|com"; nocase; ) # 1tgesv7hey1nu1lm7q9dz9yv8r.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tgesv7hey1nu1lm7q9dz9yv8r|03|biz"; nocase; ) # ehedwm13gmk5y11zsa0wh4pe7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ehedwm13gmk5y11zsa0wh4pe7y|03|org"; nocase; ) # 16np3kdmjdfxjfk0jiepuv3g1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16np3kdmjdfxjfk0jiepuv3g1|03|org"; nocase; ) # 12uer8m1n80ivskyqahwgwz5p3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12uer8m1n80ivskyqahwgwz5p3|03|com"; nocase; ) # 1lzttgl669yme1pubcl81xjaiwu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lzttgl669yme1pubcl81xjaiwu|03|net"; nocase; ) # fyexrm1rm2gevhffhow1hb5hh3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fyexrm1rm2gevhffhow1hb5hh3|03|org"; nocase; ) # modzii1xyfzl8zi25ky18jmptd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|modzii1xyfzl8zi25ky18jmptd|03|com"; nocase; ) # t2euc216rj4oi1kv0euv1bg1nca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t2euc216rj4oi1kv0euv1bg1nca|03|net"; nocase; ) # 1kqcrvpy7bjhzwdrrikst776a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kqcrvpy7bjhzwdrrikst776a|03|org"; nocase; ) # bjgr5x1wvwer71uzh7ne1ayyao4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bjgr5x1wvwer71uzh7ne1ayyao4|03|biz"; nocase; ) # 13xc92c1einug51fav1po7bwbql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13xc92c1einug51fav1po7bwbql|03|net"; nocase; ) # 12aer0izvvq0l1i3u68q1g9jg3v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12aer0izvvq0l1i3u68q1g9jg3v|03|org"; nocase; ) # x1dkvx9m7xdmuwowrkyjp4oq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x1dkvx9m7xdmuwowrkyjp4oq|03|org"; nocase; ) # 199uhihg5hztl1ysboaf18yg3iz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|199uhihg5hztl1ysboaf18yg3iz|03|com"; nocase; ) # 2aniv5kt8921d4s83716xjxfq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2aniv5kt8921d4s83716xjxfq|03|org"; nocase; ) # 1af4mxacgm0bbhru0khh86q26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1af4mxacgm0bbhru0khh86q26|03|org"; nocase; ) # ca6xrz1aw2a9c1lcxxcm1hcs35s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ca6xrz1aw2a9c1lcxxcm1hcs35s|03|org"; nocase; ) # 1c5p2o11bjjeyhpvnzzzhhqgq6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c5p2o11bjjeyhpvnzzzhhqgq6|03|net"; nocase; ) # 1geva1d1ujx6y95nl5mk1jza8hi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1geva1d1ujx6y95nl5mk1jza8hi|03|org"; nocase; ) # 15jaauy9n4o0na9pxv6hwxb3g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15jaauy9n4o0na9pxv6hwxb3g|03|biz"; nocase; ) # 1v4ast4gbq40i10q2vbx1u8xnml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4ast4gbq40i10q2vbx1u8xnml|03|com"; nocase; ) # 1rc90msoslbte1fomy6g15yjvs4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rc90msoslbte1fomy6g15yjvs4|03|net"; nocase; ) # 1vbk0sbqzeljp9mkm1l1hfpgh0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbk0sbqzeljp9mkm1l1hfpgh0|03|com"; nocase; ) # 88860g1vj1wroofo3kgwu9cet.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|88860g1vj1wroofo3kgwu9cet|03|org"; nocase; ) # 8kbm0qcmakhohw01bcl9olqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8kbm0qcmakhohw01bcl9olqq|03|com"; nocase; ) # ugbjk3dfbs8819kapos16ont3o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ugbjk3dfbs8819kapos16ont3o|03|net"; nocase; ) # 10iypftymwnwa180kmhwv34ywp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10iypftymwnwa180kmhwv34ywp|03|net"; nocase; ) # nokb0hns1tu6sp7bhx8fei2u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nokb0hns1tu6sp7bhx8fei2u|03|biz"; nocase; ) # kxy4ymhij16spax85v1yrapiw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kxy4ymhij16spax85v1yrapiw|03|net"; nocase; ) # t93ezt13tvhg6333dhuaji2ix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t93ezt13tvhg6333dhuaji2ix|03|net"; nocase; ) # 10ikdhq1mtg06e14zypm6o7y7b8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10ikdhq1mtg06e14zypm6o7y7b8|03|net"; nocase; ) # 1pqq2oa1ytha10hbb1s169kvzt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pqq2oa1ytha10hbb1s169kvzt|03|net"; nocase; ) # bniyzq1awhfzy1f3poencxve4k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bniyzq1awhfzy1f3poencxve4k|03|com"; nocase; ) # 1kgnpqx1ah9vrh5tg7w71ahdny1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kgnpqx1ah9vrh5tg7w71ahdny1|03|org"; nocase; ) # 1e9x71q9a1wlc11wifun1w774ee.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e9x71q9a1wlc11wifun1w774ee|03|biz"; nocase; ) # 114lklr133av24o71tdh1jqfbbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|114lklr133av24o71tdh1jqfbbx|03|org"; nocase; ) # 1mqwesqj8lf6317e0x541c5c16l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqwesqj8lf6317e0x541c5c16l|03|net"; nocase; ) # 1v0cp7oubhe111kh7mc6hifhel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v0cp7oubhe111kh7mc6hifhel|03|com"; nocase; ) # 2v8pvt1o85n6rdmg98y2v1ngo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2v8pvt1o85n6rdmg98y2v1ngo|03|net"; nocase; ) # 1n4rwxk5ffbzv1ldw8taodmp0q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n4rwxk5ffbzv1ldw8taodmp0q|03|net"; nocase; ) # uotxsn1yz61pyk9u4t61agt5vy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uotxsn1yz61pyk9u4t61agt5vy|03|org"; nocase; ) # 1dfuewyg3bjpcgc367p16urcij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dfuewyg3bjpcgc367p16urcij|03|net"; nocase; ) # 625mhxl03fe1jx359lrb2tt6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|625mhxl03fe1jx359lrb2tt6|03|org"; nocase; ) # emd5izpug5711ya64p1q8izd5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|emd5izpug5711ya64p1q8izd5|03|net"; nocase; ) # 1nuxjk28ibdix18h2xvt1yzc4px.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nuxjk28ibdix18h2xvt1yzc4px|03|net"; nocase; ) # z0g61azcml761kdyq3rnnzg7u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z0g61azcml761kdyq3rnnzg7u|03|net"; nocase; ) # g37vqt1vxvaak1a9m16i1d7ozlb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g37vqt1vxvaak1a9m16i1d7ozlb|03|com"; nocase; ) # olaa56zm9czd1nuzmoe14ma29g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|olaa56zm9czd1nuzmoe14ma29g|03|org"; nocase; ) # uaszur10cxuor51pyhcnctkec.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uaszur10cxuor51pyhcnctkec|03|net"; nocase; ) # 12t3abd13wjick11j51vx1r0h40d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12t3abd13wjick11j51vx1r0h40d|03|com"; nocase; ) # bbs7dumjygy91w3qc41fdgic3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bbs7dumjygy91w3qc41fdgic3|03|com"; nocase; ) # 1jcrnt4qbbg50147tlko12rx5im.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jcrnt4qbbg50147tlko12rx5im|03|com"; nocase; ) # 1hdefnlm7l8mkigryv4aeqou.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1hdefnlm7l8mkigryv4aeqou|03|net"; nocase; ) # 1j3d11v1c7s4s31xxlach1jd5ba8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j3d11v1c7s4s31xxlach1jd5ba8|03|org"; nocase; ) # 1wefjmy1yj6ucm645u1x1uo6or.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wefjmy1yj6ucm645u1x1uo6or|03|com"; nocase; ) # 1a6xh6b18mkpx81jrw8k91p0kly8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1a6xh6b18mkpx81jrw8k91p0kly8|03|com"; nocase; ) # sbrpq9kyg2wdojm7x31j0uekm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sbrpq9kyg2wdojm7x31j0uekm|03|biz"; nocase; ) # 17qz0eoff1nxu11i9wh018hmi7n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17qz0eoff1nxu11i9wh018hmi7n|03|org"; nocase; ) # 1uq2ekc169slhngdmo8c1p0kzal.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uq2ekc169slhngdmo8c1p0kzal|03|org"; nocase; ) # 161fp0izkgse1100838m11hvs1p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|161fp0izkgse1100838m11hvs1p|03|net"; nocase; ) # 137mdd8yvg6631hb2cb218l85u8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|137mdd8yvg6631hb2cb218l85u8|03|biz"; nocase; ) # lzsh5fmskiqd1f83vt815wcimh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lzsh5fmskiqd1f83vt815wcimh|03|com"; nocase; ) # 11a810m1hupfqxx7yojts0byve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11a810m1hupfqxx7yojts0byve|03|net"; nocase; ) # 3l4rqcuwm29m12tsxyr24ilj7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3l4rqcuwm29m12tsxyr24ilj7|03|net"; nocase; ) # 1dcbjpy14ue4h61h69x2sl4ldzd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dcbjpy14ue4h61h69x2sl4ldzd|03|com"; nocase; ) # j59yiw172hidw8ok860b1mri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|j59yiw172hidw8ok860b1mri|03|com"; nocase; ) # zozwse48qbmf1a4d1zz15tf1gt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zozwse48qbmf1a4d1zz15tf1gt|03|org"; nocase; ) # 1hpch71be6njny7upe7q02eo5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hpch71be6njny7upe7q02eo5|03|com"; nocase; ) # 1skajgyy81b8trxztav4y2fd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1skajgyy81b8trxztav4y2fd|03|com"; nocase; ) # 1j787201d1cmlw1ma92dw1qa2fxw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1j787201d1cmlw1ma92dw1qa2fxw|03|com"; nocase; ) # jy0u7k15b7uynayplrejh3za1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jy0u7k15b7uynayplrejh3za1|03|net"; nocase; ) # 1bkt0yjmyudxy1hremg6nrjgj9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bkt0yjmyudxy1hremg6nrjgj9|03|net"; nocase; ) # 1pb7mpf6z5wtq19pnlz6os0hlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pb7mpf6z5wtq19pnlz6os0hlw|03|org"; nocase; ) # dpu7tqcekrmf1oy9tc495kcm7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dpu7tqcekrmf1oy9tc495kcm7|03|net"; nocase; ) # 9zrgg110rfa3rrmigpx2vhn67.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9zrgg110rfa3rrmigpx2vhn67|03|net"; nocase; ) # oag18x12apd1z1p2h5zr18dbewk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oag18x12apd1z1p2h5zr18dbewk|03|com"; nocase; ) # hc2zju14qrlm25smugsefm6xz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hc2zju14qrlm25smugsefm6xz|03|net"; nocase; ) # 1wxs22c1569y5ahdj6bba51mi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wxs22c1569y5ahdj6bba51mi|03|com"; nocase; ) # 15whwzg1og1f53126n2oet5klbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15whwzg1og1f53126n2oet5klbq|03|com"; nocase; ) # 1jtjl43rg5t483897am1kd38k3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jtjl43rg5t483897am1kd38k3|03|biz"; nocase; ) # 10m0syu1y39omkswojcvje7d1q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10m0syu1y39omkswojcvje7d1q|03|com"; nocase; ) # 16ynnyd1vsf0c41kn70ag8je485.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ynnyd1vsf0c41kn70ag8je485|03|org"; nocase; ) # j3wiy8sk5o8a198jzcy5e082b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j3wiy8sk5o8a198jzcy5e082b|03|com"; nocase; ) # 1jfq4q4o0c2qm1i8xi8h1a5u41v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfq4q4o0c2qm1i8xi8h1a5u41v|03|net"; nocase; ) # 32f2ki1saexengl68wmnb3nbj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32f2ki1saexengl68wmnb3nbj|03|biz"; nocase; ) # 7eenuun9rzvk3nr5z4kmnamo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7eenuun9rzvk3nr5z4kmnamo|03|com"; nocase; ) # qgxq4e1sopv321jq2pncnn25ot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qgxq4e1sopv321jq2pncnn25ot|03|com"; nocase; ) # 1q04gpbzwy19k1y0ey7wjdaxkj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q04gpbzwy19k1y0ey7wjdaxkj|03|biz"; nocase; ) # 1faddqy161fnvm1c5hygu1wgwv96.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1faddqy161fnvm1c5hygu1wgwv96|03|net"; nocase; ) # 15eds501jy1pu3v91ly71lvtaob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15eds501jy1pu3v91ly71lvtaob|03|org"; nocase; ) # h3sgctgdsksq12vpzn8xxi5il.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h3sgctgdsksq12vpzn8xxi5il|03|net"; nocase; ) # 1ukciqlw9dytaz50jq7hlk43z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ukciqlw9dytaz50jq7hlk43z|03|net"; nocase; ) # 1hxwnc01bo1tg619pwobe9jycof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hxwnc01bo1tg619pwobe9jycof|03|com"; nocase; ) # yxbs31x180ac1su58bqwyzvoj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yxbs31x180ac1su58bqwyzvoj|03|biz"; nocase; ) # 1dopme4ibn2uii1lvep118kqv2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dopme4ibn2uii1lvep118kqv2|03|org"; nocase; ) # vx7u1b3uj25n11qaxmq12pp9b7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vx7u1b3uj25n11qaxmq12pp9b7|03|org"; nocase; ) # 5o0xy6nva4171ifc3ulc8wz8e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5o0xy6nva4171ifc3ulc8wz8e|03|biz"; nocase; ) # 1a0yb0815oxel518ho7t6z3ptvv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a0yb0815oxel518ho7t6z3ptvv|03|com"; nocase; ) # 1mttpwhy9kghpwypeqodkhlzr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mttpwhy9kghpwypeqodkhlzr|03|org"; nocase; ) # 1j6po95ur6gs41379xwj19dl0td.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j6po95ur6gs41379xwj19dl0td|03|com"; nocase; ) # 1bjmst6z6l93wa6knlcruhusl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bjmst6z6l93wa6knlcruhusl|03|org"; nocase; ) # 1aecnuytcudpvap1chmgtytkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aecnuytcudpvap1chmgtytkn|03|net"; nocase; ) # 1d3yq1dzh1ref15lni5lszwuv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d3yq1dzh1ref15lni5lszwuv|03|org"; nocase; ) # 1upy0th1v1dim11fijehsr9jo9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1upy0th1v1dim11fijehsr9jo9|03|net"; nocase; ) # gga9le1dlhfkursjdgq1ntz5zv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gga9le1dlhfkursjdgq1ntz5zv|03|com"; nocase; ) # 12j9g3hpnmgkk4900n321rlps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12j9g3hpnmgkk4900n321rlps|03|biz"; nocase; ) # 1grpexj1opt9t7teu6h61gfy00z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1grpexj1opt9t7teu6h61gfy00z|03|org"; nocase; ) # 1a2oorf6qwga1ejita7ozv55i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a2oorf6qwga1ejita7ozv55i|03|net"; nocase; ) # 1jvm6sm1tr9gkw1nijzvm1kxgfxq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jvm6sm1tr9gkw1nijzvm1kxgfxq|03|com"; nocase; ) # xp4vwe13mcm291t6zix51926t7q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xp4vwe13mcm291t6zix51926t7q|03|biz"; nocase; ) # 17mjcd117eb2ia1ykdtkdpof2gu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mjcd117eb2ia1ykdtkdpof2gu|03|org"; nocase; ) # 1fww21ljpr3r13g918kg9kdfa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fww21ljpr3r13g918kg9kdfa|03|net"; nocase; ) # 1fn3fs0wqc28i17te6oj14i8v7b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fn3fs0wqc28i17te6oj14i8v7b|03|org"; nocase; ) # 665hb0mxctz19wni2u1ltiwm9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|665hb0mxctz19wni2u1ltiwm9|03|org"; nocase; ) # 18c6uhoet3svd1mua469r6hpo2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18c6uhoet3svd1mua469r6hpo2|03|net"; nocase; ) # 1ixn6bo4s4bo214dozksupn7ii.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ixn6bo4s4bo214dozksupn7ii|03|org"; nocase; ) # 1mnzus8dya6e01bbsdc0q8el2e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mnzus8dya6e01bbsdc0q8el2e|03|net"; nocase; ) # k2x671nax72v15zqoc47t367t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k2x671nax72v15zqoc47t367t|03|com"; nocase; ) # 2qpu53ivalgacrmbyduwg89f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2qpu53ivalgacrmbyduwg89f|03|biz"; nocase; ) # 1e3c7kajku1h21ozmavajl079z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e3c7kajku1h21ozmavajl079z|03|com"; nocase; ) # zjty34181kpytohvnvnw7eycc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zjty34181kpytohvnvnw7eycc|03|com"; nocase; ) # mor43y1rhl7qheby1gy1ybwbr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mor43y1rhl7qheby1gy1ybwbr2|03|org"; nocase; ) # 1kduw9n13zn60e1g6xxcy127xryd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kduw9n13zn60e1g6xxcy127xryd|03|net"; nocase; ) # zzozjx15ajqfk4q2jpu6okq9q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zzozjx15ajqfk4q2jpu6okq9q|03|com"; nocase; ) # 1v76uod165zpg012k1b341p04ayy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1v76uod165zpg012k1b341p04ayy|03|biz"; nocase; ) # uz60dc1633uq4j6zocq1i5z6mu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uz60dc1633uq4j6zocq1i5z6mu|03|com"; nocase; ) # 1qpbaj3eflgc1orom78v49kk8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qpbaj3eflgc1orom78v49kk8|03|biz"; nocase; ) # 1ofzkml58yl4fks10d1nfg42s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ofzkml58yl4fks10d1nfg42s|03|com"; nocase; ) # 1onvkvdo25n231ucya8ejbyuch.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1onvkvdo25n231ucya8ejbyuch|03|org"; nocase; ) # 14cr56z1o7hptwgz34321irtoar.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cr56z1o7hptwgz34321irtoar|03|org"; nocase; ) # cgrdledihntr1jv0up21iwl0wn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cgrdledihntr1jv0up21iwl0wn|03|net"; nocase; ) # 1ye3juf1bp9z5wiqkvz7jfvi9h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ye3juf1bp9z5wiqkvz7jfvi9h|03|com"; nocase; ) # 1qmydom1hn1mfu1ifmhyq1mtf1fa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qmydom1hn1mfu1ifmhyq1mtf1fa|03|com"; nocase; ) # z4roeh5qc7hd1yhk6ruwh4jwa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4roeh5qc7hd1yhk6ruwh4jwa|03|com"; nocase; ) # 1h2hale1rxcyht1pj9jp1owaicp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h2hale1rxcyht1pj9jp1owaicp|03|biz"; nocase; ) # 6kjkbe15ywgmv1bu39ca1keyjgk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6kjkbe15ywgmv1bu39ca1keyjgk|03|net"; nocase; ) # 1vsana11pu7564mgjw3a10mbpba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vsana11pu7564mgjw3a10mbpba|03|com"; nocase; ) # 13x0l81umpynhpkkyho4zwnzk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13x0l81umpynhpkkyho4zwnzk|03|org"; nocase; ) # 14ik47n1i9qv1e17zts777mb60y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ik47n1i9qv1e17zts777mb60y|03|net"; nocase; ) # 1jkdfb22srwtpoeipegzu20nj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jkdfb22srwtpoeipegzu20nj|03|net"; nocase; ) # 1bl3ch0q73vcmstnam515zqemv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bl3ch0q73vcmstnam515zqemv|03|com"; nocase; ) # 20q9on14hg3cl1cgfy3oib37h8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|20q9on14hg3cl1cgfy3oib37h8|03|com"; nocase; ) # zua9latppj501f4pir7v2hjn7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zua9latppj501f4pir7v2hjn7|03|com"; nocase; ) # vl4m3vdbzsov4a97ww1kd31sj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vl4m3vdbzsov4a97ww1kd31sj|03|biz"; nocase; ) # 12c05zd5bszwk1i84flpeifvjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12c05zd5bszwk1i84flpeifvjv|03|net"; nocase; ) # 54zulc10yq2vgnuhy3t9e0acg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|54zulc10yq2vgnuhy3t9e0acg|03|com"; nocase; ) # 1fjhfdnmeg2rei3sqow1as8ags.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fjhfdnmeg2rei3sqow1as8ags|03|org"; nocase; ) # 1qxj9f1aino2n1y6bec1lie86w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qxj9f1aino2n1y6bec1lie86w|03|net"; nocase; ) # 1dsp8k1tpf283i4cdj51y4so8a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dsp8k1tpf283i4cdj51y4so8a|03|net"; nocase; ) # 1ygeogu1ti1igm1m6dsiwo204tr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ygeogu1ti1igm1m6dsiwo204tr|03|net"; nocase; ) # wggyrnufxhhs2yzv64odgojs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wggyrnufxhhs2yzv64odgojs|03|biz"; nocase; ) # 1ue0jui18w6r1onmz9nbfm4dwv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ue0jui18w6r1onmz9nbfm4dwv|03|net"; nocase; ) # sx3b60v93kmjqniepzbkfw4g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sx3b60v93kmjqniepzbkfw4g|03|com"; nocase; ) # 16k46521iluxtsp3s7knwzubwt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16k46521iluxtsp3s7knwzubwt|03|org"; nocase; ) # 14iyx2hurchvj13hmrwy1vo1xv8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14iyx2hurchvj13hmrwy1vo1xv8|03|net"; nocase; ) # 1kp5zrk1s6mykyc4p9go12lkebb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kp5zrk1s6mykyc4p9go12lkebb|03|org"; nocase; ) # 1vvatgi1rta19c18r2t5yjuyfqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vvatgi1rta19c18r2t5yjuyfqf|03|net"; nocase; ) # 1yde3m11nundyd1gid48214melta.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yde3m11nundyd1gid48214melta|03|biz"; nocase; ) # nk7dqchcxexfa6rjjq1egaahe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nk7dqchcxexfa6rjjq1egaahe|03|net"; nocase; ) # 1ggzff117kx5xj1q40sbpnfxljs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ggzff117kx5xj1q40sbpnfxljs|03|net"; nocase; ) # g3qipn9omrat1uvv5ya1dzem11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g3qipn9omrat1uvv5ya1dzem11|03|org"; nocase; ) # 1jrb24p6udbl71dx8r4a1o7l9id.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jrb24p6udbl71dx8r4a1o7l9id|03|biz"; nocase; ) # 18dt9syr6wigy1e5a406f1xeap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18dt9syr6wigy1e5a406f1xeap|03|net"; nocase; ) # fre5ww1rrcnha1ajbfch1t1ytyr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|fre5ww1rrcnha1ajbfch1t1ytyr|03|org"; nocase; ) # n0dn4y1um9ai3uya82g1eh7n94.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n0dn4y1um9ai3uya82g1eh7n94|03|com"; nocase; ) # igi7gt13wni5v1td2rlx194pq1a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|igi7gt13wni5v1td2rlx194pq1a|03|com"; nocase; ) # eqirqb12m6c1ugn8eqbjsey7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eqirqb12m6c1ugn8eqbjsey7|03|org"; nocase; ) # gfi8d1rhhvmsxujo2skq4g60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gfi8d1rhhvmsxujo2skq4g60|03|net"; nocase; ) # 1hxegv15fjn12vsb14xdps5ys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hxegv15fjn12vsb14xdps5ys|03|com"; nocase; ) # w9aync3nr7qei72xbn13g6gs8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9aync3nr7qei72xbn13g6gs8|03|net"; nocase; ) # 1ggka671aqsdjl1rypgqw15lseye.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ggka671aqsdjl1rypgqw15lseye|03|net"; nocase; ) # 1ulcuy1k46yr91ycm1c3iaggxm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ulcuy1k46yr91ycm1c3iaggxm|03|net"; nocase; ) # t4sskql6zcp1lsosew10gid84.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t4sskql6zcp1lsosew10gid84|03|com"; nocase; ) # uhl3r21f9brg81vv9lm8hugrww.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uhl3r21f9brg81vv9lm8hugrww|03|biz"; nocase; ) # dqywq516ywjlgt4dmts7pl1qq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dqywq516ywjlgt4dmts7pl1qq|03|net"; nocase; ) # v8is1j1b9i0em5n8c4g1n7ht0c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v8is1j1b9i0em5n8c4g1n7ht0c|03|org"; nocase; ) # 9picqmozg659tepp6qr987hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9picqmozg659tepp6qr987hd|03|com"; nocase; ) # 1abm3zj1nyd2cq1k0srb41v9rb8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abm3zj1nyd2cq1k0srb41v9rb8y|03|org"; nocase; ) # us9svxr85u041wlkygn1dmr6c0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|us9svxr85u041wlkygn1dmr6c0|03|com"; nocase; ) # 1lygc112dpoi71x3hbqk966iuc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lygc112dpoi71x3hbqk966iuc|03|net"; nocase; ) # 1lzz02zutkennew96uh19hp99v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lzz02zutkennew96uh19hp99v|03|org"; nocase; ) # 1f5qhjl6swc6jutrg18jwqbd7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1f5qhjl6swc6jutrg18jwqbd7|03|net"; nocase; ) # 15fcpaw1jsp8nt15h5qdt1dnghsb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15fcpaw1jsp8nt15h5qdt1dnghsb|03|biz"; nocase; ) # 11qchet1h98xkjf8ugxv1f127rl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11qchet1h98xkjf8ugxv1f127rl|03|org"; nocase; ) # gdj1ac8ipzjh1h1ovjyu3cw6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gdj1ac8ipzjh1h1ovjyu3cw6|03|com"; nocase; ) # 3yt7s71ukl3ox74va021v8ehqk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3yt7s71ukl3ox74va021v8ehqk|03|org"; nocase; ) # lsodud6n7wtb1s3vnswqqggu4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lsodud6n7wtb1s3vnswqqggu4|03|biz"; nocase; ) # ki02y1xn14rcri28c4oa5heq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ki02y1xn14rcri28c4oa5heq|03|net"; nocase; ) # 1vxtgwmpaulv41weowzpzn9o0d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxtgwmpaulv41weowzpzn9o0d|03|net"; nocase; ) # 17qogf79t6rzj1pnzlnn1audxkx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17qogf79t6rzj1pnzlnn1audxkx|03|net"; nocase; ) # nqzms416bd78k1vse6oye4sbag.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nqzms416bd78k1vse6oye4sbag|03|org"; nocase; ) # 1jo8l5d1azupb51abpqt516xk3lg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jo8l5d1azupb51abpqt516xk3lg|03|org"; nocase; ) # 1kqs77l15wh7bf1fkd3o7cndivp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqs77l15wh7bf1fkd3o7cndivp|03|org"; nocase; ) # m886kqdycsbqij3ykc1ep25y3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m886kqdycsbqij3ykc1ep25y3|03|com"; nocase; ) # 1x1eanr16v71q171s6ve1lrfjuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1x1eanr16v71q171s6ve1lrfjuy|03|net"; nocase; ) # 1he66as11fgl451emin42haxlwa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1he66as11fgl451emin42haxlwa|03|biz"; nocase; ) # z22gpgwyuomq5cetpc54dgbi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z22gpgwyuomq5cetpc54dgbi|03|net"; nocase; ) # v9jwr7i92u8n1fhfdsyhp69ht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v9jwr7i92u8n1fhfdsyhp69ht|03|org"; nocase; ) # 1lw544pff5fh01dej8rtozg0oh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lw544pff5fh01dej8rtozg0oh|03|biz"; nocase; ) # 124fksmw1a9m1lmbs2qtn4v3n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|124fksmw1a9m1lmbs2qtn4v3n|03|net"; nocase; ) # 1twnctfyzdtbk1quqhedlcoomv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1twnctfyzdtbk1quqhedlcoomv|03|com"; nocase; ) # z750sqbawvaq1azfeer1kudkub.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z750sqbawvaq1azfeer1kudkub|03|net"; nocase; ) # 18ap612k27tu99wk3r31qhwgql.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ap612k27tu99wk3r31qhwgql|03|biz"; nocase; ) # n65phw1jsatq1audp0f13vgz68.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n65phw1jsatq1audp0f13vgz68|03|org"; nocase; ) # rjjgjq1wgn0ciifdlmtigfso4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rjjgjq1wgn0ciifdlmtigfso4|03|com"; nocase; ) # 126cfgcc952hl19g26kr1iieeop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|126cfgcc952hl19g26kr1iieeop|03|biz"; nocase; ) # tghhsbkueds139svsuatv8qf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tghhsbkueds139svsuatv8qf|03|org"; nocase; ) # x02lcjlectyeolxbgzkdrq75.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x02lcjlectyeolxbgzkdrq75|03|biz"; nocase; ) # 6tth9l1h6sd041sjza6n96j46d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6tth9l1h6sd041sjza6n96j46d|03|net"; nocase; ) # fcmg23qjd06q14ah4xkcl0cmp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fcmg23qjd06q14ah4xkcl0cmp|03|biz"; nocase; ) # n210dc1ig0wk9bk8uidkjwopn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n210dc1ig0wk9bk8uidkjwopn|03|com"; nocase; ) # 1hc87a11d2daym8txpwm0mpyd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hc87a11d2daym8txpwm0mpyd|03|org"; nocase; ) # 1t5f47c1dy1wshazxb1c1ed13ty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5f47c1dy1wshazxb1c1ed13ty|03|org"; nocase; ) # 1vo4hbvdccu8gudo2p17lbquv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vo4hbvdccu8gudo2p17lbquv|03|com"; nocase; ) # pus9dc13abbhn1p0y20x173p7nb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pus9dc13abbhn1p0y20x173p7nb|03|net"; nocase; ) # 1ejrnintm8nuazwuncqyrfns9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ejrnintm8nuazwuncqyrfns9|03|org"; nocase; ) # am342fbwwx0k1gg2bof1ie4kb0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|am342fbwwx0k1gg2bof1ie4kb0|03|biz"; nocase; ) # 1fgv7aq169no791fujgkx1au2mnb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1fgv7aq169no791fujgkx1au2mnb|03|com"; nocase; ) # 43ds5j2kgwg2f9a66f1jtw1yr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|43ds5j2kgwg2f9a66f1jtw1yr|03|org"; nocase; ) # 12m0r2c1t970mh47f8h470lwer.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12m0r2c1t970mh47f8h470lwer|03|net"; nocase; ) # k8lswqsamvrj1xs2mdlmnvo05.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k8lswqsamvrj1xs2mdlmnvo05|03|com"; nocase; ) # 18irknatx9xz7lcecof13i8vdx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18irknatx9xz7lcecof13i8vdx|03|org"; nocase; ) # 1uecpe61iop30ynizjhb44i03e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uecpe61iop30ynizjhb44i03e|03|com"; nocase; ) # dkvb3g1r75l7cwwfx0jvz7pc5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dkvb3g1r75l7cwwfx0jvz7pc5|03|com"; nocase; ) # 1ykw25p1ww08gj1jf6u89363n5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ykw25p1ww08gj1jf6u89363n5n|03|biz"; nocase; ) # qt44w7douypr1e310f01s660r1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qt44w7douypr1e310f01s660r1|03|net"; nocase; ) # 7qeixj1rhegbo1vi7nhon9ggsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7qeixj1rhegbo1vi7nhon9ggsa|03|net"; nocase; ) # 1ppmono4y1c5qsjfy0616fq0j9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ppmono4y1c5qsjfy0616fq0j9|03|org"; nocase; ) # 1adf8e5ieb6s61r8wfjp1j1f0oj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1adf8e5ieb6s61r8wfjp1j1f0oj|03|com"; nocase; ) # 3ev6ycu5q6gisyqpgngb2o1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|3ev6ycu5q6gisyqpgngb2o1|03|net"; nocase; ) # w9aivx1ghffvgf5w94ig58t0x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w9aivx1ghffvgf5w94ig58t0x|03|net"; nocase; ) # ysvaq01myrdg7v60sjk1jhuaiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ysvaq01myrdg7v60sjk1jhuaiw|03|com"; nocase; ) # a29f588sojvb1f6ccfl1siiiv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a29f588sojvb1f6ccfl1siiiv6|03|net"; nocase; ) # 3xzz8jppw8u91lyhpqqg37avf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3xzz8jppw8u91lyhpqqg37avf|03|org"; nocase; ) # sdzfx01yea1nv1hnc5d71ited79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sdzfx01yea1nv1hnc5d71ited79|03|net"; nocase; ) # 1obg1wpmp5zgjq38gqdpiulya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1obg1wpmp5zgjq38gqdpiulya|03|biz"; nocase; ) # 11sv957dv5kktmpmcgv1dunfj3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11sv957dv5kktmpmcgv1dunfj3|03|org"; nocase; ) # r8iopmptlcwq1xshyi01b30115.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|r8iopmptlcwq1xshyi01b30115|03|net"; nocase; ) # 1lkolq61qz069n11fe4v85jtn22.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lkolq61qz069n11fe4v85jtn22|03|com"; nocase; ) # 19e9ccr18e8k5q1nxos95sui7z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19e9ccr18e8k5q1nxos95sui7z|03|org"; nocase; ) # 1ufbi2vkk1c5x15a8zcadq4aft.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ufbi2vkk1c5x15a8zcadq4aft|03|org"; nocase; ) # 12btf551wm2jlkw01kcfnd2hju.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12btf551wm2jlkw01kcfnd2hju|03|net"; nocase; ) # 1gg4u291xdastw1unhq2o1w7jxp1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gg4u291xdastw1unhq2o1w7jxp1|03|org"; nocase; ) # 18unkx3141kpji1sau36l1pywyvu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18unkx3141kpji1sau36l1pywyvu|03|com"; nocase; ) # 7ec1py6v5pbge1tg3euqkcf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7ec1py6v5pbge1tg3euqkcf8|03|net"; nocase; ) # emtiuiomzoij10ucs811d1qejx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|emtiuiomzoij10ucs811d1qejx|03|org"; nocase; ) # 1xlswu013wbvtdx0rnltb607pd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xlswu013wbvtdx0rnltb607pd|03|com"; nocase; ) # bqb8811wctwxhba89aaoqfc5m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bqb8811wctwxhba89aaoqfc5m|03|net"; nocase; ) # drypsaexjlhvpabi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044306; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|drypsaexjlhvpabi|02|eu"; nocase; ) # wmeraputoscxnjqo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044307; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wmeraputoscxnjqo|02|eu"; nocase; ) # qjixqsxycdarkevu.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044308; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qjixqsxycdarkevu|02|eu"; nocase; ) # krnmxuoiukuginlo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044309; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|krnmxuoiukuginlo|02|eu"; nocase; ) # kjwabmbkhgpteifn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044310; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kjwabmbkhgpteifn|02|eu"; nocase; ) # kqpvymnorhqvwnma.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044311; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|kqpvymnorhqvwnma|02|eu"; nocase; ) # eumxbeeydgprmbmg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044312; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|eumxbeeydgprmbmg|02|eu"; nocase; ) # rqeseulmdtetpbkt.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044313; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rqeseulmdtetpbkt|02|eu"; nocase; ) # lqsubbokujtvjfty.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044314; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lqsubbokujtvjfty|02|eu"; nocase; ) # lmkijdblbbxpbjql.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044315; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lmkijdblbbxpbjql|02|eu"; nocase; ) # fyxjidftaecluojs.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044316; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fyxjidftaecluojs|02|eu"; nocase; ) # fgestqrxkfdnnhes.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044317; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fgestqrxkfdnnhes|02|eu"; nocase; ) # fnwbfrrpitepgayf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044318; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fnwbfrrpitepgayf|02|eu"; nocase; ) # fupwdfrhgisryfgf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044319; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fupwdfrhgisryfgf|02|eu"; nocase; ) # ffgcivqeucypcufe.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044320; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ffgcivqeucypcufe|02|eu"; nocase; ) # strnmllnwbmpmcvr.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044321; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|strnmllnwbmpmcvr|02|eu"; nocase; ) # siqfjalwfechlnxe.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044322; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|siqfjalwfechlnxe|02|eu"; nocase; ) # spjbunxbdsdjegse.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044323; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|spjbunxbdsdjegse|02|eu"; nocase; ) # saagmeklrmjhhird.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044324; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|saagmeklrmjhhird|02|eu"; nocase; ) # mfulaqocgomnuupk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044325; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mfulaqocgomnuupk|02|eu"; nocase; ) # c314d01f6577a9f419409eba82cd55bd60.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c314d01f6577a9f419409eba82cd55bd60|02|to"; nocase; ) # e913c9b1eeb982615b51cd6fdf3eaae56d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e913c9b1eeb982615b51cd6fdf3eaae56d|02|hk"; nocase; ) # j91a775fb97f7fae8ecdb296d7c7002bc5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j91a775fb97f7fae8ecdb296d7c7002bc5|02|ws"; nocase; ) # p7f3c9380448e56d05ee9fd4163ba6a77e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7f3c9380448e56d05ee9fd4163ba6a77e|02|so"; nocase; ) # r93ef8d5338d5955831d247bbe091b0f0b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r93ef8d5338d5955831d247bbe091b0f0b|02|ws"; nocase; ) # v1c6d72eea7738684630c8526ba34186d1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v1c6d72eea7738684630c8526ba34186d1|02|cn"; nocase; ) # c8fd30c74b466d14a47a50c33bd00dc9e5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c8fd30c74b466d14a47a50c33bd00dc9e5|02|hk"; nocase; ) # gc5710d2666f4912b14f31a2e41b7ce952.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc5710d2666f4912b14f31a2e41b7ce952|02|cc"; nocase; ) # oe5a79f02f44ca2bfe5175ced7f6e12a94.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe5a79f02f44ca2bfe5175ced7f6e12a94|02|cc"; nocase; ) # s844eccc6435a326f0587018566363bbe3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s844eccc6435a326f0587018566363bbe3|02|hk"; nocase; ) # x48581a62f1d8986a4e01020c0d4f2c512.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x48581a62f1d8986a4e01020c0d4f2c512|02|ws"; nocase; ) # h731709fb7afee3d5c5d18f027edb54622.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h731709fb7afee3d5c5d18f027edb54622|02|in"; nocase; ) # kcddd42cf6fe577ae5d04fa377754b3ad6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kcddd42cf6fe577ae5d04fa377754b3ad6|02|tk"; nocase; ) # n93290524a4a516e036c24300e410d267f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n93290524a4a516e036c24300e410d267f|02|ws"; nocase; ) # bbb0a8728627c7d5a855b4a6d26410f085.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bbb0a8728627c7d5a855b4a6d26410f085|02|so"; nocase; ) # c66b34f3b31cf9765c0bf97555f26446cf.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c66b34f3b31cf9765c0bf97555f26446cf|02|cc"; nocase; ) # g5089ac06466e0cd5bf0430fe05d25eb5c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g5089ac06466e0cd5bf0430fe05d25eb5c|02|hk"; nocase; ) # lbb2276a70a25dce3c6f74b3c4dbd54e99.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lbb2276a70a25dce3c6f74b3c4dbd54e99|02|ws"; nocase; ) # od130c266362a69654149ad389dbe4a1e7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|od130c266362a69654149ad389dbe4a1e7|02|hk"; nocase; ) # yd6a5f47c91c52f14bc5b0e526625a376d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yd6a5f47c91c52f14bc5b0e526625a376d|02|tk"; nocase; ) # z3b1f647ab38dbe010e3a8dc0c60aca64e.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z3b1f647ab38dbe010e3a8dc0c60aca64e|02|so"; nocase; ) # dbb487685ba46fe7497640282816462960.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dbb487685ba46fe7497640282816462960|02|in"; nocase; ) # g41af3ad5127ddac0b7defa0eb512ad64a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g41af3ad5127ddac0b7defa0eb512ad64a|02|tk"; nocase; ) # i6442b068194e776c5047a562438708c13.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i6442b068194e776c5047a562438708c13|02|cc"; nocase; ) # oc55fca9ba91a7b6993cd9e01b2d45299c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc55fca9ba91a7b6993cd9e01b2d45299c|02|tk"; nocase; ) # s0ab79fb4046634dd6fb3b2e40a4e02351.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0ab79fb4046634dd6fb3b2e40a4e02351|02|to"; nocase; ) # dba819e9ab9db554926a158c4dce77a90a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dba819e9ab9db554926a158c4dce77a90a|02|cn"; nocase; ) # h31543bb572ddba39a59035bc0f2bf4a2a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h31543bb572ddba39a59035bc0f2bf4a2a|02|ws"; nocase; ) # r20f9cbbf681f9919f293d2bf5f2ea6be1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r20f9cbbf681f9919f293d2bf5f2ea6be1|02|in"; nocase; ) # ab0e56fee2f0e82281f724dda1a09046a0.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab0e56fee2f0e82281f724dda1a09046a0|02|hk"; nocase; ) # d27be6b3f3675f15f42442c773d53ad605.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d27be6b3f3675f15f42442c773d53ad605|02|so"; nocase; ) # e868d340a5c729b373676af0e3c61a5db0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e868d340a5c729b373676af0e3c61a5db0|02|cc"; nocase; ) # ic902d701c41446e06f0d3763751ee6508.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ic902d701c41446e06f0d3763751ee6508|02|hk"; nocase; ) # l7012755919972a73f7badec803b6ca157.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7012755919972a73f7badec803b6ca157|02|so"; nocase; ) # b4186802bd9273e762deeb0856f659bf89.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b4186802bd9273e762deeb0856f659bf89|02|so"; nocase; ) # fb0227a4616237afd2d30ca695052bfff8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb0227a4616237afd2d30ca695052bfff8|02|in"; nocase; ) # q1fd07d153dd25a8e344d6b5a650480c67.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1fd07d153dd25a8e344d6b5a650480c67|02|tk"; nocase; ) # r8245764ff44b1300a7b953efc38c98dad.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r8245764ff44b1300a7b953efc38c98dad|02|so"; nocase; ) # be8d0396992f0fafadd3cd92fb72e4446e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be8d0396992f0fafadd3cd92fb72e4446e|02|ws"; nocase; ) # dceb935d52d58b8be17d1e02a3ba1c257e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dceb935d52d58b8be17d1e02a3ba1c257e|02|in"; nocase; ) # v4cbbe0dbe8cdb8b85015f1e1b2a335a3d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v4cbbe0dbe8cdb8b85015f1e1b2a335a3d|02|cn"; nocase; ) # b6ca240f5f7c98188d21c28a61f870120f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6ca240f5f7c98188d21c28a61f870120f|02|in"; nocase; ) # h61b0e4d0615bd4ab3af63e0242ce64344.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h61b0e4d0615bd4ab3af63e0242ce64344|02|ws"; nocase; ) # i703757a541671eb8d976a6893a99a9117.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i703757a541671eb8d976a6893a99a9117|02|to"; nocase; ) # k04c3f61de1611e3e8a7a06a41b7c1ea48.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k04c3f61de1611e3e8a7a06a41b7c1ea48|02|hk"; nocase; ) # obb357980c432cbbf930e3313d2fa25456.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obb357980c432cbbf930e3313d2fa25456|02|cc"; nocase; ) # ab23ebbe5dfd5da82a1d2847cb109d0ef7.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab23ebbe5dfd5da82a1d2847cb109d0ef7|02|hk"; nocase; ) # c778cd0052f44d789d6bd41667129da55e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c778cd0052f44d789d6bd41667129da55e|02|tk"; nocase; ) # d8680395ef63b66a698d078af78beea795.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d8680395ef63b66a698d078af78beea795|02|so"; nocase; ) # oadff8b5cc34c63acb9252504e18f67ab1.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oadff8b5cc34c63acb9252504e18f67ab1|02|to"; nocase; ) # r84d31a7b88612fc531bc2b26e37d30ab1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r84d31a7b88612fc531bc2b26e37d30ab1|02|cn"; nocase; ) # uae07008eb708da81271e64707457cedc7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uae07008eb708da81271e64707457cedc7|02|cc"; nocase; ) # yb4bcba27339486b98cab84e8eb8317e8d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yb4bcba27339486b98cab84e8eb8317e8d|02|hk"; nocase; ) # b0cef6316c50c8c4578a1c66c8b97c4a3b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0cef6316c50c8c4578a1c66c8b97c4a3b|02|so"; nocase; ) # j9b79d8bef7de2c9b07f1e8a8a9629ceae.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j9b79d8bef7de2c9b07f1e8a8a9629ceae|02|so"; nocase; ) # kd150409a8f21d9f382b40dddb2cc91fb6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kd150409a8f21d9f382b40dddb2cc91fb6|02|cc"; nocase; ) # cfea7c5b1a442f07cfafdecc10b56c77cb.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cfea7c5b1a442f07cfafdecc10b56c77cb|02|to"; nocase; ) # d3ba03309ec1920a0edf167d3a9de8685c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d3ba03309ec1920a0edf167d3a9de8685c|02|in"; nocase; ) # f87b372baacf826b559676649b0ab9b94a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f87b372baacf826b559676649b0ab9b94a|02|cn"; nocase; ) # g42ed08a8795fea09ecf68a95ba72bd82a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g42ed08a8795fea09ecf68a95ba72bd82a|02|tk"; nocase; ) # mbf3e7bf671c75fcc0b331b99c50d65fa8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mbf3e7bf671c75fcc0b331b99c50d65fa8|02|hk"; nocase; ) # nd77374d1b1ce6dab9f62ea9409e327e7b.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd77374d1b1ce6dab9f62ea9409e327e7b|02|cn"; nocase; ) # w5f315b97508b8d1846281099c233666b8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5f315b97508b8d1846281099c233666b8|02|tk"; nocase; ) # xc469630331c6ad4e26888c3156a078c0a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xc469630331c6ad4e26888c3156a078c0a|02|so"; nocase; ) # bfdf46b245ed1a81dd2053717f5eec8743.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bfdf46b245ed1a81dd2053717f5eec8743|02|in"; nocase; ) # h3fd057856c61a74b584f36b62d3088f94.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3fd057856c61a74b584f36b62d3088f94|02|ws"; nocase; ) # i103c0f83fd6dca19347de2840fc9e793b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i103c0f83fd6dca19347de2840fc9e793b|02|to"; nocase; ) # q7c5e9dd38dc76440fc733feecc7366ed8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q7c5e9dd38dc76440fc733feecc7366ed8|02|to"; nocase; ) # sddefc4ce3c939a8ddc44faae79119b891.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sddefc4ce3c939a8ddc44faae79119b891|02|hk"; nocase; ) # u2d387d0c0d9851aba63deb1bc835ac62d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u2d387d0c0d9851aba63deb1bc835ac62d|02|tk"; nocase; ) # wf9c5459c41d94baa95028e4a9fbdf4cbe.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wf9c5459c41d94baa95028e4a9fbdf4cbe|02|cc"; nocase; ) # xe2584f8ebb5394b4047df8c41055f70de.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe2584f8ebb5394b4047df8c41055f70de|02|ws"; nocase; ) # y6656d7ef593219325325d51661aae5039.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y6656d7ef593219325325d51661aae5039|02|to"; nocase; ) # b72b242b4e74d50bd0ba047bb098bb1a97.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b72b242b4e74d50bd0ba047bb098bb1a97|02|cn"; nocase; ) # e2274c48cac46461ee27c595e2afa71120.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e2274c48cac46461ee27c595e2afa71120|02|cc"; nocase; ) # mf221ba30f5144401ece0b7381b7fbec80.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mf221ba30f5144401ece0b7381b7fbec80|02|cc"; nocase; ) # wa57c18189650c27078c5689a6b0500681.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa57c18189650c27078c5689a6b0500681|02|to"; nocase; ) # y3ea2ba0bcebb0929c8243a081c623187c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y3ea2ba0bcebb0929c8243a081c623187c|02|hk"; nocase; ) # ze22a8eabec2d107d812b65bf23acb4cfd.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ze22a8eabec2d107d812b65bf23acb4cfd|02|cn"; nocase; ) # f639a0183e495bc4f92aebbf2aa03332a5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f639a0183e495bc4f92aebbf2aa03332a5|02|cn"; nocase; ) # w6d43dd85274034c392757fc0ba5b62cff.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w6d43dd85274034c392757fc0ba5b62cff|02|tk"; nocase; ) # y1d8a6bb9c752af14b0cc7c8c282ec97be.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y1d8a6bb9c752af14b0cc7c8c282ec97be|02|cc"; nocase; ) # zf1d838a15dcf0aadbda1fb3da9b6576bc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zf1d838a15dcf0aadbda1fb3da9b6576bc|02|ws"; nocase; ) # a4183cb7802d13090f4bb9041d1f7b4b1e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4183cb7802d13090f4bb9041d1f7b4b1e|02|to"; nocase; ) # f6d8b49456a537dc81ed15d4cbeaa01038.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6d8b49456a537dc81ed15d4cbeaa01038|02|so"; nocase; ) # s854ddbbc8ed364a202ca7084366101ca9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s854ddbbc8ed364a202ca7084366101ca9|02|hk"; nocase; ) # bb22a85b500d9adc89460086fb589b95a8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb22a85b500d9adc89460086fb589b95a8|02|cn"; nocase; ) # c00efe3cee2d5b8ab2acefd4415e1fa8ca.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c00efe3cee2d5b8ab2acefd4415e1fa8ca|02|tk"; nocase; ) # dd0552afb93c2c11ef9e44343d8d98b245.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd0552afb93c2c11ef9e44343d8d98b245|02|so"; nocase; ) # ede807f1cc27710227ecd040210cd3e15f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ede807f1cc27710227ecd040210cd3e15f|02|cc"; nocase; ) # fb4ed45dc5bb48dbb6d65f2e9435d16f4a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb4ed45dc5bb48dbb6d65f2e9435d16f4a|02|ws"; nocase; ) # k0b78f498add88a4902ea0fe319b202c98.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k0b78f498add88a4902ea0fe319b202c98|02|tk"; nocase; ) # lad467ffe6955720c2cd28e637fb781e96.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lad467ffe6955720c2cd28e637fb781e96|02|so"; nocase; ) # maaf3784ab03605dc44d34a1d9f14f5cbd.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|maaf3784ab03605dc44d34a1d9f14f5cbd|02|cc"; nocase; ) # n3ce48844c58d9371306bac48f25103753.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3ce48844c58d9371306bac48f25103753|02|ws"; nocase; ) # p003c8796025df95e85db9bed0cf7dd92e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p003c8796025df95e85db9bed0cf7dd92e|02|in"; nocase; ) # s8f65edfe2eb29947fb27219c55abcf365.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8f65edfe2eb29947fb27219c55abcf365|02|tk"; nocase; ) # v06a432914deb1b4ce133ce9f54faa2ca5.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v06a432914deb1b4ce133ce9f54faa2ca5|02|ws"; nocase; ) # ed5bbfed4406d5da6c4504479e97928b26.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ed5bbfed4406d5da6c4504479e97928b26|02|to"; nocase; ) # f0209232c6f136b663f8ae901ef9ef7d17.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0209232c6f136b663f8ae901ef9ef7d17|02|in"; nocase; ) # p1b5709948b87f8e3f0f9d40284099e9ff.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p1b5709948b87f8e3f0f9d40284099e9ff|02|cn"; nocase; ) # r2c86c9301d249fba205b1028b7b21ad07.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r2c86c9301d249fba205b1028b7b21ad07|02|so"; nocase; ) # sff11ac1561dc3fbb419a3d0c06e8c7fc0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sff11ac1561dc3fbb419a3d0c06e8c7fc0|02|cc"; nocase; ) # v53a7705d4a3d83b8d1c3e260b651cc3ae.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v53a7705d4a3d83b8d1c3e260b651cc3ae|02|in"; nocase; ) # y6e55e02a313862ae1b37e2c3087881afb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y6e55e02a313862ae1b37e2c3087881afb|02|tk"; nocase; ) # b922024cfda74d7889559d11900434bd38.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b922024cfda74d7889559d11900434bd38|02|ws"; nocase; ) # de92ca5a3b825d86e92efb7d91492f0443.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|de92ca5a3b825d86e92efb7d91492f0443|02|in"; nocase; ) # qbe2f132f9bfadf0a0b5943517bbcaf0d9.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qbe2f132f9bfadf0a0b5943517bbcaf0d9|02|cc"; nocase; ) # x7583bc172ef14430ffc655ce8cd6b6193.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7583bc172ef14430ffc655ce8cd6b6193|02|so"; nocase; ) # yc2b8f0c4658ce5c60340b362cf30b88ab.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc2b8f0c4658ce5c60340b362cf30b88ab|02|cc"; nocase; ) # b29ec3c66091e75dc626674e55068af767.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b29ec3c66091e75dc626674e55068af767|02|in"; nocase; ) # f04d3e0f22be2d68611613ac46675160f2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f04d3e0f22be2d68611613ac46675160f2|02|so"; nocase; ) # m5c0fb2431a1a360ea82a59cda5dbfa86f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m5c0fb2431a1a360ea82a59cda5dbfa86f|02|tk"; nocase; ) # o9e411045475f224b0bd932c7654abe4cb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o9e411045475f224b0bd932c7654abe4cb|02|cc"; nocase; ) # pbfdaa69e121e678e341431e823c3f6ef6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbfdaa69e121e678e341431e823c3f6ef6|02|ws"; nocase; ) # t0486ed18f08e0fe9c76fb93c0aa5d3059.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t0486ed18f08e0fe9c76fb93c0aa5d3059|02|cn"; nocase; ) # v9a2e8ad09a8e96cf00c4695f88a6eaa79.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9a2e8ad09a8e96cf00c4695f88a6eaa79|02|so"; nocase; ) # bdb2e88afd6aa8efd3525143bde7884549.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bdb2e88afd6aa8efd3525143bde7884549|02|cn"; nocase; ) # he85f4c8e686bb3b796840aff9d9c4a439.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|he85f4c8e686bb3b796840aff9d9c4a439|02|in"; nocase; ) # o749eff383e0743c74bc58375722c8a011.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o749eff383e0743c74bc58375722c8a011|02|to"; nocase; ) # q3b18ea2356f3da175793d91455b70e217.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q3b18ea2356f3da175793d91455b70e217|02|hk"; nocase; ) # s8e3d8c93825907ec71a9d9378af3b3503.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s8e3d8c93825907ec71a9d9378af3b3503|02|tk"; nocase; ) # y4730030d5c4510cbfb2731709f8ee8b95.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y4730030d5c4510cbfb2731709f8ee8b95|02|hk"; nocase; ) # a79512c4b3ae18ba53eeb7d6bf339f21c6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a79512c4b3ae18ba53eeb7d6bf339f21c6|02|tk"; nocase; ) # dc05c6957b7dcc81cee0c640b5532c5945.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dc05c6957b7dcc81cee0c640b5532c5945|02|ws"; nocase; ) # q56bfe819f4d03658c96816039311f7523.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q56bfe819f4d03658c96816039311f7523|02|tk"; nocase; ) # u17e622da990d73005ef73e93450630819.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u17e622da990d73005ef73e93450630819|02|to"; nocase; ) # ybf12630b5d62c68b20c3e5d0d6c212c9c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ybf12630b5d62c68b20c3e5d0d6c212c9c|02|tk"; nocase; ) # z6cbec15c11cdd02f6ce5b5f9eb3dee9ae.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z6cbec15c11cdd02f6ce5b5f9eb3dee9ae|02|so"; nocase; ) # be83d6b24485729391118f9398eecd44c4.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be83d6b24485729391118f9398eecd44c4|02|ws"; nocase; ) # k3fb09ea510227cb5186ee797a3e131a9e.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k3fb09ea510227cb5186ee797a3e131a9e|02|to"; nocase; ) # oa83226505ccf527327a0ce7248d91ea6f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oa83226505ccf527327a0ce7248d91ea6f|02|tk"; nocase; ) # be6c140e69d105dcb7b29e6221d9299f2f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|be6c140e69d105dcb7b29e6221d9299f2f|02|in"; nocase; ) # lb182bea73912e2e3658cc81e784219f38.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lb182bea73912e2e3658cc81e784219f38|02|cn"; nocase; ) # q80940d95f56c0986af7f419edb13916d4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q80940d95f56c0986af7f419edb13916d4|02|to"; nocase; ) # s4999ec41c753a665ecfc454c0ca228ff5.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s4999ec41c753a665ecfc454c0ca228ff5|02|hk"; nocase; ) # te43676a088645862c316bc9876f1a49a0.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te43676a088645862c316bc9876f1a49a0|02|cn"; nocase; ) # e810c4270431d54f181344e31e8294e1f2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e810c4270431d54f181344e31e8294e1f2|02|cc"; nocase; ) # k2664de8d34ac638f01d28a39dcaf426f0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k2664de8d34ac638f01d28a39dcaf426f0|02|tk"; nocase; ) # m3990796f175bf6287bc6014ede6bd7a57.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m3990796f175bf6287bc6014ede6bd7a57|02|cc"; nocase; ) # pbe78e5c7870a7c88b67e842f6647de12f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pbe78e5c7870a7c88b67e842f6647de12f|02|in"; nocase; ) # qecc22111d6f46270c20c1524f0d5bcf62.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qecc22111d6f46270c20c1524f0d5bcf62|02|hk"; nocase; ) # b57bc6b662f4a038767dd7bbf449d573de.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b57bc6b662f4a038767dd7bbf449d573de|02|so"; nocase; ) # c7fb42a61873ad8537b290ccbcbab55357.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c7fb42a61873ad8537b290ccbcbab55357|02|cc"; nocase; ) # ecf46aaffeae4358bfcf74812b539e9399.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ecf46aaffeae4358bfcf74812b539e9399|02|to"; nocase; ) # k069b97f3d65a5f6c73433001f5c5fa77f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k069b97f3d65a5f6c73433001f5c5fa77f|02|cc"; nocase; ) # n0f10542801a5add3a957026af59d5f7f9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n0f10542801a5add3a957026af59d5f7f9|02|in"; nocase; ) # u03b9dab30aea4379efda5035c6c3bdc5a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u03b9dab30aea4379efda5035c6c3bdc5a|02|to"; nocase; ) # vaaa1516eb840c2a5b2575a6b5521b7e4e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vaaa1516eb840c2a5b2575a6b5521b7e4e|02|in"; nocase; ) # wca283093761e50341cb9f3380e22008a3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wca283093761e50341cb9f3380e22008a3|02|hk"; nocase; ) # xb960a9621aa475d83146d4dfac8a50b35.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb960a9621aa475d83146d4dfac8a50b35|02|cn"; nocase; ) # a9b680cf1f1e2e4e4df68a7eb742f22c48.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a9b680cf1f1e2e4e4df68a7eb742f22c48|02|cc"; nocase; ) # z952a43661efeb291ced2623f38e5d6e9e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z952a43661efeb291ced2623f38e5d6e9e|02|ws"; nocase; ) # ia8d831fd77104116ee060464439369b01.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia8d831fd77104116ee060464439369b01|02|to"; nocase; ) # o6eaea45fad4a61d4a2809f333f905ad4b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o6eaea45fad4a61d4a2809f333f905ad4b|02|cc"; nocase; ) # yb6e00dadde3acac24ca37fce1552b0bab.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yb6e00dadde3acac24ca37fce1552b0bab|02|to"; nocase; ) # z2d7fce77be584b67bf89c1b6bee7ad585.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z2d7fce77be584b67bf89c1b6bee7ad585|02|in"; nocase; ) # kb137f57f1416588bd95b8b54bd0498866.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kb137f57f1416588bd95b8b54bd0498866|02|tk"; nocase; ) # lfa23b5aafb1ee18f9a38ecd28abe61783.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lfa23b5aafb1ee18f9a38ecd28abe61783|02|so"; nocase; ) # nd6eeb15a52a25ff8266ac6637c6b3becc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nd6eeb15a52a25ff8266ac6637c6b3becc|02|ws"; nocase; ) # pe0c51789e96dfb9fdb7aeb426d8f5a760.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pe0c51789e96dfb9fdb7aeb426d8f5a760|02|in"; nocase; ) # rcc73c7467801edaab0e51144fd4bf1997.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rcc73c7467801edaab0e51144fd4bf1997|02|cn"; nocase; ) # yad4828ba753965b267f255191b4f57d01.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yad4828ba753965b267f255191b4f57d01|02|hk"; nocase; ) # b9b8d1acf7df5f9431ec7023114f0f9447.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b9b8d1acf7df5f9431ec7023114f0f9447|02|so"; nocase; ) # f516274a60455f341fc3fa012011ef4abb.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f516274a60455f341fc3fa012011ef4abb|02|in"; nocase; ) # v45fe484c1cb867267c2748fb275027108.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v45fe484c1cb867267c2748fb275027108|02|in"; nocase; ) # zcc38820624e218d36516eae5e1e96475f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zcc38820624e218d36516eae5e1e96475f|02|so"; nocase; ) # a89589afad5b76f854b32366c7dd7827d3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a89589afad5b76f854b32366c7dd7827d3|02|cc"; nocase; ) # b034f1a38f5efa9bc332981ff5625d4323.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b034f1a38f5efa9bc332981ff5625d4323|02|ws"; nocase; ) # eb6b4617ec259bb09617a741da83265be4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eb6b4617ec259bb09617a741da83265be4|02|hk"; nocase; ) # f6939a52668b7385a56ffdb15b2fc8c722.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f6939a52668b7385a56ffdb15b2fc8c722|02|cn"; nocase; ) # h7e2ce094c2e4d2b28ffd2c684cd4c6dbf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h7e2ce094c2e4d2b28ffd2c684cd4c6dbf|02|so"; nocase; ) # x6b3b108af0696812dbdda6ae2cf46da59.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x6b3b108af0696812dbdda6ae2cf46da59|02|so"; nocase; ) # z64e3d935bc46bf37cff3d02137f55840a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z64e3d935bc46bf37cff3d02137f55840a|02|ws"; nocase; ) # r49033ce14e825496ad5eda8d99b1c412e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r49033ce14e825496ad5eda8d99b1c412e|02|in"; nocase; ) # ca5a83f023c8627f8f49945badeaf24989.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ca5a83f023c8627f8f49945badeaf24989|02|tk"; nocase; ) # f1042fbe42c162c1edf8b4a9f59cc7175d.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f1042fbe42c162c1edf8b4a9f59cc7175d|02|ws"; nocase; ) # i8833fbf0af4d056607b4d132642d00e10.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i8833fbf0af4d056607b4d132642d00e10|02|hk"; nocase; ) # nb8205c61ec29c91d1af2c96ad7d49edd8.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb8205c61ec29c91d1af2c96ad7d49edd8|02|ws"; nocase; ) # ua5feb5cb80b4bf213cd2fd5d6c8c1eb6b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua5feb5cb80b4bf213cd2fd5d6c8c1eb6b|02|cc"; nocase; ) # vfc63acffba66c539fcf6c6fb32df9c391.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vfc63acffba66c539fcf6c6fb32df9c391|02|ws"; nocase; ) # wc4085aea4deec8a98c8da1aa99b151e5f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wc4085aea4deec8a98c8da1aa99b151e5f|02|to"; nocase; ) # y253c8a3568925d7197cde54a8c6aafd11.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y253c8a3568925d7197cde54a8c6aafd11|02|hk"; nocase; ) # e83af518a46bc2659a41d3aa035317aa94.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e83af518a46bc2659a41d3aa035317aa94|02|to"; nocase; ) # g423b092d1bbd53b10fe62bd6389f55e31.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g423b092d1bbd53b10fe62bd6389f55e31|02|hk"; nocase; ) # m87e51d1753a6d9d0cca093cb409629bc9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m87e51d1753a6d9d0cca093cb409629bc9|02|to"; nocase; ) # o8ee848b890df5ccd73a207f896435a8f8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8ee848b890df5ccd73a207f896435a8f8|02|hk"; nocase; ) # tafd06d7fc60e52e557519be1ae96f8049.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tafd06d7fc60e52e557519be1ae96f8049|02|ws"; nocase; ) # uab8eea67dfd86c525baf6dcd4dc9dc73d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uab8eea67dfd86c525baf6dcd4dc9dc73d|02|to"; nocase; ) # w1e2bc4a23e1f565de4da0c855746d52df.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1e2bc4a23e1f565de4da0c855746d52df|02|hk"; nocase; ) # e922606963e5ac7a5c16dc830adf6502a4.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e922606963e5ac7a5c16dc830adf6502a4|02|hk"; nocase; ) # k83ebfc7ee995d4809212af0dc5822c2de.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k83ebfc7ee995d4809212af0dc5822c2de|02|to"; nocase; ) # p9dd75c0edfd357e24833126731d54a053.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p9dd75c0edfd357e24833126731d54a053|02|so"; nocase; ) # aa8d484871df34e7767bc4182a79a2978d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aa8d484871df34e7767bc4182a79a2978d|02|to"; nocase; ) # b1dc36dc300f230fa2cdad9ca0aefe216c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b1dc36dc300f230fa2cdad9ca0aefe216c|02|in"; nocase; ) # feb9788d0405ba5460fdc7b1fa82a64cee.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|feb9788d0405ba5460fdc7b1fa82a64cee|02|so"; nocase; ) # b6e60f2663c92fbff1a55210bc154abb30.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b6e60f2663c92fbff1a55210bc154abb30|02|cn"; nocase; ) # c8f2b16c5da9f1da9a9b9a9086989d7c42.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c8f2b16c5da9f1da9a9b9a9086989d7c42|02|tk"; nocase; ) # hc9a79aead98871ef4d84541b6ca806bb6.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044524; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc9a79aead98871ef4d84541b6ca806bb6|02|in"; nocase; ) # ka1d03f3dbdfeec07ec4fbca2592bd1c98.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044525; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka1d03f3dbdfeec07ec4fbca2592bd1c98|02|to"; nocase; ) # l2982d4e177641f88d8e04e66345c5662b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044526; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l2982d4e177641f88d8e04e66345c5662b|02|in"; nocase; ) # yc82da888651472b440c01d60ebbb7e45d.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044527; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yc82da888651472b440c01d60ebbb7e45d|02|cc"; nocase; ) # q9feb30b82601a88f19f7cb26d38149626.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044528; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q9feb30b82601a88f19f7cb26d38149626|02|to"; nocase; ) # t6f9a8ae6c28b90c65f95c88398002d19e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044529; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6f9a8ae6c28b90c65f95c88398002d19e|02|cn"; nocase; ) # vf7ff1697599a3d1d16bb149ae88b73745.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044530; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|vf7ff1697599a3d1d16bb149ae88b73745|02|so"; nocase; ) # d1687629a562cb96d84277111af2eba36f.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044531; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d1687629a562cb96d84277111af2eba36f|02|so"; nocase; ) # h786d627f7ecb509b8161aa59b3a95c4e8.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044532; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h786d627f7ecb509b8161aa59b3a95c4e8|02|in"; nocase; ) # icda82aca3c3b29a8b4a8638188545b2b9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044533; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|icda82aca3c3b29a8b4a8638188545b2b9|02|hk"; nocase; ) # n1ab9710dab2f6352bd910214bb6f65121.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044534; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1ab9710dab2f6352bd910214bb6f65121|02|ws"; nocase; ) # o8768816be4ec39e906093a10b51e9e0ac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044535; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o8768816be4ec39e906093a10b51e9e0ac|02|to"; nocase; ) # r062e1d531b26ec92c03e0c099f75ea33d.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044536; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r062e1d531b26ec92c03e0c099f75ea33d|02|cn"; nocase; ) # d87f5b16d9235b0872cf7600486ec213fd.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044537; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d87f5b16d9235b0872cf7600486ec213fd|02|ws"; nocase; ) # ea294bb961616b0cd9dfee6e396697f9e9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044538; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ea294bb961616b0cd9dfee6e396697f9e9|02|to"; nocase; ) # o1a453b1135f1d036dce3cc879d497f0c3.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044539; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o1a453b1135f1d036dce3cc879d497f0c3|02|hk"; nocase; ) # q64cfca2baa0f1ae1d4c1b4df8ec3fc2b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044540; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q64cfca2baa0f1ae1d4c1b4df8ec3fc2b7|02|tk"; nocase; ) # id8cba1bf251087f3a72f6497ae37e4635.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044541; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|id8cba1bf251087f3a72f6497ae37e4635|02|cc"; nocase; ) # q1c989d91f0d43d9ad2362cc37b97aed74.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044542; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q1c989d91f0d43d9ad2362cc37b97aed74|02|cc"; nocase; ) # u141f117d3ddd995823c9408c00aff8882.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044543; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u141f117d3ddd995823c9408c00aff8882|02|hk"; nocase; ) # a33e6ec136c1c248b357921918ca0b89ac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044544; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a33e6ec136c1c248b357921918ca0b89ac|02|to"; nocase; ) # c298db380a59538a430ebf3f1c7bd68640.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044545; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c298db380a59538a430ebf3f1c7bd68640|02|hk"; nocase; ) # f2a26ffe71d8fa7292ca393a4750dd9184.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044546; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2a26ffe71d8fa7292ca393a4750dd9184|02|so"; nocase; ) # n16bd098d9173bad25c6b479f5df5e3971.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044547; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n16bd098d9173bad25c6b479f5df5e3971|02|so"; nocase; ) # t30e4ffe58c22948cadd28e4e6f5b4377c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044548; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t30e4ffe58c22948cadd28e4e6f5b4377c|02|cn"; nocase; ) # bb544b35b7a39b8b6397afaa707c3e57ba.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044549; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bb544b35b7a39b8b6397afaa707c3e57ba|02|cn"; nocase; ) # fe584e0861e32dcb65f993b9fcebabb2dc.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044550; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fe584e0861e32dcb65f993b9fcebabb2dc|02|ws"; nocase; ) # k1d3a4ab3ce83bd1ac505bb24281fc8e06.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044551; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k1d3a4ab3ce83bd1ac505bb24281fc8e06|02|tk"; nocase; ) # nea257ffc63628491afe33a9f99d441906.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044552; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nea257ffc63628491afe33a9f99d441906|02|ws"; nocase; ) # t86dbaf57613a589b6fb707904ac566db7.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044553; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t86dbaf57613a589b6fb707904ac566db7|02|so"; nocase; ) # af88977449b2e4e6ba6c057d204cf8490d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044554; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|af88977449b2e4e6ba6c057d204cf8490d|02|tk"; nocase; ) # f98f67012e52481f9c2c2a7edffa422925.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044555; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f98f67012e52481f9c2c2a7edffa422925|02|in"; nocase; ) # gbffa1cb1aa3eb0ce61e6a333b7f9bb863.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044556; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gbffa1cb1aa3eb0ce61e6a333b7f9bb863|02|hk"; nocase; ) # ie5ccc4169ff623d6d8e5af90513ac21e4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044557; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ie5ccc4169ff623d6d8e5af90513ac21e4|02|tk"; nocase; ) # nc2b114df61f96bc9185f58a1cfaa98271.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044558; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nc2b114df61f96bc9185f58a1cfaa98271|02|in"; nocase; ) # v25fdb4a225d68b249d7f9caf4c2e1c7de.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044559; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v25fdb4a225d68b249d7f9caf4c2e1c7de|02|in"; nocase; ) # x0f7b817f3754778edfef39ba2e55b13d6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044560; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x0f7b817f3754778edfef39ba2e55b13d6|02|cn"; nocase; ) # e12d8a43ac9d145c2abc2041597f2b8363.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044561; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e12d8a43ac9d145c2abc2041597f2b8363|02|hk"; nocase; ) # h5a5aa10ca8dd06667119ad1ab628e488c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044562; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h5a5aa10ca8dd06667119ad1ab628e488c|02|so"; nocase; ) # l0b4c03b7f8568a8d2ad9dd39ab7367507.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044563; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l0b4c03b7f8568a8d2ad9dd39ab7367507|02|in"; nocase; ) # oe210f97e68998702cb6a36a9c5aa0b363.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044564; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oe210f97e68998702cb6a36a9c5aa0b363|02|tk"; nocase; ) # qee5f95ed53393600969110f02a2d3f505.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044565; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qee5f95ed53393600969110f02a2d3f505|02|cc"; nocase; ) # sba26f56f6fef04a4bd8bdc16378d39064.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044566; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sba26f56f6fef04a4bd8bdc16378d39064|02|to"; nocase; ) # xbbdb7fdd5d2ac842c15943e2096da4f40.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044567; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xbbdb7fdd5d2ac842c15943e2096da4f40|02|so"; nocase; ) # z9f1d2f11a2cf0e111c597814f90d93563.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044568; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z9f1d2f11a2cf0e111c597814f90d93563|02|ws"; nocase; ) # c6b95de433f010115da8bd0b659f3c902e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044569; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c6b95de433f010115da8bd0b659f3c902e|02|hk"; nocase; ) # f2d1047d1d652e083ac76097ac2b0033a8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044570; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f2d1047d1d652e083ac76097ac2b0033a8|02|so"; nocase; ) # td69ee48935c6608eb43580c78f4e2e063.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044571; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|td69ee48935c6608eb43580c78f4e2e063|02|cn"; nocase; ) # n4e7cae33139e67979dc0544cad7b92cd0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044572; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n4e7cae33139e67979dc0544cad7b92cd0|02|ws"; nocase; ) # t6087a33d61b128e8fbfa687cae3c566ea.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044573; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t6087a33d61b128e8fbfa687cae3c566ea|02|so"; nocase; ) # afd512a41d0d7f927605a9493c7f54d42a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044574; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|afd512a41d0d7f927605a9493c7f54d42a|02|tk"; nocase; ) # lb43d78d46c7903f02dce40385e3fd1437.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044575; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lb43d78d46c7903f02dce40385e3fd1437|02|ws"; nocase; ) # d3c56bb0058c6a07570a7b66b2cf03f478.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044576; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d3c56bb0058c6a07570a7b66b2cf03f478|02|in"; nocase; ) # lf0a518464d7182083d1381b5b1231dc23.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044577; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lf0a518464d7182083d1381b5b1231dc23|02|in"; nocase; ) # s9237373660a5cc60a429777394f132707.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044578; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s9237373660a5cc60a429777394f132707|02|to"; nocase; ) # ohunkbqjwx1f5pc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044579; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|ohunkbqjwx1f5pc|04|ddns|03|net"; nocase; ) # yrcl5x16mvylely4s27.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044580; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|yrcl5x16mvylely4s27|04|ddns|03|net"; nocase; ) # grw0ejal7p76ujsbs65.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044581; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|grw0ejal7p76ujsbs65|04|ddns|03|net"; nocase; ) # mfgdqj3tw2ax7v7tmbw63ni.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044582; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|mfgdqj3tw2ax7v7tmbw63ni|04|ddns|03|net"; nocase; ) # uqkuteukahgaac.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044583; reference:url,osint.bambenekconsulting.com/manual/symmi.txt; priority:1; content:"|0e|uqkuteukahgaac|04|ddns|03|net"; nocase; ) # i4e2o8apwx7lg0u8mts.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044584; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|i4e2o8apwx7lg0u8mts|04|ddns|03|net"; nocase; ) # i4ong8abqxyhs4g4a25.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044585; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|i4ong8abqxyhs4g4a25|04|ddns|03|net"; nocase; ) # alatev5n3dyt7hej7nih38g.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044586; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|alatev5n3dyt7hej7nih38g|04|ddns|03|net"; nocase; ) # ersfgtcbkdabc0kbun7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044587; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|ersfgtcbkdabc0kbun7|04|ddns|03|net"; nocase; ) # 18qt3hcjo2uriv3twnm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044588; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|18qt3hcjo2uriv3twnm|04|ddns|03|net"; nocase; ) # 5rcngrqb3lera6k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044589; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|5rcngrqb3lera6k|04|ddns|03|net"; nocase; ) # u6yro2u2c6mjmbov1hyl7pk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044590; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|u6yro2u2c6mjmbov1hyl7pk|04|ddns|03|net"; nocase; ) # mx1vk07ncb14gbu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044591; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|mx1vk07ncb14gbu|04|ddns|03|net"; nocase; ) # klvpfcewk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044592; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|klvpfcewk|04|info"; nocase; ) # mzgace.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044593; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mzgace|03|com"; nocase; ) # pedxhqi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pedxhqi|03|biz"; nocase; ) # lzpeslgig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lzpeslgig|03|com"; nocase; ) # iknobvlhmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iknobvlhmm|03|org"; nocase; ) # enpumnnhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|enpumnnhm|03|com"; nocase; ) # hfosjilvuwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|hfosjilvuwp|04|info"; nocase; ) # ztazpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ztazpc|03|biz"; nocase; ) # xfafvmd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xfafvmd|03|org"; nocase; ) # fxyimau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fxyimau|03|com"; nocase; ) # atddwcqwmc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|atddwcqwmc|03|org"; nocase; ) # wjnjshrzelp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wjnjshrzelp|03|org"; nocase; ) # ycrldzemu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ycrldzemu|03|org"; nocase; ) # ipfvgasfiwt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ipfvgasfiwt|04|info"; nocase; ) # ikhrfymmyes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ikhrfymmyes|03|com"; nocase; ) # ycexupss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ycexupss|03|net"; nocase; ) # drdudkirv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|drdudkirv|03|net"; nocase; ) # tgemnrz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tgemnrz|03|net"; nocase; ) # fhrbtszi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fhrbtszi|04|info"; nocase; ) # vzvwoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vzvwoc|03|biz"; nocase; ) # bmpwcplb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bmpwcplb|03|org"; nocase; ) # fbnixngr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fbnixngr|03|com"; nocase; ) # tsjgvsbbeoh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tsjgvsbbeoh|03|biz"; nocase; ) # wfzhkg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wfzhkg|03|org"; nocase; ) # amihyalel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|amihyalel|03|com"; nocase; ) # jlouptyky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jlouptyky|03|org"; nocase; ) # ilxxwrpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ilxxwrpa|03|biz"; nocase; ) # cutzllq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|cutzllq|03|org"; nocase; ) # maxennphhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|maxennphhs|03|com"; nocase; ) # xsftgkejks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xsftgkejks|03|org"; nocase; ) # akimyuks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|akimyuks|03|org"; nocase; ) # soumrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|soumrh|03|net"; nocase; ) # bvdjka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bvdjka|03|org"; nocase; ) # ckdhssk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ckdhssk|03|net"; nocase; ) # zgqjhxqlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zgqjhxqlw|03|org"; nocase; ) # kboqbzj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kboqbzj|04|info"; nocase; ) # ikpadvkunr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ikpadvkunr|03|biz"; nocase; ) # fvdjhqbssqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|fvdjhqbssqk|03|biz"; nocase; ) # uzadpce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uzadpce|03|com"; nocase; ) # txmkvss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|txmkvss|03|net"; nocase; ) # uiohhsbzdw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uiohhsbzdw|03|com"; nocase; ) # kgcsmsth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kgcsmsth|03|net"; nocase; ) # yzhgjlkcujs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|yzhgjlkcujs|03|org"; nocase; ) # ozvrmcvyklc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ozvrmcvyklc|03|org"; nocase; ) # twmgcficj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|twmgcficj|03|com"; nocase; ) # tdbydsmaqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tdbydsmaqd|03|biz"; nocase; ) # aqzholykbx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|aqzholykbx|03|com"; nocase; ) # hmqqakwcee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hmqqakwcee|03|com"; nocase; ) # ntjngnsugo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ntjngnsugo|03|com"; nocase; ) # nuqsfckhkp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nuqsfckhkp|03|org"; nocase; ) # mixhsxsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mixhsxsz|03|net"; nocase; ) # ujzqedqj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ujzqedqj|03|biz"; nocase; ) # rnjaletrje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rnjaletrje|03|org"; nocase; ) # gpxdulxv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gpxdulxv|04|info"; nocase; ) # ahluhqmx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ahluhqmx|03|org"; nocase; ) # hbyxfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hbyxfw|03|com"; nocase; ) # etqwcaguuix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|etqwcaguuix|03|com"; nocase; ) # csinokd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|csinokd|03|org"; nocase; ) # hzdxkjcip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hzdxkjcip|03|com"; nocase; ) # pbwkxwcxnh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pbwkxwcxnh|03|biz"; nocase; ) # mwqjjo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mwqjjo|03|org"; nocase; ) # ierfls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ierfls|03|org"; nocase; ) # xqzwdfdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xqzwdfdo|03|com"; nocase; ) # ihufvuayzhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ihufvuayzhs|03|com"; nocase; ) # tvggnf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tvggnf|03|biz"; nocase; ) # fyjhhgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fyjhhgk|03|com"; nocase; ) # swljfvt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|swljfvt|04|info"; nocase; ) # zljpdhak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zljpdhak|03|com"; nocase; ) # vrddriovdcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vrddriovdcd|03|com"; nocase; ) # fgqdnbi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fgqdnbi|03|com"; nocase; ) # lvsktp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lvsktp|03|net"; nocase; ) # nrcucfb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nrcucfb|03|com"; nocase; ) # ryyfuej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ryyfuej|03|com"; nocase; ) # pmygbwcmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pmygbwcmr|03|org"; nocase; ) # xtarect.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xtarect|03|com"; nocase; ) # rmthxgmtelo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rmthxgmtelo|03|org"; nocase; ) # ppywzmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ppywzmf|03|org"; nocase; ) # tfxqje.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tfxqje|03|org"; nocase; ) # eorumnoqga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|eorumnoqga|03|com"; nocase; ) # gwpnkpsdi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gwpnkpsdi|03|com"; nocase; ) # jnprmhbbn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jnprmhbbn|03|com"; nocase; ) # fwbijxqk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fwbijxqk|03|biz"; nocase; ) # nskbnhfqyju.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|nskbnhfqyju|03|org"; nocase; ) # fwdishmt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fwdishmt|03|org"; nocase; ) # dkaxlqaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dkaxlqaz|03|com"; nocase; ) # jgyqfzpzd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|jgyqfzpzd|04|info"; nocase; ) # kajgxrn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|kajgxrn|03|net"; nocase; ) # yqfimxrhs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yqfimxrhs|03|com"; nocase; ) # dnfiqtnix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|dnfiqtnix|03|com"; nocase; ) # hjzifjhqxc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hjzifjhqxc|04|info"; nocase; ) # inwianrcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|inwianrcu|03|com"; nocase; ) # nykpzvtyoh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nykpzvtyoh|03|biz"; nocase; ) # nedapzk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nedapzk|04|info"; nocase; ) # aemryewe.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|aemryewe|04|info"; nocase; ) # cdzklxkwehc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cdzklxkwehc|03|com"; nocase; ) # ppzbzsxggpc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ppzbzsxggpc|03|biz"; nocase; ) # resisemztq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|resisemztq|03|net"; nocase; ) # styxeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|styxeb|03|com"; nocase; ) # eyhozgtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eyhozgtt|03|net"; nocase; ) # ignrdlzse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ignrdlzse|03|net"; nocase; ) # ermvgphhrkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ermvgphhrkb|03|org"; nocase; ) # jtzkkztz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jtzkkztz|03|net"; nocase; ) # qjrafb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qjrafb|03|com"; nocase; ) # frwacqkoks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|frwacqkoks|03|org"; nocase; ) # ybxdrukaae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ybxdrukaae|03|com"; nocase; ) # arfwjsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|arfwjsw|03|net"; nocase; ) # hsadnzh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hsadnzh|04|info"; nocase; ) # hlbzhebml.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hlbzhebml|03|org"; nocase; ) # usupvacszzx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|usupvacszzx|04|info"; nocase; ) # tflrmbjj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tflrmbjj|03|org"; nocase; ) # qwvoropp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qwvoropp|03|biz"; nocase; ) # zgbsuum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zgbsuum|03|net"; nocase; ) # litnluhrlpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|litnluhrlpt|03|biz"; nocase; ) # pgcnavhenw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pgcnavhenw|03|biz"; nocase; ) # ugjchpbkzgz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ugjchpbkzgz|03|com"; nocase; ) # wgxvolvtyua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wgxvolvtyua|03|net"; nocase; ) # ocuwubo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ocuwubo|03|com"; nocase; ) # zrtkrtsjmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zrtkrtsjmq|03|org"; nocase; ) # llzpbwbhfmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|llzpbwbhfmr|03|org"; nocase; ) # ikuwqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ikuwqq|03|biz"; nocase; ) # ezyefytfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ezyefytfx|03|com"; nocase; ) # bveunnmagi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bveunnmagi|03|com"; nocase; ) # scghyrerxkz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|scghyrerxkz|03|org"; nocase; ) # tbphrhizonp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|tbphrhizonp|03|biz"; nocase; ) # cctkttnu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cctkttnu|03|biz"; nocase; ) # bzplybe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bzplybe|03|com"; nocase; ) # ppwwzlja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ppwwzlja|03|org"; nocase; ) # dgnasawzfn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dgnasawzfn|03|com"; nocase; ) # dwkvgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dwkvgl|03|com"; nocase; ) # ctvspbmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ctvspbmy|03|org"; nocase; ) # lxqwkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lxqwkm|03|org"; nocase; ) # dkhmokhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dkhmokhe|03|com"; nocase; ) # fcrcmjy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fcrcmjy|03|org"; nocase; ) # tpidrws.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tpidrws|04|info"; nocase; ) # seqtyaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|seqtyaj|03|com"; nocase; ) # fybemoplcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|fybemoplcu|03|com"; nocase; ) # dkrzmexguj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dkrzmexguj|03|net"; nocase; ) # wfjiqyl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wfjiqyl|04|info"; nocase; ) # ylntpctfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ylntpctfy|03|com"; nocase; ) # plxhtzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|plxhtzr|04|info"; nocase; ) # punriryg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|punriryg|04|info"; nocase; ) # lumcpkcej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|lumcpkcej|03|com"; nocase; ) # tqmihv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|tqmihv|03|com"; nocase; ) # vjeguimxxx.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vjeguimxxx|04|info"; nocase; ) # igzyls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|igzyls|03|org"; nocase; ) # oxxyxzm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oxxyxzm|04|info"; nocase; ) # plgkgsqwl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|plgkgsqwl|04|info"; nocase; ) # zyvdabufnuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zyvdabufnuj|03|net"; nocase; ) # rxqreqmqro.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rxqreqmqro|03|net"; nocase; ) # uuzxeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|uuzxeo|03|com"; nocase; ) # hzdycxc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|hzdycxc|04|info"; nocase; ) # biwoffce.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|biwoffce|03|com"; nocase; ) # zyauebtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zyauebtu|03|net"; nocase; ) # vnkryevbnas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vnkryevbnas|03|com"; nocase; ) # okqvlfya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|okqvlfya|04|info"; nocase; ) # clpfutrpd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|clpfutrpd|03|biz"; nocase; ) # rilwhx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rilwhx|03|com"; nocase; ) # lhfyafgw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lhfyafgw|03|com"; nocase; ) # qgjscw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qgjscw|03|com"; nocase; ) # kghcwnmaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kghcwnmaj|03|com"; nocase; ) # cdcozjoc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cdcozjoc|03|biz"; nocase; ) # jshymnx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jshymnx|03|biz"; nocase; ) # pydvcyt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|pydvcyt|04|info"; nocase; ) # mecmxqth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mecmxqth|03|net"; nocase; ) # updorosukkk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|updorosukkk|03|org"; nocase; ) # bghrqyia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044757; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bghrqyia|03|com"; nocase; ) # mbqujxhtmng.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044758; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mbqujxhtmng|03|biz"; nocase; ) # enarjtov.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044759; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|enarjtov|03|biz"; nocase; ) # jwotwvdgwm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044760; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jwotwvdgwm|04|info"; nocase; ) # rzfeka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044761; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|rzfeka|03|org"; nocase; ) # yxvdvz.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044762; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|yxvdvz|04|info"; nocase; ) # cbklzqkutn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044763; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cbklzqkutn|03|net"; nocase; ) # iwbgynrq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044764; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|iwbgynrq|03|net"; nocase; ) # hqxkgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044765; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|hqxkgi|03|com"; nocase; ) # niietbdxrx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044766; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|niietbdxrx|03|net"; nocase; ) # zfgxtcow.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044767; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zfgxtcow|03|biz"; nocase; ) # efxgymh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044768; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|efxgymh|03|org"; nocase; ) # qulsfaujmzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044769; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qulsfaujmzi|04|info"; nocase; ) # vxoguhuloz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044770; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vxoguhuloz|03|biz"; nocase; ) # utyaieguqwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044771; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|utyaieguqwp|04|info"; nocase; ) # zggdvgswnt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044772; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|zggdvgswnt|03|biz"; nocase; ) # kqnqxfizcqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044773; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|kqnqxfizcqw|03|biz"; nocase; ) # krzxgsfaver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044774; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|krzxgsfaver|03|com"; nocase; ) # iczydfgtke.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044775; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|iczydfgtke|03|org"; nocase; ) # wfzujevs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044776; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|wfzujevs|04|info"; nocase; ) # nmxqffpnsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044777; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nmxqffpnsv|03|net"; nocase; ) # ecnoxvjrzeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044778; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ecnoxvjrzeo|03|com"; nocase; ) # qmojqw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044779; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qmojqw|03|biz"; nocase; ) # xsubvwmi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044780; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xsubvwmi|03|org"; nocase; ) # hqhojjwn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044781; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hqhojjwn|04|info"; nocase; ) # qpvmtbnpnv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044782; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qpvmtbnpnv|03|biz"; nocase; ) # zjpzwpuyxew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044783; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zjpzwpuyxew|03|com"; nocase; ) # rotomilwj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044784; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rotomilwj|04|info"; nocase; ) # appfypehlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044785; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|appfypehlq|03|org"; nocase; ) # uuysnikkevj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044786; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uuysnikkevj|04|info"; nocase; ) # hlfhbgpb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044787; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hlfhbgpb|03|biz"; nocase; ) # fqsjuvp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044788; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fqsjuvp|04|info"; nocase; ) # sbhxhmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044789; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sbhxhmf|03|org"; nocase; ) # nwxkefgjih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044790; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|nwxkefgjih|03|com"; nocase; ) # bpfkxh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044791; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bpfkxh|04|info"; nocase; ) # asdicqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044792; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|asdicqz|03|biz"; nocase; ) # kkddfceamklokbom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044793; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kkddfceamklokbom|03|com"; nocase; ) # dbanoadbbodelfne.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044794; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbanoadbbodelfne|02|de"; nocase; ) # ckadalcadfmlfaed.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044795; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ckadalcadfmlfaed|02|eu"; nocase; ) # eomcaclcfaadcoac.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044796; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|eomcaclcfaadcoac|02|cc"; nocase; ) # fccadmmamfkddfbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044797; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fccadmmamfkddfbm|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # aocfkamdfcfdmloo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044798; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aocfkamdfcfdmloo|03|com"; nocase; ) # adbclnblanblfbed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044799; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|adbclnblanblfbed|03|net"; nocase; ) # bobmbfnemecaakbb.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044800; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bobmbfnemecaakbb|02|co"; nocase; ) # kalmmnbfbdcnbddf.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044801; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|kalmmnbfbdcnbddf|02|de"; nocase; ) # omekmbckceacocbf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044802; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|omekmbckceacocbf|02|eu"; nocase; ) # nelffmkcdobokfff.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044803; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nelffmkcdobokfff|02|de"; nocase; ) # bcobmmnbmodfkccb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044804; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bcobmmnbmodfkccb|02|co|02|uk"; nocase; ) # fbolcelcfmfbfdbn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044805; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fbolcelcfmfbfdbn|04|info"; nocase; ) # obbcckkacfffanld.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044806; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|obbcckkacfffanld|06|online"; nocase; ) # mlfkcndfalfdbcaf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044807; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|mlfkcndfalfdbcaf|02|eu"; nocase; ) # fcdafcnemdodfcab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044808; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcdafcnemdodfcab|03|net"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # knkfomcfebafddfb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044809; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|knkfomcfebafddfb|03|org"; nocase; ) # bnaaldkcabncebec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044810; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bnaaldkcabncebec|03|com"; nocase; ) # dkfmldfmmdbdmkca.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044811; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dkfmldfmmdbdmkca|02|cc"; nocase; ) # ffaafllnabcnaffc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044812; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ffaafllnabcnaffc|03|org"; nocase; ) # dupyuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044813; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dupyuy|03|com"; nocase; ) # yyeiso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044814; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yyeiso|03|com"; nocase; ) # xqjifx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044815; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xqjifx|03|com"; nocase; ) # cezgdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044816; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|cezgdt|03|com"; nocase; ) # uavsij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044817; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|uavsij|03|com"; nocase; ) # dlvdzr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044818; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dlvdzr|03|com"; nocase; ) # yauxyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044819; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|yauxyz|03|com"; nocase; ) # aaufhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044820; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aaufhy|03|com"; nocase; ) # zuoius.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044821; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zuoius|03|com"; nocase; ) # xsbcye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044822; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xsbcye|03|com"; nocase; ) # mzguyv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044823; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mzguyv|03|com"; nocase; ) # mjmubf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044824; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mjmubf|03|com"; nocase; ) # iwcdei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044825; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|iwcdei|03|com"; nocase; ) # eyieiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044826; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eyieiy|03|com"; nocase; ) # zguixe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044827; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zguixe|03|com"; nocase; ) # nyykey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044828; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|nyykey|03|com"; nocase; ) # elmbwv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044829; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|elmbwv|03|com"; nocase; ) # qawdea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044830; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qawdea|03|com"; nocase; ) # eiixso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044831; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eiixso|03|com"; nocase; ) # aaaqld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044832; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|aaaqld|03|com"; nocase; ) # tzfpph.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044833; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|tzfpph|03|com"; nocase; ) # gdfgoctgmxtdjjqy.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044834; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|gdfgoctgmxtdjjqy|04|work"; nocase; ) # rjggitcsf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044835; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|rjggitcsf|03|org"; nocase; ) # mjcaprcwvnvluvkah.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044836; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|mjcaprcwvnvluvkah|05|click"; nocase; ) # grwipjmmffbpfaig.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044837; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|grwipjmmffbpfaig|05|click"; nocase; ) # oajootvewxkrjgqv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044838; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|10|oajootvewxkrjgqv|04|info"; nocase; ) # lpjfbbtkapkkd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044839; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|lpjfbbtkapkkd|02|ru"; nocase; ) # jxxofubief.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044840; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|jxxofubief|04|info"; nocase; ) # eenofgf.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044841; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|eenofgf|04|work"; nocase; ) # hmyktenhxcoby.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044842; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|hmyktenhxcoby|05|click"; nocase; ) # ulaksothup.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044843; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|ulaksothup|05|click"; nocase; ) # dctrkvp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044844; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|dctrkvp|03|biz"; nocase; ) # mhcbjwc.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044845; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|07|mhcbjwc|02|pw"; nocase; ) # hoyjiutfeag.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044846; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|hoyjiutfeag|04|work"; nocase; ) # jfqvhluxxlmpc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044847; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|jfqvhluxxlmpc|02|ru"; nocase; ) # ekuxmydc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044848; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|ekuxmydc|03|org"; nocase; ) # amiaccijvgotuoxyt.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044849; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|amiaccijvgotuoxyt|02|su"; nocase; ) # sqlxiixtk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044850; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|sqlxiixtk|04|info"; nocase; ) # bfbpebxecaqkgrq.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044851; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0f|bfbpebxecaqkgrq|02|pl"; nocase; ) # nxxjrtnutuobhhdxd.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044852; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|11|nxxjrtnutuobhhdxd|03|xyz"; nocase; ) # nvnbvoxaul.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044853; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|nvnbvoxaul|02|pl"; nocase; ) # sdjufbaopn.click [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044854; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0a|sdjufbaopn|05|click"; nocase; ) # yiqcdvtx.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044855; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|08|yiqcdvtx|03|xyz"; nocase; ) # xkokuamjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044856; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|xkokuamjb|03|biz"; nocase; ) # nbkahcujklnkmh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044857; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|nbkahcujklnkmh|02|ru"; nocase; ) # terylhkic.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044858; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|09|terylhkic|02|pw"; nocase; ) # vbmbqkjeraiwtp.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044859; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|vbmbqkjeraiwtp|03|xyz"; nocase; ) # oudhfmgauibu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044860; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|oudhfmgauibu|03|org"; nocase; ) # udhsggwiauom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044861; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|udhsggwiauom|03|net"; nocase; ) # wllhgbngdbok.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044862; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wllhgbngdbok|02|co|02|uk"; nocase; ) # yfsiawljdbtj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044863; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yfsiawljdbtj|03|net"; nocase; ) # dbiwwjyackdf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044864; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dbiwwjyackdf|04|info"; nocase; ) # sjpjkierloti.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044865; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sjpjkierloti|03|biz"; nocase; ) # jjmixdpthwfb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044866; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jjmixdpthwfb|02|ru"; nocase; ) # klrhtlfveeiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044867; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|klrhtlfveeiq|03|org"; nocase; ) # lrqwxxgrkdfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044868; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|lrqwxxgrkdfy|03|com"; nocase; ) # mtvvtgvthkio.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044869; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mtvvtgvthkio|03|net"; nocase; ) # ooxwbwnetsyx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044870; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ooxwbwnetsyx|02|ru"; nocase; ) # jrifayvrnnwlcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044871; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jrifayvrnnwlcb|03|com"; nocase; ) # omqaxyjdjypwwk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044872; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|omqaxyjdjypwwk|03|com"; nocase; ) # qlobcjvcidkkgj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044873; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qlobcjvcidkkgj|03|biz"; nocase; ) # kggwbvmauvavem.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044874; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kggwbvmauvavem|02|co|02|uk"; nocase; ) # lwhvromyxmcopa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044875; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lwhvromyxmcopa|02|co|02|uk"; nocase; ) # nbmoywjbkhxqpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044876; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nbmoywjbkhxqpn|03|biz"; nocase; ) # pbfsdsbqjlxvqd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044877; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pbfsdsbqjlxvqd|02|co|02|uk"; nocase; ) # hcghtucbrkvmef.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044878; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hcghtucbrkvmef|02|ru"; nocase; ) # wulofdbjedxoik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044879; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wulofdbjedxoik|03|com"; nocase; ) # xhviocikwmtmvs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044880; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xhviocikwmtmvs|02|ru"; nocase; ) # kkhqcxdktrpqpt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044881; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kkhqcxdktrpqpt|02|co|02|uk"; nocase; ) # ytgeinaliptjpv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044882; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ytgeinaliptjpv|03|net"; nocase; ) # cinvmxfbiidklo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044883; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cinvmxfbiidklo|02|ru"; nocase; ) # ttslastlmmeomb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044884; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ttslastlmmeomb|03|com"; nocase; ) # tnpnextoadxcnp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044885; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tnpnextoadxcnp|03|net"; nocase; ) # xxujjslqbrhene.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044886; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xxujjslqbrhene|02|co|02|uk"; nocase; ) # salqfpgbupfwtw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044887; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|salqfpgbupfwtw|03|biz"; nocase; ) # gnmakxavwmuktr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044888; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|gnmakxavwmuktr|02|ru"; nocase; ) # agrhimuftefjau.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044889; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|agrhimuftefjau|03|org"; nocase; ) # ooagyvpovkfemy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044890; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ooagyvpovkfemy|03|com"; nocase; ) # lgivscbhjmscue.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044891; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lgivscbhjmscue|02|ru"; nocase; ) # hrfvsxvukayxbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044892; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hrfvsxvukayxbs|03|net"; nocase; ) # jqdwwobhqvqubr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044893; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jqdwwobhqvqubr|02|ru"; nocase; ) # rxnpxefnvlkbem.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044894; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|rxnpxefnvlkbem|03|org"; nocase; ) # cheadytiayxuel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044895; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|cheadytiayxuel|03|com"; nocase; ) # dyoidjguhbjveb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044896; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dyoidjguhbjveb|03|biz"; nocase; ) # grjvigujosxxlb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044897; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|grjvigujosxxlb|03|org"; nocase; ) # smtyeiqwfepchm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044898; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|smtyeiqwfepchm|03|com"; nocase; ) # xojdjaekbabgfv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044899; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xojdjaekbabgfv|04|info"; nocase; ) # dsndusinvssaja.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044900; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dsndusinvssaja|03|net"; nocase; ) # irsrlplrjvaciy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044901; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|irsrlplrjvaciy|02|ru"; nocase; ) # drvyprtasqcsra.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044902; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|drvyprtasqcsra|02|ru"; nocase; ) # qhqmiwedfsafrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044903; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|qhqmiwedfsafrt|03|org"; nocase; ) # fibscywndbkmry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044904; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fibscywndbkmry|03|com"; nocase; ) # galbcpctqrbvbh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044905; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|galbcpctqrbvbh|03|biz"; nocase; ) # tjfjmxvylyiohr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044906; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tjfjmxvylyiohr|03|biz"; nocase; ) # ympbvebcaxucif.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044907; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ympbvebcaxucif|03|biz"; nocase; ) # xepvgmdcdgjeva.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044908; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xepvgmdcdgjeva|02|ru"; nocase; ) # evbnmirmllkajn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044909; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|evbnmirmllkajn|03|com"; nocase; ) # iggjrdjomatcfd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044910; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iggjrdjomatcfd|03|org"; nocase; ) # mdlgnwuflthmbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044911; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mdlgnwuflthmbv|03|net"; nocase; ) # whkacciwboavkv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044912; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|whkacciwboavkv|04|info"; nocase; ) # mpviguocmccndj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044913; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mpviguocmccndj|03|biz"; nocase; ) # bepwxvtyaixxde.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044914; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bepwxvtyaixxde|02|ru"; nocase; ) # tnxirwjhermotc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044915; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tnxirwjhermotc|04|info"; nocase; ) # vedceryibfljpu.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044916; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vedceryibfljpu|02|ru"; nocase; ) # yvissyrgtddnvt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044917; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yvissyrgtddnvt|04|info"; nocase; ) # pecjdtgqfaonvf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044918; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pecjdtgqfaonvf|03|com"; nocase; ) # sbnkyshewkpfws.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044919; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|sbnkyshewkpfws|02|ru"; nocase; ) # swihgwrsirbuue.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044920; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|swihgwrsirbuue|02|co|02|uk"; nocase; ) # gcajqhmeqcatkqg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044921; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gcajqhmeqcatkqg|03|net"; nocase; ) # truupmwshygpkvs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044922; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|truupmwshygpkvs|03|biz"; nocase; ) # lacoiyauliyfttg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044923; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lacoiyauliyfttg|03|com"; nocase; ) # mwdvbmlswgptseh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044924; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mwdvbmlswgptseh|02|co|02|uk"; nocase; ) # gjdvjqmppirpadj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044925; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gjdvjqmppirpadj|02|ru"; nocase; ) # qnqujgfcckxadwk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044926; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qnqujgfcckxadwk|03|org"; nocase; ) # smoraqrxsifudbc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044927; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|smoraqrxsifudbc|04|info"; nocase; ) # rgrempxiwqyejja.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044928; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rgrempxiwqyejja|03|biz"; nocase; ) # skbowromelhsgxe.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044929; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|skbowromelhsgxe|02|co|02|uk"; nocase; ) # vjwxflhatbajnex.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044930; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vjwxflhatbajnex|04|info"; nocase; ) # jleilqyhcwoqvbc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044931; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jleilqyhcwoqvbc|03|biz"; nocase; ) # knfkivlqpcueujo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044932; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|knfkivlqpcueujo|02|ru"; nocase; ) # rhjmkjrmgdhmfuv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044933; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rhjmkjrmgdhmfuv|04|info"; nocase; ) # joqcqwulwfkskre.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044934; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|joqcqwulwfkskre|02|co|02|uk"; nocase; ) # lnoyhnablomfknp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044935; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lnoyhnablomfknp|03|com"; nocase; ) # rmuhuiogeniigvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044936; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rmuhuiogeniigvw|03|org"; nocase; ) # epxlfygsknuvkwh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044937; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|epxlfygsknuvkwh|03|com"; nocase; ) # rfsyxeqvwpsikjh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044938; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rfsyxeqvwpsikjh|03|net"; nocase; ) # gejyevltlfplofx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044939; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gejyevltlfplofx|03|com"; nocase; ) # jodavsafolcxkwa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044940; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jodavsafolcxkwa|03|biz"; nocase; ) # jcsclxaabqixehr.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044941; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jcsclxaabqixehr|02|ru"; nocase; ) # kgneidmunhagdwr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044942; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kgneidmunhagdwr|03|org"; nocase; ) # eyddvlvgcgsttmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044943; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|eyddvlvgcgsttmu|03|net"; nocase; ) # uescwrjdxgkbtsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044944; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uescwrjdxgkbtsl|03|net"; nocase; ) # wlmojoxidenspgj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044945; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wlmojoxidenspgj|02|ru"; nocase; ) # smdcftjwkynlbpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044946; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|smdcftjwkynlbpm|03|net"; nocase; ) # uuhmsbmkiosnbep.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044947; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uuhmsbmkiosnbep|02|co|02|uk"; nocase; ) # jrsbgdglpefsews.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044948; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jrsbgdglpefsews|03|net"; nocase; ) # kvnddisgcuwbmdf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044949; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kvnddisgcuwbmdf|03|biz"; nocase; ) # mernqpvtakcdblb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044950; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mernqpvtakcdblb|04|info"; nocase; ) # lqvvuvlmmrdrhrx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044951; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lqvvuvlmmrdrhrx|03|biz"; nocase; ) # ewwwovkrnmsnivt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044952; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ewwwovkrnmsnivt|03|com"; nocase; ) # ttpmhbfbvenmejg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044953; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ttpmhbfbvenmejg|03|net"; nocase; ) # ybweuadmolqjiek.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044954; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ybweuadmolqjiek|04|info"; nocase; ) # ashihkpcnhorifl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044955; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ashihkpcnhorifl|03|net"; nocase; ) # gnaqfrkhjyifygs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044956; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gnaqfrkhjyifygs|03|net"; nocase; ) # tbbceaenpqrjyma.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044957; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tbbceaenpqrjyma|03|biz"; nocase; ) # swookbfnashdnbj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044958; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|swookbfnashdnbj|04|info"; nocase; ) # fcvqsnelafebtmt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044959; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|fcvqsnelafebtmt|02|co|02|uk"; nocase; ) # gspwtrojqrbfbvq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044960; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gspwtrojqrbfbvq|03|com"; nocase; ) # wpfrxmnkiaanxjv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044961; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wpfrxmnkiaanxjv|03|org"; nocase; ) # bstudxibohcdvcf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044962; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bstudxibohcdvcf|02|ru"; nocase; ) # ugavirxyclpmwek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044963; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ugavirxyclpmwek|03|com"; nocase; ) # rvummfkmbbbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044964; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rvummfkmbbbw|03|biz"; nocase; ) # srsqnpwycwbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044965; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|srsqnpwycwbx|03|org"; nocase; ) # vadieukcdncj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044966; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vadieukcdncj|02|ru"; nocase; ) # wexhkaqetotu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044967; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wexhkaqetotu|03|org"; nocase; ) # xavllkdquktv.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044968; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xavllkdquktv|04|info"; nocase; ) # xgedyuxnbelp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044969; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xgedyuxnbelp|03|net"; nocase; ) # clcunrpepwdc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044970; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|clcunrpepwdc|03|biz"; nocase; ) # qwulknyrowyn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044971; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qwulknyrowyn|02|co|02|uk"; nocase; ) # xiiitougwqsx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044972; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xiiitougwqsx|03|biz"; nocase; ) # ahgjxfasdmku.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044973; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ahgjxfasdmku|03|org"; nocase; ) # raoraucofjgh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044974; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|raoraucofjgh|02|co|02|uk"; nocase; ) # kidrukgoyrqj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044975; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kidrukgoyrqj|04|info"; nocase; ) # yrceeawinwfe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044976; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yrceeawinwfe|03|biz"; nocase; ) # sylbxakgjchd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044977; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sylbxakgjchd|03|com"; nocase; ) # tbmerfqiwavs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044978; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tbmerfqiwavs|03|net"; nocase; ) # tujfykwskxhe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044979; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tujfykwskxhe|03|biz"; nocase; ) # xfojdfmbchuj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044980; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xfojdfmbchuj|04|info"; nocase; ) # qyjqtrwgblic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044981; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qyjqtrwgblic|03|net"; nocase; ) # emkycaktdpor.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044982; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|emkycaktdpor|03|biz"; nocase; ) # sxhrxcjfapdp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044983; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|sxhrxcjfapdp|02|ru"; nocase; ) # iwpdguacuycw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044984; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iwpdguacuycw|04|info"; nocase; ) # wimvcwynryqu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044985; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wimvcwynryqu|03|com"; nocase; ) # mvqmijqoylur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044986; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mvqmijqoylur|03|org"; nocase; ) # cuskmpjihagn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044987; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cuskmpjihagn|03|biz"; nocase; ) # pitsuunpujuh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044988; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|pitsuunpujuh|02|ru"; nocase; ) # klbtpfnarkwh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044989; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|klbtpfnarkwh|02|ru"; nocase; ) # hxtedciotpsg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044990; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hxtedciotpsg|03|com"; nocase; ) # ulumlkvcvtyv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044991; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ulumlkvcvtyv|03|net"; nocase; ) # udcnsoikdmew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044992; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|udcnsoikdmew|02|ru"; nocase; ) # rfhprmeproxt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044993; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rfhprmeproxt|02|co|02|uk"; nocase; ) # hwjfsirgwqgk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044994; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hwjfsirgwqgk|03|com"; nocase; ) # umetinvcjdmu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044995; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|umetinvcjdmu|03|net"; nocase; ) # qprgojigaalh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044996; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qprgojigaalh|04|info"; nocase; ) # acvruvxrxfvi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044997; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|acvruvxrxfvi|02|ru"; nocase; ) # bgqsuenltqus.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044998; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bgqsuenltqus|03|org"; nocase; ) # crjpbxiejaah.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000044999; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|crjpbxiejaah|03|biz"; nocase; ) # enoybttxjwhw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045000; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|enoybttxjwhw|02|co|02|uk"; nocase; ) # kxaiibyefhic.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045001; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kxaiibyefhic|04|info"; nocase; ) # mofktiaxyfmy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045002; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mofktiaxyfmy|02|ru"; nocase; ) # ocieapghxaii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045003; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ocieapghxaii|03|com"; nocase; ) # rbncfobnfrux.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045004; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rbncfobnfrux|02|ru"; nocase; ) # flhwffhdacut.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045005; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|flhwffhdacut|02|ru"; nocase; ) # vrddluoutxkm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045006; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|vrddluoutxkm|04|info"; nocase; ) # qukcmenrljgt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045007; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qukcmenrljgt|04|info"; nocase; ) # gicprchxnwks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045008; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gicprchxnwks|03|org"; nocase; ) # idmmwmtwssdg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045009; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|idmmwmtwssdg|04|info"; nocase; ) # wfgjtojhyxgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045010; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wfgjtojhyxgr|03|com"; nocase; ) # eiuqlbyvtxwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045011; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eiuqlbyvtxwc|03|com"; nocase; ) # hqypcnykftms.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045012; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hqypcnykftms|02|ru"; nocase; ) # hyutmkklpccj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045013; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hyutmkklpccj|03|net"; nocase; ) # jpavxfcgdqyh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045014; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jpavxfcgdqyh|02|co|02|uk"; nocase; ) # eshuyobducuo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045015; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eshuyobducuo|02|co|02|uk"; nocase; ) # rggxdsilttni.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045016; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|rggxdsilttni|02|ru"; nocase; ) # yhacyvedxmjdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045017; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yhacyvedxmjdh|03|biz"; nocase; ) # nssoiluahhqnh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045018; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nssoiluahhqnh|02|co|02|uk"; nocase; ) # efcppntncgerq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045019; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|efcppntncgerq|03|net"; nocase; ) # uklpgrnfjtgix.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045020; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uklpgrnfjtgix|04|info"; nocase; ) # xwpvfgjfbfwut.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045021; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xwpvfgjfbfwut|03|biz"; nocase; ) # aftornkyiliat.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045022; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|aftornkyiliat|04|info"; nocase; ) # ppxehvlbdcshf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045023; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ppxehvlbdcshf|02|ru"; nocase; ) # qkbcreblaehay.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045024; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qkbcreblaehay|03|org"; nocase; ) # qthxnuwpsbqsu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045025; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qthxnuwpsbqsu|04|info"; nocase; ) # rxcwtdmukiemt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045026; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rxcwtdmukiemt|03|com"; nocase; ) # wallyspplssmy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045027; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wallyspplssmy|02|co|02|uk"; nocase; ) # bcpycnfxsfijn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045028; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bcpycnfxsfijn|03|biz"; nocase; ) # opqhksjfgowde.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045029; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|opqhksjfgowde|02|ru"; nocase; ) # jsxifdjpdpydn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045030; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jsxifdjpdpydn|02|ru"; nocase; ) # cjatkrfhgugfn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045031; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cjatkrfhgugfn|03|biz"; nocase; ) # qjhurbvggvdga.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045032; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qjhurbvggvdga|02|co|02|uk"; nocase; ) # rffufrbjwpwfa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045033; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rffufrbjwpwfa|03|com"; nocase; ) # nknythhvhonui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045034; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nknythhvhonui|03|net"; nocase; ) # yylqhedsexulf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045035; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yylqhedsexulf|03|biz"; nocase; ) # puqcyawbujssi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045036; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|puqcyawbujssi|02|ru"; nocase; ) # rduuluovxuuyi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045037; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|rduuluovxuuyi|03|com"; nocase; ) # wuxmmnaldjcih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045038; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wuxmmnaldjcih|03|net"; nocase; ) # xmiqyxmbcfaqj.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045039; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xmiqyxmbcfaqj|02|ru"; nocase; ) # wedwbahxlypbq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045040; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wedwbahxlypbq|03|biz"; nocase; ) # sypsgvtqpbwjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045041; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sypsgvtqpbwjn|03|com"; nocase; ) # nahowlbevtndq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045042; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|nahowlbevtndq|04|info"; nocase; ) # bcwetwclflira.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045043; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bcwetwclflira|03|com"; nocase; ) # ecviyjowdevdu.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045044; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ecviyjowdevdu|02|co|02|uk"; nocase; ) # eouvyueacapdi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045045; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eouvyueacapdi|04|info"; nocase; ) # cnrfmyymsqpcp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045046; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cnrfmyymsqpcp|04|info"; nocase; ) # cblfhpuqggwun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045047; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|cblfhpuqggwun|03|net"; nocase; ) # pphivsabmexsa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045048; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|pphivsabmexsa|02|co|02|uk"; nocase; ) # 7e354m16epbwd1i76w6m1qzgyuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7e354m16epbwd1i76w6m1qzgyuh|03|net"; nocase; ) # 1q7eztz1xagr5eq2c5yv19mst4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q7eztz1xagr5eq2c5yv19mst4|03|biz"; nocase; ) # tbqreu1how4zl1vsqdplsds543.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tbqreu1how4zl1vsqdplsds543|03|com"; nocase; ) # 2nqq4ukxjwso6a5171zkr1nv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2nqq4ukxjwso6a5171zkr1nv|03|net"; nocase; ) # 19sqh6g15ep03j1f825ke1yfkzt7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19sqh6g15ep03j1f825ke1yfkzt7|03|com"; nocase; ) # jtrny413jvvovtswwhq1qdv7xl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jtrny413jvvovtswwhq1qdv7xl|03|org"; nocase; ) # yd3clmxxz84nylmmlc1i9iiyz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yd3clmxxz84nylmmlc1i9iiyz|03|net"; nocase; ) # q2n381ywy13c9l1n4u1rx7h0x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q2n381ywy13c9l1n4u1rx7h0x|03|biz"; nocase; ) # b1ero81ux6hzx8havg15i7iam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1ero81ux6hzx8havg15i7iam|03|com"; nocase; ) # 19ma22c1jawde71u6b3k81a9zavd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19ma22c1jawde71u6b3k81a9zavd|03|org"; nocase; ) # 1wi29jl1d710qfy6kx5i1flt5e2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wi29jl1d710qfy6kx5i1flt5e2|03|net"; nocase; ) # 6ocethh8ku6d1qieywvuq8n70.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ocethh8ku6d1qieywvuq8n70|03|org"; nocase; ) # 1x91cj7j27anuqwe6mv19gkvh1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x91cj7j27anuqwe6mv19gkvh1|03|com"; nocase; ) # hn8b5r1psxrl911dlh5a1xph9ls.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hn8b5r1psxrl911dlh5a1xph9ls|03|net"; nocase; ) # ft7hpn10jnjr8553gsk1i0sclh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ft7hpn10jnjr8553gsk1i0sclh|03|org"; nocase; ) # fgyw9g5q1glf1ullvhu1cqxumr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fgyw9g5q1glf1ullvhu1cqxumr|03|com"; nocase; ) # 1ts8kj010hj7me1uken991xa643v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ts8kj010hj7me1uken991xa643v|03|biz"; nocase; ) # 6p100t1qo6w16yc4dks18a7j00.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6p100t1qo6w16yc4dks18a7j00|03|biz"; nocase; ) # oikqdmvrd2bh1edrx9fqgjxhe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oikqdmvrd2bh1edrx9fqgjxhe|03|biz"; nocase; ) # 1ko32njeltymifaf63b10ed2d0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ko32njeltymifaf63b10ed2d0|03|net"; nocase; ) # b0yebah4ai981ni6a5uc3je64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b0yebah4ai981ni6a5uc3je64|03|com"; nocase; ) # seuul019hemocz9isjxg7o5m2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|seuul019hemocz9isjxg7o5m2|03|org"; nocase; ) # 12h9wjv1xe7m8e18tvjd9hc5h8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12h9wjv1xe7m8e18tvjd9hc5h8v|03|org"; nocase; ) # 1sc76mot6q4i1l0pgco1ncvd5b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sc76mot6q4i1l0pgco1ncvd5b|03|org"; nocase; ) # yrede1147dbs71u92pyc1wfpfop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yrede1147dbs71u92pyc1wfpfop|03|com"; nocase; ) # 16tu06c1jqzp8f317hjp1c78bm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16tu06c1jqzp8f317hjp1c78bm2|03|com"; nocase; ) # 18p6uud438nkcz5chbpur2pxf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18p6uud438nkcz5chbpur2pxf|03|org"; nocase; ) # kel7uk1xvudn81uo1605111tb38.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kel7uk1xvudn81uo1605111tb38|03|biz"; nocase; ) # 17b4kia62m5212ivp334gmwcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17b4kia62m5212ivp334gmwcy|03|net"; nocase; ) # dkuqftve16fn7ns8kb1gmd7m1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dkuqftve16fn7ns8kb1gmd7m1|03|com"; nocase; ) # o2n2xus5yxz51vav8c1uy58jm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o2n2xus5yxz51vav8c1uy58jm|03|com"; nocase; ) # 4bqpx14ostbrcgubgz1ylfawa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4bqpx14ostbrcgubgz1ylfawa|03|net"; nocase; ) # 1sgg1xa1q2plxsqqdp3g1qas4ud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sgg1xa1q2plxsqqdp3g1qas4ud|03|org"; nocase; ) # jnqrr7u2jiwr1jlfcnl1qbft6o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnqrr7u2jiwr1jlfcnl1qbft6o|03|org"; nocase; ) # wis95bs6zwss44xuqtqeuhct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wis95bs6zwss44xuqtqeuhct|03|net"; nocase; ) # 15jwrwv1x6mzxz1ltzbhfe6s5cr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15jwrwv1x6mzxz1ltzbhfe6s5cr|03|com"; nocase; ) # g8lbj815b6pcj186qlr01qzsls6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g8lbj815b6pcj186qlr01qzsls6|03|com"; nocase; ) # qtllfwe5kv2qzfjrsq45yeqs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qtllfwe5kv2qzfjrsq45yeqs|03|net"; nocase; ) # 6a5r8j1e67mqk1rk809h1bvuucg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6a5r8j1e67mqk1rk809h1bvuucg|03|com"; nocase; ) # 1oa1cmd10cr9sv1nmlln51d0ne99.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oa1cmd10cr9sv1nmlln51d0ne99|03|net"; nocase; ) # 17mx4w6w71gcp11do22q1agmd3y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mx4w6w71gcp11do22q1agmd3y|03|com"; nocase; ) # 49g8tx1hux8gc1ja7kf81plbri6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|49g8tx1hux8gc1ja7kf81plbri6|03|net"; nocase; ) # 1tea8od17i5vgteljix41x2j66b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tea8od17i5vgteljix41x2j66b|03|biz"; nocase; ) # 1rquduk16t86wh1cpirhk12scwl6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rquduk16t86wh1cpirhk12scwl6|03|com"; nocase; ) # b1ors7123i1vu1f0gdersijlb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b1ors7123i1vu1f0gdersijlb|03|biz"; nocase; ) # be4vdepvfnei94uxp216w00s8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|be4vdepvfnei94uxp216w00s8|03|org"; nocase; ) # 8hdsj0n472pyvbisr518igfu6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8hdsj0n472pyvbisr518igfu6|03|com"; nocase; ) # imvuc1wyyiqh1osxlt8hizs7g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|imvuc1wyyiqh1osxlt8hizs7g|03|com"; nocase; ) # 1g1l238114r8hip4g8tcmkpnv0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g1l238114r8hip4g8tcmkpnv0|03|net"; nocase; ) # wohqmu19vinojn10jv5vcv5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wohqmu19vinojn10jv5vcv5m|03|com"; nocase; ) # beg45j6o5nc7164xoh71bt27e6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|beg45j6o5nc7164xoh71bt27e6|03|net"; nocase; ) # kfx9gn19g93ld1efr3381w1ngcb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kfx9gn19g93ld1efr3381w1ngcb|03|com"; nocase; ) # 1hcct8saab92nkgoxx1egymwv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hcct8saab92nkgoxx1egymwv|03|com"; nocase; ) # 16wu5ztt6cn2xotg8cu1cbdwox.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16wu5ztt6cn2xotg8cu1cbdwox|03|net"; nocase; ) # 1uw6rrq1nnxhuk3mhclquwxrke.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uw6rrq1nnxhuk3mhclquwxrke|03|net"; nocase; ) # 1uqgqs61jfba2yurz7qf1hsf9qy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uqgqs61jfba2yurz7qf1hsf9qy|03|org"; nocase; ) # 195jzou1p0mu85c7pbj105ihhq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|195jzou1p0mu85c7pbj105ihhq|03|net"; nocase; ) # 1bbeqam4rea7g1n1akzfi7oje7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bbeqam4rea7g1n1akzfi7oje7|03|com"; nocase; ) # 1v4sdioywsu68tsy17imxvr5w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v4sdioywsu68tsy17imxvr5w|03|biz"; nocase; ) # knid90oatkbyp6l3a11f8j68d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|knid90oatkbyp6l3a11f8j68d|03|com"; nocase; ) # 67wmjb18zd4op15em2p7dszawo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|67wmjb18zd4op15em2p7dszawo|03|net"; nocase; ) # 9cpor6143qpg014rken9fsvzdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9cpor6143qpg014rken9fsvzdt|03|com"; nocase; ) # uq78hbcnxsub4wjnzl1uacnvv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uq78hbcnxsub4wjnzl1uacnvv|03|biz"; nocase; ) # 10n9pkp1sbtw5w1pgsb11exea4m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10n9pkp1sbtw5w1pgsb11exea4m|03|net"; nocase; ) # if6d33177sie9op6uq61faiw5e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|if6d33177sie9op6uq61faiw5e|03|biz"; nocase; ) # v1j6o5bvf6w710x1ddh116xpbu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1j6o5bvf6w710x1ddh116xpbu|03|org"; nocase; ) # 1avi74ygrlg3d1fxruyw1pn5jti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1avi74ygrlg3d1fxruyw1pn5jti|03|org"; nocase; ) # 14pf4dy182mekzbmfqou1amhtat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14pf4dy182mekzbmfqou1amhtat|03|net"; nocase; ) # 1dyt8m8jjhppw5b4l0g15mxobs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dyt8m8jjhppw5b4l0g15mxobs|03|org"; nocase; ) # e42fuzde3r8r1uo36pt2esmt5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e42fuzde3r8r1uo36pt2esmt5|03|net"; nocase; ) # zqiszw1g5wol017gctez1mnzc93.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zqiszw1g5wol017gctez1mnzc93|03|org"; nocase; ) # 1875kpx1xzki821pukb0rtlcwqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1875kpx1xzki821pukb0rtlcwqv|03|com"; nocase; ) # s33cvp1whlayq1oxy2t0f6d1gu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s33cvp1whlayq1oxy2t0f6d1gu|03|biz"; nocase; ) # b3uv901oytgij185kmw91gdy7w4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b3uv901oytgij185kmw91gdy7w4|03|net"; nocase; ) # f5kdxdvn1oy116oowk910r92l5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f5kdxdvn1oy116oowk910r92l5|03|biz"; nocase; ) # 1nt1pf55ryt171ycdx2x1lpcn2p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nt1pf55ryt171ycdx2x1lpcn2p|03|org"; nocase; ) # 12lpez9jzduh619r1lb456vf63.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12lpez9jzduh619r1lb456vf63|03|biz"; nocase; ) # 13nhcb1ueqm89ehgh5p179oltb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13nhcb1ueqm89ehgh5p179oltb|03|com"; nocase; ) # 1io1zkiktu8k41m777faz9djmx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1io1zkiktu8k41m777faz9djmx|03|net"; nocase; ) # ori2rk1szeca81jrrz831g0ldsv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ori2rk1szeca81jrrz831g0ldsv|03|net"; nocase; ) # rlczn812ur2pfssvpqv8ctdlj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rlczn812ur2pfssvpqv8ctdlj|03|net"; nocase; ) # l7n2p1m8iqfj1llxqu41r7bza6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l7n2p1m8iqfj1llxqu41r7bza6|03|org"; nocase; ) # lz73hj1fo8x4381zaugamsi32.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lz73hj1fo8x4381zaugamsi32|03|net"; nocase; ) # wsv6uuielz633ar6hblx9oik.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wsv6uuielz633ar6hblx9oik|03|net"; nocase; ) # 18acdvzesz6rx1bfzcl61ulpf6r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18acdvzesz6rx1bfzcl61ulpf6r|03|org"; nocase; ) # 1yrt41n1l7mu5x3zuktx1qkv5fp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yrt41n1l7mu5x3zuktx1qkv5fp|03|com"; nocase; ) # f86fsy1wijr4w1gs92o64t70qs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f86fsy1wijr4w1gs92o64t70qs|03|org"; nocase; ) # rcb2u51si714r1ycvi1y1drb6na.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rcb2u51si714r1ycvi1y1drb6na|03|net"; nocase; ) # jlvi2btk2hq3gakb4w1kk5cp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jlvi2btk2hq3gakb4w1kk5cp|03|org"; nocase; ) # 1gmjr3412epardy2vscq1vdttos.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gmjr3412epardy2vscq1vdttos|03|org"; nocase; ) # u4yl8i1o7b9sn14iyn7yhlz2zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u4yl8i1o7b9sn14iyn7yhlz2zw|03|org"; nocase; ) # 1pq8olhkd8cz4u4gozrcf3iz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pq8olhkd8cz4u4gozrcf3iz8|03|net"; nocase; ) # oydr1f125xaoa1jv2uku1h4zokb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oydr1f125xaoa1jv2uku1h4zokb|03|biz"; nocase; ) # 1dlz0h11h7dvz91rbk6uh4er09z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dlz0h11h7dvz91rbk6uh4er09z|03|org"; nocase; ) # 1h55vqcz93g4q1uy43vid5wkan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h55vqcz93g4q1uy43vid5wkan|03|org"; nocase; ) # jqudowiuxin91kuwgml1ptk0iy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqudowiuxin91kuwgml1ptk0iy|03|com"; nocase; ) # jf9bcz1u02acvq9y8is1fizxia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jf9bcz1u02acvq9y8is1fizxia|03|org"; nocase; ) # x7a9c1prziz1l1q03mifbfkc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x7a9c1prziz1l1q03mifbfkc|03|biz"; nocase; ) # 1p4uv2e1sg2np91t1tkkr1u41qtu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p4uv2e1sg2np91t1tkkr1u41qtu|03|net"; nocase; ) # e0m7s91i16v561e2rlkutfttl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e0m7s91i16v561e2rlkutfttl7|03|org"; nocase; ) # m3rf5co81lz61osajki38gib1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m3rf5co81lz61osajki38gib1|03|net"; nocase; ) # lr7frbnvwdvixgdwq117bjxej.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lr7frbnvwdvixgdwq117bjxej|03|net"; nocase; ) # i4mle2lkgsb6dptk9y1prrbm5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i4mle2lkgsb6dptk9y1prrbm5|03|com"; nocase; ) # a65fcw1mcrfqz1iuq0pu1xbnqc4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a65fcw1mcrfqz1iuq0pu1xbnqc4|03|biz"; nocase; ) # c06dwgw8h4201dhvpupc54khd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c06dwgw8h4201dhvpupc54khd|03|org"; nocase; ) # 1jhkb4bf5zfqpqalxvfmniqfb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jhkb4bf5zfqpqalxvfmniqfb|03|net"; nocase; ) # xa4nlo180wn7e1yh1ml8xfj1z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xa4nlo180wn7e1yh1ml8xfj1z|03|net"; nocase; ) # 103ic4vih9jv98qeumyvf2w1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|103ic4vih9jv98qeumyvf2w1|03|com"; nocase; ) # ia4kneykn6jr1famf2w1nyoc83.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ia4kneykn6jr1famf2w1nyoc83|03|biz"; nocase; ) # 120eigzeu06wf3n45j95rk15o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|120eigzeu06wf3n45j95rk15o|03|com"; nocase; ) # 1gmd5wz4ja4j11g1k2c91nw7l2q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gmd5wz4ja4j11g1k2c91nw7l2q|03|net"; nocase; ) # wo8ebfk44nw21vh8yhm1179ke0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wo8ebfk44nw21vh8yhm1179ke0|03|net"; nocase; ) # 1v43vvtk3pfzu1hivp3s14d13cg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v43vvtk3pfzu1hivp3s14d13cg|03|net"; nocase; ) # 93840al7f7g71gsvx5d1o6bhhj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|93840al7f7g71gsvx5d1o6bhhj|03|biz"; nocase; ) # ixfkcgv3li94c0jhbcikp942.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ixfkcgv3li94c0jhbcikp942|03|com"; nocase; ) # 179inxj1scugnn9bi9lomrt7o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|179inxj1scugnn9bi9lomrt7o|03|net"; nocase; ) # air9hkcz2s51cwtdw2bi9u3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|air9hkcz2s51cwtdw2bi9u3x|03|biz"; nocase; ) # 1i09pk8uz4sdv1tsc9ox1urogeq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i09pk8uz4sdv1tsc9ox1urogeq|03|biz"; nocase; ) # ri0tt011oa2x13yls781polie8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ri0tt011oa2x13yls781polie8|03|com"; nocase; ) # l5r25ear83vq1rdym1drhhiyq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l5r25ear83vq1rdym1drhhiyq|03|org"; nocase; ) # 1shw13uwt13vx1t763x1tj7jl5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1shw13uwt13vx1t763x1tj7jl5|03|com"; nocase; ) # 4j5nxx1kh8sjwszyf4r10m7msd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4j5nxx1kh8sjwszyf4r10m7msd|03|net"; nocase; ) # p6wiw3x4fwpv1vzahlyjlhir0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p6wiw3x4fwpv1vzahlyjlhir0|03|com"; nocase; ) # yuxj45k7090062d0b118pcahr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yuxj45k7090062d0b118pcahr|03|net"; nocase; ) # c6xdya1c89gsm1krdjem1x83ing.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|c6xdya1c89gsm1krdjem1x83ing|03|net"; nocase; ) # 1l3eg2rd8vqyb1isn70fsdnt3n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l3eg2rd8vqyb1isn70fsdnt3n|03|org"; nocase; ) # gkrsxq16ii4o61m4o1zf1y8ftx8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gkrsxq16ii4o61m4o1zf1y8ftx8|03|org"; nocase; ) # 12lrb2f8kjt1m1u8v1m9lzcp8d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12lrb2f8kjt1m1u8v1m9lzcp8d|03|com"; nocase; ) # 1hkbaoj123o8sa535fln1qaj6ff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hkbaoj123o8sa535fln1qaj6ff|03|com"; nocase; ) # m10i51gd4se07gyj3oyse5o8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m10i51gd4se07gyj3oyse5o8|03|biz"; nocase; ) # 1jne3cy1m091y018eox8uiiwomg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jne3cy1m091y018eox8uiiwomg|03|biz"; nocase; ) # n20l3d1qbpizeqxss1u8yb5bu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n20l3d1qbpizeqxss1u8yb5bu|03|com"; nocase; ) # 1fo1fcy17b0gdgbo90y2ifhe50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fo1fcy17b0gdgbo90y2ifhe50|03|net"; nocase; ) # 1svenlvcs1bg8er2exiol30vu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1svenlvcs1bg8er2exiol30vu|03|com"; nocase; ) # z6st4augbvt81om3gxu1cwfbkc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z6st4augbvt81om3gxu1cwfbkc|03|net"; nocase; ) # 779mke1h0k96qwkcrvheqp0tm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|779mke1h0k96qwkcrvheqp0tm|03|com"; nocase; ) # 1n97kze1l6mvcm6iv229k3rf9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n97kze1l6mvcm6iv229k3rf9g|03|com"; nocase; ) # 17bq4p61c1sdca2bjcmn1r87lun.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17bq4p61c1sdca2bjcmn1r87lun|03|net"; nocase; ) # 1fcc17or4p5gj1wczjk2cj483x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fcc17or4p5gj1wczjk2cj483x|03|com"; nocase; ) # 1t8dhrd1x642vr1ez4j3n1d7aadb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1t8dhrd1x642vr1ez4j3n1d7aadb|03|biz"; nocase; ) # 1w6a4km1i4108k9pwowz1r77hi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w6a4km1i4108k9pwowz1r77hi7|03|com"; nocase; ) # 1j39jq1gkm35o6kf0fh7qa4nx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j39jq1gkm35o6kf0fh7qa4nx|03|net"; nocase; ) # ro3hqiu3f84b1dq6zm93yl1j4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ro3hqiu3f84b1dq6zm93yl1j4|03|biz"; nocase; ) # 1kc97nct4ab61xpnqg61mnqw2e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kc97nct4ab61xpnqg61mnqw2e|03|biz"; nocase; ) # 17ms0ku1n91oarf0547qqcqrd6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17ms0ku1n91oarf0547qqcqrd6|03|biz"; nocase; ) # ufjgw21x7zh7812osmkv1nard16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ufjgw21x7zh7812osmkv1nard16|03|net"; nocase; ) # 10iztwdtjry8i1ply952adjbtz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10iztwdtjry8i1ply952adjbtz|03|com"; nocase; ) # 1mfba1d121fa0819t26th7hemwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mfba1d121fa0819t26th7hemwq|03|biz"; nocase; ) # jdelsifza7qgvk524szcu9fk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jdelsifza7qgvk524szcu9fk|03|net"; nocase; ) # 5t774z1hrkm7m1nn1ej05zx5by.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5t774z1hrkm7m1nn1ej05zx5by|03|com"; nocase; ) # ag3atgxhnm02jm6bib1ohuv2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ag3atgxhnm02jm6bib1ohuv2w|03|org"; nocase; ) # 9h7uw5k0acdbkrxt9hv7k3yb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9h7uw5k0acdbkrxt9hv7k3yb|03|org"; nocase; ) # ar2qiuu7jwy11q5f909c45nic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ar2qiuu7jwy11q5f909c45nic|03|net"; nocase; ) # 1sk2v5715ix0rn1i228dg1ixdcaq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sk2v5715ix0rn1i228dg1ixdcaq|03|biz"; nocase; ) # 11u2ny9icojsg1m4wxjq1lc8hue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11u2ny9icojsg1m4wxjq1lc8hue|03|org"; nocase; ) # 1eibo5a1om5v3u1ixce4p14wv0qt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1eibo5a1om5v3u1ixce4p14wv0qt|03|biz"; nocase; ) # akwrin173z24m1081xzh1c7uwmk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|akwrin173z24m1081xzh1c7uwmk|03|biz"; nocase; ) # rg943he1v63a1capxfugxysjy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rg943he1v63a1capxfugxysjy|03|biz"; nocase; ) # 2q1w671i29ageot6gi912uu05b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2q1w671i29ageot6gi912uu05b|03|com"; nocase; ) # 1mqwalj1t4snxg1rywicnkudfy8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mqwalj1t4snxg1rywicnkudfy8|03|com"; nocase; ) # 16v4ybsngauekzdvl9fr3qlk5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16v4ybsngauekzdvl9fr3qlk5|03|net"; nocase; ) # w8jnnsizsbjbn3z8wqmoe1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|w8jnnsizsbjbn3z8wqmoe1|03|net"; nocase; ) # 1dfyx2m1p7xw1819lxila1narrsm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dfyx2m1p7xw1819lxila1narrsm|03|biz"; nocase; ) # wx7tg26mh7be6zx5lp13kn2th.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wx7tg26mh7be6zx5lp13kn2th|03|org"; nocase; ) # hdq1aiajmzq0y311mk22ug5p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hdq1aiajmzq0y311mk22ug5p|03|com"; nocase; ) # ggdzotiyreb01edzwkr143995e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ggdzotiyreb01edzwkr143995e|03|biz"; nocase; ) # r0aqiqjfea7zrfwf246nsz58.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r0aqiqjfea7zrfwf246nsz58|03|org"; nocase; ) # 1eiyecakupv3q19s3keg1oz51eg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1eiyecakupv3q19s3keg1oz51eg|03|org"; nocase; ) # 9nrw1ghoc9m812qhs3jt88d6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9nrw1ghoc9m812qhs3jt88d6o|03|net"; nocase; ) # ypn1h3vvuah0b8jttm12wqf2f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ypn1h3vvuah0b8jttm12wqf2f|03|biz"; nocase; ) # 1sg1un94a3b31qjo163ym9k0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sg1un94a3b31qjo163ym9k0k|03|org"; nocase; ) # 1xyah1pntqw8p1xxjask1x86bsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xyah1pntqw8p1xxjask1x86bsz|03|com"; nocase; ) # webei11vyeti9g0urr1125ent.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|webei11vyeti9g0urr1125ent|03|org"; nocase; ) # 179lyxv1qiy95l5s0sfmmqy18.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|179lyxv1qiy95l5s0sfmmqy18|03|net"; nocase; ) # t2z7p51e99h281w1kaecpi71bm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t2z7p51e99h281w1kaecpi71bm|03|net"; nocase; ) # 1jen3u1c2rjqfrzbcw5qg10q1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jen3u1c2rjqfrzbcw5qg10q1|03|com"; nocase; ) # g7j4xa1ylapqo1p2780glt92l3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g7j4xa1ylapqo1p2780glt92l3|03|net"; nocase; ) # 1m95yyfugbysu602p481qzcalv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m95yyfugbysu602p481qzcalv|03|net"; nocase; ) # 1q1tvdf6s4drx1czwd3silqxjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1q1tvdf6s4drx1czwd3silqxjc|03|org"; nocase; ) # xsxfzw192sxoq1777nz1tk8pvw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xsxfzw192sxoq1777nz1tk8pvw|03|net"; nocase; ) # 1ugdb7y1ow4x63rqiqim1kih5fm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ugdb7y1ow4x63rqiqim1kih5fm|03|com"; nocase; ) # 1jqnk20tr3y6192ku97gmf0mc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jqnk20tr3y6192ku97gmf0mc|03|net"; nocase; ) # 1ak3qdx15431n1pttlpgj01syz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ak3qdx15431n1pttlpgj01syz|03|org"; nocase; ) # 19kr47zunnnikfhvp7161f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|16|19kr47zunnnikfhvp7161f|03|com"; nocase; ) # 13qebp8n9wvbu8g9zv1ty3g0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13qebp8n9wvbu8g9zv1ty3g0r|03|com"; nocase; ) # 1kp05ywgwtfiy1bhlolc14q4lxz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kp05ywgwtfiy1bhlolc14q4lxz|03|biz"; nocase; ) # 13z35v1oejro6g373md611mda.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13z35v1oejro6g373md611mda|03|net"; nocase; ) # 1msqm028mkzkhtetdxy1tgkw2b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1msqm028mkzkhtetdxy1tgkw2b|03|biz"; nocase; ) # 13gn0961rts1smm1zmkv8nz7f1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13gn0961rts1smm1zmkv8nz7f1|03|net"; nocase; ) # 8sszbpb3rcm5bshj8v1tje7uy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8sszbpb3rcm5bshj8v1tje7uy|03|org"; nocase; ) # 1iwf4fn22yh721dx3g2zq981ne.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iwf4fn22yh721dx3g2zq981ne|03|net"; nocase; ) # 1db7lu81u32d4t1kqqe2g11ew3yu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1db7lu81u32d4t1kqqe2g11ew3yu|03|biz"; nocase; ) # 3qw97s1gfqgqp10w09361o14k2n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3qw97s1gfqgqp10w09361o14k2n|03|net"; nocase; ) # 15yrxglfg7m6c1vie6q1rplkk1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15yrxglfg7m6c1vie6q1rplkk1|03|biz"; nocase; ) # 1l74lgzqw9kp01luug471t5a7q3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l74lgzqw9kp01luug471t5a7q3|03|net"; nocase; ) # 707x4612gz1j1qmy9ti756ht4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|707x4612gz1j1qmy9ti756ht4|03|net"; nocase; ) # outgp4a6dp5esksv16dq0ws6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|outgp4a6dp5esksv16dq0ws6|03|com"; nocase; ) # uu68xy1wpwpkl1rfnugbu9prjs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uu68xy1wpwpkl1rfnugbu9prjs|03|net"; nocase; ) # 1rqgmlau2qiq9ha2rb1u0y23a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rqgmlau2qiq9ha2rb1u0y23a|03|biz"; nocase; ) # at3n0u1b7j1gi4zbt8p1i4vwm5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|at3n0u1b7j1gi4zbt8p1i4vwm5|03|net"; nocase; ) # k1ujh48n0vu1190pmuqromwdi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k1ujh48n0vu1190pmuqromwdi|03|org"; nocase; ) # 1ksu9k8wqsga71i5l95w11olbjw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ksu9k8wqsga71i5l95w11olbjw|03|biz"; nocase; ) # ootggiy4ekaj17gd4f91t9kb05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ootggiy4ekaj17gd4f91t9kb05|03|net"; nocase; ) # 1rbsork11e160kz6jcug1j4ubdg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rbsork11e160kz6jcug1j4ubdg|03|biz"; nocase; ) # 14y3rb8n7yacc1csf5me1nlfw8i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14y3rb8n7yacc1csf5me1nlfw8i|03|org"; nocase; ) # pqy1al1ptdk3810qrpee1bj8ylq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pqy1al1ptdk3810qrpee1bj8ylq|03|net"; nocase; ) # 1yd7xv2z9wzvyg7iosekss40k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1yd7xv2z9wzvyg7iosekss40k|03|net"; nocase; ) # uzuj8d9t9g2u1orsz7h1ntkc2g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uzuj8d9t9g2u1orsz7h1ntkc2g|03|biz"; nocase; ) # 1o51p51vxzb261dua0dls92dgt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o51p51vxzb261dua0dls92dgt|03|org"; nocase; ) # 2s0s5y1owz7eb1thrbjp1aztpza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2s0s5y1owz7eb1thrbjp1aztpza|03|net"; nocase; ) # qtdu01gx8xpsizrgzx12ghiw3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qtdu01gx8xpsizrgzx12ghiw3|03|com"; nocase; ) # 10z3rnr6lzx6w1ai2j6u1do5wcv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10z3rnr6lzx6w1ai2j6u1do5wcv|03|org"; nocase; ) # iqg0d7in5alc1t5jqry1fl7i7h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iqg0d7in5alc1t5jqry1fl7i7h|03|biz"; nocase; ) # zkydkv1oyfla0bab8unhv52jn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zkydkv1oyfla0bab8unhv52jn|03|net"; nocase; ) # ya74qy1lpvcmn1r7t1f71b0fxkj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ya74qy1lpvcmn1r7t1f71b0fxkj|03|biz"; nocase; ) # wlzm60ojxrozer79ntte6gdh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wlzm60ojxrozer79ntte6gdh|03|org"; nocase; ) # e0lz86cfzut16t6r47akoanj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e0lz86cfzut16t6r47akoanj|03|net"; nocase; ) # 155k1h53t3ee91r9x6p51ihb8m1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|155k1h53t3ee91r9x6p51ihb8m1|03|org"; nocase; ) # sti1d72660m914znklg1pim1rz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sti1d72660m914znklg1pim1rz|03|net"; nocase; ) # 48z1gg1y98lw31y3izzgaqrnrl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|48z1gg1y98lw31y3izzgaqrnrl|03|org"; nocase; ) # c4yf9h1nuwuck1hl1k1lz3eaz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c4yf9h1nuwuck1hl1k1lz3eaz5|03|com"; nocase; ) # 1sc8bse1ck1pe91xu8hbw15xdaf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sc8bse1ck1pe91xu8hbw15xdaf4|03|net"; nocase; ) # 8yxygxjo3tyrotcfr8svma7x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8yxygxjo3tyrotcfr8svma7x|03|biz"; nocase; ) # 6ho9ww1il4ek31bc4zbvs9052.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6ho9ww1il4ek31bc4zbvs9052|03|com"; nocase; ) # 26oszr1916dxn1pipvmqki01az.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|26oszr1916dxn1pipvmqki01az|03|net"; nocase; ) # knsn6796o9sz1sbjajvamdc3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|knsn6796o9sz1sbjajvamdc3a|03|net"; nocase; ) # t5jvnv1nbownsod34vx88yy4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t5jvnv1nbownsod34vx88yy4d|03|com"; nocase; ) # smr1m31cku50v1rkbo1z1wid84p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|smr1m31cku50v1rkbo1z1wid84p|03|net"; nocase; ) # 2tg46l1gx4eag1lxtufy1kkr4oq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2tg46l1gx4eag1lxtufy1kkr4oq|03|org"; nocase; ) # qgrh6wrgniad1n1fo7x11nb1mq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qgrh6wrgniad1n1fo7x11nb1mq|03|biz"; nocase; ) # 18p66141vjnnzapnxy311pthq3k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18p66141vjnnzapnxy311pthq3k|03|com"; nocase; ) # 1olgbbq1byyk8a1kombn71j5ejui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1olgbbq1byyk8a1kombn71j5ejui|03|org"; nocase; ) # uwleqivw6kzb1bc2a58qy8j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|uwleqivw6kzb1bc2a58qy8j|03|com"; nocase; ) # k98aii1vfqfb1fpcprx1lnisxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k98aii1vfqfb1fpcprx1lnisxo|03|net"; nocase; ) # xey0y11tfbq9d9ybd9wu1x6eo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xey0y11tfbq9d9ybd9wu1x6eo|03|net"; nocase; ) # 1xy6djv1jpwhntvj68nc7p0p8z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xy6djv1jpwhntvj68nc7p0p8z|03|biz"; nocase; ) # y3fbuf1i8by3hj977w51yq9ye2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y3fbuf1i8by3hj977w51yq9ye2|03|net"; nocase; ) # 7uppq91p38x1iwjkieogc98d6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7uppq91p38x1iwjkieogc98d6|03|org"; nocase; ) # kzgz5k1k7tpaz1hjdxux119ifqc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|kzgz5k1k7tpaz1hjdxux119ifqc|03|net"; nocase; ) # 1ep0l0c11a88h61kx0z3d8xuktc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ep0l0c11a88h61kx0z3d8xuktc|03|net"; nocase; ) # 1r2jsjq10lvk831q62jnbckc577.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r2jsjq10lvk831q62jnbckc577|03|com"; nocase; ) # iycpvq1ll69az8mtrijiw7g1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iycpvq1ll69az8mtrijiw7g1t|03|org"; nocase; ) # 1xz7r7ws2i6vbzakzku11jmeuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xz7r7ws2i6vbzakzku11jmeuk|03|net"; nocase; ) # 1j9z882ueg83512o7a0k1yd4pf6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j9z882ueg83512o7a0k1yd4pf6|03|com"; nocase; ) # vhcmjx1mdyler1rcvwpx1r0fcpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vhcmjx1mdyler1rcvwpx1r0fcpi|03|net"; nocase; ) # 1mnnh6pkuzdcn10s4i3w1e2t4ep.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mnnh6pkuzdcn10s4i3w1e2t4ep|03|biz"; nocase; ) # kqle3z1xirmt9fa8v21218bor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kqle3z1xirmt9fa8v21218bor|03|com"; nocase; ) # 18bnlwm1q1456m1wyuqj459i6tl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18bnlwm1q1456m1wyuqj459i6tl|03|biz"; nocase; ) # 12hn88b1qst0fc17t6zi11aq94i6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12hn88b1qst0fc17t6zi11aq94i6|03|net"; nocase; ) # zcovqq1l1j1ge17i1r6o14t8b4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zcovqq1l1j1ge17i1r6o14t8b4|03|net"; nocase; ) # a0bnyy1wg02k1ny187e1bof20c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a0bnyy1wg02k1ny187e1bof20c|03|net"; nocase; ) # 19a7vwo4gpphm1adwzo4gc0tzd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19a7vwo4gpphm1adwzo4gc0tzd|03|net"; nocase; ) # 14e0e1z1dyktemyuagkl91oj5o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14e0e1z1dyktemyuagkl91oj5o|03|org"; nocase; ) # 1nldedob28fovrreh1k12kir6s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nldedob28fovrreh1k12kir6s|03|net"; nocase; ) # sp9l12119rlfa7d0tca1fgo89k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sp9l12119rlfa7d0tca1fgo89k|03|biz"; nocase; ) # 1qmay8ryg29mzwoenvmothoh9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qmay8ryg29mzwoenvmothoh9|03|org"; nocase; ) # qsho6c1hvei8lawwehx1nlhz53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qsho6c1hvei8lawwehx1nlhz53|03|net"; nocase; ) # 1en811n1bddc5153gn6y1ur2f03.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1en811n1bddc5153gn6y1ur2f03|03|org"; nocase; ) # 12hos07m7a97dag8lzd3effd9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12hos07m7a97dag8lzd3effd9|03|biz"; nocase; ) # 17vdwf8c43ml5d2iuyx15gmj05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17vdwf8c43ml5d2iuyx15gmj05|03|net"; nocase; ) # 1999x11gqw3bb1609va17yr4vg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1999x11gqw3bb1609va17yr4vg|03|biz"; nocase; ) # 1lzsn7kgl5p71pu25x01d7k38q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lzsn7kgl5p71pu25x01d7k38q|03|com"; nocase; ) # 19x270g1e82aotrdvw251gozkma.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19x270g1e82aotrdvw251gozkma|03|net"; nocase; ) # yyn9qk184fyrk69lyc1ufoods.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yyn9qk184fyrk69lyc1ufoods|03|net"; nocase; ) # 1kenbz91oj4tl5pv14lp8cqp61.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kenbz91oj4tl5pv14lp8cqp61|03|org"; nocase; ) # f52g1mjo6lmy186oga3ufyw6z.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f52g1mjo6lmy186oga3ufyw6z|03|biz"; nocase; ) # suzlt51ba0ju2pewfes8hep0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|suzlt51ba0ju2pewfes8hep0a|03|net"; nocase; ) # 4t21zi1f5dp4dz416sv1pdjjsu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4t21zi1f5dp4dz416sv1pdjjsu|03|biz"; nocase; ) # ca6nlmrg6amcb5w6np1yoain8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ca6nlmrg6amcb5w6np1yoain8|03|org"; nocase; ) # md6hto1mfu8ad1dywjosu0bm9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|md6hto1mfu8ad1dywjosu0bm9d|03|org"; nocase; ) # dgfpmq12cwyrfglhzicxwv95g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dgfpmq12cwyrfglhzicxwv95g|03|biz"; nocase; ) # 159rw3b1mzccyi1ewhsg2818kfq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|159rw3b1mzccyi1ewhsg2818kfq|03|biz"; nocase; ) # 3tachv1as45py1h8t9wgcwut8x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3tachv1as45py1h8t9wgcwut8x|03|net"; nocase; ) # 17azw5b1saj4a7wpl1zt15g3ldf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17azw5b1saj4a7wpl1zt15g3ldf|03|net"; nocase; ) # 126y5921pt7710ubocbiqc5h2k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|126y5921pt7710ubocbiqc5h2k|03|org"; nocase; ) # cact8u1fe2zzfi38tlr1pyq2e5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cact8u1fe2zzfi38tlr1pyq2e5|03|net"; nocase; ) # 19pkdlq1qz9w3j1s0t8lj1p4ealx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19pkdlq1qz9w3j1s0t8lj1p4ealx|03|org"; nocase; ) # 1nhq35fbieezz1rws3mj1nthi5k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nhq35fbieezz1rws3mj1nthi5k|03|com"; nocase; ) # 1teskh21kd4km51mq70zc1ljo8wa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1teskh21kd4km51mq70zc1ljo8wa|03|org"; nocase; ) # 1i4aw3x4yqnim1h4883h1e2i9pq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i4aw3x4yqnim1h4883h1e2i9pq|03|biz"; nocase; ) # 1skx02k1c09mm89vwdzy1bsvsdn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skx02k1c09mm89vwdzy1bsvsdn|03|com"; nocase; ) # 318fx92iffhk1mk6yr9doinum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|318fx92iffhk1mk6yr9doinum|03|org"; nocase; ) # 1ouriqj1klc06gs53tyu13gq3lk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ouriqj1klc06gs53tyu13gq3lk|03|org"; nocase; ) # zrvuwsa2xy7453l3wpylk0pk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zrvuwsa2xy7453l3wpylk0pk|03|biz"; nocase; ) # b7g7jt1ilvigfc9oyev61np.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|b7g7jt1ilvigfc9oyev61np|03|org"; nocase; ) # 1ofgfov18i8z4z1jacwbq1utlgqa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ofgfov18i8z4z1jacwbq1utlgqa|03|biz"; nocase; ) # 67n70x13o54cw1m9i3gpmpge2y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|67n70x13o54cw1m9i3gpmpge2y|03|com"; nocase; ) # 6jr8v6nlk6x618evjres0ly5s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6jr8v6nlk6x618evjres0ly5s|03|org"; nocase; ) # cobgyi14wr0lu1cz3bev1yrlpa4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|cobgyi14wr0lu1cz3bev1yrlpa4|03|net"; nocase; ) # 1ysv1x43tys9za1789x1fk6ylh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ysv1x43tys9za1789x1fk6ylh|03|net"; nocase; ) # 56oq7v14ur0ikms8f61bhgi7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|56oq7v14ur0ikms8f61bhgi7y|03|org"; nocase; ) # 8v7gqu10qzm0l15me450fblk81.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8v7gqu10qzm0l15me450fblk81|03|net"; nocase; ) # zn0y314z3oxbaik64p1fzyv5l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zn0y314z3oxbaik64p1fzyv5l|03|org"; nocase; ) # 1ywayvfomrz6fu3sevqgw9til.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ywayvfomrz6fu3sevqgw9til|03|org"; nocase; ) # f35yshl9i5b114ndk6r1rg4j8g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f35yshl9i5b114ndk6r1rg4j8g|03|net"; nocase; ) # qrif0c1j4q502ux5ki314y0jpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qrif0c1j4q502ux5ki314y0jpo|03|com"; nocase; ) # aobbd61tfimjh16e6ior1qwide6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|aobbd61tfimjh16e6ior1qwide6|03|net"; nocase; ) # 18fxrc91l6s9tvhcb2w41516qap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18fxrc91l6s9tvhcb2w41516qap|03|net"; nocase; ) # 15q0ummdesff4mqisbaidriz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|15q0ummdesff4mqisbaidriz|03|biz"; nocase; ) # 5v1hw2d9avjn1n3rid5ustru3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5v1hw2d9avjn1n3rid5ustru3|03|net"; nocase; ) # wtc07avcam0s1dxr1xlam9r1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wtc07avcam0s1dxr1xlam9r1t|03|org"; nocase; ) # 14e7vs2lmg2du1sgd23q1utvstw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14e7vs2lmg2du1sgd23q1utvstw|03|com"; nocase; ) # zbqlcybt907e1wp4o9f841y8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zbqlcybt907e1wp4o9f841y8o|03|org"; nocase; ) # vr2espxs1vzm9h97251jowric.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vr2espxs1vzm9h97251jowric|03|net"; nocase; ) # h3hz9y19htu0x1fe3sywnsbzlq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h3hz9y19htu0x1fe3sywnsbzlq|03|org"; nocase; ) # 8xtxfsgwxlgw3ztt0q15stjf5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8xtxfsgwxlgw3ztt0q15stjf5|03|net"; nocase; ) # 1mj4gon1jawxvk1kis56k1ku4yta.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mj4gon1jawxvk1kis56k1ku4yta|03|org"; nocase; ) # 1ph87xx2et0dq1vyj5mhhuaako.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ph87xx2et0dq1vyj5mhhuaako|03|biz"; nocase; ) # px8ds8vjbzxso52v1o1v6a4ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|px8ds8vjbzxso52v1o1v6a4ia|03|net"; nocase; ) # 12r9p0n1t6zm1w143wbhb14z6c6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12r9p0n1t6zm1w143wbhb14z6c6i|03|org"; nocase; ) # 1xzev5r1pe6ckp3h4hbhgamrix.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xzev5r1pe6ckp3h4hbhgamrix|03|biz"; nocase; ) # 11c3kihohzh2jtno51x1v4bgkc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11c3kihohzh2jtno51x1v4bgkc|03|net"; nocase; ) # luyat8hoz9ng1e3panj1kqjzap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|luyat8hoz9ng1e3panj1kqjzap|03|org"; nocase; ) # 1nfr78r1h4do5geazubp1emi0sd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nfr78r1h4do5geazubp1emi0sd|03|com"; nocase; ) # 1qbd3thp9fxg91lffclf1gn5c49.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qbd3thp9fxg91lffclf1gn5c49|03|com"; nocase; ) # 12uveeb1vni9k51sb7qep3ljdty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12uveeb1vni9k51sb7qep3ljdty|03|biz"; nocase; ) # l2zwx51uuxfhb2vdopn1qj94dy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l2zwx51uuxfhb2vdopn1qj94dy|03|biz"; nocase; ) # wul4y1svfbbz4xc72g1eu7bhp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wul4y1svfbbz4xc72g1eu7bhp|03|net"; nocase; ) # 12t7jeh19k7h2e1iortvp3i6j1b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12t7jeh19k7h2e1iortvp3i6j1b|03|net"; nocase; ) # 6ko8221tyr9n012eoft5iizrb2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ko8221tyr9n012eoft5iizrb2|03|com"; nocase; ) # 18u7q4y1n1dcqf1y6bj01fb89w5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18u7q4y1n1dcqf1y6bj01fb89w5|03|org"; nocase; ) # 2qoimi87tx81dovqdm1xe4452.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2qoimi87tx81dovqdm1xe4452|03|com"; nocase; ) # 3wi6692w0xqw1x98jche1zkci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3wi6692w0xqw1x98jche1zkci|03|com"; nocase; ) # j0slzj1wsdwrg1c7wp5ca6iz6x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j0slzj1wsdwrg1c7wp5ca6iz6x|03|com"; nocase; ) # pdlry01um8yaj1xq88te1hq639t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pdlry01um8yaj1xq88te1hq639t|03|net"; nocase; ) # 19k9nk10bj1ckb5230ixpfc5f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19k9nk10bj1ckb5230ixpfc5f|03|com"; nocase; ) # b63nap7g9etu13l8ujh1erg1ri.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b63nap7g9etu13l8ujh1erg1ri|03|org"; nocase; ) # 1ymt56tap6n2gbn8ea3u1bw9c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ymt56tap6n2gbn8ea3u1bw9c|03|com"; nocase; ) # 1hvmju1gybxvq129wrue1j3n6y5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hvmju1gybxvq129wrue1j3n6y5|03|com"; nocase; ) # er6if6v7k2svosy60e1oyv8bf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|er6if6v7k2svosy60e1oyv8bf|03|org"; nocase; ) # 1g4zcbinqzya41cu99l913x1074.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g4zcbinqzya41cu99l913x1074|03|com"; nocase; ) # iyhrunma1hgzjyauqs581b4r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|iyhrunma1hgzjyauqs581b4r|03|net"; nocase; ) # onayijwfvxgd1pkq9741lce552.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|onayijwfvxgd1pkq9741lce552|03|biz"; nocase; ) # s1oh031l387ekigoiz816tnq7m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s1oh031l387ekigoiz816tnq7m|03|net"; nocase; ) # gia6msaesdw18t0dei7fjmzr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gia6msaesdw18t0dei7fjmzr|03|net"; nocase; ) # gtfxbe10wvdfl11ukwdr1qlbnyl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|gtfxbe10wvdfl11ukwdr1qlbnyl|03|com"; nocase; ) # 1dk35792r6neic14bgjchymdq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dk35792r6neic14bgjchymdq|03|org"; nocase; ) # 1wyibi4ws1snl1uo39xz21810k.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wyibi4ws1snl1uo39xz21810k|03|com"; nocase; ) # 13ak2cawfzcpkzpvtm4knfvs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13ak2cawfzcpkzpvtm4knfvs|03|com"; nocase; ) # j8ogbh1b01vwvw4x0j119sdrfn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8ogbh1b01vwvw4x0j119sdrfn|03|biz"; nocase; ) # o6jzm51uc1nggvur317eqek.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|o6jzm51uc1nggvur317eqek|03|net"; nocase; ) # 1k96ghp15nfwp91e0wnqd1fq1osc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k96ghp15nfwp91e0wnqd1fq1osc|03|com"; nocase; ) # 1i42wed1mazdi819swozvq8skbk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i42wed1mazdi819swozvq8skbk|03|net"; nocase; ) # 7hh7639t1ftu1ohr57o1el050a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7hh7639t1ftu1ohr57o1el050a|03|org"; nocase; ) # 9dh9o7duige7buraksd1xcpy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9dh9o7duige7buraksd1xcpy|03|biz"; nocase; ) # 1in51ql2h48dwqn58siuuv7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1in51ql2h48dwqn58siuuv7w|03|org"; nocase; ) # 4oq1dpyvaqu01wbxi3k15gtkga.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4oq1dpyvaqu01wbxi3k15gtkga|03|org"; nocase; ) # sq8k2a1pajlep1mv664k1rkdukp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|sq8k2a1pajlep1mv664k1rkdukp|03|biz"; nocase; ) # na19nj6yq8031ff59wb15l8dcs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|na19nj6yq8031ff59wb15l8dcs|03|biz"; nocase; ) # 1h37y8v1oz6bko1mo3aci92otcb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h37y8v1oz6bko1mo3aci92otcb|03|net"; nocase; ) # qlut4s1pwq5llldn0rmy9yg7k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qlut4s1pwq5llldn0rmy9yg7k|03|org"; nocase; ) # xwyt2p1loosec1cn7u79o6jo83.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xwyt2p1loosec1cn7u79o6jo83|03|net"; nocase; ) # 1si8tb12rj2f61x8ykdh1d0k55k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1si8tb12rj2f61x8ykdh1d0k55k|03|net"; nocase; ) # 1u4f9ukwj7m7b1qcbd3es8zvil.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u4f9ukwj7m7b1qcbd3es8zvil|03|biz"; nocase; ) # 1qf598tunjy4p1k7pw0dn83jgy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qf598tunjy4p1k7pw0dn83jgy|03|net"; nocase; ) # 544smc17ahij1u07khf1nnfsmv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|544smc17ahij1u07khf1nnfsmv|03|net"; nocase; ) # 13md9c9131kkp01wfwc3y1m9wn5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|13md9c9131kkp01wfwc3y1m9wn5t|03|org"; nocase; ) # 1ok0mihwx2k1ydqf5a4ty9xgt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ok0mihwx2k1ydqf5a4ty9xgt|03|com"; nocase; ) # 1fnqcn58gnjql16dewb8153bgnc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fnqcn58gnjql16dewb8153bgnc|03|org"; nocase; ) # 1owktkrmsedq9dubrgl1oodkt6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1owktkrmsedq9dubrgl1oodkt6|03|org"; nocase; ) # 178tx6n11ikbic176juee1afhzzm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|178tx6n11ikbic176juee1afhzzm|03|com"; nocase; ) # brmigwodm6fb1tqgogpdri1uz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|brmigwodm6fb1tqgogpdri1uz|03|org"; nocase; ) # 1nzea7va90pomhnvr8i1uxa4vt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nzea7va90pomhnvr8i1uxa4vt|03|biz"; nocase; ) # 1pkryid1h26ctq1ytiid01t4lqul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pkryid1h26ctq1ytiid01t4lqul|03|com"; nocase; ) # 1x97pykuya7j61t4llh5uqkred.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x97pykuya7j61t4llh5uqkred|03|org"; nocase; ) # wzhre52aeeek14mj1tqwnplkt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wzhre52aeeek14mj1tqwnplkt|03|net"; nocase; ) # 173gi4u1h9tu8yx6duzn1kcphxc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|173gi4u1h9tu8yx6duzn1kcphxc|03|com"; nocase; ) # 136ln4a1m2h2v6qzqi7y1ai0da4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|136ln4a1m2h2v6qzqi7y1ai0da4|03|net"; nocase; ) # memc511ru110cdt3ohszbbexq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|memc511ru110cdt3ohszbbexq|03|net"; nocase; ) # dtgbnuwmyw1tmipywehgxkrb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dtgbnuwmyw1tmipywehgxkrb|03|biz"; nocase; ) # r24cl5nt93eg15qb0i3mfustc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r24cl5nt93eg15qb0i3mfustc|03|com"; nocase; ) # uh84nt1yd9m8lwgrbw11thalj4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uh84nt1yd9m8lwgrbw11thalj4|03|net"; nocase; ) # 4trul7fox6y91ayi0xekf1rc9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4trul7fox6y91ayi0xekf1rc9|03|biz"; nocase; ) # 1ocfgp41eu54229zj56fu785yn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ocfgp41eu54229zj56fu785yn|03|org"; nocase; ) # 1p15ffo82nqqn16agad9vbq8yg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p15ffo82nqqn16agad9vbq8yg|03|net"; nocase; ) # qfrk3t11ih8msyesv5h7fjief.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qfrk3t11ih8msyesv5h7fjief|03|com"; nocase; ) # 1bfx0g0vr4zo61twz8fp51zuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bfx0g0vr4zo61twz8fp51zuv|03|net"; nocase; ) # asi6rj1hsqugi13wdpcg13iosm3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|asi6rj1hsqugi13wdpcg13iosm3|03|org"; nocase; ) # 18e5zlqeq475rx5qa6u1h32m09.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18e5zlqeq475rx5qa6u1h32m09|03|net"; nocase; ) # h9kf1tprgta1ctmn971xrevjz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h9kf1tprgta1ctmn971xrevjz|03|net"; nocase; ) # juxx6a1cvhr1afe6ado1o49xpa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|juxx6a1cvhr1afe6ado1o49xpa|03|net"; nocase; ) # 5utibkq39hoy1nzwwirudswtx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5utibkq39hoy1nzwwirudswtx|03|net"; nocase; ) # bfcah01x9w4xj1p4bo91uoo5cp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bfcah01x9w4xj1p4bo91uoo5cp|03|net"; nocase; ) # s9wewnwnwkgy1n8myvb18v1enn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s9wewnwnwkgy1n8myvb18v1enn|03|com"; nocase; ) # e5rilryrmum1lho7c11438xew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5rilryrmum1lho7c11438xew|03|com"; nocase; ) # 164db461ajnorlqfum1q6pmgob.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|164db461ajnorlqfum1q6pmgob|03|biz"; nocase; ) # ga1ddygylts6tm62ob1dc5tl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ga1ddygylts6tm62ob1dc5tl7|03|org"; nocase; ) # 6z0ue8rcgqzlr08njcds3fes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6z0ue8rcgqzlr08njcds3fes|03|com"; nocase; ) # z5mgkq339xfke23pgl359388.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|z5mgkq339xfke23pgl359388|03|net"; nocase; ) # d9f3dr15gwi5pn8ef4wpb1fts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d9f3dr15gwi5pn8ef4wpb1fts|03|net"; nocase; ) # 1knwl3m1w9ildtfcku6o1agiq11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1knwl3m1w9ildtfcku6o1agiq11|03|com"; nocase; ) # 1a99f4w1e8wev7gree0ufpftic.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a99f4w1e8wev7gree0ufpftic|03|org"; nocase; ) # 15fgayr11zdj89npacie11b8vjd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15fgayr11zdj89npacie11b8vjd|03|org"; nocase; ) # 1sor4uwr573qm1uig7n254557o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sor4uwr573qm1uig7n254557o|03|com"; nocase; ) # 1fvqqioj91gtknns71uc8sfx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1fvqqioj91gtknns71uc8sfx|03|net"; nocase; ) # 2uw9hv1ssnk7h4lrvdrjrusyy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2uw9hv1ssnk7h4lrvdrjrusyy|03|biz"; nocase; ) # vyyrskwykdu6qroqk31qptvp3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vyyrskwykdu6qroqk31qptvp3|03|org"; nocase; ) # 19onnv8tsngsn1ydq6fntc1ery.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19onnv8tsngsn1ydq6fntc1ery|03|biz"; nocase; ) # 151mfqr1pmcmmeuq3vw65lbdc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|151mfqr1pmcmmeuq3vw65lbdc4|03|net"; nocase; ) # pvvrio13ldrjt13friwa1i1qekm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pvvrio13ldrjt13friwa1i1qekm|03|com"; nocase; ) # 1lwq3g4cbtjxo1qji4rv1p02vng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lwq3g4cbtjxo1qji4rv1p02vng|03|net"; nocase; ) # yiwnbb1caowsgcjf5az1gnkicx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yiwnbb1caowsgcjf5az1gnkicx|03|biz"; nocase; ) # behe7g8q09uvl9wuos1qlsiiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|behe7g8q09uvl9wuos1qlsiiu|03|com"; nocase; ) # oyxxn09u86kju0cb0j1wzpp4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oyxxn09u86kju0cb0j1wzpp4u|03|net"; nocase; ) # 17tlpb2561qci9c5lq13kdc55.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17tlpb2561qci9c5lq13kdc55|03|com"; nocase; ) # 1amrtjx1jj366418rta0ug5zuq7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1amrtjx1jj366418rta0ug5zuq7|03|com"; nocase; ) # d4g56ai4sj4ltxecgyss1jji.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d4g56ai4sj4ltxecgyss1jji|03|net"; nocase; ) # 1xty0844qzila3ufl88loawfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xty0844qzila3ufl88loawfm|03|com"; nocase; ) # d22qly1nz3hgh137wpt41dt8ye0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|d22qly1nz3hgh137wpt41dt8ye0|03|net"; nocase; ) # 1r1nbyk170rwqm1pk6tfi1brkodi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r1nbyk170rwqm1pk6tfi1brkodi|03|com"; nocase; ) # 1iqqdid191hjgo8q6etj574jxc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1iqqdid191hjgo8q6etj574jxc|03|net"; nocase; ) # 18q99sa118mapnazx8x41qf241p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18q99sa118mapnazx8x41qf241p|03|net"; nocase; ) # 1macgzo1gnt32fxh5df81nzxc7l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1macgzo1gnt32fxh5df81nzxc7l|03|biz"; nocase; ) # 1q464ulb7j4cgu29nlcdxuycw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q464ulb7j4cgu29nlcdxuycw|03|net"; nocase; ) # y6l00u3iqfqr1t8v4ssbiqqjd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y6l00u3iqfqr1t8v4ssbiqqjd|03|net"; nocase; ) # 17gdwvn1kifo8n10rmj1lhmxxyq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17gdwvn1kifo8n10rmj1lhmxxyq|03|biz"; nocase; ) # 4f687q1ao5klouwvd9ki9vl13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4f687q1ao5klouwvd9ki9vl13|03|org"; nocase; ) # 3kjs0n1ewh18i13l6npd1t13uj3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3kjs0n1ewh18i13l6npd1t13uj3|03|com"; nocase; ) # 1ftym5taa090t1w9sb53xkjf4i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ftym5taa090t1w9sb53xkjf4i|03|biz"; nocase; ) # 173lxlu7jdyao1lfcnk3bx57de.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|173lxlu7jdyao1lfcnk3bx57de|03|net"; nocase; ) # 19833fjenif4a6lve7j7j1fxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19833fjenif4a6lve7j7j1fxd|03|org"; nocase; ) # 1kcygr41ne5czr18334uprto5w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kcygr41ne5czr18334uprto5w|03|net"; nocase; ) # 14s9brqmnb512ojczcl1r7qmuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14s9brqmnb512ojczcl1r7qmuy|03|net"; nocase; ) # 1noat73jmdhz6h8cbajnywgij.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1noat73jmdhz6h8cbajnywgij|03|biz"; nocase; ) # ij245flkgpvu1cvfxckt5uq3k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ij245flkgpvu1cvfxckt5uq3k|03|net"; nocase; ) # zdekh56exvbh1972bg5uzvhcu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zdekh56exvbh1972bg5uzvhcu|03|net"; nocase; ) # 1ccq6u71x1w7y3acdow1ds6mbz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ccq6u71x1w7y3acdow1ds6mbz|03|org"; nocase; ) # 1lgua201qm00431gsk7eyt39qnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lgua201qm00431gsk7eyt39qnk|03|com"; nocase; ) # 13vl9a41b61afudgc0yygmyvh4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13vl9a41b61afudgc0yygmyvh4|03|com"; nocase; ) # 1pb7shdfhn9r0gd6kn7eaihzq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pb7shdfhn9r0gd6kn7eaihzq|03|com"; nocase; ) # 1jdty0hzu83a31mth0kn16cficu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jdty0hzu83a31mth0kn16cficu|03|net"; nocase; ) # 1dv3q97vqy7od1vi7y0ttf0zk5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dv3q97vqy7od1vi7y0ttf0zk5|03|biz"; nocase; ) # l1qd7hh1v9y1hr9uqkycmf36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|l1qd7hh1v9y1hr9uqkycmf36|03|com"; nocase; ) # 16asr1x1dcbc893mbmcbe427hc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16asr1x1dcbc893mbmcbe427hc|03|net"; nocase; ) # 5lswbakxuoioxag166136fva2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5lswbakxuoioxag166136fva2|03|net"; nocase; ) # uti9ia1i8uchiyf0pp91i1a8h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uti9ia1i8uchiyf0pp91i1a8h|03|biz"; nocase; ) # l4yzv01gi6we11oee018adq8y8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l4yzv01gi6we11oee018adq8y8|03|com"; nocase; ) # 160ev6h1toiz8p1i4qesil9dgvx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|160ev6h1toiz8p1i4qesil9dgvx|03|org"; nocase; ) # 79o5vn1gq1d54uq62v0n25zap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79o5vn1gq1d54uq62v0n25zap|03|net"; nocase; ) # 1awyivpgul11d10gvfv71sp3sht.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1awyivpgul11d10gvfv71sp3sht|03|net"; nocase; ) # 18ovmsa61k7ysaej8jaj18j8b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18ovmsa61k7ysaej8jaj18j8b|03|org"; nocase; ) # 4at0b21ldfr0m7bkeq1l40ggg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4at0b21ldfr0m7bkeq1l40ggg|03|net"; nocase; ) # h9qy4r3rzzy06y5m21yf3zmq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h9qy4r3rzzy06y5m21yf3zmq|03|org"; nocase; ) # kfpltkdco6gd5ztfxb1i1lsu7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kfpltkdco6gd5ztfxb1i1lsu7|03|net"; nocase; ) # ot2zn8eihjhiurjgv1767ew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ot2zn8eihjhiurjgv1767ew|03|net"; nocase; ) # 14cnkuw1etasrqgux0g01f64ndw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cnkuw1etasrqgux0g01f64ndw|03|org"; nocase; ) # oay7oxk1kez916ud8vqcntic8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oay7oxk1kez916ud8vqcntic8|03|biz"; nocase; ) # 1cluvcwk4w9ex1ccbeu957xrm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cluvcwk4w9ex1ccbeu957xrm4|03|org"; nocase; ) # 106bcjyxr72gr1o2lgm11pfhp8s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|106bcjyxr72gr1o2lgm11pfhp8s|03|com"; nocase; ) # jazb8n1xvtdsz2oovniyb88u0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jazb8n1xvtdsz2oovniyb88u0|03|org"; nocase; ) # bwffbi1w2t3nf1h4cr0a1lm78t2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bwffbi1w2t3nf1h4cr0a1lm78t2|03|org"; nocase; ) # oeg4hie57npp1fm03af1ohjilo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oeg4hie57npp1fm03af1ohjilo|03|biz"; nocase; ) # f3ophq1aj60sb127hhtt745a2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f3ophq1aj60sb127hhtt745a2|03|net"; nocase; ) # 1gylkib1hny5m1c2b5901qmyoc3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gylkib1hny5m1c2b5901qmyoc3|03|com"; nocase; ) # 17ecd7hck42701pjzedi1oqdll5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17ecd7hck42701pjzedi1oqdll5|03|net"; nocase; ) # 1qztepc1etebwp1y9mobi1f3aofg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qztepc1etebwp1y9mobi1f3aofg|03|net"; nocase; ) # 1gf55we1yntzoszeicn91y16ggl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gf55we1yntzoszeicn91y16ggl|03|org"; nocase; ) # d311abgw36t81cwcr6h15tsd21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d311abgw36t81cwcr6h15tsd21|03|org"; nocase; ) # 7mbm1815xbzjwzmwpla1j2lhyz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7mbm1815xbzjwzmwpla1j2lhyz|03|org"; nocase; ) # 1cm84ol1a25rnmy00h2a1xvast3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cm84ol1a25rnmy00h2a1xvast3|03|com"; nocase; ) # 13o8r7a16qosge4qaweed5xxiw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13o8r7a16qosge4qaweed5xxiw|03|biz"; nocase; ) # 1crd1wul32zcm17ju1sx1fheeaf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1crd1wul32zcm17ju1sx1fheeaf|03|org"; nocase; ) # 15n6ltp1f6qc2atwaq0bkd4mct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15n6ltp1f6qc2atwaq0bkd4mct|03|com"; nocase; ) # a3gog4doxhqq145pkp1qri5c7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3gog4doxhqq145pkp1qri5c7|03|org"; nocase; ) # 1wnpirs1zb6211cvqr4imf276s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wnpirs1zb6211cvqr4imf276s|03|net"; nocase; ) # 1gb43x51f4wib0uojy7f1128rwv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gb43x51f4wib0uojy7f1128rwv|03|org"; nocase; ) # 10o3vx6km0zuzlvzcjjlgcgfh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10o3vx6km0zuzlvzcjjlgcgfh|03|net"; nocase; ) # h9ut0pqk037k127ajxv1qppw9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h9ut0pqk037k127ajxv1qppw9r|03|com"; nocase; ) # 1trtdtdx235cl1rox4rqz78tui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1trtdtdx235cl1rox4rqz78tui|03|net"; nocase; ) # 1sugxnncpgyklkkei1yfyarj8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sugxnncpgyklkkei1yfyarj8|03|org"; nocase; ) # 1ji8wsfiz5qo8ewrzrz1ecjw5t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ji8wsfiz5qo8ewrzrz1ecjw5t|03|net"; nocase; ) # enxs151xo5zty13vfl7h1l2o2xy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|enxs151xo5zty13vfl7h1l2o2xy|03|org"; nocase; ) # naeco1hp8h0w1w6ljy8fzguq4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|naeco1hp8h0w1w6ljy8fzguq4|03|net"; nocase; ) # mrryyj1othumj1wm4sj68b4dq0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mrryyj1othumj1wm4sj68b4dq0|03|net"; nocase; ) # 1uecwt75vae3vjmn7v9iat78h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uecwt75vae3vjmn7v9iat78h|03|org"; nocase; ) # 7zz8pem0wip81yr7hdjt5n32i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7zz8pem0wip81yr7hdjt5n32i|03|org"; nocase; ) # cq8d7akr84np7o0dky5i2s0m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cq8d7akr84np7o0dky5i2s0m|03|org"; nocase; ) # 11pt171qdxks11agpf6i1kyh7b2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11pt171qdxks11agpf6i1kyh7b2|03|com"; nocase; ) # 1hirk5p38ickbo803vg8dm8nw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hirk5p38ickbo803vg8dm8nw|03|org"; nocase; ) # 118s73nfz8i7uadue1x1k5yt8r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|118s73nfz8i7uadue1x1k5yt8r|03|net"; nocase; ) # 5enes5ffq3jyq3ezkr1hwij4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5enes5ffq3jyq3ezkr1hwij4h|03|net"; nocase; ) # 1vblqxf1a956hp1w9kfaf2l7yvo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vblqxf1a956hp1w9kfaf2l7yvo|03|biz"; nocase; ) # 14nr7cn1ds7hgl11pzwb818d3t0i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14nr7cn1ds7hgl11pzwb818d3t0i|03|com"; nocase; ) # 1iguw4h1k3wl83hjw68eqw6jb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1iguw4h1k3wl83hjw68eqw6jb|03|org"; nocase; ) # dvxadcmsx64x1sh3d051a37s09.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dvxadcmsx64x1sh3d051a37s09|03|net"; nocase; ) # 1h92h8p9zzhus210u801y5jrxp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h92h8p9zzhus210u801y5jrxp|03|biz"; nocase; ) # 1rs67x113rhr3x6b0qjlgxax2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rs67x113rhr3x6b0qjlgxax2|03|org"; nocase; ) # ovw0vht6ytc21thlwj4tckp99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovw0vht6ytc21thlwj4tckp99|03|com"; nocase; ) # a6stdj1n1im771o4nuhqiyp7e9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a6stdj1n1im771o4nuhqiyp7e9|03|org"; nocase; ) # ngs8pl1l71ousr990981kjxzgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ngs8pl1l71ousr990981kjxzgj|03|com"; nocase; ) # 1nwvxs71m6sal77htgo61kri068.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nwvxs71m6sal77htgo61kri068|03|com"; nocase; ) # 1aldo0w10mc06gynmnpf1jy78o0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aldo0w10mc06gynmnpf1jy78o0|03|biz"; nocase; ) # 1xgbk7n12s8dxi80tqu51r1skqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xgbk7n12s8dxi80tqu51r1skqc|03|org"; nocase; ) # 1n9wsoq1y3xpkahbcza119nr5qx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n9wsoq1y3xpkahbcza119nr5qx|03|com"; nocase; ) # 1oyq5341wz5gvi1xg148g11lf8d1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1oyq5341wz5gvi1xg148g11lf8d1|03|org"; nocase; ) # 1nagir71vnxfacyd219ditrt20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nagir71vnxfacyd219ditrt20|03|net"; nocase; ) # immxiarmp635vuvz71frw4sb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|immxiarmp635vuvz71frw4sb|03|biz"; nocase; ) # dlytpfwxqrj91s5dcub1pjpcz0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dlytpfwxqrj91s5dcub1pjpcz0|03|net"; nocase; ) # 6l4rzgghp5xdyol5cl19jorh6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6l4rzgghp5xdyol5cl19jorh6|03|net"; nocase; ) # tr44eo2yvsz7jwgv0t93ppzn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tr44eo2yvsz7jwgv0t93ppzn|03|biz"; nocase; ) # 1bfzhagk5mksu105jp6aptwebc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bfzhagk5mksu105jp6aptwebc|03|org"; nocase; ) # 14b3l0f8q1y5d1u7x5wi1ma7k0h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14b3l0f8q1y5d1u7x5wi1ma7k0h|03|biz"; nocase; ) # bmbb2p1vm7fmc1vvfnneeywg9y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bmbb2p1vm7fmc1vvfnneeywg9y|03|com"; nocase; ) # 142vonp99vgoixytvdbff90i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|142vonp99vgoixytvdbff90i3|03|com"; nocase; ) # 1f2h67cxq3lkd1agb3fo3vovq7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f2h67cxq3lkd1agb3fo3vovq7|03|com"; nocase; ) # 35u4c4p6xwafahcafz13ms5os.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|35u4c4p6xwafahcafz13ms5os|03|net"; nocase; ) # 1esi7a81vn8xuy1luvg0z1pcocxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1esi7a81vn8xuy1luvg0z1pcocxj|03|com"; nocase; ) # aee2wt40oamz1htwqzj1oj66uo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aee2wt40oamz1htwqzj1oj66uo|03|biz"; nocase; ) # 11aelztumd8xe1vrrex7x3d7vh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11aelztumd8xe1vrrex7x3d7vh|03|net"; nocase; ) # 6rozhaxvt0py1hf9oziskmo4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6rozhaxvt0py1hf9oziskmo4u|03|biz"; nocase; ) # 1wxpxt61imsvt0h42qp21r4jjra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wxpxt61imsvt0h42qp21r4jjra|03|org"; nocase; ) # ofa7rlijtnz518f6kliqysjx3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ofa7rlijtnz518f6kliqysjx3|03|org"; nocase; ) # 19z9bw41l17gjtiavxlr1olrdj6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19z9bw41l17gjtiavxlr1olrdj6|03|net"; nocase; ) # 1kkzsa9nycwx71jgpn2x8x088d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kkzsa9nycwx71jgpn2x8x088d|03|biz"; nocase; ) # 28ogtm1evayk17ihegs1bi7dqj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|28ogtm1evayk17ihegs1bi7dqj|03|net"; nocase; ) # 1qz0rrk1olxx6f4bz5sdhb8zql.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qz0rrk1olxx6f4bz5sdhb8zql|03|net"; nocase; ) # 1w3d6v514ko454izmf8wismly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w3d6v514ko454izmf8wismly|03|org"; nocase; ) # w0pjcy1xdv5j0117k79013oiy4k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w0pjcy1xdv5j0117k79013oiy4k|03|biz"; nocase; ) # 83kz4h19hju2bq038tc7uv81e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|83kz4h19hju2bq038tc7uv81e|03|net"; nocase; ) # 1lndnwtk5vzavqvpktj1ggeahn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lndnwtk5vzavqvpktj1ggeahn|03|biz"; nocase; ) # rjztravhmstr16qtzla1mcbjf7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rjztravhmstr16qtzla1mcbjf7|03|org"; nocase; ) # ee1vgsfegn4blc28qi1i0x8eu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ee1vgsfegn4blc28qi1i0x8eu|03|net"; nocase; ) # 1vhx80a8tueiwm2839urlcbp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vhx80a8tueiwm2839urlcbp7|03|net"; nocase; ) # 1qbns7zgrn3l1b4lf4a37750a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1qbns7zgrn3l1b4lf4a37750a|03|com"; nocase; ) # gyzazs1v6yyp714qk5yzrehp1u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gyzazs1v6yyp714qk5yzrehp1u|03|com"; nocase; ) # 13s95bt1wp99ukavlm0s1pi3n1d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13s95bt1wp99ukavlm0s1pi3n1d|03|org"; nocase; ) # 4unedc16jxr7d158f1wq1lwvs7t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4unedc16jxr7d158f1wq1lwvs7t|03|org"; nocase; ) # 3eakqg23fqfx1k4tv421lv4t8z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3eakqg23fqfx1k4tv421lv4t8z|03|net"; nocase; ) # rwsnsj1hrm4jb3o8h681f6plly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rwsnsj1hrm4jb3o8h681f6plly|03|org"; nocase; ) # x5h7m21dwgjwq1yiugdqmt5xzh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x5h7m21dwgjwq1yiugdqmt5xzh|03|net"; nocase; ) # 1d5t2971ayvhk49lokue1f3vnfh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d5t2971ayvhk49lokue1f3vnfh|03|biz"; nocase; ) # 1rkrqoizjvl21aovvfw1gnh6ay.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rkrqoizjvl21aovvfw1gnh6ay|03|biz"; nocase; ) # v7wjuk1mnq62p12xkv8n1vsiltv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|v7wjuk1mnq62p12xkv8n1vsiltv|03|org"; nocase; ) # 17526l7zj98pmdo55qs19eeqn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17526l7zj98pmdo55qs19eeqn|03|biz"; nocase; ) # rdfl351cclndkkhwcgr5hbcdp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rdfl351cclndkkhwcgr5hbcdp|03|net"; nocase; ) # csew5nr6hpjz1gwpvj61m9azm9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|csew5nr6hpjz1gwpvj61m9azm9|03|com"; nocase; ) # 1sva9olzaymdp1ieiy1n9ejhad.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sva9olzaymdp1ieiy1n9ejhad|03|org"; nocase; ) # 15e86hi2pihew5gjoce1q6eqp7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15e86hi2pihew5gjoce1q6eqp7|03|biz"; nocase; ) # aczvvs1cy9z9g6qkw57couqcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aczvvs1cy9z9g6qkw57couqcu|03|com"; nocase; ) # hp8ef21slxk2bwf2tz91r5q4gq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hp8ef21slxk2bwf2tz91r5q4gq|03|net"; nocase; ) # zxd38bq1lwa1p457u51m2bnaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zxd38bq1lwa1p457u51m2bnaa|03|org"; nocase; ) # 1o4ir7k9r226y1vcc3mq1pw3rmp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4ir7k9r226y1vcc3mq1pw3rmp|03|net"; nocase; ) # 1qx2vrz11ib80x179izjs1xcwi6w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qx2vrz11ib80x179izjs1xcwi6w|03|com"; nocase; ) # ewmz27b89dg9r0rgq0jmfjw9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ewmz27b89dg9r0rgq0jmfjw9|03|net"; nocase; ) # vi95kzr4nb6hhi4viu5wjmbg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vi95kzr4nb6hhi4viu5wjmbg|03|net"; nocase; ) # 4f1sz21bouxc23hz7431mjyu8l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4f1sz21bouxc23hz7431mjyu8l|03|net"; nocase; ) # rtjiv01r84znz1lex8kt181s1g1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rtjiv01r84znz1lex8kt181s1g1|03|net"; nocase; ) # xcxglw2ttny1fucr8q14dc7a7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xcxglw2ttny1fucr8q14dc7a7|03|net"; nocase; ) # 7obh9qxk822d13umakxqz6hv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7obh9qxk822d13umakxqz6hv8|03|com"; nocase; ) # 1n3umipcul0hb1xz00lqtl4xnx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n3umipcul0hb1xz00lqtl4xnx|03|com"; nocase; ) # 1xrn9ye1nkvjidyy3pum15n756g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xrn9ye1nkvjidyy3pum15n756g|03|org"; nocase; ) # ensknmblyn5y1l0vf9x1f2fft1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ensknmblyn5y1l0vf9x1f2fft1|03|com"; nocase; ) # 1miry6a1otjgxj1dmwsfo1sgp2hp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1miry6a1otjgxj1dmwsfo1sgp2hp|03|org"; nocase; ) # aiog6j6ma0sx1xk30urmjw2yj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aiog6j6ma0sx1xk30urmjw2yj|03|biz"; nocase; ) # 1gbepbm1cb5wq24ge2akntixs0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gbepbm1cb5wq24ge2akntixs0|03|org"; nocase; ) # 1esnc1d135o8wp1j7yn608szn7k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1esnc1d135o8wp1j7yn608szn7k|03|biz"; nocase; ) # kilqyj6plue1834lgs18un20p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kilqyj6plue1834lgs18un20p|03|com"; nocase; ) # 1kyn8y21q1a1kw1nx9fbx16wiav6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kyn8y21q1a1kw1nx9fbx16wiav6|03|com"; nocase; ) # 6p65y510ivuovgbfbtj1a46wo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6p65y510ivuovgbfbtj1a46wo|03|org"; nocase; ) # 1go9c3v1j1p1aa1cgqbc2g6slx0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1go9c3v1j1p1aa1cgqbc2g6slx0|03|net"; nocase; ) # 14l2gs91mgyg5cvs34tk2iddbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14l2gs91mgyg5cvs34tk2iddbo|03|com"; nocase; ) # 3ziav3xhbewm12iejyw18yvjr0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ziav3xhbewm12iejyw18yvjr0|03|org"; nocase; ) # 8miswq17md4zj56kfad1i4fsyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8miswq17md4zj56kfad1i4fsyk|03|com"; nocase; ) # 5tfjpo1f6k6e013tkqfmunr252.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5tfjpo1f6k6e013tkqfmunr252|03|org"; nocase; ) # 1y0nlo71ghhpne1s014sq14c4onb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1y0nlo71ghhpne1s014sq14c4onb|03|org"; nocase; ) # 198u4501c0xhaxils9y3cmf6tr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|198u4501c0xhaxils9y3cmf6tr|03|com"; nocase; ) # 58m2nrz6f18j1f9hmamigwfa7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|58m2nrz6f18j1f9hmamigwfa7|03|org"; nocase; ) # s259bxis9rl71a5g8czf2rmyg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s259bxis9rl71a5g8czf2rmyg|03|com"; nocase; ) # 1ezn9qj162pdhd1xq74rplz72ab.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ezn9qj162pdhd1xq74rplz72ab|03|net"; nocase; ) # 1edsl5o1bug120e1bqpj1ynzvug.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1edsl5o1bug120e1bqpj1ynzvug|03|com"; nocase; ) # 5y10t6j1msrdavqbyzpa40xa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5y10t6j1msrdavqbyzpa40xa|03|net"; nocase; ) # 1323kci7bc39mflmf5avf0cad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1323kci7bc39mflmf5avf0cad|03|net"; nocase; ) # 4feiqc11q38vo1i3mt3epf848d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4feiqc11q38vo1i3mt3epf848d|03|biz"; nocase; ) # d4cpf61ndk7cqdexd9u89r6el.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d4cpf61ndk7cqdexd9u89r6el|03|net"; nocase; ) # 1uulz22qeqpw51qo3rtt1dttwra.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uulz22qeqpw51qo3rtt1dttwra|03|com"; nocase; ) # dqsw4ot27q21toe7l81nvdlfj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dqsw4ot27q21toe7l81nvdlfj|03|net"; nocase; ) # 1m8tpgh170xlcx16vh3sm1svzo0d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1m8tpgh170xlcx16vh3sm1svzo0d|03|com"; nocase; ) # 18ybkulbzgdb21xu8bzy8uqrfg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ybkulbzgdb21xu8bzy8uqrfg|03|net"; nocase; ) # 2q3v81wd1sh1t6lq6ot575bm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2q3v81wd1sh1t6lq6ot575bm|03|org"; nocase; ) # mz5du01b8craasnrool1evvy7t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mz5du01b8craasnrool1evvy7t|03|net"; nocase; ) # h2tu2a13i482mxz9ei6yfo0c7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h2tu2a13i482mxz9ei6yfo0c7|03|org"; nocase; ) # d7jip3y5y5t419n6w9u1u75857.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|d7jip3y5y5t419n6w9u1u75857|03|com"; nocase; ) # 5skfvg1qig0wksani85hh7a4n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5skfvg1qig0wksani85hh7a4n|03|net"; nocase; ) # 33sbn0fdz3u31n08x17fqc33m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|33sbn0fdz3u31n08x17fqc33m|03|org"; nocase; ) # rzmg5l1jqgzloat5u9m1yex065.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rzmg5l1jqgzloat5u9m1yex065|03|org"; nocase; ) # 1y2mdvkauc7rfy7g5961jenxez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2mdvkauc7rfy7g5961jenxez|03|com"; nocase; ) # 1kq9vge1j2v70m1jj3ky41akchnl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kq9vge1j2v70m1jj3ky41akchnl|03|org"; nocase; ) # gkh1o21e57f7wjqto3j1t5k7cz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gkh1o21e57f7wjqto3j1t5k7cz|03|net"; nocase; ) # ehvy9g1kswi691wz9x9c1ef7ncp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ehvy9g1kswi691wz9x9c1ef7ncp|03|biz"; nocase; ) # 163wnv6887c0n3trueg1fxu3sb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|163wnv6887c0n3trueg1fxu3sb|03|com"; nocase; ) # 171v9nd19vlar21r6imrc1bj4da0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|171v9nd19vlar21r6imrc1bj4da0|03|biz"; nocase; ) # 94pxww1o26svqk62cbs9avi0v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|94pxww1o26svqk62cbs9avi0v|03|net"; nocase; ) # lfzw5p1bfxwwe15fi2bcqs8u8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lfzw5p1bfxwwe15fi2bcqs8u8g|03|org"; nocase; ) # 1mafr1xp2zwhxsefbt2yry2dz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mafr1xp2zwhxsefbt2yry2dz|03|net"; nocase; ) # vsgdhxqct6yn1ez8ro91f8evk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vsgdhxqct6yn1ez8ro91f8evk9|03|com"; nocase; ) # yvw4w3b3rvrm1dkhvk3161vi90.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yvw4w3b3rvrm1dkhvk3161vi90|03|org"; nocase; ) # 3lfks6ii6qee2u9t8e1s6xj4c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3lfks6ii6qee2u9t8e1s6xj4c|03|org"; nocase; ) # 1lagbn51hearlzzj7bd61eswyc7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lagbn51hearlzzj7bd61eswyc7|03|net"; nocase; ) # 1ud8rp61sheqj91d0ab1vx6zf56.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ud8rp61sheqj91d0ab1vx6zf56|03|net"; nocase; ) # 1a4ahjx1arv2zh4k7g6il19rzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a4ahjx1arv2zh4k7g6il19rzj|03|com"; nocase; ) # nhvjg41h5ze7nfglyao18udiy2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nhvjg41h5ze7nfglyao18udiy2|03|org"; nocase; ) # b8b0np1hd505n18djwhp18kc6ml.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b8b0np1hd505n18djwhp18kc6ml|03|net"; nocase; ) # hn1ldrhoco7a1kme4trqvfakh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hn1ldrhoco7a1kme4trqvfakh|03|biz"; nocase; ) # 1av366m1ivwezg1bdanxh1ofyecd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1av366m1ivwezg1bdanxh1ofyecd|03|net"; nocase; ) # 1vbpmwv2j9yjzwrozd91y0mivk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vbpmwv2j9yjzwrozd91y0mivk|03|net"; nocase; ) # f7nq2i1ypprcw6vj5qk1nis6q5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|f7nq2i1ypprcw6vj5qk1nis6q5|03|net"; nocase; ) # 10qtb9u8qiwke6jiug11t7f54c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10qtb9u8qiwke6jiug11t7f54c|03|org"; nocase; ) # vtofcy1c575inpk7j9j1b8hnsm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vtofcy1c575inpk7j9j1b8hnsm|03|net"; nocase; ) # 1sa5swz151fmipzw7r4je4rh07.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sa5swz151fmipzw7r4je4rh07|03|com"; nocase; ) # fpjrq67rp228aktm5lzqoz7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fpjrq67rp228aktm5lzqoz7g|03|net"; nocase; ) # 1pkl316uqi7j1jg9xuaanb9ul.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pkl316uqi7j1jg9xuaanb9ul|03|net"; nocase; ) # 1lk3j0yqsttgmbgc7odqwell9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lk3j0yqsttgmbgc7odqwell9|03|org"; nocase; ) # 66lz11rikn0y1ly433wwfnk2q.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|66lz11rikn0y1ly433wwfnk2q|03|com"; nocase; ) # 1cgblbi1lcxh66qmrtm16rhykt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cgblbi1lcxh66qmrtm16rhykt|03|com"; nocase; ) # 1e9v7c511oyql411z4argudqgdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e9v7c511oyql411z4argudqgdu|03|com"; nocase; ) # x2ps871ucmdge1sf7ll62u3zll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x2ps871ucmdge1sf7ll62u3zll|03|org"; nocase; ) # 1jbktmn5jfpoz3xh10b1634hvx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jbktmn5jfpoz3xh10b1634hvx|03|org"; nocase; ) # eocnxuuexc1gpzuvb7s0xght.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eocnxuuexc1gpzuvb7s0xght|03|net"; nocase; ) # 18njjxkyvhie7akadducymva.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|18njjxkyvhie7akadducymva|03|biz"; nocase; ) # xgn2wv10tqtpe1ku8l83ir79kt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xgn2wv10tqtpe1ku8l83ir79kt|03|com"; nocase; ) # 11rwj4p35ssun1o0uq8cwdytrh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11rwj4p35ssun1o0uq8cwdytrh|03|net"; nocase; ) # 9d1oykvqzg6t1nv3eoi1m63kd8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9d1oykvqzg6t1nv3eoi1m63kd8|03|net"; nocase; ) # 1gmzpl2ryki0f8aayvn5sxsrv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gmzpl2ryki0f8aayvn5sxsrv|03|org"; nocase; ) # 3mjqpwe2c791159vcjf1c9kaaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3mjqpwe2c791159vcjf1c9kaaa|03|com"; nocase; ) # 1yqkcyi1ojvzxb6a5weged45w4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yqkcyi1ojvzxb6a5weged45w4|03|net"; nocase; ) # 1w57xdr1e0guaz1duo5so13x9g3q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1w57xdr1e0guaz1duo5so13x9g3q|03|net"; nocase; ) # 7ofjcy1m3a1f1kb8qfjfreduh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ofjcy1m3a1f1kb8qfjfreduh|03|biz"; nocase; ) # kl81vtvlxvgx1frj7uh1stp7d4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kl81vtvlxvgx1frj7uh1stp7d4|03|net"; nocase; ) # 16s5te1impspd19t9jcja2lfbx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16s5te1impspd19t9jcja2lfbx|03|biz"; nocase; ) # 15o36kormj01vlkimo0148t9ty.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15o36kormj01vlkimo0148t9ty|03|net"; nocase; ) # uo6hv1rq1hr4ksut7i13thso9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uo6hv1rq1hr4ksut7i13thso9|03|net"; nocase; ) # 1gapkrn1r3cpt014x140e1pgr8uf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gapkrn1r3cpt014x140e1pgr8uf|03|org"; nocase; ) # 1snybz91hncsg35uxdiuqyevx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1snybz91hncsg35uxdiuqyevx|03|com"; nocase; ) # s6y6cg1vrxdzd1kfmnj21pg9t60.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|s6y6cg1vrxdzd1kfmnj21pg9t60|03|com"; nocase; ) # 14mdlnmt89913pe7tgmvxnmi7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14mdlnmt89913pe7tgmvxnmi7|03|com"; nocase; ) # l4wiyl14wjx97zjg07mmk90nz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4wiyl14wjx97zjg07mmk90nz|03|net"; nocase; ) # n5h3qaox5g7l1ho6pk51882ha1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n5h3qaox5g7l1ho6pk51882ha1|03|net"; nocase; ) # 1hp3fvndjngky6rn8gq2j35jr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hp3fvndjngky6rn8gq2j35jr|03|biz"; nocase; ) # 3xdk9wuqujg91eaetgo1v64p0u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3xdk9wuqujg91eaetgo1v64p0u|03|com"; nocase; ) # 1ck1uyr1kdf0o61rg5bl010cyb12.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ck1uyr1kdf0o61rg5bl010cyb12|03|biz"; nocase; ) # 1in0c2ogw3bzf1smn91u1f48jom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1in0c2ogw3bzf1smn91u1f48jom|03|com"; nocase; ) # dtqrbidefvg621eadf1uq0m6n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dtqrbidefvg621eadf1uq0m6n|03|net"; nocase; ) # 1r7d3m61mpm8vs1o2mkm81p5arm0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1r7d3m61mpm8vs1o2mkm81p5arm0|03|com"; nocase; ) # 1pjgzud1j91z021b6y4dz1n3ypjt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1pjgzud1j91z021b6y4dz1n3ypjt|03|net"; nocase; ) # 1n95q0hzrrgd2bzvz9qztmksp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1n95q0hzrrgd2bzvz9qztmksp|03|biz"; nocase; ) # 1fyisek1499nvf9o7in2130diky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fyisek1499nvf9o7in2130diky|03|org"; nocase; ) # 11yxr1ma9rnui1wkjlvy5rfpz6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11yxr1ma9rnui1wkjlvy5rfpz6|03|com"; nocase; ) # 1ezqfyew3tf2z1f6oh7p17w2g2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ezqfyew3tf2z1f6oh7p17w2g2x|03|net"; nocase; ) # ebpjtadv8p9b1frmf8tzp4j5h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ebpjtadv8p9b1frmf8tzp4j5h|03|com"; nocase; ) # 1lfn6ts15883sm1mmrdi91v9iwl7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lfn6ts15883sm1mmrdi91v9iwl7|03|org"; nocase; ) # 1ouje7c5wtbt7kpqid7l0qsha.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ouje7c5wtbt7kpqid7l0qsha|03|org"; nocase; ) # 1bm2ykrhfhe3i5pdjxy1oa6owj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bm2ykrhfhe3i5pdjxy1oa6owj|03|net"; nocase; ) # 1g96frzdl5bwq6nb43s1nhb093.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1g96frzdl5bwq6nb43s1nhb093|03|com"; nocase; ) # 74mqpigz3rq1lhkp7xmixcrn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|74mqpigz3rq1lhkp7xmixcrn|03|org"; nocase; ) # wz46af13lk8qj1h8zl3v1tpyyhe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wz46af13lk8qj1h8zl3v1tpyyhe|03|biz"; nocase; ) # rkbqbb1s2ap8011ecn911div5jn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|rkbqbb1s2ap8011ecn911div5jn|03|net"; nocase; ) # puffpq1cfzulng29ncv1eapuil.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|puffpq1cfzulng29ncv1eapuil|03|net"; nocase; ) # wu7bkmtre6r21q04437j4y19r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wu7bkmtre6r21q04437j4y19r|03|net"; nocase; ) # 1bbc5vw35ue1t17hu7s71nq1wyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bbc5vw35ue1t17hu7s71nq1wyz|03|com"; nocase; ) # 1pinxmq1bt0h0r1iv4jxyvdlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pinxmq1bt0h0r1iv4jxyvdlj|03|org"; nocase; ) # 1e5gjwv1l79nnbh8kv83o3j2tz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e5gjwv1l79nnbh8kv83o3j2tz|03|net"; nocase; ) # vm86tt1ov893a3vr0acvtdv3i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vm86tt1ov893a3vr0acvtdv3i|03|org"; nocase; ) # 1xqbar5p00xdzrds6xxiygdlq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xqbar5p00xdzrds6xxiygdlq|03|net"; nocase; ) # 1n0ygj11coq66zl9dbt02r951h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n0ygj11coq66zl9dbt02r951h|03|net"; nocase; ) # cuz4yfx9wm0m1io7f7esk1mo6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cuz4yfx9wm0m1io7f7esk1mo6|03|net"; nocase; ) # 1m948bblrk18k1svls5x1rfjsnh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m948bblrk18k1svls5x1rfjsnh|03|com"; nocase; ) # diepnq1ayrz0p1ppp5p51yeao7k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|diepnq1ayrz0p1ppp5p51yeao7k|03|net"; nocase; ) # 1rty1sipunn9t17uaom11gwu1i2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rty1sipunn9t17uaom11gwu1i2|03|net"; nocase; ) # 1erhxzvozs5cj9r7zn91u8cui.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1erhxzvozs5cj9r7zn91u8cui|03|net"; nocase; ) # 18bx7wmifzsz418ckckz1anz4zy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18bx7wmifzsz418ckckz1anz4zy|03|biz"; nocase; ) # 1g2kwyp1bavly9pzbf0v19gehhi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g2kwyp1bavly9pzbf0v19gehhi|03|org"; nocase; ) # fm27i5we22zamvryuas7vgg0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fm27i5we22zamvryuas7vgg0|03|biz"; nocase; ) # 16rl0ry2hgjxttdh18lpo6hpu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16rl0ry2hgjxttdh18lpo6hpu|03|org"; nocase; ) # 1dosxuzlwn3l415ezrw213joehd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dosxuzlwn3l415ezrw213joehd|03|com"; nocase; ) # 1a7udsk4v0wjlsf2ovk1530ejp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1a7udsk4v0wjlsf2ovk1530ejp|03|org"; nocase; ) # 1d2xv1r6jt1eg1nxwljkbbcwd8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d2xv1r6jt1eg1nxwljkbbcwd8|03|net"; nocase; ) # ffvk73qwab2wjmf0a0bnfwh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ffvk73qwab2wjmf0a0bnfwh|03|com"; nocase; ) # 7fv49q17cu3op1rp8wg017zxylv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7fv49q17cu3op1rp8wg017zxylv|03|com"; nocase; ) # 94ecek13y2i5eqncn321elclsf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|94ecek13y2i5eqncn321elclsf|03|net"; nocase; ) # 1qp5tgm18ux8phmzmla81l55ljp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qp5tgm18ux8phmzmla81l55ljp|03|org"; nocase; ) # wwxt8dem2uf03u9kbrrhmxsz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wwxt8dem2uf03u9kbrrhmxsz|03|biz"; nocase; ) # 15jxe337xgyiais7ghvsd5z1c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15jxe337xgyiais7ghvsd5z1c|03|com"; nocase; ) # 1bpzf0vzmpcn21cv1g6lsmdvjc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bpzf0vzmpcn21cv1g6lsmdvjc|03|net"; nocase; ) # h23hqv19sq8m2ew4c9lwccvtb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h23hqv19sq8m2ew4c9lwccvtb|03|org"; nocase; ) # 1jfa22s11egw661l6n4j5h9vle6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfa22s11egw661l6n4j5h9vle6|03|com"; nocase; ) # 14dntl1rug8eo1uaf2en1jz0s36.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14dntl1rug8eo1uaf2en1jz0s36|03|biz"; nocase; ) # 166a3i6wkwg5m94j1pp1lmkvb1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166a3i6wkwg5m94j1pp1lmkvb1|03|org"; nocase; ) # 9vptaafreso21p06e5p5kycfa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9vptaafreso21p06e5p5kycfa|03|net"; nocase; ) # 18kprfg1eijp4j6urqn01s2n210.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18kprfg1eijp4j6urqn01s2n210|03|org"; nocase; ) # 1guothe18q6fftal8bd4zdsroa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1guothe18q6fftal8bd4zdsroa|03|net"; nocase; ) # 1xn992lleec6c6zcnje12bo6fp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xn992lleec6c6zcnje12bo6fp|03|biz"; nocase; ) # tsd2gk523c481lo6np7nwuakb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tsd2gk523c481lo6np7nwuakb|03|biz"; nocase; ) # 1dqodssjmsa8129t9u060zdnc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1dqodssjmsa8129t9u060zdnc|03|net"; nocase; ) # 1hwrxx41vh3ln7mbpoik1ofvee7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hwrxx41vh3ln7mbpoik1ofvee7|03|com"; nocase; ) # s98zuj1wzfgq41ukikjq2frexj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|s98zuj1wzfgq41ukikjq2frexj|03|biz"; nocase; ) # 11hmqbt17bjk5r1yk36i4dtnkib.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11hmqbt17bjk5r1yk36i4dtnkib|03|biz"; nocase; ) # 7ijn671eyzkylxhzk09ptjxxf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7ijn671eyzkylxhzk09ptjxxf|03|net"; nocase; ) # 11sxddgukjvsaequ1gz1ki310d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11sxddgukjvsaequ1gz1ki310d|03|net"; nocase; ) # 79s62mk2672p13brfkuknm5zx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79s62mk2672p13brfkuknm5zx|03|biz"; nocase; ) # ctmwy73ir0o11b31iaz1mzokmc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ctmwy73ir0o11b31iaz1mzokmc|03|net"; nocase; ) # 104nlv8cgl4t0fvrv3k1byx3g2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|104nlv8cgl4t0fvrv3k1byx3g2|03|org"; nocase; ) # 1xm4oaraxboea1l972nmcsv9qp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xm4oaraxboea1l972nmcsv9qp|03|com"; nocase; ) # 1wwr50yb6dd7w5ku8t3g6h8x4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wwr50yb6dd7w5ku8t3g6h8x4|03|net"; nocase; ) # t8lhs46al45i5gygttwbvris.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t8lhs46al45i5gygttwbvris|03|biz"; nocase; ) # kzc7978cep32nbrr9b8ahkrh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kzc7978cep32nbrr9b8ahkrh|03|org"; nocase; ) # 1ldw1rosivhj713l4wergj2vky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ldw1rosivhj713l4wergj2vky|03|org"; nocase; ) # 1v8x704ovhom4u0hq84kxhza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1v8x704ovhom4u0hq84kxhza|03|com"; nocase; ) # qq3hr219li62vnqqfb5sp7mqb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qq3hr219li62vnqqfb5sp7mqb|03|org"; nocase; ) # 1ve7mfk174cmka17sayqpkj1zia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ve7mfk174cmka17sayqpkj1zia|03|net"; nocase; ) # gblphp14dcaqh1e1bgrwi1wz38.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gblphp14dcaqh1e1bgrwi1wz38|03|org"; nocase; ) # vw7tp36oqhvg13iqtfs1jqln7j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vw7tp36oqhvg13iqtfs1jqln7j|03|com"; nocase; ) # fqyg5317neww03vnaht1w0cxwq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fqyg5317neww03vnaht1w0cxwq|03|biz"; nocase; ) # 1gysmaw44ozhm157a20x1ww9rx9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gysmaw44ozhm157a20x1ww9rx9|03|net"; nocase; ) # szfupn8yw7mv1njajtp94ihy3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|szfupn8yw7mv1njajtp94ihy3|03|net"; nocase; ) # kp29gr1bdx84xnwmdcmu9lsok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kp29gr1bdx84xnwmdcmu9lsok|03|net"; nocase; ) # 1320o7p1de4yc1p1xha5xnouq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1320o7p1de4yc1p1xha5xnouq|03|com"; nocase; ) # 1umzplyzivv2sy4luqov939ni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1umzplyzivv2sy4luqov939ni|03|net"; nocase; ) # 16uftb3v52u7zo4zm4t16brwht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16uftb3v52u7zo4zm4t16brwht|03|com"; nocase; ) # rrnknd14iwl7w1q9cs24t3suzr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rrnknd14iwl7w1q9cs24t3suzr|03|net"; nocase; ) # rrr3et4jz3yq39adrslit3kd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rrr3et4jz3yq39adrslit3kd|03|org"; nocase; ) # 1vjyi6v19yzntfna68af153j0io.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vjyi6v19yzntfna68af153j0io|03|com"; nocase; ) # qw7hml123jpk9bg9upkhscj1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qw7hml123jpk9bg9upkhscj1o|03|net"; nocase; ) # 1w8td3qzvvtol1sw0q9wff20e7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w8td3qzvvtol1sw0q9wff20e7|03|com"; nocase; ) # 2t1z6z1gf3pp91a2svg9m2lptt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2t1z6z1gf3pp91a2svg9m2lptt|03|com"; nocase; ) # 16aakkgor7ukbfn5im6e9k0sa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16aakkgor7ukbfn5im6e9k0sa|03|net"; nocase; ) # 1vuddlw6u9rkm3f53rqmpgc3w.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vuddlw6u9rkm3f53rqmpgc3w|03|biz"; nocase; ) # x2q7as1k48yr21afukg71c5uge1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|x2q7as1k48yr21afukg71c5uge1|03|org"; nocase; ) # flk279k3o183oud5hh1cpchy2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|flk279k3o183oud5hh1cpchy2|03|org"; nocase; ) # 1hqo2hxq8ewlm1hzcu1d17ku0dx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hqo2hxq8ewlm1hzcu1d17ku0dx|03|com"; nocase; ) # 1q7annkrojnzo1i5dpon1quhtyr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q7annkrojnzo1i5dpon1quhtyr|03|com"; nocase; ) # 4hspl21pl3y6zemd9uc16j80ag.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4hspl21pl3y6zemd9uc16j80ag|03|biz"; nocase; ) # c6omgcd52sjp1paeysqnen661.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c6omgcd52sjp1paeysqnen661|03|org"; nocase; ) # 1osbjx9zxp043qk4iimmzrkgz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1osbjx9zxp043qk4iimmzrkgz|03|net"; nocase; ) # 1dmamkr1gkue7v1skxp7i17gu10b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dmamkr1gkue7v1skxp7i17gu10b|03|biz"; nocase; ) # 1t3vsmz16fffi0aife0l1mnwict.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t3vsmz16fffi0aife0l1mnwict|03|com"; nocase; ) # 1hib4ye1cte6f5947rnnd2r6h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hib4ye1cte6f5947rnnd2r6h|03|com"; nocase; ) # 1p7kk961q638d61f3ty92rmp1gk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p7kk961q638d61f3ty92rmp1gk|03|org"; nocase; ) # 1k43yt0tpq4gc1n1l9it1e6gtuw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1k43yt0tpq4gc1n1l9it1e6gtuw|03|net"; nocase; ) # 1cve61j1h7moxaf33ztgvasisi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cve61j1h7moxaf33ztgvasisi|03|com"; nocase; ) # wy3h3816x64pp1u64kzt1j0tvg4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wy3h3816x64pp1u64kzt1j0tvg4|03|com"; nocase; ) # rpim30v6m6we1xcpk8u1hz7vj5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rpim30v6m6we1xcpk8u1hz7vj5|03|org"; nocase; ) # 1ehs7pob21m9ir0j9ut1h9ir8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ehs7pob21m9ir0j9ut1h9ir8g|03|org"; nocase; ) # k0mlg4v6s6oy38hzlk1e0laa8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k0mlg4v6s6oy38hzlk1e0laa8|03|biz"; nocase; ) # 16ggbsz1ye2hgh1fgsmvt74rt4p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16ggbsz1ye2hgh1fgsmvt74rt4p|03|biz"; nocase; ) # 1jatp6z1mt7z2u1il2i1lu49zrt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jatp6z1mt7z2u1il2i1lu49zrt|03|org"; nocase; ) # 4vhbh3by9y5w1ix3xjl1cyua6e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4vhbh3by9y5w1ix3xjl1cyua6e|03|net"; nocase; ) # xbv948oprug67u6wuek3g9fg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xbv948oprug67u6wuek3g9fg|03|org"; nocase; ) # 1cyp0lx1f63b7i1bu04tv1nlmt47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1cyp0lx1f63b7i1bu04tv1nlmt47|03|org"; nocase; ) # ua4ww1ot7q6815wjple1e6g3re.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ua4ww1ot7q6815wjple1e6g3re|03|biz"; nocase; ) # p3upse1up2vyejntkgh1gazhly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p3upse1up2vyejntkgh1gazhly|03|com"; nocase; ) # 35anbh1tgrg3ixm9yu10ez2ni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|35anbh1tgrg3ixm9yu10ez2ni|03|biz"; nocase; ) # 116ldistgld4p8fu717malwn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|116ldistgld4p8fu717malwn0|03|net"; nocase; ) # 1b33v26110rwyb12dzrms1flulpy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b33v26110rwyb12dzrms1flulpy|03|com"; nocase; ) # w5cxui1io6sxx1j5ulh61pp4b9n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|w5cxui1io6sxx1j5ulh61pp4b9n|03|org"; nocase; ) # b9wlppgges641lhejij1abd2bp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b9wlppgges641lhejij1abd2bp|03|com"; nocase; ) # 1lr50coq7ei8jlkq5pl1k3ozoz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lr50coq7ei8jlkq5pl1k3ozoz|03|biz"; nocase; ) # t7fbq21sdlg581mtob23qpbl7w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t7fbq21sdlg581mtob23qpbl7w|03|org"; nocase; ) # 1rougz76oqybe7j0a2onvwwoi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1rougz76oqybe7j0a2onvwwoi|03|net"; nocase; ) # 5hx9fwk3dct54olx67196blis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5hx9fwk3dct54olx67196blis|03|com"; nocase; ) # 15o0pe81k7py0c19e6v8m1722936.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15o0pe81k7py0c19e6v8m1722936|03|org"; nocase; ) # e1jhuj1f1rn4w19eqa0l1233n8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e1jhuj1f1rn4w19eqa0l1233n8x|03|biz"; nocase; ) # 1jimez31cxl6lvl850b1m8sv94.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jimez31cxl6lvl850b1m8sv94|03|com"; nocase; ) # 6cujuu11m3q2m1i14xt81k12qo7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6cujuu11m3q2m1i14xt81k12qo7|03|com"; nocase; ) # nua542tq6v1k138vod0185l9ir.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nua542tq6v1k138vod0185l9ir|03|org"; nocase; ) # 1fvrof31oil3vf1faq0fp55iyt2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fvrof31oil3vf1faq0fp55iyt2|03|net"; nocase; ) # iyow5l1nctetu15eabn61ngjf1w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|iyow5l1nctetu15eabn61ngjf1w|03|net"; nocase; ) # 1l4olf2b8u9irhw4juzoqgdmn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l4olf2b8u9irhw4juzoqgdmn|03|net"; nocase; ) # deghyl1pje3ni1wcwe5vyl4ww0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|deghyl1pje3ni1wcwe5vyl4ww0|03|org"; nocase; ) # 1yzk65c2scf0l1fczgiu7rr054.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yzk65c2scf0l1fczgiu7rr054|03|org"; nocase; ) # tbnb62hdlo8i6cq86r1t0zdlt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tbnb62hdlo8i6cq86r1t0zdlt|03|net"; nocase; ) # v7mj4bdrlxby1a0z0y5ief08c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v7mj4bdrlxby1a0z0y5ief08c|03|org"; nocase; ) # n7lk8p1jhqprm63imzx2jx3l8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7lk8p1jhqprm63imzx2jx3l8|03|org"; nocase; ) # 1p7dzkt1w7s0lt1t6wzai1vhyy0s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p7dzkt1w7s0lt1t6wzai1vhyy0s|03|biz"; nocase; ) # 1914tji32l3cj1250oxx1etiksm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1914tji32l3cj1250oxx1etiksm|03|com"; nocase; ) # 1c2bf341fh4k0bp1c7lckfwxr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1c2bf341fh4k0bp1c7lckfwxr|03|org"; nocase; ) # 1koo3n815iwb4i1bune96wgmted.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1koo3n815iwb4i1bune96wgmted|03|net"; nocase; ) # 19fsaql1h8z3a46sycqhw5suy1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19fsaql1h8z3a46sycqhw5suy1|03|com"; nocase; ) # yghhmg1m94mpx1nlqapw4oujwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yghhmg1m94mpx1nlqapw4oujwo|03|biz"; nocase; ) # 1bwksgdu8bmk7l9634vubsx5m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bwksgdu8bmk7l9634vubsx5m|03|org"; nocase; ) # iargsf1i1l1wqhnrpi05a8m4s.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iargsf1i1l1wqhnrpi05a8m4s|03|net"; nocase; ) # 1g1gwm91569x36y89cqd1iwsrav.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g1gwm91569x36y89cqd1iwsrav|03|net"; nocase; ) # 1921q2v1mxga004ksf3ij4auok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1921q2v1mxga004ksf3ij4auok|03|biz"; nocase; ) # 1479307qiizg91qjycob1hladg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1479307qiizg91qjycob1hladg8|03|org"; nocase; ) # b7fj3e1ntqrkw1gt61xg1cqsqw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|b7fj3e1ntqrkw1gt61xg1cqsqw3|03|biz"; nocase; ) # 19blupjoio5vb44rewz1po0hwp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19blupjoio5vb44rewz1po0hwp|03|net"; nocase; ) # 10ra3hn1qddkzb1vak1u218y42dw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ra3hn1qddkzb1vak1u218y42dw|03|biz"; nocase; ) # 1lxd3f41s483ns1ldrcbk1t8vmrr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1lxd3f41s483ns1ldrcbk1t8vmrr|03|com"; nocase; ) # 13y2kez7wwy9ihv4zgv6anmhw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13y2kez7wwy9ihv4zgv6anmhw|03|org"; nocase; ) # 1oa50ompoi56v1g9v6ae10imwyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oa50ompoi56v1g9v6ae10imwyy|03|net"; nocase; ) # 1vf5khb3hcic51jomai3zjbwq6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vf5khb3hcic51jomai3zjbwq6|03|org"; nocase; ) # 19uko46t2i6uenlzdun117tlab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19uko46t2i6uenlzdun117tlab|03|com"; nocase; ) # exj0zt1gnhqdvxmykvk19vx7lw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exj0zt1gnhqdvxmykvk19vx7lw|03|biz"; nocase; ) # 83bigm121vs8h6c387a1xyq3eo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|83bigm121vs8h6c387a1xyq3eo|03|com"; nocase; ) # q6bqgczbx3pp6wemxz1wztyfy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q6bqgczbx3pp6wemxz1wztyfy|03|net"; nocase; ) # 1p6kehvc2vd5l1xof1ns18p4zqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p6kehvc2vd5l1xof1ns18p4zqw|03|com"; nocase; ) # chdt4gmn05hk4uos2vpubfxv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|chdt4gmn05hk4uos2vpubfxv|03|net"; nocase; ) # kdrcrcyz9tcy5tboo81quzv36.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kdrcrcyz9tcy5tboo81quzv36|03|net"; nocase; ) # igg13711ftnh11ra67wy1lpwbxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|igg13711ftnh11ra67wy1lpwbxh|03|com"; nocase; ) # 1w1bpa813z920e1ipblhhsu9xnp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w1bpa813z920e1ipblhhsu9xnp|03|biz"; nocase; ) # qazqhpuw8xrx1xqmc5x1lw1jv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qazqhpuw8xrx1xqmc5x1lw1jv6|03|net"; nocase; ) # 18zyrcdbqq156n0vhtj1qk4tkf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18zyrcdbqq156n0vhtj1qk4tkf|03|org"; nocase; ) # yzlt491u216ug1czdugz1wdlg8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yzlt491u216ug1czdugz1wdlg8h|03|net"; nocase; ) # f57qiy1aiaoba14w7u2h1eo7ixi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f57qiy1aiaoba14w7u2h1eo7ixi|03|com"; nocase; ) # 14bqzdx13o9mqu1sdckqm1w6r59a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14bqzdx13o9mqu1sdckqm1w6r59a|03|net"; nocase; ) # 1cqsqyh1c8oxgo1do9bpdm37m03.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cqsqyh1c8oxgo1do9bpdm37m03|03|net"; nocase; ) # ei26ub5wgfvm1d66lep6drwiu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ei26ub5wgfvm1d66lep6drwiu|03|org"; nocase; ) # 18tye2ggtahbc1hc2h8i1k3ig8v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tye2ggtahbc1hc2h8i1k3ig8v|03|org"; nocase; ) # 1b7tmoroimjbo1s9zan43tszgx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b7tmoroimjbo1s9zan43tszgx|03|org"; nocase; ) # 1vjhrzavsvi5s1d19j73kd6i61.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vjhrzavsvi5s1d19j73kd6i61|03|com"; nocase; ) # fgnjou1jdh7ux1y186192v1hra.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fgnjou1jdh7ux1y186192v1hra|03|org"; nocase; ) # 175jl2t9bzabasmzepa1subcyb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|175jl2t9bzabasmzepa1subcyb|03|org"; nocase; ) # 1elvfxe1rwu8711ndrhoo1t4njvp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1elvfxe1rwu8711ndrhoo1t4njvp|03|com"; nocase; ) # 1mqdbmwyk9nivb23dsr1fjjwx6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mqdbmwyk9nivb23dsr1fjjwx6|03|com"; nocase; ) # 1epnzb31oo7h3h10rgwudodxjty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1epnzb31oo7h3h10rgwudodxjty|03|biz"; nocase; ) # 14xy7tkmhgx2uedsb6prm5hi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|14xy7tkmhgx2uedsb6prm5hi|03|net"; nocase; ) # 6ne06ruhkwuh1tbsy9m13tzew1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6ne06ruhkwuh1tbsy9m13tzew1|03|org"; nocase; ) # 1884q5tahtefp1pyj98mq5as1m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1884q5tahtefp1pyj98mq5as1m|03|net"; nocase; ) # 1c1i0b24ygy721tctpu014gd132.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c1i0b24ygy721tctpu014gd132|03|com"; nocase; ) # 2ti5ekzgdpedk34rvepl6pdd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2ti5ekzgdpedk34rvepl6pdd|03|org"; nocase; ) # ue4vtl1pkosi51xw4wr0o3rcqv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ue4vtl1pkosi51xw4wr0o3rcqv|03|net"; nocase; ) # ccgkm2ffbhj21jrg0vvx6ho03.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ccgkm2ffbhj21jrg0vvx6ho03|03|biz"; nocase; ) # wr2y9e1850kelcj4hq2143au05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wr2y9e1850kelcj4hq2143au05|03|org"; nocase; ) # 1ubt2ujnfbqr81jw6iih7r8yip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ubt2ujnfbqr81jw6iih7r8yip|03|net"; nocase; ) # g72x6j1i4h2y41auivvk1kymfx0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g72x6j1i4h2y41auivvk1kymfx0|03|com"; nocase; ) # l04gcrbiejda1x8470h668z1r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l04gcrbiejda1x8470h668z1r|03|net"; nocase; ) # 1q3a19y1vn0qlu1yz9pp2uvuvvr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q3a19y1vn0qlu1yz9pp2uvuvvr|03|biz"; nocase; ) # 12hwqli1v7rvjb1ej7lmd1ps1dqf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12hwqli1v7rvjb1ej7lmd1ps1dqf|03|net"; nocase; ) # 1j4kziz6vdmhx119rhpm1yp56xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j4kziz6vdmhx119rhpm1yp56xh|03|net"; nocase; ) # yvn2og5p97s21o82f4pr0sr8z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yvn2og5p97s21o82f4pr0sr8z|03|org"; nocase; ) # 1qzkucz1cey72p1u1esmd1p708ss.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qzkucz1cey72p1u1esmd1p708ss|03|net"; nocase; ) # 1coas9j1w7kz3h1gauw1s18ihjw3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1coas9j1w7kz3h1gauw1s18ihjw3|03|biz"; nocase; ) # b2g3an1m1jhy6bhu56k1ofy4h3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b2g3an1m1jhy6bhu56k1ofy4h3|03|org"; nocase; ) # 1efqf2x1epudixiuoigc1mevscl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1efqf2x1epudixiuoigc1mevscl|03|net"; nocase; ) # i058f41hgj2krqtc0ao163i3be.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i058f41hgj2krqtc0ao163i3be|03|net"; nocase; ) # 1urk15x107ojjthxbwus11oq0w2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1urk15x107ojjthxbwus11oq0w2|03|com"; nocase; ) # 1ajf1szjiwypt18rh7701e047ud.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ajf1szjiwypt18rh7701e047ud|03|org"; nocase; ) # 1sj4huk2ziyy38nrp2x1t4a53y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sj4huk2ziyy38nrp2x1t4a53y|03|com"; nocase; ) # 1qt9qrknp1sxep026s41fkhdkx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qt9qrknp1sxep026s41fkhdkx|03|org"; nocase; ) # 3pndwc1x4zdf11bqm50afnbji.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3pndwc1x4zdf11bqm50afnbji|03|biz"; nocase; ) # 10evlz0cby11a1eczywdwt26az.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10evlz0cby11a1eczywdwt26az|03|com"; nocase; ) # lgq4zek49bbi1rm4npg11o1br7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lgq4zek49bbi1rm4npg11o1br7|03|org"; nocase; ) # haf8pkqxc6fm1l8z81d15sb908.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|haf8pkqxc6fm1l8z81d15sb908|03|biz"; nocase; ) # jr80ld13ee4n719aqtaz14eaehq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jr80ld13ee4n719aqtaz14eaehq|03|com"; nocase; ) # 1bhp88q1uwyzm61gbah3tpeicki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bhp88q1uwyzm61gbah3tpeicki|03|net"; nocase; ) # 1ks39ze48nruw9ahad01vhi6lt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ks39ze48nruw9ahad01vhi6lt|03|com"; nocase; ) # 11rpobx18if59x4ektwh1fb025j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11rpobx18if59x4ektwh1fb025j|03|org"; nocase; ) # 17snaa11t0xkye1g615mo14lcizo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17snaa11t0xkye1g615mo14lcizo|03|biz"; nocase; ) # 12e4vzfnfmm07g8wi0ndt1rxs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12e4vzfnfmm07g8wi0ndt1rxs|03|com"; nocase; ) # ee36tu7ru7wh33slg21yp1bez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ee36tu7ru7wh33slg21yp1bez|03|com"; nocase; ) # 1wotshg1xehef91prvlk71xkp0mg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wotshg1xehef91prvlk71xkp0mg|03|net"; nocase; ) # 19bl1bj12w5pqrijro67fyz83.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19bl1bj12w5pqrijro67fyz83|03|com"; nocase; ) # 18uwr6r6zviw3x1rwe65vn5g7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18uwr6r6zviw3x1rwe65vn5g7|03|biz"; nocase; ) # 1rp21updb9o8s1uee4ce1ivzruf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rp21updb9o8s1uee4ce1ivzruf|03|net"; nocase; ) # 1o7rk2aayp6dh1lzxax9my5idy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o7rk2aayp6dh1lzxax9my5idy|03|net"; nocase; ) # 1nuokuv91ihexd4s59g1urs7gg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nuokuv91ihexd4s59g1urs7gg|03|net"; nocase; ) # 1gggk511wtvo5gegtrpik8c6t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gggk511wtvo5gegtrpik8c6t|03|com"; nocase; ) # l0m6ii1wunc9l1sry9rga6gvq5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0m6ii1wunc9l1sry9rga6gvq5|03|net"; nocase; ) # 19uk40uhx2bh413yuvvs7c6ve3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19uk40uhx2bh413yuvvs7c6ve3|03|net"; nocase; ) # e8kn8b1sbcadw1k48srr6d4kzs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e8kn8b1sbcadw1k48srr6d4kzs|03|org"; nocase; ) # 16zhypq1iiike18unhlksheb28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16zhypq1iiike18unhlksheb28|03|net"; nocase; ) # 1trc6f11wicinv15chvbr13khrh4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1trc6f11wicinv15chvbr13khrh4|03|net"; nocase; ) # 1y6fc9kphzsob1a448i41ylssim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y6fc9kphzsob1a448i41ylssim|03|com"; nocase; ) # xdnpl7w620jk1jeims8ep9e51.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xdnpl7w620jk1jeims8ep9e51|03|biz"; nocase; ) # wzqmu810ez0z11x2sywsxir6bg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wzqmu810ez0z11x2sywsxir6bg|03|org"; nocase; ) # 1hzet4czv633wi3ywc21jsrg6m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hzet4czv633wi3ywc21jsrg6m|03|net"; nocase; ) # jmu22l1hlomrgsc6n6mv72p1q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jmu22l1hlomrgsc6n6mv72p1q|03|biz"; nocase; ) # 11sqmpk12u7chhzvwhez2rb441.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11sqmpk12u7chhzvwhez2rb441|03|org"; nocase; ) # 1h4k7d218b1byqvuhsmhn8ovhp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h4k7d218b1byqvuhsmhn8ovhp|03|org"; nocase; ) # 2fnpohsbnfv6qdz7dz1c70gnu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2fnpohsbnfv6qdz7dz1c70gnu|03|com"; nocase; ) # 98hge21jgieklv5diw15gkrzj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98hge21jgieklv5diw15gkrzj|03|net"; nocase; ) # 1f9dtt2wzd3ok1o9iuas1hfu238.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f9dtt2wzd3ok1o9iuas1hfu238|03|com"; nocase; ) # 1ur1syojl2gxca8zxvht0dxid.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ur1syojl2gxca8zxvht0dxid|03|biz"; nocase; ) # o0yxk31hqde8k1tolhfxmhhh3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o0yxk31hqde8k1tolhfxmhhh3r|03|net"; nocase; ) # nbaei1vcbfza1oh5viw1t785ff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nbaei1vcbfza1oh5viw1t785ff|03|net"; nocase; ) # 1l0tebmvhn0oy11a215z1ev8ftt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l0tebmvhn0oy11a215z1ev8ftt|03|com"; nocase; ) # lrsk86hrxhyg1vfy1i3xm997l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lrsk86hrxhyg1vfy1i3xm997l|03|biz"; nocase; ) # 1cbuykq3x1wfljw74lcptnsua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cbuykq3x1wfljw74lcptnsua|03|org"; nocase; ) # 1c3665m1wyk53jazsv5512umtd5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c3665m1wyk53jazsv5512umtd5|03|com"; nocase; ) # 1h9md1x1v84rrq1l3wija1l1i0rk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1h9md1x1v84rrq1l3wija1l1i0rk|03|com"; nocase; ) # 1awl8qqr7lbpe1l3a9djo18e0f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1awl8qqr7lbpe1l3a9djo18e0f|03|org"; nocase; ) # 16cyj6rt7ivp915xsjm614hznl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16cyj6rt7ivp915xsjm614hznl|03|net"; nocase; ) # 3n6i5cv9qex712r9rs74u7utx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|3n6i5cv9qex712r9rs74u7utx|03|org"; nocase; ) # rezsc81t6md5t5f87zy189jxa7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rezsc81t6md5t5f87zy189jxa7|03|com"; nocase; ) # 1br7up1w05a28ymd6u0eh1s33.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1br7up1w05a28ymd6u0eh1s33|03|biz"; nocase; ) # k72tjgzv0aoq1duuuf11rgj4ry.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k72tjgzv0aoq1duuuf11rgj4ry|03|org"; nocase; ) # l4xn4vhq7sqi1b49kfqvejnhv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l4xn4vhq7sqi1b49kfqvejnhv|03|net"; nocase; ) # az81amvw0x9eofrc7n5gs0r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|az81amvw0x9eofrc7n5gs0r|03|net"; nocase; ) # krsa27gdd6lkm7xnr41cmc0xh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|krsa27gdd6lkm7xnr41cmc0xh|03|net"; nocase; ) # a3g659sqfrbv18dzn08qx59f0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a3g659sqfrbv18dzn08qx59f0|03|net"; nocase; ) # 1x3pxugbafmfb1cmt098nuujn3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x3pxugbafmfb1cmt098nuujn3|03|org"; nocase; ) # gos11rkes8ms14i46ucn0yza2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gos11rkes8ms14i46ucn0yza2|03|net"; nocase; ) # hlg4wu1wbf73z1n4jwrpdm98cg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hlg4wu1wbf73z1n4jwrpdm98cg|03|org"; nocase; ) # 1fregy91oujve417rc8aa6a9pkx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fregy91oujve417rc8aa6a9pkx|03|biz"; nocase; ) # 4meq52135jc6o1dbssgy18rwc4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|4meq52135jc6o1dbssgy18rwc4w|03|net"; nocase; ) # x5c08b1sapxj11niw9sm62r2en.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x5c08b1sapxj11niw9sm62r2en|03|biz"; nocase; ) # wdydf613yxc5in17gth1iqeeiv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wdydf613yxc5in17gth1iqeeiv|03|org"; nocase; ) # 1kt9i8oryb26hrqlncnkz4m60.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kt9i8oryb26hrqlncnkz4m60|03|net"; nocase; ) # 1plgb8p15w0zfj8efi5w13761m7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1plgb8p15w0zfj8efi5w13761m7|03|biz"; nocase; ) # dle5qugj26kslcaxecuxs8o8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dle5qugj26kslcaxecuxs8o8|03|org"; nocase; ) # 1bix2kez4fuon1gmwvrdi3o4wf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bix2kez4fuon1gmwvrdi3o4wf|03|com"; nocase; ) # h0pfdha17ppvrwfusxeaj9nn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h0pfdha17ppvrwfusxeaj9nn|03|com"; nocase; ) # 1ew4wf31setfd08bw48i1jj1um3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ew4wf31setfd08bw48i1jj1um3|03|org"; nocase; ) # 1ohg7ii1nt8wmi15jwvpcp1fr2g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohg7ii1nt8wmi15jwvpcp1fr2g|03|net"; nocase; ) # 156z9ig13sdj7hwv6t5pc1lnmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|156z9ig13sdj7hwv6t5pc1lnmm|03|org"; nocase; ) # ux8bi2wpzk861ici4uzs0wb77.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ux8bi2wpzk861ici4uzs0wb77|03|net"; nocase; ) # 1gfyysp1ur7uppy8lxzljl3fdr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gfyysp1ur7uppy8lxzljl3fdr|03|biz"; nocase; ) # 19g61yi1p7l16hp2d58qh6fhz7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19g61yi1p7l16hp2d58qh6fhz7|03|net"; nocase; ) # 1hkwruoql6rr813r6si61ayg5g0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hkwruoql6rr813r6si61ayg5g0|03|biz"; nocase; ) # 1g0aamd1b5nn6t19itgeq1eil7mk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1g0aamd1b5nn6t19itgeq1eil7mk|03|net"; nocase; ) # 1belufn1uuj0ls1tw6u2el56m5b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1belufn1uuj0ls1tw6u2el56m5b|03|com"; nocase; ) # c9yncy7u8seyz2gkm0xp0myd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c9yncy7u8seyz2gkm0xp0myd|03|net"; nocase; ) # 2ea7yd2px6ymendv7q137c1pl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2ea7yd2px6ymendv7q137c1pl|03|biz"; nocase; ) # 1k8bvre1t6dzhw1o8yw6o1w773i8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k8bvre1t6dzhw1o8yw6o1w773i8|03|net"; nocase; ) # 1ih9bkd14zssi0i83pwe8tm72t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ih9bkd14zssi0i83pwe8tm72t|03|com"; nocase; ) # xkphqsvay131qq4nzbj2t4w4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xkphqsvay131qq4nzbj2t4w4|03|org"; nocase; ) # h7baawzcthh71s75x2eclftv6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h7baawzcthh71s75x2eclftv6|03|com"; nocase; ) # jg818i7f07dkwjgbbejryd5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jg818i7f07dkwjgbbejryd5i|03|net"; nocase; ) # 5oqxxl32h8221yrpdvg1chqmmn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5oqxxl32h8221yrpdvg1chqmmn|03|net"; nocase; ) # 1dlxx22n71x0v40wqjh1p2w4n2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dlxx22n71x0v40wqjh1p2w4n2|03|biz"; nocase; ) # ywfbgtczipks1rbyeww1hixb4y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ywfbgtczipks1rbyeww1hixb4y|03|net"; nocase; ) # 18876xodyyod14pkgpr7rj01m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18876xodyyod14pkgpr7rj01m|03|org"; nocase; ) # 18zp0ng1yd4yzl2runoe8wbkjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18zp0ng1yd4yzl2runoe8wbkjx|03|net"; nocase; ) # f1kxg5rekpfsvtz8l11ryzqts.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f1kxg5rekpfsvtz8l11ryzqts|03|org"; nocase; ) # szcvt5y4sk1k1ayhnkc1tcaczc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|szcvt5y4sk1k1ayhnkc1tcaczc|03|com"; nocase; ) # m93mvj19lx24o2426avgw8nk5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m93mvj19lx24o2426avgw8nk5|03|com"; nocase; ) # 91ylkcghcx651w7eneyj9d47t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|91ylkcghcx651w7eneyj9d47t|03|biz"; nocase; ) # wc2ozb1b4d8l6iltzjpllyotw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wc2ozb1b4d8l6iltzjpllyotw|03|biz"; nocase; ) # 1a6d3ps10jqvh84n7zmd1cghdvd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6d3ps10jqvh84n7zmd1cghdvd|03|net"; nocase; ) # i8veiy1oebj6m1dq1vm9ufoawp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i8veiy1oebj6m1dq1vm9ufoawp|03|net"; nocase; ) # 9setso12s8i5t1cqm6og1ou3vpq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9setso12s8i5t1cqm6og1ou3vpq|03|org"; nocase; ) # lylycs1uajagkb25ab51dgs6k9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lylycs1uajagkb25ab51dgs6k9|03|net"; nocase; ) # 17yebg0sm6bdq1prsx4n15e39st.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17yebg0sm6bdq1prsx4n15e39st|03|biz"; nocase; ) # 1i75hbd17v6eey1kcua6str5obv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i75hbd17v6eey1kcua6str5obv|03|org"; nocase; ) # mjfzir1j1rfr61vomqg71pex4w6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|mjfzir1j1rfr61vomqg71pex4w6|03|org"; nocase; ) # 112dcag18f85uv1b5gbm0dfvc7y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|112dcag18f85uv1b5gbm0dfvc7y|03|net"; nocase; ) # 177ngfu1xcqf9x17lisuiizzqnh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|177ngfu1xcqf9x17lisuiizzqnh|03|org"; nocase; ) # 14ck8ba1rmzspl32cv9914glw5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ck8ba1rmzspl32cv9914glw5g|03|net"; nocase; ) # 1pr4kgk1tehnyrla00bz1gx307t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pr4kgk1tehnyrla00bz1gx307t|03|org"; nocase; ) # wskgsn1ahum7e1x3ktqvkzn58h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wskgsn1ahum7e1x3ktqvkzn58h|03|biz"; nocase; ) # 1crn5x79dkskng3bfhsv7p77w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1crn5x79dkskng3bfhsv7p77w|03|com"; nocase; ) # k2aurt15zurbjbcrspruo5hp2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k2aurt15zurbjbcrspruo5hp2|03|org"; nocase; ) # aq8itoewtem7heziw7ww8hw0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|aq8itoewtem7heziw7ww8hw0|03|com"; nocase; ) # 1r2pnry1i7axs714deipb8lxyys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r2pnry1i7axs714deipb8lxyys|03|com"; nocase; ) # frhdrq1lbtg9jvtapln1xh4xgv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|frhdrq1lbtg9jvtapln1xh4xgv|03|org"; nocase; ) # wxf7ei1650zcj41akpf3kqys.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|wxf7ei1650zcj41akpf3kqys|03|biz"; nocase; ) # 12k2mtipetybaffd8b1q82qo7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12k2mtipetybaffd8b1q82qo7|03|com"; nocase; ) # 1h203jgdg4bncfr5o6cgbov1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h203jgdg4bncfr5o6cgbov1f|03|biz"; nocase; ) # 1tti9u215o047h15xpqwt13icovz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tti9u215o047h15xpqwt13icovz|03|com"; nocase; ) # 1i63s8t1n3jg5ghiah541m3z4ft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i63s8t1n3jg5ghiah541m3z4ft|03|net"; nocase; ) # exxf5a1cchpsorr2du4d7u3da.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|exxf5a1cchpsorr2du4d7u3da|03|org"; nocase; ) # g3kq2ycypatac6xpw3mq7ypu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000045999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|g3kq2ycypatac6xpw3mq7ypu|03|com"; nocase; ) # uw9n0x1nsqae1y8inbl1gpqf2d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uw9n0x1nsqae1y8inbl1gpqf2d|03|net"; nocase; ) # 1tzp80svjdwi1b3ypwq1l0812f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tzp80svjdwi1b3ypwq1l0812f|03|com"; nocase; ) # oxvnpl6tbfwq16aaht6owhdum.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oxvnpl6tbfwq16aaht6owhdum|03|net"; nocase; ) # 1x8ebadps11v6jc81hq1385mc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x8ebadps11v6jc81hq1385mc6|03|org"; nocase; ) # 1exehqsd1mcsd1gebl4kmo6px1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1exehqsd1mcsd1gebl4kmo6px1|03|biz"; nocase; ) # uatgx9nwftep1p8cytc97xkrf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uatgx9nwftep1p8cytc97xkrf|03|org"; nocase; ) # 1y7lno016leland19oyr5qh4pg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y7lno016leland19oyr5qh4pg|03|net"; nocase; ) # 1ftn4f41uowzdppllkrf1c6j482.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ftn4f41uowzdppllkrf1c6j482|03|com"; nocase; ) # n76uq31xajlk4lf33vzk0z6id.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n76uq31xajlk4lf33vzk0z6id|03|net"; nocase; ) # 1pufjlp1le3v611vc8bseyq6djr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pufjlp1le3v611vc8bseyq6djr|03|com"; nocase; ) # 1ylei561n27jcbmzjemjxvnc4x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ylei561n27jcbmzjemjxvnc4x|03|com"; nocase; ) # i6mjjp1txkhmi11iyi2y87hotk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i6mjjp1txkhmi11iyi2y87hotk|03|biz"; nocase; ) # w4yf0chbpi65b669cr1g0tpf0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w4yf0chbpi65b669cr1g0tpf0|03|org"; nocase; ) # 1u3xpzb1axkxs31vsu0kxgjfwho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u3xpzb1axkxs31vsu0kxgjfwho|03|net"; nocase; ) # a56h5a18giifbvkbothq9sxrg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a56h5a18giifbvkbothq9sxrg|03|org"; nocase; ) # b8y954xb9l9c17wf8471mm1rxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b8y954xb9l9c17wf8471mm1rxs|03|net"; nocase; ) # imjeiyi3zk9wb9qdt91hd9x00.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|imjeiyi3zk9wb9qdt91hd9x00|03|com"; nocase; ) # 11v0dgu1wueszbi68c711bxgav0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11v0dgu1wueszbi68c711bxgav0|03|biz"; nocase; ) # 172pxsj1snwqjp1epttv31tv2ybb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|172pxsj1snwqjp1epttv31tv2ybb|03|com"; nocase; ) # x33hr21d85ubjjrz3cj1f5iyun.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x33hr21d85ubjjrz3cj1f5iyun|03|org"; nocase; ) # b470nq1djhy45z16hqmbhov1n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b470nq1djhy45z16hqmbhov1n|03|net"; nocase; ) # 1354hss5x0xm25hidyqg8vsre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1354hss5x0xm25hidyqg8vsre|03|org"; nocase; ) # 1fhlwnk1qre9hf150ls3fmh2aol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fhlwnk1qre9hf150ls3fmh2aol|03|com"; nocase; ) # 10rh823178zhpy10q8gpx16byg67.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10rh823178zhpy10q8gpx16byg67|03|com"; nocase; ) # 1p9cq84106hjjb1yqqjys139snoo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1p9cq84106hjjb1yqqjys139snoo|03|org"; nocase; ) # xddh515zbfrd3xdznj1wxcdez.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xddh515zbfrd3xdznj1wxcdez|03|biz"; nocase; ) # x9ytlu1g6r1araqwdf71nztj3t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x9ytlu1g6r1araqwdf71nztj3t|03|net"; nocase; ) # uqx6lxcayevf1tb3tnylaen69.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|uqx6lxcayevf1tb3tnylaen69|03|net"; nocase; ) # 1fxgccz1hsfy7anrjejkrgrqta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fxgccz1hsfy7anrjejkrgrqta|03|com"; nocase; ) # pn6vk11yvvwilmof7317tabxc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|pn6vk11yvvwilmof7317tabxc|03|net"; nocase; ) # f5q6gw1x5s2821o45n5h15hn7ff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|f5q6gw1x5s2821o45n5h15hn7ff|03|org"; nocase; ) # 1qu86bcfm838m15onhmuyzqv9a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qu86bcfm838m15onhmuyzqv9a|03|org"; nocase; ) # jnr3771im1vvdatt9co1uyoq0q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jnr3771im1vvdatt9co1uyoq0q|03|org"; nocase; ) # n5wjmb1as1yr1gjzdqgndrmoz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n5wjmb1as1yr1gjzdqgndrmoz|03|net"; nocase; ) # 1dvw0a61s96tev1wrr2jxa7otrn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dvw0a61s96tev1wrr2jxa7otrn|03|biz"; nocase; ) # t5gmz1p5bnrv19bgxkckp8xcd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t5gmz1p5bnrv19bgxkckp8xcd|03|com"; nocase; ) # m9yma5157wh9dfyd05815fiy0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m9yma5157wh9dfyd05815fiy0|03|biz"; nocase; ) # 1q6zgvkm1pp3m1maxy2dngrs1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q6zgvkm1pp3m1maxy2dngrs1|03|com"; nocase; ) # 1fqq6v2qtbm33175yqhr196p3ip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fqq6v2qtbm33175yqhr196p3ip|03|org"; nocase; ) # ztz5cq1w2ocr0ywjjgw121wwuy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ztz5cq1w2ocr0ywjjgw121wwuy|03|net"; nocase; ) # pszpda1mzlmsn1a98n8z1101zny.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|pszpda1mzlmsn1a98n8z1101zny|03|net"; nocase; ) # 1r8orxw18f10vh13325zkq14zjg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r8orxw18f10vh13325zkq14zjg|03|net"; nocase; ) # 77dlk31l5fr943db9f51ydik4u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77dlk31l5fr943db9f51ydik4u|03|com"; nocase; ) # 1ujfjwt5746uet4xudf15sev5i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ujfjwt5746uet4xudf15sev5i|03|com"; nocase; ) # 5fs8dg4evcn019l8ky1aso34a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5fs8dg4evcn019l8ky1aso34a|03|org"; nocase; ) # 1wm1m4a1szhhq3gnuojv1kpyey7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wm1m4a1szhhq3gnuojv1kpyey7|03|org"; nocase; ) # dbt4qkf3zc9f1eto4fr11mqnb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dbt4qkf3zc9f1eto4fr11mqnb9|03|net"; nocase; ) # 35zvfa17qt4ilic20vvd9bu3l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|35zvfa17qt4ilic20vvd9bu3l|03|org"; nocase; ) # x7ybtt1g0eiekye68p1ck9z5o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x7ybtt1g0eiekye68p1ck9z5o|03|org"; nocase; ) # 1gvd7ehuyosi51njwm64swkaow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gvd7ehuyosi51njwm64swkaow|03|net"; nocase; ) # 11yiyuk7a3fqk1k1jar81n2bbpk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11yiyuk7a3fqk1k1jar81n2bbpk|03|net"; nocase; ) # ebif07ypcrye1awn6hk17sdrfn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ebif07ypcrye1awn6hk17sdrfn|03|net"; nocase; ) # cz9or6u04nxif1s78azclk2p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|cz9or6u04nxif1s78azclk2p|03|biz"; nocase; ) # 8eo26s1ruudkx4jp9go21qc7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8eo26s1ruudkx4jp9go21qc7|03|org"; nocase; ) # 1mrlpze1szoes6gnoar4vf8xxt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mrlpze1szoes6gnoar4vf8xxt|03|com"; nocase; ) # 1hss1pe1hyoy3q1yxgzs8t3tq26.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hss1pe1hyoy3q1yxgzs8t3tq26|03|com"; nocase; ) # px0bk3touwl4116jajlxl569c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|px0bk3touwl4116jajlxl569c|03|net"; nocase; ) # heg9l11imfkk1y0vdp5durv3e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|heg9l11imfkk1y0vdp5durv3e|03|net"; nocase; ) # r6b0uu2r81awoxnipi1q2mi5a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6b0uu2r81awoxnipi1q2mi5a|03|biz"; nocase; ) # tr8n3d1mced2e17vp6mh1rbdv6i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tr8n3d1mced2e17vp6mh1rbdv6i|03|org"; nocase; ) # 1brnqki1usu1f348ulkm5vmlep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1brnqki1usu1f348ulkm5vmlep|03|com"; nocase; ) # cgfxec1j1bjjx16tgrsa25d4gb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cgfxec1j1bjjx16tgrsa25d4gb|03|net"; nocase; ) # xh6g8k1j4xhrr2fezkh2s46no.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xh6g8k1j4xhrr2fezkh2s46no|03|org"; nocase; ) # 18ynbf4unqzbr14hyxtdi0y7a9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ynbf4unqzbr14hyxtdi0y7a9|03|com"; nocase; ) # ws6oglyhituqxl34nxn2jsfm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ws6oglyhituqxl34nxn2jsfm|03|net"; nocase; ) # qwaqcmjdkvtg1dxtijy1wq2avh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|qwaqcmjdkvtg1dxtijy1wq2avh|03|org"; nocase; ) # 1q19och1nbqzwlkrqaa31xiqpnm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1q19och1nbqzwlkrqaa31xiqpnm|03|net"; nocase; ) # 1kitxwx191cirn10ojd6tf8uioc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kitxwx191cirn10ojd6tf8uioc|03|biz"; nocase; ) # ico7iyvm23o3nkvq6e119jv4h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ico7iyvm23o3nkvq6e119jv4h|03|net"; nocase; ) # dmmb57ioc7d2153sz501nydfhc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dmmb57ioc7d2153sz501nydfhc|03|org"; nocase; ) # i1qqo1azhaxgth8kmy1jkm5ae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i1qqo1azhaxgth8kmy1jkm5ae|03|com"; nocase; ) # l5wsvgykb9m61cq1t0x4sx9mt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l5wsvgykb9m61cq1t0x4sx9mt|03|biz"; nocase; ) # 19tqdie1vtc0npz79qj8r5wn1x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19tqdie1vtc0npz79qj8r5wn1x|03|com"; nocase; ) # 18qz93ifm86qaup4tik16r4c0n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18qz93ifm86qaup4tik16r4c0n|03|com"; nocase; ) # vy2bq8magemvpp02971iauc0w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vy2bq8magemvpp02971iauc0w|03|com"; nocase; ) # 1w12ntu164a0nvcexqstkkwzln.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w12ntu164a0nvcexqstkkwzln|03|org"; nocase; ) # rhj8b1j9km6e1vo33ux1t1v2o0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rhj8b1j9km6e1vo33ux1t1v2o0|03|org"; nocase; ) # 1owmtgi1kod8qio68ycf1j70xp8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1owmtgi1kod8qio68ycf1j70xp8|03|biz"; nocase; ) # xs8gtkysua65u60d5s4wadb6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xs8gtkysua65u60d5s4wadb6|03|com"; nocase; ) # 1x43wu9m85j201plu60ktjx24g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x43wu9m85j201plu60ktjx24g|03|biz"; nocase; ) # nxnnog5vwn138nwzj11nd4tev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nxnnog5vwn138nwzj11nd4tev|03|com"; nocase; ) # g0er5x1wag2pj1fpxn4nwmy5n3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g0er5x1wag2pj1fpxn4nwmy5n3|03|net"; nocase; ) # dktgmb1dh4w5m1isoe021xsq0bb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dktgmb1dh4w5m1isoe021xsq0bb|03|net"; nocase; ) # hfnhuaau6oymsd2zm41aj9dg7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hfnhuaau6oymsd2zm41aj9dg7|03|org"; nocase; ) # 1agtf3r2qtg99ukquu9kumqph.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1agtf3r2qtg99ukquu9kumqph|03|org"; nocase; ) # l2tldufejpmfqhe6nd1oqrr73.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l2tldufejpmfqhe6nd1oqrr73|03|org"; nocase; ) # 1v4xagy1og5ebx3hv06q1arkabl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v4xagy1og5ebx3hv06q1arkabl|03|net"; nocase; ) # 6yzc8obaaldf6o9m9zp6h8pe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6yzc8obaaldf6o9m9zp6h8pe|03|org"; nocase; ) # 10w7shveig14k141ywow1vr0rqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10w7shveig14k141ywow1vr0rqx|03|com"; nocase; ) # 1f5woul15zld16l17cm31yfx3ga.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f5woul15zld16l17cm31yfx3ga|03|net"; nocase; ) # ff1zz91rau1y81ee2fse1kjokza.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ff1zz91rau1y81ee2fse1kjokza|03|biz"; nocase; ) # y8gb5qraczqn11eba9011wqddy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y8gb5qraczqn11eba9011wqddy|03|net"; nocase; ) # 1ko1ubr1gdzp3vua058wgbuauw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ko1ubr1gdzp3vua058wgbuauw|03|biz"; nocase; ) # 1e55ge7js9w89jjlghl18cze9k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e55ge7js9w89jjlghl18cze9k|03|org"; nocase; ) # 1b79nnk630ou1gpzjmm2hcf5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b79nnk630ou1gpzjmm2hcf5n|03|net"; nocase; ) # 1vd95vcaq65co1soo8ezle19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1vd95vcaq65co1soo8ezle19|03|net"; nocase; ) # 1rrud5l1a8csb31qos59124aknk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rrud5l1a8csb31qos59124aknk|03|org"; nocase; ) # 12fv1zi1kg3oegtmn2uxpv37xc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12fv1zi1kg3oegtmn2uxpv37xc|03|net"; nocase; ) # i7g9ou10ekw6pctim6811c4ozu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i7g9ou10ekw6pctim6811c4ozu|03|net"; nocase; ) # evwhhs1scs9uz1jgusnokq2nhs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|evwhhs1scs9uz1jgusnokq2nhs|03|org"; nocase; ) # 1nbmjkp186ts3w1he3mc9widhas.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nbmjkp186ts3w1he3mc9widhas|03|biz"; nocase; ) # 8blgzvbz92t1fxpri85uk4ti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8blgzvbz92t1fxpri85uk4ti|03|org"; nocase; ) # 1u4o2a7qfam9u1qk3d3moug9f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u4o2a7qfam9u1qk3d3moug9f|03|com"; nocase; ) # 13cl7ob1y1o1aibvzhorq0ksh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13cl7ob1y1o1aibvzhorq0ksh|03|biz"; nocase; ) # 1r16zdg16fa3b3i21wd71n1l1xl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r16zdg16fa3b3i21wd71n1l1xl|03|biz"; nocase; ) # 1ikmnw1x9v46691mtgj1sgrgu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ikmnw1x9v46691mtgj1sgrgu2|03|net"; nocase; ) # 1ie03k2do2ls71ypue9l18vtffp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ie03k2do2ls71ypue9l18vtffp|03|org"; nocase; ) # 1ciefs46ukbrv1engvh7511ucm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ciefs46ukbrv1engvh7511ucm|03|org"; nocase; ) # 1k13dqq19iu2nx1bn7cju1mu9zi8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1k13dqq19iu2nx1bn7cju1mu9zi8|03|net"; nocase; ) # 1asomsifw91rejify71m5qivn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1asomsifw91rejify71m5qivn|03|net"; nocase; ) # jbq8x5jkmr69an2flunmtdd6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jbq8x5jkmr69an2flunmtdd6|03|org"; nocase; ) # q1qmylrroriteli4l48ey51l.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q1qmylrroriteli4l48ey51l|03|net"; nocase; ) # 1lpkqjlsazkow1tef4tawa1bor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lpkqjlsazkow1tef4tawa1bor|03|net"; nocase; ) # 1t1ptgw104q6f7j3oqqljsznjt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t1ptgw104q6f7j3oqqljsznjt|03|com"; nocase; ) # 1oymxo817uh44q1jmaydf916hq0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oymxo817uh44q1jmaydf916hq0|03|biz"; nocase; ) # udynju13kn5zp1ddx09u1qjqvi6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|udynju13kn5zp1ddx09u1qjqvi6|03|biz"; nocase; ) # oa8ozq1vpy6tl11kn4wh1qemxrp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oa8ozq1vpy6tl11kn4wh1qemxrp|03|net"; nocase; ) # oivr871ixtdmzd31xxp12q7rvf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oivr871ixtdmzd31xxp12q7rvf|03|com"; nocase; ) # 5esyzx1bfd2tpr4eqcs5hd2ni.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5esyzx1bfd2tpr4eqcs5hd2ni|03|net"; nocase; ) # r7pnwq1t4tq98fr7vw1yhib1y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r7pnwq1t4tq98fr7vw1yhib1y|03|biz"; nocase; ) # 1jd1ztp12vauv1dh3mix1adqo42.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jd1ztp12vauv1dh3mix1adqo42|03|com"; nocase; ) # 14bammt1sdbany1mimytj1n0a328.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14bammt1sdbany1mimytj1n0a328|03|com"; nocase; ) # 1q7xeuxmqmtjt66cfhowwgskt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q7xeuxmqmtjt66cfhowwgskt|03|com"; nocase; ) # jewij89bwa5nxobi0biyypd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|jewij89bwa5nxobi0biyypd|03|biz"; nocase; ) # u76q1sue8hiigygx7b1a3czap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u76q1sue8hiigygx7b1a3czap|03|org"; nocase; ) # 15ktnml1jt7eqq11d9fa6b3bqm6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15ktnml1jt7eqq11d9fa6b3bqm6|03|com"; nocase; ) # 2184sbwqanxv3l36a01q0wlxk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2184sbwqanxv3l36a01q0wlxk|03|com"; nocase; ) # dvnp52qyoyzb1phdph912wguvq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dvnp52qyoyzb1phdph912wguvq|03|net"; nocase; ) # 1wfkbxc1rfg0zeae6vewjrjrv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wfkbxc1rfg0zeae6vewjrjrv|03|net"; nocase; ) # oum12c1gk1fljbq6rsy10yq6uq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oum12c1gk1fljbq6rsy10yq6uq|03|org"; nocase; ) # 9k7vazp242sw2ljc1z1h33xe9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9k7vazp242sw2ljc1z1h33xe9|03|biz"; nocase; ) # 1tuko9j33j4fu1wit22gaw5y2b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tuko9j33j4fu1wit22gaw5y2b|03|net"; nocase; ) # kiyasski0vbx1enkyog1lccayu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kiyasski0vbx1enkyog1lccayu|03|biz"; nocase; ) # 1jrpih7cbbfszeuvxcfz5ufl4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jrpih7cbbfszeuvxcfz5ufl4|03|org"; nocase; ) # 10xccz1gwupykwdc8b81qdiv1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10xccz1gwupykwdc8b81qdiv1d|03|net"; nocase; ) # qxfinscbcmr5husb3hwoafr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|qxfinscbcmr5husb3hwoafr|03|com"; nocase; ) # 15y2f14ss6h7x2ty3vx10vqman.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15y2f14ss6h7x2ty3vx10vqman|03|net"; nocase; ) # 1bqubaa11viwvz8h1vkxopme2j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bqubaa11viwvz8h1vkxopme2j|03|org"; nocase; ) # 1gev2d71nnne9f1hzgtu19u7s5p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gev2d71nnne9f1hzgtu19u7s5p|03|net"; nocase; ) # 1cfqzdn1k53x6efx7pj2guablq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cfqzdn1k53x6efx7pj2guablq|03|org"; nocase; ) # 1qplnfd18p0lzlxvzpfc2es6m4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qplnfd18p0lzlxvzpfc2es6m4|03|net"; nocase; ) # 1i2xgh4mf11sv1sum8iqw0mib6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i2xgh4mf11sv1sum8iqw0mib6|03|org"; nocase; ) # taj6p11814jwh8rk5821kzoxjc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|taj6p11814jwh8rk5821kzoxjc|03|com"; nocase; ) # hur36zh70phpen6sb612y95hq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hur36zh70phpen6sb612y95hq|03|org"; nocase; ) # njrgcp11ckj4jezb6mw1iel64m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|njrgcp11ckj4jezb6mw1iel64m|03|net"; nocase; ) # pg0r121464lst5z22h517gvu0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pg0r121464lst5z22h517gvu0k|03|org"; nocase; ) # 1swaic91ntxhq71myizyv1162oya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1swaic91ntxhq71myizyv1162oya|03|net"; nocase; ) # 422gkmadehfo1m7z22xrfqbe1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|422gkmadehfo1m7z22xrfqbe1|03|org"; nocase; ) # g4zdko10j1c7513o4t0533d6wh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4zdko10j1c7513o4t0533d6wh|03|com"; nocase; ) # 19x2v85ydey5so9l17n1tqdayg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19x2v85ydey5so9l17n1tqdayg|03|biz"; nocase; ) # lalsky6c1twrf3bphw104sch0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lalsky6c1twrf3bphw104sch0|03|org"; nocase; ) # 3nfm9k2suvo81asdb621ttjuu1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3nfm9k2suvo81asdb621ttjuu1|03|com"; nocase; ) # 6tunxkns1o5i21hx8w1bl7i53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6tunxkns1o5i21hx8w1bl7i53|03|net"; nocase; ) # 1e9po136g95mj1grwf3j1ye016n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e9po136g95mj1grwf3j1ye016n|03|net"; nocase; ) # qocndke7shs814pj47kryfjqa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qocndke7shs814pj47kryfjqa|03|org"; nocase; ) # 1m9qltrl2sdww1hchrmytnp3hk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m9qltrl2sdww1hchrmytnp3hk|03|biz"; nocase; ) # 1il7g04utqt4p17cww94kpz6e8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1il7g04utqt4p17cww94kpz6e8|03|net"; nocase; ) # 1p1mibhxr9mfa1vahtlm1aeicir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p1mibhxr9mfa1vahtlm1aeicir|03|com"; nocase; ) # 101tp0f1qmcak31btv2o6i9oxz8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|101tp0f1qmcak31btv2o6i9oxz8|03|net"; nocase; ) # inrnmkpidruh1qjx2ro4cngxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|inrnmkpidruh1qjx2ro4cngxe|03|com"; nocase; ) # 16rb1j32czrvwmfi66d17dj1hh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16rb1j32czrvwmfi66d17dj1hh|03|net"; nocase; ) # h1xeo2cjvecik47ngb1rly9u3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h1xeo2cjvecik47ngb1rly9u3|03|net"; nocase; ) # wciy8t10wayntsbv9ph1475if5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wciy8t10wayntsbv9ph1475if5|03|org"; nocase; ) # lknmmu1dgb0gq1go8w94w9ihsb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lknmmu1dgb0gq1go8w94w9ihsb|03|com"; nocase; ) # 1j8yui0k40q5ky1vr6p15zwty.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j8yui0k40q5ky1vr6p15zwty|03|org"; nocase; ) # 1b41h3f1kxgg4c1a84vgs1b5z6u3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b41h3f1kxgg4c1a84vgs1b5z6u3|03|biz"; nocase; ) # 1sx5k29sznca41ggaxr27rl85b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sx5k29sznca41ggaxr27rl85b|03|com"; nocase; ) # y3weno16mntnjdlzhkl295yk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|y3weno16mntnjdlzhkl295yk4|03|org"; nocase; ) # g1o63u1cajyw6deq0dm3xnf8q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g1o63u1cajyw6deq0dm3xnf8q|03|org"; nocase; ) # x1tfxrqvecgl1d1yp3oplgyew.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1tfxrqvecgl1d1yp3oplgyew|03|com"; nocase; ) # fn39hn1n5gyi52c0o7l1fo9mc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fn39hn1n5gyi52c0o7l1fo9mc6|03|com"; nocase; ) # 1qn1oqtw836lsg0dv5911yalsj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qn1oqtw836lsg0dv5911yalsj|03|net"; nocase; ) # 1317q4amnnyoq1ya3utb1i3jes3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1317q4amnnyoq1ya3utb1i3jes3|03|biz"; nocase; ) # 10s4j4h1uaxswg1wawp0g1ee4ysc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10s4j4h1uaxswg1wawp0g1ee4ysc|03|net"; nocase; ) # h9z4931hl355o145fzwf1ykud2r.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h9z4931hl355o145fzwf1ykud2r|03|org"; nocase; ) # j0cdiz1ndc018jx6elwg7jlo5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j0cdiz1ndc018jx6elwg7jlo5|03|net"; nocase; ) # 1hu693e130d90d1pxklv81o90js6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hu693e130d90d1pxklv81o90js6|03|com"; nocase; ) # 1n5qoo81qgn8weq4k5nn1usmh2o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n5qoo81qgn8weq4k5nn1usmh2o|03|net"; nocase; ) # 172d5iz1wwex551fw02p01nf7uov.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|172d5iz1wwex551fw02p01nf7uov|03|net"; nocase; ) # 1fvjvqddua1tm1561dav1ujbdq0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fvjvqddua1tm1561dav1ujbdq0|03|org"; nocase; ) # 1oq3cwa1va2fwv8gej531h2u5xy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oq3cwa1va2fwv8gej531h2u5xy|03|net"; nocase; ) # 1n1pwzzf1bkcvpp28qm13yp8fd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n1pwzzf1bkcvpp28qm13yp8fd|03|biz"; nocase; ) # ymto1e14l21alrt0p0l1blewqm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ymto1e14l21alrt0p0l1blewqm|03|org"; nocase; ) # 14ur7yulk04adi24z3a177eapt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14ur7yulk04adi24z3a177eapt|03|net"; nocase; ) # lhpktttpinke1xs3p621j6pkko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lhpktttpinke1xs3p621j6pkko|03|com"; nocase; ) # 14y03uf1gcvv2710sn27h1bhvnd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14y03uf1gcvv2710sn27h1bhvnd|03|net"; nocase; ) # m18loimmlshz1tfw7eg13s900f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m18loimmlshz1tfw7eg13s900f|03|com"; nocase; ) # 1y2h18u25pkjzum4l6k1m77td0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y2h18u25pkjzum4l6k1m77td0|03|org"; nocase; ) # 2676kf19u6el5a1l54bwmtcb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2676kf19u6el5a1l54bwmtcb|03|net"; nocase; ) # 187e1h91379fes5b62tb1mdejwq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|187e1h91379fes5b62tb1mdejwq|03|net"; nocase; ) # 10ueahspxp6851owdbspbjmzz0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ueahspxp6851owdbspbjmzz0|03|com"; nocase; ) # yi4i4q1xl4jznqpein3h8w2hd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yi4i4q1xl4jznqpein3h8w2hd|03|net"; nocase; ) # ml9qosjqj5auiy1vnphjwp6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ml9qosjqj5auiy1vnphjwp6|03|net"; nocase; ) # 1mzdaz6c7xkccpk8j6u1wqo607.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mzdaz6c7xkccpk8j6u1wqo607|03|net"; nocase; ) # 1gtwbs5132prsh172cb9s1fd1cyz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gtwbs5132prsh172cb9s1fd1cyz|03|net"; nocase; ) # 1jka06y17wivrg1bolwpj4jykdw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jka06y17wivrg1bolwpj4jykdw|03|org"; nocase; ) # nt1oqwbpo80s9vab3718bi7qa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nt1oqwbpo80s9vab3718bi7qa|03|net"; nocase; ) # 16sb1i4162h31d1wv1s281589p6b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16sb1i4162h31d1wv1s281589p6b|03|org"; nocase; ) # fcah035wuf5bf6dljl1r0sthz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fcah035wuf5bf6dljl1r0sthz|03|biz"; nocase; ) # 1c6f0t71xxrrgvnkd4y13n3jk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1c6f0t71xxrrgvnkd4y13n3jk6|03|net"; nocase; ) # 1fmrpmaz3z98l35s9lh1nse1mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fmrpmaz3z98l35s9lh1nse1mt|03|com"; nocase; ) # 18ftlpcjxoxmxep5ze1gzr172.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18ftlpcjxoxmxep5ze1gzr172|03|org"; nocase; ) # 1ly9mzm1xa5mw31acchor1cf5c6l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ly9mzm1xa5mw31acchor1cf5c6l|03|org"; nocase; ) # ajy7hp1ceqszs1keo7hb151x10a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ajy7hp1ceqszs1keo7hb151x10a|03|net"; nocase; ) # 176d3e11ly610a18386ubiw6kuz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|176d3e11ly610a18386ubiw6kuz|03|biz"; nocase; ) # 15ia970qh385x1e4iz53wekyvv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15ia970qh385x1e4iz53wekyvv|03|net"; nocase; ) # 1dct5pv5fcrf91cq01zj492j5d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dct5pv5fcrf91cq01zj492j5d|03|net"; nocase; ) # 1stigago7v4wm473wse3t0efp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1stigago7v4wm473wse3t0efp|03|biz"; nocase; ) # ffddhh1izsa7u1g5huu718hfrdm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ffddhh1izsa7u1g5huu718hfrdm|03|com"; nocase; ) # 1v9mp9eq6gw4c14xocv510kya3x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v9mp9eq6gw4c14xocv510kya3x|03|net"; nocase; ) # 1c0kpdj11csyw71o939rm1hzpehz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1c0kpdj11csyw71o939rm1hzpehz|03|biz"; nocase; ) # 1qyrbd91okxz9p1wzblcq8v22qw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qyrbd91okxz9p1wzblcq8v22qw|03|org"; nocase; ) # p172ralcdjqr2313w13x2b5b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p172ralcdjqr2313w13x2b5b|03|biz"; nocase; ) # 1ivq87buhb6wp39pd91lhf30v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ivq87buhb6wp39pd91lhf30v|03|net"; nocase; ) # un6vj81487km31nm5y0bcgexui.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|un6vj81487km31nm5y0bcgexui|03|com"; nocase; ) # k6ksg81ottaoi8yrtq01sjysdy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|k6ksg81ottaoi8yrtq01sjysdy|03|biz"; nocase; ) # 1xncvzckpb0sp1ybs2z7zgulgd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xncvzckpb0sp1ybs2z7zgulgd|03|org"; nocase; ) # 9wicr5u109q519nfz2m1podq0y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9wicr5u109q519nfz2m1podq0y|03|biz"; nocase; ) # 1jrax40jzkpiuari6au1tc6qtz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jrax40jzkpiuari6au1tc6qtz|03|org"; nocase; ) # 18crcz21b3q8ufqyaasu13fqr26.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18crcz21b3q8ufqyaasu13fqr26|03|com"; nocase; ) # b3xj311jayzpvru12cs25rorw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3xj311jayzpvru12cs25rorw|03|net"; nocase; ) # imtin71fg5s91fkv9ov1433m3k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|imtin71fg5s91fkv9ov1433m3k|03|biz"; nocase; ) # 1rh6xgi108lwly1e82nky63z21v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rh6xgi108lwly1e82nky63z21v|03|net"; nocase; ) # zv670b1pvp29x1aebr9d1os93ga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|zv670b1pvp29x1aebr9d1os93ga|03|com"; nocase; ) # oggigrdtfgfsgql75y3qmrh4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oggigrdtfgfsgql75y3qmrh4|03|org"; nocase; ) # tfla8a2pm17jmzgxuh1ip3cql.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tfla8a2pm17jmzgxuh1ip3cql|03|org"; nocase; ) # fqeutx1oe43h7c5460p1bl62bl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fqeutx1oe43h7c5460p1bl62bl|03|org"; nocase; ) # vu153d1yjgsvixxlk2z1lxue6o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vu153d1yjgsvixxlk2z1lxue6o|03|net"; nocase; ) # 37rue71fjsjg41nc106v1svjq3p.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|37rue71fjsjg41nc106v1svjq3p|03|com"; nocase; ) # t560xhovraiabg0dog2tkwih.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|t560xhovraiabg0dog2tkwih|03|net"; nocase; ) # 6xnjxf1yiohiml257nm1pnj5bu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6xnjxf1yiohiml257nm1pnj5bu|03|org"; nocase; ) # 1avz0nc7ci6qs1ro04ys1cu1pa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1avz0nc7ci6qs1ro04ys1cu1pa|03|net"; nocase; ) # 13hjh3s3cgpi5dj33594c6rf1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13hjh3s3cgpi5dj33594c6rf1|03|org"; nocase; ) # 145pdsy1cwirwm1vbi2dgdelcui.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|145pdsy1cwirwm1vbi2dgdelcui|03|org"; nocase; ) # 1kec7bi17k5sge1cwpqko6qhlg2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kec7bi17k5sge1cwpqko6qhlg2|03|org"; nocase; ) # h5ppa711gs86n13v18rp1ir1fd6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|h5ppa711gs86n13v18rp1ir1fd6|03|net"; nocase; ) # 1nl9fhqysjt3s17cjkse28ooth.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046236; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nl9fhqysjt3s17cjkse28ooth|03|com"; nocase; ) # 1j92j2u1v3wnqh6mkiyeqhoog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046237; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1j92j2u1v3wnqh6mkiyeqhoog|03|org"; nocase; ) # 166jz7y19ula6iz56y6jndgau4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046238; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|166jz7y19ula6iz56y6jndgau4|03|com"; nocase; ) # l4iox51q2u78a17r97kw15peuoi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046239; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l4iox51q2u78a17r97kw15peuoi|03|net"; nocase; ) # ch3ex8p7p99x1nwyt49dkqklu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046240; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ch3ex8p7p99x1nwyt49dkqklu|03|net"; nocase; ) # gzqqz5s1k0ec12qisem1eg8eqc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046241; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gzqqz5s1k0ec12qisem1eg8eqc|03|org"; nocase; ) # 1te9k03wkc0g61ihxqrvfdj3vv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046242; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1te9k03wkc0g61ihxqrvfdj3vv|03|net"; nocase; ) # 1j7oesm6zhysuvmwmti1xz1y03.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046243; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j7oesm6zhysuvmwmti1xz1y03|03|com"; nocase; ) # 2zxggq12qc2i71jz6t6x1nukhk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046244; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|2zxggq12qc2i71jz6t6x1nukhk9|03|org"; nocase; ) # ytvpykt2rdd1vw5zel1t1hgkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046245; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ytvpykt2rdd1vw5zel1t1hgkr|03|com"; nocase; ) # gq0fyj644d1o1clbcvy1a25tow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046246; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gq0fyj644d1o1clbcvy1a25tow|03|net"; nocase; ) # 4bevnjqwf0gi1iu8tydwvzw7v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046247; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4bevnjqwf0gi1iu8tydwvzw7v|03|com"; nocase; ) # 41jy72aqv6a816c47qn1xb9zrd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046248; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|41jy72aqv6a816c47qn1xb9zrd|03|org"; nocase; ) # jcwuea1a8wan13u0efi15xk3k6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046249; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jcwuea1a8wan13u0efi15xk3k6|03|biz"; nocase; ) # 1uypho16tat54i6iznev5ctok.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046250; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uypho16tat54i6iznev5ctok|03|org"; nocase; ) # 9vzljx1lhus0s4zval9576mse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046251; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9vzljx1lhus0s4zval9576mse|03|com"; nocase; ) # 9bdzng15xukng2z28dwewii32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046252; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bdzng15xukng2z28dwewii32|03|org"; nocase; ) # hm8jtiv3l74b16re4v410ceu06.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046253; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hm8jtiv3l74b16re4v410ceu06|03|biz"; nocase; ) # 15q0pv01bb0v17101sj0x1gc6mu6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046254; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15q0pv01bb0v17101sj0x1gc6mu6|03|net"; nocase; ) # uip26s4uemck18wcdd513hmu8s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046255; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uip26s4uemck18wcdd513hmu8s|03|org"; nocase; ) # p96jrq1pyahm81totye51l8zs7c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046256; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p96jrq1pyahm81totye51l8zs7c|03|com"; nocase; ) # 13o46jv1wx0gm0ux7wqq1z0ri2f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046257; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13o46jv1wx0gm0ux7wqq1z0ri2f|03|net"; nocase; ) # 1rnh93kxa3epkk8mrco1m8dhym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046258; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rnh93kxa3epkk8mrco1m8dhym|03|org"; nocase; ) # ikconk7amjco11bwivt1i2i1oy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046259; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ikconk7amjco11bwivt1i2i1oy|03|biz"; nocase; ) # f5b9w5nc41v1esk1op9lte2j.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046260; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|f5b9w5nc41v1esk1op9lte2j|03|biz"; nocase; ) # 1xl71ea18iyxel1lxf0nnmtxdix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046261; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xl71ea18iyxel1lxf0nnmtxdix|03|net"; nocase; ) # 1gn0gsjlyae7drlp2341fahr9w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046262; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gn0gsjlyae7drlp2341fahr9w|03|com"; nocase; ) # wj86948fd4ni8v42qj1jji0o4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046263; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wj86948fd4ni8v42qj1jji0o4|03|net"; nocase; ) # 1pa79wi5ssp22yxk0nwxqwwmf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046264; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1pa79wi5ssp22yxk0nwxqwwmf|03|biz"; nocase; ) # 18ugxvbnd0f21i0lh5w12bavuo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046265; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18ugxvbnd0f21i0lh5w12bavuo|03|org"; nocase; ) # vsv98z5h0t0o1gbohll10r4u2h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046266; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vsv98z5h0t0o1gbohll10r4u2h|03|net"; nocase; ) # 1wto0phpu8zoh5ez1621c7qvt9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046267; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wto0phpu8zoh5ez1621c7qvt9|03|org"; nocase; ) # 3ihzsj13813f1miklgl1d078b3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046268; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3ihzsj13813f1miklgl1d078b3|03|org"; nocase; ) # dgwwvn1pj3dp11c5tokf162bxv4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046269; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|dgwwvn1pj3dp11c5tokf162bxv4|03|net"; nocase; ) # tespnf1okhvbyqns1s8gm9l28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046270; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tespnf1okhvbyqns1s8gm9l28|03|com"; nocase; ) # 18rrp3y1p973aye1gk7xgizfgu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046271; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18rrp3y1p973aye1gk7xgizfgu|03|biz"; nocase; ) # 19h7kazx9b3gsjuy9kt1x97pbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046272; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19h7kazx9b3gsjuy9kt1x97pbr|03|com"; nocase; ) # 1st4ise11bb9pbovcb9y3g5y2w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046273; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1st4ise11bb9pbovcb9y3g5y2w|03|org"; nocase; ) # 1yhx9nawai9v61fd3eaz1mj8ym7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046274; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yhx9nawai9v61fd3eaz1mj8ym7|03|net"; nocase; ) # edo8hs1jbpxgf14ft45abozvi6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046275; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|edo8hs1jbpxgf14ft45abozvi6|03|com"; nocase; ) # o8plub152r0s61ewjqnwj24qjh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046276; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o8plub152r0s61ewjqnwj24qjh|03|net"; nocase; ) # 15yie3uezv8epiz2xxl137c78o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046277; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15yie3uezv8epiz2xxl137c78o|03|org"; nocase; ) # 158edqq7cp5m51emdwkw1ppefkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046278; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|158edqq7cp5m51emdwkw1ppefkl|03|net"; nocase; ) # nl27hu99syrzoxlpvul4odt0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046279; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|nl27hu99syrzoxlpvul4odt0|03|net"; nocase; ) # 12logmd1cyxt711gc1kco1trc2o5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046280; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12logmd1cyxt711gc1kco1trc2o5|03|org"; nocase; ) # ie2xzuj3k79t1u5dc1e1pj7a6k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046281; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ie2xzuj3k79t1u5dc1e1pj7a6k|03|org"; nocase; ) # 1lf896j13x3nkyqmejgeeeaib7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046282; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lf896j13x3nkyqmejgeeeaib7|03|net"; nocase; ) # 1nilyzu5w4wyv1fye8tk83yl05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046283; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nilyzu5w4wyv1fye8tk83yl05|03|org"; nocase; ) # ktnjwy1vmgnb610fr2lp1mubiuv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046284; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ktnjwy1vmgnb610fr2lp1mubiuv|03|net"; nocase; ) # 1irmwy9wcy8x411453caejicdk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046285; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1irmwy9wcy8x411453caejicdk|03|org"; nocase; ) # 1pbxxe9u7oomx13c3901233888.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046286; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbxxe9u7oomx13c3901233888|03|com"; nocase; ) # 5y9ulm47j3l81kxt5qr119l92z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046287; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5y9ulm47j3l81kxt5qr119l92z|03|net"; nocase; ) # 1vvm5it103n9rcdk5dg61cz70hp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046288; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vvm5it103n9rcdk5dg61cz70hp|03|org"; nocase; ) # jln5j81s4r23i170bnyf1vp0lan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046289; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jln5j81s4r23i170bnyf1vp0lan|03|com"; nocase; ) # fuxpkeyqn07vmxcjakfez60y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046290; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fuxpkeyqn07vmxcjakfez60y|03|net"; nocase; ) # 12gztym1jw8myk3fefyr1llsplg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046291; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12gztym1jw8myk3fefyr1llsplg|03|org"; nocase; ) # z9udnb70l7601r300bxyt381h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046292; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z9udnb70l7601r300bxyt381h|03|net"; nocase; ) # dhwoxvomaoaydyfps3wcuzp1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046293; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dhwoxvomaoaydyfps3wcuzp1|03|com"; nocase; ) # g4zz37zla5m11aagwom1qpnvhn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046294; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4zz37zla5m11aagwom1qpnvhn|03|com"; nocase; ) # n7u3g016800rd9mwvluwgjefj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046295; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n7u3g016800rd9mwvluwgjefj|03|net"; nocase; ) # 1rsbzsk13j3iy9bsw7ru1vgzngw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046296; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rsbzsk13j3iy9bsw7ru1vgzngw|03|net"; nocase; ) # wqtjowy7xy4jh2vb5qwmflc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046297; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|wqtjowy7xy4jh2vb5qwmflc|03|com"; nocase; ) # ul6shge65oea1a1joiq1iym6pf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046298; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ul6shge65oea1a1joiq1iym6pf|03|biz"; nocase; ) # 1ij2n6e1c5q78k1o9c1bq4v9u4c.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046299; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ij2n6e1c5q78k1o9c1bq4v9u4c|03|org"; nocase; ) # 1cqy3ak4lwwax1nqn0hkokzfyk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046300; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cqy3ak4lwwax1nqn0hkokzfyk|03|com"; nocase; ) # z6akhh1dy7rns1f2i9f6rkngfp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046301; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z6akhh1dy7rns1f2i9f6rkngfp|03|com"; nocase; ) # 144j0to1inhbsajshqu1jciqff.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144j0to1inhbsajshqu1jciqff|03|org"; nocase; ) # 11s03fyar0agvov2byit10ylx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11s03fyar0agvov2byit10ylx|03|com"; nocase; ) # 89ococ1uqstgr125kl519dsrsw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|89ococ1uqstgr125kl519dsrsw|03|org"; nocase; ) # 11fgnhp1w1fl8sisc1ccra2k0h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11fgnhp1w1fl8sisc1ccra2k0h|03|org"; nocase; ) # 186a0e71qlejyc13djiqe859st9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|186a0e71qlejyc13djiqe859st9|03|com"; nocase; ) # 1dcb60f1221co4987syg1vo3myr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dcb60f1221co4987syg1vo3myr|03|net"; nocase; ) # 1phbl3xio7u6cbii3asis9caq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1phbl3xio7u6cbii3asis9caq|03|biz"; nocase; ) # bziribg4z49bvr445e6vpmmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bziribg4z49bvr445e6vpmmr|03|org"; nocase; ) # 1ca7e16ri6ni116e07jzgcq1pg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ca7e16ri6ni116e07jzgcq1pg|03|net"; nocase; ) # 157qhbqplvltojcbn4u1ba6amb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|157qhbqplvltojcbn4u1ba6amb|03|org"; nocase; ) # fiz9w4kc7qhh1wiei1y1jo3apd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fiz9w4kc7qhh1wiei1y1jo3apd|03|net"; nocase; ) # 1k0n3n1v6wfy7937l16fr9att.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k0n3n1v6wfy7937l16fr9att|03|com"; nocase; ) # 1jo04hz1dusgmu1knvav91d20itb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1jo04hz1dusgmu1knvav91d20itb|03|net"; nocase; ) # 4u517n3pd31yuhras1h36mir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4u517n3pd31yuhras1h36mir|03|com"; nocase; ) # exz7ie5fn0q612b8vni1py5khg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|exz7ie5fn0q612b8vni1py5khg|03|biz"; nocase; ) # zz50871p03y75wosr5d13is0ng.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zz50871p03y75wosr5d13is0ng|03|org"; nocase; ) # 1sm1c8r1kl1uy412zpa99mtktpm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sm1c8r1kl1uy412zpa99mtktpm|03|net"; nocase; ) # 1qbo47e1fc92n016jl4se1bu2zd7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qbo47e1fc92n016jl4se1bu2zd7|03|org"; nocase; ) # 1rlraabht193h1ed8i3r19p4tlz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rlraabht193h1ed8i3r19p4tlz|03|biz"; nocase; ) # 1irnghf1kum892o1vfv6g8lg6t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1irnghf1kum892o1vfv6g8lg6t|03|net"; nocase; ) # 1xenw2iarbvjf157wso414cow0n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xenw2iarbvjf157wso414cow0n|03|biz"; nocase; ) # b3svv8kx8yxgnddole1q9cp94.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b3svv8kx8yxgnddole1q9cp94|03|com"; nocase; ) # 1pmeth0xfd1wajopg241owlrkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pmeth0xfd1wajopg241owlrkz|03|com"; nocase; ) # kc383jn033yeistiu51xzbpre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kc383jn033yeistiu51xzbpre|03|org"; nocase; ) # 1t95hoz9oaa2x1ysmc22g158nk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t95hoz9oaa2x1ysmc22g158nk|03|biz"; nocase; ) # 1o4dlwh1alzebf14lmxtqi50g6b.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o4dlwh1alzebf14lmxtqi50g6b|03|biz"; nocase; ) # 107560o1keclc51qwc77p4at05.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|107560o1keclc51qwc77p4at05|03|org"; nocase; ) # 1xdd1na5owchvv5aypa2zd3th.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xdd1na5owchvv5aypa2zd3th|03|com"; nocase; ) # 59845o1rel7fp14c5yt1f6tprf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|59845o1rel7fp14c5yt1f6tprf|03|biz"; nocase; ) # 1olcwye14rvwgpbnitqepqhhic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1olcwye14rvwgpbnitqepqhhic|03|com"; nocase; ) # lett7q1h4z10kt5ao3k1v2gdda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lett7q1h4z10kt5ao3k1v2gdda|03|biz"; nocase; ) # 14wnd5ssg6nav1xfq0xgycrefe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14wnd5ssg6nav1xfq0xgycrefe|03|net"; nocase; ) # 1m9kveb89kps3zynrb6147uyur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m9kveb89kps3zynrb6147uyur|03|com"; nocase; ) # 1r0n7c11tgzizd1txdbxht1gzuf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r0n7c11tgzizd1txdbxht1gzuf|03|biz"; nocase; ) # ssh5tq13m9zrt1yvy4v41xkd861.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ssh5tq13m9zrt1yvy4v41xkd861|03|net"; nocase; ) # xq62lc1is581s215xr7a154d1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xq62lc1is581s215xr7a154d1|03|com"; nocase; ) # xe6gfid3ybkz10s4j70m54f3k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xe6gfid3ybkz10s4j70m54f3k|03|biz"; nocase; ) # 1nx5n7s1eikivq1mkbnn7n2el9z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nx5n7s1eikivq1mkbnn7n2el9z|03|org"; nocase; ) # 1hevxpz1sugac01wjknvm1l9p2n7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hevxpz1sugac01wjknvm1l9p2n7|03|org"; nocase; ) # 18f9tc61ghaxw61ngxo5u15ibk2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18f9tc61ghaxw61ngxo5u15ibk2|03|com"; nocase; ) # 15xk6b6jkxfcq1cpmc531doel20.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15xk6b6jkxfcq1cpmc531doel20|03|biz"; nocase; ) # a3gp8y1ocps7doncn6s17ce007.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a3gp8y1ocps7doncn6s17ce007|03|biz"; nocase; ) # lx1n8419hjthe7frveypmc20t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lx1n8419hjthe7frveypmc20t|03|net"; nocase; ) # glgjrn1lcf32q1wib0jf7d1oqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|glgjrn1lcf32q1wib0jf7d1oqv|03|org"; nocase; ) # 1x2227v8j1sbzct3q3ltb7kmi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1x2227v8j1sbzct3q3ltb7kmi|03|com"; nocase; ) # 12q9ju01rbt22b1v5vtga1cp530u.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|12q9ju01rbt22b1v5vtga1cp530u|03|org"; nocase; ) # 19si1ogsni6x8qoypnd13xe8ha.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19si1ogsni6x8qoypnd13xe8ha|03|com"; nocase; ) # 1yj8k14d7s4zw1dijr4f4q7qyg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yj8k14d7s4zw1dijr4f4q7qyg|03|org"; nocase; ) # o2xtte12qsfy91xvix1m1uaawiy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o2xtte12qsfy91xvix1m1uaawiy|03|net"; nocase; ) # 1tfl2kn194t9kv3zs21msngdfy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tfl2kn194t9kv3zs21msngdfy|03|org"; nocase; ) # 1vb0lai1moyff17wym9u19p3css.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vb0lai1moyff17wym9u19p3css|03|net"; nocase; ) # b2o8cmriic2u1emka5j6g5qn0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b2o8cmriic2u1emka5j6g5qn0|03|net"; nocase; ) # 1aknp33586bvr42hi0zmnlltn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aknp33586bvr42hi0zmnlltn|03|biz"; nocase; ) # 1efvlii1q7qhl61jup82jqyssed.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1efvlii1q7qhl61jup82jqyssed|03|org"; nocase; ) # 1g7gxfl1rvhacpj0ygmr1svbrqe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g7gxfl1rvhacpj0ygmr1svbrqe|03|com"; nocase; ) # 1237ilwk2bnr7cqchi217bjdw4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1237ilwk2bnr7cqchi217bjdw4|03|org"; nocase; ) # 1ug9vz6j8xbgw1v24mogjs43l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ug9vz6j8xbgw1v24mogjs43l|03|org"; nocase; ) # xr1sxm1kc0zot1lnjgrp1o0g54q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xr1sxm1kc0zot1lnjgrp1o0g54q|03|biz"; nocase; ) # mqg5r01u4zvglzhc4su1axjd5u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mqg5r01u4zvglzhc4su1axjd5u|03|net"; nocase; ) # 15qyqpegonudmtl7cmoagj345.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15qyqpegonudmtl7cmoagj345|03|net"; nocase; ) # ph15gpgikkb11foae1p1tz77od.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ph15gpgikkb11foae1p1tz77od|03|net"; nocase; ) # 1u9l75ysh9np1m8xejiws1s7c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u9l75ysh9np1m8xejiws1s7c|03|biz"; nocase; ) # oxdfo41oqhtzki58nwh1euxkgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|oxdfo41oqhtzki58nwh1euxkgy|03|com"; nocase; ) # 15egw941azsgi11y9aiup9mgfed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15egw941azsgi11y9aiup9mgfed|03|net"; nocase; ) # 1jni68q1j85zdf5azel1xckms2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jni68q1j85zdf5azel1xckms2|03|net"; nocase; ) # 1ctyh8nvfwt3t1xshdhr1wysjmm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ctyh8nvfwt3t1xshdhr1wysjmm|03|org"; nocase; ) # 5c7sc8llweny1xms2w61d4bbyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5c7sc8llweny1xms2w61d4bbyc|03|com"; nocase; ) # trv74g1utkkn6qfmoyfazhad1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|trv74g1utkkn6qfmoyfazhad1|03|net"; nocase; ) # 3xwkakr5ypjw1dj8ldrurc0a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3xwkakr5ypjw1dj8ldrurc0a|03|net"; nocase; ) # 4mtfieqbxl1l1ipq6wdhr7tmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4mtfieqbxl1l1ipq6wdhr7tmy|03|com"; nocase; ) # qovn9315piqlnp2w7g5e2647.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qovn9315piqlnp2w7g5e2647|03|net"; nocase; ) # 1yd7v431iozrke12e6ttu1640e4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yd7v431iozrke12e6ttu1640e4i|03|net"; nocase; ) # skqpg11twndvwoftznjpbr7qh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|skqpg11twndvwoftznjpbr7qh|03|net"; nocase; ) # bjr3i11nkmdxemfp4bkfhf3z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|bjr3i11nkmdxemfp4bkfhf3z|03|net"; nocase; ) # wfo7qi1562c0toygjyu1b1zbx3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wfo7qi1562c0toygjyu1b1zbx3|03|net"; nocase; ) # y2jm6hmwyh4zc4k8j1jagw8o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|y2jm6hmwyh4zc4k8j1jagw8o|03|com"; nocase; ) # 19n6o5g154qclc1cy5j4x17edwkg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|19n6o5g154qclc1cy5j4x17edwkg|03|net"; nocase; ) # k24x2q187708cedobjyabdat8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k24x2q187708cedobjyabdat8|03|com"; nocase; ) # wsjcxbdwh93bjd16xq18vyrh1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wsjcxbdwh93bjd16xq18vyrh1|03|net"; nocase; ) # 19nhp97yop4jt382uvzn8evgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19nhp97yop4jt382uvzn8evgi|03|com"; nocase; ) # 66c6tp1uycvk11o6pqn11sj44w0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|66c6tp1uycvk11o6pqn11sj44w0|03|com"; nocase; ) # 1mp9ewlsr2ibzkfanjn10kqff6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mp9ewlsr2ibzkfanjn10kqff6|03|net"; nocase; ) # idrvmaf9rh545rw7krh0hzfe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|idrvmaf9rh545rw7krh0hzfe|03|net"; nocase; ) # 1e1wf261v1en9t169thq51evpwlc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1e1wf261v1en9t169thq51evpwlc|03|net"; nocase; ) # 49b4yt1s3ube613afeaenokpap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|49b4yt1s3ube613afeaenokpap|03|org"; nocase; ) # 1gndyy17bro601f4r5rnlsf772.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gndyy17bro601f4r5rnlsf772|03|org"; nocase; ) # 1as09tnhfrg3y8covgpl0xo2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1as09tnhfrg3y8covgpl0xo2|03|net"; nocase; ) # t8fj1x11akg7o1ay4ped1w6i15u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|t8fj1x11akg7o1ay4ped1w6i15u|03|biz"; nocase; ) # 1uxh9lk1vbs7hl1ntd9cd16o0lnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uxh9lk1vbs7hl1ntd9cd16o0lnc|03|com"; nocase; ) # 69opob6rw3y21ht4ec7e3ffbd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|69opob6rw3y21ht4ec7e3ffbd|03|net"; nocase; ) # 77473m19ia59z1ffpn6jo3uesa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|77473m19ia59z1ffpn6jo3uesa|03|org"; nocase; ) # ovxcz61xg7j8cs0yser1e9he6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ovxcz61xg7j8cs0yser1e9he6|03|org"; nocase; ) # n6mkkv19v5m7wggsodsbxd2ez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n6mkkv19v5m7wggsodsbxd2ez|03|com"; nocase; ) # 1l91tjn8vbauv1iksbdmqabvlj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l91tjn8vbauv1iksbdmqabvlj|03|org"; nocase; ) # 1oz3qlytfbuad16xn02fklze6k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1oz3qlytfbuad16xn02fklze6k|03|net"; nocase; ) # jy0ilt1nt4st7196n35c1rqafa4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|jy0ilt1nt4st7196n35c1rqafa4|03|net"; nocase; ) # k1octx11v0k05ja5b44de767k.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k1octx11v0k05ja5b44de767k|03|net"; nocase; ) # wnxuzqlkm4a7h36jmo1dvevv5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wnxuzqlkm4a7h36jmo1dvevv5|03|net"; nocase; ) # 19nme3g1rxdk3cyakcy11gb24ru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19nme3g1rxdk3cyakcy11gb24ru|03|biz"; nocase; ) # jqwtg31t9d7mfeuphes1x66cgj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jqwtg31t9d7mfeuphes1x66cgj|03|com"; nocase; ) # 1y4xd2rayux66we6ckhwm8kvq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1y4xd2rayux66we6ckhwm8kvq|03|com"; nocase; ) # xjifsd1pc4xz51xofpdd2qoir9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xjifsd1pc4xz51xofpdd2qoir9|03|biz"; nocase; ) # 138021s1dxtmx1dcxyaz1h54l9g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|138021s1dxtmx1dcxyaz1h54l9g|03|com"; nocase; ) # 1qsrl5l12d59z81ukk9mx1pvjm19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1qsrl5l12d59z81ukk9mx1pvjm19|03|net"; nocase; ) # 1qqxc0y19d2ltb3aguna1g92xe4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qqxc0y19d2ltb3aguna1g92xe4|03|com"; nocase; ) # 1h05zou3s3866124vghn3d37gx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h05zou3s3866124vghn3d37gx|03|net"; nocase; ) # 1ot6j301dnikaw1ifzlic1qb5vjx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ot6j301dnikaw1ifzlic1qb5vjx|03|com"; nocase; ) # 1rrishbb1uyii10l7ssl12200f2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rrishbb1uyii10l7ssl12200f2|03|org"; nocase; ) # hg35jp35vz401bu1s3v1fm1a8n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hg35jp35vz401bu1s3v1fm1a8n|03|biz"; nocase; ) # 1wbltql11h68h05i9ghqlvt8g1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wbltql11h68h05i9ghqlvt8g1|03|net"; nocase; ) # 9advsc1dmu77h1rbmuc5p0fs16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9advsc1dmu77h1rbmuc5p0fs16|03|com"; nocase; ) # 1wu4se11aygngg1az4ocb46yzy1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wu4se11aygngg1az4ocb46yzy1|03|net"; nocase; ) # 11vlfs31x75bly127gdr3e23gs7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11vlfs31x75bly127gdr3e23gs7|03|net"; nocase; ) # eu6p75c67b0j1vz8jnj1abd5zq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|eu6p75c67b0j1vz8jnj1abd5zq|03|com"; nocase; ) # 1gmr30u1w4c5ef1bxgx5p1vdtnis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gmr30u1w4c5ef1bxgx5p1vdtnis|03|net"; nocase; ) # 9ds7cl1i5cudjgfubvu1kiqcgn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ds7cl1i5cudjgfubvu1kiqcgn|03|com"; nocase; ) # 11nvrep19utbfx98cdryiux32k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11nvrep19utbfx98cdryiux32k|03|org"; nocase; ) # ryk5ta1r49dzamxgd8rzr31hj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ryk5ta1r49dzamxgd8rzr31hj|03|net"; nocase; ) # v3zpdcjuo14e1f7la0xea5of5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v3zpdcjuo14e1f7la0xea5of5|03|org"; nocase; ) # 16xsnhx14stidtvenqcf1j01lrj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16xsnhx14stidtvenqcf1j01lrj|03|com"; nocase; ) # ujpsxg1ul4dxg17yhjbg1np5cpo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|ujpsxg1ul4dxg17yhjbg1np5cpo|03|com"; nocase; ) # zsw3723gik6e1y8hxu3bqedwp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zsw3723gik6e1y8hxu3bqedwp|03|org"; nocase; ) # 1g7i9vm1lsi37f1o8ukiljgef8u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1g7i9vm1lsi37f1o8ukiljgef8u|03|net"; nocase; ) # 1nrvubh1sqcdro1dliu3jv3hirj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nrvubh1sqcdro1dliu3jv3hirj|03|net"; nocase; ) # 1hreu0i15dokc31vt7kso1nd6h0k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hreu0i15dokc31vt7kso1nd6h0k|03|org"; nocase; ) # xlr7oz96pwbd1bnlxgk8jyall.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xlr7oz96pwbd1bnlxgk8jyall|03|org"; nocase; ) # 1jod85112ajg5qkb8o1ltyi3xv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jod85112ajg5qkb8o1ltyi3xv|03|net"; nocase; ) # gwhm2kd4w3ts1xotby11raoj50.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gwhm2kd4w3ts1xotby11raoj50|03|org"; nocase; ) # 1gtproe1o9yx6713f6i3x16rh0mn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gtproe1o9yx6713f6i3x16rh0mn|03|biz"; nocase; ) # p4qdg31p5yb1s1w6c6th140oj72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p4qdg31p5yb1s1w6c6th140oj72|03|net"; nocase; ) # 1aglf2o1m0uph71obpkvpyr1151.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aglf2o1m0uph71obpkvpyr1151|03|com"; nocase; ) # zhjuk9was2hl1m4nh3veze3s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zhjuk9was2hl1m4nh3veze3s|03|com"; nocase; ) # 1yj4ckb1dnhjlr1uypv4qyaq3ih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yj4ckb1dnhjlr1uypv4qyaq3ih|03|com"; nocase; ) # 1uwojhh17km2vdk254vfibkqee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwojhh17km2vdk254vfibkqee|03|net"; nocase; ) # 8m0oze1ccnlz4vp7qhy1xb1cev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8m0oze1ccnlz4vp7qhy1xb1cev|03|net"; nocase; ) # 1395ho11nidbty1pa7rbtmpc88b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1395ho11nidbty1pa7rbtmpc88b|03|org"; nocase; ) # 126zxjhpk6ynr16uc1uqzazvuy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|126zxjhpk6ynr16uc1uqzazvuy|03|org"; nocase; ) # wr876i1728zf61q9f79p10mm7oc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|wr876i1728zf61q9f79p10mm7oc|03|biz"; nocase; ) # k3wbum14r2ogw1l9o5p11d6zk3c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|k3wbum14r2ogw1l9o5p11d6zk3c|03|biz"; nocase; ) # 7o4jvezyaaz4tdxxv61gu02f6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7o4jvezyaaz4tdxxv61gu02f6|03|net"; nocase; ) # by576amill02rbvr7u447r8h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|by576amill02rbvr7u447r8h|03|net"; nocase; ) # yx12ke2tkuv5nd0bbk1xr3ie7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yx12ke2tkuv5nd0bbk1xr3ie7|03|biz"; nocase; ) # 14a8y7lypfp231c2m5x7pj6l27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14a8y7lypfp231c2m5x7pj6l27|03|com"; nocase; ) # 1wx0eo0dvkdvkfe1mlx17pz3sg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wx0eo0dvkdvkfe1mlx17pz3sg|03|biz"; nocase; ) # n268ttr6nmzk17gx5vl10ugs7r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n268ttr6nmzk17gx5vl10ugs7r|03|net"; nocase; ) # ov7fw8jd4jkf1fqszrd1fhwlgx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ov7fw8jd4jkf1fqszrd1fhwlgx|03|net"; nocase; ) # 1h3tbh4i2jebxkhmv7xvo3qnm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1h3tbh4i2jebxkhmv7xvo3qnm|03|biz"; nocase; ) # 132c9521cj0qds71gu997lweqt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|132c9521cj0qds71gu997lweqt|03|net"; nocase; ) # 171shkf1rkw2a812mnf9c1k9t4hr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|171shkf1rkw2a812mnf9c1k9t4hr|03|org"; nocase; ) # nkxvm21ho46uu1d6hxx11r0x5dw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|nkxvm21ho46uu1d6hxx11r0x5dw|03|com"; nocase; ) # 1razhz3jnlky8nq6uieeoivxz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1razhz3jnlky8nq6uieeoivxz|03|com"; nocase; ) # 1xnk82p6et9pdivbyzo1gxnms7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1xnk82p6et9pdivbyzo1gxnms7|03|org"; nocase; ) # i215nih3dt5s1wplxwt4g9arn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i215nih3dt5s1wplxwt4g9arn|03|org"; nocase; ) # 6qfxay5002ix6bosn8iqisx5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6qfxay5002ix6bosn8iqisx5|03|net"; nocase; ) # 15x30451kxbqd81wrrrh61gpx4aq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15x30451kxbqd81wrrrh61gpx4aq|03|com"; nocase; ) # mx8ym51wetg2u19a9rjpvnk9kv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mx8ym51wetg2u19a9rjpvnk9kv|03|org"; nocase; ) # y9eapc1c5zgs51h0w3c41fgzgjc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|y9eapc1c5zgs51h0w3c41fgzgjc|03|org"; nocase; ) # axzrc2fvqz0lkzpad56w96h9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|axzrc2fvqz0lkzpad56w96h9|03|biz"; nocase; ) # 13wi0vrbxfgzs1s061sc1yt24q4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13wi0vrbxfgzs1s061sc1yt24q4|03|biz"; nocase; ) # 1mvhvj71ig3xwqisvw4i12j8tr4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mvhvj71ig3xwqisvw4i12j8tr4|03|net"; nocase; ) # 1pygfl51qyhge81qoq3e92tny27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pygfl51qyhge81qoq3e92tny27|03|com"; nocase; ) # ga4ceorp395f1vzuzuu137rxpz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ga4ceorp395f1vzuzuu137rxpz|03|com"; nocase; ) # 1orob9x13n8roujxenw13735h7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1orob9x13n8roujxenw13735h7|03|com"; nocase; ) # afgat79a48111or2pgxc7vl6r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|afgat79a48111or2pgxc7vl6r|03|com"; nocase; ) # sx4f93qqhmtcxu0cs51faetiu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sx4f93qqhmtcxu0cs51faetiu|03|org"; nocase; ) # 83wigm7gjmmjdhnkmss1ek8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|83wigm7gjmmjdhnkmss1ek8|03|com"; nocase; ) # 124pdd63l75uz1lhom5s1v7141v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|124pdd63l75uz1lhom5s1v7141v|03|com"; nocase; ) # eo52nxlqqzhq11j39exzvyru4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eo52nxlqqzhq11j39exzvyru4|03|net"; nocase; ) # nd0od11wsjg961gx6velr8fqa9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nd0od11wsjg961gx6velr8fqa9|03|biz"; nocase; ) # mau5pc1oood6k1oskm0ko7ciic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mau5pc1oood6k1oskm0ko7ciic|03|net"; nocase; ) # es78r51tetujt8hrmyt7wrthe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|es78r51tetujt8hrmyt7wrthe|03|biz"; nocase; ) # 9ur3i41a60aj6izqb0v1khk7td.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9ur3i41a60aj6izqb0v1khk7td|03|net"; nocase; ) # a6ewdl16b7hf81ou9j511mic7pt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|a6ewdl16b7hf81ou9j511mic7pt|03|biz"; nocase; ) # sz3awn1dlxh6yxw951zxiv1eq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sz3awn1dlxh6yxw951zxiv1eq|03|com"; nocase; ) # 5yecr10m93rh1u2n28j1yu9a74.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5yecr10m93rh1u2n28j1yu9a74|03|com"; nocase; ) # uwfut11eymp5x1ypgui1vhuhp7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uwfut11eymp5x1ypgui1vhuhp7|03|biz"; nocase; ) # 14n0ldjo4c7wvfkr3xnxm2yqe.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14n0ldjo4c7wvfkr3xnxm2yqe|03|org"; nocase; ) # u3ksi9k85d731qnq9476vzm9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|u3ksi9k85d731qnq9476vzm9|03|net"; nocase; ) # 15po6b7dorzy1hbk1w2cuxaru.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|15po6b7dorzy1hbk1w2cuxaru|03|biz"; nocase; ) # 1ddixqz14ifoi1vq7mtm1jk274q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ddixqz14ifoi1vq7mtm1jk274q|03|net"; nocase; ) # 197y6xy1078mz23h1i3qlezm8h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|197y6xy1078mz23h1i3qlezm8h|03|org"; nocase; ) # 1rp6k0d1q8cb2lq4u9z41k2vnt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rp6k0d1q8cb2lq4u9z41k2vnt|03|org"; nocase; ) # 14jjfwa1ry93m2h7nwjgb25tli.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14jjfwa1ry93m2h7nwjgb25tli|03|com"; nocase; ) # esq8cd1s619ggru3rta18xj4hy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|esq8cd1s619ggru3rta18xj4hy|03|com"; nocase; ) # 1bg3a0cwq1yusew2op51laamxy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bg3a0cwq1yusew2op51laamxy|03|com"; nocase; ) # 19gcphtm0bk531vvcw9n19385zu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19gcphtm0bk531vvcw9n19385zu|03|biz"; nocase; ) # 1we475s64gywlj3ncce11piaq8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1we475s64gywlj3ncce11piaq8|03|net"; nocase; ) # 17gezx4g42478aw94zc53tz6c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17gezx4g42478aw94zc53tz6c|03|net"; nocase; ) # 4swfvnur4836ve6s451xhzi0w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4swfvnur4836ve6s451xhzi0w|03|net"; nocase; ) # vjc9f9hdzuygyr2qvv674kqm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|vjc9f9hdzuygyr2qvv674kqm|03|com"; nocase; ) # 1xjpy2z1kszg0wz4be3k1qeepvq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xjpy2z1kszg0wz4be3k1qeepvq|03|biz"; nocase; ) # g5v7o11mubw2o8u4jgt1kog9jb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g5v7o11mubw2o8u4jgt1kog9jb|03|com"; nocase; ) # 1b6bwnv1tqisf31x4hkii1wm9as4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1b6bwnv1tqisf31x4hkii1wm9as4|03|biz"; nocase; ) # vngoqq1u6hf2t1s37k151dykas0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vngoqq1u6hf2t1s37k151dykas0|03|biz"; nocase; ) # 19boqqdsdaj6hefdm2m1yag9gm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19boqqdsdaj6hefdm2m1yag9gm|03|biz"; nocase; ) # plaa4h1nvfg1s9vqdycrmz2dh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|plaa4h1nvfg1s9vqdycrmz2dh|03|net"; nocase; ) # vhgb2yocdhrma98v3x1tjmw8o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vhgb2yocdhrma98v3x1tjmw8o|03|org"; nocase; ) # 1ew4lqp1ehlchz104znhp1km1zfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ew4lqp1ehlchz104znhp1km1zfs|03|com"; nocase; ) # 1yguhn1sklw654bmw3l1afqttr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yguhn1sklw654bmw3l1afqttr|03|biz"; nocase; ) # 6nxyno1wd0nubbrcn6846pxb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6nxyno1wd0nubbrcn6846pxb9|03|net"; nocase; ) # ei9p76ylvl6jh9qgdb7qmq4c.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ei9p76ylvl6jh9qgdb7qmq4c|03|biz"; nocase; ) # 1a1wcxnsxdqy1rh45ayk4eiuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a1wcxnsxdqy1rh45ayk4eiuo|03|net"; nocase; ) # 1ejm77r6fs9ln1b4r0o01xdnhng.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ejm77r6fs9ln1b4r0o01xdnhng|03|com"; nocase; ) # 1r43huc1rzpxplodguth1dova33.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1r43huc1rzpxplodguth1dova33|03|org"; nocase; ) # jd1nybl21zhtuweo4wbzgrw1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jd1nybl21zhtuweo4wbzgrw1|03|net"; nocase; ) # n3b08o1l2e5x41kdl0z51v4rhc6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|n3b08o1l2e5x41kdl0z51v4rhc6|03|com"; nocase; ) # 1jeaeu1y1o592sivww1cica97.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jeaeu1y1o592sivww1cica97|03|net"; nocase; ) # 12oru6qlh3m52vkvdc51oex8er.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12oru6qlh3m52vkvdc51oex8er|03|com"; nocase; ) # goqsf01xti1kk1egepmh12bemjx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|goqsf01xti1kk1egepmh12bemjx|03|net"; nocase; ) # d5j33e17l0ca3s6tjyrcvaqfb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|d5j33e17l0ca3s6tjyrcvaqfb|03|biz"; nocase; ) # mr4ru6agl8wvymwi9ikv5vw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|mr4ru6agl8wvymwi9ikv5vw|03|net"; nocase; ) # cpkon71dmae5ndg9k6p1ifvp20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cpkon71dmae5ndg9k6p1ifvp20|03|org"; nocase; ) # vuslgkxdqkkf1guemnwv7vimd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vuslgkxdqkkf1guemnwv7vimd|03|com"; nocase; ) # 1cea7lxwcrcfi2ktg8t19l3hbw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cea7lxwcrcfi2ktg8t19l3hbw|03|biz"; nocase; ) # 1empsf0i4yz7k99ck9914n36k5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1empsf0i4yz7k99ck9914n36k5|03|com"; nocase; ) # hbdx3y7shzlekdwm591h0gchc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hbdx3y7shzlekdwm591h0gchc|03|org"; nocase; ) # 1bdg29h1au7a7h1hzxzex169omix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bdg29h1au7a7h1hzxzex169omix|03|com"; nocase; ) # 45apj115phk1nusf84bezt6z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|45apj115phk1nusf84bezt6z|03|net"; nocase; ) # 1vm4ua61ty9eoe1pnz24rexnswy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vm4ua61ty9eoe1pnz24rexnswy|03|org"; nocase; ) # o9kxbt1c2zzf5xitsri17rgncv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|o9kxbt1c2zzf5xitsri17rgncv|03|biz"; nocase; ) # 1b1dmr617oloiwdttu68b6opm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b1dmr617oloiwdttu68b6opm|03|biz"; nocase; ) # 1txhq3n1cp7z8wk9ibp71ixvu0t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1txhq3n1cp7z8wk9ibp71ixvu0t|03|com"; nocase; ) # xmv6pb12v5doi1298up11nmg9ml.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xmv6pb12v5doi1298up11nmg9ml|03|biz"; nocase; ) # b1zh3kyox977ibzl4e2k3k5e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b1zh3kyox977ibzl4e2k3k5e|03|org"; nocase; ) # l2qhz0vxo73113lkr4p70avo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|l2qhz0vxo73113lkr4p70avo7|03|net"; nocase; ) # 1w78hdssydxdd1bzsw8l7b4ajc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1w78hdssydxdd1bzsw8l7b4ajc|03|com"; nocase; ) # q6ow0lqjctg875jeqklyfdc0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|q6ow0lqjctg875jeqklyfdc0|03|org"; nocase; ) # 1wbv0bpo4s6q39pz95gwu3xsv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wbv0bpo4s6q39pz95gwu3xsv|03|biz"; nocase; ) # 52m62r15yoxbrgxd6ev1csl2rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|52m62r15yoxbrgxd6ev1csl2rz|03|com"; nocase; ) # abfm8tgy4icp1nquxzn14hfop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|abfm8tgy4icp1nquxzn14hfop|03|net"; nocase; ) # 2x145s8e6qk51jby5d31b0vdap.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2x145s8e6qk51jby5d31b0vdap|03|org"; nocase; ) # p6jnej13uijyg1x99qi310dr42n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|p6jnej13uijyg1x99qi310dr42n|03|biz"; nocase; ) # 1t10gb5brb3u81v5cpaq1k8or8k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t10gb5brb3u81v5cpaq1k8or8k|03|biz"; nocase; ) # 1vo728o1a34jd1d3z31v12macrk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vo728o1a34jd1d3z31v12macrk|03|biz"; nocase; ) # yn6pk1pk6m301vh99ue1a55kkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yn6pk1pk6m301vh99ue1a55kkc|03|com"; nocase; ) # o3slzcbceopz1wr6o435n47hx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o3slzcbceopz1wr6o435n47hx|03|net"; nocase; ) # zs3rhv1r3ih73lq7neaczq7ri.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zs3rhv1r3ih73lq7neaczq7ri|03|com"; nocase; ) # 1daqibrnr6fru1i9iqp31mb9yal.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1daqibrnr6fru1i9iqp31mb9yal|03|biz"; nocase; ) # 1h03nco1e3dxgvr6e4ug1f33mnb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h03nco1e3dxgvr6e4ug1f33mnb|03|org"; nocase; ) # pffter1e2uyqq4pnw4v1pd3suv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pffter1e2uyqq4pnw4v1pd3suv|03|net"; nocase; ) # mzxuigj15sxq2c05mlj6h3nr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|mzxuigj15sxq2c05mlj6h3nr|03|net"; nocase; ) # 14wsyu7a8jfmx1o4wa9g1n0pm7g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14wsyu7a8jfmx1o4wa9g1n0pm7g|03|net"; nocase; ) # hm96nwpcuu7b1dsugvx1yf6ot6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hm96nwpcuu7b1dsugvx1yf6ot6|03|net"; nocase; ) # 1id0cap1ox0m7ob30sss1csg00u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1id0cap1ox0m7ob30sss1csg00u|03|net"; nocase; ) # 1jmvaxcyq9b3h17ubjuu1aivfvr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmvaxcyq9b3h17ubjuu1aivfvr|03|net"; nocase; ) # 19rppj913583e84xcl3vditnv9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19rppj913583e84xcl3vditnv9|03|biz"; nocase; ) # b2h68r1ayxj4aste7krz7fx0v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|b2h68r1ayxj4aste7krz7fx0v|03|biz"; nocase; ) # 193ziaeukg6esxnlqyx1dpaht1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|193ziaeukg6esxnlqyx1dpaht1|03|net"; nocase; ) # 1lnuqxue4n8e312fnqy2dw902i.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lnuqxue4n8e312fnqy2dw902i|03|biz"; nocase; ) # 1s1vnj61866li41kogiqy1doc22a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1s1vnj61866li41kogiqy1doc22a|03|com"; nocase; ) # 1nh485h1w4qi1j1tnnst93gavw8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nh485h1w4qi1j1tnnst93gavw8|03|net"; nocase; ) # 18dukkcq6d7i7100vswu1t8wkc6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18dukkcq6d7i7100vswu1t8wkc6|03|org"; nocase; ) # 1as4hpa14tonbc1tr2xxh2ktzlh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1as4hpa14tonbc1tr2xxh2ktzlh|03|com"; nocase; ) # 19ycfmb1gz4hia3sdlfl1ueu95d.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19ycfmb1gz4hia3sdlfl1ueu95d|03|biz"; nocase; ) # 1bwe0cp7jemzd1iaasvee52v5x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bwe0cp7jemzd1iaasvee52v5x|03|net"; nocase; ) # yszgrn1rmjjw91vqt3st1b8waf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|yszgrn1rmjjw91vqt3st1b8waf4|03|com"; nocase; ) # 191xchq1wtciqu1bup2nocmegnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|191xchq1wtciqu1bup2nocmegnk|03|com"; nocase; ) # 1ycfjzw1jnuesvnw1dbi1sibhz0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ycfjzw1jnuesvnw1dbi1sibhz0|03|org"; nocase; ) # inzfg92y7pjqvs0nlwx83ir2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|inzfg92y7pjqvs0nlwx83ir2|03|biz"; nocase; ) # 1n0gb92obwz6b1p0d5yecs45j1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n0gb92obwz6b1p0d5yecs45j1|03|biz"; nocase; ) # 17gfi05o1uq0gj9kxvf1x3xdgp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17gfi05o1uq0gj9kxvf1x3xdgp|03|org"; nocase; ) # kqqqz19si0bp6dt3uq6bz4r6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kqqqz19si0bp6dt3uq6bz4r6|03|org"; nocase; ) # 1p0t4ne1c9rduhmg3pos1d7nm9e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p0t4ne1c9rduhmg3pos1d7nm9e|03|org"; nocase; ) # 14dlksbbqvln3clj16rav9g4w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046565; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14dlksbbqvln3clj16rav9g4w|03|com"; nocase; ) # 1yfl7re5lec5ykmvaoj11vb4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046566; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1yfl7re5lec5ykmvaoj11vb4|03|com"; nocase; ) # 16przw61arhvzbvmq7vgttyfia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046567; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16przw61arhvzbvmq7vgttyfia|03|net"; nocase; ) # yx3phc1vhhejsjxulay1revtlx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046568; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yx3phc1vhhejsjxulay1revtlx|03|com"; nocase; ) # athu86i39140gyum8x1osljg3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046569; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|athu86i39140gyum8x1osljg3|03|biz"; nocase; ) # 1jxzvrd13bii0o95msh11lnsr92.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046570; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jxzvrd13bii0o95msh11lnsr92|03|biz"; nocase; ) # ctq0y1g0yowaloxgfm156gm7c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046571; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ctq0y1g0yowaloxgfm156gm7c|03|net"; nocase; ) # 1bi6yqf1nk1dtop1ji1g1cprp7w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046572; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bi6yqf1nk1dtop1ji1g1cprp7w|03|com"; nocase; ) # e5te6hd1s4d24xur8k1wu3zws.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046573; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e5te6hd1s4d24xur8k1wu3zws|03|biz"; nocase; ) # 19ppkv21gdp6femexig6cn0uxc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046574; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ppkv21gdp6femexig6cn0uxc|03|com"; nocase; ) # 9fs39892pwrsm69ru318tqpbm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046575; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9fs39892pwrsm69ru318tqpbm|03|biz"; nocase; ) # 1u7pihk159s3ks2ft4bpr434mj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046576; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u7pihk159s3ks2ft4bpr434mj|03|net"; nocase; ) # ztvms751uvkxm2mpmm19si2ji.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046577; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ztvms751uvkxm2mpmm19si2ji|03|org"; nocase; ) # 3hvv371wmvvm913wtr9a1nnr33v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046578; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3hvv371wmvvm913wtr9a1nnr33v|03|biz"; nocase; ) # 1iozgw31gszock47c10q1t3p7hg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046579; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1iozgw31gszock47c10q1t3p7hg|03|org"; nocase; ) # 7gwsbbnglkioz83eyi1pi79oh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046580; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7gwsbbnglkioz83eyi1pi79oh|03|com"; nocase; ) # a6wvxr1036oom9r95h811ghwtd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046581; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a6wvxr1036oom9r95h811ghwtd|03|com"; nocase; ) # cyzmft1hdy7hqgzvdjks08olq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046582; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cyzmft1hdy7hqgzvdjks08olq|03|net"; nocase; ) # 2by1p91qqlh0q1fwwcodb5ryjw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046583; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2by1p91qqlh0q1fwwcodb5ryjw|03|org"; nocase; ) # 93niua1ej5o1713k9a4l7iwf4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046584; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|93niua1ej5o1713k9a4l7iwf4|03|org"; nocase; ) # 5n0i0d7xzw6610ijvmvkbgqrm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046585; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5n0i0d7xzw6610ijvmvkbgqrm|03|biz"; nocase; ) # 1xyg0dm1wiaovrzmp72l1dpe7hu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046586; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xyg0dm1wiaovrzmp72l1dpe7hu|03|net"; nocase; ) # lkz2rh5jnm9o1uttqr115vkgay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046587; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lkz2rh5jnm9o1uttqr115vkgay|03|com"; nocase; ) # 1xkfpkuynkz351bcz71616c1y41.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046588; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xkfpkuynkz351bcz71616c1y41|03|com"; nocase; ) # qjvhn6r43nhd19q4lucqwaxeg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046589; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qjvhn6r43nhd19q4lucqwaxeg|03|biz"; nocase; ) # 1jqdj3g1ssk38btz7maz1egkvam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046590; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jqdj3g1ssk38btz7maz1egkvam|03|net"; nocase; ) # 150vk9qco10bxsqv4lm6hfm9x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046591; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|150vk9qco10bxsqv4lm6hfm9x|03|com"; nocase; ) # jaxof713l68u22utln21vzinn4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046592; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jaxof713l68u22utln21vzinn4|03|net"; nocase; ) # tv30qmbdqtuttzupd415dbibg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046593; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tv30qmbdqtuttzupd415dbibg|03|biz"; nocase; ) # ydutok1fwrl25orekls5ih67p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046594; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ydutok1fwrl25orekls5ih67p|03|org"; nocase; ) # 1a6ppjr13o2r61qzl6cj1oqm3il.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046595; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6ppjr13o2r61qzl6cj1oqm3il|03|net"; nocase; ) # vq5frj11bjstq16xiyjt507q66.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046596; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|vq5frj11bjstq16xiyjt507q66|03|net"; nocase; ) # 1ry452f7cbl5qhakam2vhgrtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046597; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ry452f7cbl5qhakam2vhgrtg|03|net"; nocase; ) # 9lmqeh1gsxgxi14gtyde13zyy0r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046598; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|9lmqeh1gsxgxi14gtyde13zyy0r|03|com"; nocase; ) # j5l58m1cpgmwnul2ni2108kz7z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046599; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j5l58m1cpgmwnul2ni2108kz7z|03|net"; nocase; ) # 1t2xrynhac9qauq6z5s1xdzicy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046600; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t2xrynhac9qauq6z5s1xdzicy|03|com"; nocase; ) # 7api9br4upzh8ipsrc5e0mmz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046601; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|7api9br4upzh8ipsrc5e0mmz|03|com"; nocase; ) # 1blowgo1n0etcx1i0lx7e1e4lovn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046602; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1blowgo1n0etcx1i0lx7e1e4lovn|03|biz"; nocase; ) # z5jqc01k9t8ob1g2j0v41b1bgkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046603; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z5jqc01k9t8ob1g2j0v41b1bgkn|03|net"; nocase; ) # z0qwkj1w1nryl1pcr4ge1k7to4p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046604; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|z0qwkj1w1nryl1pcr4ge1k7to4p|03|org"; nocase; ) # kxmlb1dcetf9cp6ryj1c6jmis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046605; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kxmlb1dcetf9cp6ryj1c6jmis|03|net"; nocase; ) # 1wd8ckkl4tosm1y8nk7818nyp1r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046606; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wd8ckkl4tosm1y8nk7818nyp1r|03|net"; nocase; ) # 1u1349x1qxqvse1jzn9a8f98gkj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046607; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1u1349x1qxqvse1jzn9a8f98gkj|03|net"; nocase; ) # 1aezw0w1e0q99ckbxcnh1out1b6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046608; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1aezw0w1e0q99ckbxcnh1out1b6|03|biz"; nocase; ) # hz0bnp17zuzqpm0lzfyo31evl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046609; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hz0bnp17zuzqpm0lzfyo31evl|03|net"; nocase; ) # 1n40m211ow02q374tz0s1f0ots1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046610; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n40m211ow02q374tz0s1f0ots1|03|net"; nocase; ) # 1ra2ws3q741el15jxoh745noyk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046611; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ra2ws3q741el15jxoh745noyk|03|org"; nocase; ) # xaask5zgbm4u11zyyzn5tazlu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046612; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xaask5zgbm4u11zyyzn5tazlu|03|com"; nocase; ) # 1gpvupd1bqxmmp1f11jvmc9jbys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046613; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gpvupd1bqxmmp1f11jvmc9jbys|03|com"; nocase; ) # 1liuv762o0ny8141u1ofwc8ii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046614; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1liuv762o0ny8141u1ofwc8ii|03|net"; nocase; ) # cykc1jwb88qv1z4qex1yhes0p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046615; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cykc1jwb88qv1z4qex1yhes0p|03|net"; nocase; ) # rwhizk18bs1dztau6d31kyiu44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046616; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rwhizk18bs1dztau6d31kyiu44|03|com"; nocase; ) # 1b3hgrz1ixng701e5gm1ffssdu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046617; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b3hgrz1ixng701e5gm1ffssdu|03|net"; nocase; ) # 15wkzhj3n006x1rgtdwzkk3eja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046618; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15wkzhj3n006x1rgtdwzkk3eja|03|com"; nocase; ) # 1q7xdsr8dcveqoxp1u61lewaa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046619; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1q7xdsr8dcveqoxp1u61lewaa|03|org"; nocase; ) # 6ezyui15m69f41hug5pv17zoyzz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046620; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ezyui15m69f41hug5pv17zoyzz|03|net"; nocase; ) # 1y9kedf1yorh9pif5c1z1thwrm6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046621; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y9kedf1yorh9pif5c1z1thwrm6|03|net"; nocase; ) # t45c0gxe6mf8dusyrj1puo9ia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046622; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t45c0gxe6mf8dusyrj1puo9ia|03|net"; nocase; ) # 1su3ixo189ll941cs5053m7jyya.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046623; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1su3ixo189ll941cs5053m7jyya|03|net"; nocase; ) # 11febg17th7dxbd5cfy1616rr5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046624; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11febg17th7dxbd5cfy1616rr5|03|net"; nocase; ) # odkz90x24wcu1n83hvlv759pa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046625; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|odkz90x24wcu1n83hvlv759pa|03|net"; nocase; ) # 7qyiz0vcgtmk16z4iie17eoup7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046626; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7qyiz0vcgtmk16z4iie17eoup7|03|com"; nocase; ) # 1823h6br432a9cjl4me1olh2go.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046627; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1823h6br432a9cjl4me1olh2go|03|net"; nocase; ) # g4i9fm1sh9wc4nh8af61jq6il7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046628; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g4i9fm1sh9wc4nh8af61jq6il7|03|net"; nocase; ) # d0n8zt58veyqiresnmsdh4be.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046629; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d0n8zt58veyqiresnmsdh4be|03|com"; nocase; ) # 1vlgdesbkfly21mb9c8febjppf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046630; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vlgdesbkfly21mb9c8febjppf|03|com"; nocase; ) # 1ityf11tustmt1clr6si2slxmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046631; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ityf11tustmt1clr6si2slxmn|03|org"; nocase; ) # 19rbokj2fgsayp5xbvpcz8bu0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046632; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19rbokj2fgsayp5xbvpcz8bu0|03|org"; nocase; ) # 1go4gs1536xj217snhx4101wpqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046633; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1go4gs1536xj217snhx4101wpqy|03|com"; nocase; ) # 1dalen1yqjl3p71yeut11cvt16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046634; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dalen1yqjl3p71yeut11cvt16|03|net"; nocase; ) # 1qj6or01922uu2jryneqn9h9oj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046635; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qj6or01922uu2jryneqn9h9oj|03|com"; nocase; ) # 1p09x8d1aecx0u1ktbhb7d9tqpi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046636; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p09x8d1aecx0u1ktbhb7d9tqpi|03|net"; nocase; ) # jpq0mz5v7tpe1vu94r8y4zlnc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046637; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jpq0mz5v7tpe1vu94r8y4zlnc|03|org"; nocase; ) # 11lppa51jqwnvb1fppt3x1xzljed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046638; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11lppa51jqwnvb1fppt3x1xzljed|03|net"; nocase; ) # nonmx6eob2py27pnej1hu9rf8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046639; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nonmx6eob2py27pnej1hu9rf8|03|net"; nocase; ) # 1u41l8x1xff59r1lqtv2a1pb3v4i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046640; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1u41l8x1xff59r1lqtv2a1pb3v4i|03|net"; nocase; ) # 1e6tzgzoe6y431y3teix1h3ola8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046641; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1e6tzgzoe6y431y3teix1h3ola8|03|net"; nocase; ) # 1n4phu7mkywyf92bx34187msbb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046642; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1n4phu7mkywyf92bx34187msbb|03|org"; nocase; ) # yqv0tatxfpx9cgqbc22sx99a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046643; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yqv0tatxfpx9cgqbc22sx99a|03|net"; nocase; ) # iwnl0b9gnupd12th1wqfebe4o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046644; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|iwnl0b9gnupd12th1wqfebe4o|03|org"; nocase; ) # 9s69gq82zp3c13qohtmzic372.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046645; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9s69gq82zp3c13qohtmzic372|03|biz"; nocase; ) # 1cfb6ize7qvfi1gyvv9579d90y.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046646; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1cfb6ize7qvfi1gyvv9579d90y|03|com"; nocase; ) # l0ytcn7uihwn10j4saw1bo9x9p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046647; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|l0ytcn7uihwn10j4saw1bo9x9p|03|net"; nocase; ) # 1u8uuwkmjae5j6zpfv7ctag27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046648; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u8uuwkmjae5j6zpfv7ctag27|03|net"; nocase; ) # him0of1gs3l25t5qie9140sng4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046649; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|him0of1gs3l25t5qie9140sng4|03|org"; nocase; ) # xdh4vg6hgehg17x8xkx1r38nmk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046650; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xdh4vg6hgehg17x8xkx1r38nmk|03|org"; nocase; ) # bb265x1yd3h0fhq6vqw1pd7sp4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046651; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bb265x1yd3h0fhq6vqw1pd7sp4|03|biz"; nocase; ) # og71g1ratjsn14hrakj1oiytbs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046652; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|og71g1ratjsn14hrakj1oiytbs|03|com"; nocase; ) # 103bois1dtuoyz1u8mv3518thhb6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046653; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|103bois1dtuoyz1u8mv3518thhb6|03|net"; nocase; ) # 5o9kzsrjc2xz15ea4zu1jnj4ka.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046654; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5o9kzsrjc2xz15ea4zu1jnj4ka|03|net"; nocase; ) # x0qlj6ylzssc1iua62x10yeex0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046655; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|x0qlj6ylzssc1iua62x10yeex0|03|biz"; nocase; ) # 1gpl8w11a0tft8ktiwdzrtb1ww.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046656; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gpl8w11a0tft8ktiwdzrtb1ww|03|com"; nocase; ) # ochzy91qux3sy1y4d7njkfzadm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046657; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ochzy91qux3sy1y4d7njkfzadm|03|net"; nocase; ) # 4p4cog2v5fsk1vok7z1faqwoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046658; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4p4cog2v5fsk1vok7z1faqwoa|03|com"; nocase; ) # rdxjun2w7ya9hgnwe4m5qa5o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046659; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdxjun2w7ya9hgnwe4m5qa5o|03|net"; nocase; ) # 144quv4ptfvx51tnzxdacbee9h.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046660; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|144quv4ptfvx51tnzxdacbee9h|03|biz"; nocase; ) # 1tpmwvj9sjqjo17rrnxm1p7iri6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046661; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1tpmwvj9sjqjo17rrnxm1p7iri6|03|net"; nocase; ) # gk7qhtli157ea2d81g12jmzp1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046662; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|gk7qhtli157ea2d81g12jmzp1|03|org"; nocase; ) # 1camnvm16pmvg31jthz2h1hf8j30.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046663; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1camnvm16pmvg31jthz2h1hf8j30|03|net"; nocase; ) # 1y1s87r1fo0vszrhbzcc1shag38.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046664; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y1s87r1fo0vszrhbzcc1shag38|03|biz"; nocase; ) # c4oi5idd0fdy18ck64q525b9o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046665; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c4oi5idd0fdy18ck64q525b9o|03|com"; nocase; ) # u21shszhszcz1exqx8g1havh87.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046666; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u21shszhszcz1exqx8g1havh87|03|org"; nocase; ) # cxeaam1defw4lue9y8u1nouyvn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046667; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cxeaam1defw4lue9y8u1nouyvn|03|org"; nocase; ) # 1j147ztwr4mes11uu3gv1du0cu7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046668; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j147ztwr4mes11uu3gv1du0cu7|03|org"; nocase; ) # s1lqq3svgschtsr4nl1g34mm1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046669; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|s1lqq3svgschtsr4nl1g34mm1|03|net"; nocase; ) # 9n3lj11vi86gc11en5kebyv2hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046670; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9n3lj11vi86gc11en5kebyv2hu|03|com"; nocase; ) # anm65g1ippisyan8sam1bzrrjb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046671; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|anm65g1ippisyan8sam1bzrrjb|03|net"; nocase; ) # 6dhxxf1u25b3512fzd1f62bxnl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046672; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6dhxxf1u25b3512fzd1f62bxnl|03|net"; nocase; ) # 1ecqm2ugmy1w219nb1e319eihq2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046673; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ecqm2ugmy1w219nb1e319eihq2|03|org"; nocase; ) # npzj6z49syn712lhb2m1y1l27a.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046674; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|npzj6z49syn712lhb2m1y1l27a|03|biz"; nocase; ) # 15a7iyd7jjhni1ktqt0rx1mat2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046675; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15a7iyd7jjhni1ktqt0rx1mat2|03|org"; nocase; ) # 1vxh1exdmbk0h1yuwydgo7mm10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046676; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vxh1exdmbk0h1yuwydgo7mm10|03|net"; nocase; ) # 7wgtcw5khmdm1c4o47o1qxyodc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046677; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7wgtcw5khmdm1c4o47o1qxyodc|03|com"; nocase; ) # qexo781x52lzhjf6u2sime35.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046678; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qexo781x52lzhjf6u2sime35|03|net"; nocase; ) # 47vmn814pqp3z1acz3s0yqie0c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046679; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|47vmn814pqp3z1acz3s0yqie0c|03|com"; nocase; ) # 1x28s62165ks7p16nl6us1pm60jd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046680; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x28s62165ks7p16nl6us1pm60jd|03|biz"; nocase; ) # 20j43rw57zqmu23mw51pemqk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046681; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|20j43rw57zqmu23mw51pemqk9|03|org"; nocase; ) # 13txfnqtckm0u5b0gisw2efwa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046682; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13txfnqtckm0u5b0gisw2efwa|03|net"; nocase; ) # hu5yi91u5wgj51ccl89w16xkb89.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046683; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hu5yi91u5wgj51ccl89w16xkb89|03|org"; nocase; ) # awu98x1u7fz8o154rbeh18zf03l.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046684; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|awu98x1u7fz8o154rbeh18zf03l|03|com"; nocase; ) # 1uvqe6d19cs4361v4w1q1q8lhhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046685; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uvqe6d19cs4361v4w1q1q8lhhi|03|com"; nocase; ) # 17zkqzeif06su3e76l410n1196.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046686; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17zkqzeif06su3e76l410n1196|03|net"; nocase; ) # 4mgqg5dprwpd1b9corn1a2rjev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046687; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4mgqg5dprwpd1b9corn1a2rjev|03|net"; nocase; ) # 1bgguja1deec591c6tg5g1jorbpp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046688; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bgguja1deec591c6tg5g1jorbpp|03|net"; nocase; ) # 1v61ypk14wymxf9ef7nk1fi7c4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046689; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v61ypk14wymxf9ef7nk1fi7c4|03|net"; nocase; ) # j50ycnmt9h5e1jqi8jz1dfcgl9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046690; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j50ycnmt9h5e1jqi8jz1dfcgl9|03|org"; nocase; ) # 1p42bb01rsdurelcl9dz13fxxke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046691; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1p42bb01rsdurelcl9dz13fxxke|03|com"; nocase; ) # 1ewu4651n3u0kzx9x8cm1e033s4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046692; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ewu4651n3u0kzx9x8cm1e033s4|03|org"; nocase; ) # 5ejho41w3pphb1osa45fpg1206.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046693; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5ejho41w3pphb1osa45fpg1206|03|org"; nocase; ) # 1m2eqqx836niewpgcfg1lhahlg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046694; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1m2eqqx836niewpgcfg1lhahlg|03|com"; nocase; ) # 1u3hylq1i1xe2oz9tu2xsac8u9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046695; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1u3hylq1i1xe2oz9tu2xsac8u9|03|net"; nocase; ) # 1f375u31837oyl14ei8ek1k9jk7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046696; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1f375u31837oyl14ei8ek1k9jk7h|03|org"; nocase; ) # r4v5ajaadlh0ygcrcb1c35r92.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046697; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r4v5ajaadlh0ygcrcb1c35r92|03|net"; nocase; ) # 1x3i8dbh4hut516mn5kw8a0vfg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046698; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x3i8dbh4hut516mn5kw8a0vfg|03|net"; nocase; ) # 1yqthv48uhovgiai4ln1dj6w55.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046699; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yqthv48uhovgiai4ln1dj6w55|03|net"; nocase; ) # unlz441irnsbs5srkgcq5ip46.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046700; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|unlz441irnsbs5srkgcq5ip46|03|org"; nocase; ) # 2rr1x71ypigp11oaeht6pg4zv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046701; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2rr1x71ypigp11oaeht6pg4zv|03|com"; nocase; ) # sw59z5b3atva8r8tl61l1orjl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046702; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sw59z5b3atva8r8tl61l1orjl|03|net"; nocase; ) # t3kogu47v0g4ry6vvi1ky663s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046703; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|t3kogu47v0g4ry6vvi1ky663s|03|org"; nocase; ) # 14q7bfb1r85xduphmrit1orjzbu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046704; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14q7bfb1r85xduphmrit1orjzbu|03|biz"; nocase; ) # 188totp11op40v1pabjv31b4slhh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046705; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|188totp11op40v1pabjv31b4slhh|03|net"; nocase; ) # q8qc231aruvnwz42i0a1t0goni.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046706; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q8qc231aruvnwz42i0a1t0goni|03|com"; nocase; ) # foa6k51r2cu0uj14ymngfgnl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046707; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|foa6k51r2cu0uj14ymngfgnl|03|biz"; nocase; ) # mu9sx1rkauza1gpo21a185sl79.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046708; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mu9sx1rkauza1gpo21a185sl79|03|net"; nocase; ) # 1ghzzjz1ivkj53i2o0mkco5r5n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046709; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ghzzjz1ivkj53i2o0mkco5r5n|03|biz"; nocase; ) # a6fhuv1wu1hw1smrogtamphp8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046710; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|a6fhuv1wu1hw1smrogtamphp8|03|biz"; nocase; ) # hfm8it1wjjbq1p0ggn91sh0vbv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046711; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hfm8it1wjjbq1p0ggn91sh0vbv|03|net"; nocase; ) # 10ro1kzxj7ts2o1kyz41r0m8hd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046712; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|10ro1kzxj7ts2o1kyz41r0m8hd|03|com"; nocase; ) # x1vj3882klq51aa3rhsbtqbym.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046713; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|x1vj3882klq51aa3rhsbtqbym|03|org"; nocase; ) # naqide74a9gf5f87lgjt303.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046714; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|naqide74a9gf5f87lgjt303|03|net"; nocase; ) # auzin313wl2er105pshn1cdlcam.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046715; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|auzin313wl2er105pshn1cdlcam|03|biz"; nocase; ) # l41xy01bp079z1g2ru221ozu228.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046716; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|l41xy01bp079z1g2ru221ozu228|03|net"; nocase; ) # 15xodvb1yweyfy18nizxywynrze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046717; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|15xodvb1yweyfy18nizxywynrze|03|org"; nocase; ) # y6ltsj11ixia916hh9jaq6tqsy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046718; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|y6ltsj11ixia916hh9jaq6tqsy|03|com"; nocase; ) # 1rg0s3s1rhxq8j1kntfmb17i8kid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046719; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rg0s3s1rhxq8j1kntfmb17i8kid|03|com"; nocase; ) # ekzb8yfy5m0fj90v5tjcg4cj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046720; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ekzb8yfy5m0fj90v5tjcg4cj|03|net"; nocase; ) # 1qbtcoi9yyqhznaw90i1wy7yv8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046721; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qbtcoi9yyqhznaw90i1wy7yv8|03|com"; nocase; ) # 13zpgmqi5mu9b7wud1mxkeok.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046722; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|13zpgmqi5mu9b7wud1mxkeok|03|net"; nocase; ) # 8d8oengprip1p9ibyz1upgxi6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046723; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8d8oengprip1p9ibyz1upgxi6|03|net"; nocase; ) # qt9m081obocm81a8gd3o1xt8g8y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046724; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qt9m081obocm81a8gd3o1xt8g8y|03|org"; nocase; ) # oiapmd1wdm0l113v70ec1w6dnq1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046725; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|oiapmd1wdm0l113v70ec1w6dnq1|03|net"; nocase; ) # bgsz9j1486bwg1r576va1ecmguk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046726; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|bgsz9j1486bwg1r576va1ecmguk|03|com"; nocase; ) # 5fky7w9t5twnsrr7s91ifkbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046727; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5fky7w9t5twnsrr7s91ifkbx|03|org"; nocase; ) # 1jkcqdr79qc37e6haaw1ylc7dq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046728; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jkcqdr79qc37e6haaw1ylc7dq|03|net"; nocase; ) # m6luem1ax2udj1sxtbyb13go9ln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046729; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m6luem1ax2udj1sxtbyb13go9ln|03|com"; nocase; ) # jitlvyipq2n7s6o6y6if8wih.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046730; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|jitlvyipq2n7s6o6y6if8wih|03|com"; nocase; ) # yefxnjyud4gj1bps7l71w4h43a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046731; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yefxnjyud4gj1bps7l71w4h43a|03|net"; nocase; ) # 1nai2z11b6ztnu1qii2p3aoytv7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046732; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nai2z11b6ztnu1qii2p3aoytv7|03|org"; nocase; ) # 14cthkk16u0aqf1n30omev01yia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046733; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14cthkk16u0aqf1n30omev01yia|03|net"; nocase; ) # 1twrpbm1u2t6ehem7ar31omrd26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046734; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1twrpbm1u2t6ehem7ar31omrd26|03|org"; nocase; ) # nkrpsq14ovuxd1u6vqf5cykqt6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046735; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nkrpsq14ovuxd1u6vqf5cykqt6|03|net"; nocase; ) # 1yp7u5s1gkqk4erxiew5ivv5ow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046736; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yp7u5s1gkqk4erxiew5ivv5ow|03|com"; nocase; ) # ptzg6e1ae0ve1fan5da1mrkqqx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046737; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ptzg6e1ae0ve1fan5da1mrkqqx|03|net"; nocase; ) # dte5o249i3fz1er8buu16qsaua.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046738; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dte5o249i3fz1er8buu16qsaua|03|biz"; nocase; ) # 1b1u60k4ored9de5qns1icmbwp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046739; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b1u60k4ored9de5qns1icmbwp|03|org"; nocase; ) # 1kdxhbklrdulz1vpox0mybaijt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046740; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kdxhbklrdulz1vpox0mybaijt|03|net"; nocase; ) # 19txu7rwz5ptdr5fn9av43805.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046741; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19txu7rwz5ptdr5fn9av43805|03|net"; nocase; ) # 1bbagxn1dbcate1v0k7zx10u0rns.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046742; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bbagxn1dbcate1v0k7zx10u0rns|03|org"; nocase; ) # 197kzwyh97tn9avzg4ieedhea.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046743; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|197kzwyh97tn9avzg4ieedhea|03|net"; nocase; ) # 2xspmsqaptig1kiln3t1vjqs4t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046744; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2xspmsqaptig1kiln3t1vjqs4t|03|net"; nocase; ) # 1v6lcft1vm0hvz1b4xx4mu7vlbf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046745; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v6lcft1vm0hvz1b4xx4mu7vlbf|03|org"; nocase; ) # se8par1lstpaq1s682mfkuw873.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046746; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|se8par1lstpaq1s682mfkuw873|03|com"; nocase; ) # 1sdnx7pjv2d571f10en01fc80ql.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046747; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sdnx7pjv2d571f10en01fc80ql|03|biz"; nocase; ) # 1t5b5jqcv58ez14zf5y81uowr9d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046748; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t5b5jqcv58ez14zf5y81uowr9d|03|org"; nocase; ) # 19jjfop1rbdb4nqyc7781dajywp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046749; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19jjfop1rbdb4nqyc7781dajywp|03|org"; nocase; ) # 843pbygl1lalnesbz41l45ky2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046750; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|843pbygl1lalnesbz41l45ky2|03|net"; nocase; ) # 1d3q7cfisha2we1jhvvzwwo2s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046751; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d3q7cfisha2we1jhvvzwwo2s|03|biz"; nocase; ) # 1sk1muam6kufz780s1t1fto5pi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046752; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sk1muam6kufz780s1t1fto5pi|03|org"; nocase; ) # wruri517ju3tc1ffkwyvzgv9p1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046753; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wruri517ju3tc1ffkwyvzgv9p1|03|com"; nocase; ) # 1wi33bu1agjshb1vns8e51fvehuk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046754; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wi33bu1agjshb1vns8e51fvehuk|03|net"; nocase; ) # 1laxy2x1carzlk1xigpqihv58iy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046755; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1laxy2x1carzlk1xigpqihv58iy|03|biz"; nocase; ) # 1281vpj1zn5j2w80mqcyguzvn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046756; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1281vpj1zn5j2w80mqcyguzvn|03|org"; nocase; ) # j935r01co1y4s1u0kjiis8jxqh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046757; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j935r01co1y4s1u0kjiis8jxqh|03|org"; nocase; ) # lak8ti1yagkyw16l39v2mdd5q9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046758; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lak8ti1yagkyw16l39v2mdd5q9|03|biz"; nocase; ) # lba2hm1kjf2fy15xe8di1bb3ndk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046759; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lba2hm1kjf2fy15xe8di1bb3ndk|03|com"; nocase; ) # lsii1o11u32r81es9ct9u00rgl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046760; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lsii1o11u32r81es9ct9u00rgl|03|com"; nocase; ) # krpg4ym9co221uigqdx13oev4b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046761; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|krpg4ym9co221uigqdx13oev4b|03|org"; nocase; ) # cpjx6nccatnj1m1iany1lgg9za.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046762; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|cpjx6nccatnj1m1iany1lgg9za|03|org"; nocase; ) # 1o2uou6edp1j112gngn8vg54w7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046763; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1o2uou6edp1j112gngn8vg54w7|03|net"; nocase; ) # 9vek341g87b0rd1ts7k15i21fv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046764; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9vek341g87b0rd1ts7k15i21fv|03|org"; nocase; ) # 9q8qbiqpdd4esqii91tyfox4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046765; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|9q8qbiqpdd4esqii91tyfox4|03|net"; nocase; ) # 84n6xcgxwkkr1u9n3rj175pd1f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046766; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|84n6xcgxwkkr1u9n3rj175pd1f|03|org"; nocase; ) # 1i99ikagilxok1onr9416x2rh4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046767; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i99ikagilxok1onr9416x2rh4|03|com"; nocase; ) # sqt09z1dn8pcbk84z07g8nkqp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046768; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sqt09z1dn8pcbk84z07g8nkqp|03|com"; nocase; ) # 1w2fu891xmjanjkxm06f11erd96.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046769; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w2fu891xmjanjkxm06f11erd96|03|org"; nocase; ) # 1fqxxphlq8pged2o1tvmzw16o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046770; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1fqxxphlq8pged2o1tvmzw16o|03|biz"; nocase; ) # 1skwmn6b2recs1rlyly414738hv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046771; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1skwmn6b2recs1rlyly414738hv|03|com"; nocase; ) # 1xjqkg51ypc1971b7bsxd1uc0vxh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046772; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xjqkg51ypc1971b7bsxd1uc0vxh|03|com"; nocase; ) # 1l9x6ofte8qd912l6suuyb191y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046773; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1l9x6ofte8qd912l6suuyb191y|03|biz"; nocase; ) # 1w3oj8gsmphnj1dpd9ih1vwr363.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046774; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1w3oj8gsmphnj1dpd9ih1vwr363|03|com"; nocase; ) # 1oqe9g715zshesgo65x91ttpful.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046775; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oqe9g715zshesgo65x91ttpful|03|org"; nocase; ) # 15si3v01tyfsix1egrkufymckt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046776; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15si3v01tyfsix1egrkufymckt|03|biz"; nocase; ) # dq40y81ei4ljq1w1dg0zjht325.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046777; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dq40y81ei4ljq1w1dg0zjht325|03|net"; nocase; ) # 1ropz1muu1vro1rhap2s6qzsac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046778; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ropz1muu1vro1rhap2s6qzsac|03|com"; nocase; ) # lz4fuqpjiex8w54k7153stne.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046779; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lz4fuqpjiex8w54k7153stne|03|biz"; nocase; ) # 1r8tywycuaiimkr8wev9kp403.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046780; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1r8tywycuaiimkr8wev9kp403|03|com"; nocase; ) # 3v5cgoz4cx2golrs28voqih3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046781; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3v5cgoz4cx2golrs28voqih3|03|com"; nocase; ) # ezpzckfz58igmqlcdjij0f0b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046782; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ezpzckfz58igmqlcdjij0f0b|03|net"; nocase; ) # 11uyob46uivuc1tq1lyfdmkgbe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046783; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11uyob46uivuc1tq1lyfdmkgbe|03|net"; nocase; ) # 1oymjshc86km31k6dhar1deje72.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046784; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1oymjshc86km31k6dhar1deje72|03|biz"; nocase; ) # 11fyyn73dxhqg1d7k4ji1yes4xz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046785; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11fyyn73dxhqg1d7k4ji1yes4xz|03|org"; nocase; ) # 18k2gq21k2tn4a14cdefvoupyn6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046786; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18k2gq21k2tn4a14cdefvoupyn6|03|com"; nocase; ) # nd43tki7ztbf1bwn72wp02mdf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046787; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nd43tki7ztbf1bwn72wp02mdf|03|org"; nocase; ) # 1jhysp01h6ml0p1a8sfxk5mnb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046788; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jhysp01h6ml0p1a8sfxk5mnb|03|org"; nocase; ) # hjb4m49lyx351qu0vexvgqn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046789; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|hjb4m49lyx351qu0vexvgqn|03|net"; nocase; ) # 1dqiy6gq8fnav1cuboix6plesz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046790; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dqiy6gq8fnav1cuboix6plesz|03|com"; nocase; ) # 1hz02901ijip98j0uhzp161omqo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046791; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hz02901ijip98j0uhzp161omqo|03|org"; nocase; ) # 15j8kf5peacjs7v4si01glo000.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046792; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15j8kf5peacjs7v4si01glo000|03|net"; nocase; ) # ksh1e31mjl7w112idjh5s75zlp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046793; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ksh1e31mjl7w112idjh5s75zlp|03|net"; nocase; ) # 1pbro19tnwai4c8qvme1jhiqfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046794; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pbro19tnwai4c8qvme1jhiqfw|03|com"; nocase; ) # 11wykk51x45vyv1cre0grneig11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046795; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11wykk51x45vyv1cre0grneig11|03|org"; nocase; ) # p5uvcz3aauez1djdy0khd26ae.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046796; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|p5uvcz3aauez1djdy0khd26ae|03|org"; nocase; ) # phgl9stm51ua6kanrn1o6osgq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046797; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|phgl9stm51ua6kanrn1o6osgq|03|org"; nocase; ) # 6uv7ln1m0ymsj1sqwr4z1gkgxdu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046798; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6uv7ln1m0ymsj1sqwr4z1gkgxdu|03|org"; nocase; ) # 1bqyxouku5x021om5ou71kuiju5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046799; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bqyxouku5x021om5ou71kuiju5|03|net"; nocase; ) # 1ww8jz31clvpd9niu6gj7jv5p.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046800; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ww8jz31clvpd9niu6gj7jv5p|03|org"; nocase; ) # 1lp2zqrq232o4q12mbvpv2ffm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046801; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1lp2zqrq232o4q12mbvpv2ffm|03|com"; nocase; ) # 1sm8bh6dpaakr19zwhlfocnxfw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046802; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1sm8bh6dpaakr19zwhlfocnxfw|03|net"; nocase; ) # avplwaxue0gnff2b59z1y6i3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046803; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|avplwaxue0gnff2b59z1y6i3|03|com"; nocase; ) # 1dni8801km9nw138ic24de5bwp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046804; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dni8801km9nw138ic24de5bwp|03|org"; nocase; ) # 1wb1bmp1u847on1tu3ql6151s2ql.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046805; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1wb1bmp1u847on1tu3ql6151s2ql|03|com"; nocase; ) # 63ej0sq361fpyusj0shvxi8x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046806; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|63ej0sq361fpyusj0shvxi8x|03|biz"; nocase; ) # 12m6elc1107vxmdfwcbyq3q1e2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046807; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12m6elc1107vxmdfwcbyq3q1e2|03|com"; nocase; ) # ru15dylg2jtj1065wlhvvwq8g.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046808; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ru15dylg2jtj1065wlhvvwq8g|03|org"; nocase; ) # 10ojhxj13lwri11v707j41vwa93b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046809; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|10ojhxj13lwri11v707j41vwa93b|03|net"; nocase; ) # mpndpc160wo48w9mlv010wwqda.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046810; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mpndpc160wo48w9mlv010wwqda|03|biz"; nocase; ) # 1hns8vx1ryc6h21tr6q5il25qhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046811; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hns8vx1ryc6h21tr6q5il25qhl|03|net"; nocase; ) # 2vkekjo4ygrx5cp2u13ibkkt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046812; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2vkekjo4ygrx5cp2u13ibkkt|03|org"; nocase; ) # 13rgl5e1vhgnbz1spovmehebjbx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046813; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13rgl5e1vhgnbz1spovmehebjbx|03|org"; nocase; ) # ijkftf230pt3oua7z3khy3xg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046814; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ijkftf230pt3oua7z3khy3xg|03|net"; nocase; ) # qcn5ns2w9b1p1aq3baopj8wxi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046815; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qcn5ns2w9b1p1aq3baopj8wxi|03|biz"; nocase; ) # lfqi8dfkdm32rjwvod1gywas2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046816; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lfqi8dfkdm32rjwvod1gywas2|03|net"; nocase; ) # 7pdwk9zeafym11y2snw5mgg2n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046817; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7pdwk9zeafym11y2snw5mgg2n|03|org"; nocase; ) # eua2rj69a5gf8xce2016yyx48.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046818; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|eua2rj69a5gf8xce2016yyx48|03|biz"; nocase; ) # o1jqv2ryg1tkq3pr8e1mt15nb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046819; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|o1jqv2ryg1tkq3pr8e1mt15nb|03|net"; nocase; ) # 1hnlpqc1ev4hms1kwpix51czmqot.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046820; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hnlpqc1ev4hms1kwpix51czmqot|03|org"; nocase; ) # v7m48p1h1k7t7zbnqh1dwbay4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046821; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|v7m48p1h1k7t7zbnqh1dwbay4|03|biz"; nocase; ) # 3p501ag1gd0m16p2g6912hpezi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046822; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|3p501ag1gd0m16p2g6912hpezi|03|net"; nocase; ) # 1rzul1w1yho7dm1yj06ktlkcf3m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046823; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rzul1w1yho7dm1yj06ktlkcf3m|03|org"; nocase; ) # wblnds7xdxmcvez6g218xkzo7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046824; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|wblnds7xdxmcvez6g218xkzo7|03|net"; nocase; ) # 2fxff2k3mrn01q7s667ruvzt1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046825; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2fxff2k3mrn01q7s667ruvzt1|03|biz"; nocase; ) # yuyliutflvqgw1vrybn67nfm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046826; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yuyliutflvqgw1vrybn67nfm|03|net"; nocase; ) # jayhsx10vrol61jcqdcew4zbbw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046827; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jayhsx10vrol61jcqdcew4zbbw|03|net"; nocase; ) # 89bq5q4tm6pm1jbi4c7ne972n.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046828; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|89bq5q4tm6pm1jbi4c7ne972n|03|com"; nocase; ) # 1dn483m5fl2ag1izukjhkow5cf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046829; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dn483m5fl2ag1izukjhkow5cf|03|biz"; nocase; ) # 1snm93318q6f2p13itrzv17ytq7h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046830; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1snm93318q6f2p13itrzv17ytq7h|03|net"; nocase; ) # u0t3ym1pnzgq06g3gskobpaqc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046831; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u0t3ym1pnzgq06g3gskobpaqc|03|biz"; nocase; ) # p93zpr132kjunvobfwvjs6l0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046832; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|p93zpr132kjunvobfwvjs6l0|03|net"; nocase; ) # 1j8eq9j17eg1h1f4pmdhbzyhxe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046833; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1j8eq9j17eg1h1f4pmdhbzyhxe|03|com"; nocase; ) # m2lpny1iyvotb1etdc8e1gm8vk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046834; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|m2lpny1iyvotb1etdc8e1gm8vk1|03|net"; nocase; ) # doz76tfx88jx1rnqoz4s6agx6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046835; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|doz76tfx88jx1rnqoz4s6agx6|03|net"; nocase; ) # c6tq111ndrb83xebgdq16jfn6j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046836; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c6tq111ndrb83xebgdq16jfn6j|03|net"; nocase; ) # 32dhvsmrnqk45zbliz1nvcoup.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046837; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|32dhvsmrnqk45zbliz1nvcoup|03|net"; nocase; ) # 1ex58kqhjn7szao2c1rwfuade.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046838; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ex58kqhjn7szao2c1rwfuade|03|net"; nocase; ) # 1491orv1g8h8niyqce8s1fqycwe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046839; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1491orv1g8h8niyqce8s1fqycwe|03|net"; nocase; ) # 1n27c1rz2z1jk1c6z4wm1qdqzly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046840; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n27c1rz2z1jk1c6z4wm1qdqzly|03|net"; nocase; ) # k9y7tbe5d0hk3nojpxaf04ot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046841; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|k9y7tbe5d0hk3nojpxaf04ot|03|com"; nocase; ) # q73qcw1b0836tfcwvd317rg59d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046842; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q73qcw1b0836tfcwvd317rg59d|03|org"; nocase; ) # 1h3btex4yugyc1cbag3t18s2mjm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046843; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3btex4yugyc1cbag3t18s2mjm|03|biz"; nocase; ) # usg8a8b2x053h8feez21avge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046844; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|usg8a8b2x053h8feez21avge|03|com"; nocase; ) # x3s3wldjwbdmngjovjtysnxm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046845; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x3s3wldjwbdmngjovjtysnxm|03|com"; nocase; ) # c5cx8yvyasqf5gc2qc1xn9fps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046846; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c5cx8yvyasqf5gc2qc1xn9fps|03|biz"; nocase; ) # 1e199ne18lrzb3usyhnld3zmm1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046847; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e199ne18lrzb3usyhnld3zmm1|03|com"; nocase; ) # 1vc2txw8dbfjexwepmn6y5j53.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046848; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vc2txw8dbfjexwepmn6y5j53|03|net"; nocase; ) # 1civtyi1r619ca1w43qxtzojswu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046849; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1civtyi1r619ca1w43qxtzojswu|03|org"; nocase; ) # 12jespef4dw5s18l5ts8mvug3u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046850; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12jespef4dw5s18l5ts8mvug3u|03|com"; nocase; ) # 5y5sfaevem4bobiekl1g2pzyg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046851; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5y5sfaevem4bobiekl1g2pzyg|03|biz"; nocase; ) # ka1vwl1wjjm2ak9vpdr4f1hjq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046852; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ka1vwl1wjjm2ak9vpdr4f1hjq|03|org"; nocase; ) # 1x0ozd1w5usbt1xbhs3y2o5wqn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046853; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1x0ozd1w5usbt1xbhs3y2o5wqn|03|org"; nocase; ) # k5svg8jqy7wz1a8a13vxpgxvx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046854; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k5svg8jqy7wz1a8a13vxpgxvx|03|biz"; nocase; ) # knacq71niu33x1vxw6k119uocg8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046855; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|knacq71niu33x1vxw6k119uocg8|03|net"; nocase; ) # 6uf2jp12ngkjt5rvvxs1mme6fe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046856; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6uf2jp12ngkjt5rvvxs1mme6fe|03|net"; nocase; ) # 1acx3rg4sblc5agwl2qqbl7z8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046857; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1acx3rg4sblc5agwl2qqbl7z8|03|org"; nocase; ) # 1ly55np1ada7mp1ujt3zf1kxz2qk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046858; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ly55np1ada7mp1ujt3zf1kxz2qk|03|com"; nocase; ) # bcr0t7ar4bxq11hg7fb1gvqwqq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046859; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bcr0t7ar4bxq11hg7fb1gvqwqq|03|org"; nocase; ) # 1lwwbnjam3pxo5xmt1k1wpz90q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046860; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lwwbnjam3pxo5xmt1k1wpz90q|03|net"; nocase; ) # 3d6jfdejd1i6m9m1vqfedtou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046861; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3d6jfdejd1i6m9m1vqfedtou|03|org"; nocase; ) # 1bd9csf1j1yhox163yfdi1vusynt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046862; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1bd9csf1j1yhox163yfdi1vusynt|03|net"; nocase; ) # lji2h71jr6d341n66ayu1vawru1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046863; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|lji2h71jr6d341n66ayu1vawru1|03|org"; nocase; ) # vra8wk5cmmw8jymubg1ail6r1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046864; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vra8wk5cmmw8jymubg1ail6r1|03|org"; nocase; ) # 9sixrb1gf9iuc1q5pth44sgrsu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046865; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9sixrb1gf9iuc1q5pth44sgrsu|03|net"; nocase; ) # 5wehxzsg67501b1w6vpgviq4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046866; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5wehxzsg67501b1w6vpgviq4c|03|net"; nocase; ) # hae2vl1pwm9xeieea3i1b4khg3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046867; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hae2vl1pwm9xeieea3i1b4khg3|03|org"; nocase; ) # emfmy9j54ytrsng8o81y8nueo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046868; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|emfmy9j54ytrsng8o81y8nueo|03|net"; nocase; ) # ef1fm1jljpkxuvvu3bdr6q1i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046869; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ef1fm1jljpkxuvvu3bdr6q1i|03|org"; nocase; ) # 1vas12j754sjc1b9knlxxl7k3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046870; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vas12j754sjc1b9knlxxl7k3|03|org"; nocase; ) # kumhyucfwr6ekb02xa1arho6j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046871; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kumhyucfwr6ekb02xa1arho6j|03|com"; nocase; ) # 15asiok1j1w50w192gdjg1vrw3bz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046872; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15asiok1j1w50w192gdjg1vrw3bz|03|biz"; nocase; ) # 1sip4jjkxcyynpgmrv1lmfb0a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046873; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sip4jjkxcyynpgmrv1lmfb0a|03|org"; nocase; ) # 1hch41hxqhf3tjimxxl1ong5l9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046874; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hch41hxqhf3tjimxxl1ong5l9|03|com"; nocase; ) # 1nkce381bcjxbuy0nbhi1r7tok7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046875; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nkce381bcjxbuy0nbhi1r7tok7|03|org"; nocase; ) # z34kt11o16jqk1p0wfag7fpwr1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046876; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z34kt11o16jqk1p0wfag7fpwr1|03|com"; nocase; ) # 42t2o81ymogxp1j6sofcvrc4v7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046877; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|42t2o81ymogxp1j6sofcvrc4v7|03|org"; nocase; ) # 12jxuayfu5i7la9ckov5ma8ok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046878; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12jxuayfu5i7la9ckov5ma8ok|03|com"; nocase; ) # 1sgves619jxn1v1ncwovz1cxdj3v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046879; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1sgves619jxn1v1ncwovz1cxdj3v|03|net"; nocase; ) # tyko6pfa8wa79myzn13efi30.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046880; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tyko6pfa8wa79myzn13efi30|03|biz"; nocase; ) # 1d01lto7syazg821mqc6dqjz6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046881; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1d01lto7syazg821mqc6dqjz6|03|net"; nocase; ) # 3jmf7g1e7hxer1781szc1x6qkij.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046882; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|3jmf7g1e7hxer1781szc1x6qkij|03|net"; nocase; ) # 18wh5s51avax961eas5qv1cwg3c9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046883; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|18wh5s51avax961eas5qv1cwg3c9|03|biz"; nocase; ) # 1bxozw5havg1r1k8lavw1ic5in9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046884; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bxozw5havg1r1k8lavw1ic5in9|03|org"; nocase; ) # 1ywsoetuoplku7q7hos1wf3mpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046885; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ywsoetuoplku7q7hos1wf3mpa|03|biz"; nocase; ) # pue8371xclhti13l8vac4tceiv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046886; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pue8371xclhti13l8vac4tceiv|03|net"; nocase; ) # q7477f1epm7diq6pohlcxbiw9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046887; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q7477f1epm7diq6pohlcxbiw9|03|com"; nocase; ) # 1cfnnr31u2qwr81gtxhn8go51d9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046888; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1cfnnr31u2qwr81gtxhn8go51d9|03|org"; nocase; ) # sv5d4o1udyzd21su8t4o6et1of.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046889; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|sv5d4o1udyzd21su8t4o6et1of|03|com"; nocase; ) # 9gj61zavrazlwa2mey15rpli6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046890; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9gj61zavrazlwa2mey15rpli6|03|com"; nocase; ) # fzzrucv23ihv1e7ctucecgtmh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046891; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fzzrucv23ihv1e7ctucecgtmh|03|biz"; nocase; ) # 1kyqnbnyipispv8i4sv1ex8pkb.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046892; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kyqnbnyipispv8i4sv1ex8pkb|03|org"; nocase; ) # kej1691qpcjxyfmvxf74mbn84.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046893; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|kej1691qpcjxyfmvxf74mbn84|03|net"; nocase; ) # 56hkx71qyuzc7efnpc9qnvu14.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046894; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|56hkx71qyuzc7efnpc9qnvu14|03|org"; nocase; ) # rbplrf13168iwiegn2r1ba6g5n.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046895; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rbplrf13168iwiegn2r1ba6g5n|03|net"; nocase; ) # q39ilp3hn0351hivahi9xyy0o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046896; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q39ilp3hn0351hivahi9xyy0o|03|net"; nocase; ) # nun6g11tszq1674zu19n6y8l6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046897; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nun6g11tszq1674zu19n6y8l6|03|biz"; nocase; ) # ktai0w1e9kjx118i1paksbge4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046898; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ktai0w1e9kjx118i1paksbge4w|03|net"; nocase; ) # 8pdb0hvtj8ral3tpln10kq30s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046899; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8pdb0hvtj8ral3tpln10kq30s|03|org"; nocase; ) # 4othke1itfjl011219pmwp6jd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046900; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4othke1itfjl011219pmwp6jd|03|net"; nocase; ) # 1hfvvao1bt720p1b5r96g30f887.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046901; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1hfvvao1bt720p1b5r96g30f887|03|biz"; nocase; ) # 1jao0r41b5k2v62kaw6h140qy28.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046902; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jao0r41b5k2v62kaw6h140qy28|03|com"; nocase; ) # 1uclec01xjk80y1heotwhq7o509.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046903; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uclec01xjk80y1heotwhq7o509|03|net"; nocase; ) # 1uu3s1nu15f26ywelq7i8ezlp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046904; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uu3s1nu15f26ywelq7i8ezlp|03|biz"; nocase; ) # 18cxpfd1bfyde6fjlfti12qlfbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046905; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18cxpfd1bfyde6fjlfti12qlfbt|03|com"; nocase; ) # n9ku422kq2uydq7bnndslzaq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046906; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n9ku422kq2uydq7bnndslzaq|03|biz"; nocase; ) # 1tozgozc92lbhwva9fa1q57ap8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046907; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1tozgozc92lbhwva9fa1q57ap8|03|com"; nocase; ) # 1hr6qt518lihxsjxh40kzat6r7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046908; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hr6qt518lihxsjxh40kzat6r7|03|com"; nocase; ) # 13c8tr3njgwyz1gpwkc01609kj9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046909; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13c8tr3njgwyz1gpwkc01609kj9|03|net"; nocase; ) # sw55l71p6pxj3vxgmnwjanku0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046910; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sw55l71p6pxj3vxgmnwjanku0|03|org"; nocase; ) # ulgedkm8t0yfq1uc8jr7qpvn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046911; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|ulgedkm8t0yfq1uc8jr7qpvn|03|net"; nocase; ) # 1at83dn1cxwpidtni60rfj99me.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046912; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1at83dn1cxwpidtni60rfj99me|03|net"; nocase; ) # 1y64lwm1n5u0l91ma7il5svhhpl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046913; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1y64lwm1n5u0l91ma7il5svhhpl|03|com"; nocase; ) # 1ockbxa1jsmq3jyrs7r01cuhsqp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046914; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ockbxa1jsmq3jyrs7r01cuhsqp|03|org"; nocase; ) # 101ns3l12pn505c1p6q5jybqf3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046915; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|101ns3l12pn505c1p6q5jybqf3|03|net"; nocase; ) # kzwq1r1iwdp6o1ejwwvq1knj0i.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046916; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kzwq1r1iwdp6o1ejwwvq1knj0i|03|org"; nocase; ) # 16q6bllbbovw1w9vukfgmet30.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046917; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|16q6bllbbovw1w9vukfgmet30|03|org"; nocase; ) # 18dgpa21jisftamikoyp17g4vnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046918; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18dgpa21jisftamikoyp17g4vnb|03|biz"; nocase; ) # 125f79jr4jjh9kqha8y12o8aqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046919; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|125f79jr4jjh9kqha8y12o8aqq|03|net"; nocase; ) # 1ja7v8r1o4iqfe1s9db051ck4pqt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046920; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ja7v8r1o4iqfe1s9db051ck4pqt|03|net"; nocase; ) # genbxb1spfldpf8x3nz9asyd0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046921; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|genbxb1spfldpf8x3nz9asyd0|03|biz"; nocase; ) # 1ssgkfqfp4ehq8dvoqthkx48.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046922; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1ssgkfqfp4ehq8dvoqthkx48|03|com"; nocase; ) # 1ov336s8pj8h769tx6dacu3m5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046923; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ov336s8pj8h769tx6dacu3m5|03|net"; nocase; ) # 16dxaa7lw8ep15757yu1hwtrur.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046924; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16dxaa7lw8ep15757yu1hwtrur|03|com"; nocase; ) # 1es4uwpcas27r3zjxey18en2q7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046925; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1es4uwpcas27r3zjxey18en2q7|03|org"; nocase; ) # aumqin3u9wtf1vx75od1r2eal3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046926; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|aumqin3u9wtf1vx75od1r2eal3|03|biz"; nocase; ) # 17vgu5v1st896s1wjgwyrz0xv1t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046927; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17vgu5v1st896s1wjgwyrz0xv1t|03|net"; nocase; ) # syv9jki6eqqrs4sbl115684dz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046928; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|syv9jki6eqqrs4sbl115684dz|03|biz"; nocase; ) # vdb4tj1dcbnpp17eiu9t1sgg6x3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046929; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vdb4tj1dcbnpp17eiu9t1sgg6x3|03|com"; nocase; ) # 10vuoxm16df2ncovf8l31lf134e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046930; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10vuoxm16df2ncovf8l31lf134e|03|org"; nocase; ) # 8dr5ci1k3usyp2ygjisqpy9fd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046931; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8dr5ci1k3usyp2ygjisqpy9fd|03|org"; nocase; ) # 1xexl5ray8jzgqaaxtslweqlt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046932; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xexl5ray8jzgqaaxtslweqlt|03|org"; nocase; ) # yle5rb1s0z14u1jzgfmuvspuzj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046933; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yle5rb1s0z14u1jzgfmuvspuzj|03|com"; nocase; ) # 116ym8m1f2xyosxw8fll1853f4n.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046934; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|116ym8m1f2xyosxw8fll1853f4n|03|org"; nocase; ) # ysdg4q1piwgjdzq7cvkr2qput.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046935; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ysdg4q1piwgjdzq7cvkr2qput|03|net"; nocase; ) # 8wr0ta13gn0rv1e7rvskwf8muo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046936; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8wr0ta13gn0rv1e7rvskwf8muo|03|com"; nocase; ) # re0at11i0f16dgb5b652b27jd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046937; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|re0at11i0f16dgb5b652b27jd|03|org"; nocase; ) # 1jfczm110bqn89xldjtj1fra4wm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046938; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jfczm110bqn89xldjtj1fra4wm|03|com"; nocase; ) # 70y24m1morrii367zd21x8lwpl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046939; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|70y24m1morrii367zd21x8lwpl|03|org"; nocase; ) # 14ouc0415vcxqg10920l9kmcpmp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046940; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14ouc0415vcxqg10920l9kmcpmp|03|com"; nocase; ) # 1528vuwm81etfop7zcynm0kyk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046941; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1528vuwm81etfop7zcynm0kyk|03|net"; nocase; ) # 1a8wqde738pwn5s4kktke30tq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046942; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1a8wqde738pwn5s4kktke30tq|03|net"; nocase; ) # cmosz0ogha3515iym6f2ugded.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046943; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cmosz0ogha3515iym6f2ugded|03|biz"; nocase; ) # 1azswah1k0ct9j1tuumwu6gxn5h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046944; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1azswah1k0ct9j1tuumwu6gxn5h|03|com"; nocase; ) # otm69b16kc6ku1n8amri1bluv4u.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046945; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|otm69b16kc6ku1n8amri1bluv4u|03|net"; nocase; ) # 4x5zs91i0nupplxy43916gz2fl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046946; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4x5zs91i0nupplxy43916gz2fl|03|net"; nocase; ) # 16i8m1ilgglpx1w0wjgftk354g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046947; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16i8m1ilgglpx1w0wjgftk354g|03|net"; nocase; ) # nebb6w11pbsidpb75ukosbixy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046948; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nebb6w11pbsidpb75ukosbixy|03|biz"; nocase; ) # av8guztwncshdqqmw2c1mupt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046949; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|av8guztwncshdqqmw2c1mupt|03|org"; nocase; ) # 8ow9we1qkrtqun795gx1jtcucb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046950; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|8ow9we1qkrtqun795gx1jtcucb|03|com"; nocase; ) # 1dgmefpq4mqlqobbxb11u0xn4m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046951; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dgmefpq4mqlqobbxb11u0xn4m|03|org"; nocase; ) # h9mp6hhvkczn1n0dp1i12hk4fw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046952; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h9mp6hhvkczn1n0dp1i12hk4fw|03|org"; nocase; ) # np33fdtrhj1yu1iyx3q9u9md.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046953; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|np33fdtrhj1yu1iyx3q9u9md|03|biz"; nocase; ) # 8ebwntu8r9kr19p6nbobxqx9k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046954; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8ebwntu8r9kr19p6nbobxqx9k|03|org"; nocase; ) # 1b5sgua1qrgxpw9zb0g7qm82m3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046955; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b5sgua1qrgxpw9zb0g7qm82m3|03|com"; nocase; ) # wh65gq1p4pwp99alokm1bubfqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046956; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|wh65gq1p4pwp99alokm1bubfqq|03|net"; nocase; ) # sxowjpazpxgn7pfyg7fuhoas.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046957; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|sxowjpazpxgn7pfyg7fuhoas|03|biz"; nocase; ) # qnz3ok6i9974g311s1fa5qqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046958; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|qnz3ok6i9974g311s1fa5qqy|03|com"; nocase; ) # 8b2v7ckvkboi1bps6ebit0ron.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046959; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|8b2v7ckvkboi1bps6ebit0ron|03|org"; nocase; ) # uhjynw14sdeql1rfzvvq10azfyw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046960; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|uhjynw14sdeql1rfzvvq10azfyw|03|net"; nocase; ) # 1bqghm1qfgtfzrqd57fqa5c23.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046961; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bqghm1qfgtfzrqd57fqa5c23|03|org"; nocase; ) # xswgtt1btve9w1ue9dgx3fu6qw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046962; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|xswgtt1btve9w1ue9dgx3fu6qw|03|net"; nocase; ) # m0vvnj1qsuosg1fq2e9rt7ksbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046963; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m0vvnj1qsuosg1fq2e9rt7ksbl|03|com"; nocase; ) # u05o1xgco9qniiy0ql18pzyq7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046964; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u05o1xgco9qniiy0ql18pzyq7|03|org"; nocase; ) # 13ppcbj1sv78oj10qn8h7i4nozt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046965; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13ppcbj1sv78oj10qn8h7i4nozt|03|com"; nocase; ) # lwf1ax1k1g9hj1wog1dckq2zjj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046966; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|lwf1ax1k1g9hj1wog1dckq2zjj|03|net"; nocase; ) # 1h7bzf219qohkf7toskr8j3td1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046967; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h7bzf219qohkf7toskr8j3td1|03|biz"; nocase; ) # 1wex1l237w3e5r88ue7a8teiu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046968; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wex1l237w3e5r88ue7a8teiu|03|biz"; nocase; ) # 1bsn4k8mpkhsbuw1pas1tyvr7f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046969; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1bsn4k8mpkhsbuw1pas1tyvr7f|03|net"; nocase; ) # 1f49j8h3cpq071rbpimf13l7uct.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046970; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f49j8h3cpq071rbpimf13l7uct|03|net"; nocase; ) # 4t2qg21tgk3p31q7bwa671gf2x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046971; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4t2qg21tgk3p31q7bwa671gf2x|03|biz"; nocase; ) # 1es78yhdwlgpe6rzytm52w6on.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046972; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1es78yhdwlgpe6rzytm52w6on|03|net"; nocase; ) # 2m97w6em7a4z13wdycs1j3rmgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046973; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2m97w6em7a4z13wdycs1j3rmgy|03|com"; nocase; ) # i1k0t011ro7xl1rx6vy11yrmgax.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046974; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|i1k0t011ro7xl1rx6vy11yrmgax|03|com"; nocase; ) # ecfa4z1l7mkjb18vg7endsnndr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046975; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ecfa4z1l7mkjb18vg7endsnndr|03|com"; nocase; ) # 19pewri3id8jjpiiayi3pionv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046976; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|19pewri3id8jjpiiayi3pionv|03|biz"; nocase; ) # 1qv67mo1fu6enj1f3sxym6txhye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046977; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qv67mo1fu6enj1f3sxym6txhye|03|com"; nocase; ) # 11rfsvx7ui3t5104yxbb1f7igf4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046978; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11rfsvx7ui3t5104yxbb1f7igf4|03|net"; nocase; ) # nqjke5z2kpvm93vmjf10l2a97.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046979; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nqjke5z2kpvm93vmjf10l2a97|03|com"; nocase; ) # 11flu2f1t2v46zwst5a41icfiuh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046980; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|11flu2f1t2v46zwst5a41icfiuh|03|net"; nocase; ) # 1dqwv8w1qbo6aff2y6qa1fuw73d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046981; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1dqwv8w1qbo6aff2y6qa1fuw73d|03|com"; nocase; ) # 37bc0g3qrt902u83rl1qnfir7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046982; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|37bc0g3qrt902u83rl1qnfir7|03|org"; nocase; ) # esa6b510wzoj5hzqt599jc4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046983; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|esa6b510wzoj5hzqt599jc4|03|net"; nocase; ) # 2keb042ptgvs1slvo10clm1x2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046984; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2keb042ptgvs1slvo10clm1x2|03|net"; nocase; ) # 11f69z41chfdm81hbtv9d1ojksn0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046985; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|11f69z41chfdm81hbtv9d1ojksn0|03|com"; nocase; ) # 13e85sr1pe3rnabyjpfhx4et5j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046986; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13e85sr1pe3rnabyjpfhx4et5j|03|org"; nocase; ) # kemqe71no21pz764fx416uuoqx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046987; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kemqe71no21pz764fx416uuoqx|03|biz"; nocase; ) # 1gas4ze1ipwu8h1i5bwvm1ibhtk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046988; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1gas4ze1ipwu8h1i5bwvm1ibhtk7|03|net"; nocase; ) # 1vyiqhjwscff41n0dfdfe6bp1n.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046989; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1vyiqhjwscff41n0dfdfe6bp1n|03|biz"; nocase; ) # 1l2vk8w1tl668jtv6elb1w5lfnp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046990; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l2vk8w1tl668jtv6elb1w5lfnp|03|org"; nocase; ) # 1yriuy512m6vu113p8k3dxnjfy7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046991; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yriuy512m6vu113p8k3dxnjfy7|03|net"; nocase; ) # 174j2nh1yifn3t16i3agpthd2l7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046992; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|174j2nh1yifn3t16i3agpthd2l7|03|com"; nocase; ) # 18ktqm21ma9s39s3rhd21ko04p5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046993; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ktqm21ma9s39s3rhd21ko04p5|03|org"; nocase; ) # 7o9bjpgdwf431v93lcloo7cgi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046994; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7o9bjpgdwf431v93lcloo7cgi|03|com"; nocase; ) # 13uje6ijftx8j1rjythq17qlesn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046995; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13uje6ijftx8j1rjythq17qlesn|03|com"; nocase; ) # nmvr3irndlitxh7sk011qre2f.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046996; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmvr3irndlitxh7sk011qre2f|03|org"; nocase; ) # e8zw081et6jlfmdzz2j1l3nre6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046997; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|e8zw081et6jlfmdzz2j1l3nre6|03|net"; nocase; ) # zwznziuwmnfnkqce6n1bk2mfn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046998; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|zwznziuwmnfnkqce6n1bk2mfn|03|biz"; nocase; ) # p9xhgq1tzj92b1ptzpfgjcrt76.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000046999; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p9xhgq1tzj92b1ptzpfgjcrt76|03|com"; nocase; ) # 1lox71zoa7pvrsydwcz1rtum4d.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047000; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lox71zoa7pvrsydwcz1rtum4d|03|org"; nocase; ) # 2w8j98yeepgfhbnmm9v3z0xh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047001; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2w8j98yeepgfhbnmm9v3z0xh|03|com"; nocase; ) # 19ihwoub0j3r09bkgev1l7wjzc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047002; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19ihwoub0j3r09bkgev1l7wjzc|03|org"; nocase; ) # 1rdsrcn13prz6y15imy5m13gzj8d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047003; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rdsrcn13prz6y15imy5m13gzj8d|03|net"; nocase; ) # 1hrt6n7eof0vq1fzhmm5cbjk7h.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047004; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hrt6n7eof0vq1fzhmm5cbjk7h|03|com"; nocase; ) # c273gn159l0wk1sd3g9glcgeo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047005; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c273gn159l0wk1sd3g9glcgeo1|03|net"; nocase; ) # 1mefrftunne0durpcppxiud47.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047006; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mefrftunne0durpcppxiud47|03|org"; nocase; ) # 14d2lo81183n1611wdvt91ur3488.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047007; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|14d2lo81183n1611wdvt91ur3488|03|net"; nocase; ) # 1dck5wa1srujod1iyewmq1xugimn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047008; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1dck5wa1srujod1iyewmq1xugimn|03|org"; nocase; ) # tqv7w216ftgx61ey3vlc19q3avd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047009; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tqv7w216ftgx61ey3vlc19q3avd|03|com"; nocase; ) # oez36cji6nj14r8j15hdvecj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047010; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|oez36cji6nj14r8j15hdvecj|03|com"; nocase; ) # 18fd93f1px6k5opi54c1132gcae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047011; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18fd93f1px6k5opi54c1132gcae|03|biz"; nocase; ) # 1odun3012xfhfrukg85i1ea802s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047012; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1odun3012xfhfrukg85i1ea802s|03|org"; nocase; ) # 1npaan2pibvb91vyw7d5de621o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047013; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1npaan2pibvb91vyw7d5de621o|03|com"; nocase; ) # 1h3l5afhbhrsm1frhakd10nbvkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047014; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1h3l5afhbhrsm1frhakd10nbvkj|03|org"; nocase; ) # h3orcl2o9yf1597hhqv12ynz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047015; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h3orcl2o9yf1597hhqv12ynz|03|net"; nocase; ) # 12zbzc8vlniaf15jmgpiwqk7im.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047016; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12zbzc8vlniaf15jmgpiwqk7im|03|com"; nocase; ) # 1e62chpep8utghqjan1gupf9e.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047017; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1e62chpep8utghqjan1gupf9e|03|biz"; nocase; ) # 1vk2y41qqetxzlky7fj7qbky7.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047018; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vk2y41qqetxzlky7fj7qbky7|03|biz"; nocase; ) # 6nnfbm1wdi84d1o9y8t97ez5vd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047019; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|6nnfbm1wdi84d1o9y8t97ez5vd|03|com"; nocase; ) # 153w4qnjjh79v1x59vyo1tetvm0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047020; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|153w4qnjjh79v1x59vyo1tetvm0|03|com"; nocase; ) # 1vtz56zio19lfleklijb1x9mi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047021; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vtz56zio19lfleklijb1x9mi|03|net"; nocase; ) # 1rswmcapkh8mg1hjhhn65f9ilc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047022; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rswmcapkh8mg1hjhhn65f9ilc|03|biz"; nocase; ) # qrlwcw9fx495lh98du1ibmolv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047023; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qrlwcw9fx495lh98du1ibmolv|03|org"; nocase; ) # 1t1e9aen47nhh194otq81cujke6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047024; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t1e9aen47nhh194otq81cujke6|03|com"; nocase; ) # 1fv6ron1hfp8f3iabz1nbwtqm3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047025; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fv6ron1hfp8f3iabz1nbwtqm3|03|net"; nocase; ) # yzfujd1siydefxmhfetz5g3jx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047026; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yzfujd1siydefxmhfetz5g3jx|03|net"; nocase; ) # 1rmg31ywnnjno1dsd4m2rkm2jq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047027; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rmg31ywnnjno1dsd4m2rkm2jq|03|com"; nocase; ) # h8sepr15elia0rp7ffvvjdr2x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047028; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h8sepr15elia0rp7ffvvjdr2x|03|net"; nocase; ) # g81ggx1wmps0x1jy26j81hdi8ui.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047029; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|g81ggx1wmps0x1jy26j81hdi8ui|03|biz"; nocase; ) # nmsqbn6f1hapk3jalj1lqvcqu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047030; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|nmsqbn6f1hapk3jalj1lqvcqu|03|org"; nocase; ) # lku33qnb82e7smqpoffy3287.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047031; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|lku33qnb82e7smqpoffy3287|03|com"; nocase; ) # 1m4n6rl1wzog36543igf1m6wb4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047032; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1m4n6rl1wzog36543igf1m6wb4a|03|net"; nocase; ) # 1uiilq3v5i1p222jrwqc4s0l.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047033; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1uiilq3v5i1p222jrwqc4s0l|03|org"; nocase; ) # 1h44nm0gra27dz63b3r1tirmjp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047034; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h44nm0gra27dz63b3r1tirmjp|03|org"; nocase; ) # 1wpo5mr14x16y855vz7m170eqxy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047035; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1wpo5mr14x16y855vz7m170eqxy|03|net"; nocase; ) # 1i5ofna1vz9fcgcx4uk5azjy0e.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047036; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1i5ofna1vz9fcgcx4uk5azjy0e|03|org"; nocase; ) # dcs9869qh28m1tvef8n1guk4ea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047037; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dcs9869qh28m1tvef8n1guk4ea|03|com"; nocase; ) # 1ckdhja1tmotm5nvypawdttc8w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047038; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ckdhja1tmotm5nvypawdttc8w|03|org"; nocase; ) # 12s8li6b28gtkyr4d1mu9g3o7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047039; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12s8li6b28gtkyr4d1mu9g3o7|03|net"; nocase; ) # s2aurd6pyicpd6s12oi9kpt2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047040; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|s2aurd6pyicpd6s12oi9kpt2|03|org"; nocase; ) # mwojotco7o691ooezrk1tepydi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047041; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mwojotco7o691ooezrk1tepydi|03|net"; nocase; ) # 72wu3yzkpq6n1o6uny452lf6f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047042; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|72wu3yzkpq6n1o6uny452lf6f|03|biz"; nocase; ) # rnr8j1xj1vs7e7o461r4nupo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047043; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rnr8j1xj1vs7e7o461r4nupo|03|net"; nocase; ) # j5cmh77fvgxd1d9o3718bmu0t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047044; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j5cmh77fvgxd1d9o3718bmu0t|03|biz"; nocase; ) # j2vv51p94ooyc35atg1894738.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047045; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j2vv51p94ooyc35atg1894738|03|com"; nocase; ) # 1f40ujh1mh516u31m6n2ce6mwl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047046; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f40ujh1mh516u31m6n2ce6mwl|03|net"; nocase; ) # b0bik01dsjchb1s6uhekj5im33.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047047; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b0bik01dsjchb1s6uhekj5im33|03|net"; nocase; ) # adn1ky1hyg3lepplocl14a24l4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047048; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|adn1ky1hyg3lepplocl14a24l4|03|org"; nocase; ) # r10rkm4dt90tp0g3lq7zwgbo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047049; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|r10rkm4dt90tp0g3lq7zwgbo|03|org"; nocase; ) # 1njt1fb157ohnr16hn3wt5o6gjr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047050; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1njt1fb157ohnr16hn3wt5o6gjr|03|biz"; nocase; ) # peu497te97vfyeqnua1g5t36g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047051; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|peu497te97vfyeqnua1g5t36g|03|net"; nocase; ) # 113s5f3sf9bnj17rmpd310mymkn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047052; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|113s5f3sf9bnj17rmpd310mymkn|03|net"; nocase; ) # 12raqweo9f21im10009pjlk7h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047053; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12raqweo9f21im10009pjlk7h|03|org"; nocase; ) # 1gi9dhknotv1cr5tmjx18qx5yv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047054; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gi9dhknotv1cr5tmjx18qx5yv|03|com"; nocase; ) # 190n82t1pxej3dejpli01kqm4tl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047055; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|190n82t1pxej3dejpli01kqm4tl|03|org"; nocase; ) # h4kdr61ucqd261m9z9ix4ex1xv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047056; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|h4kdr61ucqd261m9z9ix4ex1xv|03|biz"; nocase; ) # 7xc53ydmz8qx1j7cjmgqq8on7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047057; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7xc53ydmz8qx1j7cjmgqq8on7|03|net"; nocase; ) # c39rdb4jrqukkbw7c0xm3y8a.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047058; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c39rdb4jrqukkbw7c0xm3y8a|03|org"; nocase; ) # 1gi5b59yd7go9165ll5kzrnhp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047059; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gi5b59yd7go9165ll5kzrnhp|03|com"; nocase; ) # 1kixv7y1ca7vo210mbkrfepj24w.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047060; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kixv7y1ca7vo210mbkrfepj24w|03|org"; nocase; ) # 14hnefhpb9i38vk9n2f1lzqa7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047061; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|14hnefhpb9i38vk9n2f1lzqa7|03|net"; nocase; ) # 1mx69g31nsh7cg17tmr1gzvci9t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047062; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mx69g31nsh7cg17tmr1gzvci9t|03|biz"; nocase; ) # 1gdxcph1tqcxmv1wttdfcfxygjm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047063; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gdxcph1tqcxmv1wttdfcfxygjm|03|com"; nocase; ) # u6l91v12jhdjhlvlpcu6aumco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047064; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|u6l91v12jhdjhlvlpcu6aumco|03|org"; nocase; ) # 1ohwkcv1n4xdnx1eyvd0qe1ebtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047065; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ohwkcv1n4xdnx1eyvd0qe1ebtl|03|com"; nocase; ) # 1sshnlf1pv07di1aa7ui3qbpgo2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047066; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sshnlf1pv07di1aa7ui3qbpgo2|03|biz"; nocase; ) # 4fsz601qbogx5ku5wrk1v88i4s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047067; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4fsz601qbogx5ku5wrk1v88i4s|03|com"; nocase; ) # 1y45bml11wza2lhtl11yxzngix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047068; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y45bml11wza2lhtl11yxzngix|03|net"; nocase; ) # 18pmpcf1r3s08c5q40a41to31z.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047069; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18pmpcf1r3s08c5q40a41to31z|03|net"; nocase; ) # 14nd7361ypx9jfe15nwb1mr8rva.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047070; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14nd7361ypx9jfe15nwb1mr8rva|03|net"; nocase; ) # 17r3z045oh4jxlsyff8xp6zik.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047071; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|17r3z045oh4jxlsyff8xp6zik|03|biz"; nocase; ) # xnptjs1meghan12iz63215hjvu3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047072; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xnptjs1meghan12iz63215hjvu3|03|org"; nocase; ) # 3kggj2tt9tm0mpgw4yjhazod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047073; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3kggj2tt9tm0mpgw4yjhazod|03|com"; nocase; ) # 1e4eqcu1ud7s2co6l7wi4j3zx4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047074; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1e4eqcu1ud7s2co6l7wi4j3zx4|03|net"; nocase; ) # 1718zw81ivu85fd26kn84lnq8g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047075; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1718zw81ivu85fd26kn84lnq8g|03|biz"; nocase; ) # 1lgyeihgv8xqnetqnhr10879bw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047076; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lgyeihgv8xqnetqnhr10879bw|03|net"; nocase; ) # 12w0u9w4hh0le1oti3k81d5xjmx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047077; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|12w0u9w4hh0le1oti3k81d5xjmx|03|net"; nocase; ) # 18xuvtaz7ecvs7nm1lsgwrpnl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047078; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|18xuvtaz7ecvs7nm1lsgwrpnl|03|org"; nocase; ) # 1arl4kd1ec6e387lq5ql1t1nujn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047079; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1arl4kd1ec6e387lq5ql1t1nujn|03|net"; nocase; ) # 183x6psdruj3pw9npjq45y5p8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047080; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|183x6psdruj3pw9npjq45y5p8|03|org"; nocase; ) # 1ibobtldqv4ezj94tma1cpi02m.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047081; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ibobtldqv4ezj94tma1cpi02m|03|org"; nocase; ) # 1sr155d1bgjdta1uh760hasxdho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047082; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sr155d1bgjdta1uh760hasxdho|03|net"; nocase; ) # v1w7kka97zw41i420j01slgzjy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047083; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|v1w7kka97zw41i420j01slgzjy|03|com"; nocase; ) # 10ychfza17yg2e8erb14jubq6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047084; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10ychfza17yg2e8erb14jubq6|03|org"; nocase; ) # 1aak3c16yp5w1vqo1y1j8yklk.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047085; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1aak3c16yp5w1vqo1y1j8yklk|03|org"; nocase; ) # yvgvpge26bvv3ammc71yunhvf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047086; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yvgvpge26bvv3ammc71yunhvf|03|biz"; nocase; ) # gqf48dbyqla0zriyq8wrufl0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047087; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gqf48dbyqla0zriyq8wrufl0|03|com"; nocase; ) # 5lho1ze6cos8lwm9bphuk8ap.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047088; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5lho1ze6cos8lwm9bphuk8ap|03|net"; nocase; ) # ykwxuis4lln91xf7ajc15gg2k5.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047089; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ykwxuis4lln91xf7ajc15gg2k5|03|biz"; nocase; ) # 1xsb1me375izipf59lotbgdt5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047090; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xsb1me375izipf59lotbgdt5|03|org"; nocase; ) # 12e96e8152zsyno8nrrgyvpyy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047091; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|12e96e8152zsyno8nrrgyvpyy|03|net"; nocase; ) # 1fy4l6910mnm6z1ct7gim6e1j47.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047092; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1fy4l6910mnm6z1ct7gim6e1j47|03|biz"; nocase; ) # tpd6z611rdnuz1bqeq2i1fxkwze.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047093; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tpd6z611rdnuz1bqeq2i1fxkwze|03|net"; nocase; ) # 1abmxdy1wnuwyh1a5ap5u1gvpe7y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047094; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abmxdy1wnuwyh1a5ap5u1gvpe7y|03|org"; nocase; ) # o25yp2nlofpoqp78l9ueaurs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047095; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|o25yp2nlofpoqp78l9ueaurs|03|net"; nocase; ) # 1xb9bxu1hcj8op1c15gpfp60t26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047096; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xb9bxu1hcj8op1c15gpfp60t26|03|org"; nocase; ) # 18vmc1k1mjl44deo5klp1ivk2r8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047097; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18vmc1k1mjl44deo5klp1ivk2r8|03|com"; nocase; ) # 17mf5u16a3x9ze9soox15fcqaw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047098; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17mf5u16a3x9ze9soox15fcqaw|03|biz"; nocase; ) # 16fmf1t1kecews10zt5431md9v4w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047099; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16fmf1t1kecews10zt5431md9v4w|03|net"; nocase; ) # 18vxi281ne0taflj5rff5ewqnc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047100; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18vxi281ne0taflj5rff5ewqnc|03|biz"; nocase; ) # m0n58xgyw7jwpicpkhdx9f4x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047101; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|m0n58xgyw7jwpicpkhdx9f4x|03|com"; nocase; ) # 1rog0ctexw67jqfpb0p54esx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047102; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1rog0ctexw67jqfpb0p54esx|03|com"; nocase; ) # 13im8djer3bdyt6j97n4hfwky.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047103; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|13im8djer3bdyt6j97n4hfwky|03|biz"; nocase; ) # fhcvjxn8g6u81hgltpqkp5b75.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047104; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fhcvjxn8g6u81hgltpqkp5b75|03|net"; nocase; ) # 1uezrx1haifrxxld1yk1qal1ze.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047105; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uezrx1haifrxxld1yk1qal1ze|03|org"; nocase; ) # klpstw18uy2rv1c4qktly8w20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047106; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|klpstw18uy2rv1c4qktly8w20|03|org"; nocase; ) # 1ufuwwp555hfu1ycwe1g11m3ze4.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047107; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ufuwwp555hfu1ycwe1g11m3ze4|03|biz"; nocase; ) # 1gc0s3lj3ve6myrs8eajzf3b7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047108; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gc0s3lj3ve6myrs8eajzf3b7|03|com"; nocase; ) # lj4kikj4jp1uvtmrxu1q1ikoi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047109; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|lj4kikj4jp1uvtmrxu1q1ikoi|03|org"; nocase; ) # zt1nxgqwzuj7tsvifh72ej3a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047110; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|zt1nxgqwzuj7tsvifh72ej3a|03|net"; nocase; ) # 1y9l8msswhluv7wxrdl1j0jyds.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047111; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1y9l8msswhluv7wxrdl1j0jyds|03|net"; nocase; ) # pe9mg31qq7zcro2xonv1mp78vp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047112; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|pe9mg31qq7zcro2xonv1mp78vp|03|org"; nocase; ) # rdp2c1gn7h4embd5yom9rlam.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047113; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rdp2c1gn7h4embd5yom9rlam|03|org"; nocase; ) # tt3tm18kdx8jh56v9s1pwtev7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047114; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tt3tm18kdx8jh56v9s1pwtev7|03|net"; nocase; ) # kpgcx3yscqfjmpt7oas4v72k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047115; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|kpgcx3yscqfjmpt7oas4v72k|03|org"; nocase; ) # rogq991w5wipqn3atiylv0y7d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047116; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rogq991w5wipqn3atiylv0y7d|03|net"; nocase; ) # 8tfmj716orpux1rm3x3i1df5zgq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047117; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8tfmj716orpux1rm3x3i1df5zgq|03|net"; nocase; ) # 1vcj0301cuyrgsheiny01l6zwtj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047118; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1vcj0301cuyrgsheiny01l6zwtj|03|org"; nocase; ) # 5t1ry31txgv6g1qo9nh936xnqf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047119; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5t1ry31txgv6g1qo9nh936xnqf|03|org"; nocase; ) # cy0foud8bc7i1kf41atyvysal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047120; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cy0foud8bc7i1kf41atyvysal|03|com"; nocase; ) # nj1k481s8c5db17iehb3oybh9j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047121; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|nj1k481s8c5db17iehb3oybh9j|03|com"; nocase; ) # 9zqugv1u209a24nvwen11hzpy4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047122; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9zqugv1u209a24nvwen11hzpy4|03|org"; nocase; ) # 2keaxipl77gn15rl2au6i0979.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047123; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|2keaxipl77gn15rl2au6i0979|03|com"; nocase; ) # 1mcyiqnvg82koq8a69s17wgmcv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047124; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mcyiqnvg82koq8a69s17wgmcv|03|org"; nocase; ) # 13f4e161vvd7001bapz384ph6sn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047125; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13f4e161vvd7001bapz384ph6sn|03|net"; nocase; ) # 1hq6ekcag7gkq2fzrcd1l1m1u2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047126; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1hq6ekcag7gkq2fzrcd1l1m1u2|03|net"; nocase; ) # 2kmu4l6j0hzr2wzhvz75c7u0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047127; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2kmu4l6j0hzr2wzhvz75c7u0|03|net"; nocase; ) # ru0khv1sasjevedfivt1qkqyf2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047128; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ru0khv1sasjevedfivt1qkqyf2|03|net"; nocase; ) # 1n2z1mf1is2inibsulv11ip92lw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047129; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1n2z1mf1is2inibsulv11ip92lw|03|biz"; nocase; ) # mxwylk7fhrn11e8ib841nnlr65.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047130; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mxwylk7fhrn11e8ib841nnlr65|03|org"; nocase; ) # 13krurs1wsdgk91nsb5lova7a61.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047131; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13krurs1wsdgk91nsb5lova7a61|03|com"; nocase; ) # f0a91z1wyjbhbnf0lw3s5ddcb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047132; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f0a91z1wyjbhbnf0lw3s5ddcb|03|net"; nocase; ) # 1emh7d4doixtt1hxvynjsw983t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047133; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1emh7d4doixtt1hxvynjsw983t|03|biz"; nocase; ) # 1uwov7t1b5vp36xkocatu4ynkd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047134; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1uwov7t1b5vp36xkocatu4ynkd|03|org"; nocase; ) # 13ghoeephouxsn92dug1lur4i1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047135; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13ghoeephouxsn92dug1lur4i1|03|net"; nocase; ) # c7wrlc1mm8ffl16gmf6zfghsc3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047136; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|c7wrlc1mm8ffl16gmf6zfghsc3|03|com"; nocase; ) # 1ajeepz1szct4x135rite1rgvvfa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047137; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ajeepz1szct4x135rite1rgvvfa|03|biz"; nocase; ) # 450ldb1pr8wkxdju7asz8imkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047138; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|450ldb1pr8wkxdju7asz8imkj|03|org"; nocase; ) # mgaryk1cegt1q1kvicqtwfcpxa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047139; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mgaryk1cegt1q1kvicqtwfcpxa|03|biz"; nocase; ) # 3w7za2m2vrlv3d31bqljzmvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047140; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|3w7za2m2vrlv3d31bqljzmvz|03|com"; nocase; ) # c1ncc3qzdvbathxpz85fsowt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047141; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|c1ncc3qzdvbathxpz85fsowt|03|net"; nocase; ) # 1ippm6n1xcp0d0ybqax52f0nml.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047142; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ippm6n1xcp0d0ybqax52f0nml|03|com"; nocase; ) # 54xgxl1tfor841ioqwvo1xk4eii.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047143; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|54xgxl1tfor841ioqwvo1xk4eii|03|net"; nocase; ) # 1c0933d1hvykbr1002wvkzckl34.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047144; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1c0933d1hvykbr1002wvkzckl34|03|org"; nocase; ) # 1nkfvu71h5d50aoye1ap1820ueb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047145; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nkfvu71h5d50aoye1ap1820ueb|03|net"; nocase; ) # n2ryma3vtzbizg4ur2wqazvj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047146; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n2ryma3vtzbizg4ur2wqazvj|03|net"; nocase; ) # 11vvqvfqcbcwrzrsnja19glsm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047147; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|11vvqvfqcbcwrzrsnja19glsm|03|com"; nocase; ) # 1bzbzfu124aoka17pnyc9pwufmn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047148; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bzbzfu124aoka17pnyc9pwufmn|03|org"; nocase; ) # 155jlirywrksj19lm3ct2rybnt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047149; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|155jlirywrksj19lm3ct2rybnt|03|net"; nocase; ) # rtf6jb9nyaxm7hgs9woj7eff.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047150; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|rtf6jb9nyaxm7hgs9woj7eff|03|net"; nocase; ) # 1qw9qtw1pdvztr1ji9gpt3oqyft.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047151; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qw9qtw1pdvztr1ji9gpt3oqyft|03|net"; nocase; ) # 1w4lkgjin3wi6mn4xy0b6ouye.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047152; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w4lkgjin3wi6mn4xy0b6ouye|03|org"; nocase; ) # 1cwuqyakvxkf12ih3kt3vev58.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047153; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cwuqyakvxkf12ih3kt3vev58|03|com"; nocase; ) # 1jc8x711sd748ny2mg21beqj7q.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047154; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jc8x711sd748ny2mg21beqj7q|03|net"; nocase; ) # g2vr9h1xwhbegryu3qj1xkfdxy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047155; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|g2vr9h1xwhbegryu3qj1xkfdxy|03|biz"; nocase; ) # uhpsp2j28iep1i26h1n1xthz5g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047156; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|uhpsp2j28iep1i26h1n1xthz5g|03|net"; nocase; ) # 7e8cwp1cheyqe16bh3kr3e2sk7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047157; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|7e8cwp1cheyqe16bh3kr3e2sk7|03|com"; nocase; ) # 7kebrxy7sh1c1trbi43g0yhgr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047158; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|7kebrxy7sh1c1trbi43g0yhgr|03|com"; nocase; ) # 1yfuo7o1arzesf1kxvsnomlbkbt.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047159; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yfuo7o1arzesf1kxvsnomlbkbt|03|org"; nocase; ) # eenm1favat7aw20c81jfc5zu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047160; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|eenm1favat7aw20c81jfc5zu|03|com"; nocase; ) # 1yjmdpn1yz9hdqvqnb2315j068x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047161; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yjmdpn1yz9hdqvqnb2315j068x|03|org"; nocase; ) # 195e3i1118v1nk1raduvar6jyps.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047162; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|195e3i1118v1nk1raduvar6jyps|03|org"; nocase; ) # kyw8h41j0w9oevpqpbt1ix0z4e.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047163; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|kyw8h41j0w9oevpqpbt1ix0z4e|03|net"; nocase; ) # 1hpc0jx1lzrogq19zfeg21cxxh4g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047164; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1hpc0jx1lzrogq19zfeg21cxxh4g|03|com"; nocase; ) # 13qs8dd12qrt58mo4n0q18hnn81.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047165; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|13qs8dd12qrt58mo4n0q18hnn81|03|com"; nocase; ) # 1efgkc7r0sca610t18ah1bxtth0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047166; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1efgkc7r0sca610t18ah1bxtth0|03|com"; nocase; ) # llkj4v167215o131tj2x1rdvt24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047167; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|llkj4v167215o131tj2x1rdvt24|03|net"; nocase; ) # aneffpxhpedd1q8tqn824ffiu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047168; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|aneffpxhpedd1q8tqn824ffiu|03|biz"; nocase; ) # 196b8te1taeb11wm9s8y1lfmyno.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047169; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|196b8te1taeb11wm9s8y1lfmyno|03|org"; nocase; ) # jdokpbxig4kksctb3s1s7ye3o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047170; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jdokpbxig4kksctb3s1s7ye3o|03|com"; nocase; ) # el90v3zh0yjqcpa87o1kaz67a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047171; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|el90v3zh0yjqcpa87o1kaz67a|03|com"; nocase; ) # 1lq7ykykv5aqc1acyjvm1nb9nyc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047172; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lq7ykykv5aqc1acyjvm1nb9nyc|03|net"; nocase; ) # 1svcwvs1y22fmvk1env57a60k9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047173; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1svcwvs1y22fmvk1env57a60k9|03|com"; nocase; ) # 1w8pwdqpqkf8r56mgo8snw8xr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047174; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1w8pwdqpqkf8r56mgo8snw8xr|03|com"; nocase; ) # gqpf4b1wyqnwcwxl8xi1szb6g5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047175; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gqpf4b1wyqnwcwxl8xi1szb6g5|03|net"; nocase; ) # ptronfba3g27x9s3tj1oa4y4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047176; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ptronfba3g27x9s3tj1oa4y4a|03|net"; nocase; ) # h90oyyp3y9j5elhu21539xx9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047177; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|h90oyyp3y9j5elhu21539xx9|03|biz"; nocase; ) # 1br6qb21bzluxf1wdxaz41yc7kwy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047178; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1br6qb21bzluxf1wdxaz41yc7kwy|03|com"; nocase; ) # 1l8s0tz160nshl1ket8ciruwkpd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047179; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1l8s0tz160nshl1ket8ciruwkpd|03|net"; nocase; ) # n3mtjv1nshwy76sq3uc12mougl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047180; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|n3mtjv1nshwy76sq3uc12mougl|03|net"; nocase; ) # yin1dywnfmgvvarzn0fjkxsh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047181; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yin1dywnfmgvvarzn0fjkxsh|03|org"; nocase; ) # 1pn6apx12fh7xx16zd2owx3i7kd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047182; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pn6apx12fh7xx16zd2owx3i7kd|03|biz"; nocase; ) # 9zr744bwf4xs3yympo1u8cfo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047183; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9zr744bwf4xs3yympo1u8cfo1|03|net"; nocase; ) # ikm0bf9tlq82xl70z11a9myp6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047184; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|ikm0bf9tlq82xl70z11a9myp6|03|com"; nocase; ) # 14zcree1rxphd7197zl9h2d8jem.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047185; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14zcree1rxphd7197zl9h2d8jem|03|net"; nocase; ) # 1430hce1511bli1ww3p6t1rmrmi7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047186; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1430hce1511bli1ww3p6t1rmrmi7|03|org"; nocase; ) # 4mdqz1sqiw5o93q2482lufto.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047187; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|4mdqz1sqiw5o93q2482lufto|03|biz"; nocase; ) # 1ul9to16cgdu5e91trupbm367.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047188; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ul9to16cgdu5e91trupbm367|03|net"; nocase; ) # dvm3whlptignc0g61tvuitub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047189; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|dvm3whlptignc0g61tvuitub|03|org"; nocase; ) # utgw2u58g1ciy2tsxa368mcc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047190; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|utgw2u58g1ciy2tsxa368mcc|03|biz"; nocase; ) # 10cytw6rw4rwa1k12ejn11kwefl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047191; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10cytw6rw4rwa1k12ejn11kwefl|03|net"; nocase; ) # b7emap1mo66c217giat7eyg3hh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047192; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b7emap1mo66c217giat7eyg3hh|03|com"; nocase; ) # amgt5i1grwjg61tqjq5nyz6mpa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047193; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|amgt5i1grwjg61tqjq5nyz6mpa|03|biz"; nocase; ) # niawh3sdw0c4o9yocobhogu2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047194; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|niawh3sdw0c4o9yocobhogu2|03|net"; nocase; ) # 1914qx8vs8b791mxhs3ybw2qa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047195; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1914qx8vs8b791mxhs3ybw2qa|03|net"; nocase; ) # 17v9q8j1j5jrks1tkhmts1ago39t.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047196; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|17v9q8j1j5jrks1tkhmts1ago39t|03|net"; nocase; ) # m11o0bycktrb1auqa4s1r81fts.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047197; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m11o0bycktrb1auqa4s1r81fts|03|com"; nocase; ) # 1co1pb31pn8y9e1u0kys9ytir05.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047198; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1co1pb31pn8y9e1u0kys9ytir05|03|net"; nocase; ) # 1bz65bdmrv23l9vcqi186qzu6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047199; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bz65bdmrv23l9vcqi186qzu6|03|org"; nocase; ) # 1xym9gbybvqdoblbhuagmu8br.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047200; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xym9gbybvqdoblbhuagmu8br|03|biz"; nocase; ) # e4sxqspzuty0vjem56o2q9qm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047201; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|e4sxqspzuty0vjem56o2q9qm|03|com"; nocase; ) # 1kovqgz1lw6sv51rfy8le11c44rs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047202; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kovqgz1lw6sv51rfy8le11c44rs|03|org"; nocase; ) # 19qr0ppw4l9yv1sq3xibe29y9q.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047203; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|19qr0ppw4l9yv1sq3xibe29y9q|03|org"; nocase; ) # 10l4gypymtcb716qi2nn1fqjjgh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047204; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10l4gypymtcb716qi2nn1fqjjgh|03|net"; nocase; ) # thwcfxr0e9rt1ywgiri1r5vr35.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047205; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|thwcfxr0e9rt1ywgiri1r5vr35|03|org"; nocase; ) # t0mesq17hvsjq1itu9bbjp5xt9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047206; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|t0mesq17hvsjq1itu9bbjp5xt9|03|com"; nocase; ) # j715ylqmti18y1jvhl1axx2e1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047207; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j715ylqmti18y1jvhl1axx2e1|03|net"; nocase; ) # u3alaigvbg021nq55921kt59vx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047208; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|u3alaigvbg021nq55921kt59vx|03|com"; nocase; ) # 1rpxorbjjdqrh1w9s185y9276d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047209; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1rpxorbjjdqrh1w9s185y9276d|03|com"; nocase; ) # 1sortqe7zala21ir7sre12kpaot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047210; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sortqe7zala21ir7sre12kpaot|03|com"; nocase; ) # 1b5zcj0otx98yeru4vvx9grug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047211; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1b5zcj0otx98yeru4vvx9grug|03|net"; nocase; ) # tl6tp14ydn9p15rim9h1ki9jiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047212; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tl6tp14ydn9p15rim9h1ki9jiq|03|com"; nocase; ) # 153ln915zfdkx52kqk2kppo26.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047213; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|153ln915zfdkx52kqk2kppo26|03|net"; nocase; ) # 154i6h1qjjhi115zwg3y1faht31.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047214; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|154i6h1qjjhi115zwg3y1faht31|03|net"; nocase; ) # 18mb7479ks2kz1e7yi3p1nkry5o.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047215; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18mb7479ks2kz1e7yi3p1nkry5o|03|org"; nocase; ) # 1ojav061pu6j371agsvmt1lel4ud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047216; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1ojav061pu6j371agsvmt1lel4ud|03|com"; nocase; ) # o0pztm1f9pspk1ivawph19lvmkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047217; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|o0pztm1f9pspk1ivawph19lvmkl|03|net"; nocase; ) # 12l7xamq8swv81po74roxsxda5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047218; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12l7xamq8swv81po74roxsxda5|03|com"; nocase; ) # rspqpv11kgojem5cxnxoy7v31.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047219; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rspqpv11kgojem5cxnxoy7v31|03|org"; nocase; ) # q45ede1nmz8oq5hjpnem62t4c.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047220; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|q45ede1nmz8oq5hjpnem62t4c|03|net"; nocase; ) # 1dkpss01h7l5lklvsi96q46qpv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047221; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1dkpss01h7l5lklvsi96q46qpv|03|biz"; nocase; ) # 2fvnq21fjamwiczgb631ohhlz3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047222; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|2fvnq21fjamwiczgb631ohhlz3|03|biz"; nocase; ) # 1acwvzfql14zr1ledakqkt1yx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047223; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1acwvzfql14zr1ledakqkt1yx|03|com"; nocase; ) # j55e5mfdbiyo1qrx4irad5aqw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047224; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|j55e5mfdbiyo1qrx4irad5aqw|03|com"; nocase; ) # 1uhhroi1cg3qrb1rr907j8m3o50.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047225; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1uhhroi1cg3qrb1rr907j8m3o50|03|net"; nocase; ) # 1bfsxsa1aa7f8x1e0q73qx10uyc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047226; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bfsxsa1aa7f8x1e0q73qx10uyc|03|com"; nocase; ) # 12gb4kgvhdjua1w14sw1pm7r5w.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047227; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|12gb4kgvhdjua1w14sw1pm7r5w|03|com"; nocase; ) # 1jmwzc5121feir1eqeur5ias783.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047228; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1jmwzc5121feir1eqeur5ias783|03|net"; nocase; ) # 1wsdr2w16qdpg84p9zufw8dawf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047229; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wsdr2w16qdpg84p9zufw8dawf|03|net"; nocase; ) # 1otqx9e8bloz71vlyz9f1d7ko72.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047230; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1otqx9e8bloz71vlyz9f1d7ko72|03|net"; nocase; ) # 1i00q7ruh2v8615dbo1n12h9zag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047231; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1i00q7ruh2v8615dbo1n12h9zag|03|com"; nocase; ) # 10uezzzj1acvmv654xdw8v5c5.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047232; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|10uezzzj1acvmv654xdw8v5c5|03|net"; nocase; ) # 1tleh991qyhduk1swr6b814g0nxr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047233; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1tleh991qyhduk1swr6b814g0nxr|03|net"; nocase; ) # tnx6ng17imv2s1sxl8ss1o2l2q0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047234; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tnx6ng17imv2s1sxl8ss1o2l2q0|03|biz"; nocase; ) # 14rmfj18m84t21hx97d41rahzcs.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047235; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|14rmfj18m84t21hx97d41rahzcs|03|org"; nocase; ) # wivruehuuwsefnnb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047236; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|wivruehuuwsefnnb|02|eu"; nocase; ) # qgxokdytlkuiauev.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047237; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qgxokdytlkuiauev|02|eu"; nocase; ) # qujghrldhnkaysgi.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047238; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|qujghrldhnkaysgi|02|eu"; nocase; ) # edqklafkexueqgsh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047239; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|edqklafkexueqgsh|02|eu"; nocase; ) # ercciorgmnkvcrut.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047240; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ercciorgmnkvcrut|02|eu"; nocase; ) # xmhqcqiprufxabxn.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047241; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xmhqcqiprufxabxn|02|eu"; nocase; ) # xprmiguuinktkkca.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047242; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xprmiguuinktkkca|02|eu"; nocase; ) # xeqefuheeqaljvem.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047243; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|xeqefuheeqaljvem|02|eu"; nocase; ) # rfdkbjlvljtxbmmg.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047244; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|rfdkbjlvljtxbmmg|02|eu"; nocase; ) # lfrmxcbtdmjniqvl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047245; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|lfrmxcbtdmjniqvl|02|eu"; nocase; ) # fjooateqoxuvkqir.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047246; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fjooateqoxuvkqir|02|eu"; nocase; ) # fxagwuqmwnknjcxe.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047247; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|fxagwuqmwnknjcxe|02|eu"; nocase; ) # ypulkhiqlpntwovl.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047248; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ypulkhiqlpntwovl|02|eu"; nocase; ) # ywnhvuuuvqovphql.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047249; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|ywnhvuuuvqovphql|02|eu"; nocase; ) # yalqcxhnawtraeix.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047250; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|yalqcxhnawtraeix|02|eu"; nocase; ) # swcwsbxsntelwlae.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047251; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|swcwsbxsntelwlae|02|eu"; nocase; ) # mxopopokiallcpix.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047252; reference:url,osint.bambenekconsulting.com/manual/geodo.txt; priority:1; content:"|10|mxopopokiallcpix|02|eu"; nocase; ) # da6faee45d2cf053a70f3c70104a5c01b9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047253; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|da6faee45d2cf053a70f3c70104a5c01b9|02|in"; nocase; ) # h9178efef8c7f8a066cb0f62dafb5f9fd3.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047254; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h9178efef8c7f8a066cb0f62dafb5f9fd3|02|so"; nocase; ) # i3da980affc178d64c3f8b74cc470a9a71.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047255; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3da980affc178d64c3f8b74cc470a9a71|02|cc"; nocase; ) # ua17e579376830b65ba4eb0fdb6dcdcbef.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047256; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ua17e579376830b65ba4eb0fdb6dcdcbef|02|hk"; nocase; ) # w7029794bd2ac564f68a844a029f57da91.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047257; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w7029794bd2ac564f68a844a029f57da91|02|tk"; nocase; ) # z72b3c972d1a8bd854f9f4c8045014e30e.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047258; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z72b3c972d1a8bd854f9f4c8045014e30e|02|ws"; nocase; ) # fb0c6827a3edbcb7ac8c905e9aebc97ed4.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047259; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb0c6827a3edbcb7ac8c905e9aebc97ed4|02|so"; nocase; ) # ia4fe96c7ef007816f6ae86637ba5bb9e2.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047260; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ia4fe96c7ef007816f6ae86637ba5bb9e2|02|to"; nocase; ) # nb6fd04a158f94eebe0c111fd5dc007e93.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047261; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb6fd04a158f94eebe0c111fd5dc007e93|02|so"; nocase; ) # u0c000372f1c8e55e59c292f3df0022e5c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047262; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u0c000372f1c8e55e59c292f3df0022e5c|02|tk"; nocase; ) # a4f4ccca37cbb2a059c7b5574260cf21b2.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047263; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a4f4ccca37cbb2a059c7b5574260cf21b2|02|hk"; nocase; ) # b0859f24bc2279bc84685c16256397b615.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047264; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0859f24bc2279bc84685c16256397b615|02|cn"; nocase; ) # g69bdb2c1b5ba992d62e742585011c62e5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047265; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g69bdb2c1b5ba992d62e742585011c62e5|02|to"; nocase; ) # r0ad586caccaa31b823c6dcbd3f1ff1fa8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047266; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r0ad586caccaa31b823c6dcbd3f1ff1fa8|02|cn"; nocase; ) # s00ffb826b0f9acc433324a5cce6e18640.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047267; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s00ffb826b0f9acc433324a5cce6e18640|02|tk"; nocase; ) # t5382e4ce19b61cf5a0cf98b69b6f37cc9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047268; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t5382e4ce19b61cf5a0cf98b69b6f37cc9|02|so"; nocase; ) # ucf7e8e58d48f17cce921b42c89bda11d5.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047269; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ucf7e8e58d48f17cce921b42c89bda11d5|02|cc"; nocase; ) # k395b9850e5d6d0967bd6b3db41f52c513.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047270; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k395b9850e5d6d0967bd6b3db41f52c513|02|cc"; nocase; ) # m396c5f142cd15b40b849b8e45114d7826.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047271; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m396c5f142cd15b40b849b8e45114d7826|02|to"; nocase; ) # q606c37948cc5eeec9bcf8a5b28248d45d.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047272; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q606c37948cc5eeec9bcf8a5b28248d45d|02|tk"; nocase; ) # u39e2f1a71686566c04ff4bd5c9d878f30.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047273; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u39e2f1a71686566c04ff4bd5c9d878f30|02|to"; nocase; ) # we7695b35ed4e5ae5ef0e203f71560cc56.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047274; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|we7695b35ed4e5ae5ef0e203f71560cc56|02|hk"; nocase; ) # ka77dfdded734b2e28e2277d8df4950c64.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047275; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka77dfdded734b2e28e2277d8df4950c64|02|to"; nocase; ) # u3649a0c0653e5f4b84de97e64db011211.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047276; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u3649a0c0653e5f4b84de97e64db011211|02|hk"; nocase; ) # x7d65288e5b9b423aae25ed4e7947b0719.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047277; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x7d65288e5b9b423aae25ed4e7947b0719|02|so"; nocase; ) # zfed4431c4c50df20b0d6277a81fee116b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047278; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zfed4431c4c50df20b0d6277a81fee116b|02|ws"; nocase; ) # a376408c4b268ba19f988b018663ca2a5b.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047279; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a376408c4b268ba19f988b018663ca2a5b|02|to"; nocase; ) # e70eb5f9b78aac377b64e939d41689bf82.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047280; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e70eb5f9b78aac377b64e939d41689bf82|02|tk"; nocase; ) # mc4c614bb2e76c0c959e76d1a856b3fd33.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047281; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mc4c614bb2e76c0c959e76d1a856b3fd33|02|tk"; nocase; ) # o0a99e8f77f93e5e94898dcc8a65b0f118.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047282; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0a99e8f77f93e5e94898dcc8a65b0f118|02|cc"; nocase; ) # ta7821e3c5f5032c342f68cbc54570c044.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047283; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ta7821e3c5f5032c342f68cbc54570c044|02|cn"; nocase; ) # u1d1229928511d78f8d504ebcf50e18ca5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047284; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u1d1229928511d78f8d504ebcf50e18ca5|02|tk"; nocase; ) # wa9630386f05839eec9fc5d53e1ba47a43.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047285; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wa9630386f05839eec9fc5d53e1ba47a43|02|cc"; nocase; ) # b64a515250c6ca0851cfe4e610584cc413.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047286; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b64a515250c6ca0851cfe4e610584cc413|02|cn"; nocase; ) # g941ce2cab19a46dda380b0a59d2f2b456.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047287; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g941ce2cab19a46dda380b0a59d2f2b456|02|to"; nocase; ) # m1733badb819b136d0ce1e704011ff51e7.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047288; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m1733badb819b136d0ce1e704011ff51e7|02|cc"; nocase; ) # n3792d9f93fd2a6b7d257e49bdd766a983.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047289; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n3792d9f93fd2a6b7d257e49bdd766a983|02|ws"; nocase; ) # qebb4df0d8b05069a0ecf3e207546a293b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047290; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qebb4df0d8b05069a0ecf3e207546a293b|02|hk"; nocase; ) # ye94e2b1a8ba2f2b804e1c29c5f1c42c76.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047291; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ye94e2b1a8ba2f2b804e1c29c5f1c42c76|02|hk"; nocase; ) # z68deb27c441454f782aedc6426eb5f9f2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047292; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z68deb27c441454f782aedc6426eb5f9f2|02|cn"; nocase; ) # h3e9a2aea8b7523e1cff2b07e42dba2393.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047293; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h3e9a2aea8b7523e1cff2b07e42dba2393|02|cn"; nocase; ) # i9ec53e8866b47cb41396fa45730a61574.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047294; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i9ec53e8866b47cb41396fa45730a61574|02|tk"; nocase; ) # j3d01ef57c7b56949fce2951867a1fbde0.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047295; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j3d01ef57c7b56949fce2951867a1fbde0|02|so"; nocase; ) # oc2a481fe2022ac1f64924cc30dda04a77.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047296; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc2a481fe2022ac1f64924cc30dda04a77|02|hk"; nocase; ) # sef20b64f56e82601110f290c3e8f518b6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047297; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sef20b64f56e82601110f290c3e8f518b6|02|cc"; nocase; ) # fb5a290d8bda08807b75b42497d978da09.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047298; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fb5a290d8bda08807b75b42497d978da09|02|cn"; nocase; ) # jf3bbabcffe724ee06d0f0a823c8e78234.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047299; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jf3bbabcffe724ee06d0f0a823c8e78234|02|ws"; nocase; ) # ocbd1adeb2f4f61eefbd20d36d57968ec2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047300; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ocbd1adeb2f4f61eefbd20d36d57968ec2|02|tk"; nocase; ) # u07f0470d92653dfe078229c71e3d9e59b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047301; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u07f0470d92653dfe078229c71e3d9e59b|02|hk"; nocase; ) # dd8c10908512847a5eb274c3c76c9e86f8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047302; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd8c10908512847a5eb274c3c76c9e86f8|02|cn"; nocase; ) # e1319cefcde9d10510938bff87c93ee084.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047303; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e1319cefcde9d10510938bff87c93ee084|02|tk"; nocase; ) # q5b279cabfae8c5e391c2dfab477342d9f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047304; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q5b279cabfae8c5e391c2dfab477342d9f|02|to"; nocase; ) # r0fb63c381930241d57ee0176eea96a920.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047305; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r0fb63c381930241d57ee0176eea96a920|02|in"; nocase; ) # v6d78a86b666a09683011b986aa529319d.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047306; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v6d78a86b666a09683011b986aa529319d|02|so"; nocase; ) # i4c337757ea2316c48926c1169f368b204.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047307; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i4c337757ea2316c48926c1169f368b204|02|hk"; nocase; ) # za9509f21be5a9c692c62a973c7fcbbe88.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047308; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|za9509f21be5a9c692c62a973c7fcbbe88|02|cn"; nocase; ) # cacf60d0640dddc42ac1c837e4787982c6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047309; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cacf60d0640dddc42ac1c837e4787982c6|02|cc"; nocase; ) # d36846a60327f9cd8be9a1ebaecfa4c597.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047310; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d36846a60327f9cd8be9a1ebaecfa4c597|02|ws"; nocase; ) # e7aeabdfaf84342c0b1fd6f1b5babc9c0c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047311; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e7aeabdfaf84342c0b1fd6f1b5babc9c0c|02|to"; nocase; ) # ha2c006a0f372cee83256f929a3ec83bb8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047312; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ha2c006a0f372cee83256f929a3ec83bb8|02|cn"; nocase; ) # i8ed0506b0bdf8e40ebf08c854945627f1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047313; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i8ed0506b0bdf8e40ebf08c854945627f1|02|tk"; nocase; ) # nde81a27b7c85ce5629369ea8a1e41b35f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047314; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nde81a27b7c85ce5629369ea8a1e41b35f|02|in"; nocase; ) # oa18b389f798bf9dce60ee7a63e4660b58.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047315; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oa18b389f798bf9dce60ee7a63e4660b58|02|hk"; nocase; ) # qd650fddcc03b68282faba85b29daf6f0a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047316; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qd650fddcc03b68282faba85b29daf6f0a|02|tk"; nocase; ) # r95024593aeae9bd73657c2fef35ef845a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047317; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r95024593aeae9bd73657c2fef35ef845a|02|so"; nocase; ) # s52721adc1f547c91095bdbad421f8fb96.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047318; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s52721adc1f547c91095bdbad421f8fb96|02|cc"; nocase; ) # l46fea2f6122f17d7800f7d2025393cc0f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047319; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l46fea2f6122f17d7800f7d2025393cc0f|02|in"; nocase; ) # rb04e9e606808190c084fdaa14013a7608.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047320; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb04e9e606808190c084fdaa14013a7608|02|ws"; nocase; ) # taed5bdfbd7ddaf8606a8599ec7384511e.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047321; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|taed5bdfbd7ddaf8606a8599ec7384511e|02|in"; nocase; ) # k30048f2ac47b5b18f58630448af63f7d6.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047322; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k30048f2ac47b5b18f58630448af63f7d6|02|hk"; nocase; ) # v10cdc0bcb3e6acf2a67bf6b2ab5c608bd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047323; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v10cdc0bcb3e6acf2a67bf6b2ab5c608bd|02|so"; nocase; ) # aecb965c6c41e98784fd354b00218546ef.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047324; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|aecb965c6c41e98784fd354b00218546ef|02|hk"; nocase; ) # c764b93054d0a1d103b1c059c157ecfdb5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047325; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c764b93054d0a1d103b1c059c157ecfdb5|02|tk"; nocase; ) # if66a5bcfaeeffdcf5c88f8c98bc514009.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047326; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|if66a5bcfaeeffdcf5c88f8c98bc514009|02|hk"; nocase; ) # k46b819b82de2f419c3c5d215161511718.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047327; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k46b819b82de2f419c3c5d215161511718|02|tk"; nocase; ) # o0968664b8d9998846cdaa768a2c6f3d18.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047328; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o0968664b8d9998846cdaa768a2c6f3d18|02|to"; nocase; ) # q8f631b94bf57dc3641624b0af9408dc61.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047329; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q8f631b94bf57dc3641624b0af9408dc61|02|hk"; nocase; ) # se558436823f74eaee7998b265ce9e1195.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047330; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|se558436823f74eaee7998b265ce9e1195|02|tk"; nocase; ) # u718aa0e7c2be745baa378e67319568cfb.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047331; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u718aa0e7c2be745baa378e67319568cfb|02|cc"; nocase; ) # v8c48a14be79ee0971ba267833559fb8de.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047332; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v8c48a14be79ee0971ba267833559fb8de|02|ws"; nocase; ) # abe54d55c56e7348e1f2c2fb716b345ebc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047333; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|abe54d55c56e7348e1f2c2fb716b345ebc|02|tk"; nocase; ) # da6e9b0045f42e21d2cd326e39244d12a0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047334; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|da6e9b0045f42e21d2cd326e39244d12a0|02|ws"; nocase; ) # g73b1654aa9b6b4eb86af6acce08da85af.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047335; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g73b1654aa9b6b4eb86af6acce08da85af|02|hk"; nocase; ) # nab467c05a863af33fabae6abd9578ea60.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047336; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nab467c05a863af33fabae6abd9578ea60|02|in"; nocase; ) # oc893dae80c209e296544bdc86131241df.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047337; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|oc893dae80c209e296544bdc86131241df|02|hk"; nocase; ) # x2d072743e45d99abb7536420774a597ff.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047338; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x2d072743e45d99abb7536420774a597ff|02|cn"; nocase; ) # d6be94ecdcde51010becb95448b3c7b93b.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047339; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d6be94ecdcde51010becb95448b3c7b93b|02|in"; nocase; ) # e3c44894704b547eab1c27697492adedee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047340; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e3c44894704b547eab1c27697492adedee|02|hk"; nocase; ) # kbb10c3cc79a6c40197e12516d01f4be71.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047341; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kbb10c3cc79a6c40197e12516d01f4be71|02|to"; nocase; ) # lc96ba7a069c96a12d979d9da950c03c84.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047342; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|lc96ba7a069c96a12d979d9da950c03c84|02|in"; nocase; ) # p7be630e915b698ad8026e3badcda5f20c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047343; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p7be630e915b698ad8026e3badcda5f20c|02|so"; nocase; ) # u9646fdbb244e03cfb7eebd93477ec3831.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047344; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u9646fdbb244e03cfb7eebd93477ec3831|02|hk"; nocase; ) # v4d679c4d3e79d54e5a3d25b342bcf04b7.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047345; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v4d679c4d3e79d54e5a3d25b342bcf04b7|02|cn"; nocase; ) # odf6eaba3bd7b909d35c510137fa65411a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047346; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|odf6eaba3bd7b909d35c510137fa65411a|02|cc"; nocase; ) # x99f3ee8bb917479ed0da2020eb7054146.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047347; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x99f3ee8bb917479ed0da2020eb7054146|02|ws"; nocase; ) # hcff16b7f924113ee044fe31180cba6e86.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047348; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hcff16b7f924113ee044fe31180cba6e86|02|in"; nocase; ) # jef882dcef812b217403a56d7d5080a3b8.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047349; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jef882dcef812b217403a56d7d5080a3b8|02|cn"; nocase; ) # bdf82597f5030e08dc29cc44005f15d627.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047350; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bdf82597f5030e08dc29cc44005f15d627|02|so"; nocase; ) # c37710e53e7b814e34eee5f1812cd56d42.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047351; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c37710e53e7b814e34eee5f1812cd56d42|02|cc"; nocase; ) # i838d822125d386308a7f4d9667d23e317.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047352; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i838d822125d386308a7f4d9667d23e317|02|tk"; nocase; ) # n1aa012be9edb5d2963e36472d0b790b3c.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047353; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n1aa012be9edb5d2963e36472d0b790b3c|02|in"; nocase; ) # w980bb25d77a879ffaafea7075da3a8f9b.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047354; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w980bb25d77a879ffaafea7075da3a8f9b|02|hk"; nocase; ) # x5385c64d6e734d0e89e701c32e8ec8310.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047355; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x5385c64d6e734d0e89e701c32e8ec8310|02|cn"; nocase; ) # a01b12ab0786607dfc6bd45b77038e8a47.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047356; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a01b12ab0786607dfc6bd45b77038e8a47|02|cc"; nocase; ) # c571530b41b7bfcdcc47aa23836b79cc51.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047357; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c571530b41b7bfcdcc47aa23836b79cc51|02|to"; nocase; ) # s7fd3fee79097909f1a33bf6fb5f780b08.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047358; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s7fd3fee79097909f1a33bf6fb5f780b08|02|to"; nocase; ) # te49f4d27dfed3dd0dc3daa92f54f440b0.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047359; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|te49f4d27dfed3dd0dc3daa92f54f440b0|02|in"; nocase; ) # u8b3ef5e60f81a52fabefc3b059cbec204.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047360; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u8b3ef5e60f81a52fabefc3b059cbec204|02|hk"; nocase; ) # d021f98f9fe4cd977d14444e48408e56a2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047361; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d021f98f9fe4cd977d14444e48408e56a2|02|cn"; nocase; ) # k00c161b820b4ec4330f7d01ad64350674.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047362; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k00c161b820b4ec4330f7d01ad64350674|02|hk"; nocase; ) # l96b607cf5e2bdd29dc47a7bdfea1c1257.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047363; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l96b607cf5e2bdd29dc47a7bdfea1c1257|02|cn"; nocase; ) # a6d4bb05d1ac7cd4a65c0618586d8875ae.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047364; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a6d4bb05d1ac7cd4a65c0618586d8875ae|02|hk"; nocase; ) # g58a62a9d39c46ccb6bbb5a9a61b8aeef8.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047365; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g58a62a9d39c46ccb6bbb5a9a61b8aeef8|02|to"; nocase; ) # m049706baeddb76c3d7b62af9c1ec44a58.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047366; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m049706baeddb76c3d7b62af9c1ec44a58|02|cc"; nocase; ) # v50b45ecdba300ba9f4d46aa938b895874.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047367; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v50b45ecdba300ba9f4d46aa938b895874|02|ws"; nocase; ) # bed0ef0adc7f005b9dc10bf9888aedb00a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047368; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|bed0ef0adc7f005b9dc10bf9888aedb00a|02|so"; nocase; ) # e4e551c55133c73abc10bb6c624534a34d.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047369; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e4e551c55133c73abc10bb6c624534a34d|02|to"; nocase; ) # f0154abcb2df50850d31cba31bbd26b936.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047370; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f0154abcb2df50850d31cba31bbd26b936|02|in"; nocase; ) # h28039659924da13326f7128309ef8606e.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047371; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h28039659924da13326f7128309ef8606e|02|cn"; nocase; ) # j760594dba2518cc40d8008b62159839b5.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047372; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j760594dba2518cc40d8008b62159839b5|02|so"; nocase; ) # n96461428193c51fea803c44df9ff43684.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047373; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n96461428193c51fea803c44df9ff43684|02|in"; nocase; ) # sadcd76c69d7d54faca40e1cf84922fa67.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047374; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|sadcd76c69d7d54faca40e1cf84922fa67|02|cc"; nocase; ) # v80995a0a8cb9a45c3868c03a849375331.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047375; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v80995a0a8cb9a45c3868c03a849375331|02|in"; nocase; ) # e54f08a5dd43a0e8f9aa2bb2d3ac321bdd.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047376; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e54f08a5dd43a0e8f9aa2bb2d3ac321bdd|02|hk"; nocase; ) # i26fde80bf5e5818dbdd9d3a8c9771c5d6.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047377; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i26fde80bf5e5818dbdd9d3a8c9771c5d6|02|cc"; nocase; ) # q89721a62066fb9c60d611856b72742992.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047378; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q89721a62066fb9c60d611856b72742992|02|cc"; nocase; ) # r67c8a1b5fecfd1293f6998c1385101041.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047379; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r67c8a1b5fecfd1293f6998c1385101041|02|ws"; nocase; ) # uc107b87010136a7b49fb02e90ceb19bee.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047380; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uc107b87010136a7b49fb02e90ceb19bee|02|hk"; nocase; ) # w1c3db3addeeb7cff78eb7a2612f430413.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047381; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w1c3db3addeeb7cff78eb7a2612f430413|02|tk"; nocase; ) # c87ada7cb60242e1ae13f3060e7429d86c.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047382; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c87ada7cb60242e1ae13f3060e7429d86c|02|hk"; nocase; ) # h46afde6ccba7cf33c5902c4600903cac9.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047383; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h46afde6ccba7cf33c5902c4600903cac9|02|ws"; nocase; ) # u5d50f7ac467c04e5ca888cde213d0b78e.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047384; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|u5d50f7ac467c04e5ca888cde213d0b78e|02|tk"; nocase; ) # y729d284af1b5af64d713a585e321f35c9.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047385; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y729d284af1b5af64d713a585e321f35c9|02|to"; nocase; ) # z1ca4bf8538092e4410951daba252e58c1.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047386; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z1ca4bf8538092e4410951daba252e58c1|02|in"; nocase; ) # a5e4124a72fb6e2d6a0834ae6f14fbe88d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047387; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a5e4124a72fb6e2d6a0834ae6f14fbe88d|02|hk"; nocase; ) # cb3d29e48bd988b0c45ab2c01fd6f7f835.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047388; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cb3d29e48bd988b0c45ab2c01fd6f7f835|02|tk"; nocase; ) # d97ef710bd899ad77aabe40d77351887dd.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047389; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d97ef710bd899ad77aabe40d77351887dd|02|so"; nocase; ) # j4d773e316960bd70e3ea4ce48297c3c2a.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047390; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4d773e316960bd70e3ea4ce48297c3c2a|02|cn"; nocase; ) # n376f0560bb63f29732a3e59af7dd5f576.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047391; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n376f0560bb63f29732a3e59af7dd5f576|02|ws"; nocase; ) # s0282674c8863c975cfd7e5cc58b74381c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047392; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s0282674c8863c975cfd7e5cc58b74381c|02|tk"; nocase; ) # m25f6f4fbace5154becf59b993d17d7a79.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047393; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m25f6f4fbace5154becf59b993d17d7a79|02|to"; nocase; ) # o50d5e850b7ab31c75f597e3387ea7fe91.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047394; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|o50d5e850b7ab31c75f597e3387ea7fe91|02|hk"; nocase; ) # tba0a1c883e62fa463195eda55aa18c8ee.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047395; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tba0a1c883e62fa463195eda55aa18c8ee|02|ws"; nocase; ) # yefd1f3b96637afac1a66532e3e82e6355.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047396; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|yefd1f3b96637afac1a66532e3e82e6355|02|tk"; nocase; ) # zd2b7028171d2041d9a7faa73bfef9cf81.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047397; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zd2b7028171d2041d9a7faa73bfef9cf81|02|so"; nocase; ) # f582772916df33e5f276931d9f1e45df64.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047398; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f582772916df33e5f276931d9f1e45df64|02|cn"; nocase; ) # jc13e53abc3385bd121290363abc47374f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047399; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jc13e53abc3385bd121290363abc47374f|02|ws"; nocase; ) # kaaf02335d9df7871653434b1a6b3e5bcf.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047400; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kaaf02335d9df7871653434b1a6b3e5bcf|02|to"; nocase; ) # tce73dba25962d5b00e6f55c6bfe86e7cd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047401; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|tce73dba25962d5b00e6f55c6bfe86e7cd|02|in"; nocase; ) # wad4fe5aeff13b1f175fcfc89f18bda398.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047402; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wad4fe5aeff13b1f175fcfc89f18bda398|02|tk"; nocase; ) # xd00984e18946b693ac9d6532c55b37018.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047403; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xd00984e18946b693ac9d6532c55b37018|02|so"; nocase; ) # ae3fa3959347254600ab8fa15867742750.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047404; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ae3fa3959347254600ab8fa15867742750|02|to"; nocase; ) # f39f3e5df7a694a832a1589babb2fd9ee2.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047405; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f39f3e5df7a694a832a1589babb2fd9ee2|02|so"; nocase; ) # x2ffb9118cae5d2755d475b2322d8c699a.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047406; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x2ffb9118cae5d2755d475b2322d8c699a|02|ws"; nocase; ) # a93c120531213ef2ca23b8365c52823412.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047407; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a93c120531213ef2ca23b8365c52823412|02|hk"; nocase; ) # m9b74acdfd55dce9ecd90eabb0edc036e3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047408; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m9b74acdfd55dce9ecd90eabb0edc036e3|02|cc"; nocase; ) # q2ea349f9863db59c2c21a09b8e519231e.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047409; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q2ea349f9863db59c2c21a09b8e519231e|02|hk"; nocase; ) # v0fb137fc3baeda739425465280aa500ad.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047410; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v0fb137fc3baeda739425465280aa500ad|02|ws"; nocase; ) # z38bbafff5afab86716d2dec845351f261.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047411; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z38bbafff5afab86716d2dec845351f261|02|cn"; nocase; ) # d4c1c879a10951bd59773044170b621aad.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047412; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d4c1c879a10951bd59773044170b621aad|02|ws"; nocase; ) # i350e7c5db50e3be9aab033b7d9e1b09bf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047413; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i350e7c5db50e3be9aab033b7d9e1b09bf|02|tk"; nocase; ) # j70fa0e76992b08a38d3d775aff4ac0d08.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047414; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j70fa0e76992b08a38d3d775aff4ac0d08|02|so"; nocase; ) # l02a807721d7ae38fbc623dd7e15c27e15.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047415; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l02a807721d7ae38fbc623dd7e15c27e15|02|ws"; nocase; ) # c4cef3590dfb6829a33637dda60558a750.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047416; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4cef3590dfb6829a33637dda60558a750|02|to"; nocase; ) # g28b85c7a94019400b5f62665f0d54b6a2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047417; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g28b85c7a94019400b5f62665f0d54b6a2|02|tk"; nocase; ) # i3de5eede48724e6c313b7d3cb4d752bfa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047418; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3de5eede48724e6c313b7d3cb4d752bfa|02|cc"; nocase; ) # n256780df5a20e01b5df5dfb583e4154f6.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047419; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n256780df5a20e01b5df5dfb583e4154f6|02|cn"; nocase; ) # p3bd7a853f2467783c88820c7cbadc5339.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047420; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p3bd7a853f2467783c88820c7cbadc5339|02|so"; nocase; ) # dea539aef32f69936c7c3268f34978100c.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047421; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dea539aef32f69936c7c3268f34978100c|02|cn"; nocase; ) # e9ed6a6c6461d877d4449745539c7ea3b0.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047422; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e9ed6a6c6461d877d4449745539c7ea3b0|02|tk"; nocase; ) # ga69199071b0343fbd08ac39bada9edd40.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047423; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ga69199071b0343fbd08ac39bada9edd40|02|cc"; nocase; ) # j956d87033211df60cf395f9526eb57176.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047424; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j956d87033211df60cf395f9526eb57176|02|in"; nocase; ) # ud9193eb37a0502e0ba880429513eb4e6f.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047425; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ud9193eb37a0502e0ba880429513eb4e6f|02|tk"; nocase; ) # xe81b6d1957240ef01e630df636d29ab89.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047426; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe81b6d1957240ef01e630df636d29ab89|02|ws"; nocase; ) # y83163e2aa0d94bc6398423fab622dafe4.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047427; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|y83163e2aa0d94bc6398423fab622dafe4|02|to"; nocase; ) # b27816c6ed150a0f6b51ce6b2d093ab4db.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047428; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b27816c6ed150a0f6b51ce6b2d093ab4db|02|cn"; nocase; ) # dd9c9caf172241147a083b33a0ccd7a26a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047429; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dd9c9caf172241147a083b33a0ccd7a26a|02|so"; nocase; ) # p5e562581900942195252ec372be2fd0d9.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047430; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p5e562581900942195252ec372be2fd0d9|02|in"; nocase; ) # rb6a92fdd9d479da627124bed35118dba2.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047431; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|rb6a92fdd9d479da627124bed35118dba2|02|cn"; nocase; ) # s861e9249009e587f31cd43047b5feabd2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047432; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s861e9249009e587f31cd43047b5feabd2|02|tk"; nocase; ) # xb802dc8af105154077c5cdbc528b6e1a3.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047433; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xb802dc8af105154077c5cdbc528b6e1a3|02|in"; nocase; ) # n9ffd54c1764d4ab808e7682c87201f45f.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047434; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n9ffd54c1764d4ab808e7682c87201f45f|02|in"; nocase; ) # ra75dfcc3864009f3b9080d0069df81157.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047435; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ra75dfcc3864009f3b9080d0069df81157|02|so"; nocase; ) # s5fb0a22367c75ac57c065189d7113bc1b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047436; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s5fb0a22367c75ac57c065189d7113bc1b|02|cc"; nocase; ) # xac7810f4b656fd34b04a14a421c186a55.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047437; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xac7810f4b656fd34b04a14a421c186a55|02|cn"; nocase; ) # zb748e52e3aaba1c542f5bce6b839cebeb.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047438; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zb748e52e3aaba1c542f5bce6b839cebeb|02|so"; nocase; ) # a1739b2393413ebb5eab0840bb3ad4c2fc.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047439; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1739b2393413ebb5eab0840bb3ad4c2fc|02|cc"; nocase; ) # b60ab920cbcd6d1cfb889d9fb36008672c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047440; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b60ab920cbcd6d1cfb889d9fb36008672c|02|ws"; nocase; ) # dcd46e92cb8dc5b5a17c6c5f6055572bba.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047441; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|dcd46e92cb8dc5b5a17c6c5f6055572bba|02|in"; nocase; ) # f8afbd980c05354251f083d6d94acdb313.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047442; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8afbd980c05354251f083d6d94acdb313|02|cn"; nocase; ) # hc7413b4f0f9d668208c44c1d89f1d5a5c.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047443; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hc7413b4f0f9d668208c44c1d89f1d5a5c|02|so"; nocase; ) # jd2995e2eff0f26782ecb52494f6a67cee.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047444; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|jd2995e2eff0f26782ecb52494f6a67cee|02|ws"; nocase; ) # r9ee57bc8caad6c442c45a9440fabaa8d0.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047445; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r9ee57bc8caad6c442c45a9440fabaa8d0|02|ws"; nocase; ) # t833f142d5a04f764b696b0b135804ad21.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047446; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|t833f142d5a04f764b696b0b135804ad21|02|in"; nocase; ) # w5b87ceab40e2ed8d970c33ed5ac6eaadd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047447; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5b87ceab40e2ed8d970c33ed5ac6eaadd|02|tk"; nocase; ) # x94913301eb35aaffb7242f36401f97027.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047448; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x94913301eb35aaffb7242f36401f97027|02|so"; nocase; ) # z80811c097fc5a8cd0d5ec8cd3f894462c.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047449; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z80811c097fc5a8cd0d5ec8cd3f894462c|02|ws"; nocase; ) # g516d4fc55927a16e3116521edd467951b.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047450; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g516d4fc55927a16e3116521edd467951b|02|cc"; nocase; ) # idee34435de7f33b4b204b57f900e4777a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047451; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|idee34435de7f33b4b204b57f900e4777a|02|to"; nocase; ) # m9a82fd1d613ce2d0021c20b7a736dc6e6.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047452; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m9a82fd1d613ce2d0021c20b7a736dc6e6|02|tk"; nocase; ) # x1ed7fb96d7b6ef44ca3da26234c6dfcc7.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047453; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x1ed7fb96d7b6ef44ca3da26234c6dfcc7|02|ws"; nocase; ) # eceb7ddbb6d0cbf2e71b5123546bb3c12a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047454; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|eceb7ddbb6d0cbf2e71b5123546bb3c12a|02|cc"; nocase; ) # k3a807e2cfb98c5673ea41be1ec8e649b8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047455; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k3a807e2cfb98c5673ea41be1ec8e649b8|02|tk"; nocase; ) # e13672f581c66fbe59f1d50e9ed0445a15.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047456; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e13672f581c66fbe59f1d50e9ed0445a15|02|hk"; nocase; ) # i78d061c4687cf29b0fb0692b628893b12.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047457; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i78d061c4687cf29b0fb0692b628893b12|02|cc"; nocase; ) # m0d2e84f8473e7aa4dc6ddc36db2ce85fa.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047458; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m0d2e84f8473e7aa4dc6ddc36db2ce85fa|02|hk"; nocase; ) # v9e5c1538b9e48a8d1368bc47199c75597.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047459; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v9e5c1538b9e48a8d1368bc47199c75597|02|cn"; nocase; ) # xe8c29dfd59085220aa95c36e19d49a06b.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047460; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xe8c29dfd59085220aa95c36e19d49a06b|02|so"; nocase; ) # ab80cbe27da122777ca6266b4f0d8c47e3.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047461; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ab80cbe27da122777ca6266b4f0d8c47e3|02|to"; nocase; ) # b0aa49a12939583f1f9255bd8372e0c4ec.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047462; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b0aa49a12939583f1f9255bd8372e0c4ec|02|in"; nocase; ) # c7b99e64854c18e525ff6be7021be8dc16.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047463; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c7b99e64854c18e525ff6be7021be8dc16|02|hk"; nocase; ) # f8fb9e7a7cda19083cb8d813d2aa8bdd59.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047464; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f8fb9e7a7cda19083cb8d813d2aa8bdd59|02|so"; nocase; ) # h49ef2a2af25c391ecbf2c59e97bd64456.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047465; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h49ef2a2af25c391ecbf2c59e97bd64456|02|ws"; nocase; ) # j19e7696119cf3bc729b8a505acfec31de.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047466; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j19e7696119cf3bc729b8a505acfec31de|02|in"; nocase; ) # ke16f77b21f9eca89da996556c43e18958.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047467; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ke16f77b21f9eca89da996556c43e18958|02|hk"; nocase; ) # n8305034864009778d79a3793a36efa44a.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047468; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|n8305034864009778d79a3793a36efa44a|02|so"; nocase; ) # gc9cfdd5c02f40beb9d040590c3352e715.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047469; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gc9cfdd5c02f40beb9d040590c3352e715|02|to"; nocase; ) # m71ec9d6a7e56717ec97b0a03118594d0a.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047470; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|m71ec9d6a7e56717ec97b0a03118594d0a|02|cc"; nocase; ) # pb4d121eb6e472d568d7f7f510739e11fe.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047471; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pb4d121eb6e472d568d7f7f510739e11fe|02|in"; nocase; ) # uce2d728e2c3a7b1dc5756fcd8ef996272.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047472; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|uce2d728e2c3a7b1dc5756fcd8ef996272|02|cc"; nocase; ) # ya600c5b392f430f3ff0fc5320e635e43d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047473; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ya600c5b392f430f3ff0fc5320e635e43d|02|hk"; nocase; ) # z7edd6c23d9289d94eb62e97fe33ef3b31.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047474; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z7edd6c23d9289d94eb62e97fe33ef3b31|02|cn"; nocase; ) # c7cf82bae2e180f266ae7380621ff572fa.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047475; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c7cf82bae2e180f266ae7380621ff572fa|02|cc"; nocase; ) # g52d1ed135f8aa7aa3038fd44f4ebcf212.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047476; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g52d1ed135f8aa7aa3038fd44f4ebcf212|02|hk"; nocase; ) # ka15413627141247e68ba381e5917e9cb3.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047477; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ka15413627141247e68ba381e5917e9cb3|02|cc"; nocase; ) # me961012a0e405ce9773f834b9670abd0c.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047478; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|me961012a0e405ce9773f834b9670abd0c|02|to"; nocase; ) # p969e8a7e65728c075a14d860bf9bca8a1.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047479; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p969e8a7e65728c075a14d860bf9bca8a1|02|cn"; nocase; ) # v20f499edc90b98f3501ebbcceb50c2432.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047480; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|v20f499edc90b98f3501ebbcceb50c2432|02|in"; nocase; ) # zd45d515b964c230ff81a4d89144dc0b19.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047481; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zd45d515b964c230ff81a4d89144dc0b19|02|so"; nocase; ) # d0367e2fa8c751e831b18ac25a1541b3dd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047482; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d0367e2fa8c751e831b18ac25a1541b3dd|02|in"; nocase; ) # j4d3661b63ada252f48fd9fc5f7d0da70f.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047483; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|j4d3661b63ada252f48fd9fc5f7d0da70f|02|ws"; nocase; ) # kfc4140d2d74c95164566a7532d7b46692.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047484; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|kfc4140d2d74c95164566a7532d7b46692|02|to"; nocase; ) # x681c56dd3dde797e02491f069d37137d8.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047485; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x681c56dd3dde797e02491f069d37137d8|02|so"; nocase; ) # gf93cd3da13d75e6052063b5b2dca57803.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047486; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|gf93cd3da13d75e6052063b5b2dca57803|02|cc"; nocase; ) # k891438b451ca70d73ebcab0c705b9bdd9.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047487; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|k891438b451ca70d73ebcab0c705b9bdd9|02|hk"; nocase; ) # la0ee650e838428f134fe3b8b31dc41ecf.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047488; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|la0ee650e838428f134fe3b8b31dc41ecf|02|cn"; nocase; ) # r8646b0cf66283b141ce2925277f01e62a.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047489; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r8646b0cf66283b141ce2925277f01e62a|02|in"; nocase; ) # w5c9d7a8f8f85da3b6c49c6902c610fe74.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047490; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|w5c9d7a8f8f85da3b6c49c6902c610fe74|02|cc"; nocase; ) # x92b96e43b2ae69e580bad701ad954128b.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047491; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|x92b96e43b2ae69e580bad701ad954128b|02|ws"; nocase; ) # c5efd08135f9812c20a6bad327eff6ddc8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047492; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c5efd08135f9812c20a6bad327eff6ddc8|02|tk"; nocase; ) # h26e67a6c8e7719dffeedcfafc4295f8db.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047493; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|h26e67a6c8e7719dffeedcfafc4295f8db|02|in"; nocase; ) # obf27f55cd7b8012b1e0745d2127f3a1f5.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047494; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|obf27f55cd7b8012b1e0745d2127f3a1f5|02|to"; nocase; ) # zd1b02b953a2b5668649f41049401d43f5.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047495; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|zd1b02b953a2b5668649f41049401d43f5|02|cn"; nocase; ) # b9bdf19335e1f383810422ec39059a5bff.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047496; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|b9bdf19335e1f383810422ec39059a5bff|02|so"; nocase; ) # cfe13a6295ae69db994daf4e9e7118c891.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047497; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|cfe13a6295ae69db994daf4e9e7118c891|02|cc"; nocase; ) # e191e914e29a59dfdd251542d2fb509fc7.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047498; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|e191e914e29a59dfdd251542d2fb509fc7|02|to"; nocase; ) # he15e3ae4929357d6d958efff64fb65937.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047499; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|he15e3ae4929357d6d958efff64fb65937|02|cn"; nocase; ) # qae117147f82580cb061715c1781d8ac23.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047500; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qae117147f82580cb061715c1781d8ac23|02|tk"; nocase; ) # d118b7e0a11cd98091c2b2a535f44f5f24.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047501; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|d118b7e0a11cd98091c2b2a535f44f5f24|02|in"; nocase; ) # fc47bfc94f164eb08760b37525f854f551.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047502; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|fc47bfc94f164eb08760b37525f854f551|02|cn"; nocase; ) # g1917f9147d19af4404179fd5cd8064ebd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047503; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|g1917f9147d19af4404179fd5cd8064ebd|02|tk"; nocase; ) # acd8551697d5e41da575866e770661a23f.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047504; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|acd8551697d5e41da575866e770661a23f|02|to"; nocase; ) # hd9fcf64c92d109ce2272f652d5de2bc63.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047505; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|hd9fcf64c92d109ce2272f652d5de2bc63|02|ws"; nocase; ) # nb672eecf3497016f299d485f98a72b3a9.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047506; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|nb672eecf3497016f299d485f98a72b3a9|02|so"; nocase; ) # p6b7a87fafcfc0ad48a7b4743c0e0519a6.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047507; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|p6b7a87fafcfc0ad48a7b4743c0e0519a6|02|ws"; nocase; ) # r7eac2ed3f1a2d8b516a0db2faeb708473.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047508; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|r7eac2ed3f1a2d8b516a0db2faeb708473|02|in"; nocase; ) # xc8e284a282a8c4baa99d7d5df9123e121.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047509; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|xc8e284a282a8c4baa99d7d5df9123e121|02|ws"; nocase; ) # z0fe7753254694cc26fb49be6bea5948ee.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047510; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|z0fe7753254694cc26fb49be6bea5948ee|02|in"; nocase; ) # a1839128144524f1f83ae14c013b48541d.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047511; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a1839128144524f1f83ae14c013b48541d|02|hk"; nocase; ) # f89cef1605a7b717b660742e49d462fdde.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047512; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|f89cef1605a7b717b660742e49d462fdde|02|ws"; nocase; ) # l7f123d5b7b609e30e31c39990430a8fbf.so [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047513; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|l7f123d5b7b609e30e31c39990430a8fbf|02|so"; nocase; ) # pf015380282e506567012cee14551f2e07.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047514; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|pf015380282e506567012cee14551f2e07|02|in"; nocase; ) # s42e31fdf0de38ca639299be391fda4f00.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047515; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|s42e31fdf0de38ca639299be391fda4f00|02|tk"; nocase; ) # ue882383d471cdcb9c3f23a0dc65fd8bec.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047516; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|ue882383d471cdcb9c3f23a0dc65fd8bec|02|cc"; nocase; ) # wdfbd0af8650b887789f742ee83cf010fe.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047517; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|wdfbd0af8650b887789f742ee83cf010fe|02|to"; nocase; ) # c4e486dba0ee6dbe0ce20a46a255364102.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047518; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|c4e486dba0ee6dbe0ce20a46a255364102|02|cc"; nocase; ) # i3bddeb6abe667c50d679164504a61faed.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047519; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|i3bddeb6abe667c50d679164504a61faed|02|tk"; nocase; ) # qe23b528d8b10ad11167bfe7194eec6917.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047520; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|qe23b528d8b10ad11167bfe7194eec6917|02|tk"; nocase; ) # a51f6b356a1aed0c6f535ce4e668c95bc2.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047521; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|a51f6b356a1aed0c6f535ce4e668c95bc2|02|cc"; nocase; ) # mb937a8ca0c4d27dde838fe8388c8b4e02.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047522; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|mb937a8ca0c4d27dde838fe8388c8b4e02|02|hk"; nocase; ) # q56e626b6fbb38f1e33dfd3c29cf0a07ad.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047523; reference:url,osint.bambenekconsulting.com/manual/dyre.txt; priority:1; content:"|22|q56e626b6fbb38f1e33dfd3c29cf0a07ad|02|cc"; nocase; ) # 2qn1pkvglidmn5vclen1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047524; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|14|2qn1pkvglidmn5vclen1|04|ddns|03|net"; nocase; ) # avapmxcrkj36yf5fovc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047525; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|avapmxcrkj36yf5fovc|04|ddns|03|net"; nocase; ) # idanw4mjuv70sloh5xk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047526; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|idanw4mjuv70sloh5xk|04|ddns|03|net"; nocase; ) # 76whqja634e830g27jedqdq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047527; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|76whqja634e830g27jedqdq|04|ddns|03|net"; nocase; ) # s03rcluvg2gdg6q07h1lud5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047528; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|s03rcluvg2gdg6q07h1lud5|04|ddns|03|net"; nocase; ) # gp1bg6a4o874ad74gp10s05.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047529; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|gp1bg6a4o874ad74gp10s05|04|ddns|03|net"; nocase; ) # itct5d3f7ty6mdg4ih5pwnm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047530; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|itct5d3f7ty6mdg4ih5pwnm|04|ddns|03|net"; nocase; ) # 5f7na2o0cx3r1b3n3bulwrg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047531; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|5f7na2o0cx3r1b3n3bulwrg|04|ddns|03|net"; nocase; ) # s0efg6aneb303fk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047532; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|s0efg6aneb303fk|04|ddns|03|net"; nocase; ) # sxsru438u2qtk8s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047533; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|sxsru438u2qtk8s|04|ddns|03|net"; nocase; ) # kr16yfi6ufw856qr1ro.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047534; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|kr16yfi6ufw856qr1ro|04|ddns|03|net"; nocase; ) # mhsjajsdgrk0cn5ra8kxa8g.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047535; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|mhsjajsdgrk0cn5ra8kxa8g|04|ddns|03|net"; nocase; ) # 72ojgfsdaf5vmdgvmje83v5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047536; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|72ojgfsdaf5vmdgvmje83v5|04|ddns|03|net"; nocase; ) # kr3twtoj1febmxe4stkbmrk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047537; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|kr3twtoj1febmxe4stkbmrk|04|ddns|03|net"; nocase; ) # 1tahgt3j5tgvm01ve8c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047538; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|1tahgt3j5tgvm01ve8c|04|ddns|03|net"; nocase; ) # sjw6sdi0uhwnitm4etmtsn5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047539; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|sjw6sdi0uhwnitm4etmtsn5|04|ddns|03|net"; nocase; ) # 3duhohirwrwnmha.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047540; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|3duhohirwrwnmha|04|ddns|03|net"; nocase; ) # wd1pmdspubi4cbk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047541; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|wd1pmdspubi4cbk|04|ddns|03|net"; nocase; ) # gvefq836ujmfy8slcj1r3v1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047542; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|17|gvefq836ujmfy8slcj1r3v1|04|ddns|03|net"; nocase; ) # 7lin5v5rglur1b7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047543; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|7lin5v5rglur1b7|04|ddns|03|net"; nocase; ) # qxa4at1r107lst3to67.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047544; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|13|qxa4at1r107lst3to67|04|ddns|03|net"; nocase; ) # hanfdebomr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047545; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hanfdebomr|03|org"; nocase; ) # wyymrraadmy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047546; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wyymrraadmy|03|org"; nocase; ) # tujgaqak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047547; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tujgaqak|03|com"; nocase; ) # tfyzpny.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047548; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|tfyzpny|03|biz"; nocase; ) # kmqajyman.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047549; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|kmqajyman|03|com"; nocase; ) # uvgyuzkst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047550; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|uvgyuzkst|03|net"; nocase; ) # xypezogcdqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047551; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|xypezogcdqb|03|biz"; nocase; ) # mhnrvbii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047552; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mhnrvbii|03|com"; nocase; ) # sphbejrtcc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047553; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sphbejrtcc|03|com"; nocase; ) # xzqstos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047554; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|xzqstos|03|biz"; nocase; ) # ecirdhy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047555; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ecirdhy|03|com"; nocase; ) # fbrckbpl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047556; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|fbrckbpl|03|biz"; nocase; ) # cdumujwbrqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047557; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cdumujwbrqf|03|biz"; nocase; ) # qyvzehltgkc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047558; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|qyvzehltgkc|03|org"; nocase; ) # hhmrfhamid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047559; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hhmrfhamid|03|com"; nocase; ) # clmsxtsn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047560; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|clmsxtsn|03|net"; nocase; ) # thbpks.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047561; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|thbpks|03|org"; nocase; ) # eoksdssmwkx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047562; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|eoksdssmwkx|03|org"; nocase; ) # xqpkrtvqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047563; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xqpkrtvqz|03|biz"; nocase; ) # mvoiuczuvqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047564; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mvoiuczuvqz|03|biz"; nocase; ) # axqvja.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047565; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|axqvja|03|org"; nocase; ) # sqxnqga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047566; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sqxnqga|03|com"; nocase; ) # jgkoilq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047567; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jgkoilq|03|org"; nocase; ) # crpeiaxyqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047568; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|crpeiaxyqq|03|biz"; nocase; ) # zbygqwos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047569; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|zbygqwos|03|biz"; nocase; ) # rfxmotsz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047570; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rfxmotsz|03|net"; nocase; ) # fgbfjag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047571; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fgbfjag|03|com"; nocase; ) # dexozsmf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047572; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|dexozsmf|03|org"; nocase; ) # xaryedkuj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047573; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xaryedkuj|03|net"; nocase; ) # qgaezf.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047574; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qgaezf|04|info"; nocase; ) # ovdlbldpwcs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047575; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ovdlbldpwcs|03|com"; nocase; ) # jjrcxwvrgme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047576; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jjrcxwvrgme|03|org"; nocase; ) # qfiypq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047577; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qfiypq|03|biz"; nocase; ) # eleqgq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047578; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|eleqgq|03|com"; nocase; ) # dohypbthsc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047579; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|dohypbthsc|03|net"; nocase; ) # xbncbgarl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047580; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xbncbgarl|03|net"; nocase; ) # bidlxysexq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047581; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bidlxysexq|04|info"; nocase; ) # qmjtsa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047582; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qmjtsa|03|net"; nocase; ) # sbdpgdhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047583; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|sbdpgdhl|03|com"; nocase; ) # wdrmzbibr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047584; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|wdrmzbibr|03|com"; nocase; ) # oihzbtals.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047585; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|oihzbtals|03|org"; nocase; ) # hkdnsmupta.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047586; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hkdnsmupta|03|net"; nocase; ) # dtrgnfg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047587; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dtrgnfg|03|com"; nocase; ) # xxcxmz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047588; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xxcxmz|03|org"; nocase; ) # pqmimipqiu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047589; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pqmimipqiu|03|com"; nocase; ) # ngfqarh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047590; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ngfqarh|03|net"; nocase; ) # oiqnynx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047591; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|oiqnynx|03|biz"; nocase; ) # xjwbexiaaj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047592; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|xjwbexiaaj|03|com"; nocase; ) # tdhnpochti.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047593; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|tdhnpochti|03|net"; nocase; ) # nefuxfjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047594; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|nefuxfjh|03|org"; nocase; ) # pmiwaakns.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047595; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pmiwaakns|03|biz"; nocase; ) # vjmkusbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047596; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vjmkusbt|03|com"; nocase; ) # lqhtrwwwdoy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047597; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|lqhtrwwwdoy|03|biz"; nocase; ) # bavyvsgtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047598; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bavyvsgtz|03|net"; nocase; ) # pgqeqgkuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047599; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|pgqeqgkuq|03|net"; nocase; ) # rbsndepbd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047600; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|rbsndepbd|03|com"; nocase; ) # trvkjbuo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047601; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|trvkjbuo|03|net"; nocase; ) # vommsw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047602; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vommsw|03|net"; nocase; ) # ofjpiiqm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047603; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ofjpiiqm|03|biz"; nocase; ) # ozcwwly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047604; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ozcwwly|03|org"; nocase; ) # jmjlfrs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047605; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jmjlfrs|03|net"; nocase; ) # hrdwmzmr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047606; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hrdwmzmr|03|org"; nocase; ) # fdtaqnb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047607; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|fdtaqnb|03|biz"; nocase; ) # jzhaza.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047608; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|jzhaza|04|info"; nocase; ) # likuvwpeuqm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047609; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|likuvwpeuqm|03|biz"; nocase; ) # bsgmjams.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047610; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|bsgmjams|03|org"; nocase; ) # ejxvukpgrua.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047611; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ejxvukpgrua|03|net"; nocase; ) # maescnig.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047612; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|maescnig|03|com"; nocase; ) # victqulj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047613; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|victqulj|03|org"; nocase; ) # emtpqabijm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047614; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|emtpqabijm|03|org"; nocase; ) # zbvldwnjz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047615; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|zbvldwnjz|03|org"; nocase; ) # qpolciya.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047616; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qpolciya|04|info"; nocase; ) # umjxiuiabhm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047617; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|umjxiuiabhm|03|com"; nocase; ) # shertrksjid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047618; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|shertrksjid|03|com"; nocase; ) # cqoxrtshc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047619; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|cqoxrtshc|03|com"; nocase; ) # rbzqcfw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047620; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rbzqcfw|03|com"; nocase; ) # afnrupmsl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047621; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|afnrupmsl|03|net"; nocase; ) # yuspqdzwq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047622; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yuspqdzwq|04|info"; nocase; ) # vsojulpg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047623; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vsojulpg|03|biz"; nocase; ) # wkfzfex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047624; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|wkfzfex|03|com"; nocase; ) # ueoovmwuarq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047625; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ueoovmwuarq|03|net"; nocase; ) # gvlixsbqd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047626; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|gvlixsbqd|03|biz"; nocase; ) # jgmhrweebq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047627; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jgmhrweebq|03|com"; nocase; ) # fatisoeph.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047628; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|fatisoeph|03|biz"; nocase; ) # vqeqqxh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047629; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|vqeqqxh|04|info"; nocase; ) # spjedaerbvr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047630; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|spjedaerbvr|04|info"; nocase; ) # osqnizfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047631; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|osqnizfu|03|com"; nocase; ) # eevackep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047632; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|eevackep|03|com"; nocase; ) # medekza.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047633; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|medekza|04|info"; nocase; ) # frkafilckc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047634; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|frkafilckc|03|org"; nocase; ) # dylioaz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047635; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|dylioaz|03|com"; nocase; ) # cprhgihqysa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047636; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|cprhgihqysa|03|net"; nocase; ) # mxrmitqdlgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047637; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|mxrmitqdlgd|03|com"; nocase; ) # houqpari.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047638; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|houqpari|03|net"; nocase; ) # duovafet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047639; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|duovafet|03|com"; nocase; ) # ptkjnamwd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047640; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ptkjnamwd|04|info"; nocase; ) # setfiyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047641; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|setfiyq|04|info"; nocase; ) # edwezzfjgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047642; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|edwezzfjgf|03|com"; nocase; ) # vrthpyvtflp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047643; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|vrthpyvtflp|03|org"; nocase; ) # hprmgesy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047644; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|hprmgesy|03|net"; nocase; ) # jalhhcrgyg.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047645; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|jalhhcrgyg|04|info"; nocase; ) # twqbxcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047646; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|twqbxcu|03|com"; nocase; ) # ilscyfsejg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047647; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ilscyfsejg|03|org"; nocase; ) # lxqfep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047648; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|lxqfep|03|com"; nocase; ) # uauaxtit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047649; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|uauaxtit|03|com"; nocase; ) # sywipn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047650; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|sywipn|03|biz"; nocase; ) # abwmbffyq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047651; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|abwmbffyq|04|info"; nocase; ) # jswmyazr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047652; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|jswmyazr|04|info"; nocase; ) # iugnvzu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047653; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|iugnvzu|04|info"; nocase; ) # xdtsmoyj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047654; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xdtsmoyj|04|info"; nocase; ) # pshzuyhaug.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047655; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|pshzuyhaug|03|net"; nocase; ) # vvgumcpwdo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047656; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vvgumcpwdo|03|com"; nocase; ) # oqfsdflfxi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047657; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|oqfsdflfxi|04|info"; nocase; ) # ekiqnfaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047658; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|ekiqnfaf|03|com"; nocase; ) # diuurzr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047659; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|diuurzr|04|info"; nocase; ) # gzstwfhv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047660; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|gzstwfhv|03|com"; nocase; ) # dnbkzc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047661; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dnbkzc|04|info"; nocase; ) # uqtinrnyav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047662; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|uqtinrnyav|03|com"; nocase; ) # kstvpk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047663; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|kstvpk|03|biz"; nocase; ) # bzgwealhq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047664; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bzgwealhq|03|com"; nocase; ) # mymlej.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047665; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|mymlej|03|com"; nocase; ) # zfqsajl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047666; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zfqsajl|03|org"; nocase; ) # fkznwt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047667; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fkznwt|04|info"; nocase; ) # okgbhznzu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047668; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|okgbhznzu|04|info"; nocase; ) # hjjizjucdq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047669; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|hjjizjucdq|03|com"; nocase; ) # fupjhe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047670; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|fupjhe|03|com"; nocase; ) # gsohpt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047671; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|gsohpt|03|biz"; nocase; ) # bolbngzpw.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047672; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bolbngzpw|03|biz"; nocase; ) # rzmhrjnlawq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047673; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|rzmhrjnlawq|04|info"; nocase; ) # yhlywazzs.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047674; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|yhlywazzs|04|info"; nocase; ) # mbfakkgrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047675; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|mbfakkgrd|03|net"; nocase; ) # xgoyeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047676; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xgoyeb|03|com"; nocase; ) # bhvlls.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047677; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|bhvlls|03|org"; nocase; ) # mdyygkwp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047678; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|mdyygkwp|04|info"; nocase; ) # ojnamos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047679; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ojnamos|03|biz"; nocase; ) # tsaraxqaq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047680; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tsaraxqaq|03|com"; nocase; ) # bokbitcrpbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047681; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|bokbitcrpbt|03|com"; nocase; ) # vvbsweksv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047682; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|vvbsweksv|03|net"; nocase; ) # kxeltvwdgx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047683; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|kxeltvwdgx|03|com"; nocase; ) # dnqcwu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047684; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dnqcwu|04|info"; nocase; ) # btxaascueme.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047685; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|btxaascueme|03|org"; nocase; ) # ncfwzq.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047686; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ncfwzq|04|info"; nocase; ) # weqkcxuzkvm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047687; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|weqkcxuzkvm|04|info"; nocase; ) # xxfrqblv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047688; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|xxfrqblv|03|org"; nocase; ) # tvzkxevj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047689; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|tvzkxevj|04|info"; nocase; ) # wbfsgbxmdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047690; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|wbfsgbxmdb|03|com"; nocase; ) # lzhsnywy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047691; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lzhsnywy|04|info"; nocase; ) # vsbhqs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047692; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|vsbhqs|03|biz"; nocase; ) # csaeivfo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047693; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|csaeivfo|03|com"; nocase; ) # qimgkylwho.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047694; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|qimgkylwho|03|com"; nocase; ) # vclsxfnvqq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047695; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|vclsxfnvqq|03|biz"; nocase; ) # kwyeoehh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047696; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|kwyeoehh|03|com"; nocase; ) # ymztneidoca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047697; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ymztneidoca|03|com"; nocase; ) # xbbitm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047698; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|xbbitm|03|net"; nocase; ) # umahbpdgfu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047699; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|umahbpdgfu|03|com"; nocase; ) # lkokszfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047700; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|lkokszfy|03|com"; nocase; ) # qdxxzok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047701; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qdxxzok|03|biz"; nocase; ) # ylrvxzveqz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047702; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ylrvxzveqz|03|biz"; nocase; ) # ghykhpavlc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047703; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ghykhpavlc|03|org"; nocase; ) # ichdhkgae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047704; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|ichdhkgae|03|com"; nocase; ) # qwbpqiqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047705; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|qwbpqiqg|03|biz"; nocase; ) # yuizonz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047706; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|yuizonz|03|biz"; nocase; ) # zzwzolffjop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047707; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|zzwzolffjop|03|biz"; nocase; ) # qtjrhkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047708; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|qtjrhkj|03|org"; nocase; ) # rbfueps.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047709; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rbfueps|03|biz"; nocase; ) # jgthwqflxll.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047710; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jgthwqflxll|03|org"; nocase; ) # ayanwgftjct.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047711; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|ayanwgftjct|03|com"; nocase; ) # slfjkfq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047712; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|slfjkfq|03|com"; nocase; ) # bmxksjiaox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047713; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|bmxksjiaox|03|biz"; nocase; ) # vatmqlrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047714; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vatmqlrg|03|net"; nocase; ) # gflmypjnwvu.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047715; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|gflmypjnwvu|04|info"; nocase; ) # czgyowsvly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047716; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|czgyowsvly|03|org"; nocase; ) # knppbhqg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047717; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|knppbhqg|03|biz"; nocase; ) # chyvghwd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047718; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|chyvghwd|04|info"; nocase; ) # grwpyoryos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047719; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|grwpyoryos|03|biz"; nocase; ) # bkwtekv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047720; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|bkwtekv|03|org"; nocase; ) # epnhkcwkr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047721; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|epnhkcwkr|03|org"; nocase; ) # rwyhttq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047722; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rwyhttq|03|net"; nocase; ) # zbudrai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047723; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|zbudrai|03|com"; nocase; ) # mmqbrtc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047724; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|mmqbrtc|03|net"; nocase; ) # rnuuueidgy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047725; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rnuuueidgy|03|com"; nocase; ) # ndnvvi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047726; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ndnvvi|04|info"; nocase; ) # rpvsnsyrak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047727; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|rpvsnsyrak|03|com"; nocase; ) # hlfbuqbkj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047728; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|hlfbuqbkj|03|org"; nocase; ) # rogknjzk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047729; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|rogknjzk|04|info"; nocase; ) # eihvwgmri.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047730; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|eihvwgmri|03|net"; nocase; ) # ryncjj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047731; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|ryncjj|03|org"; nocase; ) # wwljkfqhtqf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047732; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|wwljkfqhtqf|03|biz"; nocase; ) # cjhgntwlqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047733; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|cjhgntwlqo|03|biz"; nocase; ) # jmvdhpn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047734; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|jmvdhpn|03|biz"; nocase; ) # sxncodwjzi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047735; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|sxncodwjzi|04|info"; nocase; ) # nnvmigx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047736; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|nnvmigx|03|com"; nocase; ) # peuerxk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047737; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|peuerxk|04|info"; nocase; ) # dyxqlw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047738; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|dyxqlw|03|org"; nocase; ) # ikyadpshqe.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047739; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|ikyadpshqe|03|biz"; nocase; ) # sztjmtz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047740; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|sztjmtz|03|net"; nocase; ) # uddpsrj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047741; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|uddpsrj|03|net"; nocase; ) # tyuisqdlh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047742; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|tyuisqdlh|03|org"; nocase; ) # ywjigrd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047743; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ywjigrd|03|net"; nocase; ) # vfvntfux.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047744; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|vfvntfux|03|net"; nocase; ) # wkebtt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047745; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|wkebtt|03|net"; nocase; ) # jeslsjlmqzp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047746; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|jeslsjlmqzp|04|info"; nocase; ) # txfgzqhi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047747; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|txfgzqhi|03|com"; nocase; ) # cqrkpzuu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047748; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|cqrkpzuu|03|net"; nocase; ) # mapnxdqlau.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047749; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|mapnxdqlau|03|com"; nocase; ) # uedlxcgihtn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047750; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0b|uedlxcgihtn|03|net"; nocase; ) # rutmjnr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047751; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|rutmjnr|03|biz"; nocase; ) # xzyjorifk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047752; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|xzyjorifk|03|com"; nocase; ) # viprbozm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047753; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|08|viprbozm|04|info"; nocase; ) # ftthcpr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047754; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|ftthcpr|03|biz"; nocase; ) # bbeqronpr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047755; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|09|bbeqronpr|03|biz"; nocase; ) # enovixyllv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047756; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|0a|enovixyllv|03|org"; nocase; ) # nbnnobammodecolb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047757; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nbnnobammodecolb|03|com"; nocase; ) # bmednfeocldfebcn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047758; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|bmednfeocldfebcn|03|com"; nocase; ) # dlcbcadbnlnlnoac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047759; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dlcbcadbnlnlnoac|03|com"; nocase; ) # ebmoklbcaadcbcma.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047760; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ebmoklbcaadcbcma|04|info"; nocase; ) # aabbenfcdncebeae.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047761; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|aabbenfcdncebeae|06|online"; nocase; ) # nnkcfffkaabbadfc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047762; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nnkcfffkaabbadfc|03|com"; nocase; ) # daaafdnmdddbffbd.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047763; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|daaafdnmdddbffbd|02|eu"; nocase; ) # fcofbnofkandckdk.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047764; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fcofbnofkandckdk|02|co"; nocase; ) # fdbbfdfccfbmcaba.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047765; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|fdbbfdfccfbmcaba|02|co|02|uk"; nocase; ) # nabbafnnddblkoln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047766; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nabbafnnddblkoln|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # dbmffblbbkbecbam.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047767; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dbmffblbbkbecbam|02|de"; nocase; ) # nbmffkmnfcdakoba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047768; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|nbmffkmnfcdakoba|03|com"; nocase; ) # daoncbkfcncoabbd.online [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047769; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|daoncbkfcncoabbd|06|online"; nocase; ) # lnankoddffnflamo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047770; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|lnankoddffnflamo|03|org"; nocase; ) # ffbneknblmfbcldl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047771; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|ffbneknblmfbcldl|03|org"; nocase; ) # dkaadoalmclffbml.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047772; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|dkaadoalmclffbml|02|cc"; nocase; ) # offdflmakokdfkdd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047773; reference:url,osint.bambenekconsulting.com/manual/padcrypt.txt; priority:1; content:"|10|offdflmakokdfkdd|03|com"; nocase; ) # jofeiw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047774; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|jofeiw|03|com"; nocase; ) # zyvleu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047775; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zyvleu|03|com"; nocase; ) # hjjyeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047776; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|hjjyeo|03|com"; nocase; ) # juaveu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047777; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|juaveu|03|com"; nocase; ) # ztnogg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047778; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ztnogg|03|com"; nocase; ) # zashea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047779; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|zashea|03|com"; nocase; ) # ylzxke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047780; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|ylzxke|03|com"; nocase; ) # jtcfvd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047781; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|jtcfvd|03|com"; nocase; ) # eqioen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047782; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eqioen|03|com"; nocase; ) # arccoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047783; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|arccoo|03|com"; nocase; ) # qumrxd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047784; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qumrxd|03|com"; nocase; ) # xnqnbq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047785; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|xnqnbq|03|com"; nocase; ) # naiklx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047786; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|naiklx|03|com"; nocase; ) # qjtjkd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047787; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|qjtjkd|03|com"; nocase; ) # dmuovx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047788; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|dmuovx|03|com"; nocase; ) # eigjxv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047789; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|eigjxv|03|com"; nocase; ) # vvojsu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000047790; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|vvojsu|03|com"; nocase; )